Adding deployment of gitlab-runner

0bfe74b8 · Helmut Hutzler · 795c6d7e · 0bfe74b8
Commit 0bfe74b8 authored 2 years ago by Helmut Hutzler
--- a/deployments/gitlab-runner-manifest.yaml
+++ b/deployments/gitlab-runner-manifest.yaml
+---
+# Source: gitlab-runner/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+  name: gitlab-runner
+  namespace: "gitlab-runner-ns"
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+---
+# Source: gitlab-runner/templates/secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "gitlab-runner"
+  namespace: "gitlab-runner-ns"
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+type: Opaque
+data:
+  runner-registration-token: "R1IxMzQ4OTQxLURaaGtBaWlGenE5SHBqVGpld1M="
+  runner-token: ""
+---
+# Source: gitlab-runner/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitlab-runner
+  namespace: "gitlab-runner-ns"
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+data:
+  entrypoint: |
+    #!/bin/bash
+    set -e
+
+    mkdir -p /home/gitlab-runner/.gitlab-runner/
+
+    cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
+
+    # Set up environment variables for cache
+    if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
+      export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
+      export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
+    fi
+
+    if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
+      export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
+    elif [[ -f /secrets/gcs-application-credentials-file ]]; then
+      export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
+    else
+      if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
+        export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
+        # echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
+        export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
+      fi
+    fi
+
+    if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
+      export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
+      export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
+    fi
+
+    if [[ -f /secrets/runner-registration-token ]]; then
+      export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
+    fi
+
+    if [[ -f /secrets/runner-token ]]; then
+      export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
+    fi
+
+    # Validate this also at runtime in case the user has set a custom secret
+    if [[ ! -z "$CI_SERVER_TOKEN" && "1" -ne "1" ]]; then
+      echo "Using a runner token with more than 1 replica is not supported."
+      exit 1
+    fi
+
+    # Register the runner
+    if ! sh /configmaps/register-the-runner; then
+      exit 1
+    fi
+
+    # Run pre-entrypoint-script
+    if ! bash /configmaps/pre-entrypoint-script; then
+      exit 1
+    fi
+
+    # Start the runner
+    exec /entrypoint run --user=gitlab-runner \
+      --working-directory=/home/gitlab-runner
+
+  config.toml: |
+    concurrent = 10
+    check_interval = 30
+    log_level = "info"
+
+  
+  config.template.toml:   |
+    [[runners]]
+      [runners.kubernetes]
+        namespace = "gitlab-runner-ns"
+        image = "ubuntu:16.04"
+  
+
+  register-the-runner: |
+    #!/bin/bash
+    MAX_REGISTER_ATTEMPTS=30
+
+    for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
+      echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
+      /entrypoint register \
+        --template-config /configmaps/config.template.toml \
+        --non-interactive
+
+      retval=$?
+
+      if [ ${retval} = 0 ]; then
+        break
+      elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
+        exit 1
+      fi
+
+      sleep 5
+    done
+
+    exit 0
+
+  check-live: |
+    #!/bin/bash
+    if /usr/bin/pgrep -f .*register-the-runner; then
+      exit 0
+    elif /usr/bin/pgrep gitlab.*runner; then
+      exit 0
+    else
+      exit 1
+    fi
+
+  pre-entrypoint-script: |
+---
+# Source: gitlab-runner/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: "Role"
+metadata:
+  name: gitlab-runner
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+  namespace: "gitlab-runner-ns"
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["*"]
+---
+# Source: gitlab-runner/templates/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: "RoleBinding"
+metadata:
+  name: gitlab-runner
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+  namespace: "gitlab-runner-ns"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: "Role"
+  name: gitlab-runner
+subjects:
+- kind: ServiceAccount
+  name: gitlab-runner
+  namespace: "gitlab-runner-ns"
+---
+# Source: gitlab-runner/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitlab-runner
+  namespace: "gitlab-runner-ns"
+  labels:
+    app: gitlab-runner
+    chart: gitlab-runner-0.44.0
+    release: "gitlab-runner"
+    heritage: "Helm"
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: gitlab-runner
+  template:
+    metadata:
+      labels:
+        app: gitlab-runner
+        chart: gitlab-runner-0.44.0
+        release: "gitlab-runner"
+        heritage: "Helm"
+      annotations:
+        checksum/configmap: c89b730e58e54e184a7540b77741eb6828c22fd5e31e3da1aff90aceea1e6a61
+        checksum/secrets: fb396a24f5907af003946c5a491c0357f46fc69b161025ece63760674c591922
+    spec:
+      securityContext: 
+        fsGroup: 65533
+        runAsUser: 100
+      terminationGracePeriodSeconds: 3600
+      serviceAccountName: gitlab-runner
+      containers:
+      - name: gitlab-runner
+        image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.3.0
+        imagePullPolicy: "IfNotPresent"
+        securityContext: 
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"]
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/entrypoint", "unregister", "--all-runners"]
+        command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
+        env:
+                
+        - name: CI_SERVER_URL
+          value: "https://git.informatik.fh-nuernberg.de/"
+        - name: CLONE_URL
+          value: ""
+        - name: RUNNER_EXECUTOR
+          value: "kubernetes"
+        - name: REGISTER_LOCKED
+          value: "true"
+        - name: RUNNER_TAG_LIST
+          value: ""
+        - name: KUBERNETES_PRIVILEGED
+          value: "true"
+        - name: CACHE_TYPE
+          value: "s3"
+        - name: CACHE_PATH
+          value: "gitlab-runner"
+        - name: CACHE_SHARED
+          value: "true"
+        - name: CACHE_S3_SERVER_ADDRESS
+          value: "minio:9000"
+        - name: CACHE_S3_BUCKET_NAME
+          value: "gitlab-runner"
+        - name: CACHE_S3_BUCKET_LOCATION
+          value: ""
+        - name: CACHE_S3_INSECURE
+          value: "true"
+        livenessProbe:
+          exec:
+            command: ["/bin/bash", "/configmaps/check-live"]
+          initialDelaySeconds: 60
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          exec:
+            command: ["/usr/bin/pgrep","gitlab.*runner"]
+          initialDelaySeconds: 10
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        ports:
+        - name: "metrics"
+          containerPort: 9252
+        volumeMounts:
+        - name: projected-secrets
+          mountPath: /secrets
+        - name: etc-gitlab-runner
+          mountPath: /home/gitlab-runner/.gitlab-runner
+        - name: configmaps
+          mountPath: /configmaps
+        resources:
+          {}
+      volumes:
+      - name: runner-secrets
+        emptyDir:
+          medium: "Memory"
+      - name: etc-gitlab-runner
+        emptyDir:
+          medium: "Memory"
+      - name: projected-secrets
+        projected:
+          sources:
+              # .Values.runners.cache.cacheType is deprecated: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/224
+            - secret:
+                name: "gitlab-runner-s3-access-secret"
+            - secret:
+                name: "gitlab-runner"
+                items:
+                  - key: runner-registration-token
+                    path: runner-registration-token
+                  - key: runner-token
+                    path: runner-token
+      - name: configmaps
+        configMap:
+          name: gitlab-runner