Drone docker runner on kubernetes

Drone Support
21

Hi @bradrydzewski,

I am starting to build the service using the starter-project, I using https://github.com/drone/drone-go/blob/master/plugin/registry/handler.go and created the secret using
openssl rand -hex 16
and start the service but don’t know what to pass on the curl command in order to test it.
15:07 $ curl -H “Authorization: basic XXXXXX” http://localhost:3000
Invalid or Missing Signature
and tried different authorization but not work

22

@ihakimi the request needs to be signed using http-signatures which can make testing with curl difficult. Instead you can use the drone CLI to test the extension. I believe the following command should work:

$ export DRONE_REGISTRY_ENDPOINT=http://...
$ export DRONE_REGISTRY_SECRET=...
$ drone plugins registry list

When you write an extension you can use repository and build metadata to dynamically determine the response. For example, you may want to use the repository name or build event type to determine the response. This data can also be simulated from the command line using the command line flags:

   --ref value              git reference (default: "refs/heads/master")
   --source value           source branch
   --target value           target branch
   --before value           commit sha before the change
   --after value            commit sha after the change
   --event value            build event
   --repo value             repository name
23

thanks @bradrydzewski got response from service, now need to add my dynamic credentials in order to test it

24

Hi @bradrydzewski,
I built a sevice for image priave registry puller
If I put private image on step its workign but when using the ecr/plugin and on the Dockerfile there is private image url its fails

Step 1/25 : FROM registry.strln.net/thor/alpine_hardened:latest
85 Get https://registry.strln.net/v2/thor/alpine_hardened/manifests/latest: unauthorized: authentication required
86 time=“2020-07-02T13:16:18Z” level=fatal msg=“exit status 1”
87

steps:
- name: login1
  image: registry.strln.net/thor/alpine_hardened:latest
  pull: always
  commands:
    - apk update

- name: push-to-ecr-barnch
  image: plugins/ecr
  settings:
    create_repository: true
    dockerfile: ./Dockerfile
    region: us-east-1
    registry: 991726456769.dkr.ecr.us-east-1.amazonaws.com
    repo: 991726456769.dkr.ecr.us-east-1.amazonaws.com/opsys/ops-deployer
    tags:
    - "${DRONE_BRANCH}"
  environment:
    PLUGIN_PULL_IMAGE: true
    PLUGIN_REPOSITORY_POLICY: ecr_repository_policy.json
  when:
    event:
    - push
25

@ihakimi the registry credential plugin provides the runner with credentials to pull pipeline step images, however, these credentials are not shared with plugins for security reasons. But no worries, we have another extension type that can be used to provide plugins with default configuration parameters (called an environment extension). We can help you combine these into a single Go program so that you can have a single codebase and share code. How about we setup a quick 30 minute call to walk through this?

26

sure, if we can have it today later on in about 3 hours it will be great, you have my info

27

Hi @bradrydzewski, @ashwilliams1

I was able to run the registry plugin + env and its works successfully I have several question and use case come up from upgrade I did to our teams.

  1. How can I do build & test on Kubernetes, I tried to run docker daemon and mount volume for next step but I am getting exit code 1 ? - Build and test Docker images with DIND
  2. When I tried to use docker:dind service and mount the volume, the authentication to ECR repository (AWS) which work on ECR/Plugin and for regular step didn’t work when I run the command docker build. I got and error authorized.
  3. Image caching, developers asked me for image caching for maximum performance, does it supported?
  4. Ways to rollback my deployment I saw there is an endpoint but didn’t find any information regarding this
28

any update regarding this?