- Copy setup script for server:
scp ./setup.sh root@<ip>:/root/- Allow script execution:
chmod +x setup.sh- And run:
./setup.shAbout K3s
Just adapt inventory.yml to something like this:
k3s_cluster:
children:
server:
hosts:
almalinux:
ansible_host: <ip>
ansible_user: ansible
ansible_become: yes
ansible_become_method: sudo
ansible_become_user: root
ansible_ssh_private_key_file: ~/.ssh/id_ansible
vars:
k3s_version: v1.31.12+k3s1
opt_tls_san:
- <ip>
- <domain>
And then:
ansible-playbook playbooks/site.yml -i inventory.yml --ask-become-pass- Obtain read permission for
kubeconfig:
mkdir -p ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $(id -u):$(id -g) ~/.kube/config
chmod 600 ~/.kube/config- Add the following to
~/.bashrc:
export KUBECONFIG=$HOME/.kube/configHelm installation
Simple run the playbook:
ansible-playbook playbooks/helm.yaml --ask-become-pass- Add the Drone Helm Chart repository:
kubectl create namespace drone
helm repo add drone https://charts.drone.io
helm repo update-
Go to GitHub Settings -> Developer Settings -> OAuth Apps -> New OAuth App.
-
In the form, Homepage URL must match the server IP
http://drone.<domain>and the callback to the login routehttp://drone.<domain>/login. -
Set Drone secrets on the server:
kubectl create secret generic drone-secrets \
--namespace drone \
--from-literal=DRONE_RPC_SECRET=$(openssl rand -hex 16) \
--from-literal=DRONE_CONFIG_SECRET=$(openssl rand -hex 16) \
--from-literal=DRONE_GITHUB_CLIENT_ID=<drone_client_id> \
--from-literal=DRONE_GITHUB_CLIENT_SECRET=<drone_client_secret>- Download the chart:
helm pull drone/drone --untar- Set Drone configurations:
cd drone
cat <<-EOF > ./drone-values.yaml
ingress:
enabled: true
hosts:
- host: drone.<domain>
paths:
- path: /
pathType: ImplementationSpecific
env:
DRONE_SERVER_HOST: "drone.<domain>"
DRONE_SERVER_PROTO: "http"
extraSecretNamesForEnvFrom:
- drone-secrets
EOF- Install Drone Server:
helm install drone drone/drone \
--namespace drone \
--values drone-values.yaml- When necessary to update:
helm upgrade drone drone/drone \
--namespace drone \
--values drone-values.yaml- Download the chart:
helm pull drone/drone-runner-docker --untar- Set Drone configurations
cd drone-runner-docker
cat <<-EOF > ./drone-values.yaml
env:
DRONE_RPC_PROTO: "http"
DRONE_RPC_HOST: "drone.<domain>"
DRONE_RUNNER_NAME: "docker-runner"
extraSecretNamesForEnvFrom:
- drone-secrets
EOF- Install Drone Docker Runner:
helm install drone-runner-docker drone/drone-runner-docker \
--namespace drone \
--values drone-values.yaml- When necessary to update:
helm upgrade drone-runner-docker drone/drone-runner-docker \
--namespace drone \
--values drone-values.yaml-
Go to GitHub Settings -> Developer Settings -> Personal access tokens -> Tokens (classic) -> Generate new token (classic)
-
Select scopes "repo" and "read:packages".
-
Set Container Registry access secrets:
kubectl create secret docker-registry ghcr-secrets \
--namespace drone \
--docker-server=ghcr.io \
--docker-username=<username> \
--docker-password=<accessToken>- To verify the exposed addresses:
kubectl get ingress -n drone- Prevent cloud-init from overwriting network configurations:
sudo vi /etc/cloud/cloud.cfg.d/99-disable-network-config.cfgnetwork:
config: disabled- Remove
localhostfrom the list of DNS search domains:
sudo vi /etc/resolv.conf--- /etc/resolv.conf
+++ /etc/resolv.conf
@@ -1,5 +1,4 @@
; Created by cloud-init automatically, do not edit.
;
-search localhost
nameserver 1.1.1.1
nameserver 8.8.4.4- Reboot to apply the changes:
$ sudo reboot