Skip to content
Snippets Groups Projects
Commit f6116b62 authored by Helmut Hutzler's avatar Helmut Hutzler
Browse files

Add new file

parent 8d0b897e
No related branches found
No related tags found
No related merge requests found
Pipeline #8968 failed
Stage: build
Stage: test
Stage: deploy
Show whitespace changes
Inline Side-by-side
deployments/gitlab-runner-manifest.yaml 0 → 100644
+ 301
0
View file @ f6116b62
---
# Source: gitlab-runner/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
name: gitlab-runner
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
---
# Source: gitlab-runner/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: "gitlab-runner"
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
type: Opaque
data:
runner-registration-token: "R1IxMzQ4OTQxLURaaGtBaWlGenE5SHBqVGpld1M="
runner-token: ""
---
# Source: gitlab-runner/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
data:
entrypoint: |
#!/bin/bash
set -e
mkdir -p /home/gitlab-runner/.gitlab-runner/
cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
# Set up environment variables for cache
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
fi
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
elif [[ -f /secrets/gcs-application-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
else
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
fi
fi
if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
fi
if [[ -f /secrets/runner-registration-token ]]; then
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
fi
if [[ -f /secrets/runner-token ]]; then
export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
fi
# Validate this also at runtime in case the user has set a custom secret
if [[ ! -z "$CI_SERVER_TOKEN" && "1" -ne "1" ]]; then
echo "Using a runner token with more than 1 replica is not supported."
exit 1
fi
# Register the runner
if ! sh /configmaps/register-the-runner; then
exit 1
fi
# Run pre-entrypoint-script
if ! bash /configmaps/pre-entrypoint-script; then
exit 1
fi
# Start the runner
exec /entrypoint run --user=gitlab-runner \
--working-directory=/home/gitlab-runner
config.toml: |
concurrent = 10
check_interval = 30
log_level = "info"
config.template.toml: |
[[runners]]
[runners.kubernetes]
namespace = "gitlab-runner-ns"
image = "ubuntu:16.04"
register-the-runner: |
#!/bin/bash
MAX_REGISTER_ATTEMPTS=30
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
/entrypoint register \
--template-config /configmaps/config.template.toml \
--non-interactive
retval=$?
if [ ${retval} = 0 ]; then
break
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
exit 1
fi
sleep 5
done
exit 0
check-live: |
#!/bin/bash
if /usr/bin/pgrep -f .*register-the-runner; then
exit 0
elif /usr/bin/pgrep gitlab.*runner; then
exit 0
else
exit 1
fi
pre-entrypoint-script: |
---
# Source: gitlab-runner/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: "Role"
metadata:
name: gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
namespace: "gitlab-runner-ns"
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
# Source: gitlab-runner/templates/role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: "RoleBinding"
metadata:
name: gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
namespace: "gitlab-runner-ns"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: "Role"
name: gitlab-runner
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: "gitlab-runner-ns"
---
# Source: gitlab-runner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-runner
namespace: "gitlab-runner-ns"
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
chart: gitlab-runner-0.44.0
release: "gitlab-runner"
heritage: "Helm"
annotations:
checksum/configmap: c89b730e58e54e184a7540b77741eb6828c22fd5e31e3da1aff90aceea1e6a61
checksum/secrets: fb396a24f5907af003946c5a491c0357f46fc69b161025ece63760674c591922
spec:
securityContext:
fsGroup: 65533
runAsUser: 100
terminationGracePeriodSeconds: 3600
serviceAccountName: gitlab-runner
containers:
- name: gitlab-runner
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.3.0
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"]
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--all-runners"]
command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
env:
- name: CI_SERVER_URL
value: "https://git.informatik.fh-nuernberg.de/"
- name: CLONE_URL
value: ""
- name: RUNNER_EXECUTOR
value: "kubernetes"
- name: REGISTER_LOCKED
value: "true"
- name: RUNNER_TAG_LIST
value: ""
- name: KUBERNETES_PRIVILEGED
value: "true"
livenessProbe:
exec:
command: ["/bin/bash", "/configmaps/check-live"]
initialDelaySeconds: 60
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command: ["/usr/bin/pgrep","gitlab.*runner"]
initialDelaySeconds: 10
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- name: "metrics"
containerPort: 9252
volumeMounts:
- name: projected-secrets
mountPath: /secrets
- name: etc-gitlab-runner
mountPath: /home/gitlab-runner/.gitlab-runner
- name: configmaps
mountPath: /configmaps
resources:
{}
volumes:
- name: runner-secrets
emptyDir:
medium: "Memory"
- name: etc-gitlab-runner
emptyDir:
medium: "Memory"
- name: projected-secrets
projected:
sources:
- secret:
name: "gitlab-runner"
items:
- key: runner-registration-token
path: runner-registration-token
- key: runner-token
path: runner-token
- name: configmaps
configMap:
name: gitlab-runner
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment