2021-09-11 15:10:32 +00:00
# Kubernetes
Woodpecker does not support Kubernetes natively, but being a container first CI engine, it can be deployed to Kubernetes.
## Deploy with HELM
2021-09-24 12:04:54 +00:00
### Preparation
```shell
# create secrets
kubectl create secret generic woodpecker-secret \
--namespace < namespace > \
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 13:43:44 +00:00
--from-literal=WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32)
2021-09-24 12:04:54 +00:00
kubectl create secret generic woodpecker-github-client \
--namespace < namespace > \
--from-literal=WOODPECKER_GITHUB_CLIENT=xxxxxxxx
kubectl create secret generic woodpecker-github-secret \
--namespace < namespace > \
--from-literal=WOODPECKER_GITHUB_SECRET=xxxxxxxx
# add helm repo
2021-10-14 16:13:57 +00:00
helm repo add woodpecker https://woodpecker-ci.org/
2021-09-24 12:04:54 +00:00
```
### Woodpecker server
```shell
# Install
helm upgrade --install woodpecker-server --namespace < namespace > woodpecker/woodpecker-server
# Uninstall
helm delete woodpecker-server
```
2021-09-24 13:45:35 +00:00
### Woodpecker agent
2021-09-24 12:04:54 +00:00
```shell
# Install
helm upgrade --install woodpecker-agent --namespace < namespace > woodpecker/woodpecker-agent
# Uninstall
helm delete woodpecker-agent
```
2021-09-11 15:10:32 +00:00
## Deploy with kubectl
The following yamls represent a server (backed by sqlite and Persistent Volumes) and an agent deployment. The agents can be scaled by the `replica` field.
By design, Woodpecker spins up a new container for each workflow step. It talks to the Docker agent to do that.
However in Kubernetes, the Docker agent is not accessible, therefore this deployment follows a Docker in Docker setup and we deploy a DinD sidecar with the agent.
Build step containers are started up within the agent pod.
Warning: this approach requires `privileged` access. Also DinD's reputation hasn't been too high in the early days of Docker - this changed somewhat over time, and there are organizations succeeding with this approach.
server.yaml
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker
namespace: tools
labels:
app: woodpecker
spec:
replicas: 1
selector:
matchLabels:
app: woodpecker
template:
metadata:
labels:
app: woodpecker
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
- image: woodpeckerci/woodpecker-server:latest
imagePullPolicy: Always
name: woodpecker
env:
- name: "WOODPECKER_ADMIN"
value: "xxx"
- name: "WOODPECKER_HOST"
value: "https://xxx"
- name: "WOODPECKER_GITHUB"
value: "true"
- name: "WOODPECKER_GITHUB_CLIENT"
value: "xxx"
- name: "WOODPECKER_GITHUB_SECRET"
value: "xxx"
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 13:43:44 +00:00
- name: "WOODPECKER_AGENT_SECRET"
2021-09-11 15:10:32 +00:00
value: "xxx"
volumeMounts:
- name: sqlite-volume
2021-10-28 19:02:43 +00:00
mountPath: /var/lib/woodpecker
2021-09-11 15:10:32 +00:00
volumes:
- name: sqlite-volume
persistentVolumeClaim:
claimName: woodpecker-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: woodpecker-pvc
namespace: tools
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 10Gi
---
kind: Service
apiVersion: v1
metadata:
name: woodpecker
namespace: tools
spec:
type: ClusterIP
selector:
app: woodpecker
ports:
- protocol: TCP
name: http
port: 80
targetPort: 8000
- protocol: TCP
name: grpc
port: 9000
targetPort: 9000
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: woodpecker
namespace: tools
spec:
tls:
- hosts:
- xxx
secretName: xxx
rules:
- host: xxx
http:
paths:
- backend:
serviceName: woodpecker
servicePort: 80
```
agent.yaml
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-agent
namespace: tools
labels:
app: woodpecker-agent
spec:
selector:
matchLabels:
app: woodpecker-agent
replicas: 2
template:
metadata:
annotations:
labels:
app: woodpecker-agent
spec:
containers:
- name: agent
image: woodpeckerci/woodpecker-agent:latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 3000
protocol: TCP
env:
- name: WOODPECKER_SERVER
value: woodpecker.tools.svc.cluster.local:9000
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 13:43:44 +00:00
- name: WOODPECKER_AGENT_SECRET
2021-09-11 15:10:32 +00:00
value: "xxx"
resources:
limits:
cpu: 2
memory: 2Gi
volumeMounts:
- name: sock-dir
path: /var/run
- name: dind
image: "docker:19.03.5-dind"
env:
- name: DOCKER_DRIVER
value: overlay2
resources:
limits:
cpu: 1
memory: 2Gi
securityContext:
privileged: true
volumeMounts:
- name: sock-dir
mountPath: /var/run
volumes:
- name: sock-dir
emptyDir: {}
```