From our previous post we've setup our Drone CI Server on Kubernetes, and in this post we will deploy a Kubernetes Runner, which will be responsible for running our CI tasks.
The Drone Runners and Drone Server uses the same RPC Secret in order for them to authorize the runners to talk to the server.
From our previous post, we created the
drone-rpc-secret secret and we are exposing it as a environment variable:
DRONE_RPC_SECRET. Since we already created the secret, we will be using it in our deployment manifest.
First we need to deploy the Drone RBAC, our
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: drone rules: - apiGroups: - "" resources: - secrets verbs: - create - delete - apiGroups: - "" resources: - pods - pods/log verbs: - get - create - delete - list - watch - update --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: drone namespace: default subjects: - kind: ServiceAccount name: default namespace: default roleRef: kind: Role name: drone apiGroup: rbac.authorization.k8s.io
Let's deploy the rbac:
$ kubectl apply -f drone-runner-rbac.yaml
In our Kubernetes Runner deployment, we need to specify the following:
If you decide to use
.drone.yml need to use the specific labels that you've set for your task to run on the configured runner.
This is just so that the runner is aware of the drone server and where and how to reach it, for more information have a look at the documentation
Our deployment manifest,
apiVersion: apps/v1 kind: Deployment metadata: name: drone-runner labels: app.kubernetes.io/name: drone-runner spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: drone-runner template: metadata: labels: app.kubernetes.io/name: drone-runner spec: containers: - name: drone-runner image: drone/drone-runner-kube:linux-arm ports: - containerPort: 3000 env: - name: DRONE_RPC_HOST value: drone.yourdomain.com - name: DRONE_RPC_PROTO value: https - name: DRONE_RPC_SECRET valueFrom: secretKeyRef: name: drone-rpc-secret key: env.DRONE_RPC_SECRET - name: DRONE_RUNNER_NAME value: drone-kubernetes-runner - name: DRONE_RUNNER_MAX_PROCS value: "5" - name: DRONE_DEBUG value: "false" - name: DRONE_TRACE value: "false" - name: DRONE_RUNNER_LABELS value: "hardware:rpi,runnerid:default"
Deploy the runner:
$ kubectl apply -f drone-runner.yaml
Once your deployment has rolled out, you should be able to see:
$ kubectl get deployment -l app.kubernetes.io/name=drone-runner -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR drone-runner 1/1 1 1 1d drone-runner drone/drone-runner-kube:linux-arm app.kubernetes.io/name=drone-runner