Dan6erbond
/
terraform-kubernetes-drone-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Labels Milestones

New Pull Request

feat/terraform-module #1

Merged
Dan6erbond merged 8 commits from feat/terraform-module into main 2 years ago
Conversation 0 Commits 8 Files Changed 6
6 changed files with 441 additions and 0 deletions
Show Stats Download Patch File Download Diff File

20
.drone.yml
Unescape Escape View File

@ -0,0 +1,20 @@
kind: pipeline
type: kubernetes
name: default
steps:
- name: standard-version
image: node:19
commands:
- git config --global user.email "moravrav@gmail.com"
- git config --global user.name "RaviAnand Mohabir"
- git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
- npm i -g standard-version
- standard-version
- git push --follow-tags origin
trigger:
branch:
- main
event:
- push

37
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,37 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# Custom
.env

10
CHANGELOG.md
Unescape Escape View File

@ -0,0 +1,10 @@
# Changelog
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
## 1.1.0 (2023-01-24)
### Features
* :sparkles: implement Drone Server Terraform module ([05ee521](https://gitea.ravianand.me/Dan6erbond/terraform-kubernetes-drone-server/commit/05ee5212124ac301d324e829de3f7ec4d21e5b41))

188
main.tf
Unescape Escape View File

@ -0,0 +1,188 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.13.1"
}
}
}
locals {
match_labels = merge({
"app.kubernetes.io/instance" = "drone"
"app.kubernetes.io/name" = "drone-server"
}, var.match_labels)
labels = merge(local.match_labels, {
"app.kubernetes.io/version" = var.image_tag
}, var.labels)
}
resource "kubernetes_service_account" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
}
resource "kubernetes_deployment" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
spec {
replicas = 1
selector {
match_labels = local.match_labels
}
template {
metadata {
labels = local.labels
annotations = {
"ravianand.me/config-hash" = sha1(jsonencode(merge(
kubernetes_config_map.drone_server.data,
kubernetes_secret.drone_server.data
)))
}
}
spec {
service_account_name = kubernetes_service_account.drone_server.metadata.0.name
container {
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
name = "drone"
env_from {
config_map_ref {
name = kubernetes_config_map.drone_server.metadata.0.name
}
}
env {
name = "DRONE_GITEA_CLIENT_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "gitea-secret"
optional = true
}
}
}
env {
name = "DRONE_RPC_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "rpc-secret"
}
}
}
env {
name = "DRONE_DATABASE_DATASOURCE"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "database-url"
}
}
}
env {
name = "DRONE_DATABASE_SECRET"
value_from {
secret_key_ref {
name = kubernetes_secret.drone_server.metadata.0.name
key = "database-secret"
}
}
}
port {
name = "http"
container_port = 80
protocol = "TCP"
}
liveness_probe {
http_get {
path = "/healthz"
port = "http"
}
}
readiness_probe {
http_get {
path = "/healthz"
port = "http"
}
}
resources {}
}
}
}
}
}
resource "kubernetes_service" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
labels = local.labels
}
spec {
selector = local.match_labels
type = "ClusterIP"
port {
port = 80
name = "http"
target_port = "http"
}
}
}
resource "random_id" "rpc_secret_key" {
byte_length = 16
}
resource "random_id" "database_secret_key" {
byte_length = 16
}
resource "kubernetes_secret" "drone_server" {
metadata {
name = "drone-server"
namespace = var.namespace
}
data = {
"database-url" = var.drone_database_datasource
"rpc-secret" = random_id.rpc_secret_key.hex
"database-secret" = random_id.database_secret_key.hex
"gitea-secret" = var.drone_gitea_secret
}
}
resource "kubernetes_config_map" "drone_server" {
metadata {
name = "drone-server-env"
namespace = var.namespace
}
data = {
DRONE_SERVER_HOST = var.drone_host
DRONE_SERVER_PROTO = var.drone_proto
DRONE_SERVER_PORT = ":80"
DRONE_USER_CREATE = "username:${var.drone_admin},admin:true"
DRONE_USER_FILTER = var.drone_user_filter
DRONE_REGISTRATION_CLOSED = var.drone_registration_closed
DRONE_GITEA_SERVER = var.drone_gitea_url
DRONE_GITEA_CLIENT_ID = var.drone_gitea_client
DRONE_DATABASE_DRIVER = var.drone_database_driver
DRONE_S3_BUCKET = var.drone_s3_bucket
DRONE_S3_ENDPOINT = var.drone_s3_endpoint
DRONE_S3_PATH_STYLE = var.drone_s3_path_style
DRONE_S3_PREFIX = var.drone_s3_prefix
AWS_ACCESS_KEY_ID = var.drone_s3_access_key
AWS_SECRET_ACCESS_KEY = var.drone_s3_secret_key
AWS_DEFAULT_REGION = var.drone_s3_default_region
AWS_REGION = var.drone_s3_region
DRONE_STARLARK_ENABLED = var.drone_starlark_enabled
DRONE_WEBHOOK_ENDPOINT = var.drone_webhook_endpoint
DRONE_WEBHOOK_EVENTS = var.drone_webhook_events
DRONE_WEBHOOK_SECRET = var.drone_webhook_secret
DRONE_WEBHOOK_SKIP_VERIFY = var.drone_webhook_skip_verify
}
}

15
outputs.tf
Unescape Escape View File

@ -0,0 +1,15 @@
output "service_name" {
description = "Service name for Drone server deployment"
value = kubernetes_service.drone_server.metadata.0.name
}
output "service_http_port" {
description = "HTTP port exposed by the service"
value = kubernetes_service.drone_server.spec.0.port.0.port
}
output "drone_runner_secret" {
description = "Drone runner secret"
value = random_id.rpc_secret_key.hex
sensitive = true
}

171
variables.tf
Unescape Escape View File

@ -0,0 +1,171 @@
variable "namespace" {
description = "Namespace to deploy workloads and configuration"
type = string
default = "default"
}
variable "labels" {
description = "Labels to add to the Drone server deployment"
type = map(any)
default = {}
}
variable "match_labels" {
description = "Match labels to add to the Drone server deployment, will be merged with labels"
type = map(any)
default = {}
}
variable "image_registry" {
description = "Image registry, e.g. gcr.io, docker.io"
type = string
default = ""
}
variable "image_repository" {
description = "Image to start for the server"
type = string
default = "drone/drone"
}
variable "image_tag" {
description = "Image tag to for the server"
type = string
default = "2"
}
variable "drone_admin" {
description = "User handle of Drone admin user"
type = string
}
variable "drone_registration_closed" {
description = "Close registration in Drone"
type = bool
default = true
}
variable "drone_host" {
description = "Drone hostname"
type = string
}
variable "drone_proto" {
description = "Drone protocol"
type = string
default = "https"
}
variable "drone_gitea_url" {
description = "Gitea URL"
type = string
default = ""
}
variable "drone_gitea_client" {
description = "Gitea client ID"
type = string
default = ""
}
variable "drone_gitea_secret" {
description = "Gitea client secret"
type = string
default = ""
}
variable "drone_database_driver" {
description = "Drone database driver"
type = string
default = "postgres"
}
variable "drone_database_datasource" {
description = "Database URL"
type = string
default = ""
}
variable "drone_s3_bucket" {
description = "S3 bucket to store Drone blobs"
type = string
default = ""
}
variable "drone_s3_endpoint" {
description = "S3 endpoint for Drone blobs"
type = string
default = ""
}
variable "drone_s3_path_style" {
description = "Use path-style for S3 service"
type = bool
default = false
}
variable "drone_s3_prefix" {
description = "Subdirectory to store log files"
type = string
default = ""
}
variable "drone_starlark_enabled" {
description = "Configure Drone to automatically execute files ending in .star"
type = bool
default = false
}
variable "drone_user_filter" {
description = "Comma-separated list of accounts or organizations that will limit registration of users"
type = string
default = ""
}
variable "drone_webhook_endpoint" {
description = "Comma-separated list of webhook endpoints, to which global system events are delivered"
type = string
default = ""
}
variable "drone_webhook_events" {
description = "Comma-separated list of webhook events"
type = string
default = ""
}
variable "drone_webhook_secret" {
description = "Shared secret used to create an http-signature"
type = string
default = ""
}
variable "drone_webhook_skip_verify" {
description = "Boolean value disables TLS verification when establishing a connection to the remote webhook address"
type = bool
default = false
}
variable "drone_s3_access_key" {
description = "Drone S3"
type = string
default = ""
}
variable "drone_s3_secret_key" {
description = "Drone S3"
type = string
default = ""
}
variable "drone_s3_default_region" {
description = "Drone S3"
type = string
default = "us-east-1"
}
variable "drone_s3_region" {
description = "Drone S3"
type = string
default = "us-east-1"
}
Write Preview
Loading…
Cancel
Save