The Drone policy file gives you the ability to define policies that set and enforce pipeline values. For example, this gives you the ability to set namespace, tolerations and more based on organization, repository and other matching criteria.
Example policy file:
|
|
The policy file must be mounted into your runner container and you must provide the runner the location of the policy file. See the policy configuration parameter for configuration instructions.
Multiple Policies
You can define multiple policies in the policy file. The match section is used to match the policy the pipeline. The first matching policy is applied to the pipeline.
|
|
Default Policies
You can optionally define a default policy in the policy file, named accordingly. The default policy is applied if no other policy matches the pipeline.
|
|
File Format
-
kind- The kind attribute defines the kind of object.
-
name- The name attribute defines a name for your policy.
-
metadata- The metadata section defines metadata attached to the pipeline pod.
-
namespace- The namespace attribute defines the namespace in which the pipeline pod is created. This takes precedence over the value defined in the yaml.
-
annotations- The annotations attribute defines a set of arbitrary key / value pairs that are attached to the pipeline pod. These are appended to existing annotations that are defined in the yaml and take precedence on conflict.
-
labels- The annotations attribute defines a set of arbitrary key / value pairs that are attached to the pipeline pod. These are appended to existing labels that are defined in the yaml and take precedence on conflict.
-
resources- The resource attribute defines resource requirements and limits for pipeline steps.
-
request- The request section defines resource requirements used when the scheduler defines which node to place the pipeline pod on.
-
cpu- The cpu attribute defines cpu requirements in millicores.
-
memory- The memory attribute defines memory requirements.
-
limit- The limit section defines container resource limits applied to each pipeline step.
-
cpu- The cpu attribute defines cpu limits in millicores.
-
memory- The memory attribute defines memory limits.
-
service_account- The service_account attribute defines the kubernetes service account used to create the pipeline pod. This takes precedence over the value defined in the yaml.
-
node_selector- The node_selector attribute defines a set of key / value pairs used to route pipeline pods to matching nodes. This takes precedence over the values defined in the yaml.
-
tolerations- The tolerations section defines and applies tolerations to pipeline pods to schedule onto nodes with matching taints.
-
effect- The effect attribute defines the taint effect.
-
key- The key attribute defines the toleration key.
-
operator- The key attribute defines the toleration operator.
-
toleration_seconds- The key attribute defines the toleration seconds.
-
value- The key attribute defines the toleration value.
Examples
-
Example policy sets the default service account:
1 2 3 4kind: policy name: default service_account: drone -
Example policy sets the default service account for matching pipelines:
1 2 3 4 5 6 7 8 9kind: policy name: default service_account: drone match: repo: - "octocat/*" - "octocat/hello-world" -
Example policy sets the default namespace:
1 2 3 4 5 6 7 8 9 10kind: policy name: default metadata: namespace: default match: repo: - "octocat/*" - "octocat/hello-world" -
Example policy sets the default resource limits:
1 2 3 4 5 6 7 8 9 10 11 12 13kind: policy name: default metadata: namespace: default resources: request: cpu: 1000 memory: 512MiB limit: cpu: 4000 memory: 1GiB -
Example policy sets the default node selection:
1 2 3 4 5 6 7 8kind: policy name: default metadata: namespace: default node_selector: disktype: ssd -
Example policy sets the default metadata:
1 2 3 4 5 6 7 8 9 10 11kind: policy name: default metadata: namespace: default labels: keyA: valueA keyB: valueB annotations: keyA: valueA keyB: valueB