About Installation

Updated 2 years ago by Admin

The Kubernetes runner is in Beta and may not be suitable for production workloads. Furthermore this runner is a community effort and is not subject to support services or service level agreements at this time.

This article explains how to install the Kubernetes runner on Linux. The Kubernetes runner is packaged as a minimal Docker image distributed on DockerHub.

Step 1: Configuration

The Kubernetes runner is configured using environment variables. This article references the below configuration options. See Configuration for a complete list of configuration options.

  • DRONE_RPC_HOST
    provides the hostname (and optional port) of your Drone server. The runner connects to the server at the host address to receive pipelines for execution.
  • DRONE_RPC_PROTO
    provides the protocol used to connect to your Drone server. The value must be either http or https.
  • DRONE_RPC_SECRET
    provides the shared secret used to authenticate with your Drone server. This must match the secret defined in your Drone server configuration.

Step 2: Authentication

The Kubernetes runner uses in-cluster authentication to communicate with the Kubernetes API. Please ensure the Kubernetes runner is associated with a service account when deployed to your cluster.

Step 3: Installation

The following is a rudimentary manifest file used to configure and install the Kubernetes runner. Remember to replace the environment variables below with the correct values.

Here are the sample rbac rules:

1  kind: Role
2  apiVersion: rbac.authorization.k8s.io/v1
3  metadata:
4    namespace: default
5    name: drone
6  rules:
7  - apiGroups:
8    - ""
9   resources:
10   - secrets
11  verbs:
12   - create
13   - delete
14 - apiGroups:
15   - ""
16   resources:
17   - pods
18   - pods/log
19   verbs:
20   - get
21   - create
22   - delete
23   - list
24   - watch
25   - update
26
27 ---
28 kind: RoleBinding
29 apiVersion: rbac.authorization.k8s.io/v1
30 metadata:
31   name: drone
31   namespace: default
33 subjects:
34 - kind: ServiceAccount
35   name: default
36   namespace: default
37 roleRef:
38   kind: Role
39   name: drone
40   apiGroup: rbac.authorization.k8s.io

And here is the example deployment:

1  apiVersion: apps/v1
2  kind: Deployment
3  metadata:
4   name: drone
5     labels:
6      app.kubernetes.io/name: drone
7   spec:
8    replicas: 1
9    selector:
10     matchLabels:
11      app.kubernetes.io/name: drone
12   template:
13     metadata:
14       labels:
15         app.kubernetes.io/name: drone
16     spec:
17       containers:
18       - name: runner
19         image: drone/drone-runner-kube:latest
20         ports:
21         - containerPort: 3000
22         env:
23         - name: DRONE_RPC_HOST
24           value: drone.company.com
25         - name: DRONE_RPC_PROTO
26           value: http
27         - name: DRONE_RPC_SECRET
28           value: super-duper-secret

Step 4: Verification

Use the kubectl logs drone -c runner command to view the logs and verify the runner successfully established a connection with the Drone server.

$ kubectl logs drone -c runner 

INFO[0000] starting the server 
INFO[0000] successfully pinged the remote server

How did we do?