Installation

The Kubernetes runner is in Beta and is a community effort. The core Drone team does not yet possess the Kubernetes expertise needed to provide production support.

This article explains how to install the Kubernetes runner on Linux. The Kubernetes runner is packaged as a minimal Docker image distributed on DockerHub.

Configuration

The Kubernetes runner is configured using environment variables. This article references the below configuration options. See Configuration for a complete list of configuration options.

  • DRONE_RPC_HOST
    provides the hostname (and optional port) of your Drone server. The runner connects to the server at the host address to receive pipelines for execution.
  • DRONE_RPC_PROTO
    provides the protocol used to connect to your Drone server. The value must be either http or https.
  • DRONE_RPC_SECRET
    provides the shared secret used to authenticate with your Drone server. This must match the secret defined in your Drone server configuration.

Authentication

The Kubernetes runner uses in-cluster authentication to communicate with the Kubernetes API. Please ensure the Kubernetes runner is associated with a service account when deployed to your cluster.

Installation

The following is a rudimentary manifest file used to configure and install the Kubernetes runner. Remember to replace the environment variables below with the correct values.

Here are the sample rbac rules:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: drone
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - create
  - delete
  - list
  - watch
  - update

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone
  namespace: default
subjects:
- kind: ServiceAccount
  name: default
  namespace: default
roleRef:
  kind: Role
  name: drone
  apiGroup: rbac.authorization.k8s.io

And here is the example deployment:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone
  labels:
    app.kubernetes.io/name: drone
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: drone
  template:
    metadata:
      labels:
        app.kubernetes.io/name: drone
    spec:
      containers:
      - name: runner
        image: drone/drone-runner-kube:latest
        ports:
        - containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          value: drone.company.com
        - name: DRONE_RPC_PROTO
          value: http
        - name: DRONE_RPC_SECRET
          value: super-duper-secret

Verification

Use the kubectl logs drone -c runner command to view the logs and verify the runner successfully established a connection with the Drone server.

$ kubectl logs drone -c runner

INFO[0000] starting the server
INFO[0000] successfully pinged the remote server