You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
139 lines
3.3 KiB
HCL
139 lines
3.3 KiB
HCL
terraform {
|
|
required_providers {
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = "2.13.1"
|
|
}
|
|
}
|
|
}
|
|
|
|
locals {
|
|
match_labels = merge({
|
|
"app.kubernetes.io/instance" = "drone"
|
|
"app.kubernetes.io/name" = "drone-runner"
|
|
}, var.match_labels)
|
|
labels = merge(local.match_labels, {
|
|
"app.kubernetes.io/version" = var.image_tag
|
|
}, var.labels)
|
|
}
|
|
|
|
resource "kubernetes_role" "drone" {
|
|
metadata {
|
|
name = "drone-runner"
|
|
namespace = var.namespace
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["secrets"]
|
|
verbs = ["create", "delete"]
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["pods", "pods/log"]
|
|
verbs = ["get", "create", "delete", "list", "watch", "update"]
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service_account" "drone_runner" {
|
|
metadata {
|
|
name = "drone-runner"
|
|
namespace = var.namespace
|
|
labels = local.labels
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_role_binding" "drone" {
|
|
metadata {
|
|
name = "drone-runner"
|
|
namespace = var.namespace
|
|
}
|
|
subject {
|
|
kind = "ServiceAccount"
|
|
name = kubernetes_service_account.drone_runner.metadata.0.name
|
|
namespace = var.namespace
|
|
}
|
|
role_ref {
|
|
kind = "Role"
|
|
name = kubernetes_role.drone.metadata.0.name
|
|
api_group = "rbac.authorization.k8s.io"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_deployment" "drone_runner" {
|
|
metadata {
|
|
name = "drone-runner"
|
|
namespace = var.namespace
|
|
labels = local.labels
|
|
}
|
|
spec {
|
|
replicas = var.drone_runner_replicas
|
|
selector {
|
|
match_labels = local.match_labels
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = local.labels
|
|
annotations = {
|
|
"ravianand.me/config-hash" = sha1(jsonencode(merge(
|
|
kubernetes_secret.drone_runner.data
|
|
)))
|
|
}
|
|
}
|
|
spec {
|
|
service_account_name = kubernetes_service_account.drone_runner.metadata.0.name
|
|
container {
|
|
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
|
|
name = "drone-runner"
|
|
security_context {}
|
|
env {
|
|
name = "DRONE_RPC_HOST"
|
|
value = var.drone_rpc_host
|
|
}
|
|
env {
|
|
name = "DRONE_RPC_PROTO"
|
|
value = var.drone_rpc_proto
|
|
}
|
|
env {
|
|
name = "DRONE_NAMESPACE_DEFAULT"
|
|
value = var.namespace
|
|
}
|
|
env {
|
|
name = "DRONE_RPC_SECRET"
|
|
value_from {
|
|
secret_key_ref {
|
|
name = kubernetes_secret.drone_runner.metadata.0.name
|
|
key = "drone-runner-secret"
|
|
}
|
|
}
|
|
}
|
|
port {
|
|
container_port = 3000
|
|
name = "http"
|
|
protocol = "TCP"
|
|
}
|
|
resources {
|
|
requests = {
|
|
cpu = "250m"
|
|
memory = "250Mi"
|
|
}
|
|
limits = {
|
|
cpu = 2
|
|
memory = "2Gi"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "drone_runner" {
|
|
metadata {
|
|
name = "drone-runner"
|
|
namespace = var.namespace
|
|
}
|
|
data = {
|
|
"drone-runner-secret" = var.drone_runner_secret
|
|
}
|
|
}
|