File gitlab-runner-k8s.yml of Package container-gitlab-runner-k8s
apiVersion: v1
kind: Namespace
metadata:
name: gitlab-runner
---
apiVersion: v1
kind: Namespace
metadata:
name: gitlab-build
---
apiVersion: v1
data:
#
# For explanation of the variables see
# gitlab-runner register --help
# gitlab-runner run --help
#
#
# Your GitLab server URL
#
# Change me
#
CI_SERVER_URL: https://yourgitlab/
REGISTER_NON_INTERACTIVE: "true"
REGISTER_LOCKED: "false"
#
RUNNER_TAG_LIST: ""
#
RUNNER_REQUEST_CONCURRENCY: "30"
RUNNER_EXECUTOR: "kubernetes"
KUBERNETES_NAMESPACE: "gitlab-build"
KUBERNETES_PRIVILEGED: "false"
KUBERNETES_IMAGE: "registry.opensuse.org/opensuse/tumbleweed:latest"
KUBERNETES_HELPER_IMAGE: "registry.opensuse.org/home/darix/apps/containers/gitlab-runner-helper:x86_64-latest"
KUBERNETES_CPU_LIMIT: "1"
KUBERNETES_MEMORY_LIMIT: "512Mi"
KUBERNETES_SERVICE_CPU_LIMIT: "1"
KUBERNETES_SERVICE_MEMORY_LIMIT: "512Mi"
KUBERNETES_HELPER_CPU_LIMIT: "500m"
KUBERNETES_HELPER_MEMORY_LIMIT: "100Mi"
KUBERNETES_PULL_POLICY: "if-not-present"
KUBERNETES_TERMINATIONGRACEPERIODSECONDS: "10"
KUBERNETES_POLL_INTERVAL: "5"
KUBERNETES_POLL_TIMEOUT: "360"
kind: ConfigMap
metadata:
labels:
app: gitlab-runner
name: gitlab-runner-cm
namespace: gitlab-runner
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-token
namespace: gitlab-runner
labels:
app: gitlab-runner
data:
# https://yourgitlab/admin/runners/
#
# Needs to be base64
# echo $YOUR_TOKEN | base64 -w0
#
# Change me
GITLAB_CI_TOKEN: '$YOUR_TOKEN_BASE64'
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: gitlab-runner
namespace: gitlab-runner
labels:
app: gitlab-runner
spec:
updateStrategy:
type: RollingUpdate
replicas: 2
serviceName: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: "kubernetes.io/hostname"
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- gitlab-runner
serviceAccountName: gitlab-runner
#securityContext:
# runAsNonRoot: true
# runAsUser: gitlab-runner
# supplementalGroups: [gitlab-runner]
containers:
- image: "registry.opensuse.org/home/darix/apps/containers/gitlab-runner-k8s:latest"
name: gitlab-runner
envFrom:
- configMapRef:
name: gitlab-runner-cm
- secretRef:
name: gitlab-token
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
#ports:
#- containerPort: 9100
# name: http-metrics
# protocol: TCP
restartPolicy: Always
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-runner
namespace: gitlab-runner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: gitlab-runner
name: gitlab-runner
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner
namespace: gitlab-runner
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: gitlab-runner
roleRef:
kind: Role
name: gitlab-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: gitlab-build
name: gitlab-build
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-build
namespace: gitlab-build
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: gitlab-runner
roleRef:
kind: Role
name: gitlab-build
apiGroup: rbac.authorization.k8s.io
