Build and publish containers from Kubernetes cluster

Drone Support
1

I have drone/drone:1 running on a k8s cluster, and am attempting to install and configure runners for it. Whatever type of official Drone container image I chose from dockerhub, none of the work. I’m currently using drone/drone-runner-docker, but get the error: time=“2019-12-03T17:53:59Z” level=error msg=“cannot ping the docker daemon” error=“Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?”. The UI shows no errors, the hourglass just continues to wobble and the message box says “Pending”.

My current k8s configuration for drone:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone
  namespace: default
  labels:
    app: drone
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone
  template:
    metadata:
      labels:
        app: drone
    spec:
      containers:
      - name: drone
        image: drone/drone:1
        imagePullPolicy: Always
        ports:
          - containerPort: 80
          - containerPort: 443
        env:
        - name: DRONE_GITHUB_CLIENT_ID
          value: "a"
        - name: DRONE_GITHUB_CLIENT_SECRET
          value: "a"
        - name: DRONE_SERVER_PROTO
          value: http
        - name: DRONE_SERVER_HOST
          value: "a.a.com"
        - name: DRONE_RPC_SECRET
          value: "a"
        volumeMounts:
        - name: drone-data
          mountPath: /data
      volumes:
      - name: drone-data
        persistentVolumeClaim:
          claimName: drone-claim
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  namespace: default
  labels:
    app: drone-runner
spec:
  replicas: 2
  selector:
    matchLabels:
      app: drone-runner
  template:
    metadata:
      labels:
        app: drone-runner
    spec:
      containers:
      - name: runner
        image: drone/drone-runner-docker
        imagePullPolicy: Always
        ports:
          - containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          value: "a .a .com"
        - name: DRONE_RPC_PROTO
          value: http
        - name: DRONE_RPC_SECRET
          value: "a"
      volumes:
      - hostPath: 
          path: /var/run/docker.sock
          type: Socket
        name: docker-socket
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: my-volume
  labels:
    failure-domain.beta.kubernetes.io/zone: us-central1-a__us-central1-b
spec:
  capacity:
    storage: 200Gi
  accessModes:
  - ReadWriteOnce
  gcePersistentDisk:
    pdName: my-disk
    fsType: ext4
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: drone-claim
  labels:
    app: drone
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi

One of the drone.yml files that used to work is below:

kind: pipeline
name: default

steps:
  - name: docker-build-and-publish
    image: plugins/docker
    settings:
      repo: jbc22/mitre-attack-translator
      username: jbc22
      password: a
      auto_tag: true
    publish:
      image: jbc22/mitre-attack-translator
      report: jbc22/mitre-attack-translator

  - name: deploy
    image: quay.io/honestbee/drone-kubernetes
    kubernetes_server: https://test-cluster-bb1d8-elb-2052169763.us-west-2.elb.amazonaws.com
    kubernetes_token: a
    namespace: production
    deployment: secodify-attack-xlate
    container: https://index.docker.io/v1/jbc22/mitre-attack-translator
    tag: latest
2

If you are running Drone on Kubernetes you might consider using the Kubernetes runner. https://docs.drone.io/runner/kubernetes/overview/. The Kubernetes runner is similar to the Docker runner, but launches native Kubernetes resources and does not require access to the host machine Docker socket. The Kubernetes runner is recommended when running Drone on Kubernetes.

But that aside, if you are receiving this error message it could indicate the volume is not being mounted into your container or it lacks write permission to the socket, or it could indicate the socket does not exist on the host machine. I am no Kubernetes expert, but looking at your configuration I wonder if it is missing the volume mount?

    spec:
      containers:
      - name: runner
        image: drone/drone-runner-docker
        imagePullPolicy: Always
        ports:
          - containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          value: "a .a .com"
        - name: DRONE_RPC_PROTO
          value: http
        - name: DRONE_RPC_SECRET
          value: "a"
+       volumeMounts:
+       - mountPath: /var/run/docker.sock
+         name: docker-socket
      volumes:
      - hostPath: 
          path: /var/run/docker.sock
          type: Socket
        name: docker-socket

I also noticed issues with your yaml configuration file. Once you resolve the current issue with the runner, you will need to tweak your yaml file. The first thing to note is there is no publish block in the yaml so this can be removed:

-    publish:
-      image: jbc22/mitre-attack-translator
-      report: jbc22/mitre-attack-translator

The second thing to note is that all plugin settings need to be declared under the settings block. I am guessing the plugin documentation for quay.io/honestbee/drone-kubernetes is outdated and the author has not updated. I am guessing it should probably look something like this:

  - name: deploy
    image: quay.io/honestbee/drone-kubernetes
-   kubernetes_token: a
-   namespace: production
-   deployment: secodify-attack-xlate
-   container: https://index.docker.io/v1/jbc22/mitre-attack-translator
-   tag: latest
+   settings:
+     kubernetes_server: https://test-cluster-bb1d8-elb-2052169763.us-west-2.elb.amazonaws.com
+     kubernetes_token: a
+     namespace: production
+     deployment: secodify-attack-xlate
+     container: https://index.docker.io/v1/jbc22/mitre-attack-translator
+     tag: latest
3

The volumeMount was the problem. Thanks so much!