452 lines
13 KiB
Markdown
452 lines
13 KiB
Markdown
---
|
|
stage: Configure
|
|
group: Configure
|
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
|
---
|
|
|
|
# Install GitLab Runner with Kubernetes Agent **(PREMIUM ONLY)**
|
|
|
|
These instructions to install the GitLab Runner assume the
|
|
[GitLab Kubernetes Agent](index.md) is already configured.
|
|
|
|
1. Review the possible [Runner chart YAML values](https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml) in the Runner chart documentation,
|
|
and create a `runner-chart-values.yaml` file with the configuration that fits
|
|
your needs, such as:
|
|
|
|
```yaml
|
|
# The GitLab Server URL (with protocol) that want to register the runner against
|
|
# ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
|
|
#
|
|
gitlabUrl: https://gitlab.my.domain.example.com/
|
|
|
|
# The Registration Token for adding new Runners to the GitLab Server. This must
|
|
# be retrieved from your GitLab Instance.
|
|
# ref: https://docs.gitlab.com/ce/ci/runners/README.html
|
|
#
|
|
runnerRegistrationToken: "yrnZW46BrtBFqM7xDzE7dddd"
|
|
|
|
# For RBAC support:
|
|
rbac:
|
|
create: true
|
|
|
|
# Run all containers with the privileged flag enabled
|
|
# This will allow the docker:dind image to run if you need to run Docker
|
|
# commands. Please read the docs before turning this on:
|
|
# ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
|
|
runners:
|
|
privileged: true
|
|
```
|
|
|
|
1. Create a single manifest file to install the Runner chart with your cluster agent,
|
|
replacing `GITLAB GITLAB-RUNNER` with your namespace:
|
|
|
|
```shell
|
|
helm template --namespace GITLAB GITLAB-RUNNER -f runner-chart-values.yaml gitlab/gitlab-runner > runner-manifest.yaml
|
|
```
|
|
|
|
An [example file is available](#example-runner-manifest).
|
|
|
|
1. Push your `runner-manifest.yaml` to your manifest repository.
|
|
|
|
## Example Runner manifest
|
|
|
|
```yaml
|
|
# This code is an example of a runner manifest looks like.
|
|
# Create your own manifest.yaml file to meet your project's needs.
|
|
|
|
---
|
|
# Source: gitlab-runner/templates/service-account.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
annotations:
|
|
name: gitlab-runner-gitlab-runner
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
---
|
|
# Source: gitlab-runner/templates/secrets.yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "gitlab-runner-gitlab-runner"
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
type: Opaque
|
|
data:
|
|
runner-registration-token: "FAKE-TOKEN"
|
|
runner-token: ""
|
|
---
|
|
# Source: gitlab-runner/templates/configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitlab-runner-gitlab-runner
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
data:
|
|
entrypoint: |
|
|
#!/bin/bash
|
|
set -e
|
|
mkdir -p /home/gitlab-runner/.gitlab-runner/
|
|
cp /scripts/config.toml /home/gitlab-runner/.gitlab-runner/
|
|
|
|
# Register the runner
|
|
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
|
|
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
|
|
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
|
|
fi
|
|
|
|
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
|
|
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
|
|
elif [[ -f /secrets/gcs-application-credentials-file ]]; then
|
|
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
|
|
else
|
|
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
|
|
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
|
|
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
|
|
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
|
|
fi
|
|
fi
|
|
|
|
if [[ -f /secrets/runner-registration-token ]]; then
|
|
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
|
|
fi
|
|
|
|
if [[ -f /secrets/runner-token ]]; then
|
|
export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
|
|
fi
|
|
|
|
if ! sh /scripts/register-the-runner; then
|
|
exit 1
|
|
fi
|
|
|
|
# Run pre-entrypoint-script
|
|
if ! bash /scripts/pre-entrypoint-script; then
|
|
exit 1
|
|
fi
|
|
|
|
# Start the runner
|
|
exec /entrypoint run --user=gitlab-runner \
|
|
--working-directory=/home/gitlab-runner
|
|
|
|
config.toml: |
|
|
concurrent = 10
|
|
check_interval = 30
|
|
log_level = "info"
|
|
listen_address = ':9252'
|
|
configure: |
|
|
set -e
|
|
cp /init-secrets/* /secrets
|
|
register-the-runner: |
|
|
#!/bin/bash
|
|
MAX_REGISTER_ATTEMPTS=30
|
|
|
|
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
|
|
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
|
|
/entrypoint register \
|
|
--non-interactive
|
|
|
|
retval=$?
|
|
|
|
if [ ${retval} = 0 ]; then
|
|
break
|
|
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
|
|
exit 1
|
|
fi
|
|
|
|
sleep 5
|
|
done
|
|
|
|
exit 0
|
|
|
|
check-live: |
|
|
#!/bin/bash
|
|
if /usr/bin/pgrep -f .*register-the-runner; then
|
|
exit 0
|
|
elif /usr/bin/pgrep gitlab.*runner; then
|
|
exit 0
|
|
else
|
|
exit 1
|
|
fi
|
|
|
|
pre-entrypoint-script: |
|
|
---
|
|
# Source: gitlab-runner/templates/role.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: "Role"
|
|
metadata:
|
|
name: gitlab-runner-gitlab-runner
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["*"]
|
|
verbs: ["*"]
|
|
---
|
|
# Source: gitlab-runner/templates/role-binding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: "RoleBinding"
|
|
metadata:
|
|
name: gitlab-runner-gitlab-runner
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: "Role"
|
|
name: gitlab-runner-gitlab-runner
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gitlab-runner-gitlab-runner
|
|
namespace: "gitlab"
|
|
---
|
|
# Source: gitlab-runner/templates/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitlab-runner-gitlab-runner
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitlab-runner-gitlab-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitlab-runner-gitlab-runner
|
|
chart: gitlab-runner-0.21.1
|
|
release: "gitlab-runner"
|
|
heritage: "Helm"
|
|
annotations:
|
|
checksum/configmap: a6623303f6fcc3a043e87ea937bb8399d2d0068a901aa9c3419ed5c7a5afa9db
|
|
checksum/secrets: 32c7d2c16918961b7b84a005680f748e774f61c6f4e4da30650d400d781bbb30
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '9252'
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 100
|
|
fsGroup: 65533
|
|
terminationGracePeriodSeconds: 3600
|
|
initContainers:
|
|
- name: configure
|
|
command: ['sh', '/config/configure']
|
|
image: gitlab/gitlab-runner:alpine-v13.4.1
|
|
imagePullPolicy: "IfNotPresent"
|
|
env:
|
|
|
|
- name: CI_SERVER_URL
|
|
value: "https://gitlab.qa.joaocunha.eu/"
|
|
- name: CLONE_URL
|
|
value: ""
|
|
- name: RUNNER_REQUEST_CONCURRENCY
|
|
value: "1"
|
|
- name: RUNNER_EXECUTOR
|
|
value: "kubernetes"
|
|
- name: REGISTER_LOCKED
|
|
value: "true"
|
|
- name: RUNNER_TAG_LIST
|
|
value: ""
|
|
- name: RUNNER_OUTPUT_LIMIT
|
|
value: "4096"
|
|
- name: KUBERNETES_IMAGE
|
|
value: "ubuntu:16.04"
|
|
|
|
- name: KUBERNETES_PRIVILEGED
|
|
value: "true"
|
|
|
|
- name: KUBERNETES_NAMESPACE
|
|
value: "gitlab"
|
|
- name: KUBERNETES_POLL_TIMEOUT
|
|
value: "180"
|
|
- name: KUBERNETES_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_ACCOUNT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_IMAGE
|
|
value: ""
|
|
- name: KUBERNETES_PULL_POLICY
|
|
value: ""
|
|
volumeMounts:
|
|
- name: runner-secrets
|
|
mountPath: /secrets
|
|
readOnly: false
|
|
- name: scripts
|
|
mountPath: /config
|
|
readOnly: true
|
|
- name: init-runner-secrets
|
|
mountPath: /init-secrets
|
|
readOnly: true
|
|
resources:
|
|
{}
|
|
serviceAccountName: gitlab-runner-gitlab-runner
|
|
containers:
|
|
- name: gitlab-runner-gitlab-runner
|
|
image: gitlab/gitlab-runner:alpine-v13.4.1
|
|
imagePullPolicy: "IfNotPresent"
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command: ["/entrypoint", "unregister", "--all-runners"]
|
|
command: ["/bin/bash", "/scripts/entrypoint"]
|
|
env:
|
|
|
|
- name: CI_SERVER_URL
|
|
value: "https://gitlab.qa.joaocunha.eu/"
|
|
- name: CLONE_URL
|
|
value: ""
|
|
- name: RUNNER_REQUEST_CONCURRENCY
|
|
value: "1"
|
|
- name: RUNNER_EXECUTOR
|
|
value: "kubernetes"
|
|
- name: REGISTER_LOCKED
|
|
value: "true"
|
|
- name: RUNNER_TAG_LIST
|
|
value: ""
|
|
- name: RUNNER_OUTPUT_LIMIT
|
|
value: "4096"
|
|
- name: KUBERNETES_IMAGE
|
|
value: "ubuntu:16.04"
|
|
|
|
- name: KUBERNETES_PRIVILEGED
|
|
value: "true"
|
|
|
|
- name: KUBERNETES_NAMESPACE
|
|
value: "gitlab"
|
|
- name: KUBERNETES_POLL_TIMEOUT
|
|
value: "180"
|
|
- name: KUBERNETES_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_ACCOUNT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_SERVICE_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_CPU_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_MEMORY_LIMIT
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_CPU_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_MEMORY_REQUEST
|
|
value: ""
|
|
- name: KUBERNETES_HELPER_IMAGE
|
|
value: ""
|
|
- name: KUBERNETES_PULL_POLICY
|
|
value: ""
|
|
livenessProbe:
|
|
exec:
|
|
command: ["/bin/bash", "/scripts/check-live"]
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
exec:
|
|
command: ["/usr/bin/pgrep","gitlab.*runner"]
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
ports:
|
|
- name: metrics
|
|
containerPort: 9252
|
|
volumeMounts:
|
|
- name: runner-secrets
|
|
mountPath: /secrets
|
|
- name: etc-gitlab-runner
|
|
mountPath: /home/gitlab-runner/.gitlab-runner
|
|
- name: scripts
|
|
mountPath: /scripts
|
|
resources:
|
|
{}
|
|
volumes:
|
|
- name: runner-secrets
|
|
emptyDir:
|
|
medium: "Memory"
|
|
- name: etc-gitlab-runner
|
|
emptyDir:
|
|
medium: "Memory"
|
|
- name: init-runner-secrets
|
|
projected:
|
|
sources:
|
|
- secret:
|
|
name: "gitlab-runner-gitlab-runner"
|
|
items:
|
|
- key: runner-registration-token
|
|
path: runner-registration-token
|
|
- key: runner-token
|
|
path: runner-token
|
|
- name: scripts
|
|
configMap:
|
|
name: gitlab-runner-gitlab-runner
|
|
```
|