Drone

Drone 1 on k8s with Helm - Permission denied

I’m running Drone on k8s via helm (v2.0.0-rc.14) connected to a BB repository. I got it set up and many of my pipelines work however I’m stuck with a couple that raise a permission denied error. For instance

kind: pipeline
name: default

steps:

- name: build
  image: node:10-stretch
  pull: always
  commands:
    - yarn install --silent --no-progress
    - yarn lint
    - yarn test
    - yarn build

Returns the below issue.

+ yarn lint
12 yarn run v1.16.0
13 $ vue-cli-service lint
14 /bin/sh: 1: vue-cli-service: Permission denied

whoaim returns root. I see this issue also when trying to run some features tests on a ruby project so I don’t believe it’s npm/yarn specific.

I’m using terraform to deploy helm and the config is as below.

resource "helm_release" "drone" {
  name          = "drone"
  chart         = "stable/drone"
  version       = "2.0.0-rc.14"
  recreate_pods = true

  set {
    name  = "service.type"
    value = "NodePort"
  }

  set {
    name  = "server.host"
    value = "drone.xxxxx.com"
  }

  set {
    name  = "server.protocol"
    value = "https"
  }

  set {
    name  = "server.env.DRONE_TLS_AUTOCERT"
    value = "false"
  }

  set_string {
    name  = "server.env.DRONE_USER_FILTER"
    value = "xxxxx"
  }

  set {
    name  = "server.env.DRONE_DATABASE_DRIVER"
    value = "postgres"
  }

  set {
    name  = "server.env.DRONE_LOGS_TRACE"
    value = true
  }

  set_sensitive {
    name  = "server.env.DRONE_DATABASE_DATASOURCE"
    value = "xxxxx"
  }

  set {
    name  = "server.kubernetes.namespace"
    value = "xxxxx"
  }

  set {
    name  = "sourceControl.provider"
    value = "bitbucketCloud"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientID"
    value = "xxxxx"
  }

  set_sensitive {
    name  = "sourceControl.secret"
    value = "${kubernetes_secret.core.metadata.0.name}"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientSecretKey"
    value = "BITBUCKET_CLIENT_SECRET"
  }
}

FYI i’ve updated to the latest stable release of the helm chart and i’m getting the same issue.

resource "helm_release" "drone" {
  name          = "drone"
  chart         = "stable/drone"
  version       = "2.0.4"
  recreate_pods = true

  set {
    name  = "service.type"
    value = "NodePort"
  }

  set {
    name  = "server.host"
    value = "xxxx"
  }

  set {
    name  = "server.protocol"
    value = "https"
  }

  set {
    name  = "server.env.DRONE_TLS_AUTOCERT"
    value = "false"
  }

  set_string {
    name  = "server.env.DRONE_USER_FILTER"
    value = "xxxx"
  }

  set {
    name  = "server.env.DRONE_DATABASE_DRIVER"
    value = "postgres"
  }

  set {
    name  = "server.env.DRONE_LOGS_TRACE"
    value = true
  }

  set {
    name  = "server.env.DRONE_RPC_SERVER"
    value = "http://drone-drone.default"
  }

  set_sensitive {
    name  = "server.env.DRONE_DATABASE_DATASOURCE"
    value = "xxxx"
  }

  set {
    name  = "server.kubernetes.namespace"
    value = "xxxx"
  }

  set {
    name  = "sourceControl.provider"
    value = "bitbucketCloud"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientID"
    value = "xxxx"
  }

  set_sensitive {
    name  = "sourceControl.secret"
    value = "xxxx"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientSecretKey"
    value = "BITBUCKET_CLIENT_SECRET"
  }
}

see https://github.com/drone/drone-runtime/issues/73

@bradrydzewski thanks. I read about some issues with the volumes but the link you sent was more helpful.

I set server.kubernetes.enabled to false and it’s now using the agent and can run. For anyone having similar issues my terraform helm settings are now:

resource "helm_release" "drone" {
  name          = "drone"
  chart         = "stable/drone"
  version       = "2.0.4"
  recreate_pods = true

  set {
    name  = "service.type"
    value = "NodePort"
  }

  set {
    name  = "server.host"
    value = "xxxxx"
  }

  set {
    name  = "server.protocol"
    value = "https"
  }

  set {
    name  = "server.env.DRONE_TLS_AUTOCERT"
    value = "false"
  }

  set_string {
    name  = "server.env.DRONE_USER_FILTER"
    value = "xxxxx"
  }

  set {
    name  = "server.env.DRONE_DATABASE_DRIVER"
    value = "postgres"
  }

  set {
    name  = "server.env.DRONE_RPC_SERVER"
    value = "http://drone-drone.default"
  }

  set {
    name  = "server.env.DRONE_RPC_PROTO"
    value = "http"
  }

  set_sensitive {
    name  = "server.env.DRONE_DATABASE_DATASOURCE"
    value = "xxxxx"
  }

  set {
    name  = "server.kubernetes.enabled"
    value = false
  }

  set {
    name  = "sourceControl.provider"
    value = "bitbucketCloud"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientID"
    value = "xxxxx"
  }

  set_sensitive {
    name  = "sourceControl.secret"
    value = "xxxxx"
  }

  set {
    name  = "sourceControl.bitbucketCloud.clientSecretKey"
    value = "BITBUCKET_CLIENT_SECRET"
  }
}

I might be able to clean it up even more.