140 lines
4.2 KiB
YAML
140 lines
4.2 KiB
YAML
# ─── ServiceAccount ───────────────────────────────────────────────
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab
|
|
|
|
---
|
|
# ─── Role ─────────────────────────────────────────────────────────
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/exec", "pods/attach", "pods/log", "secrets", "configmaps", "services"]
|
|
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
|
|
|
|
---
|
|
# ─── RoleBinding ──────────────────────────────────────────────────
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gitlab-runner
|
|
namespace: gitlab
|
|
roleRef:
|
|
kind: Role
|
|
apiGroup: rbac.authorization.k8s.io
|
|
name: gitlab-runner
|
|
|
|
---
|
|
# ─── Secret (Runner Authentication Token, GitLab 16+) ────────────
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitlab-runner-secret
|
|
namespace: gitlab
|
|
type: Opaque
|
|
stringData:
|
|
runner-token: "glrt-3nNma_nEvL1Bq2zc8m5Zu286MQpwOjIKdDozCnU6MTAQ.01.181jg6jja"
|
|
|
|
---
|
|
# ─── ConfigMap (config.toml) ──────────────────────────────────────
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitlab-runner-config
|
|
namespace: gitlab
|
|
data:
|
|
config.toml: |
|
|
concurrent = 4
|
|
check_interval = 10
|
|
log_level = "info"
|
|
|
|
[session_server]
|
|
session_timeout = 1800
|
|
|
|
---
|
|
# ─── Deployment ───────────────────────────────────────────────────
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitlab-runner
|
|
namespace: gitlab
|
|
labels:
|
|
app: gitlab-runner
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitlab-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitlab-runner
|
|
spec:
|
|
serviceAccountName: gitlab-runner
|
|
|
|
initContainers:
|
|
- name: register-runner
|
|
image: gitlab/gitlab-runner:latest
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
gitlab-runner register \
|
|
--non-interactive \
|
|
--url "$CI_SERVER_URL" \
|
|
--token "$RUNNER_TOKEN" \
|
|
--executor kubernetes \
|
|
--kubernetes-namespace gitlab \
|
|
--kubernetes-service-account gitlab-runner \
|
|
--kubernetes-pull-policy if-not-present \
|
|
--kubernetes-privileged true \
|
|
--output-limit 4096 \
|
|
--kubernetes-cpu-request "100m" \
|
|
--kubernetes-cpu-limit "500m" \
|
|
--kubernetes-memory-request "256Mi" \
|
|
--kubernetes-memory-limit "4Gi"
|
|
env:
|
|
- name: CI_SERVER_URL
|
|
value: "https://gitlab.henryathome.home64.de"
|
|
- name: RUNNER_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitlab-runner-secret
|
|
key: runner-token
|
|
volumeMounts:
|
|
- name: runner-config
|
|
mountPath: /etc/gitlab-runner
|
|
|
|
containers:
|
|
- name: gitlab-runner
|
|
image: gitlab/gitlab-runner:latest
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["gitlab-runner", "run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]
|
|
env:
|
|
- name: CI_SERVER_URL
|
|
value: "https://gitlab.henryathome.home64.de"
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "1000m"
|
|
volumeMounts:
|
|
- name: runner-config
|
|
mountPath: /etc/gitlab-runner
|
|
|
|
volumes:
|
|
- name: runner-config
|
|
emptyDir: {}
|