I have a problem. Drone can’t receive secrets from Hashicorp vault, and I don’t know where is the problem. Who can help me?
My service stack.
Docker version 19.03.4, build 9013bf583a
docker-compose version 1.24.1, build 4667896
drone/drone:1.6.1 + postgres:11 + drone/vault + vault:1.3.0 + nginx
./drone/docker-compose.yml
version: '3.7'
services:
#Drone ci
drone:
image: 'drone/drone:1.6.1'
restart: always
container_name: drone
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
- '/mnt/data/drone:/data'
environment:
### https://docs.drone.io/installation/providers/bitbucket-cloud/
- 'DRONE_ORGS=mycompany'
- 'DRONE_BITBUCKET_CLIENT_ID=*****'
- 'DRONE_BITBUCKET_CLIENT_SECRET=******'
- 'DRONE_RUNNER_CAPACITY=10'
- 'DRONE_SERVER_HOST=drone.somedomain'
- 'DRONE_SERVER_PROTO=https'
- 'DRONE_TLS_AUTOCERT=false'
### Logging
- 'DRONE_LOGS_TRACE=true'
- 'DRONE_LOGS_TEXT=true'
- 'DRONE_LOGS_PRETTY=true'
- 'DRONE_LOGS_COLOR=true'
### Create admin user
- 'DRONE_USER_CREATE=username:root,admin:true,token:*****'
- 'DRONE_AGENTS_DISABLED=true'
### DB
- 'DRONE_DATABASE_DRIVER=postgres'
- 'DRONE_DATABASE_DATASOURCE=postgres://postgres:******@db:5432/postgres?sslmode=disable'
## VAULT
- 'DRONE_SECRET_PLUGIN_ENDPOINT=http://drone-vault:3000'
- 'DRONE_SECRET_PLUGIN_TOKEN=drone****
drone-vault:
ports:
- '3000:3000'
environment:
- DRONE_DEBUG=true
- DRONE_SECRET=drone*****
- VAULT_ADDR=http://vault:8200
- VAULT_TOKEN=****
- VAULT_API_ADDR=http://vault:8200
restart: always
container_name: drone-vault
image: drone/vault
db:
image: "postgres:11"
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=****
volumes:
- /mnt/data/postgres:/var/lib/postgresql/data
- /mnt/backup:/tmp/pg_backup
networks:
default:
external:
name: nginx-proxy
My drone.yml
kind: pipeline
name: build and publish
steps:
- name: prepare
image: busybox
privileged: true
commands:
- mkdir -p /cache/${DRONE_REPO}/docker
volumes:
- name: cache
path: /cache
- name: docker-build-publish
image: plugins/docker
privileged: true
settings:
username:
from_secret: docker_hub_login
password:
from_secret: docker_hub_pass
repo: somerepo/someimage
tags: latest
when:
branch: master
use_cache: true
volumes:
- name: docker
path: /var/lib/docker
- name: telegram
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_token
to:
from_secret: telegram_id
message: >
{{#success build.status}}
✅ Build #{{build.number}} of `{{repo.name}}` succeeded.
📝 Commit by {{commit.author}} on `{{commit.branch}}`:
```
{{commit.message}}
```
🌐 {{ build.link }}
{{else}}
❌ Build #{{build.number}} of `{{repo.name}}` failed.
📝 Commit by {{commit.author}} on `{{commit.branch}}`:
```
{{commit.message}}
```
🌐 {{ build.link }}
{{/success}}
when:
status: [ success, failure ]
volumes:
- name: cache
host:
path: /var/cache
- name: docker
host:
path: /var/cache/${DRONE_REPO}/docker
---
kind: secret
name: docker_hub_login
get:
path: /secrets/service/ci/prod/docker_hub
name: docker_hub_login
---
kind: secret
name: docker_hub_pass
get:
path: /secrets/service/ci/prod/docker_hub
name: docker_hub_pass
---
kind: secret
name: telegram_token
get:
path: /secrets/service/ci/prod/telegram
name: telegram_token
---
kind: secret
name: telegram_id
get:
path: /secrets/service/ci/prod/telegram
name: telegram_id