Drone on Kubernetes (GCP)

Drone Support
1

Hi,

I’m currently trying to set up Drone on Kubernetes although I’m having real trouble trying to get the agent to talk to the server but just get:

grpc error: done(): code: Internal: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: 1

I’ve been reading this issue:

https://github.com/drone/drone/issues/2246

…and it seems that a LoadBalancer shouldn’t be used at the moment.

Does anybody have a Kubernetes service manifest that I could use to set up Drone in a K8s cluster? I’ve been banging my head against a wall for two days and about to give up so I hope somebody has something that I could use!!

My service manifest looks like:

apiVersion: v1
kind: Service
metadata:
  name: drone-service
  namespace: drone
spec:
  type: LoadBalancer
  ports:
  - name: "http"
    port: 80
    targetPort: 8000
  - name: "grpc"
    port: 9000
    targetPort: 9000
  selector:
    app: drone-server

Thanks,

Beth

2

yeah, I got mine working. I can look at tonight and send to you

1 Like
3

I believe I used something similar to https://github.com/stevenaldinger/k8s-drone/tree/master/k8s

4

Did you get yours working over port 9000? When starting up the agent pod is reporting:

INFO: 2018/05/08 22:42:14 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 10.59.242.16:9000: i/o timeout"; Reconnecting to {drone-service:9000 <nil>}

…although I’m sure I have port 9000 open on the service. kubectl --namespace=drone get services returns:

NAME            TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
drone-service   ClusterIP   10.59.242.16   <none>        8000/TCP,9000/TCP   15s
5

I get it working on the same port as you are. If you run on minikube like I do, you can minikube ssh into your port and try to telnet drone-server 9000 to see if you can get there. If you post your config, I can take a look. Sorry to get back late. I didn’t know the easy way to look for replies that i haven’t replied.

6

I have exactly the same config but I don’t have the type: LoadBalancer line.

7

I you’re using GKE (Google Kubernetes Engine) I really recommend using the Helm Chart for Drone :
Drone Chart

Also I’ve written a full tutorial on how to setup Drone on GKE with TLS:

https://blog.depado.eu/post/ci-cd-with-drone-kubernetes-and-helm-1

8

Helm looks like a handy tool so I followed your tutorial. It bothered me that in this tutorial, you use a full domain name host(drone.myhost.io). I do not want to register my static ip to DNS right now. Is there a way to use the static ip alone without declaring a valid host name? I want to connect to drone server using ip.

I try to ignore ingress host variable in values.yaml but helm didn’t parse the ingress backend service part. Is the host domain required for drone’s chart?

9

Hi !
Note that Drone’s Helm chart moved from the incubator to the stable branch : https://github.com/helm/charts/tree/master/stable/drone

Simply ignore the hostname part. It think it will work. Remember to keep the variable tls.enabled to true otherwise Helm won’t attempt to create an Ingress, and change server.host to your valid IP address. If that doesn’t solve your issue, please contact me directly so we can discuss this issue.

1 Like
10

Hi Depado,

Thank you for your quick response. I took a look at the chart for stable/drone, but I didn’t see a config for tls.enabled. So I tried this in the ingress part of my values.yaml:

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: "drone-kube"
    kubernetes.io/ingress.allow-http: "true"
  tls: 
    enabled: true

and run with --dry-run flag helm create this ingress yaml for me:

# Source: drone/templates/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.allow-http: "true"
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: "drone-kube"
  labels:
    app: drone
    heritage: "Tiller"
    release: "drone"
    chart: "drone-1.4.0"
  name: drone-drone
spec:
  rules:
  tls:
    enabled: true

I used to build a jenkins server in k8s which could be accessed using static ip address. It had the yaml setting like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: jenkins
  namespace: jenkins
  annotations:
    kubernetes.io/ingress.global-static-ip-name: jenkins-kube
spec:
  tls:
  - secretName: tls
  backend:
    serviceName: jenkins-server
    servicePort: 5000

I thought if I could create the ingress yaml like this for drone with helm, then I could access drone server with bare static ip address. I felt tls.enabled may be not the right settings in drone chart. And I think it may be impossible because I found this in values.yaml in stable/drone, they mentioned the hostname is required.

Maybe when you are using helm to install drone, the best way is to always provide a valid domain name?
Or maybe I could disable the ingress part and make my own ingress for drone?

11

Hello,

I’m sorry I made a mistake. It’s not tls.enabled but indeed ingress.enabled. I think you can put your IP address in the host section. Just remember to tweak the server.host variable and put your IP address in there. Unfortunately, it can’t just be the name of your External IP since it won’t resolve, you’ll have to put the actual IP address. Drone requires this for its hooks.

Also, yes, you can forget about TLS right now, it will mess with your configuration.

Creating your own Ingress would work. Especially if you already have one in place. If you keep reading my tutorial you’ll see how to handle TLS certificates too using cert-manager. But that requires an actual domain name.

12

Thanks for the help! I’ve used the Helm chart and it’s working well. Next thing is to get TLS working with cert-manager.

1 Like