Automatically register Gitlab Runners with Gitlab FOSS via Kubernetes

config.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab
  template:
    metadata:
      labels:
        app: gitlab
    spec:
      containers:
        - name: gitlab-container
          image: gitlab/gitlab-ce:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
          env:
            - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN
              value: "r3g1str4t10n"
            - name: GITLAB_OMNIBUS_CONFIG
              value: |
                external_url 'https://example.com'
                nginx['listen_port'] = 80
                nginx['listen_https'] = false
                gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0']
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-runner-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: gitlab-runner
  template:
    metadata:
      labels:
        app: gitlab-runner
    spec:
      initContainers:
        - name: gitlab-runner-initcontainer
          image: curlimages/curl:latest
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh", "-c" ]
          args: [ "until [[ $(curl -iso /dev/null -w '%{http_code}\n' 'https://example.com/-/readiness') == '200' ]]; do sleep 1; done" ]
      containers:
        - name: gitlab-runner-container
          image: gitlab/gitlab-runner:latest
          imagePullPolicy: IfNotPresent
          command: [ "/usr/bin/dumb-init", "--" ]
          args: [ "/bin/sh", "-c", "/entrypoint help \
            && gitlab-runner register --non-interactive --registration-token \"${GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN}\" --locked=false --description \"$(hostname)\" --url \"https://example.com\" --executor kubernetes --kubernetes-privileged \
            && exec gitlab-runner run --user=gitlab-runner --working-directory=/home/gitlab-runner" ]
          ports:
            - containerPort: 80
          env:
            - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN
              value: "r3g1str4t10n"

The above config.yaml is by no means complete, but contains all the essential configuration you would need to add to an already working configuration. Here is a brief explanation of what is going on:

• A specific GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN value is defined so that we can pass that on to the runners to... Of course, you might want to tighten this up with secrets and moving access/definitions around.
• The monitoring whitelist is exposed to all IPs... This needs to be exposed for the init containers, but again, you might want to tighten this up as well.
• An init container is defined that checks the readiness endpoint of the Gitlab installation's monitoring feature. This basically blocks the Gitlab Runners from starting until it's possible for them the be registered. The cURL container from Docker Hub is tiny, but the default entrypoint is cURL itself... So we override that so that we can put the until loop in there.
• The runner container has entrypoint that points to gitlab-runner... We want to run a few commands first. We run the entrypoint with the "help" argument so that it goes through it's usual process. Then we register the runner using the registration token. Finally, we exec gitlab-runner (passing off PID 1 to it).