Last active
November 2, 2019 06:51
-
-
Save glw119/12b670537893e91068981ce05a9e0e5e to your computer and use it in GitHub Desktop.
Gitlab Runner Helm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: {{ include "gitlab-runner.fullname" . }} | |
labels: | |
app: {{ include "gitlab-runner.fullname" . }} | |
chart: {{ include "gitlab-runner.chart" . }} | |
release: "{{ .Release.Name }}" | |
heritage: "{{ .Release.Service }}" | |
data: | |
entrypoint: | | |
#!/bin/bash | |
set -e | |
mkdir -p /home/gitlab-runner/.gitlab-runner/ | |
cp /scripts/config.toml /home/gitlab-runner/.gitlab-runner/ | |
# Register the runner | |
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then | |
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey) | |
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey) | |
fi | |
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then | |
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file" | |
else | |
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then | |
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id) | |
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n) | |
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key)) | |
fi | |
fi | |
if [[ -f /secrets/runner-registration-token ]]; then | |
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token) | |
fi | |
if [[ -f /secrets/runner-token ]]; then | |
export CI_SERVER_TOKEN=$(cat /secrets/runner-token) | |
fi | |
if ! sh /scripts/register-the-runner; then | |
exit 1 | |
fi | |
cat >>/home/gitlab-runner/.gitlab-runner/config.toml <<EOF | |
[[runners.kubernetes.volumes.host_path]] | |
name = "m2" | |
mount_path = "/root/.m2" | |
host_path = "/m2" | |
[[runners.kubernetes.volumes.host_path]] | |
name = "cache" | |
mount_path = "/cache" | |
host_path = "/cache" | |
EOF | |
# Start the runner | |
exec /entrypoint run --user=gitlab-runner \ | |
--working-directory=/home/gitlab-runner | |
config.toml: | | |
concurrent = {{ .Values.concurrent }} | |
check_interval = {{ .Values.checkInterval }} | |
log_level = {{ default "info" .Values.logLevel | quote }} | |
{{- if .Values.logFormat }} | |
log_format = {{ .Values.logFormat | quote }} | |
{{- end }} | |
{{- if .Values.metrics.enabled }} | |
listen_address = '[::]:9252' | |
{{- end }} | |
configure: | | |
set -e | |
cp /init-secrets/* /secrets | |
register-the-runner: | | |
#!/bin/bash | |
MAX_REGISTER_ATTEMPTS=30 | |
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do | |
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}" | |
/entrypoint register \ | |
{{- range .Values.runners.imagePullSecrets }} | |
--kubernetes-image-pull-secrets {{ . | quote }} \ | |
{{- end }} | |
{{- range $key, $val := .Values.runners.nodeSelector }} | |
--kubernetes-node-selector {{ $key | quote }}:{{ $val | quote }} \ | |
{{- end }} | |
{{- range $key, $value := .Values.runners.podLabels }} | |
--kubernetes-pod-labels {{ $key | quote }}:{{ $value | quote }} \ | |
{{- end }} | |
{{- range $key, $val := .Values.runners.podAnnotations }} | |
--kubernetes-pod-annotations {{ $key | quote }}:{{ $val | quote }} \ | |
{{- end }} | |
{{- range $key, $value := .Values.runners.env }} | |
--env {{ $key | quote -}} = {{- $value | quote }} \ | |
{{- end }} | |
{{- if and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged }} | |
--run-untagged=true \ | |
{{- end }} | |
--non-interactive | |
retval=$? | |
if [ ${retval} = 0 ]; then | |
break | |
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then | |
exit 1 | |
fi | |
sleep 5 | |
done | |
exit 0 | |
check-live: | | |
#!/bin/bash | |
if /usr/bin/pgrep -f .*register-the-runner; then | |
exit 0 | |
elif /usr/bin/pgrep gitlab.*runner; then | |
exit 0 | |
else | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## GitLab Runner Image | |
## | |
## By default it's using gitlab/gitlab-runner:alpine-v{VERSION} | |
## where {VERSION} is taken from Chart.yaml from appVersion field | |
## | |
## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/ | |
## | |
# image: gitlab/gitlab-runner:alpine-v11.6.0 | |
## Specify a imagePullPolicy | |
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' | |
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images | |
## | |
imagePullPolicy: IfNotPresent | |
## The GitLab Server URL (with protocol) that want to register the runner against | |
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register | |
## | |
gitlabUrl: "http://10.17.65.22:5622/gitlab/" | |
## The Registration Token for adding new Runners to the GitLab Server. This must | |
## be retrieved from your GitLab Instance. | |
## ref: https://docs.gitlab.com/ce/ci/runners/README.html | |
## | |
# runnerRegistrationToken: "D1zsss2nS6Lgkx5M4_zx" | |
## The Runner Token for adding new Runners to the GitLab Server. This must | |
## be retrieved from your GitLab Instance. It is token of already registered runner. | |
## ref: (we don't yet have docs for that, but we want to use existing token) | |
## | |
runnerToken: "D1zsss2nS6Lgkx5M4_zx" | |
# | |
## Unregister all runners before termination | |
## | |
## Updating the runner's chart version or configuration will cause the runner container | |
## to be terminated and created again. This may cause your Gitlab instance to reference | |
## non-existant runners. Un-registering the runner before termination mitigates this issue. | |
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister | |
## | |
unregisterRunners: false | |
## When stopping ther runner, give it time to wait for it's jobs to terminate. | |
## | |
## Updating the runner's chart version or configuration will cause the runner container | |
## to be terminated with a graceful stop request. terminationGracePeriodSeconds | |
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully. | |
## ref: https://docs.gitlab.com/runner/commands/#signals | |
terminationGracePeriodSeconds: 3600 | |
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use | |
## Provide resource name for a Kubernetes Secret Object in the same namespace, | |
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory | |
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates | |
## | |
# certsSecretName: | |
## Configure the maximum number of concurrent jobs | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section | |
## | |
concurrent: 10 | |
## Defines in seconds how often to check GitLab for a new builds | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section | |
## | |
checkInterval: 30 | |
## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section | |
## | |
# logLevel: | |
## Configure GitLab Runner's logging format. Available values are: runner, text, json | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section | |
## | |
# logFormat: | |
## For RBAC support: | |
rbac: | |
create: true | |
## Define specific rbac permissions. | |
resources: ["pods", "pods/exec", "secrets"] | |
verbs: ["get", "list", "watch", "create", "patch", "delete"] | |
## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs | |
## cluster-wide or only within namespace | |
clusterWideAccess: false | |
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create) | |
## | |
# serviceAccountName: "gitlab-runner" | |
## Configure integrated Prometheus metrics exporter | |
## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server | |
metrics: | |
enabled: true | |
## Configuration for the Pods that that the runner launches for each new job | |
## | |
runners: | |
## Default container image to use for builds when none is specified | |
## | |
image: 10.17.65.22:8088/maven:3-jdk-8-alpine | |
## Specify one or more imagePullSecrets | |
## | |
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | |
## | |
imagePullSecrets: ["regcred"] | |
## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set. | |
## | |
imagePullPolicy: "if-not-present" | |
## Defines number of concurrent requests for new job from GitLab | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section | |
## | |
# requestConcurrency: 1 | |
## Specify whether the runner should be locked to a specific project: true, false. Defaults to true. | |
## | |
# locked: true | |
## Specify the tags associated with the runner. Comma-separated list of tags. | |
## | |
## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags | |
## | |
tags: "common,k8s" | |
## Specify if jobs without tags should be run. | |
## If not specified, Runner will default to true if no tags were specified. In other case it will | |
## default to false. | |
## | |
## ref: https://docs.gitlab.com/ce/ci/runners/#allowing-runners-with-tags-to-pick-jobs-without-tags | |
## | |
runUntagged: true | |
## Run all containers with the privileged flag enabled | |
## This will allow the docker:dind image to run if you need to run Docker | |
## commands. Please read the docs before turning this on: | |
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind | |
## | |
privileged: false | |
## The name of the secret containing runner-token and runner-registration-token | |
# secret: gitlab-runner | |
## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release) | |
## | |
namespace: "gitlab" | |
## The amount of time, in seconds, that needs to pass before the runner will | |
## timeout attempting to connect to the container it has just created. | |
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html | |
pollTimeout: 180 | |
## Set maximum build log size in kilobytes, by default set to 4096 (4MB) | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section | |
outputLimit: 4096 | |
## Distributed runners caching | |
## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching | |
## | |
## If you want to use s3 based distributing caching: | |
## First of all you need to uncomment General settings and S3 settings sections. | |
## | |
## Create a secret 's3access' containing 'accesskey' & 'secretkey' | |
## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ | |
## | |
## $ kubectl create secret generic s3access \ | |
## --from-literal=accesskey="YourAccessKey" \ | |
## --from-literal=secretkey="YourSecretKey" | |
## ref: https://kubernetes.io/docs/concepts/configuration/secret/ | |
## | |
## If you want to use gcs based distributing caching: | |
## First of all you need to uncomment General settings and GCS settings sections. | |
## | |
## Access using credentials file: | |
## Create a secret 'google-application-credentials' containing your application credentials file. | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section | |
## You could configure | |
## $ kubectl create secret generic google-application-credentials \ | |
## --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json | |
## ref: https://kubernetes.io/docs/concepts/configuration/secret/ | |
## | |
## Access using access-id and private-key: | |
## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'. | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section | |
## You could configure | |
## $ kubectl create secret generic gcsaccess \ | |
## --from-literal=gcs-access-id="YourAccessID" \ | |
## --from-literal=gcs-private-key="YourPrivateKey" | |
## ref: https://kubernetes.io/docs/concepts/configuration/secret/ | |
cache: {} | |
## General settings | |
# cacheType: s3 | |
# cachePath: "gitlab_runner" | |
# cacheShared: true | |
## S3 settings | |
# s3ServerAddress: s3.amazonaws.com | |
# s3BucketName: | |
# s3BucketLocation: | |
# s3CacheInsecure: false | |
# secretName: s3access | |
## GCS settings | |
# gcsBucketName: | |
## Use this line for access using access-id and private-key | |
# secretName: gcsaccess | |
## Use this line for access using google-application-credentials file | |
# secretName: google-application-credentials | |
## Build Container specific configuration | |
## | |
builds: {} | |
# cpuLimit: 200m | |
# memoryLimit: 256Mi | |
# cpuRequests: 100m | |
# memoryRequests: 128Mi | |
## Service Container specific configuration | |
## | |
services: {} | |
# cpuLimit: 200m | |
# memoryLimit: 256Mi | |
# cpuRequests: 100m | |
# memoryRequests: 128Mi | |
## Helper Container specific configuration | |
## | |
helpers: | |
cpuLimit: 200m | |
memoryLimit: 256Mi | |
cpuRequests: 100m | |
memoryRequests: 128Mi | |
image: gitlab/gitlab-runner-helper:x86_64-latest | |
## Service Account to be used for runners | |
## | |
# serviceAccountName: | |
## If Gitlab is not reachable through $CI_SERVER_URL | |
## | |
# cloneUrl: | |
## Specify node labels for CI job pods assignment | |
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | |
## | |
# nodeSelector: {} | |
## Specify pod labels for CI job pods | |
## | |
# podLabels: {} | |
## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role | |
# podAnnotations: {} | |
## Configure environment variables that will be injected to the pods that are created while | |
## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`, | |
## to `gitlab-runner register` command. | |
## | |
## Note that `envVars` (see below) are only present in the runner pod, not the pods that are | |
## created for each build. | |
## | |
## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register | |
## | |
# env: | |
# NAME: VALUE | |
## Configure resource requests and limits | |
## ref: http://kubernetes.io/docs/user-guide/compute-resources/ | |
## | |
resources: {} | |
# limits: | |
# memory: 256Mi | |
# cpu: 200m | |
# requests: | |
# memory: 128Mi | |
# cpu: 100m | |
## Affinity for pod assignment | |
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
## | |
affinity: {} | |
## Node labels for pod assignment | |
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ | |
## | |
nodeSelector: {} | |
# Example: The gitlab runner manager should not run on spot instances so you can assign | |
# them to the regular worker nodes only. | |
# node-role.kubernetes.io/worker: "true" | |
## List of node taints to tolerate (requires Kubernetes >= 1.6) | |
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
## | |
tolerations: [] | |
# Example: Regular worker nodes may have a taint, thus you need to tolerate the taint | |
# when you assign the gitlab runner manager with nodeSelector or affinity to the nodes. | |
# - key: "node-role.kubernetes.io/worker" | |
# operator: "Exists" | |
## Configure environment variables that will be present when the registration command runs | |
## This provides further control over the registration process and the config.toml file | |
## ref: `gitlab-runner register --help` | |
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html | |
## | |
# envVars: | |
# - name: RUNNER_EXECUTOR | |
# value: kubernetes | |
## list of hosts and IPs that will be injected into the pod's hosts file | |
hostAliases: [] | |
# Example: | |
# - ip: "127.0.0.1" | |
# hostnames: | |
# - "foo.local" | |
# - "bar.local" | |
# - ip: "10.1.2.3" | |
# hostnames: | |
# - "foo.remote" | |
# - "bar.remote" | |
## Annotations to be added to manager pod | |
## | |
podAnnotations: {} | |
# Example: | |
# iam.amazonaws.com/role: <my_role_arn> | |
## HPA support for custom metrics: | |
## This section enables runners to autoscale based on defined custom metrics. | |
## In order to use this functionality, Need to enable a custom metrics API server by | |
## implementing "custom.metrics.k8s.io" using supported third party adapter | |
## Example: https://github.com/directxman12/k8s-prometheus-adapter | |
## | |
#hpa: {} | |
# minReplicas: 1 | |
# maxReplicas: 10 | |
# metrics: | |
# - type: Pods | |
# pods: | |
# metricName: gitlab_runner_jobs | |
# targetAverageValue: 400m |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment