Installation Guide

This article explains how to install the Kubernetes runner on Linux. The Kubernetes runner is packaged as a minimal Docker image distributed on DockerHub.

Step 1 - Configure

The Kubernetes runner is configured using environment variables. This article references the below configuration options. See Configuration for a complete list of configuration options.

  • DRONE_RPC_HOST
    provides the hostname (and optional port) of your Drone server. The runner connects to the server at the host address to receive pipelines for execution.
  • DRONE_RPC_PROTO
    provides the protocol used to connect to your Drone server. The value must be either http or https.
  • DRONE_RPC_SECRET
    provides the shared secret used to authenticate with your Drone server. This must match the secret defined in your Drone server configuration.

Step 2 - Authenticate

The Kubernetes runner uses in-cluster authentication to communicate with the Kubernetes API. Please ensure the Kubernetes runner is associated with a service account when deployed to your cluster.

Step 3 - Install

The following is a rudimentary manifest file used to configure and install the Kubernetes runner. Remember to replace the environment variables below with the correct values.

Here are the sample rbac rules:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: drone
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - create
  - delete
  - list
  - watch
  - update

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone
  namespace: default
subjects:
- kind: ServiceAccount
  name: default
  namespace: default
roleRef:
  kind: Role
  name: drone
  apiGroup: rbac.authorization.k8s.io

And here is the example deployment:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone
  labels:
    app.kubernetes.io/name: drone
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: drone
  template:
    metadata:
      labels:
        app.kubernetes.io/name: drone
    spec:
      containers:
      - name: runner
        image: drone/drone-runner-kube:latest
        ports:
        - containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          value: drone.company.com
        - name: DRONE_RPC_PROTO
          value: http
        - name: DRONE_RPC_SECRET
          value: super-duper-secret

Step 4 - Verify

Use the kubectl logs drone -c runner command to view the logs and verify the runner successfully established a connection with the Drone server.

$ kubectl logs drone -c runner

INFO[0000] starting the server
INFO[0000] successfully pinged the remote server 

Migration Issues

If you are migrating from the legacy Kubernetes runtime to the new Kubernetes runner please unset the following server environment variables:

DRONE_AGENTS_DISABLED
DRONE_KUBERNETES_ENABLED