dep: upgrade helm/kube providers

upgrade drone
fix: kubernetes clusterDomain
2025-11-08 02:30:57 +01:00 · 2025-11-08 02:06:54 +01:00 · 2023-01-29 23:50:30 +01:00 · 2023-01-29 23:38:05 +01:00 · 2022-11-28 20:40:23 +01:00 · 2022-11-28 20:36:44 +01:00
8 changed files with 171 additions and 26 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,6 +1,6 @@
 ---
 kind: pipeline
-type: kubernetes
+type: docker
 name: Terraform root module

 trigger:
@@ -13,7 +13,7 @@ environment:

 steps:
 - name: terraform init
-  image: hashicorp/terraform:1.1.8
+  image: hashicorp/terraform:1.3.5
  commands:
    - mkdir -p ~/.ssh
    - chmod 755 ~/.ssh
@@ -30,9 +30,9 @@ steps:
      from_secret: terraform-aws-secret-access-key

 - name: terraform plan
-  image: hashicorp/terraform:1.1.8
+  image: hashicorp/terraform:1.3.5
  commands:
-  - terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exit-code") -out .tfplan
+  - terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exitcode") -out .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
@@ -50,7 +50,7 @@ steps:
      - main
      event:
      - push
-  image: hashicorp/terraform:1.1.8
+  image: hashicorp/terraform:1.3.5
  commands:
    - terraform apply .tfplan
  environment:
@@ -77,7 +77,7 @@ trigger:

 steps:
 - name: format and generate docs
-  image: hashicorp/terraform:1.1.8
+  image: hashicorp/terraform:1.3.5
  commands:
    - apk add bash wget 
    - wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
@@ -87,6 +87,6 @@ steps:

 ---
 kind: signature
-hmac: a612a515b91b36df9b5065b3d6e8933053840fe8a6c3e5ee1e3c6a6e66be5040
+hmac: fab1e0f28b70ec8cee84520cd4b03df265e12e1ed0625403304ced079ecd11ae

 ...
--- a/README.md
+++ b/README.md
@@ -74,11 +74,14 @@ Version:
 The following resources are used by this module:

 - [gitea_oauth2_app.this](https://registry.terraform.io/providers/malarinv/gitea/latest/docs/resources/oauth2_app) (resource)
- [helm_release.drone_runner](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
+- [helm_release.drone_runner_docker](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
+- [helm_release.drone_runner_kube](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
 - [helm_release.drone_server](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
 - [kubernetes_namespace.jobs](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
 - [kubernetes_namespace.server](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
+- [kubernetes_secret.runner_dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/secret) (resource)
 - [random_password.drone_rpc_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)
+- [random_password.runner_dashboard](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)

 ## Required Inputs

--- a/dashboard.tf
+++ b/dashboard.tf
@@ -0,0 +1,21 @@
+locals {
+  runner_dashboard_user = "admin"
+}
+
+resource "random_password" "runner_dashboard" {
+  length  = 30
+  special = false
+}
+
+resource "kubernetes_secret" "runner_dashboard" {
+  metadata {
+    name      = "runner-dashboard-access"
+    namespace = kubernetes_namespace.server.metadata.0.name
+  }
+  data = {
+    username = local.runner_dashboard_user
+    password = random_password.runner_dashboard.result
+  }
+
+  type = "kubernetes.io/basic-auth"
+}
--- a/drone.tf
+++ b/drone.tf
@@ -3,13 +3,19 @@ resource "helm_release" "drone_server" {
  name             = "drone"
  chart            = "drone"
  repository       = "https://charts.drone.io"
+  version          = "0.6.5"
  namespace        = kubernetes_namespace.server.metadata.0.name
  create_namespace = false

+  set {
+    name = "image.tag"
+    value = "2.26.0"
+  }
+
  values = [
    jsonencode({
      env = {
-        DRONE_SERVER_HOST  = local.ingress_domain
+        DRONE_SERVER_HOST  = local.drone_domain
        DRONE_SERVER_PROTO = "https"
        DRONE_GITEA_SERVER = "https://${local.gitea_server}/"
      }
@@ -20,13 +26,11 @@ resource "helm_release" "drone_server" {
        annotations = {
          "kubernetes.io/ingress.class"                      = "traefik"
          "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
-          "traefik.ingress.kubernetes.io/router.tls"                = "true"
-          "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
-          "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
+          "cert-manager.io/cluster-issuer"                   = "acme-thomasklein-me"
        }
        hosts = [
          {
-            host = local.ingress_domain
+            host = local.drone_domain
            paths = [
              {
                path     = "/"
@@ -35,6 +39,14 @@ resource "helm_release" "drone_server" {
            ]
          }
        ]
+        tls = [
+          {
+            secretName = "drone-thomasklein.me-tls"
+            hosts = [
+              local.drone_domain,
+            ]
+          }
+        ]
      }
    }),
    jsonencode({
--- a/locals.tf
+++ b/locals.tf
@@ -1,4 +1,7 @@
 locals {
  gitea_server = "git.thomasklein.me"
-  ingress_domain = "drone.thomasklein.me"
+  drone_domain = "drone.thomasklein.me"
+
+  runner_gc_interval = "5m"
+  runner_cache_size  = "5G"
 }
--- a/oauth.tf
+++ b/oauth.tf
@@ -1,6 +1,6 @@
 resource "gitea_oauth2_app" "this" {
  name = "Drone"
  redirect_uris = [
-    "https://drone.thomasklein.me/login",
+    "https://${local.drone_domain}/login",
  ]
 }
--- a/provider.tf
+++ b/provider.tf
@@ -12,12 +12,12 @@ terraform {

    helm = {
      source  = "hashicorp/helm"
-      version = "2.5.1"
+      version = "2.8.0"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
-      version = "2.11.0"
+      version = "~> 2.16.1"
    }

  }
--- a/runner.tf
+++ b/runner.tf
@@ -1,10 +1,99 @@
-resource "helm_release" "drone_runner" {
-  name             = "runner"
-  chart            = "drone-runner-kube"
+resource "helm_release" "drone_runner_docker" {
+  name             = "runner-docker"
+  chart            = "drone-runner-docker"
  repository       = "https://charts.drone.io"
+  version          = "0.7.0"
  namespace        = kubernetes_namespace.server.metadata.0.name
  create_namespace = false

+  set {
+    name = "image.tag"
+    value = "1.8.4"
+  }
+  set {
+    name = "dind.tag"
+    value = "28-dind"
+  }
+
+  values = [jsonencode({
+    serviceAccount = {
+      create = true
+    }
+    }),
+    jsonencode({
+      env = {
+        DRONE_SERVER_HOST = "https://${local.drone_domain}"
+        DRONE_RPC_HOST    = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.k8s.lawndale:8080"
+        DRONE_RPC_PROTO   = "http"
+        DRONE_UI_USERNAME = local.runner_dashboard_user
+        DRONE_RUNNER_NAME = "docker"
+        DRONE_RUNNER_CAPACITY = 10
+      }
+    }),
+    jsonencode({
+      dind = {
+        commandArgs = [
+          "--host",
+          "tcp://localhost:2375",
+          "--mtu",
+          "\"1360\"",
+        ]
+      }
+    }),
+    jsonencode({
+      dind = {
+        resources = {
+          requests = {
+            cpu                 = "250m"
+            memory              = "1G"
+            "ephemeral-storage" = upper(local.runner_cache_size)
+          }
+          limits = {
+            cpu                 = "1"
+            memory              = "3G"
+            "ephemeral-storage" = upper(local.runner_cache_size)
+          }
+        }
+      }
+    }),
+    jsonencode({
+      ingress = {
+        enabled = false
+      }
+    }),
+    jsonencode({
+      gc = {
+        enabled = true
+        env = {
+          GC_INTERVAL = local.runner_gc_interval
+          GC_CACHE    = "${lower(local.runner_cache_size)}b"
+        }
+      }
+    }),
+  ]
+  set_sensitive {
+    name  = "env.DRONE_RPC_SECRET"
+    value = random_password.drone_rpc_secret.result
+  }
+  set_sensitive {
+    name  = "env.DRONE_UI_PASSWORD"
+    value = random_password.runner_dashboard.result
+  }
+}
+
+resource "helm_release" "drone_runner_kube" {
+  name             = "runner-kube"
+  chart            = "drone-runner-kube"
+  repository       = "https://charts.drone.io"
+  version          = "0.1.10"
+  namespace        = kubernetes_namespace.server.metadata.0.name
+  create_namespace = false
+
+  set {
+    name = "image.tag"
+    value = "1.0.0-rc.5"
+  }
+
  values = [jsonencode({
    rbac = {
      buildNamespaces = [
@@ -14,10 +103,23 @@ resource "helm_release" "drone_runner" {
    }),
    jsonencode({
      env = {
-        DRONE_SERVER_HOST       = "https://${local.ingress_domain}"
-        DRONE_RPC_HOST          = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.cluster.local"
+        DRONE_SERVER_HOST       = "https://${local.drone_domain}"
+        DRONE_RPC_HOST          = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.k8s.lawndale:8080"
        DRONE_RPC_PROTO         = "http"
        DRONE_NAMESPACE_DEFAULT = kubernetes_namespace.jobs.metadata.0.name
+        DRONE_UI_USERNAME       = local.runner_dashboard_user
+      }
+    }),
+    jsonencode({
+      resources = {
+        requests = {
+          cpu    = "100m"
+          memory = "50Mi"
+        }
+        limits = {
+          cpu    = "300m"
+          memory = "200Mi"
+        }
      }
    }),
    jsonencode({
@@ -30,4 +132,8 @@ resource "helm_release" "drone_runner" {
    name  = "env.DRONE_RPC_SECRET"
    value = random_password.drone_rpc_secret.result
  }
+  set_sensitive {
+    name  = "env.DRONE_UI_PASSWORD"
+    value = random_password.runner_dashboard.result
+  }
 }
Author	SHA1	Message	Date
Tamas Kiss	3bd709686f	dep: upgrade helm/kube providers Some checks failed continuous-integration/drone/push Build is failing Details	2025-11-08 02:30:57 +01:00
Tamas Kiss	9826a8e55b	upgrade drone Some checks failed continuous-integration/drone/push Build is failing Details	2025-11-08 02:06:54 +01:00
Tamas Kiss	21d17ee81c	fix: kubernetes clusterDomain Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone Build is failing Details	2023-01-29 23:50:30 +01:00
Tamas Kiss	7bf3fdc733	lawndale is skver Some checks reported errors continuous-integration/drone/push Build was killed Details	2023-01-29 23:38:05 +01:00
Tamas Kiss	bbe7d879fe	ci: migrate to docker pipelines Some checks failed continuous-integration/drone/push Build is failing Details	2022-11-28 20:40:23 +01:00
Tamas Kiss	0610bb40a7	feat: add docker runner and set runner dashboards All checks were successful continuous-integration/drone/push Build is passing Details	2022-11-28 20:36:44 +01:00
Tamas Kiss	0cff237e31	Upgrade drone server to latest Some checks reported errors continuous-integration/drone/push Build was killed Details Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # helm_release.drone_runner will be updated in-place ~ resource "helm_release" "drone_runner" { id = "runner" name = "runner" ~ version = "0.1.8" -> "0.6.0" # (26 unchanged attributes hidden) set_sensitive { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } } Plan: 0 to add, 1 to change, 0 to destroy.	2022-11-28 18:48:40 +01:00
Tamas Kiss	ba2b286f6c	Upgrade to terraform 1.3.5	2022-11-28 18:46:11 +01:00
Tamas Kiss	c17583d3e3	ci: fix terraform drift detection All checks were successful continuous-integration/drone/push Build is passing Details	2022-07-17 00:15:39 +00:00