How Install Drone on kubernetes with ingress, ssl without helm chart

Harness Experts
1

To install Drone on Kubernetes with ingress and a free SSL certificate from Let’s Encrypt, you can follow these steps:

  1. Install the Cert-Manager Kubernetes addon:

Cert-Manager is a Kubernetes addon that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt. To install Cert-Manager, follow the installation instructions in the official Cert-Manager documentation:

  1. Create a Kubernetes secret to hold your Drone server’s shared secret:
kubectl create secret generic drone-secret --from-literal=sharedsecret=<your shared secret>

Replace <your shared secret> with the shared secret you want to use for Drone.

  1. Create a ConfigMap to hold your Drone configuration:
kubectl create configmap drone-config \
  --from-literal=DRONE_SERVER_PROTO=https \
  --from-literal=DRONE_SERVER_HOST=<your ingress host> \
  --from-literal=DRONE_SERVER_SECRET=$(kubectl get secret drone-secret -o jsonpath="{.data.sharedsecret}" | base64 --decode) \
  --from-literal=DRONE_GITHUB_CLIENT_ID=<your GitHub client ID> \
  --from-literal=DRONE_GITHUB_CLIENT_SECRET=<your GitHub client secret>

Replace <your ingress host> with the hostname for your ingress controller. Replace <your GitHub client ID> and <your GitHub client secret> with the appropriate values for your GitHub OAuth application.

  1. Create a Deployment for Drone:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone-server
  template:
    metadata:
      labels:
        app: drone-server
    spec:
      containers:
        - name: drone-server
          image: drone/drone:latest
          envFrom:
            - configMapRef:
                name: drone-config
          ports:
            - containerPort: 80
              name: http

This Deployment will create one replica of the Drone server container using the configuration from the ConfigMap.

  1. Create a Service for the Drone server:
apiVersion: v1
kind: Service
metadata:
  name: drone-server
spec:
  selector:
    app: drone-server
  ports:
    - name: http
      port: 80

This Service will expose the Drone server container to other pods in the cluster.

  1. Create an Ingress resource to route traffic to the Drone server and obtain an SSL certificate from Let’s Encrypt:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: drone-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
    - hosts:
        - <your ingress host>
      secretName: drone-tls-secret
  rules:
    - host: <your ingress host>
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: drone-server
                port:
                  name: http

Replace <your ingress host> with the hostname you want to use for accessing Drone.

In this Ingress resource, we are specifying the letsencrypt-prod cluster issuer from Cert-Manager to obtain a SSL certificate from Let’s Encrypt. This issuer will generate a new SSL certificate and automatically renew it when necessary.

  1. Apply the Kubernetes resources:
kubectl apply -f drone.yaml

Replace drone.yaml with the name of the YAML file that contains the Kubernetes resources.