Drone runners don't pick up jobs

Drone Support
1

I have a drone server running in GCP, and if I use legacy kubernetes or drone-agents, they will execute my pipelines, but when I try switching to the latest drone-runners, my build sits in Pending and the runners never pick up the steps, even though the logs show. “successfully pinged the remote server”. Any idea what would cause this? Are there any changes required of the .drone.yaml in order to migrate from agents to runners?

my drone-values.yaml:

service:
httpPort: 80

ingress:
enabled: false

server:
host: XXXXXXXX
protocol: https
rpcProtocol: http
port: 80
adminUser: jltrippett
kubernetes:
## set to true if you want drone to use old kubernetes legacy to run pipelines, false for agents or runners
enabled: false
logs:
debug: true

sourceControl:
provider: github
secret: drone-github-secrets
github:
clientID: XXXXXXXXXXXXXXX
server: https://github.com
clientSecretKey: githubClientSecret

runner:
## requires server.kubernetes.enabled=false
enabled: true
logs:
debug: true
## Number of drone kube-runner replicas
replicas: 4

One of my pipelines:

kind: pipeline
name: infra
globals:

  • &docker_creds
    DOCKER_USERNAME:
    from_secret: docker_username
    DOCKER_PASSWORD:
    from_secret: docker_password
    image_pull_secrets:
  • dockerconfig
    volumes:
  • name: dockerrun
    host:
    path: /var/run
    trigger:
    branch:
    include:
    • master
    • production
      event:
    • push
    • pull_request
      steps:
      #################

Build Auto

#################

  • name: AutoBuild
    image: docker
    volumes:
    • name: dockerrun
      path: /var/run
      environment:
      <<: *docker_creds
      commands:
    • docker login --username=$DOCKER_USERNAME --password=$DOCKER_PASSWORD
    • docker build
      –tag activatedinsights/auto:${DRONE_COMMIT}
      –cache-from activatedinsights/auto:latest
      auto
    • docker push activatedinsights/auto

#################

Build UI Tests

#################

  • name: UITestsBuild
    image: docker
    volumes:
    • name: dockerrun
      path: /var/run
      environment:
      <<: *docker_creds
      commands:
    • docker login --username=$DOCKER_USERNAME --password=$DOCKER_PASSWORD
    • docker build
      –tag activatedinsights/uitests:${DRONE_COMMIT}
      uitests
    • docker push activatedinsights/uitests
      resources:
      requests:
      memory: 100Mi
2

You need to include the type parameter so that Drone can delegate pipeline execution to the correct type of runner. If type is undefined, Drone defaults to type docker for legacy reasons.

 kind: pipeline
+type: kubernetes
 name: test
3

Hi Brad,

That did get the builds picked up. However, I am now getting an immediate error on the service account permissions:

infra: pods “drone-0bddltoe835d2n4vzplj” is forbidden: User “system:serviceaccount:drone:drone-drone-pipeline” cannot update resource “pods” in API group “” in the namespace “drone”

infra – clone: Error

4

It sounds like a permission error. I recommend taking a look at the sample rbac rules in the docs which are confirmed to work.
https://docs.drone.io/runner/kubernetes/installation/#installation

I do not have any working knowledge of kubernetes, but perhaps others in this forum will be able to help if you require further assistance.

5

I thought that the drone helm chart created the rbac and service accounts? I do not have any custom configuration for those.

6

Found the problem. The role-pipeline.yaml in the helm chart is missing the update verb. Cloned it locally and added that and now it’s running!

7

are you using the official charts at https://github.com/drone/charts ?