This is a terraform definition with some scripts to make it easy to bootstrap https://drone.io into a GKE cluster using:
- GitHub as default VCS
drone-runner-kube
as runnersqlite
as a database, stored in a GCE Persistent Disk
This will expose your Drone CI server in a public IP without TLS. Terraform will output the IP for you.
The scripts can:
- Enable and disable gcloud services
- Create and destroy terraform service accounts with editor roles
The terraform definition can provision:
- GKE cluster
- Random Master Password Generation
- Separate managed node pool
- Using Preemptible Instances
- GCE External IP Address
- GCE Persistent Disk to store Drone CI master configuration and data
- All Kubernetes resources Drone CI needs to run:
- Namespace
drone
- Secret
drone-secrets
with the RPC secret stored- Random Secret Generation
- ConfigMap
drone-config
with all configuration for server and runners - Deployment for the Drone Server
- Environment Variables loaded from Config Map
- Environment Variables loaded from Secret
- Volumes mounted from GCE Persistent Disk
- Service as an ingress load balancer to the Drone Server
- With GCE External IP Address Assigned
- Role for the Drone Runner
- Role Binding for the Drone Runner
- Service Account for the Drone Runner
- A deployment for the Drone Runner
- With Service Account binded
- Namespace
- Run workload in different k8s namespace
- Enable horizontal and vertical autoscaling
Create a Github OAuth Application so you can have a Github Client ID and a Github Client Secret.
Change the region and the zones accordingly. Also, change it to use your github client id and secrets here.
cat > ./variables.tfvars <<EOL
gcloud_region = "us-central1"
gcloud_zone = "us-central1-c"
drone_github_client_id = "github-client-id"
drone_github_client_secret = "github-client-secret"
EOL
gcloud auth login
gcloud config set project [PROJECT-ID]
Here we're using GCS to store remote terraform state, so you need to create a bucket and a backend configuration file.
# This script will output a terraform-state-[hex] bucket name for you
./scripts/create-terraform-state-gcs.sh
Get the gcs name and then generate a ./backend.tfvars
file
cat > ./backend.tfvars <<EOL
bucket = "terraform-state-[hex]"
prefix = "production"
EOL
source ./scripts/_shared.sh
./scripts/enable-gcloud-services.sh
./scripts/create-terraform-service-account.sh
terraform init -backend-config=./backend.tfvars
terraform plan -var-file=./variables.tfvars
terraform apply -var-file=./variables.tfvars
Terraform will provision a Static IP Address for you in GCE and will output it.
It will look like this:
cluster_endpoint = 34.30.4.746
cluster_node_pools = []
cluster_password = blablablbla
cluster_username = drone-cluster-master
drone_server_external_ip = 32.42.37.14
Edit your Github OAuth application to use the drone_server_external_ip
output.
source ./scripts/_shared.sh
terraform destroy -var-file=./variables.tfvars
./scripts/delete-terraform-service-account.sh
./scripts/disable-gcloud-services.sh
MIT, Armando Magalhaes, 2020