feat: add gitlab-runner on ocp bits
This commit is contained in:
parent
e747fff3c4
commit
23ccf2bead
1 changed files with 107 additions and 0 deletions
107
docs/gitlab/runner-config-ocp.md
Normal file
107
docs/gitlab/runner-config-ocp.md
Normal file
|
|
@ -0,0 +1,107 @@
|
||||||
|
# Gitlab Runner on OCP
|
||||||
|
|
||||||
|
A quick and dirty guide for making the Gitlab Runner work on OCP.
|
||||||
|
I know this is not production ready!
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# 1. Setup namespace and RBAC
|
||||||
|
oc new-project gitlab-runner
|
||||||
|
oc apply -f - <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: gitlab-runner
|
||||||
|
namespace: gitlab-runner
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: gitlab-runner
|
||||||
|
namespace: gitlab-runner
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["pods", "pods/exec", "pods/log", "secrets"]
|
||||||
|
verbs: ["list", "get", "watch", "create", "delete"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: gitlab-runner
|
||||||
|
namespace: gitlab-runner
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: gitlab-runner
|
||||||
|
namespace: gitlab-runner
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: gitlab-runner
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# 2. Create secret (REPLACE TOKEN!)
|
||||||
|
oc create secret generic gitlab-runner-secret --from-literal=runner-registration-token=YOUR_REGISTRATION_TOKEN -n gitlab-runner
|
||||||
|
|
||||||
|
# 3. Apply SCCs
|
||||||
|
oc adm policy add-scc-to-user anyuid -z gitlab-runner -n gitlab-runner
|
||||||
|
oc adm policy add-scc-to-user privileged -z gitlab-runner -n gitlab-runner
|
||||||
|
|
||||||
|
# 4. Deploy runner (REPLACE TOKEN IN YAML!)
|
||||||
|
oc apply -f - <<EOF
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: gitlab-runner
|
||||||
|
namespace: gitlab-runner
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: gitlab-runner
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: gitlab-runner
|
||||||
|
spec:
|
||||||
|
serviceAccountName: gitlab-runner
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
fsGroup: 0
|
||||||
|
containers:
|
||||||
|
- name: gitlab-runner
|
||||||
|
image: gitlab/gitlab-runner:latest
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
mkdir -p /etc/gitlab-runner
|
||||||
|
cat > /etc/gitlab-runner/config.toml << 'EOF'
|
||||||
|
concurrent = 10
|
||||||
|
check_interval = 0
|
||||||
|
[session_server]
|
||||||
|
session_timeout = 1800
|
||||||
|
[[runners]]
|
||||||
|
name = "openshift-runner"
|
||||||
|
url = "https://gitlab.example.com"
|
||||||
|
token = "YOUR_REGISTRATION_TOKEN"
|
||||||
|
executor = "kubernetes"
|
||||||
|
[runners.kubernetes]
|
||||||
|
namespace = "gitlab-runner"
|
||||||
|
image = "alpine:latest"
|
||||||
|
privileged = true
|
||||||
|
EOF
|
||||||
|
exec gitlab-runner run
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/gitlab-runner
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
emptyDir: {}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# 5. Verify
|
||||||
|
oc get pods -n gitlab-runner
|
||||||
|
oc logs -l app=gitlab-runner -n gitlab-runner
|
||||||
|
```
|
||||||
Loading…
Add table
Add a link
Reference in a new issue