oci/docs-simoncor-net
oci/docs-simoncor-net
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
docs-simoncor-net/docs/gitlab/runner-config-ocp.md

107 lines
2.6 KiB
Markdown
Raw Blame History

# Gitlab Runner on OCP
A quick and dirty guide for making the Gitlab Runner work on OCP.
I know this is not production ready!
```shell
# 1. Setup namespace and RBAC
oc new-project gitlab-runner
oc apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-runner
namespace: gitlab-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitlab-runner
namespace: gitlab-runner
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/log", "secrets"]
verbs: ["list", "get", "watch", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitlab-runner
namespace: gitlab-runner
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: gitlab-runner
roleRef:
kind: Role
name: gitlab-runner
apiGroup: rbac.authorization.k8s.io
EOF
# 2. Create secret (REPLACE TOKEN!)
oc create secret generic gitlab-runner-secret --from-literal=runner-registration-token=YOUR_REGISTRATION_TOKEN -n gitlab-runner
# 3. Apply SCCs
oc adm policy add-scc-to-user anyuid -z gitlab-runner -n gitlab-runner
oc adm policy add-scc-to-user privileged -z gitlab-runner -n gitlab-runner
# 4. Deploy runner (REPLACE TOKEN IN YAML!)
oc apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab-runner
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
spec:
serviceAccountName: gitlab-runner
securityContext:
runAsUser: 0
fsGroup: 0
containers:
- name: gitlab-runner
image: gitlab/gitlab-runner:latest
command:
- /bin/bash
- -c
- |
mkdir -p /etc/gitlab-runner
cat > /etc/gitlab-runner/config.toml << 'EOF'
concurrent = 10
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "openshift-runner"
url = "https://gitlab.example.com"
token = "YOUR_REGISTRATION_TOKEN"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab-runner"
image = "alpine:latest"
privileged = true
EOF
exec gitlab-runner run
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
volumeMounts:
- name: config
mountPath: /etc/gitlab-runner
volumes:
- name: config
emptyDir: {}
EOF
# 5. Verify
oc get pods -n gitlab-runner
oc logs -l app=gitlab-runner -n gitlab-runner
```
Reference in a new issue View git blame Copy permalink