thomasklein/terraform-app-drone
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: thomasklein:0cff237e31076a68c00f6625c9ef4276793a94e3
Branches Tags
thomasklein:main
...
compare: thomasklein:main
Branches Tags
thomasklein:main

6 Commits
0cff237e31 ... main

Author SHA1 Message Date
Tamas Kiss
3bd709686f dep: upgrade helm/kube providers
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-11-08 02:30:57 +01:00
Tamas Kiss
9826a8e55b upgrade drone
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-11-08 02:06:54 +01:00
Tamas Kiss
21d17ee81c fix: kubernetes clusterDomain
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is failing
Details
2023-01-29 23:50:30 +01:00
Tamas Kiss
7bf3fdc733 lawndale is skver
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2023-01-29 23:38:05 +01:00
Tamas Kiss
bbe7d879fe ci: migrate to docker pipelines
Some checks failed
continuous-integration/drone/push Build is failing
Details
2022-11-28 20:40:23 +01:00
Tamas Kiss
0610bb40a7 feat: add docker runner and set runner dashboards
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-11-28 20:36:44 +01:00
8 changed files with 165 additions and 21 deletions
Expand all files Collapse all files

4
.drone.yml
View File

@@ -1,6 +1,6 @@
--- ---
kind: pipeline kind: pipeline
type: kubernetes type: docker
name: Terraform root module name: Terraform root module
trigger: trigger:
@@ -87,6 +87,6 @@ steps:
--- ---
kind: signature kind: signature
hmac: cccf1769bef0cc4d09ee8717ef22d8376e7e405c0e2548cebe6082c969d2a4ea hmac: fab1e0f28b70ec8cee84520cd4b03df265e12e1ed0625403304ced079ecd11ae
... ...

5
README.md
View File

@@ -74,11 +74,14 @@ Version:
The following resources are used by this module: The following resources are used by this module:
- [gitea_oauth2_app.this](https://registry.terraform.io/providers/malarinv/gitea/latest/docs/resources/oauth2_app) (resource) - [gitea_oauth2_app.this](https://registry.terraform.io/providers/malarinv/gitea/latest/docs/resources/oauth2_app) (resource)
- [helm_release.drone_runner](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource) - [helm_release.drone_runner_docker](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [helm_release.drone_runner_kube](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [helm_release.drone_server](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource) - [helm_release.drone_server](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [kubernetes_namespace.jobs](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource) - [kubernetes_namespace.jobs](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
- [kubernetes_namespace.server](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource) - [kubernetes_namespace.server](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
- [kubernetes_secret.runner_dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/secret) (resource)
- [random_password.drone_rpc_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource) - [random_password.drone_rpc_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)
- [random_password.runner_dashboard](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)
## Required Inputs ## Required Inputs

21
dashboard.tf Normal file
View File

@@ -0,0 +1,21 @@
locals {
runner_dashboard_user = "admin"
}
resource "random_password" "runner_dashboard" {
length = 30
special = false
}
resource "kubernetes_secret" "runner_dashboard" {
metadata {
name = "runner-dashboard-access"
namespace = kubernetes_namespace.server.metadata.0.name
}
data = {
username = local.runner_dashboard_user
password = random_password.runner_dashboard.result
}
type = "kubernetes.io/basic-auth"
}

27
drone.tf
View File

@@ -3,14 +3,19 @@ resource "helm_release" "drone_server" {
name = "drone" name = "drone"
chart = "drone" chart = "drone"
repository = "https://charts.drone.io" repository = "https://charts.drone.io"
version = "0.6.4" version = "0.6.5"
namespace = kubernetes_namespace.server.metadata.0.name namespace = kubernetes_namespace.server.metadata.0.name
create_namespace = false create_namespace = false
set {
name = "image.tag"
value = "2.26.0"
}
values = [ values = [
jsonencode({ jsonencode({
env = { env = {
DRONE_SERVER_HOST = local.ingress_domain DRONE_SERVER_HOST = local.drone_domain
DRONE_SERVER_PROTO = "https" DRONE_SERVER_PROTO = "https"
DRONE_GITEA_SERVER = "https://${local.gitea_server}/" DRONE_GITEA_SERVER = "https://${local.gitea_server}/"
} }
@@ -19,15 +24,13 @@ resource "helm_release" "drone_server" {
ingress = { ingress = {
enabled = true enabled = true
annotations = { annotations = {
"kubernetes.io/ingress.class" = "traefik" "kubernetes.io/ingress.class" = "traefik"
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure" "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
"traefik.ingress.kubernetes.io/router.tls" = "true" "cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
"traefik.ingress.kubernetes.io/router.tls.certresolver" = "acme-thomasklein-me"
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
} }
hosts = [ hosts = [
{ {
host = local.ingress_domain host = local.drone_domain
paths = [ paths = [
{ {
path = "/" path = "/"
@@ -36,6 +39,14 @@ resource "helm_release" "drone_server" {
] ]
} }
] ]
tls = [
{
secretName = "drone-thomasklein.me-tls"
hosts = [
local.drone_domain,
]
}
]
} }
}), }),
jsonencode({ jsonencode({

7
locals.tf
View File

@@ -1,4 +1,7 @@
locals { locals {
gitea_server = "git.thomasklein.me" gitea_server = "git.thomasklein.me"
ingress_domain = "drone.thomasklein.me" drone_domain = "drone.thomasklein.me"
runner_gc_interval = "5m"
runner_cache_size = "5G"
} }

2
oauth.tf
View File

@@ -1,6 +1,6 @@
resource "gitea_oauth2_app" "this" { resource "gitea_oauth2_app" "this" {
name = "Drone" name = "Drone"
redirect_uris = [ redirect_uris = [
"https://drone.thomasklein.me/login", "https://${local.drone_domain}/login",
] ]
} }

4
provider.tf
View File

@@ -12,12 +12,12 @@ terraform {
helm = { helm = {
source = "hashicorp/helm" source = "hashicorp/helm"
version = "2.5.1" version = "2.8.0"
} }
kubernetes = { kubernetes = {
source = "hashicorp/kubernetes" source = "hashicorp/kubernetes"
version = "2.11.0" version = "~> 2.16.1"
} }
} }

116
runner.tf
View File

@@ -1,10 +1,99 @@
resource "helm_release" "drone_runner" { resource "helm_release" "drone_runner_docker" {
name = "runner" name = "runner-docker"
chart = "drone-runner-kube" chart = "drone-runner-docker"
repository = "https://charts.drone.io" repository = "https://charts.drone.io"
version = "0.7.0"
namespace = kubernetes_namespace.server.metadata.0.name namespace = kubernetes_namespace.server.metadata.0.name
create_namespace = false create_namespace = false
set {
name = "image.tag"
value = "1.8.4"
}
set {
name = "dind.tag"
value = "28-dind"
}
values = [jsonencode({
serviceAccount = {
create = true
}
}),
jsonencode({
env = {
DRONE_SERVER_HOST = "https://${local.drone_domain}"
DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.k8s.lawndale:8080"
DRONE_RPC_PROTO = "http"
DRONE_UI_USERNAME = local.runner_dashboard_user
DRONE_RUNNER_NAME = "docker"
DRONE_RUNNER_CAPACITY = 10
}
}),
jsonencode({
dind = {
commandArgs = [
"--host",
"tcp://localhost:2375",
"--mtu",
"\"1360\"",
]
}
}),
jsonencode({
dind = {
resources = {
requests = {
cpu = "250m"
memory = "1G"
"ephemeral-storage" = upper(local.runner_cache_size)
}
limits = {
cpu = "1"
memory = "3G"
"ephemeral-storage" = upper(local.runner_cache_size)
}
}
}
}),
jsonencode({
ingress = {
enabled = false
}
}),
jsonencode({
gc = {
enabled = true
env = {
GC_INTERVAL = local.runner_gc_interval
GC_CACHE = "${lower(local.runner_cache_size)}b"
}
}
}),
]
set_sensitive {
name = "env.DRONE_RPC_SECRET"
value = random_password.drone_rpc_secret.result
}
set_sensitive {
name = "env.DRONE_UI_PASSWORD"
value = random_password.runner_dashboard.result
}
}
resource "helm_release" "drone_runner_kube" {
name = "runner-kube"
chart = "drone-runner-kube"
repository = "https://charts.drone.io"
version = "0.1.10"
namespace = kubernetes_namespace.server.metadata.0.name
create_namespace = false
set {
name = "image.tag"
value = "1.0.0-rc.5"
}
values = [jsonencode({ values = [jsonencode({
rbac = { rbac = {
buildNamespaces = [ buildNamespaces = [
@@ -14,10 +103,23 @@ resource "helm_release" "drone_runner" {
}), }),
jsonencode({ jsonencode({
env = { env = {
DRONE_SERVER_HOST = "https://${local.ingress_domain}" DRONE_SERVER_HOST = "https://${local.drone_domain}"
DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.cluster.local" DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.k8s.lawndale:8080"
DRONE_RPC_PROTO = "http" DRONE_RPC_PROTO = "http"
DRONE_NAMESPACE_DEFAULT = kubernetes_namespace.jobs.metadata.0.name DRONE_NAMESPACE_DEFAULT = kubernetes_namespace.jobs.metadata.0.name
DRONE_UI_USERNAME = local.runner_dashboard_user
}
}),
jsonencode({
resources = {
requests = {
cpu = "100m"
memory = "50Mi"
}
limits = {
cpu = "300m"
memory = "200Mi"
}
} }
}), }),
jsonencode({ jsonencode({
@@ -30,4 +132,8 @@ resource "helm_release" "drone_runner" {
name = "env.DRONE_RPC_SECRET" name = "env.DRONE_RPC_SECRET"
value = random_password.drone_rpc_secret.result value = random_password.drone_rpc_secret.result
} }
set_sensitive {
name = "env.DRONE_UI_PASSWORD"
value = random_password.runner_dashboard.result
}
} }