feat: implement Drone runner Terraform module

main
RaviAnand Mohabir 2 years ago
parent 7427683543
commit d2bed4ea8d

34
.gitignore vendored

@ -0,0 +1,34 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc

@ -0,0 +1,138 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.13.1"
}
}
}
locals {
match_labels = merge({
"app.kubernetes.io/instance" = "drone"
"app.kubernetes.io/name" = "drone-runner"
}, var.match_labels)
labels = merge(local.match_labels, {
"app.kubernetes.io/version" = var.image_tag
}, var.labels)
}
resource "kubernetes_role" "drone" {
metadata {
name = "drone-runner"
namespace = var.namespace
}
rule {
api_groups = [""]
resources = ["secrets"]
verbs = ["create", "delete"]
}
rule {
api_groups = [""]
resources = ["pods", "pods/log"]
verbs = ["get", "create", "delete", "list", "watch", "update"]
}
}
resource "kubernetes_service_account" "drone_runner" {
metadata {
name = "drone-runner"
namespace = var.namespace
labels = local.labels
}
}
resource "kubernetes_role_binding" "drone" {
metadata {
name = "drone-runner"
namespace = var.namespace
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.drone_runner.metadata.0.name
namespace = var.namespace
}
role_ref {
kind = "Role"
name = kubernetes_role.drone.metadata.0.name
api_group = "rbac.authorization.k8s.io"
}
}
resource "kubernetes_deployment" "drone_runner" {
metadata {
name = "drone-runner"
namespace = var.namespace
labels = local.labels
}
spec {
replicas = var.drone_runner_replicas
selector {
match_labels = local.match_labels
}
template {
metadata {
labels = local.labels
annotations = {
"ravianand.me/config-hash" = sha1(jsonencode(merge(
kubernetes_secret.drone_runner.data
)))
}
}
spec {
service_account_name = kubernetes_service_account.drone_runner.metadata.0.name
container {
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
name = "drone-runner"
security_context {}
env {
name = "DRONE_RPC_HOST"
value = var.drone_rpc_host
}
env {
name = "DRONE_RPC_PROTO"
value = var.drone_rpc_proto
}
env {
name = "DRONE_NAMESPACE_DEFAULT"
value = var.namespace
}
env {
name = "DRONE_RPC_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_runner.metadata.0.name
key = "drone-runner-secret"
}
}
}
port {
container_port = 3000
name = "http"
protocol = "TCP"
}
resources {
requests = {
cpu = "250m"
memory = "250Mi"
}
limits = {
cpu = 2
memory = "2Gi"
}
}
}
}
}
}
}
resource "kubernetes_secret" "drone_runner" {
metadata {
name = "drone-runner"
namespace = var.namespace
}
data = {
"drone-runner-secret" = var.drone_runner_secret
}
}

@ -0,0 +1,58 @@
variable "namespace" {
description = "Namespace to deploy workloads and configuration"
type = string
default = "default"
}
variable "match_labels" {
description = "Match labels to add to the MariaDB deployment, will be merged with labels"
type = map(any)
default = {}
}
variable "labels" {
description = "Labels to add to the Drone runner deployment"
type = map(any)
default = {}
}
variable "image_registry" {
description = "Image registry, e.g. gcr.io, docker.io"
type = string
default = ""
}
variable "image_repository" {
description = "Image to start for the runner"
type = string
default = "drone/drone-runner-kube"
}
variable "image_tag" {
description = "Image tag to for the runner"
type = string
default = "latest"
}
variable "drone_runner_replicas" {
description = "Number of runner replicas to deploy"
type = number
default = 1
}
variable "drone_rpc_host" {
description = "Drone hostname"
type = string
}
variable "drone_rpc_proto" {
description = "Drone protocol"
type = string
default = "https"
}
variable "drone_runner_secret" {
description = "Drone runner secret"
type = string
sensitive = true
}
Loading…
Cancel
Save