mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-02 05:38:43 +00:00
K8s DinD deployment
This commit is contained in:
parent
4505d892f8
commit
cf8bca5bc7
1 changed files with 165 additions and 1 deletions
|
@ -189,4 +189,168 @@ A [Prometheus endpoint](/administration/prometheus) is exposed.
|
||||||
|
|
||||||
## Behind a proxy
|
## Behind a proxy
|
||||||
|
|
||||||
See the [proxy guide](/administration/proxy) if you want to see a setup behind Apache, Nginx, Caddy or ngrok.
|
See the [proxy guide](/administration/proxy) if you want to see a setup behind Apache, Nginx, Caddy or ngrok.
|
||||||
|
|
||||||
|
## Deploying on Kubernetes
|
||||||
|
|
||||||
|
Woodpecker does not support Kubernetes natively, but being a container first CI engine, it can be deployed to Kubernetes.
|
||||||
|
|
||||||
|
The following yamls represent a server (backed by sqlite and Persistent Volumes) and an agent deployment. The agents can be scaled by the `replica` field.
|
||||||
|
|
||||||
|
By design, Woodpecker spins up a new container for each workflow step. It talks to the Docker agent to do that.
|
||||||
|
|
||||||
|
However in Kubernetes, the Docker agent is not accessible, therefore this deployment follows a Docker in Docker setup and we deploy a DinD sidecar with the agent.
|
||||||
|
Build step containers are started up within the agent pod.
|
||||||
|
|
||||||
|
Warning: this approach requires `privileged` access. Also DinD's reputation hasn't been too high in the early days of Docker - this changed somewhat over time, and there are organizations succeeding with this approach.
|
||||||
|
|
||||||
|
server.yaml
|
||||||
|
```yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
namespace: tools
|
||||||
|
labels:
|
||||||
|
app: woodpecker
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: woodpecker
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: woodpecker
|
||||||
|
annotations:
|
||||||
|
prometheus.io/scrape: 'true'
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- image: laszlocloud/woodpecker-server:v0.9.2
|
||||||
|
imagePullPolicy: Always
|
||||||
|
name: woodpecker
|
||||||
|
env:
|
||||||
|
- name: "DRONE_ADMIN"
|
||||||
|
value: "xxx"
|
||||||
|
- name: "DRONE_HOST"
|
||||||
|
value: "https://xxx"
|
||||||
|
- name: "DRONE_GITHUB"
|
||||||
|
value: "true"
|
||||||
|
- name: "DRONE_GITHUB_CLIENT"
|
||||||
|
value: "xxx"
|
||||||
|
- name: "DRONE_GITHUB_SECRET"
|
||||||
|
value: "xxx"
|
||||||
|
- name: "DRONE_SECRET"
|
||||||
|
value: "xxx"
|
||||||
|
volumeMounts:
|
||||||
|
- name: sqlite-volume
|
||||||
|
mountPath: /var/lib/drone
|
||||||
|
volumes:
|
||||||
|
- name: sqlite-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: woodpecker-pvc
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-pvc
|
||||||
|
namespace: tools
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: local-path
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
||||||
|
---
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
namespace: tools
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
selector:
|
||||||
|
app: woodpecker
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
name: http
|
||||||
|
port: 80
|
||||||
|
targetPort: 8000
|
||||||
|
- protocol: TCP
|
||||||
|
name: grpc
|
||||||
|
port: 9000
|
||||||
|
targetPort: 9000
|
||||||
|
---
|
||||||
|
kind: Ingress
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
namespace: tools
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- xxx
|
||||||
|
secretName: xxx
|
||||||
|
rules:
|
||||||
|
- host: xxx
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- backend:
|
||||||
|
serviceName: woodpecker
|
||||||
|
servicePort: 80
|
||||||
|
```
|
||||||
|
|
||||||
|
agent.yaml
|
||||||
|
```yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: tools
|
||||||
|
labels:
|
||||||
|
app: woodpecker-agent
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: woodpecker-agent
|
||||||
|
replicas: 2
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
labels:
|
||||||
|
app: woodpecker-agent
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: agent
|
||||||
|
image: laszlocloud/woodpecker-agent:v0.9.2
|
||||||
|
imagePullPolicy: Always
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
env:
|
||||||
|
- name: DRONE_SERVER
|
||||||
|
value: woodpecker.tools.svc.cluster.local:9000
|
||||||
|
- name: DRONE_SECRET
|
||||||
|
value: "xxx"
|
||||||
|
- name: DOCKER_HOST
|
||||||
|
value: tcp://localhost:2375
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 2
|
||||||
|
memory: 2Gi
|
||||||
|
- name: dind
|
||||||
|
image: "docker:19.03.5-dind"
|
||||||
|
env:
|
||||||
|
- name: DOCKER_DRIVER
|
||||||
|
value: overlay2
|
||||||
|
- name: DOCKER_TLS_CERTDIR
|
||||||
|
value: "" # due to https://github.com/docker-library/docker/pull/166 & https://gitlab.com/gitlab-org/gitlab-runner/issues/4512
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 1
|
||||||
|
memory: 2Gi
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in a new issue