glw119/configmap.yaml

## configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "gitlab-runner.fullname" . }}
  labels:
    app: {{ include "gitlab-runner.fullname" . }}
    chart: {{ include "gitlab-runner.chart" . }}
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
data:
  entrypoint: |
    #!/bin/bash
    set -e
    mkdir -p /home/gitlab-runner/.gitlab-runner/
    cp /scripts/config.toml /home/gitlab-runner/.gitlab-runner/

    # Register the runner
    if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
      export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
      export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
    fi

    if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
      export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
    else
      if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
        export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
        # echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
        export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
      fi
    fi

    if [[ -f /secrets/runner-registration-token ]]; then
      export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
    fi

    if [[ -f /secrets/runner-token ]]; then
      export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
    fi

    if ! sh /scripts/register-the-runner; then
      exit 1
    fi

    cat >>/home/gitlab-runner/.gitlab-runner/config.toml <<EOF
            [[runners.kubernetes.volumes.host_path]]
              name = "m2"
              mount_path = "/root/.m2"
              host_path = "/m2"
            [[runners.kubernetes.volumes.host_path]]
              name = "cache"
              mount_path = "/cache"
              host_path = "/cache"
    EOF

    # Start the runner
    exec /entrypoint run --user=gitlab-runner \
      --working-directory=/home/gitlab-runner

  config.toml: |
    concurrent = {{ .Values.concurrent }}
    check_interval = {{ .Values.checkInterval }}
    log_level = {{ default "info" .Values.logLevel | quote }}
    {{- if .Values.logFormat }}
    log_format = {{ .Values.logFormat | quote }}
    {{- end }}
    {{- if .Values.metrics.enabled }}
    listen_address = '[::]:9252'
    {{- end }}
  configure: |
    set -e
    cp /init-secrets/* /secrets
  register-the-runner: |
    #!/bin/bash
    MAX_REGISTER_ATTEMPTS=30

    for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
      echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
      /entrypoint register \
        {{- range .Values.runners.imagePullSecrets }}
        --kubernetes-image-pull-secrets {{ . | quote }} \
        {{- end }}
        {{- range $key, $val := .Values.runners.nodeSelector }}
        --kubernetes-node-selector {{ $key | quote }}:{{ $val | quote }} \
        {{- end }}
        {{- range $key, $value := .Values.runners.podLabels }}
        --kubernetes-pod-labels {{ $key | quote }}:{{ $value | quote }} \
        {{- end }}
        {{- range $key, $val := .Values.runners.podAnnotations }}
        --kubernetes-pod-annotations {{ $key | quote }}:{{ $val | quote }} \
        {{- end }}
        {{- range $key, $value := .Values.runners.env }}
        --env {{ $key | quote -}} = {{- $value | quote }} \
        {{- end }}
        {{- if and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged }}
        --run-untagged=true \
        {{- end }}
        --non-interactive

      retval=$?

      if [ ${retval} = 0 ]; then
        break
      elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
        exit 1
      fi

      sleep 5
    done

    exit 0

  check-live: |
    #!/bin/bash
    if /usr/bin/pgrep -f .*register-the-runner; then
      exit 0
    elif /usr/bin/pgrep gitlab.*runner; then
      exit 0
    else
      exit 1
    fi

## values.yaml
## GitLab Runner Image
##
## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
##
# image: gitlab/gitlab-runner:alpine-v11.6.0

## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
imagePullPolicy: IfNotPresent

## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
##
gitlabUrl: "http://10.17.65.22:5622/gitlab/"

## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/README.html
##
# runnerRegistrationToken: "D1zsss2nS6Lgkx5M4_zx"

## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that, but we want to use existing token)
##
runnerToken: "D1zsss2nS6Lgkx5M4_zx"
#
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
##
unregisterRunners: false

## When stopping ther runner, give it time to wait for it's jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600

## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
##
# certsSecretName:

## Configure the maximum number of concurrent jobs
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
concurrent: 10

## Defines in seconds how often to check GitLab for a new builds
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
checkInterval: 30

## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logLevel:

## Configure GitLab Runner's logging format. Available values are: runner, text, json
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logFormat:

## For RBAC support:
rbac:
  create: true
  ## Define specific rbac permissions.
  resources: ["pods", "pods/exec", "secrets"]
  verbs: ["get", "list", "watch", "create", "patch", "delete"]

  ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
  ## cluster-wide or only within namespace
  clusterWideAccess: false

  ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
  ##
  # serviceAccountName: "gitlab-runner"

## Configure integrated Prometheus metrics exporter
## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
metrics:
  enabled: true

## Configuration for the Pods that that the runner launches for each new job
##
runners:
  ## Default container image to use for builds when none is specified
  ##
  image: 10.17.65.22:8088/maven:3-jdk-8-alpine

  ## Specify one or more imagePullSecrets
  ##
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  imagePullSecrets: ["regcred"]

  ## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
  ##
  imagePullPolicy: "if-not-present"

  ## Defines number of concurrent requests for new job from GitLab
  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
  ##
  # requestConcurrency: 1

  ## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
  ##
  # locked: true

  ## Specify the tags associated with the runner. Comma-separated list of tags.
  ##
  ## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags
  ##
  tags: "common,k8s"

  ## Specify if jobs without tags should be run.
  ## If not specified, Runner will default to true if no tags were specified. In other case it will
  ## default to false.
  ##
  ## ref: https://docs.gitlab.com/ce/ci/runners/#allowing-runners-with-tags-to-pick-jobs-without-tags
  ##
  runUntagged: true

  ## Run all containers with the privileged flag enabled
  ## This will allow the docker:dind image to run if you need to run Docker
  ## commands. Please read the docs before turning this on:
  ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind
  ##
  privileged: false

  ## The name of the secret containing runner-token and runner-registration-token
  # secret: gitlab-runner

  ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
  ##
  namespace: "gitlab"

  ## The amount of time, in seconds, that needs to pass before the runner will
  ## timeout attempting to connect to the container it has just created.
  ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html
  pollTimeout: 180

  ## Set maximum build log size in kilobytes, by default set to 4096 (4MB)
  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
  outputLimit: 4096

  ## Distributed runners caching
  ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching
  ##
  ## If you want to use s3 based distributing caching:
  ## First of all you need to uncomment General settings and S3 settings sections.
  ##
  ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
  ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
  ##
  ## $ kubectl create secret generic s3access \
  ##   --from-literal=accesskey="YourAccessKey" \
  ##   --from-literal=secretkey="YourSecretKey"
  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  ##
  ## If you want to use gcs based distributing caching:
  ## First of all you need to uncomment General settings and GCS settings sections.
  ##
  ## Access using credentials file:
  ## Create a secret 'google-application-credentials' containing your application credentials file.
  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
  ## You could configure
  ## $ kubectl create secret generic google-application-credentials \
  ##   --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json
  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  ##
  ## Access using access-id and private-key:
  ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
  ## You could configure
  ## $ kubectl create secret generic gcsaccess \
  ##   --from-literal=gcs-access-id="YourAccessID" \
  ##   --from-literal=gcs-private-key="YourPrivateKey"
  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  cache: {}
    ## General settings
    # cacheType: s3
    # cachePath: "gitlab_runner"
    # cacheShared: true

    ## S3 settings
    # s3ServerAddress: s3.amazonaws.com
    # s3BucketName:
    # s3BucketLocation:
    # s3CacheInsecure: false
    # secretName: s3access

    ## GCS settings
    # gcsBucketName:
    ## Use this line for access using access-id and private-key
    # secretName: gcsaccess
    ## Use this line for access using google-application-credentials file
    # secretName: google-application-credentials

  ## Build Container specific configuration
  ##
  builds: {}
    # cpuLimit: 200m
    # memoryLimit: 256Mi
    # cpuRequests: 100m
    # memoryRequests: 128Mi

  ## Service Container specific configuration
  ##
  services: {}
    # cpuLimit: 200m
    # memoryLimit: 256Mi
    # cpuRequests: 100m
    # memoryRequests: 128Mi

  ## Helper Container specific configuration
  ##
  helpers:
    cpuLimit: 200m
    memoryLimit: 256Mi
    cpuRequests: 100m
    memoryRequests: 128Mi
    image: gitlab/gitlab-runner-helper:x86_64-latest

  ## Service Account to be used for runners
  ##
  # serviceAccountName:

  ## If Gitlab is not reachable through $CI_SERVER_URL
  ##
  # cloneUrl:

  ## Specify node labels for CI job pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  # nodeSelector: {}

  ## Specify pod labels for CI job pods
  ##
  # podLabels: {}

  ## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role
  # podAnnotations: {}

  ## Configure environment variables that will be injected to the pods that are created while
  ## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`,
  ## to `gitlab-runner register` command.
  ##
  ## Note that `envVars` (see below) are only present in the runner pod, not the pods that are
  ## created for each build.
  ##
  ## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register
  ##
  # env:
  #   NAME: VALUE


## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
  # limits:
  #   memory: 256Mi
  #   cpu: 200m
  # requests:
  #   memory: 128Mi
  #   cpu: 100m

## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
  # Example: The gitlab runner manager should not run on spot instances so you can assign
  # them to the regular worker nodes only.
  # node-role.kubernetes.io/worker: "true"

## List of node taints to tolerate (requires Kubernetes >= 1.6)
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
  # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
  # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
  # - key: "node-role.kubernetes.io/worker"
  #   operator: "Exists"

## Configure environment variables that will be present when the registration command runs
## This provides further control over the registration process and the config.toml file
## ref: `gitlab-runner register --help`
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
##
# envVars:
#   - name: RUNNER_EXECUTOR
#     value: kubernetes

## list of hosts and IPs that will be injected into the pod's hosts file
hostAliases: []
  # Example:
  # - ip: "127.0.0.1"
  #   hostnames:
  #   - "foo.local"
  #   - "bar.local"
  # - ip: "10.1.2.3"
  #   hostnames:
  #   - "foo.remote"
  #   - "bar.remote"

## Annotations to be added to manager pod
##
podAnnotations: {}
  # Example:
  # iam.amazonaws.com/role: <my_role_arn>

## HPA support for custom metrics:
## This section enables runners to autoscale based on defined custom metrics.
## In order to use this functionality, Need to enable a custom metrics API server by
## implementing "custom.metrics.k8s.io" using supported third party adapter
## Example: https://github.com/directxman12/k8s-prometheus-adapter
##
#hpa: {}
  # minReplicas: 1
  # maxReplicas: 10
  # metrics:
  # - type: Pods
  #   pods:
  #     metricName: gitlab_runner_jobs
  #     targetAverageValue: 400m
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: {{ include "gitlab-runner.fullname" . }}
	labels:
	app: {{ include "gitlab-runner.fullname" . }}
	chart: {{ include "gitlab-runner.chart" . }}
	release: "{{ .Release.Name }}"
	heritage: "{{ .Release.Service }}"
	data:
	entrypoint: \|
	#!/bin/bash
	set -e
	mkdir -p /home/gitlab-runner/.gitlab-runner/
	cp /scripts/config.toml /home/gitlab-runner/.gitlab-runner/

	# Register the runner
	if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
	export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
	export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
	fi

	if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
	export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
	else
	if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
	export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
	# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
	export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
	fi
	fi

	if [[ -f /secrets/runner-registration-token ]]; then
	export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
	fi

	if [[ -f /secrets/runner-token ]]; then
	export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
	fi

	if ! sh /scripts/register-the-runner; then
	exit 1
	fi

	cat >>/home/gitlab-runner/.gitlab-runner/config.toml <<EOF
	[[runners.kubernetes.volumes.host_path]]
	name = "m2"
	mount_path = "/root/.m2"
	host_path = "/m2"
	[[runners.kubernetes.volumes.host_path]]
	name = "cache"
	mount_path = "/cache"
	host_path = "/cache"
	EOF

	# Start the runner
	exec /entrypoint run --user=gitlab-runner \
	--working-directory=/home/gitlab-runner

	config.toml: \|
	concurrent = {{ .Values.concurrent }}
	check_interval = {{ .Values.checkInterval }}
	log_level = {{ default "info" .Values.logLevel \| quote }}
	{{- if .Values.logFormat }}
	log_format = {{ .Values.logFormat \| quote }}
	{{- end }}
	{{- if .Values.metrics.enabled }}
	listen_address = '[::]:9252'
	{{- end }}
	configure: \|
	set -e
	cp /init-secrets/* /secrets
	register-the-runner: \|
	#!/bin/bash
	MAX_REGISTER_ATTEMPTS=30

	for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
	echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
	/entrypoint register \
	{{- range .Values.runners.imagePullSecrets }}
	--kubernetes-image-pull-secrets {{ . \| quote }} \
	{{- end }}
	{{- range $key, $val := .Values.runners.nodeSelector }}
	--kubernetes-node-selector {{ $key \| quote }}:{{ $val \| quote }} \
	{{- end }}
	{{- range $key, $value := .Values.runners.podLabels }}
	--kubernetes-pod-labels {{ $key \| quote }}:{{ $value \| quote }} \
	{{- end }}
	{{- range $key, $val := .Values.runners.podAnnotations }}
	--kubernetes-pod-annotations {{ $key \| quote }}:{{ $val \| quote }} \
	{{- end }}
	{{- range $key, $value := .Values.runners.env }}
	--env {{ $key \| quote -}} = {{- $value \| quote }} \
	{{- end }}
	{{- if and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged }}
	--run-untagged=true \
	{{- end }}
	--non-interactive

	retval=$?

	if [ ${retval} = 0 ]; then
	break
	elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
	exit 1
	fi

	sleep 5
	done

	exit 0

	check-live: \|
	#!/bin/bash
	if /usr/bin/pgrep -f .*register-the-runner; then
	exit 0
	elif /usr/bin/pgrep gitlab.*runner; then
	exit 0
	else
	exit 1
	fi
	## GitLab Runner Image
	##
	## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
	## where {VERSION} is taken from Chart.yaml from appVersion field
	##
	## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
	##
	# image: gitlab/gitlab-runner:alpine-v11.6.0

	## Specify a imagePullPolicy
	## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
	## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
	##
	imagePullPolicy: IfNotPresent

	## The GitLab Server URL (with protocol) that want to register the runner against
	## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
	##
	gitlabUrl: "http://10.17.65.22:5622/gitlab/"

	## The Registration Token for adding new Runners to the GitLab Server. This must
	## be retrieved from your GitLab Instance.
	## ref: https://docs.gitlab.com/ce/ci/runners/README.html
	##
	# runnerRegistrationToken: "D1zsss2nS6Lgkx5M4_zx"

	## The Runner Token for adding new Runners to the GitLab Server. This must
	## be retrieved from your GitLab Instance. It is token of already registered runner.
	## ref: (we don't yet have docs for that, but we want to use existing token)
	##
	runnerToken: "D1zsss2nS6Lgkx5M4_zx"
	#
	## Unregister all runners before termination
	##
	## Updating the runner's chart version or configuration will cause the runner container
	## to be terminated and created again. This may cause your Gitlab instance to reference
	## non-existant runners. Un-registering the runner before termination mitigates this issue.
	## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
	##
	unregisterRunners: false

	## When stopping ther runner, give it time to wait for it's jobs to terminate.
	##
	## Updating the runner's chart version or configuration will cause the runner container
	## to be terminated with a graceful stop request. terminationGracePeriodSeconds
	## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
	## ref: https://docs.gitlab.com/runner/commands/#signals
	terminationGracePeriodSeconds: 3600

	## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
	## Provide resource name for a Kubernetes Secret Object in the same namespace,
	## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
	## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
	##
	# certsSecretName:

	## Configure the maximum number of concurrent jobs
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
	##
	concurrent: 10

	## Defines in seconds how often to check GitLab for a new builds
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
	##
	checkInterval: 30

	## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
	##
	# logLevel:

	## Configure GitLab Runner's logging format. Available values are: runner, text, json
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
	##
	# logFormat:

	## For RBAC support:
	rbac:
	create: true
	## Define specific rbac permissions.
	resources: ["pods", "pods/exec", "secrets"]
	verbs: ["get", "list", "watch", "create", "patch", "delete"]

	## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
	## cluster-wide or only within namespace
	clusterWideAccess: false

	## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
	##
	# serviceAccountName: "gitlab-runner"

	## Configure integrated Prometheus metrics exporter
	## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
	metrics:
	enabled: true

	## Configuration for the Pods that that the runner launches for each new job
	##
	runners:
	## Default container image to use for builds when none is specified
	##
	image: 10.17.65.22:8088/maven:3-jdk-8-alpine

	## Specify one or more imagePullSecrets
	##
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
	##
	imagePullSecrets: ["regcred"]

	## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
	##
	imagePullPolicy: "if-not-present"

	## Defines number of concurrent requests for new job from GitLab
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
	##
	# requestConcurrency: 1

	## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
	##
	# locked: true

	## Specify the tags associated with the runner. Comma-separated list of tags.
	##
	## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags
	##
	tags: "common,k8s"

	## Specify if jobs without tags should be run.
	## If not specified, Runner will default to true if no tags were specified. In other case it will
	## default to false.
	##
	## ref: https://docs.gitlab.com/ce/ci/runners/#allowing-runners-with-tags-to-pick-jobs-without-tags
	##
	runUntagged: true

	## Run all containers with the privileged flag enabled
	## This will allow the docker:dind image to run if you need to run Docker
	## commands. Please read the docs before turning this on:
	## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind
	##
	privileged: false

	## The name of the secret containing runner-token and runner-registration-token
	# secret: gitlab-runner

	## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
	##
	namespace: "gitlab"

	## The amount of time, in seconds, that needs to pass before the runner will
	## timeout attempting to connect to the container it has just created.
	## ref: https://docs.gitlab.com/runner/executors/kubernetes.html
	pollTimeout: 180

	## Set maximum build log size in kilobytes, by default set to 4096 (4MB)
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
	outputLimit: 4096

	## Distributed runners caching
	## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching
	##
	## If you want to use s3 based distributing caching:
	## First of all you need to uncomment General settings and S3 settings sections.
	##
	## Create a secret 's3access' containing 'accesskey' & 'secretkey'
	## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
	##
	## $ kubectl create secret generic s3access \
	## --from-literal=accesskey="YourAccessKey" \
	## --from-literal=secretkey="YourSecretKey"
	## ref: https://kubernetes.io/docs/concepts/configuration/secret/
	##
	## If you want to use gcs based distributing caching:
	## First of all you need to uncomment General settings and GCS settings sections.
	##
	## Access using credentials file:
	## Create a secret 'google-application-credentials' containing your application credentials file.
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
	## You could configure
	## $ kubectl create secret generic google-application-credentials \
	## --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json
	## ref: https://kubernetes.io/docs/concepts/configuration/secret/
	##
	## Access using access-id and private-key:
	## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
	## You could configure
	## $ kubectl create secret generic gcsaccess \
	## --from-literal=gcs-access-id="YourAccessID" \
	## --from-literal=gcs-private-key="YourPrivateKey"
	## ref: https://kubernetes.io/docs/concepts/configuration/secret/
	cache: {}
	## General settings
	# cacheType: s3
	# cachePath: "gitlab_runner"
	# cacheShared: true

	## S3 settings
	# s3ServerAddress: s3.amazonaws.com
	# s3BucketName:
	# s3BucketLocation:
	# s3CacheInsecure: false
	# secretName: s3access

	## GCS settings
	# gcsBucketName:
	## Use this line for access using access-id and private-key
	# secretName: gcsaccess
	## Use this line for access using google-application-credentials file
	# secretName: google-application-credentials

	## Build Container specific configuration
	##
	builds: {}
	# cpuLimit: 200m
	# memoryLimit: 256Mi
	# cpuRequests: 100m
	# memoryRequests: 128Mi

	## Service Container specific configuration
	##
	services: {}
	# cpuLimit: 200m
	# memoryLimit: 256Mi
	# cpuRequests: 100m
	# memoryRequests: 128Mi

	## Helper Container specific configuration
	##
	helpers:
	cpuLimit: 200m
	memoryLimit: 256Mi
	cpuRequests: 100m
	memoryRequests: 128Mi
	image: gitlab/gitlab-runner-helper:x86_64-latest

	## Service Account to be used for runners
	##
	# serviceAccountName:

	## If Gitlab is not reachable through $CI_SERVER_URL
	##
	# cloneUrl:

	## Specify node labels for CI job pods assignment
	## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
	##
	# nodeSelector: {}

	## Specify pod labels for CI job pods
	##
	# podLabels: {}

	## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role
	# podAnnotations: {}

	## Configure environment variables that will be injected to the pods that are created while
	## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`,
	## to `gitlab-runner register` command.
	##
	## Note that `envVars` (see below) are only present in the runner pod, not the pods that are
	## created for each build.
	##
	## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register
	##
	# env:
	# NAME: VALUE


	## Configure resource requests and limits
	## ref: http://kubernetes.io/docs/user-guide/compute-resources/
	##
	resources: {}
	# limits:
	# memory: 256Mi
	# cpu: 200m
	# requests:
	# memory: 128Mi
	# cpu: 100m

	## Affinity for pod assignment
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
	##
	affinity: {}

	## Node labels for pod assignment
	## Ref: https://kubernetes.io/docs/user-guide/node-selection/
	##
	nodeSelector: {}
	# Example: The gitlab runner manager should not run on spot instances so you can assign
	# them to the regular worker nodes only.
	# node-role.kubernetes.io/worker: "true"

	## List of node taints to tolerate (requires Kubernetes >= 1.6)
	## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
	##
	tolerations: []
	# Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
	# when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
	# - key: "node-role.kubernetes.io/worker"
	# operator: "Exists"

	## Configure environment variables that will be present when the registration command runs
	## This provides further control over the registration process and the config.toml file
	## ref: `gitlab-runner register --help`
	## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
	##
	# envVars:
	# - name: RUNNER_EXECUTOR
	# value: kubernetes

	## list of hosts and IPs that will be injected into the pod's hosts file
	hostAliases: []
	# Example:
	# - ip: "127.0.0.1"
	# hostnames:
	# - "foo.local"
	# - "bar.local"
	# - ip: "10.1.2.3"
	# hostnames:
	# - "foo.remote"
	# - "bar.remote"

	## Annotations to be added to manager pod
	##
	podAnnotations: {}
	# Example:
	# iam.amazonaws.com/role: <my_role_arn>

	## HPA support for custom metrics:
	## This section enables runners to autoscale based on defined custom metrics.
	## In order to use this functionality, Need to enable a custom metrics API server by
	## implementing "custom.metrics.k8s.io" using supported third party adapter
	## Example: https://github.com/directxman12/k8s-prometheus-adapter
	##
	#hpa: {}
	# minReplicas: 1
	# maxReplicas: 10
	# metrics:
	# - type: Pods
	# pods:
	# metricName: gitlab_runner_jobs
	# targetAverageValue: 400m