feat: implement Drone Server Terraform module

pull/1/head
RaviAnand Mohabir 2 years ago
parent c6d5be69e5
commit 05ee521212

@ -0,0 +1,184 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.13.1"
}
}
}
locals {
match_labels = merge({
"app.kubernetes.io/instance" = "drone"
"app.kubernetes.io/name" = "drone-server"
}, var.match_labels)
labels = merge(local.match_labels, {
"app.kubernetes.io/version" = var.image_tag
}, var.labels)
}
resource "kubernetes_service_account" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
}
resource "kubernetes_deployment" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
spec {
replicas = 1
selector {
match_labels = local.match_labels
}
template {
metadata {
labels = local.labels
annotations = {
"ravianand.me/config-hash" = sha1(jsonencode(merge(
kubernetes_config_map.drone_server.data,
kubernetes_secret.drone_server.data
)))
}
}
spec {
service_account_name = kubernetes_service_account.drone_server.metadata.0.name
container {
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
name = "drone"
env_from {
config_map_ref {
name = kubernetes_config_map.drone_server.metadata.0.name
}
}
env {
name = "DRONE_GITEA_CLIENT_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "gitea-secret"
optional = true
}
}
}
env {
name = "DRONE_RPC_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "rpc-secret"
}
}
}
env {
name = "DRONE_DATABASE_DATASOURCE"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "database-url"
}
}
}
env {
name = "DRONE_DATABASE_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "database-secret"
}
}
}
port {
name = "http"
container_port = 80
protocol = "TCP"
}
liveness_probe {
http_get {
path = "/healthz"
port = "http"
}
}
readiness_probe {
http_get {
path = "/healthz"
port = "http"
}
}
resources {}
}
}
}
}
}
resource "kubernetes_service" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
spec {
selector = local.match_labels
type = "ClusterIP"
port {
port = 80
name = "http"
target_port = "http"
}
}
}
resource "random_id" "rpc_secret_key" {
byte_length = 16
}
resource "random_id" "database_secret_key" {
byte_length = 16
}
resource "kubernetes_secret" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
}
data = {
"database-url" = var.drone_database_datasource
"rpc-secret" = random_id.rpc_secret_key.hex
"database-secret" = random_id.database_secret_key.hex
"gitea-secret" = var.drone_gitea_secret
}
}
resource "kubernetes_config_map" "drone_server" {
metadata {
name = "drone-server-env"
namespace = var.namespace
}
data = {
DRONE_SERVER_HOST = var.drone_host
DRONE_SERVER_PROTO = var.drone_proto
DRONE_SERVER_PORT = ":80"
DRONE_USER_CREATE = "username:${var.drone_admin},admin:true"
DRONE_USER_FILTER = var.drone_user_filter
DRONE_REGISTRATION_CLOSED = var.drone_registration_closed
DRONE_GITEA_SERVER = var.drone_gitea_url
DRONE_GITEA_CLIENT_ID = var.drone_gitea_client
DRONE_DATABASE_DRIVER = var.drone_database_driver
DRONE_S3_BUCKET = var.drone_s3_bucket
DRONE_S3_ENDPOINT = var.drone_s3_endpoint
DRONE_S3_PATH_STYLE = var.drone_s3_path_style
DRONE_S3_PREFIX = var.drone_s3_prefix
DRONE_STARLARK_ENABLED = var.drone_starlark_enabled
DRONE_WEBHOOK_ENDPOINT = var.drone_webhook_endpoint
DRONE_WEBHOOK_EVENTS = var.drone_webhook_events
DRONE_WEBHOOK_SECRET = var.drone_webhook_secret
DRONE_WEBHOOK_SKIP_VERIFY = var.drone_webhook_skip_verify
}
}

@ -0,0 +1,15 @@
output "service_name" {
description = "Service name for Drone server deployment"
value = kubernetes_service.drone_server.metadata.0.name
}
output "service_http_port" {
description = "HTTP port exposed by the service"
value = kubernetes_service.drone_server.spec.0.port.0.port
}
output "drone_runner_secret" {
description = "Drone runner secret"
value = random_id.rpc_secret_key.hex
sensitive = true
}

@ -0,0 +1,147 @@
variable "namespace" {
description = "Namespace to deploy workloads and configuration"
type = string
default = "default"
}
variable "labels" {
description = "Labels to add to the Drone server deployment"
type = map(any)
default = {}
}
variable "match_labels" {
description = "Match labels to add to the Drone server deployment, will be merged with labels"
type = map(any)
default = {}
}
variable "image_registry" {
description = "Image registry, e.g. gcr.io, docker.io"
type = string
default = ""
}
variable "image_repository" {
description = "Image to start for the server"
type = string
default = "drone/drone"
}
variable "image_tag" {
description = "Image tag to for the server"
type = string
default = "2"
}
variable "drone_admin" {
description = "User handle of Drone admin user"
type = string
}
variable "drone_registration_closed" {
description = "Close registration in Drone"
type = bool
default = true
}
variable "drone_host" {
description = "Drone hostname"
type = string
}
variable "drone_proto" {
description = "Drone protocol"
type = string
default = "https"
}
variable "drone_gitea_url" {
description = "Gitea URL"
type = string
default = ""
}
variable "drone_gitea_client" {
description = "Gitea client ID"
type = string
default = ""
}
variable "drone_gitea_secret" {
description = "Gitea client secret"
type = string
default = ""
}
variable "drone_database_driver" {
description = "Drone database driver"
type = string
default = "postgres"
}
variable "drone_database_datasource" {
description = "Database URL"
type = string
default = ""
}
variable "drone_s3_bucket" {
description = "S3 bucket to store Drone blobs"
type = string
default = ""
}
variable "drone_s3_endpoint" {
description = "S3 endpoint for Drone blobs"
type = string
default = ""
}
variable "drone_s3_path_style" {
description = "Use path-style for S3 service"
type = bool
default = false
}
variable "drone_s3_prefix" {
description = "Subdirectory to store log files"
type = string
default = ""
}
variable "drone_starlark_enabled" {
description = "Configure Drone to automatically execute files ending in .star"
type = bool
default = false
}
variable "drone_user_filter" {
description = "Comma-separated list of accounts or organizations that will limit registration of users"
type = string
default = ""
}
variable "drone_webhook_endpoint" {
description = "Comma-separated list of webhook endpoints, to which global system events are delivered"
type = string
default = ""
}
variable "drone_webhook_events" {
description = "Comma-separated list of webhook events"
type = string
default = ""
}
variable "drone_webhook_secret" {
description = "Shared secret used to create an http-signature"
type = string
default = ""
}
variable "drone_webhook_skip_verify" {
description = "Boolean value disables TLS verification when establishing a connection to the remote webhook address"
type = bool
default = false
}
Loading…
Cancel
Save