Skip to content
Snippets Groups Projects
Commit e7de8a3c authored by Helmut Hutzler's avatar Helmut Hutzler
Browse files

Adding gitlab-runner

parent f6116b62
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
GITLAB_Runner/gitlab-runner-manifest.yaml 0 → 100644
+ 317
0
View file @ e7de8a3c
---
# Source: gitlab-runner/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
name: gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
---
# Source: gitlab-runner/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: "gitlab-runner"
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
type: Opaque
data:
runner-registration-token: "R1IxMzQ4OTQxLURaaGtBaWlGenE5SHBqVGpld1M="
runner-token: ""
---
# Source: gitlab-runner/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
data:
entrypoint: |
#!/bin/bash
set -e
mkdir -p /home/gitlab-runner/.gitlab-runner/
cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
# Set up environment variables for cache
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
fi
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
elif [[ -f /secrets/gcs-application-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
else
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
fi
fi
if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
fi
if [[ -f /secrets/runner-registration-token ]]; then
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
fi
if [[ -f /secrets/runner-token ]]; then
export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
fi
# Validate this also at runtime in case the user has set a custom secret
if [[ ! -z "$CI_SERVER_TOKEN" && "1" -ne "1" ]]; then
echo "Using a runner token with more than 1 replica is not supported."
exit 1
fi
# Register the runner
if ! sh /configmaps/register-the-runner; then
exit 1
fi
# Run pre-entrypoint-script
if ! bash /configmaps/pre-entrypoint-script; then
exit 1
fi
# Start the runner
exec /entrypoint run --user=gitlab-runner \
--working-directory=/home/gitlab-runner
config.toml: |
concurrent = 10
check_interval = 30
log_level = "info"
config.template.toml: |
[[runners]]
[runners.kubernetes]
namespace = "gitlab-runner-ns"
image = "ubuntu:16.04"
register-the-runner: |
#!/bin/bash
MAX_REGISTER_ATTEMPTS=30
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
/entrypoint register \
--template-config /configmaps/config.template.toml \
--non-interactive
retval=$?
if [ ${retval} = 0 ]; then
break
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
exit 1
fi
sleep 5
done
exit 0
check-live: |
#!/bin/bash
if /usr/bin/pgrep -f .*register-the-runner; then
exit 0
elif /usr/bin/pgrep gitlab.*runner; then
exit 0
else
exit 1
fi
pre-entrypoint-script: |
---
# Source: gitlab-runner/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: "Role"
metadata:
name: gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
namespace: "gitlab-runner-ns"
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
# Source: gitlab-runner/templates/role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: "RoleBinding"
metadata:
name: gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
namespace: "gitlab-runner-ns"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: "Role"
name: gitlab-runner
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: "gitlab-runner-ns"
---
# Source: gitlab-runner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-runner
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
annotations:
checksum/configmap: c89b730e58e54e184a7540b77741eb6828c22fd5e31e3da1aff90aceea1e6a61
checksum/secrets: fb396a24f5907af003946c5a491c0357f46fc69b161025ece63760674c591922
spec:
securityContext:
fsGroup: 65533
runAsUser: 100
terminationGracePeriodSeconds: 3600
serviceAccountName: gitlab-runner
containers:
- name: gitlab-runner
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.3.0
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"]
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--all-runners"]
command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
env:
- name: CI_SERVER_URL
value: "https://git.informatik.fh-nuernberg.de/"
- name: CLONE_URL
value: ""
- name: RUNNER_EXECUTOR
value: "kubernetes"
- name: REGISTER_LOCKED
value: "true"
- name: RUNNER_TAG_LIST
value: ""
- name: KUBERNETES_PRIVILEGED
value: "true"
- name: CACHE_TYPE
value: "s3"
- name: CACHE_PATH
value: "gitlab-runner"
- name: CACHE_SHARED
value: "true"
- name: CACHE_S3_SERVER_ADDRESS
value: "minio:9000"
- name: CACHE_S3_BUCKET_NAME
value: "gitlab-runner"
- name: CACHE_S3_BUCKET_LOCATION
value: ""
- name: CACHE_S3_INSECURE
value: "true"
livenessProbe:
exec:
command: ["/bin/bash", "/configmaps/check-live"]
initialDelaySeconds: 60
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command: ["/usr/bin/pgrep","gitlab.*runner"]
initialDelaySeconds: 10
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- name: "metrics"
containerPort: 9252
volumeMounts:
- name: projected-secrets
mountPath: /secrets
- name: etc-gitlab-runner
mountPath: /home/gitlab-runner/.gitlab-runner
- name: configmaps
mountPath: /configmaps
resources:
{}
volumes:
- name: runner-secrets
emptyDir:
medium: "Memory"
- name: etc-gitlab-runner
emptyDir:
medium: "Memory"
- name: projected-secrets
projected:
sources:
# .Values.runners.cache.cacheType is deprecated: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/224
- secret:
name: "gitlab-runner-s3-access-secret"
- secret:
name: "gitlab-runner"
items:
- key: runner-registration-token
path: runner-registration-token
- key: runner-token
path: runner-token
- name: configmaps
configMap:
name: gitlab-runner
GITLAB_Runner/runner-chart-values.yaml 0 → 100644
+ 33
0
View file @ e7de8a3c
# The GitLab Server URL (with protocol) that you want to register the runner against
# ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
#
gitlabUrl: https://git.informatik.fh-nuernberg.de/
# The registration token for adding new runners to the GitLab server
# Retrieve this value from your GitLab instance
# For more info: https://docs.gitlab.com/ee/ci/runners/index.html
#
runnerRegistrationToken: "GR1348941-DZhkAiiFzq9HpjTjewS"
# For RBAC support:
rbac:
create: true
# Run all containers with the privileged flag enabled
# This flag allows the docker:dind image to run if you need to run Docker commands
# Read the docs before turning this on:
# https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
runners:
privileged: true
cache:
## General settings
cacheType: s3
cacheShared: true
cachePath: "gitlab-runner"
## S3 settings
s3ServerAddress: minio:9000
s3BucketName: gitlab-runner
# s3BucketLocation:
s3CacheInsecure: true
secretName: gitlab-runner-s3-access-secret
GITLAB_Runner/runner-manifest.yaml_save 0 → 100644
+ 35
0
View file @ e7de8a3c
# The GitLab Server URL (with protocol) that you want to register the runner against
# ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
#
gitlabUrl: https://git.informatik.fh-nuernberg.de/
# The registration token for adding new runners to the GitLab server
# Retrieve this value from your GitLab instance
# For more info: https://docs.gitlab.com/ee/ci/runners/index.html
#
runnerRegistrationToken: "GR1348941-DZhkAiiFzq9HpjTjewS"
# For RBAC support:
rbac:
create: true
# Run all containers with the privileged flag enabled
# This flag allows the docker:dind image to run if you need to run Docker commands
# Read the docs before turning this on:
# https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
runners:
privileged: true
cache:
## General settings
cacheType: s3
cacheShared: true
cachePath: "gitlab-runner"
## S3 settings
s3ServerAddress: minio:9000
s3BucketName: gitlab-runner
# s3BucketLocation:
s3CacheInsecure: true
secretName: gitlab-runner-s3-access-secret
#s3AccessKey: "minio"
#s3SecretrKey: "minio123"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment