120 lines
2.7 KiB
Markdown
120 lines
2.7 KiB
Markdown
# Gitlab Runner on OCP
|
|
|
|
A quick and dirty guide for making the Gitlab Runner work on OCP. This is probably not what you want for you prodcution
|
|
environment...
|
|
|
|
## Step 1 Setup namespace and RBAC
|
|
|
|
```shell
|
|
oc new-project gitlab-runner
|
|
oc apply -f - <<EOF
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab-runner
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab-runner
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/exec", "pods/log", "secrets"]
|
|
verbs: ["list", "get", "watch", "create", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab-runner
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gitlab-runner
|
|
namespace: gitlab-runner
|
|
roleRef:
|
|
kind: Role
|
|
name: gitlab-runner
|
|
apiGroup: rbac.authorization.k8s.io
|
|
EOF
|
|
```
|
|
|
|
## Step 2 Create secrets
|
|
|
|
[!warning] REPLACE YOUR TOKEN!
|
|
|
|
```shell
|
|
# 2. Create secret (REPLACE TOKEN!)
|
|
oc create secret generic gitlab-runner-secret \
|
|
--from-literal=runner-registration-token=YOUR_REGISTRATION_TOKEN \
|
|
-n gitlab-runner
|
|
```
|
|
|
|
## 3. Apply SCCs
|
|
|
|
```shell
|
|
oc adm policy add-scc-to-user anyuid -z gitlab-runner -n gitlab-runner
|
|
oc adm policy add-scc-to-user privileged -z gitlab-runner -n gitlab-runner
|
|
```
|
|
|
|
## 4. Deploy runner (REPLACE TOKEN IN YAML!)
|
|
|
|
[!warning] REPLACE YOUR TOKEN!
|
|
|
|
```shell
|
|
oc apply -f - <<EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab-runner
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitlab-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitlab-runner
|
|
spec:
|
|
serviceAccountName: gitlab-runner
|
|
securityContext:
|
|
runAsUser: 0
|
|
fsGroup: 0
|
|
containers:
|
|
- name: gitlab-runner
|
|
image: gitlab/gitlab-runner:latest
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- |
|
|
mkdir -p /etc/gitlab-runner
|
|
cat > /etc/gitlab-runner/config.toml << 'EOF'
|
|
concurrent = 10
|
|
check_interval = 0
|
|
[session_server]
|
|
session_timeout = 1800
|
|
[[runners]]
|
|
name = "openshift-runner"
|
|
url = "https://gitlab.example.com"
|
|
token = "YOUR_REGISTRATION_TOKEN"
|
|
executor = "kubernetes"
|
|
[runners.kubernetes]
|
|
namespace = "gitlab-runner"
|
|
image = "alpine:latest"
|
|
privileged = true
|
|
EOF
|
|
exec gitlab-runner run
|
|
securityContext:
|
|
runAsUser: 0
|
|
allowPrivilegeEscalation: true
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/gitlab-runner
|
|
volumes:
|
|
- name: config
|
|
emptyDir: {}
|
|
EOF
|
|
```
|