Created
August 3, 2018 04:43
-
-
Save fjudith/1bd306141ce135a34a7d84722007238e to your computer and use it in GitHub Desktop.
Gitlab-Runner Kubernetes RBAC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: gitlab | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: gitlab-runner | |
| namespace: gitlab | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["pods", "pods/exec", "secrets"] | |
| verbs: ["get", "list", "watch", "create", "patch", "delete"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: gitlab-runner | |
| namespace: gitlab | |
| subjects: | |
| - kind: ServiceAccount | |
| name: gitlab-runner | |
| namespace: gitlab | |
| roleRef: | |
| kind: Role | |
| name: gitlab-runner | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: gitlab-runner | |
| namespace: gitlab | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: gitlab-runner | |
| namespace: gitlab | |
| data: | |
| # Register your new runner as follows and then update the `token` in the | |
| # configuration below. | |
| # 0. Adapt gitlab-runner.yaml to your needs, e.g. insert correct Gitlab URL | |
| # 1. kubectl apply -f gitlab-runner.yaml | |
| # 2. ~# GITLAB_NAMESPACE='gitlab' | |
| # 3. ~# GITLAB_URL='https://gitlab.example.com/' | |
| # 4. ~# GITLAB_REGISTRATION_TOKEN='abcdef0123456789' | |
| # 5. ~# GITLAB_RUNNER_NAME='gitlab-runner' | |
| # 6. ~# GITLAB_RUNNER_POD_NAME=$(kubectl -n "${GITLAB_NAMESPACE}" get pods -l name="gitlab-runner" -o go-template='{{(index .items 0).metadata.name}}') | |
| # 7. ~# kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- gitlab-runner register -n --executor kubernetes --kubernetes-namespace "${GITLAB_NAMESPACE}" --kubernetes-image "debian" -u "${GITLAB_URL}" -r "${GITLAB_REGISTRATION_TOKEN}" --name "${GITLAB_RUNNER_NAME}" | |
| # 8. ~# kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- cat /etc/gitlab-runner/config.toml | |
| # 9. Copy output to `config.toml` below | |
| # 10. ~# kubectl apply -f gitlab-runner.yaml | |
| # Delete the pod for it to be recreated with the new configuration | |
| # 11. ~# kubectl -n ${GITLAB_NAMESPACE} delete pod ${GITLAB_RUNNER_POD_NAME} | |
| config.toml: | | |
| concurrent = 4 | |
| listen_address = ":9252" | |
| [[runners]] | |
| name = "Kubernetes Runner" | |
| url = "https://gitlab.com/ci" | |
| token = "{{ insert_your_token_here }}" | |
| executor = "kubernetes" | |
| [runners.kubernetes] | |
| namespace = "gitlab" | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: gitlab-runner | |
| namespace: gitlab | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| name: gitlab-runner | |
| template: | |
| metadata: | |
| labels: | |
| name: gitlab-runner | |
| spec: | |
| serviceAccount: gitlab-runner | |
| containers: | |
| - args: | |
| - run | |
| image: gitlab/gitlab-runner:latest | |
| imagePullPolicy: Always | |
| name: gitlab-runner | |
| volumeMounts: | |
| - mountPath: /etc/gitlab-runner | |
| name: config | |
| - mountPath: /etc/ssl/certs | |
| name: cacerts | |
| readOnly: true | |
| restartPolicy: Always | |
| volumes: | |
| - configMap: | |
| name: gitlab-runner | |
| name: config | |
| - hostPath: | |
| path: /etc/ssl/certs | |
| name: cacerts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Registering works but
kubectl -n ${GITLAB_NAMESPACE} exec -it ${GITLAB_RUNNER_POD_NAME} -- cat /etc/gitlab-runner/config.toml
doesnt give me the token back to add to my config