Drone server in Kubernetes (k3s) does not pick jobs

mnavarrocarter · August 7, 2019, 1:35pm

Hi there!

First of all, thank you for this amazing tool! I’ve been trying your cloud version and it works beautifully. (Nice UI too!)

I’ve followed the documentation available in the site to install drone connected to Github in a Kubernetes cluster. I performed the typical steps like linking my Github app and setting the RPC secret. As far as I understand, I don’t need runners since the Kubernetes integration (which is enabled), will create runners using the Kubernetes api.

This is the definition I’m deploying to my cluster:

# This is the PVC for drone-server
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: drone-volume
  namespace: default
  labels:
    app: drone-ci-server
spec:
  storageClassName: local-path
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
# These are the secrets for drone
apiVersion: v1
kind: Secret
metadata:
  name: drone-secrets
  namespace: default
data:
  rpcSecret: <the base64 encoded rpc secret>
  githubClientId: <the base64 github client id>
  githubClientSecret: <the base64 github client secret>
---
# This is the server deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-ci-server
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone-ci-server
  template:
    metadata:
      labels:
        app: drone-ci-server
    spec:
      containers:
      - name: drone-ci
        image: drone/drone:1.2.3
        volumeMounts:
          - name: droneci-data
            mountPath: /var/lib/drone
        env:
          - name: DRONE_KUBERNETES_ENABLED
            value: "true"
          - name: DRONE_KUBERNETES_NAMESPACE
            value: drone-runners
          - name: DRONE_GITHUB_SERVER
            value: https://github.com
          - name: DRONE_GITHUB_CLIENT_ID
            valueFrom:
              secretKeyRef:
                name: drone-secrets
                key: githubClientId 
          - name: DRONE_GITHUB_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                name: drone-secrets
                key: githubClientSecret
          - name: DRONE_RPC_SECRET
            valueFrom:
              secretKeyRef:
                name: drone-secrets
                key: rpcSecret
          - name: DRONE_SERVER_HOST
            value: drone.mnavarro.dev
          - name: DRONE_SERVER_PROTO
            value: https
          - name: DRONE_USER_CREATE
            value: "username:mnavarrocarter,admin:true"
          - name: DRONE_USER_FILTER
            value: mnavarrocarter
      volumes:
        - name: droneci-data
          persistentVolumeClaim:
            claimName: drone-volume
---
# This is the server service
apiVersion: v1
kind: Service
metadata:
  name: drone-ci-server
  namespace: default
spec:
  ports:
  - name: http
    port: 80
  selector:
    app: drone-ci-server
---
# This is the ingress for the server
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: drone-ci-server
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "traefik"
    certmanager.k8s.io/issuer: "letsencrypt-prod"
    certmanager.k8s.io/acme-challenge-type: http01

spec:
  tls:
  - hosts:
    # Change this to your own hostname
    - drone.mnavarro.dev
    secretName: drone-mnavarro-dev-tls
  rules:
  # Change this to your own hostname
  - host: drone.mnavarro.dev
    http:
      paths:
      - path: /
        backend:
          serviceName: drone-ci-server
          servicePort: 80

As you can see, I’m creating a secrets set, a pvc, a deployment, a service and also an ingress. Everything works as expected: I can log in to the server, list my repositories, activate them and all that.

But, when code is pushed and has a valid .drone.yml, I see no signal of anything being triggered. The drone pod logs just contain logs related to the enabling of services:

{"level":"info","msg":"main: kubernetes scheduler enabled","time":"2019-08-07T12:41:34Z"}
{"admin":true,"level":"info","login":"mnavarrocarter","machine":false,"msg":"bootstrap: account created","time":"2019-08-07T12:41:34Z","token":"<token>"}
{"acme":false,"host":"drone.mnavarro.dev","level":"info","msg":"starting the http server","port":":80","proto":"https","time":"2019-08-07T12:41:34Z","url":"https://drone.mnavarro.dev"}
{"interval":"30m0s","level":"info","msg":"starting the cron scheduler","time":"2019-08-07T12:41:34Z"}

I have the impression that the issue can be related with the “flavor” of Kubernetes that I’m using. I’m using k3s, a lightweight version developed by Rancher. I think the most significant difference is that uses containerd instead of docker. But again, my guts tell me that may not be the case, because it seems the job is not even reaching the server pod.

I checked on Github, and the job was sent, both to my custom drone server and the one at drone.io. The one in drone.io worked with no problem.

I’ll be really grateful if you can help me spot my issue. Maybe I’m missing something obvious in the config, but I don’t know what it may be.

Thanks!

josipradic · September 1, 2019, 10:12am

Hello,

I am facing exactly the same issue. Could you share with me please if you solved this problem and how?

josipradic · September 2, 2019, 10:55am

Hi,

I’ve figured it out. In my case the problem was with the improper URL defined in repository’s webhook. Since I was using Gitea I think it will be a bit different for you, but check it out just in case - maybe GitHub couldn’t reach your drone’s server’s URL to initiate the webhook.

I’ve added in my custom_values.yaml the additional config:
server:
host: drone-drone.drone:80

I was deploying drone in drone namespace, and by default the value was set to: drone-drone. That is the reason why it couldn’t work.

Hope that helps!