From f6116b627dadf034c39ecc307c4dc970ec6eb300 Mon Sep 17 00:00:00 2001
From: Helmut Hutzler <helmut.hutzler@th-nuernberg.de>
Date: Fri, 9 Sep 2022 15:15:49 +0000
Subject: [PATCH] Add new file
---
deployments/gitlab-runner-manifest.yaml | 301 ++++++++++++++++++++++++
1 file changed, 301 insertions(+)
create mode 100644 deployments/gitlab-runner-manifest.yaml
diff --git a/deployments/gitlab-runner-manifest.yaml b/deployments/gitlab-runner-manifest.yaml
new file mode 100644
index 0000000..b2ecdb3
--- /dev/null
+++ b/deployments/gitlab-runner-manifest.yaml
@@ -0,0 +1,301 @@
+---
+# Source: gitlab-runner/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ name: gitlab-runner
+ namespace: "gitlab-runner-ns"
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+---
+# Source: gitlab-runner/templates/secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "gitlab-runner"
+ namespace: "gitlab-runner-ns"
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+type: Opaque
+data:
+ runner-registration-token: "R1IxMzQ4OTQxLURaaGtBaWlGenE5SHBqVGpld1M="
+ runner-token: ""
+---
+# Source: gitlab-runner/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: gitlab-runner
+ namespace: "gitlab-runner-ns"
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+data:
+ entrypoint: |
+ #!/bin/bash
+ set -e
+
+ mkdir -p /home/gitlab-runner/.gitlab-runner/
+
+ cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
+
+ # Set up environment variables for cache
+ if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
+ export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
+ export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
+ fi
+
+ if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
+ export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
+ elif [[ -f /secrets/gcs-application-credentials-file ]]; then
+ export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
+ else
+ if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
+ export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
+ # echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
+ export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
+ fi
+ fi
+
+ if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
+ export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
+ export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
+ fi
+
+ if [[ -f /secrets/runner-registration-token ]]; then
+ export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
+ fi
+
+ if [[ -f /secrets/runner-token ]]; then
+ export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
+ fi
+
+ # Validate this also at runtime in case the user has set a custom secret
+ if [[ ! -z "$CI_SERVER_TOKEN" && "1" -ne "1" ]]; then
+ echo "Using a runner token with more than 1 replica is not supported."
+ exit 1
+ fi
+
+ # Register the runner
+ if ! sh /configmaps/register-the-runner; then
+ exit 1
+ fi
+
+ # Run pre-entrypoint-script
+ if ! bash /configmaps/pre-entrypoint-script; then
+ exit 1
+ fi
+
+ # Start the runner
+ exec /entrypoint run --user=gitlab-runner \
+ --working-directory=/home/gitlab-runner
+
+ config.toml: |
+ concurrent = 10
+ check_interval = 30
+ log_level = "info"
+
+
+ config.template.toml: |
+ [[runners]]
+ [runners.kubernetes]
+ namespace = "gitlab-runner-ns"
+ image = "ubuntu:16.04"
+
+
+ register-the-runner: |
+ #!/bin/bash
+ MAX_REGISTER_ATTEMPTS=30
+
+ for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
+ echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
+ /entrypoint register \
+ --template-config /configmaps/config.template.toml \
+ --non-interactive
+
+ retval=$?
+
+ if [ ${retval} = 0 ]; then
+ break
+ elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
+ exit 1
+ fi
+
+ sleep 5
+ done
+
+ exit 0
+
+ check-live: |
+ #!/bin/bash
+ if /usr/bin/pgrep -f .*register-the-runner; then
+ exit 0
+ elif /usr/bin/pgrep gitlab.*runner; then
+ exit 0
+ else
+ exit 1
+ fi
+
+ pre-entrypoint-script: |
+---
+# Source: gitlab-runner/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: "Role"
+metadata:
+ name: gitlab-runner
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+ namespace: "gitlab-runner-ns"
+rules:
+- apiGroups: [""]
+ resources: ["*"]
+ verbs: ["*"]
+---
+# Source: gitlab-runner/templates/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: "RoleBinding"
+metadata:
+ name: gitlab-runner
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+ namespace: "gitlab-runner-ns"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: "Role"
+ name: gitlab-runner
+subjects:
+- kind: ServiceAccount
+ name: gitlab-runner
+ namespace: "gitlab-runner-ns"
+---
+# Source: gitlab-runner/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gitlab-runner
+ namespace: "gitlab-runner-ns"
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: gitlab-runner
+ template:
+ metadata:
+ labels:
+ app: gitlab-runner
+ chart: gitlab-runner-0.44.0
+ release: "gitlab-runner"
+ heritage: "Helm"
+ annotations:
+ checksum/configmap: c89b730e58e54e184a7540b77741eb6828c22fd5e31e3da1aff90aceea1e6a61
+ checksum/secrets: fb396a24f5907af003946c5a491c0357f46fc69b161025ece63760674c591922
+ spec:
+ securityContext:
+ fsGroup: 65533
+ runAsUser: 100
+ terminationGracePeriodSeconds: 3600
+ serviceAccountName: gitlab-runner
+ containers:
+ - name: gitlab-runner
+ image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.3.0
+ imagePullPolicy: "IfNotPresent"
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ readOnlyRootFilesystem: false
+ runAsNonRoot: true
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"]
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/entrypoint", "unregister", "--all-runners"]
+ command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
+ env:
+
+ - name: CI_SERVER_URL
+ value: "https://git.informatik.fh-nuernberg.de/"
+ - name: CLONE_URL
+ value: ""
+ - name: RUNNER_EXECUTOR
+ value: "kubernetes"
+ - name: REGISTER_LOCKED
+ value: "true"
+ - name: RUNNER_TAG_LIST
+ value: ""
+ - name: KUBERNETES_PRIVILEGED
+ value: "true"
+ livenessProbe:
+ exec:
+ command: ["/bin/bash", "/configmaps/check-live"]
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/pgrep","gitlab.*runner"]
+ initialDelaySeconds: 10
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ ports:
+ - name: "metrics"
+ containerPort: 9252
+ volumeMounts:
+ - name: projected-secrets
+ mountPath: /secrets
+ - name: etc-gitlab-runner
+ mountPath: /home/gitlab-runner/.gitlab-runner
+ - name: configmaps
+ mountPath: /configmaps
+ resources:
+ {}
+ volumes:
+ - name: runner-secrets
+ emptyDir:
+ medium: "Memory"
+ - name: etc-gitlab-runner
+ emptyDir:
+ medium: "Memory"
+ - name: projected-secrets
+ projected:
+ sources:
+ - secret:
+ name: "gitlab-runner"
+ items:
+ - key: runner-registration-token
+ path: runner-registration-token
+ - key: runner-token
+ path: runner-token
+ - name: configmaps
+ configMap:
+ name: gitlab-runner
--
GitLab