Installing gitlab-runner into a kubernetes cluster
Installing the gitlab runner is fairly simple.
Create a namespace
k8s$ kubectl create namespace gitlab-runner
k8s$ kubens gitlab-runner
Install the helm chart
Install the helm repo
k8s$ helm repo add gitlab https://charts.gitlab.io
Update the repo
k8s$ helm repo update gitlab
Check the current versions
k8s$ $ helm search repo -l gitlab/gitlab-runner
NAME CHART VERSION APP VERSION DESCRIPTION
gitlab/gitlab-runner 0.48.0 15.7.0 GitLab Runner
gitlab/gitlab-runner 0.47.1 15.6.1 GitLab Runner
gitlab/gitlab-runner 0.47.0 15.6.0 GitLab Runner
gitlab/gitlab-runner 0.46.1 15.5.1 GitLab Runner
gitlab/gitlab-runner 0.46.0 15.5.0 GitLab Runner
gitlab/gitlab-runner 0.45.2 15.4.2 GitLab Runner
...
Retrive your runner token from gitlab
- Go to your group or project
- Go to CICD
- Go to Runners
You can access the token from there, it is a secret so treat it like one.
Configure your yaml file
Changes we made:
- Input the token from above so it is associated with our account.
- Configured the CPU and Memory limits to match our build requirements. Usually less is needed, but we have some heavy processing that happens in one of our image builds that needs more memory than usual.
- Added tags to allow us to distinguish runners on different systems in our .gitlabci.yml files
- Changed it to allow untagged jobs. This cluster is running on our on premise server so it doesn't cost extra to run like a cloud service would.
- Privileged must be set to
truefor it to do Docker-In-Docker builds - Set the default image to ubuntu:16.04 This is getting old, but it still works. It should be upgraded soon.
gitlabUrl: https://gitlab.com./
runnerRegistrationToken: <RUNNER TOKEN>
rbac:
create: false
concurrent: 30
runners:
config: |
[[runners]]
name = "Color GC Runner"
executor = "kubernetes"
url = "https://gitlab.com/"
[runners.kubernetes]
helper_image_flavor = "ubuntu"
service_account = "default"
image = "ubuntu:16.04"
namespace = "gitlab-runner"
privileged = true
image_pull_secrets = ["registry.gitlab.com/"]
cpu_limit = "1"
memory_limit = "1Gi"
cpu_request = "1"
memory_request = "1Gi"
service_cpu_limit = "1"
service_memory_limit = "1Gi"
service_cpu_request = "1"
service_memory_request = "1Gi"
helper_cpu_limit = "1"
helper_memory_limit = "1Gi"
helper_cpu_request = "1"
helper_memory_request = "1Gi"
## Specify if jobs without tags should be run.
## If not specified, Runner will default to true if no tags were specified. In other case it will
## default to false.
##
## ref: https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs
##
runUntagged: true
tags: "private-k8s"
Install the chart
k8s$ helm install --namespace gitlab-runner gitlab-runner -f values.yaml gitlab/gitlab-runner
Install the Role Based Access Controls (RBAC)
This is needed to do in-cluster deployments. Basically, the runner can deploy to the cluster it is in as it is given cluster-admin permissions. This can be a security risk so only use it if necessary.
k8s$ kubectl create clusterrolebinding gitlab-runner-cluster-role --clusterrole=cluster-admin --serviceaccount=gitlab-runner:default
Verify it is running
k8s$ $ kubectl get pods
NAME READY STATUS RESTARTS AGE
gitlab-runner-78557644cc-f58p7 1/1 Running 0 11m
Using it in a Gitlab CICD Pipeline
Add a pipeline job to the .gitlab-ci.yml
app-images:
stage: build
tags:
- private-k8s
script:
- echo "here"
when: manual
After this it can be run manually to verify it is working.