pub/gitlab-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: pub:main
Branches Tags
pub:main pub:lesson7-api pub:lesson6-s3 pub:lesson5-ci-tests pub:lesson4-ci pub:lesson3-ci pub:lesson2-runners
...
pull from: pub:lesson2-runners
Branches Tags
pub:main pub:lesson7-api pub:lesson6-s3 pub:lesson5-ci-tests pub:lesson4-ci pub:lesson3-ci pub:lesson2-runners

3 Commits
main ... lesson2-ru

Author SHA1 Message Date
Vassiliy Yegorov
96d85a1bba fix 2022-09-06 13:56:21 +07:00
Vassiliy Yegorov
1cd91aab5d init 2022-09-06 10:33:33 +07:00
Vassiliy Yegorov
8b460261db init 2022-09-06 10:22:06 +07:00
27 changed files with 2650 additions and 41 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,5 +3,6 @@
data/gitlab-test/gitlab data/gitlab-test/gitlab
data/gitlab-test/postgresql data/gitlab-test/postgresql
data/gitlab-test/redis data/gitlab-test/redis
data/gitlab-test/gitlab-runner_*
Addons/ Addons/

104
docker-compose.yml
View File

@@ -172,47 +172,69 @@ services:
volumes: volumes:
- ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z
# runner_1: &runner runner_1: &runner
# image: ${DOCKER_IMAGE_RUNNER} image: ${DOCKER_IMAGE_RUNNER}
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1 container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1
# restart: always restart: always
# depends_on: depends_on:
# - gitlab - gitlab
# command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
# environment: environment:
# - CI_SERVER_URL=https://${GITLAB_HOST} - CI_SERVER_URL=https://${GITLAB_HOST}
# - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
# - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
# - RUNNER_TOKEN=${RUNNER_TOKEN} - RUNNER_TOKEN=${RUNNER_TOKEN}
# - RUNNER_DESCRIPTION=gitab-runner_1 - RUNNER_DESCRIPTION=gitab-runner_1
# - RUNNER_EXECUTOR=docker - RUNNER_EXECUTOR=docker
# - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
# networks: networks:
# - ${SERVICE_NETWORK} - ${SERVICE_NETWORK}
# volumes: volumes:
# - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner
# - /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
# runner_2: runner_2:
# <<: *runner <<: *runner
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2 container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2
# environment: command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
# - RUNNER_DESCRIPTION=gitab-runner_2 environment:
# volumes: - CI_SERVER_URL=https://${GITLAB_HOST}
# - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
- CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
- RUNNER_TOKEN=${RUNNER_TOKEN}
- RUNNER_DESCRIPTION=gitab-runner_2
- RUNNER_EXECUTOR=docker
- DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
volumes:
- ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
# runner_3: runner_3:
# <<: *runner <<: *runner
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3 container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3
# environment: environment:
# - RUNNER_DESCRIPTION=gitab-runner_3 - CI_SERVER_URL=https://${GITLAB_HOST}
# volumes: - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
# - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
- RUNNER_TOKEN=${RUNNER_TOKEN}
- RUNNER_DESCRIPTION=gitab-runner_3
- RUNNER_EXECUTOR=docker
- DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
volumes:
- ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
# runner_4: runner_4:
# <<: *runner <<: *runner
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4 container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4
# environment: environment:
# - RUNNER_DESCRIPTION=gitab-runner_4 - CI_SERVER_URL=https://${GITLAB_HOST}
# volumes: - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
# - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
- RUNNER_TOKEN=${RUNNER_TOKEN}
- RUNNER_DESCRIPTION=gitab-runner_4
- RUNNER_EXECUTOR=docker
- DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
volumes:
- ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock

177
k8s/gitlab-runner/.gitlab-ci.yml Normal file
View File

@@ -0,0 +1,177 @@
##############
# Conditions #
##############
.if-merge-request-pipeline: &if-merge-request-pipeline
if: $CI_PIPELINE_SOURCE == "merge_request_event"
.if-default-branch: &if-default-branch
if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
.if-stable-release-branch: &if-stable-release-branch
if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/
.if-release-tag: &if-release-tag
if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/charts/gitlab-runner"'
.if-security-release-tag: &if-security-release-tag
if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/security/charts/gitlab-runner"'
#########
# Rules #
#########
.rules:default:
rules:
- <<: *if-merge-request-pipeline
- <<: *if-default-branch
- <<: *if-stable-release-branch
- <<: *if-release-tag
- <<: *if-security-release-tag
.rules:release:development:
rules:
- <<: *if-default-branch
when: never
- <<: *if-merge-request-pipeline
when: manual
.rules:release:beta:
rules:
- <<: *if-default-branch
.rules:release:stable:
rules:
- <<: *if-release-tag
- <<: *if-security-release-tag
############
# Pipeline #
############
default:
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
tags:
- gitlab-org
variables:
GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab-runner
stages:
- test
- release
- post-release
lint:
extends:
- .rules:default
stage: test
script:
- helm lint .
integration test:
extends:
- .rules:default
variables:
DOCKER_HOST: "tcp://kubernetes:2375/"
DOCKER_TLS_CERTDIR: ""
DOCKER_DRIVER: overlay2
INTEGRATION_RUNNER_NAME: integration-test-$CI_COMMIT_SHORT_SHA
INTEGRATION_HELM_POD_RELEASE_LABEL: release=$INTEGRATION_RUNNER_NAME
stage: test
services:
- name: docker:20.10.16-dind
alias: kubernetes
image: docker:20.10.16-git
script:
# Initialize KIND cluster
- apk add --no-cache openssl curl bash
- curl -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl
- curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 && chmod +x /usr/local/bin/kind
- kind create cluster --config=$(pwd)/scripts/kind-config.yaml
- kind get kubeconfig|sed -e 's/0.0.0.0/kubernetes/g' > kubeconfig.yaml
- export KUBECONFIG=$(pwd)/kubeconfig.yaml
- kubectl version
- kubectl cluster-info
- bash -c "for _i in {0..60}; do kubectl -n default get serviceaccount default -o name > /dev/null 2>&1 && break; sleep 1; done"
- bash -c "for _i in {0..60}; do kubectl get nodes|grep -w Ready > /dev/null 2>&1 && break; sleep 1; done"
# Install helm latest version instead of pre-installed one in registry.gitlab.com/gitlab-org/gitlab-build-images image
- curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# Run tests
- bash -x scripts/integration.sh
after_script:
- export KUBECONFIG=$(pwd)/kubeconfig.yaml
- bash -x scripts/integration_cleanup.sh
tags:
- gitlab-org-docker
release development:
extends:
- .rules:release:development
stage: release
script:
- helm package .
artifacts:
paths:
- gitlab-runner*.tgz
expire_in: 7d
allow_failure: true
release beta:
extends:
- .rules:release:beta
stage: release
variables:
S3_URL: s3://${S3_BUCKET}${S3_PATH}
REPO_URL: https://${S3_BUCKET}.s3.amazonaws.com${S3_PATH}
script:
- apk add --no-cache py-pip
- pip install awscli
- 'beta_info=$(git describe --long | sed -r "s/v[0-9\.]+(-rc[0-9]+)?-//")'
- 'build_time=$(date +%s)'
- 'sed -r "s/(version: [0-9\.]+-beta)/\1-${build_time}-${beta_info}/" -i Chart.yaml'
- 'sed -r "s/appVersion: .*/appVersion: bleeding/" -i Chart.yaml'
- 'sed -r "s/imagePullPolicy: IfNotPresent/imagePullPolicy: Always/" -i values.yaml'
- mkdir -p public/
- aws s3 cp ${S3_URL}/index.yaml public/index.yaml || true
- (cd public; helm package ../)
- helm repo index public --merge public/index.yaml --url ${REPO_URL}
- aws s3 sync public ${S3_URL} --acl public-read
- 'echo "To install repository run: helm repo add gitlab-runner-beta ${REPO_URL} && helm repo update"'
release stable:
extends:
- .rules:release:stable
stage: release
image: alpine:3.14
script:
- apk add --no-cache curl
- curl --fail-with-body
--request POST
--form "token=$CI_JOB_TOKEN"
--form ref=master
--form "variables[CHART_NAME]=$CI_PROJECT_NAME"
--form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
trigger charts update:
extends:
- .rules:release:stable
stage: post-release
image: alpine:3.14
script:
- apk add --no-cache curl
- curl --fail-with-body
--request POST
--form "token=${GITLAB_CHARTS_TRIGGER_TOKEN}"
--form ref=master
--form "variables[DEPS_PIPELINE]=true"
https://gitlab.com/api/v4/projects/3828396/trigger/pipeline
needs:
- job: release stable
##############
# Includes #
##############
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml

53
k8s/gitlab-runner/.gitlab/changelog.yml Normal file
View File

@@ -0,0 +1,53 @@
default_scope: other
names:
new-feature: New features
security-fix: Security fixes
fix: Bug fixes
maintenance: Maintenance
runner-distribution: GitLab Runner distribution
documentation: Documentation changes
other: Other changes
order:
- new-feature
- security-fix
- fix
- maintenance
- runner-distribution
- documentation
- other
label_matchers:
- labels:
- runner-distribution
scope: runner-distribution
- labels:
- feature::addition
scope: new-feature
- labels:
- security
scope: security-fix
- labels:
- type::bug
scope: fix
- labels:
- type::maintenance
scope: maintenance
- labels:
- feature::enhancement
scope: feature
- labels:
- maintenance::refactor
scope: maintenance
- labels:
- maintenance::pipelines
scope: maintenance
- labels:
- maintenance::workflow
scope: maintenance
- labels:
- documentation
scope: documentation
authorship_labels:
- Community contribution
skip_changelog_labels:
- skip-changelog

24
k8s/gitlab-runner/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
gitlab-runner*.tgz
scripts/

518
k8s/gitlab-runner/CHANGELOG.md Normal file
View File

@@ -0,0 +1,518 @@
## v0.44.0 (2022-08-19)
### New features
- Update GitLab Runner version to 15.3.0
- Add secrets update permission to RBAC example provided !349 (Tim Hobbs @hobti01)
### Maintenance
- Fix the pipeline being blocked by development release !357
### Documentation changes
- Docs: Update values.yaml comments to reference kubernetes service accounts docs !310
## v0.43.0 (2022-07-20)
### New features
- Update GitLab Runner version to 15.2.0
### Documentation changes
- Fix some dead links !356 (Ben Bodenmiller @bbodenmiller)
## v0.42.0 (2022-06-20)
### New features
- Update GitLab Runner version to 15.1.0
- Add priority classname !350
- Update namespaces to be consistent across manifests !343 (blacktide @blacktide)
- Add freely configurable securityContext to deployment !354
- Add possibility to overwrite default image registry !351 (Patrik Votoček @vrtak-cz)
- Make session server service annotations configurable !336 (Matthias Baur @m.baur)
### Maintenance
- Add volume and volumeMount support to runner deployment !348
- ci: Update Helm from 3.4.1 to 3.7.2 !347 (Takuya Noguchi @tnir)
- Update Docker to 20.10 on integration test !346 (Takuya Noguchi @tnir)
- Update default registry to GitLab Runner registry !345
- Update casing of GitLab in values YAML file !344 (Ben Bodenmiller @bbodenmiller)
- Remove unneeded rbac role !335 (Matthias Baur @m.baur)
## v0.41.0 (2022-05-19)
### New features
- Update GitLab Runner version to 15.0.0
- Add the ability to unregister only one runner !329 (LAKostis @LAKostis)
- Remove init container and instead project secrets !312
- Don't repeat chart name if release name starts with the chart name !232 (Ahmadali Shafiee @ahmadalli)
### Maintenance
- Use Helm 3 instead of 2.16.9 on lint/release jobs !342 (Takuya Noguchi @tnir)
## v0.40.0 (2022-04-20)
### New features
- Update GitLab Runner version to 14.10.0
- Add the possibility to configure maximum timeout that will be set for jobs when using the runner !341 (Adrien Gooris @adrien.gooris)
### Maintenance
- Add a post-release CI job to trigger a deps pipeline in Charts repo !339
- Add helm install integration test !326
- Make loadBalancerSourceRanges of Session Server configurable !334 (Matthias Baur @m.baur)
## v0.39.0 (2022-03-21)
### New Features
- Update GitLab Runner version to 14.9.0
### Bug fixes
- Disable metrics endpoint by default !337
### Maintenance
- Update labels according to latest taxonomy !338
## v0.38.1 (2022-03-02)
### New Features
- Update GitLab Runner version to 14.8.2
## v0.38.0 (2022-02-21)
### Maintenance
- Fix urls with runners configuration information !314 (Dmitriy Stoyanov @DmitriyStoyanov)
- k8s rbac: add more resources in comment. !307 (Chen Yufei @cyfdecyf)
- Add dependency scanning to Runner Helm Chart project !331
## v0.37.2 (2022-01-24)
### Bug fixes
- Fix appVersion to 14.7.0
## v0.37.1 (2022-01-20)
### Bug fixes
- Set sessionServer to false by default !332
## v0.37.0 (2022-01-19)
### New Features
- Update GitLab Runner version to 14.7.0
- Add support for interactive web terminal !320
## v0.36.0 (2021-12-18)
### New features
- Update GitLab Runner version to 14.6.0
### Bug fixes
- Fix prometheus annotation unquoted value !323
### GitLab Runner distribution
- Fix the security release rule in .gitlab-ci.yml !324
- Fail the stable release job on curl failures !322
## v0.35.3 (2021-12-13)
### Maintenance
- Fix prometheus annotation unquoted value !323
## v0.35.2 (2021-12-10)
### Security
- Update GitLab Runner version to 14.5.2
## v0.35.1 (2021-12-01)
### Security
- Update GitLab Runner version to 14.5.1
## v0.35.0 (2021-11-21)
### New features
- Update GitLab Runner version to 14.5.0
### Maintenance
- Don't run pipelines only for MRs !318
- Update changelog generator configuration !317
- Adds configurable value probeTimeoutSeconds !306 (Kyle Wetzler @kwetzler1)
## v0.34.0-rc1 (2021-10-11)
### New features
- Update GitLab Runner version to 14.4.0-rc1
### Maintenance
- Disallow setting both replicas and runnerToken !289
## v0.33.0 (2021-09-29)
### New features
- Update GitLab Runner version to 14.3.0
### Maintenance
- Update container entrypoint to use `dumb-init` to avoid zombie processes !311 (Georg Lauterbach @georglauterbach)
## v0.32.0 (2021-08-22)
### New features
- Update GitLab Runner version to 14.2.0
- Add support for revisionHistoryLimit !299 (Romain Grenet @romain.grenet1)
## v0.31.0 (2021-07-20)
### New features
- Update GitLab Runner version to 14.1.0
### Bug fixes
- Only add environment variables if values set !295 (Matthew Warman @mcwarman)
## v0.30.0 (2021-06-19)
### New features
- Update GitLab Runner version to 14.0.0
### Bug fixes
- Resolve runner ignores request_concurrency !296
### Maintenance
- refactor: change default brach references to main !298
- Add support for specifying schedulerName on deployment podspec. !284 (Dominic Bevacqua @dbevacqua)
## v0.29.0 (2021-05-20)
### New features
- Update GitLab Runner version to 13.12.0
## v0.28.0 (2021-04-20)
### New features
- Update GitLab Runner version to 13.11.0
### Maintenance
- Pass runners.config through the template engine !290 (Dmitriy @Nevoff89)
- Add role support of individual verbs list for different resources !280 (Horatiu Eugen Vlad @hvlad)
- Use runner namespace for role and role binding if it is specified !256 (Alex Sears @searsaw)
- Add optional configuration values for pod security context `runAsUser` and `supplementalGroups` !242 (Horatiu Eugen Vlad @hvlad)
### Documentation changes
- docs: add notice that we run tpl on runner config !291
- Add comment on imagePullPolicy !288
## v0.27.0 (2021-03-21)
### New features
- Update GitLab Runner version to 13.10.0
- Allow setting deployment replicas !286
- Add support for specify ConfigMaps for gitlab-runner deployment !285
- Allow to mount arbitrary Kubernetes secrets !283
## v0.26.0 (2021-02-22)
### New features
- Update GitLab Runner version to 13.9.0
- Make executor configurable !273 (Matthias Baur @m.baur)
### Other changes
- Typo fix !282 (Ben Bodenmiller @bbodenmiller)
## v0.25.0 (2021-01-20)
### New features
- Support secrets for Azure cache !277
- Update GitLab Runner version to 13.8.0
### Maintenance
- Fix release CI stage failing due to Helm stable deprecation !278
- Update GitLab Changelog configuration !275
### Documentation changes
- Update link to doc in README.md !276
## v0.24.0 (2020-12-21)
### New features
- Update GitLab Runner version to 13.7.0
- add optional 'imagePullSecrets' to deployment !269 (Christian Schoofs @schoofsc)
### Other changes
- Make description configruable !229 (Matthias Baur @m.baur)
## v0.23.0 (2020-11-21)
### New features
- Update GitLab Runner version to 13.6.0
- Allow user to specify any runner configuraton !271
## v0.22.0 (2020-10-20)
### New features
- Update GitLab Runner version to 13.5.0
- Add pull secrets to service account for runner image !241 (Horatiu Eugen Vlad @hvlad)
### Maintenance
- Set allowPrivilegeEscalation to false for gitlab-runner pod !243 (Horatiu Eugen Vlad @hvlad)
### Documentation changes
- Add comment on ubuntu image & securityContext !260
## v0.21.0 (2020-09-21)
### Maintenance
- Update GitLab Runner version to 13.4.0
- Fix changelog generator config to catch all maintenance related labels !255
### Other changes
- Add scripts/security-harness script !258
## v0.20.0 (2020-08-20)
### New features
- Update GitLab Runner version to 13.3.0
- Enable custom commands !250
### Maintenance
- Add `release stable` job for security fork !252
- Update changelog generator to accept new labels !249
## v0.19.0 (2020-07-20)
### New features
- Allow user to define PodSecurityPolicy !184 (Paweł Kalemba @pkalemba)
- Update GitLab Runner version to 13.2.0
### Documentation changes
- Fix external links within values.yaml !248 (Alexandre Jardin @alexandre.jardin)
## v0.18.0 (2020-06-19)
### Maintenance
- Update GitLab Runner version to 13.1.0
### Other changes
- Fix unregister when using token secret !231 (Bernd @arabus)
- Support specifying pod security context. !219 (Chen Yufei @cyfdecyf)
## v0.17.1 (2020-06-01)
### Maintenance
- Update GitLab Runner version to 13.0.1
## v0.17.0 (2020-05-20)
### New features
- Expose settings for kubernetes resource limits and requests overwrites !220 (Alexander Petermann @lexxxel)
- Add support for setting Node Tolerations !188 (Zeyu Ye @Shuliyey)
### Maintenance
- Update GitLab Runner version to 13.0.0
- Update package name in note !234
- Pin CI jobs to gitlab-org runners !222
## v0.16.0 (2020-04-22)
### New features
- Add Service Account annotation support !211 (David Rosson @davidrosson)
### Bug fixes
- Support correct spelling of GCS secret !214 (Arthur Wiebe @arthur65)
### Maintenance
- Remove dependency of `gitlab-runner-builder` runner !221
- Fix linting for forks with a different name than "gitlab-runner" !218
- Install gitlab-changelog installation !217
### Other changes
- Update GitLab Runner version to 12.10.1
- Change listen address to not force IPv6 !213 (Fábio Matavelli @fabiomatavelli)
## v0.15.0 (2020-03-20)
### Maintenance
- Update GitLab Runner version to 12.9.0
- Update changelog generator configuration !212
- Replace changelog entries generation script !209
### Other changes
- Fix values.yaml typo !210 (Brian Choy @bycEEE)
## v0.14.0 (2020-02-22)
- Update GitLab Runner version to 12.8.0
## v0.13.0 (2020-01-20)
- Add podLabels to the deployment !198
- Mount custom-certs in configure init container !202
## v0.12.0 (2019-12-22)
- Add `apiVersion: v1` to chart.yaml !195
- Add documentation to protected Runners !193
- Make securityContext configurable !199
- Update GitLab Runner version to 12.6.0
## v0.11.0 (2019-11-20)
- Variables for RUNNER_OUTPUT_LIMIT, and KUBERNETES_POLL_TIMEOUT !50
- Add support for register protected Runners !185
## v0.10.1 (2019-10-28)
- Update GitLab Runner to 12.4.1
## v0.10.0 (2019-10-21)
- Updated GitLab Runner to 12.4.0
- Use updated project path to release helm chart !172
- Update resources API to stable verson !167
- Add support for specifying log format !170
- Use the cache.secret template to check if the secretName is set !166
- Drop need for helm force update for now !181
- Fix image version detection for old helm versions !173
## v0.9.0 (2019-09-20)
- Use updated project path to release helm chart !172
- Enabling horizontal pod auto-scaling based on custom metrics !127
- Change base image used for CI jobs !156
- Remove DJ as a listed chart maintainer !160
- Release beta version on master using Bleeding Edge image !155
- Update definition of 'release beta' CI jobs !164
- Fix certs path in the comment in values file !148
- Implement support for run-untagged option !140
- Use new location for helm charts repo !162
- Follow-up to adding run-untagged support !165
## v0.8.0 (2019-08-22)
- Add suport for graceful stop !150
## v0.7.0 (2019-07-22)
- Fix broken anchor link for gcs cache docs !135
- Allow user to set rbac roles !112
- Bump used Runner version to 12.1.0 !149
## v0.6.0 (2019-06-24)
- Allow to manually build the package for development branches !120
- When configuring cache: if no S3 secret assume IAM role !111
- Allow to define request_concurrency value !121
- Bump used Runner version to 12.0.0 !138
## v0.5.0 (2019-05-22)
- Bump used Runner version to 11.11.0 !126
## v0.4.1 (2019-04-24)
- Bump used Runner version to 11.10.1 !113
## v0.4.0 (2019-04-22)
- Bump used Runner version to 11.10.0-rc2 !108
- Fix a typo in values.yaml !101
- Add pod labels for jobs !98
- add hostAliases for pod assignment !89
- Configurable deployment annotations !44
- Add pod annotations for jobs !97
- Bump used Runner version to 11.10.0-rc1 !107
## v0.3.0 (2019-03-22)
- Change mount of secret with S3 distributed cache credentials !64
- Add environment variables to runner !48
- Replace S3_CACHE_INSECURE with CACHE_S3_INSECURE !90
- Update values.yaml to remove invalid anchor in comments !85
- Bump used Runner version to 11.9.0 !102
## v0.2.0 (2019-02-22)
- Fix the error caused by unset 'locked' value !79
- Create LICENSE file !76
- Add CONTRIBUTING.md file !81
- Add plain MIT text into LICENSE and add NOTICE !80
- Fix incorrect custom secret documentation !71
- Add affinity, nodeSelector and tolerations for pod assignment !56
- Ignore scripts directory when buildin helm chart !83
- Bump used Runner version to 11.8.0-rc1 !87
- Fix year in Changelog - it's already 2019 !84
## v0.1.45 (2019-01-22)
- Trigger release only for tagged versions !72
- Fixes typos in values.yaml comments !60
- Update chart to bring closer to helm standard template !43
- Add nodeSelector config parameter for CI job pods !19
- Prepare CHANGELOG management !75
- Track app version in Chart.yaml !74
- Fix the error caused by unset 'locked' value !79
- Bump used Runner version to 11.7.0 !82

16
k8s/gitlab-runner/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,16 @@
## Developer Certificate of Origin + License
By contributing to GitLab B.V., You accept and agree to the following terms and
conditions for Your present and future Contributions submitted to GitLab B.V.
Except for the license granted herein to GitLab B.V. and recipients of software
distributed by GitLab B.V., You reserve all right, title, and interest in and to
Your Contributions. All Contributions are subject to the following DCO + License
terms.
[DCO + License](https://gitlab.com/gitlab-org/dco/blob/master/README.md)
All Documentation content that resides under the [docs/ directory](/docs) of this
repository is licensed under Creative Commons:
[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/).
_This notice should stay as the first item in the CONTRIBUTING.md file._

16
k8s/gitlab-runner/Chart.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
appVersion: 15.3.0
description: GitLab Runner
icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png
keywords:
- git
- ci
- deploy
maintainers:
- email: support@gitlab.com
name: GitLab Inc.
name: gitlab-runner
sources:
- https://gitlab.com/gitlab-org/gitlab-runner
- https://docs.gitlab.com/runner/
version: 0.44.0

22
k8s/gitlab-runner/LICENSE Normal file
View File

@@ -0,0 +1,22 @@
The MIT License (MIT)
Copyright (c) 2018-2019 GitLab B.V.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

20
k8s/gitlab-runner/Makefile Normal file
View File

@@ -0,0 +1,20 @@
GITLAB_CHANGELOG_VERSION ?= master
GITLAB_CHANGELOG = .tmp/gitlab-changelog-$(GITLAB_CHANGELOG_VERSION)
.PHONY: generate_changelog
generate_changelog: export CHANGELOG_RELEASE ?= dev
generate_changelog: $(GITLAB_CHANGELOG)
# Generating new changelog entries
@$(GITLAB_CHANGELOG) -project-id 6329679 \
-release $(CHANGELOG_RELEASE) \
-starting-point-matcher "v[0-9]*.[0-9]*.[0-9]*" \
-config-file .gitlab/changelog.yml \
-changelog-file CHANGELOG.md
$(GITLAB_CHANGELOG): OS_TYPE ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
$(GITLAB_CHANGELOG): DOWNLOAD_URL = "https://storage.googleapis.com/gitlab-runner-tools/gitlab-changelog/$(GITLAB_CHANGELOG_VERSION)/gitlab-changelog-$(OS_TYPE)-amd64"
$(GITLAB_CHANGELOG):
# Installing $(DOWNLOAD_URL) as $(GITLAB_CHANGELOG)
@mkdir -p $(shell dirname $(GITLAB_CHANGELOG))
@curl -sL "$(DOWNLOAD_URL)" -o "$(GITLAB_CHANGELOG)"
@chmod +x "$(GITLAB_CHANGELOG)"

30
k8s/gitlab-runner/NOTICE Normal file
View File

@@ -0,0 +1,30 @@
With regard to the GitLab Software:
The MIT License (MIT)
Copyright (c) 2018-2019 GitLab B.V.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
---
For all third party components incorporated into the GitLab Software, those
components are licensed under the original license provided by the owner of the
applicable component.

4
k8s/gitlab-runner/README.md Normal file
View File

@@ -0,0 +1,4 @@
# GitLab Runner Helm Chart
TOKEN=RLs59uf39x1CtGtEs7ey
helm upgrade --install --create-namespace -n gitlab-runner gitlab-runner --set gitlabUrl=https://git.bildme.ru,runnerRegistrationToken=$TOKEN k8s/gitlab-runner

36
k8s/gitlab-runner/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,36 @@
{{- if include "gitlab-runner.gitlabUrl" . }}
Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ include "gitlab-runner.gitlabUrl" . }}
{{- else -}}
#############################################################################################
## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ##
#############################################################################################
This deployment will be incomplete until you provide the URL that your
GitLab instance is reachable at:
helm upgrade {{ .Release.Name }} \
--set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \
gitlab/gitlab-runner
{{- end -}}
{{- if not .Values.runners.config }}
#############################################################################################
## WARNING: You don't seem to be using the GitLab Runner config template functionality. ##
## Configuring the GitLab Runner through that template is recommended as other ##
## configuration options will be deprecated in Helm Chart 1.0. Read more at ##
## https://docs.gitlab.com/runner/install/kubernetes.html#using-configuration-template. ##
#############################################################################################
{{- end }}
{{- $runnerNamespace := regexFind "\\s*namespace\\s*=.+\\s*" (tpl .Values.runners.config $) | regexFind "=.+" | trimPrefix "=" | trim -}}
{{- if regexMatch "\\s*namespace\\s*=" .Values.runners.config }}
Runner namespace {{ $runnerNamespace }} was found in runners.config template.
{{- if .Values.runners.namespace }}
#############################################################################################
## WARNING: You have set the namespace in runners.config and also set in deprecated ##
## runner.namespace element. The runners.config namespace will be ignored. ##
#############################################################################################
{{- end }}
{{- end }}

28
k8s/gitlab-runner/templates/_cache.tpl Normal file
View File

@@ -0,0 +1,28 @@
{{- define "gitlab-runner.cache" }}
{{- if .Values.runners.cache.cacheType }}
- name: CACHE_TYPE
value: {{ default "" .Values.runners.cache.cacheType | quote }}
- name: CACHE_PATH
value: {{ coalesce .Values.runners.cache.cachePath .Values.runners.cache.s3CachePath | default "" | quote }}
{{- if .Values.runners.cache.cacheShared }}
- name: CACHE_SHARED
value: "true"
{{- end }}
{{- if eq .Values.runners.cache.cacheType "s3" }}
- name: CACHE_S3_SERVER_ADDRESS
value: {{ include "gitlab-runner.cache.s3ServerAddress" . }}
- name: CACHE_S3_BUCKET_NAME
value: {{ default "" .Values.runners.cache.s3BucketName | quote }}
- name: CACHE_S3_BUCKET_LOCATION
value: {{ default "" .Values.runners.cache.s3BucketLocation | quote }}
{{- if .Values.runners.cache.s3CacheInsecure }}
- name: CACHE_S3_INSECURE
value: "true"
{{- end }}
{{- end }}
{{- if eq .Values.runners.cache.cacheType "gcs" }}
- name: CACHE_GCS_BUCKET_NAME
value: {{ default "" .Values.runners.cache.gcsBucketName | quote }}
{{- end }}
{{- end }}
{{- end -}}

145
k8s/gitlab-runner/templates/_env_vars.tpl Normal file
View File

@@ -0,0 +1,145 @@
{{- define "gitlab-runner.runner-env-vars" }}
- name: CI_SERVER_URL
value: {{ include "gitlab-runner.gitlabUrl" . }}
- name: CLONE_URL
value: {{ default "" .Values.runners.cloneUrl | quote }}
{{- if .Values.runners.requestConcurrency }}
- name: RUNNER_REQUEST_CONCURRENCY
value: {{ default 1 .Values.runners.requestConcurrency | quote }}
{{- end }}
- name: RUNNER_EXECUTOR
value: {{ default "kubernetes" .Values.runners.executor | quote }}
- name: REGISTER_LOCKED
{{ if or (not (hasKey .Values.runners "locked")) .Values.runners.locked -}}
value: "true"
{{- else -}}
value: "false"
{{- end }}
- name: RUNNER_TAG_LIST
value: {{ default "" .Values.runners.tags | quote }}
{{- if .Values.runners.outputLimit }}
- name: RUNNER_OUTPUT_LIMIT
value: {{ .Values.runners.outputLimit | quote }}
{{- end}}
{{- if eq (default "kubernetes" .Values.runners.executor) "kubernetes" }}
{{- if .Values.runners.image }}
- name: KUBERNETES_IMAGE
value: {{ .Values.runners.image | quote }}
{{- end }}
{{- if .Values.runners.privileged }}
- name: KUBERNETES_PRIVILEGED
value: "true"
{{- end }}
{{- if or .Values.runners.namespace (not (regexMatch "\\s*namespace\\s*=" .Values.runners.config)) }}
- name: KUBERNETES_NAMESPACE
value: {{ default .Release.Namespace .Values.runners.namespace | quote }}
{{- end }}
{{- if .Values.runners.pollTimeout }}
- name: KUBERNETES_POLL_TIMEOUT
value: {{ .Values.runners.pollTimeout | quote }}
{{- end }}
{{- if .Values.runners.builds.cpuLimit }}
- name: KUBERNETES_CPU_LIMIT
value: {{ .Values.runners.builds.cpuLimit | quote }}
{{- end }}
{{- if .Values.runners.builds.cpuLimitOverwriteMaxAllowed }}
- name: KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED
value: {{ .Values.runners.builds.cpuLimitOverwriteMaxAllowed | quote }}
{{- end }}
{{- if .Values.runners.builds.memoryLimit }}
- name: KUBERNETES_MEMORY_LIMIT
value: {{ .Values.runners.builds.memoryLimit | quote }}
{{- end }}
{{- if .Values.runners.builds.memoryLimitOverwriteMaxAllowed }}
- name: KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED
value: {{ .Values.runners.builds.memoryLimitOverwriteMaxAllowed | quote }}
{{- end }}
{{- if .Values.runners.builds.cpuRequests }}
- name: KUBERNETES_CPU_REQUEST
value: {{ .Values.runners.builds.cpuRequests | quote }}
{{- end }}
{{- if .Values.runners.builds.cpuRequestsOverwriteMaxAllowed }}
- name: KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED
value: {{ .Values.runners.builds.cpuRequestsOverwriteMaxAllowed | quote }}
{{- end }}
{{- if .Values.runners.builds.memoryRequests }}
- name: KUBERNETES_MEMORY_REQUEST
value: {{ .Values.runners.builds.memoryRequests| quote }}
{{- end }}
{{- if .Values.runners.builds.memoryRequestsOverwriteMaxAllowed }}
- name: KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED
value: {{ .Values.runners.builds.memoryRequestsOverwriteMaxAllowed | quote }}
{{- end }}
{{- if .Values.runners.serviceAccountName }}
- name: KUBERNETES_SERVICE_ACCOUNT
value: {{ .Values.runners.serviceAccountName | quote }}
{{- end }}
{{- if .Values.runners.services.cpuLimit }}
- name: KUBERNETES_SERVICE_CPU_LIMIT
value: {{ .Values.runners.services.cpuLimit | quote }}
{{- end }}
{{- if .Values.runners.services.memoryLimit }}
- name: KUBERNETES_SERVICE_MEMORY_LIMIT
value: {{ .Values.runners.services.memoryLimit | quote }}
{{- end }}
{{- if .Values.runners.services.cpuRequests }}
- name: KUBERNETES_SERVICE_CPU_REQUEST
value: {{ .Values.runners.services.cpuRequests | quote }}
{{- end }}
{{- if .Values.runners.services.memoryRequests }}
- name: KUBERNETES_SERVICE_MEMORY_REQUEST
value: {{ .Values.runners.services.memoryRequests | quote }}
{{- end }}
{{- if .Values.runners.helpers.cpuLimit }}
- name: KUBERNETES_HELPER_CPU_LIMIT
value: {{ .Values.runners.helpers.cpuLimit | quote }}
{{- end }}
{{- if .Values.runners.helpers.memoryLimit }}
- name: KUBERNETES_HELPER_MEMORY_LIMIT
value: {{ .Values.runners.helpers.memoryLimit | quote }}
{{- end }}
{{- if .Values.runners.helpers.cpuRequests }}
- name: KUBERNETES_HELPER_CPU_REQUEST
value: {{ .Values.runners.helpers.cpuRequests | quote }}
{{- end }}
{{- if .Values.runners.helpers.memoryRequests }}
- name: KUBERNETES_HELPER_MEMORY_REQUEST
value: {{ .Values.runners.helpers.memoryRequests | quote }}
{{- end }}
{{- if .Values.runners.helpers.image }}
- name: KUBERNETES_HELPER_IMAGE
value: {{ .Values.runners.helpers.image | quote }}
{{- end }}
{{- if .Values.runners.imagePullPolicy }}
- name: KUBERNETES_PULL_POLICY
value: {{ .Values.runners.imagePullPolicy | quote }}
{{- end }}
{{- if .Values.runners.pod_security_context }}
{{- if .Values.runners.pod_security_context.run_as_non_root }}
- name: KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_NON_ROOT
value: "true"
{{- end }}
{{- if .Values.runners.pod_security_context.run_as_user }}
- name: KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_USER
value: {{ .Values.runners.pod_security_context.run_as_user | quote }}
{{- end }}
{{- if .Values.runners.pod_security_context.run_as_group }}
- name: KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_GROUP
value: {{ .Values.runners.pod_security_context.run_as_group | quote }}
{{- end }}
{{- if .Values.runners.pod_security_context.fs_group }}
- name: KUBERNETES_POD_SECURITY_CONTEXT_FS_GROUP
value: {{ .Values.runners.pod_security_context.fs_group | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.runners.cache -}}
{{ include "gitlab-runner.cache" . }}
{{- end }}
{{- if .Values.envVars -}}
{{ range .Values.envVars }}
- name: {{ .name }}
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- end }}

120
k8s/gitlab-runner/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,120 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gitlab-runner.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "gitlab-runner.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if hasPrefix $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gitlab-runner.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Define the name of the secret containing the tokens
*/}}
{{- define "gitlab-runner.secret" -}}
{{- default (include "gitlab-runner.fullname" .) .Values.runners.secret | quote -}}
{{- end -}}
{{/*
Define the name of the s3 cache secret
*/}}
{{- define "gitlab-runner.cache.secret" -}}
{{- if .Values.runners.cache.secretName -}}
{{- .Values.runners.cache.secretName | quote -}}
{{- end -}}
{{- end -}}
{{/*
Template for outputing the gitlabUrl
*/}}
{{- define "gitlab-runner.gitlabUrl" -}}
{{- .Values.gitlabUrl | quote -}}
{{- end -}}
{{/*
Template runners.cache.s3ServerAddress in order to allow overrides from external charts.
*/}}
{{- define "gitlab-runner.cache.s3ServerAddress" }}
{{- default "" .Values.runners.cache.s3ServerAddress | quote -}}
{{- end -}}
{{/*
Define the image, using .Chart.AppVersion and GitLab Runner image as a default value
*/}}
{{- define "gitlab-runner.image" }}
{{- if kindIs "string" .Values.image -}}
{{- .Values.image }}
{{- else -}}
{{- $appVersion := ternary "bleeding" (print "v" .Chart.AppVersion) (eq .Chart.AppVersion "bleeding") -}}
{{- $appVersionImageTag := printf "alpine-%s" $appVersion -}}
{{- $imageTag := default $appVersionImageTag .Values.image.tag -}}
{{- printf "%s/%s:%s" .Values.image.registry .Values.image.image $imageTag }}
{{- end -}}
{{- end -}}
{{/*
Define the server session timeout, using 1800 as a default value
*/}}
{{- define "gitlab-runner.server-session-timeout" }}
{{- default 1800 .Values.sessionServer.timeout }}
{{- end -}}
{{/*
Define the server session internal port, using 9000 as a default value
*/}}
{{- define "gitlab-runner.server-session-external-port" }}
{{- default 9000 .Values.sessionServer.externalPort }}
{{- end -}}
{{/*
Define the server session external port, using 8093 as a default value
*/}}
{{- define "gitlab-runner.server-session-internal-port" }}
{{- default 8093 .Values.sessionServer.internalPort }}
{{- end -}}
{{/*
Unregister runner on pod stop
*/}}
{{- define "gitlab-runner.unregisterRunner" -}}
{{- if or (and (hasKey .Values "unregisterRunner") .Values.unregisterRunner) (and (not (hasKey .Values "unregisterRunner")) .Values.runnerRegistrationToken) -}}
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"]
{{- end -}}
{{- end -}}
{{/*
Unregister all runners on pod stop
*/}}
{{- define "gitlab-runner.unregisterRunners" -}}
{{- if or (and (hasKey .Values "unregisterRunners") .Values.unregisterRunners) (and (not (hasKey .Values "unregisterRunners")) .Values.runnerRegistrationToken) -}}
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--all-runners"]
{{- end -}}
{{- end -}}

236
k8s/gitlab-runner/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,236 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
entrypoint: |
#!/bin/bash
set -e
mkdir -p /home/gitlab-runner/.gitlab-runner/
cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
quit() {
kill -TERM "$child"
}
trap quit QUIT TERM
sh /configmaps/set-session-server-address &
child=$!
wait "$child"
{{- end }}
# Set up environment variables for cache
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
fi
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
elif [[ -f /secrets/gcs-application-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
else
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
fi
fi
if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
fi
if [[ -f /secrets/runner-registration-token ]]; then
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
fi
if [[ -f /secrets/runner-token ]]; then
export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
fi
{{- if and (not (empty .Values.runnerToken)) (ne "1" ((default "1" .Values.replicas) | toString)) }}
{{- fail "Using a runner token with more than 1 replica is not supported." }}
{{- end }}
# Validate this also at runtime in case the user has set a custom secret
if [[ ! -z "$CI_SERVER_TOKEN" && "{{ default 1 .Values.replicas }}" -ne "1" ]]; then
echo "Using a runner token with more than 1 replica is not supported."
exit 1
fi
# Register the runner
if ! sh /configmaps/register-the-runner; then
exit 1
fi
# Run pre-entrypoint-script
if ! bash /configmaps/pre-entrypoint-script; then
exit 1
fi
# Start the runner
exec /entrypoint run --user=gitlab-runner \
--working-directory=/home/gitlab-runner
config.toml: |
concurrent = {{ .Values.concurrent }}
check_interval = {{ .Values.checkInterval }}
log_level = {{ default "info" .Values.logLevel | quote }}
{{- if .Values.logFormat }}
log_format = {{ .Values.logFormat | quote }}
{{- end }}
{{- if .Values.metrics.enabled }}
listen_address = ':9252'
{{- end }}
{{- if .Values.sentryDsn }}
sentry_dsn = "{{ .Values.sentryDsn }}"
{{- end }}
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
[session_server]
session_timeout = {{ include "gitlab-runner.server-session-timeout" . }}
listen_address = "0.0.0.0:{{ include "gitlab-runner.server-session-internal-port" . }}"
advertise_address = "SESSION_SERVER_IP:{{ include "gitlab-runner.server-session-external-port" . }}"
{{- end }}
{{ if .Values.runners.config }}
config.template.toml: {{ tpl (toYaml .Values.runners.config) $ | indent 2 }}
{{ end }}
register-the-runner: |
#!/bin/bash
MAX_REGISTER_ATTEMPTS=30
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
/entrypoint register \
{{- range .Values.runners.imagePullSecrets }}
--kubernetes-image-pull-secrets {{ . | quote }} \
{{- end }}
{{- range $key, $val := .Values.runners.nodeSelector }}
--kubernetes-node-selector {{ $key | quote }}:{{ $val | quote }} \
{{- end }}
{{- range .Values.runners.nodeTolerations }}
{{- $keyValue := .key }}
{{- if eq (.operator | default "Equal") "Equal" }}
{{- $keyValue = print $keyValue "=" (.value | default "" ) }}
{{- end }}
--kubernetes-node-tolerations {{ $keyValue }}:{{ .effect | quote }} \
{{- end }}
{{- range $key, $value := .Values.runners.podLabels }}
--kubernetes-pod-labels {{ $key | quote }}:{{ $value | quote }} \
{{- end }}
{{- range $key, $val := .Values.runners.podAnnotations }}
--kubernetes-pod-annotations {{ $key | quote }}:{{ $val | quote }} \
{{- end }}
{{- if and (hasKey .Values.runners "name") .Values.runners.name }}
--name={{ .Values.runners.name | quote -}} \
{{- end }}
{{- if and (hasKey .Values.runners "maximumTimeout") .Values.runners.maximumTimeout }}
--maximum-timeout={{ .Values.runners.maximumTimeout | quote -}} \
{{- end }}
{{- range $key, $value := .Values.runners.env }}
--env {{ $key | quote -}} = {{- $value | quote }} \
{{- end }}
{{- if and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged }}
--run-untagged=true \
{{- end }}
{{- if and (hasKey .Values.runners "protected") .Values.runners.protected }}
--access-level="ref_protected" \
{{- end }}
{{- if .Values.runners.pod_security_context }}
{{- if .Values.runners.pod_security_context.supplemental_groups }}
{{- range $gid := .Values.runners.pod_security_context.supplemental_groups }}
--kubernetes-pod-security-context-supplemental-groups {{ $gid | quote }} \
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.runners.config }}
--template-config /configmaps/config.template.toml \
{{- end }}
--non-interactive
retval=$?
if [ ${retval} = 0 ]; then
break
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
exit 1
fi
sleep 5
done
exit 0
check-live: |
#!/bin/bash
if /usr/bin/pgrep -f .*register-the-runner; then
exit 0
elif /usr/bin/pgrep gitlab.*runner; then
exit 0
else
exit 1
fi
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
set-session-server-address: |
#!/bin/bash
{{- if (not .Values.sessionServer.publicIP) }}
APISERVER=https://kubernetes.default.svc \
&& SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount \
&& NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) \
&& TOKEN=$(cat ${SERVICEACCOUNT}/token) \
&& CACERT=${SERVICEACCOUNT}/ca.crt \
&& header="Authorization: Bearer ${TOKEN}"
SERVICEURL=${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/{{ include "gitlab-runner.fullname" . }}-session-server
has_address=false
while [ "${has_address}" = false ]; do
SERVICEIP=$(curl —-silent \
--cacert ${CACERT} \
--header "${header}" \
-X GET ${SERVICEURL} 2>/dev/null \
| grep '"ip":' | cut -d ":" -f2 | xargs)
# for aws, the hostname is available but not the external IP
SERVICEHOSTNAME=$(curl —-silent \
--cacert ${CACERT} \
--header "${header}" \
-X GET ${SERVICEURL} 2>/dev/null \
| grep '"hostname":' | cut -d ":" -f2 | xargs)
ADDRESS="${SERVICEHOSTNAME:-$SERVICEIP}"
if [ -z "${ADDRESS}" ]
then
echo "Service LoadBalancer External Address not yet available"
has_address=false
sleep 5
else
has_address=true
sed -i -e "s/SESSION_SERVER_IP/${ADDRESS}/g" /home/gitlab-runner/.gitlab-runner/config.toml
fi
done
{{- else }}
sed -i -e "s/SESSION_SERVER_IP/{{ .Values.sessionServer.publicIP }}/g" /home/gitlab-runner/.gitlab-runner/config.toml
{{- end}}
{{ end }}
pre-entrypoint-script: |
{{ .Values.preEntrypointScript | default "" | indent 4 }}
{{ if not (empty .Values.configMaps) }}{{ toYaml .Values.configMaps | indent 2 }}{{ end }}

169
k8s/gitlab-runner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,169 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: {{ default 1 .Values.replicas }}
revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }}
selector:
matchLabels:
app: {{ include "gitlab-runner.fullname" . }}
template:
metadata:
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- if .Values.metrics.enabled }}
prometheus.io/scrape: 'true'
prometheus.io/port: {{ .Values.metrics.port | quote }}
{{- end }}
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
containers:
- name: {{ include "gitlab-runner.fullname" . }}
image: {{ include "gitlab-runner.image" . }}
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
securityContext: {{ toYaml .Values.securityContext | nindent 10 }}
{{- include "gitlab-runner.unregisterRunner" . | nindent 8 }}
{{- include "gitlab-runner.unregisterRunners" . | nindent 8 }}
command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
env:
{{ include "gitlab-runner.runner-env-vars" . | indent 8 }}
livenessProbe:
exec:
command: ["/bin/bash", "/configmaps/check-live"]
initialDelaySeconds: 60
timeoutSeconds: {{ default 1 .Values.probeTimeoutSeconds }}
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command: ["/usr/bin/pgrep","gitlab.*runner"]
initialDelaySeconds: 10
timeoutSeconds: {{ default 1 .Values.probeTimeoutSeconds }}
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- name: {{ .Values.metrics.portName | quote }}
containerPort: {{ .Values.metrics.port }}
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
- name: session-server
containerPort: {{ include "gitlab-runner.server-session-internal-port" . }}
protocol: TCP
{{- end }}
volumeMounts:
- name: projected-secrets
mountPath: /secrets
- name: etc-gitlab-runner
mountPath: /home/gitlab-runner/.gitlab-runner
- name: configmaps
mountPath: /configmaps
{{- if .Values.certsSecretName }}
- name: custom-certs
readOnly: true
mountPath: /home/gitlab-runner/.gitlab-runner/certs/
{{- end }}
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
volumes:
- name: runner-secrets
emptyDir:
medium: "Memory"
- name: etc-gitlab-runner
emptyDir:
medium: "Memory"
- name: projected-secrets
projected:
sources:
{{- if .Values.runners.cache.cacheType }}
# .Values.runners.cache.cacheType is deprecated: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/224
{{- end }}
{{- if and .Values.runners.cache .Values.runners.cache.cacheType }}
{{- if and (include "gitlab-runner.cache.secret" .) (eq .Values.runners.cache.cacheType "s3") }}
- secret:
name: {{ include "gitlab-runner.cache.secret" . }}
{{- end }}
{{- if eq .Values.runners.cache.cacheType "gcs"}}
- secret:
# Outdated default secret "s3access" kept for compatibilty with older installs using it.
# Will be removed in next major release: https://gitlab.com/gitlab-org/charts/gitlab-runner/merge_requests/177
name: {{ default "s3access" (include "gitlab-runner.cache.secret" .) }}
{{- end }}
{{- else if include "gitlab-runner.cache.secret" . }}
- secret:
name: {{ include "gitlab-runner.cache.secret" . }}
{{- end }}
- secret:
name: {{ include "gitlab-runner.secret" . }}
items:
- key: runner-registration-token
path: runner-registration-token
- key: runner-token
path: runner-token
{{- range .Values.secrets }}
- secret:
{{ toYaml . | indent 16 }}
{{- end }}
{{- if .Values.certsSecretName }}
- name: custom-certs
secret:
secretName: {{ .Values.certsSecretName }}
{{- end }}
- name: configmaps
configMap:
name: {{ include "gitlab-runner.fullname" . }}
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 6 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}

16
k8s/gitlab-runner/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.hpa}}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "gitlab-runner.fullname" . }}
minReplicas: {{ default 1 .Values.hpa.minReplicas }}
maxReplicas: {{ default 1 .Values.hpa.maxReplicas }}
metrics:
{{ toYaml .Values.hpa.metrics | indent 2 }}
{{- end}}

22
k8s/gitlab-runner/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRoleBinding"{{ else }}"RoleBinding"{{ end }}
metadata:
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if not .Values.rbac.clusterWideAccess -}}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }}
name: {{ include "gitlab-runner.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "gitlab-runner.fullname" . }}
namespace: "{{ .Release.Namespace }}"
{{- end -}}

32
k8s/gitlab-runner/templates/role.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }}
metadata:
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if not .Values.rbac.clusterWideAccess -}}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
{{- end }}
rules:
{{- if .Values.rbac.podSecurityPolicy.enabled }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{ toYaml .Values.rbac.podSecurityPolicy.resourceNames | indent 2 }}
{{- end }}
{{- if or (empty .Values.rbac.rules) (or .Values.rbac.resources .Values.rbac.verbs) }}
- apiGroups: [""]
resources: {{ (default (list "*") .Values.rbac.resources | toJson) }}
verbs: {{ (default (list "*") .Values.rbac.verbs | toJson) }}
{{- end -}}
{{ range .Values.rbac.rules }}
- apiGroups: {{ (default (list "") .apiGroups) | toJson }}
resources: {{ (default (list "*") .resources) | toJson }}
verbs: {{ (default (list "*") .verbs) | toJson }}
{{- end }}
{{- end -}}

16
k8s/gitlab-runner/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or .Values.runnerRegistrationToken .Values.runnerToken -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitlab-runner.secret" . }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }}
runner-token: {{ default "" .Values.runnerToken | b64enc | quote }}
{{- end -}}

21
k8s/gitlab-runner/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.rbac.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
{{- range $key, $value := .Values.rbac.serviceAccountAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if .Values.rbac.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.rbac.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

32
k8s/gitlab-runner/templates/service-session-server.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitlab-runner.fullname" . }}-session-server
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
{{- if .Values.sessionServer.annotations }}
annotations:
{{- toYaml .Values.sessionServer.annotations | nindent 4 }}
{{- end }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
app: {{ include "gitlab-runner.fullname" . }}
release: "{{ .Release.Name }}"
type: LoadBalancer
{{- if .Values.sessionServer.publicIP }}
loadBalancerIP: {{ .Values.sessionServer.publicIP }}
{{- end }}
{{- if .Values.sessionServer.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.sessionServer.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- protocol: TCP
port: {{ include "gitlab-runner.server-session-external-port" . }}
targetPort: {{ include "gitlab-runner.server-session-internal-port" . }}
{{- end }}

52
k8s/gitlab-runner/templates/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if and .Values.service.enabled .Values.metrics.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitlab-runner.fullname" . | quote }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.service.labels }}
{{- toYaml .Values.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP | quote }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
- {{ $cidr | quote }}
{{- end }}
{{- end }}
ports:
{{- if .Values.metrics.enabled }}
- name: {{ .Values.metrics.portName | quote }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.service.metrics.nodePort }}
{{- end }}
port: {{ .Values.metrics.port }}
targetPort: {{ .Values.metrics.portName | quote }}
{{- end }}
{{- if .Values.service.additionalPorts }}
{{- toYaml .Values.service.additionalPorts | nindent 2 }}
{{- end }}
selector:
app: {{ include "gitlab-runner.fullname" . | quote }}
release: {{ .Release.Name | quote }}
type: {{ .Values.service.type | default "ClusterIP" | quote }}
{{- end }}

53
k8s/gitlab-runner/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.enabled .Values.service.enabled -}}
{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "gitlab-runner.fullname" . | quote }}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.metrics.portName | quote }}
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scheme }}
scheme: {{ .Values.metrics.serviceMonitor.scheme | quote }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml .Values.metrics.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6) . }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.path }}
path: {{ .Values.metrics.serviceMonitor.path }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $.Release.Namespace | quote }}
selector:
matchLabels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- end }}
{{- end }}

728
k8s/gitlab-runner/values.yaml Normal file
View File

@@ -0,0 +1,728 @@
## GitLab Runner Image
##
## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## DEPRECATED: Setting `image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v11.6.0` is deprecated
##
## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]=
##
## Note: If you change the image to the ubuntu release
## don't forget to change the securityContext;
## these images run on different user IDs.
##
image:
registry: registry.gitlab.com
image: gitlab-org/gitlab-runner
# tag: alpine-v11.6.0
## Specify a imagePullPolicy for the main runner deployment
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
##
## Note: it does not apply to job containers launched by this executor.
## Use `pull_policy` in [runners.kubernetes] to change it.
##
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
imagePullPolicy: IfNotPresent
## Specifying ImagePullSecrets on a Pod
## Kubernetes supports specifying container image registry keys on a Pod.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets:
# - name: "image-pull-secret"
## Timeout, in seconds, for liveness and readiness probes of a runner pod.
# probeTimeoutSeconds: 1
## How many runner pods to launch.
##
## Note: Using more than one replica is not supported with a runnerToken. Use a runnerRegistrationToken
## to create multiple runner replicas.
# replicas: 1
## How many old ReplicaSets for this Deployment you want to retain
# revisionHistoryLimit: 10
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
##
# gitlabUrl: http://gitlab.your-domain.com/
## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/index.html
##
# runnerRegistrationToken: ""
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that, but we want to use existing token)
##
# runnerToken: ""
#
## Unregister runner before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your GitLab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
##
## Please set unregisterRunners to false if you set unregisterRunner to true as only
## one preStop action is supported.
##
# unregisterRunner: true
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
##
# unregisterRunners: true
## When stopping the runner, give it time to wait for its jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
##
# certsSecretName:
## Configure the maximum number of concurrent jobs
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
concurrent: 10
## Defines in seconds how often to check GitLab for a new builds
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
checkInterval: 30
## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logLevel:
## Configure GitLab Runner's logging format. Available values are: runner, text, json
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logFormat:
## Configure GitLab Runner's Sentry DSN.
## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# sentryDsn:
## A custom bash script that will be executed prior to the invocation
## gitlab-runner process
#
#preEntrypointScript: |
# echo "hello"
## Specify whether the runner should start the session server.
## Defaults to false
## ref:
##
## When sessionServer is enabled, the user can either provide a public publicIP
## or either rely on the external IP auto discovery
## When a serviceAccountName is used with the automounting to the pod disable,
## we recommend the usage of the publicIP
sessionServer:
enabled: false
# annotations: {}
# timeout: 1800
# internalPort: 8093
# externalPort: 9000
# publicIP: ""
# loadBalancerSourceRanges:
# - 1.2.3.4/32
## For RBAC support:
rbac:
create: false
## Define specific rbac permissions.
## DEPRECATED: see .Values.rbac.rules
# resources: ["pods", "pods/exec", "secrets"]
# verbs: ["get", "list", "watch", "create", "patch", "delete"]
## Define list of rules to be added to the rbac role permissions.
## Each rule supports the keys:
## - apiGroups: default "" (indicates the core API group) if missing or empty.
## - resources: default "*" if missing or empty.
## - verbs: default "*" if missing or empty.
##
## Read more about the recommended rules on the following link
##
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configuring-executor-service-account
##
rules: []
# - resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
# verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
# - apiGroups: [""]
# resources: ["pods/exec"]
# verbs: ["create", "patch", "delete"]
## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
## cluster-wide or only within namespace
clusterWideAccess: false
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
##
# serviceAccountName: default
## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn
##
## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
##
# serviceAccountAnnotations: {}
## Use podSecurity Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
resourceNames:
- gitlab-runner
## Specify one or more imagePullSecrets used for pulling the runner image
##
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
##
# imagePullSecrets: []
## Configure integrated Prometheus metrics exporter
##
## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
##
metrics:
enabled: false
## Define a name for the metrics port
##
portName: metrics
## Provide a port number for the integrated Prometheus metrics exporter
##
port: 9252
## Configure a prometheus-operator serviceMonitor to allow autodetection of
## the scraping target. Requires enabling the service resource below.
##
serviceMonitor:
enabled: false
## Provide additional labels to the service monitor ressource
##
## labels: {}
## Define a scrape interval (otherwise prometheus default is used)
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
##
# interval: ""
## Specify the scrape protocol scheme e.g., https or http
##
# scheme: "http"
## Supply a tls configuration for the service monitor
##
## ref: https://github.com/helm/charts/blob/master/stable/prometheus-operator/crds/crd-servicemonitor.yaml
##
# tlsConfig: {}
## The URI path where prometheus metrics can be scraped from
##
# path: "/metrics"
## A list of MetricRelabelConfigs to apply to samples before ingestion
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
##
# metricRelabelings: []
## A list of RelabelConfigs to apply to samples before scraping
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
##
## relabelings: []
## Configure a service resource e.g., to allow scraping metrics via
## prometheus-operator serviceMonitor
service:
enabled: false
## Provide additonal labels for the service
##
# labels: {}
## Provide additonal annotations for the service
##
# annotations: {}
## Define a specific ClusterIP if you do not want a dynamic one
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
# clusterIP: ""
## Define a list of one or more external IPs for this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
##
# externalIPs: []
## Provide a specific loadbalancerIP e.g., of an external Loadbalancer
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
##
# loadBalancerIP: ""
## Provide a list of source IP ranges to have access to this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support
##
# loadBalancerSourceRanges: []
## Specify the service type e.g., ClusterIP, NodePort, Loadbalancer or ExternalName
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
##
type: ClusterIP
## Specify the services metrics nodeport if you use a service of type nodePort
##
# metrics:
## Specify the node port under which the prometheus metrics of the runner are made
## available.
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
##
# nodePort: ""
## Provide a list of additional ports to be exposed by this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
##
# additionalPorts: []
## Configuration for the Pods that the runner launches for each new job
##
runners:
# runner configuration, where the multi line strings is evaluated as
# template so you can specify helm values inside of it.
#
# tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
# runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
config: |
[[runners]]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "ubuntu:16.04"
## Which executor should be used
##
# executor: kubernetes
## Default container image to use for builds when none is specified
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# image: ubuntu:16.04
## Specify one or more imagePullSecrets
##
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# imagePullSecrets: []
## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# imagePullPolicy: ""
## Defines number of concurrent requests for new job from GitLab
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# requestConcurrency: 1
## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
##
# locked: true
## Specify the tags associated with the runner. Comma-separated list of tags.
##
## ref: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#use-tags-to-control-which-jobs-a-runner-can-run
##
tags: "kubenetes"
## Specify the name for the runner.
##
name: "gitlab-runner-k8s"
## Specify the maximum timeout (in seconds) that will be set for job when using this Runner
##
# maximumTimeout: ""
## Specify if jobs without tags should be run.
## If not specified, Runner will default to true if no tags were specified. In other case it will
## default to false.
##
## ref: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#set-a-runner-to-run-untagged-jobs
##
# runUntagged: true
## Specify whether the runner should only run protected branches.
## Defaults to false.
##
## ref: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#prevent-runners-from-revealing-sensitive-information
##
# protected: true
## Run all containers with the privileged flag enabled
## This will allow the docker:dind image to run if you need to run Docker
## commands. Please read the docs before turning this on:
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# privileged: false
## The name of the secret containing runner-token and runner-registration-token
# secret: gitlab-runner
## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# namespace:
## The amount of time, in seconds, that needs to pass before the runner will
## timeout attempting to connect to the container it has just created.
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# pollTimeout: 180
## Set maximum build log size in kilobytes, by default set to 4096 (4MB)
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# outputLimit: 4096
## Distributed runners caching
## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
##
## If you want to use s3 based distributing caching:
## First of all you need to uncomment General settings and S3 settings sections.
##
## Create a secret 's3access' containing 'accesskey' & 'secretkey'
## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
##
## $ kubectl create secret generic s3access \
## --from-literal=accesskey="YourAccessKey" \
## --from-literal=secretkey="YourSecretKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## If you want to use gcs based distributing caching:
## First of all you need to uncomment General settings and GCS settings sections.
##
## Access using credentials file:
## Create a secret 'google-application-credentials' containing your application credentials file.
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
## You could configure
## $ kubectl create secret generic google-application-credentials \
## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## Access using access-id and private-key:
## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
## You could configure
## $ kubectl create secret generic gcsaccess \
## --from-literal=gcs-access-id="YourAccessID" \
## --from-literal=gcs-private-key="YourPrivateKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## If you want to use Azure-based distributed caching:
## First, uncomment General settings.
##
## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
##
## $ kubectl create secret generic azureaccess \
## --from-literal=azure-account-name="YourAccountName" \
## --from-literal=azure-account-key="YourAccountKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
cache: {}
## General settings
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template
# cacheType: s3
# cachePath: "gitlab_runner"
# cacheShared: true
## S3 settings
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template
# s3ServerAddress: s3.amazonaws.com
# s3BucketName:
# s3BucketLocation:
# s3CacheInsecure: false
## GCS settings
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template
# gcsBucketName:
## S3 the name of the secret.
# secretName: s3access
## Use this line for access using gcs-access-id and gcs-private-key
# secretName: gcsaccess
## Use this line for access using google-application-credentials file
# secretName: google-application-credentials
## Use this line for access using Azure with azure-account-name and azure-account-key
# secretName: azureaccess
## Build Container specific configuration
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
builds: {}
# cpuLimit: 200m
# cpuLimitOverwriteMaxAllowed: 400m
# memoryLimit: 256Mi
# memoryLimitOverwriteMaxAllowed: 512Mi
# cpuRequests: 100m
# cpuRequestsOverwriteMaxAllowed: 200m
# memoryRequests: 128Mi
# memoryRequestsOverwriteMaxAllowed: 256Mi
## Service Container specific configuration
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
services: {}
# cpuLimit: 200m
# memoryLimit: 256Mi
# cpuRequests: 100m
# memoryRequests: 128Mi
## Helper Container specific configuration
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
helpers: {}
# cpuLimit: 200m
# memoryLimit: 256Mi
# cpuRequests: 100m
# memoryRequests: 128Mi
# image: "registry.gitlab.com/gitlab-org/gitlab-runner-helper:x86_64-${CI_RUNNER_REVISION}"
## Helper container security context configuration
## Refer to https://docs.gitlab.com/runner/executors/kubernetes.html#using-security-context
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# pod_security_context:
# run_as_non_root: true
# run_as_user: 100
# run_as_group: 100
# fs_group: 65533
# supplemental_groups: [101, 102]
## Service Account to be used for runners
##
# serviceAccountName:
## If Gitlab is not reachable through $CI_SERVER_URL
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# cloneUrl:
## Specify node labels for CI job pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# nodeSelector: {}
## Specify node tolerations for CI job pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# nodeTolerations: {}
## Specify pod labels for CI job pods
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# podLabels: {}
## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# podAnnotations: {}
## Configure environment variables that will be injected to the pods that are created while
## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`,
## to `gitlab-runner register` command.
##
## Note that `envVars` (see below) are only present in the runner pod, not the pods that are
## created for each build.
##
## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register
##
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
# env:
# NAME: VALUE
## Specify the name of the scheduler which used to schedule runner pods.
## Kubernetes supports multiple scheduler configurations.
## ref: https://kubernetes.io/docs/reference/scheduling
# schedulerName: "my-custom-scheduler"
## Configure securitycontext for the main container
## ref: http://kubernetes.io/docs/user-guide/security-context/
##
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
privileged: false
capabilities:
drop: ["ALL"]
## Configure securitycontext valid for the whole pod
## ref: http://kubernetes.io/docs/user-guide/security-context/
##
podSecurityContext:
runAsUser: 100
# runAsGroup: 65533
fsGroup: 65533
# supplementalGroups: [65533]
## Note: values for the ubuntu image:
# runAsUser: 999
# fsGroup: 999
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# memory: 256Mi
# cpu: 200m
# requests:
# memory: 128Mi
# cpu: 100m
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
# Example: The gitlab runner manager should not run on spot instances so you can assign
# them to the regular worker nodes only.
# node-role.kubernetes.io/worker: "true"
## List of node taints to tolerate (requires Kubernetes >= 1.6)
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
# Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
# when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
# - key: "node-role.kubernetes.io/worker"
# operator: "Exists"
## Configure environment variables that will be present when the registration command runs
## This provides further control over the registration process and the config.toml file
## ref: `gitlab-runner register --help`
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
##
# envVars:
# - name: RUNNER_EXECUTOR
# value: kubernetes
## list of hosts and IPs that will be injected into the pod's hosts file
hostAliases: []
# Example:
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
## Annotations to be added to manager pod
##
podAnnotations: {}
# Example:
# iam.amazonaws.com/role: <my_role_arn>
## Labels to be added to manager pod
##
podLabels: {}
# Example:
# owner.team: <my_cool_team>
## HPA support for custom metrics:
## This section enables runners to autoscale based on defined custom metrics.
## In order to use this functionality, Need to enable a custom metrics API server by
## implementing "custom.metrics.k8s.io" using supported third party adapter
## Example: https://github.com/directxman12/k8s-prometheus-adapter
##
#hpa: {}
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Pods
# pods:
# metricName: gitlab_runner_jobs
# targetAverageValue: 400m
## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works:
## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
## Secrets to be additionally mounted to the containers.
## All secrets are mounted through init-runner-secrets volume
## and placed as readonly at /init-secrets in the init container
## and finally copied to an in-memory volume runner-secrets that is
## mounted at /secrets.
secrets: []
# Example:
# - name: my-secret
# - name: myOtherSecret
# items:
# - key: key_one
# path: path_one
## Additional config files to mount in the containers in `/configmaps`.
##
## Please note that a number of keys are reserved by the runner.
## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml
## for a current list.
configMaps: {}
## Additional volumeMounts to add to the runner container
##
volumeMounts: []
# Example:
# - name: my-volume
# mountPath: /mount/path
## Additional volumes to add to the runner deployment
##
volumes: []
# Example:
# - name: my-volume
# persistentVolumeClaim:
# claimName: my-pvc