feat: add gitlab-runner on ocp bits

2025-06-10 16:13:40 +02:00 · 2025-06-10 16:13:40 +02:00 · 23ccf2bead
commit 23ccf2bead
parent e747fff3c4
1 changed files with 107 additions and 0 deletions
--- a/docs/gitlab/runner-config-ocp.md
+++ b/docs/gitlab/runner-config-ocp.md
@ -0,0 +1,107 @@
+# Gitlab Runner on OCP
+
+A quick and dirty guide for making the Gitlab Runner work on OCP.
+I know this is not production ready!
+
+```shell
+# 1. Setup namespace and RBAC
+oc new-project gitlab-runner
+oc apply -f - <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitlab-runner
+  namespace: gitlab-runner
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gitlab-runner
+  namespace: gitlab-runner
+rules:
+- apiGroups: [""]
+  resources: ["pods", "pods/exec", "pods/log", "secrets"]
+  verbs: ["list", "get", "watch", "create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gitlab-runner
+  namespace: gitlab-runner
+subjects:
+- kind: ServiceAccount
+  name: gitlab-runner
+  namespace: gitlab-runner
+roleRef:
+  kind: Role
+  name: gitlab-runner
+  apiGroup: rbac.authorization.k8s.io
+EOF
+
+# 2. Create secret (REPLACE TOKEN!)
+oc create secret generic gitlab-runner-secret --from-literal=runner-registration-token=YOUR_REGISTRATION_TOKEN -n gitlab-runner
+
+# 3. Apply SCCs
+oc adm policy add-scc-to-user anyuid -z gitlab-runner -n gitlab-runner
+oc adm policy add-scc-to-user privileged -z gitlab-runner -n gitlab-runner
+
+# 4. Deploy runner (REPLACE TOKEN IN YAML!)
+oc apply -f - <<EOF
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitlab-runner
+  namespace: gitlab-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitlab-runner
+  template:
+    metadata:
+      labels:
+        app: gitlab-runner
+    spec:
+      serviceAccountName: gitlab-runner
+      securityContext:
+        runAsUser: 0
+        fsGroup: 0
+      containers:
+      - name: gitlab-runner
+        image: gitlab/gitlab-runner:latest
+        command:
+        - /bin/bash
+        - -c
+        - |
+          mkdir -p /etc/gitlab-runner
+          cat > /etc/gitlab-runner/config.toml << 'EOF'
+          concurrent = 10
+          check_interval = 0
+          [session_server]
+            session_timeout = 1800
+          [[runners]]
+            name = "openshift-runner"
+            url = "https://gitlab.example.com"
+            token = "YOUR_REGISTRATION_TOKEN"
+            executor = "kubernetes"
+            [runners.kubernetes]
+              namespace = "gitlab-runner"
+              image = "alpine:latest"
+              privileged = true
+          EOF
+          exec gitlab-runner run
+        securityContext:
+          runAsUser: 0
+          allowPrivilegeEscalation: true
+        volumeMounts:
+        - name: config
+          mountPath: /etc/gitlab-runner
+      volumes:
+      - name: config
+        emptyDir: {}
+EOF
+
+# 5. Verify
+oc get pods -n gitlab-runner
+oc logs -l app=gitlab-runner -n gitlab-runner
+```