DevOps covers tools and services, that help bridge the gap between development, as well as continuous integration (CI) and continuous delivery (CD). There are lots of free and self-hosted DevOps services that will be covered in this section.
Gitea integration: Yes
Drone is a open-core CI/CD service that offers a very simple pipeline syntax, and runners in VMs, Docker and Kubernetes. Pipelines are configured as YAML files in a .drone.yml
file in your Git repository and can be automatically triggered on push, pull request, CRON or other triggers.
Drone CI - Automate Software Testing and Delivery
Drone can be deployed to Kubernetes with Terraform, by using the Dan6erbond/drone-server/kubernetes module. All the configuration values can be found on the Terraform registry, with an example of the deployment below:
module "drone_server" {
source = "Dan6erbond/drone-server/kubernetes"
version = "1.1.0"
namespace = kubernetes_namespace.drone.metadata.0.name
drone_proto = "https"
drone_host = var.host
drone_gitea_client = var.gitea_client
drone_gitea_secret = var.gitea_secret
drone_gitea_url = "https://${var.gitea_host}"
drone_admin = "comma-delimited list of admin users"
drone_user_filter = "organizations and users permitted to use Drone"
drone_database_driver = "postgres"
drone_database_datasource = "postgres://${postgresql_role.drone.name}:${postgresql_role.drone.password}@postgres.default:5432/${postgresql_database.drone.name}?sslmode=disable"
drone_s3_bucket = minio_s3_bucket.drone.bucket
drone_s3_endpoint = var.s3_host
drone_s3_path_style = true
drone_s3_access_key = minio_iam_service_account.drone.access_key
drone_s3_secret_key = minio_iam_service_account.drone.secret_key
drone_s3_default_region = "your region"
drone_s3_region = "your region"
drone_registration_closed = false
}
Postgres and MinIO are recommended, since the embedded SQLite database requires volumes, and can easily become a pain to manage back-ups or disaster recovery.
Once Drone's server has been deployed, you can also deploy runners to your cluster with the terraform-kubernetes-drone-kubernetes-runner module.
The drone-kubernetes-runner module spins up Drone Kubernetes runners with a ServiceAccount configuration and RBAC for the namespace that is defined. This ensures that it can only create containers in that namespace and has limited privileges to access other resources.
Gitea integration: Yes
Woodpecker is an open-source fork of Drone that currently supports Docker-based runners, which can be configured with DIND in Kubernetes. You can use the Dan6erbond/woodpecker/kubernetes module to deploy Woodpecker to Kubernetes with Terraform.