Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
GitLab Runner on a Kubernetes cluster
  1. Create namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: gitlab
  1. kubectl create -f ./namespace.yaml

  2. Create configmap.yaml, The token of "CI / CD Settings -> Runners settings" is for gitlab-runner register process. Try gitlab-runner register to get the right token in cofig.toml of local, and change token of config.toml of K8S.

apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
    concurrent = 4

    [[runners]]
      name = "Kubernetes Runner"
      url = "https://gitlab.com/ci"
      token = "...."
      executor = "kubernetes"
      [runners.kubernetes]
        namespace = "gitlab"
        image = "busybox"
  1. kubectl create -f configmap.yaml

  2. Check configmap, kubectl get configmap --all-namespaces=true

  3. Create deployment.yaml file

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: gitlab-runner
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab-runner
  template:
    metadata:
      labels:
        name: gitlab-runner
    spec:
      containers:
      - args:
        - run
        image: gitlab/gitlab-runner:latest
        imagePullPolicy: Always
        name: gitlab-runner
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
        - mountPath: /etc/ssl/certs
          name: cacerts
          readOnly: true
      restartPolicy: Always
      volumes:
      - configMap:
          name: gitlab-runner
        name: config
      - hostPath:
          path: /usr/share/ca-certificates/mozilla
        name: cacerts
  1. kubectl create -f deployment.yaml
@alexrjs
Copy link

alexrjs commented Feb 24, 2019

(2019.02.24) Just a short note
I had to do 2 changes to make it work on my home grown k8s:

  1. I had to remove the VolumeMount for cacerts, since it the folder /etc/ssl/cacerts was always empty. And I got 50x errors. After removal it worked. Maybe I did something wrong or my k8s is acting up, but my fix worked.

  2. When I started the pod the first time I used the CI/CD token (from gitlab.com) for registering in the config.toml and I got a bad token error. Then I figured out that I had to use the token you get if you use the "edit" icon and open the settings for this runner. I copied it and edited the config.toml with this token and then the runner was available in GitLab. Don't know if there is an other way to register a runner before you start the deployment, but at least this workaround fixed my problem that the worker is available on my project on gitlab.com.

Anyway thanks for the gist... ;-)

@charlie-charlie
Copy link

charlie-charlie commented Mar 21, 2019

going through deployment.yaml, I didn't see any mount volume for source code. Why? based on my understanding, runner will pull the code, check the syntax (per our gitlab_ci.yaml file). Without mounted volume, where store the src code?
Secondly, how gitlab talk to k8s pods? I didn't see any service created. Could anybody pls shine here? thanks

@sp3c73r2038
Copy link

sp3c73r2038 commented Sep 27, 2019

going through deployment.yaml, I didn't see any mount volume for source code. Why? based on my understanding, runner will pull the code, check the syntax (per our gitlab_ci.yaml file). Without mounted volume, where store the src code?

The gitlab-runner deployment/pod is acting like a controller here. Runner will listen for the pipeline/job events and create corresponding build pods. The source code is mounted there. You can check that with kubectl get pods -w watching for newly created build pods, then kubectl get <pod_name> -o yaml.

# ...
    volumeMounts:
    - mountPath: /builds
      name: repo
# ...

Secondly, how gitlab talk to k8s pods? I didn't see any service created. Could anybody pls shine here? thanks

Not sure about that though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment