Enable TLS between drone server and k8s runner fails

Drone Support
1

Hi, we deployed drone server and k8s runner via helm.
Drone server is behind nginx load balancer equipped with managed certificate (ACM).

We would like to enable encryption between drone server and runner as well.

I already created a tls secret.

from the k8s runner helm chart:

ingress:
  enabled: true
#  annotations:
#    kubernetes.io/ingress.class: nginx
  hosts:
    - host: myhost.com
      paths:
        - "/"
  tls:
    - secretName: k8s-runner-tls-secret
      hosts:
      - myhost.com

I’m getting this error when I switch the enabled: true:

Error: UPGRADE FAILED: error validating "": error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "serviceName" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "servicePort" in io.k8s.api.networking.v1.IngressBackend]

Is it a known issue with the chart?

Thanks in advance,
Erez

2

some updates in this issue:
we made more changes to try to connect with https from the drone runner to the drone server:
using the below:
extraSecretNamesForEnvFrom:

  • k8s-runner-tls-secret
    and also changing the service as follows:
    service:
    type: ClusterIP
    port: 443
    we also used kustomize to change the service updated as follows:
    spec:
    type: ClusterIP
    ports:
    • port: 443
      targetPort: https
      protocol: TCP
      name: https
      when we ssh to the drone-runner and try perform https api call to the server we it is not succeed.
      from the drone server logs we see the following:

{“acme”:false,“host”:“opsys-drone-us-west-2.cpipe-csec.com”,“level”:“info”,“msg”:“starting the http server”,“port”:“:443”,“proto”:“https”,“time”:“2021-08-16T04:46:33Z”,“url”:“https://opsys-drone-us-west-2.cpipe-csec.com”}
{“interval”:“24h0m0s”,“level”:“info”,“msg”:“starting the zombie build reaper”,“time”:“2021-08-16T04:46:33Z”}
interrupt received, terminating process
{“error”:“context canceled”,“level”:“fatal”,“msg”:“program terminated”,“time”:“2021-08-16T04:47:02Z”}

3

and when perform pod describe we see the following error:

Liveness probe failed: Get “https://192.168.128.5:443/”: dial tcp 192.168.128.5:443: connect: connection refused

Blockquote
we also tried to update the deployment.yaml with customize as follows but with no success:

apiVersion: apps/v1
kind: Deployment
metadata:
name: opsys-drone
spec:
template:
spec:
containers:
- name: server
ports:
- name: https
containerPort: 443
protocol: TCP

last comment:
we see that the server listen on port 443 and we tried to ssh to the drone-server and perform:

/ # curl -k https://localhost
but again we got:

curl: (7) Failed to connect to localhost port 443: Connection refused

please advise what we may have missed here.
Thanks.