apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitlab-runner.fullname" . }} namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }} labels: app: {{ include "gitlab-runner.fullname" . }} chart: {{ include "gitlab-runner.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" spec: replicas: {{ default 1 .Values.replicas }} revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }} selector: matchLabels: app: {{ include "gitlab-runner.fullname" . }} template: metadata: labels: app: {{ include "gitlab-runner.fullname" . }} chart: {{ include "gitlab-runner.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" {{- range $key, $value := .Values.podLabels }} {{ $key }}: {{ $value | quote }} {{- end }} annotations: checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} {{- if .Values.metrics.enabled }} prometheus.io/scrape: 'true' prometheus.io/port: {{ .Values.metrics.port | quote }} {{- end }} {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} containers: - name: {{ include "gitlab-runner.fullname" . }} image: {{ include "gitlab-runner.image" . }} imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} securityContext: {{ toYaml .Values.securityContext | nindent 10 }} {{- include "gitlab-runner.unregisterRunner" . | nindent 8 }} {{- include "gitlab-runner.unregisterRunners" . | nindent 8 }} command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"] env: {{ include "gitlab-runner.runner-env-vars" . | indent 8 }} livenessProbe: exec: command: ["/bin/bash", "/configmaps/check-live"] initialDelaySeconds: 60 timeoutSeconds: {{ default 1 .Values.probeTimeoutSeconds }} periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: exec: command: ["/usr/bin/pgrep","gitlab.*runner"] initialDelaySeconds: 10 timeoutSeconds: {{ default 1 .Values.probeTimeoutSeconds }} periodSeconds: 10 successThreshold: 1 failureThreshold: 3 ports: - name: {{ .Values.metrics.portName | quote }} containerPort: {{ .Values.metrics.port }} {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} - name: session-server containerPort: {{ include "gitlab-runner.server-session-internal-port" . }} protocol: TCP {{- end }} volumeMounts: - name: projected-secrets mountPath: /secrets - name: etc-gitlab-runner mountPath: /home/gitlab-runner/.gitlab-runner - name: configmaps mountPath: /configmaps {{- if .Values.certsSecretName }} - name: custom-certs readOnly: true mountPath: /home/gitlab-runner/.gitlab-runner/certs/ {{- end }} {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 8 }} {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} volumes: - name: runner-secrets emptyDir: medium: "Memory" - name: etc-gitlab-runner emptyDir: medium: "Memory" - name: projected-secrets projected: sources: {{- if .Values.runners.cache.cacheType }} # .Values.runners.cache.cacheType is deprecated: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/224 {{- end }} {{- if and .Values.runners.cache .Values.runners.cache.cacheType }} {{- if and (include "gitlab-runner.cache.secret" .) (eq .Values.runners.cache.cacheType "s3") }} - secret: name: {{ include "gitlab-runner.cache.secret" . }} {{- end }} {{- if eq .Values.runners.cache.cacheType "gcs"}} - secret: # Outdated default secret "s3access" kept for compatibilty with older installs using it. # Will be removed in next major release: https://gitlab.com/gitlab-org/charts/gitlab-runner/merge_requests/177 name: {{ default "s3access" (include "gitlab-runner.cache.secret" .) }} {{- end }} {{- else if include "gitlab-runner.cache.secret" . }} - secret: name: {{ include "gitlab-runner.cache.secret" . }} {{- end }} - secret: name: {{ include "gitlab-runner.secret" . }} items: - key: runner-registration-token path: runner-registration-token - key: runner-token path: runner-token {{- range .Values.secrets }} - secret: {{ toYaml . | indent 16 }} {{- end }} {{- if .Values.certsSecretName }} - name: custom-certs secret: secretName: {{ .Values.certsSecretName }} {{- end }} - name: configmaps configMap: name: {{ include "gitlab-runner.fullname" . }} {{- if .Values.volumes }} {{ toYaml .Values.volumes | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | indent 8 }} {{- end }}