Charts: [stable/drone] switch to kube-runner

Created on 20 Dec 2019  路  9Comments  路  Source: helm/charts

Is your feature request related to a problem? Please describe.
It seems that DRONE_KUBERNETES_ENABLED is deprecated in favor of the new drone/drone-runner-kube Image (kube-runner.docs.drone.io).

Describe the solution you'd like

Let's use kube-runners instead of the (legacy) drone/controller.

Should have:

  • Deployment for drone/drone-runner-kube:latest
  • ServiceAccount ($releasename-runner-kube), Role and RoleBinding

https://kube-runner.docs.drone.io/installation/installation/#step-3-install

Nice to have:

  • ServiceAccount ($releasename-runner-kube-builder), Role and Rolebinding
  • Support for multiple different runners
  • Ingress for the new runner dashboard

Probably out of scope:

  • restrictive PodSecurityPolicies attached to ServiceAccounts that allow/forbid privileged builds

Configuration could look like this:

# values.yml

# breaking change:
# sets the server's DRONE_KUBERNETES_ENABLED variable to false
# but starts kube-runner Deployments instead
server:
  kubernetes: true

runner:
  kubernetes:
  - name: team1
    namespace: drone-runner-kube
    serviceAccount: drone-runner-kube
    replicas: 2
    affinity: ...
    resources: ...
    ui:
      enabled: true # creates a Service for the runner dashboard
      username: admin
      password: password123 # or:
      secret: drone-runner-kube-dashboard # requires a secret containing username and password
      ingress: # creates Ingress
        enabled: true
        annotations: ...
        hosts: ...
    extraEnvVars:
      # https://kube-runner.docs.drone.io/installation/reference/
      DRONE_NAMESPACE_DEFAULT: drone-builds-team1
      DRONE_NAMESPACE_RULES: drone-builds-team1:team1/*
      DRONE_SERVICEACCOUNT_DEFAULT: drone-runner-kube-builder
  - name: team2
  ...
  ```

**Describe alternatives you've considered**

Treat kube-runner as agent:

```yaml
# values.yml

agent:
  replicas: 2

image:
  agent:
    repository: docker.io/drone/drone-runner-kube
    tag: latest

server:
  kubernetes: false

Contra:

  • Agent template requires changes and becomes really complicated
  • You have to set kubernetes to false for this to work which looks strange for a "cloud native" setup with kube-runners
  • Maybe people still depend on agents

Additional context

picture pauvos

Most helpful comment

@christian-roggia, @zakkg3, what do you think?

I could supply most of the templates required.

picture pauvos on 20 Dec 2019
👍3

All 9 comments

@christian-roggia, @zakkg3, what do you think?

I could supply most of the templates required.

pauvos picture pauvos on 20 Dec 2019
👍3

I support this. I just hacked up the existing chart to get kube runner working (so I could get features like metadata annotations). Is it popular to run anything other than the kube runner? Could we simplify this chart by removing that support going forward?

xrl picture xrl on 3 Jan 2020

@pauvos i think your pr for sec policy its going to be merged, feel free to open another pr for this.

zakkg3 picture zakkg3 on 10 Jan 2020

+1 would like to have this. probably going to try hacking the existing chart until kube-runner is supported by helm. @xrl any tips on this in the mean time?

one000mph picture one000mph on 24 Jan 2020

@one000mph I think this fork has made the effort of migrating to the kube-runner.
https://github.com/HighwayofLife/helm-charts-drone/commits/master

jonathan-mothership picture jonathan-mothership on 31 Jan 2020

Following up on my previous comment -- that fork didn't go far enough to support the kube-runner. I've spent some time making it work in my repo found here: https://github.com/jonathan-mothership/helm-charts-drone

If it works for others I can submit a PR to this chart.

jonathan-mothership picture jonathan-mothership on 1 Feb 2020
👍1

Following up on my previous comment -- that fork didn't go far enough to support the kube-runner. I've spent some time making it work in my repo found here: https://github.com/jonathan-mothership/helm-charts-drone

If it works for others I can submit a PR to this chart.

sharing is caring, feel free to submit a PR. please document as best as possible, read the docs on how to submit a PR, leave defaults to disable (as the docs say) and so on.
thanks!

zakkg3 picture zakkg3 on 6 Feb 2020

@jonathan-mothership I heavily modified your repository and created a pull request https://github.com/helm/charts/pull/20831

@zakkg3 I did it here https://github.com/helm/charts/pull/20831

KeepMasterBranch picture KeepMasterBranch on 18 Feb 2020
🎉1

And also, I added support for k8s secrets, as .drone.yaml can refers to passwords stored in k8s Secret objects

KeepMasterBranch picture KeepMasterBranch on 18 Feb 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

onyxet picture onyxet  路  3Comments
ChrisCooney picture ChrisCooney  路  3Comments
mickengland picture mickengland  路  3Comments
paskal picture paskal  路  3Comments
dene14 picture dene14  路  3Comments