feat: ✨ implement Drone runner Terraform module
parent
7427683543
commit
d2bed4ea8d
@ -0,0 +1,34 @@
|
||||
# Local .terraform directories
|
||||
**/.terraform/*
|
||||
|
||||
# .tfstate files
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
|
||||
# Crash log files
|
||||
crash.log
|
||||
crash.*.log
|
||||
|
||||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
||||
# password, private keys, and other secrets. These should not be part of version
|
||||
# control as they are data points which are potentially sensitive and subject
|
||||
# to change depending on the environment.
|
||||
*.tfvars
|
||||
*.tfvars.json
|
||||
|
||||
# Ignore override files as they are usually used to override resources locally and so
|
||||
# are not checked in
|
||||
override.tf
|
||||
override.tf.json
|
||||
*_override.tf
|
||||
*_override.tf.json
|
||||
|
||||
# Include override files you do wish to add to version control using negated pattern
|
||||
# !example_override.tf
|
||||
|
||||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
||||
# example: *tfplan*
|
||||
|
||||
# Ignore CLI configuration files
|
||||
.terraformrc
|
||||
terraform.rc
|
@ -0,0 +1,138 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.13.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
locals {
|
||||
match_labels = merge({
|
||||
"app.kubernetes.io/instance" = "drone"
|
||||
"app.kubernetes.io/name" = "drone-runner"
|
||||
}, var.match_labels)
|
||||
labels = merge(local.match_labels, {
|
||||
"app.kubernetes.io/version" = var.image_tag
|
||||
}, var.labels)
|
||||
}
|
||||
|
||||
resource "kubernetes_role" "drone" {
|
||||
metadata {
|
||||
name = "drone-runner"
|
||||
namespace = var.namespace
|
||||
}
|
||||
rule {
|
||||
api_groups = [""]
|
||||
resources = ["secrets"]
|
||||
verbs = ["create", "delete"]
|
||||
}
|
||||
rule {
|
||||
api_groups = [""]
|
||||
resources = ["pods", "pods/log"]
|
||||
verbs = ["get", "create", "delete", "list", "watch", "update"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_service_account" "drone_runner" {
|
||||
metadata {
|
||||
name = "drone-runner"
|
||||
namespace = var.namespace
|
||||
labels = local.labels
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_role_binding" "drone" {
|
||||
metadata {
|
||||
name = "drone-runner"
|
||||
namespace = var.namespace
|
||||
}
|
||||
subject {
|
||||
kind = "ServiceAccount"
|
||||
name = kubernetes_service_account.drone_runner.metadata.0.name
|
||||
namespace = var.namespace
|
||||
}
|
||||
role_ref {
|
||||
kind = "Role"
|
||||
name = kubernetes_role.drone.metadata.0.name
|
||||
api_group = "rbac.authorization.k8s.io"
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_deployment" "drone_runner" {
|
||||
metadata {
|
||||
name = "drone-runner"
|
||||
namespace = var.namespace
|
||||
labels = local.labels
|
||||
}
|
||||
spec {
|
||||
replicas = var.drone_runner_replicas
|
||||
selector {
|
||||
match_labels = local.match_labels
|
||||
}
|
||||
template {
|
||||
metadata {
|
||||
labels = local.labels
|
||||
annotations = {
|
||||
"ravianand.me/config-hash" = sha1(jsonencode(merge(
|
||||
kubernetes_secret.drone_runner.data
|
||||
)))
|
||||
}
|
||||
}
|
||||
spec {
|
||||
service_account_name = kubernetes_service_account.drone_runner.metadata.0.name
|
||||
container {
|
||||
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
|
||||
name = "drone-runner"
|
||||
security_context {}
|
||||
env {
|
||||
name = "DRONE_RPC_HOST"
|
||||
value = var.drone_rpc_host
|
||||
}
|
||||
env {
|
||||
name = "DRONE_RPC_PROTO"
|
||||
value = var.drone_rpc_proto
|
||||
}
|
||||
env {
|
||||
name = "DRONE_NAMESPACE_DEFAULT"
|
||||
value = var.namespace
|
||||
}
|
||||
env {
|
||||
name = "DRONE_RPC_SECRET"
|
||||
value_from {
|
||||
secret_key_ref {
|
||||
name = kubernetes_secret.drone_runner.metadata.0.name
|
||||
key = "drone-runner-secret"
|
||||
}
|
||||
}
|
||||
}
|
||||
port {
|
||||
container_port = 3000
|
||||
name = "http"
|
||||
protocol = "TCP"
|
||||
}
|
||||
resources {
|
||||
requests = {
|
||||
cpu = "250m"
|
||||
memory = "250Mi"
|
||||
}
|
||||
limits = {
|
||||
cpu = 2
|
||||
memory = "2Gi"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_secret" "drone_runner" {
|
||||
metadata {
|
||||
name = "drone-runner"
|
||||
namespace = var.namespace
|
||||
}
|
||||
data = {
|
||||
"drone-runner-secret" = var.drone_runner_secret
|
||||
}
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
variable "namespace" {
|
||||
description = "Namespace to deploy workloads and configuration"
|
||||
type = string
|
||||
default = "default"
|
||||
}
|
||||
|
||||
variable "match_labels" {
|
||||
description = "Match labels to add to the MariaDB deployment, will be merged with labels"
|
||||
type = map(any)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Labels to add to the Drone runner deployment"
|
||||
type = map(any)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "image_registry" {
|
||||
description = "Image registry, e.g. gcr.io, docker.io"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "image_repository" {
|
||||
description = "Image to start for the runner"
|
||||
type = string
|
||||
default = "drone/drone-runner-kube"
|
||||
}
|
||||
|
||||
variable "image_tag" {
|
||||
description = "Image tag to for the runner"
|
||||
type = string
|
||||
default = "latest"
|
||||
}
|
||||
|
||||
variable "drone_runner_replicas" {
|
||||
description = "Number of runner replicas to deploy"
|
||||
type = number
|
||||
default = 1
|
||||
}
|
||||
|
||||
variable "drone_rpc_host" {
|
||||
description = "Drone hostname"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "drone_rpc_proto" {
|
||||
description = "Drone protocol"
|
||||
type = string
|
||||
default = "https"
|
||||
}
|
||||
|
||||
variable "drone_runner_secret" {
|
||||
description = "Drone runner secret"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
Loading…
Reference in New Issue