To get CI/CD in your environment a good way is to run drone.io on kubernetes.
Updated for Drone 0.5
Drone 0.4 available in 0.4 subdirectory
- Working Kubernetes
- NGINX controller or Ingress controller
Register a new app with Github here
This will give you a client ID and client Secret. Make note of these.
- The Authorization callback URL should be
http://drone.yourdomain.com/authorize
whereyourdomain
is your own thing.
kubectl create -f drone-svc.yaml
Notice that in this service we are using NodePort: 30991
since we are doing this on Metacloud. This NodePort
is used by nginx to attach to with reverse proxy.
Open the drone-secrets.yaml
file and put in your own credentials you got when you registered your Github application from the first step.
You have to base64 encode all these values:
echo -n "/var/lib/drone/drone.sqlite" | base64
See the examples in the drone-secrets.yaml
file comments.
kubectl create -f drone-secrets.yaml
This will spawn 1 drone-server that mounts an empty directory. We use cinder, so if you want to use that for persistent storage see the commented out section instead in the drone-server.yaml
file.
kubectl create -f drone-server.yaml
kubectl create -f drone-agent.yaml
If all goes well drone should be up.
Using OpenStack I have a seperate node running nginx. This node has the configuration that looks as follows for the drone section:
http {
upstream drone {
server 10.106.2.24:30991;
server 10.106.2.32:30991;
server 10.106.2.29:30991;
server 10.106.2.33:30991;
server 10.106.2.26:30991;
server 10.106.2.35:30991;
}
server {
listen 80;
server_name drone.example.com www.drone.example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Origin "";
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
}
}
-
Make sure your containers have outbound internet access. E.g: spin up busybox and run
nslookup github.com
if this doesn't work you'll get infinite loop. I solved this by runningiptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o ens3 -j MASQUERADE
-
Make sure you encoded your secrets right. You can always just use the environment variable in the
drone.yaml
file instead of reading from the base64 encoded secrets. You will get unauthenticated errors if that happens.