oci/docs-simoncor-net
oci/docs-simoncor-net
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
docs-simoncor-net/docs/gitlab/runner-config-ocp.md

2.6 KiB
Raw Blame History

Gitlab Runner on OCP

A quick and dirty guide for making the Gitlab Runner work on OCP. I know this is not production ready!

# 1. Setup namespace and RBAC
oc new-project gitlab-runner
oc apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-runner
  namespace: gitlab-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: gitlab-runner
  namespace: gitlab-runner
rules:
- apiGroups: [""]
  resources: ["pods", "pods/exec", "pods/log", "secrets"]
  verbs: ["list", "get", "watch", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: gitlab-runner
  namespace: gitlab-runner
subjects:
- kind: ServiceAccount
  name: gitlab-runner
  namespace: gitlab-runner
roleRef:
  kind: Role
  name: gitlab-runner
  apiGroup: rbac.authorization.k8s.io
EOF

# 2. Create secret (REPLACE TOKEN!)
oc create secret generic gitlab-runner-secret --from-literal=runner-registration-token=YOUR_REGISTRATION_TOKEN -n gitlab-runner

# 3. Apply SCCs
oc adm policy add-scc-to-user anyuid -z gitlab-runner -n gitlab-runner
oc adm policy add-scc-to-user privileged -z gitlab-runner -n gitlab-runner

# 4. Deploy runner (REPLACE TOKEN IN YAML!)
oc apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-runner
  namespace: gitlab-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab-runner
  template:
    metadata:
      labels:
        app: gitlab-runner
    spec:
      serviceAccountName: gitlab-runner
      securityContext:
        runAsUser: 0
        fsGroup: 0
      containers:
      - name: gitlab-runner
        image: gitlab/gitlab-runner:latest
        command:
        - /bin/bash
        - -c
        - |
          mkdir -p /etc/gitlab-runner
          cat > /etc/gitlab-runner/config.toml << 'EOF'
          concurrent = 10
          check_interval = 0
          [session_server]
            session_timeout = 1800
          [[runners]]
            name = "openshift-runner"
            url = "https://gitlab.example.com"
            token = "YOUR_REGISTRATION_TOKEN"
            executor = "kubernetes"
            [runners.kubernetes]
              namespace = "gitlab-runner"
              image = "alpine:latest"
              privileged = true
          EOF
          exec gitlab-runner run
        securityContext:
          runAsUser: 0
          allowPrivilegeEscalation: true
        volumeMounts:
        - name: config
          mountPath: /etc/gitlab-runner
      volumes:
      - name: config
        emptyDir: {}
EOF

# 5. Verify
oc get pods -n gitlab-runner
oc logs -l app=gitlab-runner -n gitlab-runner