Skip to content

Instantly share code, notes, and snippets.

@fjudith
Created August 3, 2018 04:43
Show Gist options
  • Save fjudith/1bd306141ce135a34a7d84722007238e to your computer and use it in GitHub Desktop.
Save fjudith/1bd306141ce135a34a7d84722007238e to your computer and use it in GitHub Desktop.
Gitlab-Runner Kubernetes RBAC
apiVersion: v1
kind: Namespace
metadata:
name: gitlab
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitlab-runner
namespace: gitlab
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "secrets"]
verbs: ["get", "list", "watch", "create", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitlab-runner
namespace: gitlab
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: gitlab
roleRef:
kind: Role
name: gitlab-runner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-runner
namespace: gitlab
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: gitlab
data:
# Register your new runner as follows and then update the `token` in the
# configuration below.
# 0. Adapt gitlab-runner.yaml to your needs, e.g. insert correct Gitlab URL
# 1. kubectl apply -f gitlab-runner.yaml
# 2. ~# GITLAB_NAMESPACE='gitlab'
# 3. ~# GITLAB_URL='https://gitlab.example.com/'
# 4. ~# GITLAB_REGISTRATION_TOKEN='abcdef0123456789'
# 5. ~# GITLAB_RUNNER_NAME='gitlab-runner'
# 6. ~# GITLAB_RUNNER_POD_NAME=$(kubectl -n "${GITLAB_NAMESPACE}" get pods -l name="gitlab-runner" -o go-template='{{(index .items 0).metadata.name}}')
# 7. ~# kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- gitlab-runner register -n --executor kubernetes --kubernetes-namespace "${GITLAB_NAMESPACE}" --kubernetes-image "debian" -u "${GITLAB_URL}" -r "${GITLAB_REGISTRATION_TOKEN}" --name "${GITLAB_RUNNER_NAME}"
# 8. ~# kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- cat /etc/gitlab-runner/config.toml
# 9. Copy output to `config.toml` below
# 10. ~# kubectl apply -f gitlab-runner.yaml
# Delete the pod for it to be recreated with the new configuration
# 11. ~# kubectl -n ${GITLAB_NAMESPACE} delete pod ${GITLAB_RUNNER_POD_NAME}
config.toml: |
concurrent = 4
listen_address = ":9252"
[[runners]]
name = "Kubernetes Runner"
url = "https://gitlab.com/ci"
token = "{{ insert_your_token_here }}"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab"
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
name: gitlab-runner
template:
metadata:
labels:
name: gitlab-runner
spec:
serviceAccount: gitlab-runner
containers:
- args:
- run
image: gitlab/gitlab-runner:latest
imagePullPolicy: Always
name: gitlab-runner
volumeMounts:
- mountPath: /etc/gitlab-runner
name: config
- mountPath: /etc/ssl/certs
name: cacerts
readOnly: true
restartPolicy: Always
volumes:
- configMap:
name: gitlab-runner
name: config
- hostPath:
path: /etc/ssl/certs
name: cacerts
@MaxRink
Copy link

MaxRink commented Jan 7, 2019

Registering works but
kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- cat /etc/gitlab-runner/config.toml
doesnt give me the token back to add to my config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment