From d85f51e01831c1dba0f43345410531de4516cd86 Mon Sep 17 00:00:00 2001 From: jungsungrock Date: Wed, 7 Feb 2024 10:02:16 +0900 Subject: [PATCH] [add] gitlab-runner helm chart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit contents: - gitlab-runner helm chart 추가 --- exemONE/helm/gitlab-runner/.gitlab-ci.yml | 220 ++++++ .../gitlab-runner/.gitlab/branch.release.yml | 29 + .../helm/gitlab-runner/.gitlab/changelog.yml | 53 ++ .../gitlab-runner/.gitlab/merge.release.yml | 25 + exemONE/helm/gitlab-runner/.helmignore | 25 + exemONE/helm/gitlab-runner/CHANGELOG.md | 738 ++++++++++++++++++ exemONE/helm/gitlab-runner/CONTRIBUTING.md | 16 + exemONE/helm/gitlab-runner/Chart.yaml | 17 + exemONE/helm/gitlab-runner/DEVELOPMENT.md | 12 + exemONE/helm/gitlab-runner/LICENSE | 22 + exemONE/helm/gitlab-runner/Makefile | 20 + exemONE/helm/gitlab-runner/NOTICE | 30 + exemONE/helm/gitlab-runner/README.md | 8 + .../helm/gitlab-runner/templates/NOTES.txt | 36 + .../gitlab-runner/templates/_env_vars.tpl | 28 + .../helm/gitlab-runner/templates/_helpers.tpl | 115 +++ .../gitlab-runner/templates/configmap.yaml | 226 ++++++ .../gitlab-runner/templates/deployment.yaml | 183 +++++ exemONE/helm/gitlab-runner/templates/hpa.yaml | 22 + .../gitlab-runner/templates/role-binding.yaml | 22 + .../helm/gitlab-runner/templates/role.yaml | 32 + .../helm/gitlab-runner/templates/secrets.yaml | 16 + .../templates/service-account.yaml | 24 + .../templates/service-session-server.yaml | 32 + .../helm/gitlab-runner/templates/service.yaml | 52 ++ .../templates/servicemonitor.yaml | 56 ++ exemONE/helm/gitlab-runner/values.yaml | 623 +++++++++++++++ 27 files changed, 2682 insertions(+) create mode 100644 exemONE/helm/gitlab-runner/.gitlab-ci.yml create mode 100644 exemONE/helm/gitlab-runner/.gitlab/branch.release.yml create mode 100644 exemONE/helm/gitlab-runner/.gitlab/changelog.yml create mode 100644 exemONE/helm/gitlab-runner/.gitlab/merge.release.yml create mode 100644 exemONE/helm/gitlab-runner/.helmignore create mode 100644 exemONE/helm/gitlab-runner/CHANGELOG.md create mode 100644 exemONE/helm/gitlab-runner/CONTRIBUTING.md create mode 100644 exemONE/helm/gitlab-runner/Chart.yaml create mode 100644 exemONE/helm/gitlab-runner/DEVELOPMENT.md create mode 100644 exemONE/helm/gitlab-runner/LICENSE create mode 100644 exemONE/helm/gitlab-runner/Makefile create mode 100644 exemONE/helm/gitlab-runner/NOTICE create mode 100644 exemONE/helm/gitlab-runner/README.md create mode 100644 exemONE/helm/gitlab-runner/templates/NOTES.txt create mode 100644 exemONE/helm/gitlab-runner/templates/_env_vars.tpl create mode 100644 exemONE/helm/gitlab-runner/templates/_helpers.tpl create mode 100644 exemONE/helm/gitlab-runner/templates/configmap.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/deployment.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/hpa.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/role-binding.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/role.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/secrets.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/service-account.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/service-session-server.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/service.yaml create mode 100644 exemONE/helm/gitlab-runner/templates/servicemonitor.yaml create mode 100644 exemONE/helm/gitlab-runner/values.yaml diff --git a/exemONE/helm/gitlab-runner/.gitlab-ci.yml b/exemONE/helm/gitlab-runner/.gitlab-ci.yml new file mode 100644 index 0000000..a769ac8 --- /dev/null +++ b/exemONE/helm/gitlab-runner/.gitlab-ci.yml @@ -0,0 +1,220 @@ +############## +# Conditions # +############## + +.if-merge-request-pipeline: &if-merge-request-pipeline + if: $CI_PIPELINE_SOURCE == "merge_request_event" + +.if-default-branch: &if-default-branch + if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + +.if-stable-release-branch: &if-stable-release-branch + if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/ + +.if-release-tag: &if-release-tag + if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/charts/gitlab-runner"' + +.if-security-release-tag: &if-security-release-tag + if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/security/charts/gitlab-runner"' + +######### +# Rules # +######### + +.rules:default: + rules: + - <<: *if-merge-request-pipeline + - <<: *if-default-branch + - <<: *if-stable-release-branch + - <<: *if-release-tag + - <<: *if-security-release-tag + +.rules:release:development: + rules: + - <<: *if-default-branch + when: never + - <<: *if-merge-request-pipeline + when: manual + +.rules:release:beta: + rules: + - <<: *if-default-branch + +.rules:release:stable: + rules: + - <<: *if-release-tag + - <<: *if-security-release-tag + +############ +# Pipeline # +############ + +default: + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7 + tags: + - gitlab-org + +variables: + GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab-runner + ALPINE_IMAGE_TAG: "3.18" + HELM_UNITTEST_PLUGIN_VERSION: "0.3.4" + KIND_VERSION: "v0.20.0" + KUBECTL_VERSION: "v1.27.4" + +stages: +- test +- release +- post-release + +lint: + extends: + - .rules:default + stage: test + script: + - helm lint . + +unit_tests: + extends: + - .rules:default + script: + - helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${HELM_UNITTEST_PLUGIN_VERSION} + - helm unittest . + +.integration_test: + extends: + - .rules:default + variables: + DOCKER_HOST: "tcp://kubernetes:2375/" + DOCKER_TLS_CERTDIR: "" + DOCKER_DRIVER: overlay2 + INTEGRATION_HELM_POD_RELEASE_LABEL: release=$INTEGRATION_RUNNER_NAME + stage: test + services: + - name: docker:20.10.16-dind + alias: kubernetes + image: docker:20.10.16-git + before_script: + - apk add --no-cache openssl curl bash curl-dev + - bash scripts/check_token.sh "${TOKEN_TYPE}" "${TOKEN}" + script: + # Initialize KIND cluster + - curl -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl + - curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-amd64 && chmod +x /usr/local/bin/kind + - kind create cluster --config=$(pwd)/scripts/kind-config.yaml + - kind get kubeconfig|sed -e 's/0.0.0.0/kubernetes/g' > kubeconfig.yaml + - export KUBECONFIG=$(pwd)/kubeconfig.yaml + - kubectl version + - kubectl cluster-info + - bash -c "for _i in {0..60}; do kubectl -n default get serviceaccount default -o name > /dev/null 2>&1 && break; sleep 1; done" + - bash -c "for _i in {0..60}; do kubectl get nodes|grep -w Ready > /dev/null 2>&1 && break; sleep 1; done" + # Install helm latest version instead of pre-installed one in registry.gitlab.com/gitlab-org/gitlab-build-images image + - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + # Run tests + - bash -x scripts/integration.sh "${TOKEN_TYPE}" "${TOKEN}" "${VALUE_YAML_FILE}" + after_script: + - > + [ ! -f $(pwd)/kubeconfig.yaml ] && exit 0 + - export KUBECONFIG=$(pwd)/kubeconfig.yaml + - bash -x scripts/integration_cleanup.sh + tags: + - gitlab-org-docker + +# Registration token is deprecated and will be removed in GitLab 18.0 +# This integration test also will be removed in GitLab 18.0 +integration test registration token: + extends: + - .integration_test + variables: + INTEGRATION_RUNNER_NAME: integration-test-$CI_COMMIT_SHORT_SHA-registration-token + TOKEN_TYPE: "registration" + TOKEN: $REGISTRATION_TOKEN + VALUE_YAML_FILE: "./values.yaml" + +integration test authentication token: + extends: + - .integration_test + variables: + INTEGRATION_RUNNER_NAME: integration-test-$CI_COMMIT_SHORT_SHA-authentication-token + TOKEN_TYPE: "authentication" + TOKEN: $AUTHENTICATION_TOKEN + VALUE_YAML_FILE: "./values.yaml" + +integration test mount empty dir: + extends: + - .integration_test + variables: + INTEGRATION_RUNNER_NAME: "integration-test-$CI_COMMIT_SHORT_SHA-empty-dir" + TOKEN_TYPE: "authentication" + TOKEN: $AUTHENTICATION_TOKEN + VALUE_YAML_FILE: "./scripts/empty-dir.yaml" + +release development: + extends: + - .rules:release:development + stage: release + script: + - helm package . + artifacts: + paths: + - gitlab-runner*.tgz + expire_in: 7d + allow_failure: true + +release beta: + extends: + - .rules:release:beta + stage: release + variables: + S3_URL: s3://${S3_BUCKET}${S3_PATH} + REPO_URL: https://${S3_BUCKET}.s3.amazonaws.com${S3_PATH} + script: + - apk add --no-cache py-pip + - pip install awscli + - 'beta_info=$(git describe --long | sed -r "s/v[0-9\.]+(-rc[0-9]+)?-//")' + - 'build_time=$(date +%s)' + - 'sed -r "s/(version: [0-9\.]+-beta)/\1-${build_time}-${beta_info}/" -i Chart.yaml' + - 'sed -r "s/appVersion: .*/appVersion: bleeding/" -i Chart.yaml' + - 'sed -r "s/imagePullPolicy: IfNotPresent/imagePullPolicy: Always/" -i values.yaml' + - mkdir -p public/ + - aws s3 cp ${S3_URL}/index.yaml public/index.yaml || true + - (cd public; helm package ../) + - helm repo index public --merge public/index.yaml --url ${REPO_URL} + - aws s3 sync public ${S3_URL} --acl public-read + - 'echo "To install repository run: helm repo add gitlab-runner-beta ${REPO_URL} && helm repo update"' + +release stable: + extends: + - .rules:release:stable + stage: release + image: alpine:${ALPINE_IMAGE_TAG} + script: + - apk add --no-cache curl + - curl --fail-with-body + --request POST + --form "token=$CI_JOB_TOKEN" + --form ref=master + --form "variables[CHART_NAME]=$CI_PROJECT_NAME" + --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME" + https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + +trigger charts update: + extends: + - .rules:release:stable + stage: post-release + image: alpine:${ALPINE_IMAGE_TAG} + script: + - apk add --no-cache curl + - curl --fail-with-body + --request POST + --form "token=${GITLAB_CHARTS_TRIGGER_TOKEN}" + --form ref=master + --form "variables[DEPS_PIPELINE]=true" + https://gitlab.com/api/v4/projects/3828396/trigger/pipeline + needs: + - job: release stable + +############## +# Includes # +############## +include: + - template: Security/Dependency-Scanning.gitlab-ci.yml diff --git a/exemONE/helm/gitlab-runner/.gitlab/branch.release.yml b/exemONE/helm/gitlab-runner/.gitlab/branch.release.yml new file mode 100644 index 0000000..e5dfc38 --- /dev/null +++ b/exemONE/helm/gitlab-runner/.gitlab/branch.release.yml @@ -0,0 +1,29 @@ +actions: + - changelog_entry: + scope: new-feature + entry: Update GitLab Runner version to v{{ .Release.AppVersion }} + + - write: + file: Chart.yaml + contents: | + apiVersion: v1 + name: gitlab-runner + version: {{ .Release.Version }} + appVersion: {{ .Release.AppVersion }} + description: GitLab Runner + keywords: + - git + - ci + - deploy + sources: + - https://gitlab.com/gitlab-org/charts/gitlab-runner + - https://gitlab.com/gitlab-org/gitlab-runner + - https://docs.gitlab.com/runner/ + icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png + maintainers: + - name: GitLab Inc. + email: support@gitlab.com + + - commit: + files: [Chart.yaml] + message: Update Chart version to v{{ .Release.Version }} and used GitLab Runner version to v{{ .Release.AppVersion }} diff --git a/exemONE/helm/gitlab-runner/.gitlab/changelog.yml b/exemONE/helm/gitlab-runner/.gitlab/changelog.yml new file mode 100644 index 0000000..b37c90f --- /dev/null +++ b/exemONE/helm/gitlab-runner/.gitlab/changelog.yml @@ -0,0 +1,53 @@ +default_scope: other +names: + new-feature: New features + security-fix: Security fixes + fix: Bug fixes + maintenance: Maintenance + runner-distribution: GitLab Runner distribution + documentation: Documentation changes + other: Other changes +order: +- new-feature +- security-fix +- fix +- maintenance +- runner-distribution +- documentation +- other +label_matchers: +- labels: + - runner-distribution + scope: runner-distribution +- labels: + - feature::addition + scope: new-feature +- labels: + - security + scope: security-fix +- labels: + - type::bug + scope: fix +- labels: + - type::maintenance + scope: maintenance +- labels: + - feature::enhancement + scope: new-feature +- labels: + - maintenance::refactor + scope: maintenance +- labels: + - maintenance::pipelines + scope: maintenance +- labels: + - maintenance::workflow + scope: maintenance +- labels: + - documentation + scope: documentation +authorship_labels: +- Community contribution +skip_changelog_labels: +- skip-changelog + diff --git a/exemONE/helm/gitlab-runner/.gitlab/merge.release.yml b/exemONE/helm/gitlab-runner/.gitlab/merge.release.yml new file mode 100644 index 0000000..18bc7e7 --- /dev/null +++ b/exemONE/helm/gitlab-runner/.gitlab/merge.release.yml @@ -0,0 +1,25 @@ +actions: + - write: + file: Chart.yaml + contents: | + apiVersion: v1 + name: gitlab-runner + version: {{ .Release.VersionObject.NextMinor.StringNoPrefix }}-beta + appVersion: bleeding + description: GitLab Runner + keywords: + - git + - ci + - deploy + sources: + - https://gitlab.com/gitlab-org/charts/gitlab-runner + - https://gitlab.com/gitlab-org/gitlab-runner + - https://docs.gitlab.com/runner/ + icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png + maintainers: + - name: GitLab Inc. + email: support@gitlab.com + + - commit: + files: [Chart.yaml] + message: Update Chart version to {{ .Release.VersionObject.NextMinor }}-beta and used GitLab Runner version to bleeding diff --git a/exemONE/helm/gitlab-runner/.helmignore b/exemONE/helm/gitlab-runner/.helmignore new file mode 100644 index 0000000..48ba9d6 --- /dev/null +++ b/exemONE/helm/gitlab-runner/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +gitlab-runner*.tgz +scripts/ +tests/ diff --git a/exemONE/helm/gitlab-runner/CHANGELOG.md b/exemONE/helm/gitlab-runner/CHANGELOG.md new file mode 100644 index 0000000..b951160 --- /dev/null +++ b/exemONE/helm/gitlab-runner/CHANGELOG.md @@ -0,0 +1,738 @@ +## v0.61.1 (2024-02-05) + +### New features + +- Update GitLab Runner version to v16.8.0 + +### Bug fixes + +- Fix non terminating runner in register loop !450 + +## v0.61.0 (2024-01-19) + +### New features + +- Update GitLab Runner version to v16.8.0 + +## v0.60.0 (2023-12-21) + +### New features + +- Update GitLab Runner version to v16.7.0 + +### Bug fixes + +- Keep tag list for registration token !452 +- Keep tag list for registration token !452 + +### Other changes + +- Allow user-defined deployment strategies for multi-replica deployments !427 (Thomas Spear @tspearconquest) + +## v0.59.2 (2023-11-25) + +### New features + +- Update GitLab Runner version to v16.6.1 + +## v0.59.1 (2023-11-20) + +### Bug fixes + +- Keep tag list for registration token !452 + +## v0.59.0 (2023-11-17) + +### New features + +- Update GitLab Runner version to v16.6.0 +- Added topologySpreadConstraints value !432 (Kostya Yag @kartograph9) + +### Bug fixes + +- Fix support for `runnerToken`, and prevent setting deprecated environment variables when using an external secret controller to inject an authentication token instead of passing the value in via helm !429 (Thomas Spear @tspearconquest) +- Update the default probeTimeoutSeconds to 3 seconds !448 +- Allow overriding image.registry to remove slash !447 (Keith Chason @keith.chason) +- Update liveness probe to support authentication token !446 + +### Maintenance + +- Make podSecurityContext values propagate correctly !449 (Viktor Lindström Ahlstedt @viktorla) + +## v0.58.2 (2023-11-03) + +### Bug fixes + +- Update the default probeTimeoutSeconds to 3 seconds !448 + +## v0.58.1 (2023-10-24) + +### Bug fixes + +- Update liveness probe to support authentication token !446 + +## v0.58.0 (2023-10-20) + +### New features + +- Update GitLab Runner version to v16.5.0 +- Add shutdown_timeout flag for global section config !435 (Maxim Tacu @mtacu) + +### Bug fixes + +- Add missing rbac when debugging services !442 (Ismael Posada Trobo @iposadat) +- Adjust the runner image to match the configured podSecurityContext !434 (Harald Dunkel @hdunkel) +- Support for external secrets added via values.yaml envVars value; avoid setting volumes and volume mounts for nonexistent secrets !426 (Thomas Spear @tspearconquest) +- Make livenessProbe actually probe for a working runner !404 (fiskhest @fiskhest) +- helm: fix runners.config template rendering !386 (Viktor Oreshkin @stek29) + +### Maintenance + +- Add ephemeral-storage example in resources.requests and resources.limits !443 +- Update broken and outdated links in Helm chart values.yaml !438 (Kolja Lucht @k0jak) + +## v0.57.1 (2023-10-06) + +### New features + +- Update GitLab Runner version to v16.3.3 + +## v0.56.2 (2023-10-06) + +### New features + +- Update GitLab Runner version to v16.3.2 + +## v0.56.1 (2023-09-18) + +### New features + +- Update GitLab Runner version to v16.3.1 + +## v0.56.0 (2023-08-21) + +### New features + +- Update GitLab Runner version to v16.2.1 + +## v0.55.0 (2023-07-23) + +### New features + +- Update GitLab Runner version to v16.1.1 + +## v0.54.0 (2023-06-21) + +### New features + +- Update GitLab Runner version to v16.0.3 + +## v0.53.2 (2023-06-08) + +### New features + +- Update GitLab Runner version to v16.0.2 + +### Bug fixes + +- Revert cache settings through Kubernetes secret in values yaml !406 +- Take in account registration token from secret !405 +- Support empty rules defined in the values.yaml !402 + +### Maintenance + +- Remove reference to rbac.resources and rbac.verbs !403 + +## v0.52.1 (2023-06-02) + +### New features + +- Update GitLab Runner version to v15.11.1 + +## v0.53.1 (2023-05-25) + +### New features + +- Update GitLab Runner version to v16.0.1 + +## v0.53.0 (2023-05-22) + +### New features + +- Update GitLab Runner version to v16.0.0 + +### Maintenance + +- Adapt the Helm Chart to support the next Token Architecture !398 +- Remove namespace and cache deprecated fields from the Helm Chart project !397 +- Remove all deprecated fields that can be resolved with template merging !393 +- Fix failure in integration tests !390 + +## v0.52.0 (2023-04-22) + +### New features + +- Update GitLab Runner version to v15.11.0 + +### Bug fixes + +- Enable ability to use tini instead of dumb-init !385 +- Invalid yaml when creating service account with no annotations !381 (Zev Isert @zevisert) + +### Maintenance + +- Fix failure in integration tests !390 +- Add merge release config to be executed after stable branches are merged into the main branch !387 + +## v0.48.0 (2022-12-17) + +### New features + +- Update GitLab Runner version to 15.7.0 + +## v0.47.0 (2022-11-22) + +### New features + +- Update GitLab Runner version to 15.6.0 + +## v0.46.0 (2022-10-21) + +### New features + +- Update GitLab Runner version to 15.5.0 + +## v0.45.0 (2022-09-21) + +### New features + +- Update GitLab Runner version to 15.4.0 +- Add secrets update permission to RBAC example provided !349 (Tim Hobbs @hobti01) + +### Bug fixes + +- Revert "Merge branch 'feature/unregister-one-runner' into 'main'" !362 + +### Maintenance + +- Fix the pipeline being blocked by development release !357 +- Docs: Update values.yaml comments to reference kubernetes service accounts docs !310 + +## v0.44.0 (2022-08-19) + +### New features + +- Update GitLab Runner version to 15.3.0 +- Add secrets update permission to RBAC example provided !349 (Tim Hobbs @hobti01) + +### Maintenance + +- Fix the pipeline being blocked by development release !357 + +### Documentation changes + +- Docs: Update values.yaml comments to reference kubernetes service accounts docs !310 + +## v0.43.0 (2022-07-20) + +### New features + +- Update GitLab Runner version to 15.2.0 + +### Documentation changes + +- Fix some dead links !356 (Ben Bodenmiller @bbodenmiller) + +## v0.42.0 (2022-06-20) + +### New features + +- Update GitLab Runner version to 15.1.0 +- Add priority classname !350 +- Update namespaces to be consistent across manifests !343 (blacktide @blacktide) +- Add freely configurable securityContext to deployment !354 +- Add possibility to overwrite default image registry !351 (Patrik Votoček @vrtak-cz) +- Make session server service annotations configurable !336 (Matthias Baur @m.baur) + +### Maintenance + +- Add volume and volumeMount support to runner deployment !348 +- ci: Update Helm from 3.4.1 to 3.7.2 !347 (Takuya Noguchi @tnir) +- Update Docker to 20.10 on integration test !346 (Takuya Noguchi @tnir) +- Update default registry to GitLab Runner registry !345 +- Update casing of GitLab in values YAML file !344 (Ben Bodenmiller @bbodenmiller) +- Remove unneeded rbac role !335 (Matthias Baur @m.baur) + +## v0.41.0 (2022-05-19) + +### New features + +- Update GitLab Runner version to 15.0.0 +- Add the ability to unregister only one runner !329 (LAKostis @LAKostis) +- Remove init container and instead project secrets !312 +- Don't repeat chart name if release name starts with the chart name !232 (Ahmadali Shafiee @ahmadalli) + +### Maintenance + +- Use Helm 3 instead of 2.16.9 on lint/release jobs !342 (Takuya Noguchi @tnir) + +## v0.40.0 (2022-04-20) + +### New features + +- Update GitLab Runner version to 14.10.0 +- Add the possibility to configure maximum timeout that will be set for jobs when using the runner !341 (Adrien Gooris @adrien.gooris) + +### Maintenance + +- Add a post-release CI job to trigger a deps pipeline in Charts repo !339 +- Add helm install integration test !326 +- Make loadBalancerSourceRanges of Session Server configurable !334 (Matthias Baur @m.baur) + +## v0.39.0 (2022-03-21) + +### New Features + +- Update GitLab Runner version to 14.9.0 + +### Bug fixes + +- Disable metrics endpoint by default !337 + +### Maintenance + +- Update labels according to latest taxonomy !338 + +## v0.38.1 (2022-03-02) + +### New Features + +- Update GitLab Runner version to 14.8.2 + +## v0.38.0 (2022-02-21) + +### Maintenance + +- Fix urls with runners configuration information !314 (Dmitriy Stoyanov @DmitriyStoyanov) +- k8s rbac: add more resources in comment. !307 (Chen Yufei @cyfdecyf) +- Add dependency scanning to Runner Helm Chart project !331 + +## v0.37.2 (2022-01-24) + +### Bug fixes + +- Fix appVersion to 14.7.0 + +## v0.37.1 (2022-01-20) + +### Bug fixes + +- Set sessionServer to false by default !332 + +## v0.37.0 (2022-01-19) + +### New Features + +- Update GitLab Runner version to 14.7.0 +- Add support for interactive web terminal !320 + +## v0.36.0 (2021-12-18) + +### New features + +- Update GitLab Runner version to 14.6.0 + +### Bug fixes + +- Fix prometheus annotation unquoted value !323 + +### GitLab Runner distribution + +- Fix the security release rule in .gitlab-ci.yml !324 +- Fail the stable release job on curl failures !322 + +## v0.35.3 (2021-12-13) + +### Maintenance + +- Fix prometheus annotation unquoted value !323 + +## v0.35.2 (2021-12-10) + +### Security + +- Update GitLab Runner version to 14.5.2 + +## v0.35.1 (2021-12-01) + +### Security + +- Update GitLab Runner version to 14.5.1 + +## v0.35.0 (2021-11-21) + +### New features + +- Update GitLab Runner version to 14.5.0 + +### Maintenance + +- Don't run pipelines only for MRs !318 +- Update changelog generator configuration !317 +- Adds configurable value probeTimeoutSeconds !306 (Kyle Wetzler @kwetzler1) + +## v0.34.0-rc1 (2021-10-11) + +### New features + +- Update GitLab Runner version to 14.4.0-rc1 + +### Maintenance + +- Disallow setting both replicas and runnerToken !289 + +## v0.33.0 (2021-09-29) + +### New features + +- Update GitLab Runner version to 14.3.0 + +### Maintenance + +- Update container entrypoint to use `dumb-init` to avoid zombie processes !311 (Georg Lauterbach @georglauterbach) + +## v0.32.0 (2021-08-22) + +### New features + +- Update GitLab Runner version to 14.2.0 +- Add support for revisionHistoryLimit !299 (Romain Grenet @romain.grenet1) + +## v0.31.0 (2021-07-20) + +### New features + +- Update GitLab Runner version to 14.1.0 + +### Bug fixes + +- Only add environment variables if values set !295 (Matthew Warman @mcwarman) + +## v0.30.0 (2021-06-19) + +### New features + +- Update GitLab Runner version to 14.0.0 + +### Bug fixes + +- Resolve runner ignores request_concurrency !296 + +### Maintenance + +- refactor: change default brach references to main !298 +- Add support for specifying schedulerName on deployment podspec. !284 (Dominic Bevacqua @dbevacqua) + +## v0.29.0 (2021-05-20) + +### New features + +- Update GitLab Runner version to 13.12.0 + +## v0.28.0 (2021-04-20) + +### New features + +- Update GitLab Runner version to 13.11.0 + +### Maintenance + +- Pass runners.config through the template engine !290 (Dmitriy @Nevoff89) +- Add role support of individual verbs list for different resources !280 (Horatiu Eugen Vlad @hvlad) +- Use runner namespace for role and role binding if it is specified !256 (Alex Sears @searsaw) +- Add optional configuration values for pod security context `runAsUser` and `supplementalGroups` !242 (Horatiu Eugen Vlad @hvlad) + +### Documentation changes + +- docs: add notice that we run tpl on runner config !291 +- Add comment on imagePullPolicy !288 + +## v0.27.0 (2021-03-21) + +### New features + +- Update GitLab Runner version to 13.10.0 +- Allow setting deployment replicas !286 +- Add support for specify ConfigMaps for gitlab-runner deployment !285 +- Allow to mount arbitrary Kubernetes secrets !283 + +## v0.26.0 (2021-02-22) + +### New features + +- Update GitLab Runner version to 13.9.0 +- Make executor configurable !273 (Matthias Baur @m.baur) + +### Other changes + +- Typo fix !282 (Ben Bodenmiller @bbodenmiller) + +## v0.25.0 (2021-01-20) + +### New features + +- Support secrets for Azure cache !277 +- Update GitLab Runner version to 13.8.0 + +### Maintenance + +- Fix release CI stage failing due to Helm stable deprecation !278 +- Update GitLab Changelog configuration !275 + +### Documentation changes + +- Update link to doc in README.md !276 + +## v0.24.0 (2020-12-21) + +### New features + +- Update GitLab Runner version to 13.7.0 +- add optional 'imagePullSecrets' to deployment !269 (Christian Schoofs @schoofsc) + +### Other changes + +- Make description configruable !229 (Matthias Baur @m.baur) + +## v0.23.0 (2020-11-21) + +### New features + +- Update GitLab Runner version to 13.6.0 +- Allow user to specify any runner configuraton !271 + +## v0.22.0 (2020-10-20) + +### New features + +- Update GitLab Runner version to 13.5.0 +- Add pull secrets to service account for runner image !241 (Horatiu Eugen Vlad @hvlad) + +### Maintenance + +- Set allowPrivilegeEscalation to false for gitlab-runner pod !243 (Horatiu Eugen Vlad @hvlad) + +### Documentation changes + +- Add comment on ubuntu image & securityContext !260 + +## v0.21.0 (2020-09-21) + +### Maintenance + +- Update GitLab Runner version to 13.4.0 +- Fix changelog generator config to catch all maintenance related labels !255 + +### Other changes + +- Add scripts/security-harness script !258 + +## v0.20.0 (2020-08-20) + +### New features + +- Update GitLab Runner version to 13.3.0 +- Enable custom commands !250 + +### Maintenance + +- Add `release stable` job for security fork !252 +- Update changelog generator to accept new labels !249 + +## v0.19.0 (2020-07-20) + +### New features + +- Allow user to define PodSecurityPolicy !184 (Paweł Kalemba @pkalemba) +- Update GitLab Runner version to 13.2.0 + +### Documentation changes + +- Fix external links within values.yaml !248 (Alexandre Jardin @alexandre.jardin) + +## v0.18.0 (2020-06-19) + +### Maintenance + +- Update GitLab Runner version to 13.1.0 + +### Other changes + +- Fix unregister when using token secret !231 (Bernd @arabus) +- Support specifying pod security context. !219 (Chen Yufei @cyfdecyf) + +## v0.17.1 (2020-06-01) + +### Maintenance + +- Update GitLab Runner version to 13.0.1 + +## v0.17.0 (2020-05-20) + +### New features + +- Expose settings for kubernetes resource limits and requests overwrites !220 (Alexander Petermann @lexxxel) +- Add support for setting Node Tolerations !188 (Zeyu Ye @Shuliyey) + +### Maintenance + +- Update GitLab Runner version to 13.0.0 +- Update package name in note !234 +- Pin CI jobs to gitlab-org runners !222 + +## v0.16.0 (2020-04-22) + +### New features + +- Add Service Account annotation support !211 (David Rosson @davidrosson) + +### Bug fixes + +- Support correct spelling of GCS secret !214 (Arthur Wiebe @arthur65) + +### Maintenance + +- Remove dependency of `gitlab-runner-builder` runner !221 +- Fix linting for forks with a different name than "gitlab-runner" !218 +- Install gitlab-changelog installation !217 + +### Other changes + +- Update GitLab Runner version to 12.10.1 +- Change listen address to not force IPv6 !213 (Fábio Matavelli @fabiomatavelli) + +## v0.15.0 (2020-03-20) + +### Maintenance + +- Update GitLab Runner version to 12.9.0 +- Update changelog generator configuration !212 +- Replace changelog entries generation script !209 + +### Other changes + +- Fix values.yaml typo !210 (Brian Choy @bycEEE) + +## v0.14.0 (2020-02-22) + +- Update GitLab Runner version to 12.8.0 + +## v0.13.0 (2020-01-20) + +- Add podLabels to the deployment !198 +- Mount custom-certs in configure init container !202 + +## v0.12.0 (2019-12-22) + +- Add `apiVersion: v1` to chart.yaml !195 +- Add documentation to protected Runners !193 +- Make securityContext configurable !199 +- Update GitLab Runner version to 12.6.0 + +## v0.11.0 (2019-11-20) + +- Variables for RUNNER_OUTPUT_LIMIT, and KUBERNETES_POLL_TIMEOUT !50 +- Add support for register protected Runners !185 + +## v0.10.1 (2019-10-28) + +- Update GitLab Runner to 12.4.1 + +## v0.10.0 (2019-10-21) + +- Updated GitLab Runner to 12.4.0 +- Use updated project path to release helm chart !172 +- Update resources API to stable verson !167 +- Add support for specifying log format !170 +- Use the cache.secret template to check if the secretName is set !166 +- Drop need for helm force update for now !181 +- Fix image version detection for old helm versions !173 + +## v0.9.0 (2019-09-20) + +- Use updated project path to release helm chart !172 +- Enabling horizontal pod auto-scaling based on custom metrics !127 +- Change base image used for CI jobs !156 +- Remove DJ as a listed chart maintainer !160 +- Release beta version on master using Bleeding Edge image !155 +- Update definition of 'release beta' CI jobs !164 +- Fix certs path in the comment in values file !148 +- Implement support for run-untagged option !140 +- Use new location for helm charts repo !162 +- Follow-up to adding run-untagged support !165 + +## v0.8.0 (2019-08-22) + +- Add suport for graceful stop !150 + +## v0.7.0 (2019-07-22) + +- Fix broken anchor link for gcs cache docs !135 +- Allow user to set rbac roles !112 +- Bump used Runner version to 12.1.0 !149 + +## v0.6.0 (2019-06-24) + +- Allow to manually build the package for development branches !120 +- When configuring cache: if no S3 secret assume IAM role !111 +- Allow to define request_concurrency value !121 +- Bump used Runner version to 12.0.0 !138 + +## v0.5.0 (2019-05-22) + +- Bump used Runner version to 11.11.0 !126 + +## v0.4.1 (2019-04-24) + +- Bump used Runner version to 11.10.1 !113 + +## v0.4.0 (2019-04-22) + +- Bump used Runner version to 11.10.0-rc2 !108 +- Fix a typo in values.yaml !101 +- Add pod labels for jobs !98 +- add hostAliases for pod assignment !89 +- Configurable deployment annotations !44 +- Add pod annotations for jobs !97 +- Bump used Runner version to 11.10.0-rc1 !107 + +## v0.3.0 (2019-03-22) + +- Change mount of secret with S3 distributed cache credentials !64 +- Add environment variables to runner !48 +- Replace S3_CACHE_INSECURE with CACHE_S3_INSECURE !90 +- Update values.yaml to remove invalid anchor in comments !85 +- Bump used Runner version to 11.9.0 !102 + +## v0.2.0 (2019-02-22) + +- Fix the error caused by unset 'locked' value !79 +- Create LICENSE file !76 +- Add CONTRIBUTING.md file !81 +- Add plain MIT text into LICENSE and add NOTICE !80 +- Fix incorrect custom secret documentation !71 +- Add affinity, nodeSelector and tolerations for pod assignment !56 +- Ignore scripts directory when buildin helm chart !83 +- Bump used Runner version to 11.8.0-rc1 !87 +- Fix year in Changelog - it's already 2019 !84 + +## v0.1.45 (2019-01-22) + +- Trigger release only for tagged versions !72 +- Fixes typos in values.yaml comments !60 +- Update chart to bring closer to helm standard template !43 +- Add nodeSelector config parameter for CI job pods !19 +- Prepare CHANGELOG management !75 +- Track app version in Chart.yaml !74 +- Fix the error caused by unset 'locked' value !79 +- Bump used Runner version to 11.7.0 !82 diff --git a/exemONE/helm/gitlab-runner/CONTRIBUTING.md b/exemONE/helm/gitlab-runner/CONTRIBUTING.md new file mode 100644 index 0000000..1e55f92 --- /dev/null +++ b/exemONE/helm/gitlab-runner/CONTRIBUTING.md @@ -0,0 +1,16 @@ +## Developer Certificate of Origin + License + +By contributing to GitLab B.V., You accept and agree to the following terms and +conditions for Your present and future Contributions submitted to GitLab B.V. +Except for the license granted herein to GitLab B.V. and recipients of software +distributed by GitLab B.V., You reserve all right, title, and interest in and to +Your Contributions. All Contributions are subject to the following DCO + License +terms. + +[DCO + License](https://gitlab.com/gitlab-org/dco/blob/master/README.md) + +All Documentation content that resides under the [docs/ directory](/docs) of this +repository is licensed under Creative Commons: +[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/). + +_This notice should stay as the first item in the CONTRIBUTING.md file._ diff --git a/exemONE/helm/gitlab-runner/Chart.yaml b/exemONE/helm/gitlab-runner/Chart.yaml new file mode 100644 index 0000000..789f2a6 --- /dev/null +++ b/exemONE/helm/gitlab-runner/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 16.8.0 +description: GitLab Runner +icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png +keywords: +- git +- ci +- deploy +maintainers: +- email: support@gitlab.com + name: GitLab Inc. +name: gitlab-runner +sources: +- https://gitlab.com/gitlab-org/charts/gitlab-runner +- https://gitlab.com/gitlab-org/gitlab-runner +- https://docs.gitlab.com/runner/ +version: 0.61.1 diff --git a/exemONE/helm/gitlab-runner/DEVELOPMENT.md b/exemONE/helm/gitlab-runner/DEVELOPMENT.md new file mode 100644 index 0000000..ddb186b --- /dev/null +++ b/exemONE/helm/gitlab-runner/DEVELOPMENT.md @@ -0,0 +1,12 @@ +# Developement + +## Running tests + +1. install helm unittest plugin: + ```bash + helm plugin install https://github.com/helm-unittest/helm-unittest.git + ``` +2. run tests: + ```bash + helm unittest . + ``` \ No newline at end of file diff --git a/exemONE/helm/gitlab-runner/LICENSE b/exemONE/helm/gitlab-runner/LICENSE new file mode 100644 index 0000000..df96b29 --- /dev/null +++ b/exemONE/helm/gitlab-runner/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2018-2019 GitLab B.V. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/exemONE/helm/gitlab-runner/Makefile b/exemONE/helm/gitlab-runner/Makefile new file mode 100644 index 0000000..d83671c --- /dev/null +++ b/exemONE/helm/gitlab-runner/Makefile @@ -0,0 +1,20 @@ +GITLAB_CHANGELOG_VERSION ?= master +GITLAB_CHANGELOG = .tmp/gitlab-changelog-$(GITLAB_CHANGELOG_VERSION) + +.PHONY: generate_changelog +generate_changelog: export CHANGELOG_RELEASE ?= dev +generate_changelog: $(GITLAB_CHANGELOG) + # Generating new changelog entries + @$(GITLAB_CHANGELOG) -project-id 6329679 \ + -release $(CHANGELOG_RELEASE) \ + -starting-point-matcher "v[0-9]*.[0-9]*.[0-9]*" \ + -config-file .gitlab/changelog.yml \ + -changelog-file CHANGELOG.md + +$(GITLAB_CHANGELOG): OS_TYPE ?= $(shell uname -s | tr '[:upper:]' '[:lower:]') +$(GITLAB_CHANGELOG): DOWNLOAD_URL = "https://storage.googleapis.com/gitlab-runner-tools/gitlab-changelog/$(GITLAB_CHANGELOG_VERSION)/gitlab-changelog-$(OS_TYPE)-amd64" +$(GITLAB_CHANGELOG): + # Installing $(DOWNLOAD_URL) as $(GITLAB_CHANGELOG) + @mkdir -p $(shell dirname $(GITLAB_CHANGELOG)) + @curl -sL "$(DOWNLOAD_URL)" -o "$(GITLAB_CHANGELOG)" + @chmod +x "$(GITLAB_CHANGELOG)" diff --git a/exemONE/helm/gitlab-runner/NOTICE b/exemONE/helm/gitlab-runner/NOTICE new file mode 100644 index 0000000..aa3eb4d --- /dev/null +++ b/exemONE/helm/gitlab-runner/NOTICE @@ -0,0 +1,30 @@ +With regard to the GitLab Software: + +The MIT License (MIT) + +Copyright (c) 2018-2019 GitLab B.V. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +--- + +For all third party components incorporated into the GitLab Software, those +components are licensed under the original license provided by the owner of the +applicable component. + diff --git a/exemONE/helm/gitlab-runner/README.md b/exemONE/helm/gitlab-runner/README.md new file mode 100644 index 0000000..3c308b1 --- /dev/null +++ b/exemONE/helm/gitlab-runner/README.md @@ -0,0 +1,8 @@ +# GitLab Runner Helm Chart + +This chart deploys a GitLab Runner instance into your Kubernetes +cluster. For more information, please review [our documentation](https://docs.gitlab.com/charts/charts/gitlab/gitlab-runner). + +# Development + +Please follow [development documentation](DEVELOPMENT.md). \ No newline at end of file diff --git a/exemONE/helm/gitlab-runner/templates/NOTES.txt b/exemONE/helm/gitlab-runner/templates/NOTES.txt new file mode 100644 index 0000000..68ab758 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/NOTES.txt @@ -0,0 +1,36 @@ +{{- if include "gitlab-runner.gitlabUrl" . }} +Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ include "gitlab-runner.gitlabUrl" . }} +{{- else -}} +############################################################################################# +## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ## +############################################################################################# + +This deployment will be incomplete until you provide the URL that your +GitLab instance is reachable at: + + helm upgrade {{ .Release.Name }} \ + --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ + gitlab/gitlab-runner +{{- end -}} + +{{- if not .Values.runners.config }} +############################################################################################# +## WARNING: You don't seem to be using the GitLab Runner config template functionality. ## +## Configuring the GitLab Runner through that template is recommended as other ## +## configuration options will be deprecated in Helm Chart 1.0. Read more at ## +## https://docs.gitlab.com/runner/install/kubernetes.html#using-configuration-template. ## +############################################################################################# +{{- end }} + +{{- $runnerNamespace := regexFind "\\s*namespace\\s*=.+\\s*" (tpl .Values.runners.config $) | regexFind "=.+" | trimPrefix "=" | trim -}} +{{- if regexMatch "\\s*namespace\\s*=" .Values.runners.config }} + +Runner namespace {{ $runnerNamespace }} was found in runners.config template. +{{- if .Values.runners.namespace }} + +############################################################################################# +## WARNING: You have set the namespace in runners.config and also set in deprecated ## +## runner.namespace element. The runners.config namespace will be ignored. ## +############################################################################################# +{{- end }} +{{- end }} diff --git a/exemONE/helm/gitlab-runner/templates/_env_vars.tpl b/exemONE/helm/gitlab-runner/templates/_env_vars.tpl new file mode 100644 index 0000000..0394205 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/_env_vars.tpl @@ -0,0 +1,28 @@ +{{- define "gitlab-runner.runner-env-vars" }} +- name: CI_SERVER_URL + value: {{ include "gitlab-runner.gitlabUrl" . }} +- name: RUNNER_EXECUTOR + value: {{ default "kubernetes" .Values.runners.executor | quote }} +{{- if eq (include "gitlab-runner.isAuthToken" .) "false" }} +- name: REGISTER_LOCKED + {{ if or (not (hasKey .Values.runners "locked")) .Values.runners.locked -}} + value: "true" + {{- else -}} + value: "false" + {{- end }} +- name: RUNNER_TAG_LIST + value: {{ default "" .Values.runners.tags | quote }} +{{- end }} +{{- if eq (default "kubernetes" .Values.runners.executor) "kubernetes" }} +{{- if not (regexMatch "\\s*namespace\\s*=" .Values.runners.config) }} +- name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- if .Values.envVars -}} +{{ range .Values.envVars }} +- name: {{ .name }} + value: {{ .value | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/exemONE/helm/gitlab-runner/templates/_helpers.tpl b/exemONE/helm/gitlab-runner/templates/_helpers.tpl new file mode 100644 index 0000000..e6f3127 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/_helpers.tpl @@ -0,0 +1,115 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gitlab-runner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "gitlab-runner.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if hasPrefix $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitlab-runner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Define the name of the secret containing the tokens +*/}} +{{- define "gitlab-runner.secret" -}} +{{- default (include "gitlab-runner.fullname" .) .Values.runners.secret | quote -}} +{{- end -}} + +{{/* +Define the name of the s3 cache secret +*/}} +{{- define "gitlab-runner.cache.secret" -}} +{{- if hasKey .Values.runners.cache "secretName" -}} +{{- .Values.runners.cache.secretName | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Template for outputing the gitlabUrl +*/}} +{{- define "gitlab-runner.gitlabUrl" -}} +{{- .Values.gitlabUrl | quote -}} +{{- end -}} + +{{/* +Define the image, using .Chart.AppVersion and GitLab Runner image as a default value +*/}} +{{- define "gitlab-runner.image" }} +{{- $appVersion := ternary "bleeding" (print "v" .Chart.AppVersion) (eq .Chart.AppVersion "bleeding") -}} +{{- $appVersionImageTag := printf "alpine-%s" $appVersion -}} +{{- $imageRegistry := ternary "" (print .Values.image.registry "/") (eq .Values.image.registry "") -}} +{{- $imageTag := default $appVersionImageTag .Values.image.tag -}} +{{- printf "%s%s:%s" $imageRegistry .Values.image.image $imageTag }} +{{- end -}} + +{{/* +Define the server session timeout, using 1800 as a default value +*/}} +{{- define "gitlab-runner.server-session-timeout" }} +{{- default 1800 .Values.sessionServer.timeout }} +{{- end -}} + +{{/* +Define the server session internal port, using 9000 as a default value +*/}} +{{- define "gitlab-runner.server-session-external-port" }} +{{- default 9000 .Values.sessionServer.externalPort }} +{{- end -}} + +{{/* +Define the server session external port, using 8093 as a default value +*/}} +{{- define "gitlab-runner.server-session-internal-port" }} +{{- default 8093 .Values.sessionServer.internalPort }} +{{- end -}} + +{{/* +Unregister runners on pod stop +*/}} +{{- define "gitlab-runner.unregisterRunners" -}} +{{- if or (and (hasKey .Values "unregisterRunners") .Values.unregisterRunners) (and (not (hasKey .Values "unregisterRunners")) .Values.runnerRegistrationToken) -}} +lifecycle: + preStop: + exec: + command: ["/entrypoint", "unregister", "--all-runners"] +{{- end -}} +{{- end -}} + +{{/* +Define if the registration token provided (if any) +is an authentication token or not +*/}} +{{- define "gitlab-runner.isAuthToken" -}} +{{- $isAuthToken := false -}} +{{- $hasRegistrationToken := hasKey .Values "runnerRegistrationToken" -}} +{{- if $hasRegistrationToken -}} +{{- $token := .Values.runnerRegistrationToken -}} +{{- $isAuthToken = or (empty $token) (hasPrefix "glrt-" $token) -}} +{{- else -}} +{{- $token := default "" .Values.runnerToken -}} +{{- $isAuthToken = and (not (empty $token)) (hasPrefix "glrt-" $token) -}} +{{- end -}} +{{- $isAuthToken -}} +{{- end -}} diff --git a/exemONE/helm/gitlab-runner/templates/configmap.yaml b/exemONE/helm/gitlab-runner/templates/configmap.yaml new file mode 100644 index 0000000..334e9fe --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/configmap.yaml @@ -0,0 +1,226 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitlab-runner.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + entrypoint: | + #!/bin/bash + set -e + + export CONFIG_PATH_FOR_INIT="{{ ternary "/.gitlab-runner/" "/home/gitlab-runner/.gitlab-runner/" (and (hasKey .Values.securityContext "runAsNonRoot") (not .Values.securityContext.runAsNonRoot)) }}" + mkdir -p ${CONFIG_PATH_FOR_INIT} + cp /configmaps/config.toml ${CONFIG_PATH_FOR_INIT} + + {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} + quit() { + kill -TERM "$child" + } + + trap quit QUIT TERM + + sh /configmaps/set-session-server-address & + child=$! + wait "$child" + {{- end }} + + # Set up environment variables for cache + if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then + export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey) + export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey) + fi + + if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then + export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file" + elif [[ -f /secrets/gcs-application-credentials-file ]]; then + export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file" + else + if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then + export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id) + # echo -e used to make private key multiline (in google json auth key private key is oneline with \n) + export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key)) + fi + fi + + if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then + export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name) + export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key) + fi + + if [[ -f /secrets/runner-registration-token ]]; then + export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token) + fi + + if [[ -f /secrets/runner-token ]]; then + export CI_SERVER_TOKEN=$(cat /secrets/runner-token) + fi + + # Register the runner + if ! sh /configmaps/register-the-runner; then + exit 1 + fi + + # Run pre-entrypoint-script + if ! bash /configmaps/pre-entrypoint-script; then + exit 1 + fi + + # Start the runner + exec /entrypoint run \ + {{- if and .Values.runners.executor (ne "shell" ((.Values.runners.executor) | toString)) }} + --user=gitlab-runner \ + {{- end }} + --working-directory=/home/gitlab-runner + + config.toml: | + shutdown_timeout = {{ .Values.shutdown_timeout }} + concurrent = {{ .Values.concurrent }} + check_interval = {{ .Values.checkInterval }} + log_level = {{ default "info" .Values.logLevel | quote }} + {{- if .Values.logFormat }} + log_format = {{ .Values.logFormat | quote }} + {{- end }} + {{- if .Values.metrics.enabled }} + listen_address = ":{{ .Values.metrics.port }}" + {{- end }} + {{- if .Values.sentryDsn }} + sentry_dsn = "{{ .Values.sentryDsn }}" + {{- end }} + {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} + [session_server] + session_timeout = {{ include "gitlab-runner.server-session-timeout" . }} + listen_address = "0.0.0.0:{{ include "gitlab-runner.server-session-internal-port" . }}" + advertise_address = "SESSION_SERVER_IP:{{ include "gitlab-runner.server-session-external-port" . }}" + {{- end }} + + {{ if .Values.runners.config }} + config.template.toml: {{ tpl .Values.runners.config $ | toYaml | indent 2 }} + {{ end }} + + register-the-runner: | + #!/bin/bash + function signal_handler() { + if [ ! -d "/proc/$register_pid" ]; then + wait $register_pid + fi + exit + } + trap 'signal_handler' SIGQUIT + trap 'signal_handler' SIGINT + + MAX_REGISTER_ATTEMPTS=30 + + # Reset/unset the not needed flags when an authentication token + RUN_UNTAGGED="{{ ternary "--run-untagged=true" "" (and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged) }}" + ACCESS_LEVEL="{{ ternary "--access-level=ref_protected" "" (and (hasKey .Values.runners "protected") .Values.runners.protected) }}" + + {{- if eq (include "gitlab-runner.isAuthToken" . ) "true" }} + RUN_UNTAGGED="" + ACCESS_LEVEL="" + unset REGISTER_LOCKED + unset RUNNER_TAG_LIST + {{- end }} + + for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do + echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}" + /entrypoint register \ + {{- if and (hasKey .Values.runners "name") .Values.runners.name }} + --name={{ .Values.runners.name | quote -}} \ + {{- end }} + {{- if and (hasKey .Values.runners "maximumTimeout") .Values.runners.maximumTimeout }} + --maximum-timeout={{ .Values.runners.maximumTimeout | quote -}} \ + {{- end }} + {{- if eq (include "gitlab-runner.isAuthToken" . ) "false" }} + ${RUN_UNTAGGED} \ + ${ACCESS_LEVEL} \ + {{- end }} + {{- if .Values.runners.config }} + --template-config /configmaps/config.template.toml \ + {{- else if .Values.runners.configPath }} + --template-config {{ .Values.runners.configPath }} \ + {{- end }} + --non-interactive & + + register_pid=$! + wait $register_pid + retval=$? + + if [ ${retval} = 0 ]; then + break + elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then + exit 1 + fi + + sleep 5 + done + + exit 0 + + check-live: | + #!/bin/bash + set -eou pipefail + + if ! /usr/bin/pgrep -f ".*register-the-runner" > /dev/null && ! /usr/bin/pgrep -f "gitlab.*runner" > /dev/null ; then + exit 1 + fi + + name=$(awk -F'"' '/^ name = ".*"/ { print $2 }' "${HOME%/root}/.gitlab-runner/config.toml") + url=$(awk -F'"' '/^ url = ".*"/ { print $2 }' "${HOME%/root}/.gitlab-runner/config.toml") + + gitlab-runner verify -n "$name" -u "$url" 2>&1 | grep -E "is alive|is valid" + + {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} + set-session-server-address: | + #!/bin/bash + + {{- if (not .Values.sessionServer.publicIP) }} + APISERVER=https://kubernetes.default.svc \ + && SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount \ + && NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) \ + && TOKEN=$(cat ${SERVICEACCOUNT}/token) \ + && CACERT=${SERVICEACCOUNT}/ca.crt \ + && header="Authorization: Bearer ${TOKEN}" + + SERVICEURL=${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/{{ include "gitlab-runner.fullname" . }}-session-server + + has_address=false + while [ "${has_address}" = false ]; do + SERVICEIP=$(curl —-silent \ + --cacert ${CACERT} \ + --header "${header}" \ + -X GET ${SERVICEURL} 2>/dev/null \ + | grep '"ip":' | cut -d ":" -f2 | xargs) + + # for aws, the hostname is available but not the external IP + SERVICEHOSTNAME=$(curl —-silent \ + --cacert ${CACERT} \ + --header "${header}" \ + -X GET ${SERVICEURL} 2>/dev/null \ + | grep '"hostname":' | cut -d ":" -f2 | xargs) + + ADDRESS="${SERVICEHOSTNAME:-$SERVICEIP}" + + if [ -z "${ADDRESS}" ] + then + echo "Service LoadBalancer External Address not yet available" + has_address=false + sleep 5 + else + has_address=true + sed -i -e "s/SESSION_SERVER_IP/${ADDRESS}/g" ${CONFIG_PATH_FOR_INIT}/config.toml + fi + done + {{- else }} + sed -i -e "s/SESSION_SERVER_IP/{{ .Values.sessionServer.publicIP }}/g" ${CONFIG_PATH_FOR_INIT}/config.toml + {{- end}} + {{ end }} + + pre-entrypoint-script: | +{{ .Values.preEntrypointScript | default "" | indent 4 }} + +{{ if not (empty .Values.configMaps) }}{{ toYaml .Values.configMaps | indent 2 }}{{ end }} diff --git a/exemONE/helm/gitlab-runner/templates/deployment.yaml b/exemONE/helm/gitlab-runner/templates/deployment.yaml new file mode 100644 index 0000000..5b35315 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/deployment.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gitlab-runner.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- range $key, $value := .Values.deploymentLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- toYaml .Values.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.hpa}} + replicas: {{ default 1 .Values.replicas }} + {{- end}} + revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ include "gitlab-runner.fullname" . }} + {{- with .Values.strategy }} + strategy: {{ toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.metrics.enabled }} + prometheus.io/scrape: 'true' + prometheus.io/port: {{ .Values.metrics.port | quote }} + {{- end }} + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if hasKey .Values "automountServiceAccountToken" }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + containers: + - name: {{ include "gitlab-runner.fullname" . }} + image: {{ include "gitlab-runner.image" . }} + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + securityContext: {{ toYaml .Values.securityContext | nindent 10 }} + {{- include "gitlab-runner.unregisterRunners" . | nindent 8 }} + {{- if .Values.useTini }} + command: ["/usr/local/bin/tini", "--", "/bin/bash", "/configmaps/entrypoint"] + {{- else }} + command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"] + {{- end }} + env: + {{ include "gitlab-runner.runner-env-vars" . | indent 8 }} + livenessProbe: + exec: + command: ["/bin/bash", "/configmaps/check-live"] + initialDelaySeconds: 60 + timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }} + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: ["/usr/bin/pgrep","gitlab.*runner"] + initialDelaySeconds: 10 + timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }} + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ports: + - name: {{ .Values.metrics.portName | quote }} + containerPort: {{ .Values.metrics.port }} + {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} + - name: session-server + containerPort: {{ include "gitlab-runner.server-session-internal-port" . }} + protocol: TCP + {{- end }} + volumeMounts: + {{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }} + - name: projected-secrets + mountPath: /secrets + {{- end }} + - name: etc-gitlab-runner + mountPath: /home/gitlab-runner/.gitlab-runner + - name: configmaps + mountPath: /configmaps + {{- if .Values.certsSecretName }} + - name: custom-certs + readOnly: true + mountPath: /home/gitlab-runner/.gitlab-runner/certs/ + {{- end }} + {{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + volumes: + - name: runner-secrets + emptyDir: + medium: "Memory" + - name: etc-gitlab-runner + emptyDir: + medium: "Memory" + {{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }} + - name: projected-secrets + projected: + sources: + {{- if include "gitlab-runner.cache.secret" . }} + - secret: + name: {{ include "gitlab-runner.cache.secret" . }} + {{- end }} + {{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }} + - secret: + name: {{ include "gitlab-runner.secret" . }} + items: + - key: runner-registration-token + path: runner-registration-token + - key: runner-token + path: runner-token + {{- end }} + {{- range .Values.secrets }} + - secret: +{{ toYaml . | indent 16 }} + {{- end }} + {{- end }} + {{- if .Values.certsSecretName }} + - name: custom-certs + secret: + secretName: {{ .Values.certsSecretName }} + {{- end }} + - name: configmaps + configMap: + name: {{ include "gitlab-runner.fullname" . }} + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.topologySpreadConstraints | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: +{{ toYaml .Values.hostAliases | indent 8 }} + {{- end }} diff --git a/exemONE/helm/gitlab-runner/templates/hpa.yaml b/exemONE/helm/gitlab-runner/templates/hpa.yaml new file mode 100644 index 0000000..3ec0dc6 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/hpa.yaml @@ -0,0 +1,22 @@ +{{- if .Values.hpa}} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} +apiVersion: autoscaling/v2 +{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} +apiVersion: autoscaling/v2beta2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "gitlab-runner.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "gitlab-runner.fullname" . }} + minReplicas: {{ default 1 .Values.hpa.minReplicas }} + maxReplicas: {{ default 1 .Values.hpa.maxReplicas }} + metrics: +{{ toYaml .Values.hpa.metrics | indent 2 }} +{{- end}} diff --git a/exemONE/helm/gitlab-runner/templates/role-binding.yaml b/exemONE/helm/gitlab-runner/templates/role-binding.yaml new file mode 100644 index 0000000..b074cd2 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/role-binding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRoleBinding"{{ else }}"RoleBinding"{{ end }} +metadata: + name: {{ include "gitlab-runner.fullname" . }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{ if not .Values.rbac.clusterWideAccess -}} + namespace: {{ .Release.Namespace | quote }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} + name: {{ include "gitlab-runner.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "gitlab-runner.fullname" . }} + namespace: "{{ .Release.Namespace }}" +{{- end -}} diff --git a/exemONE/helm/gitlab-runner/templates/role.yaml b/exemONE/helm/gitlab-runner/templates/role.yaml new file mode 100644 index 0000000..343d22a --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} +metadata: + name: {{ include "gitlab-runner.fullname" . }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{ if not .Values.rbac.clusterWideAccess -}} + namespace: {{ .Release.Namespace | quote }} + {{- end }} +rules: +{{- if .Values.rbac.podSecurityPolicy.enabled }} +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: +{{ toYaml .Values.rbac.podSecurityPolicy.resourceNames | indent 2 }} +{{- end }} +{{- if empty .Values.rbac.rules }} +- apiGroups: [""] + resources: {{ (list "*") | toJson }} + verbs: {{ (list "*") | toJson }} +{{- end -}} +{{ range .Values.rbac.rules }} +- apiGroups: {{ (default (list "") .apiGroups) | toJson }} + resources: {{ (default (list "*") .resources) | toJson }} + verbs: {{ (default (list "*") .verbs) | toJson }} +{{- end }} +{{- end -}} diff --git a/exemONE/helm/gitlab-runner/templates/secrets.yaml b/exemONE/helm/gitlab-runner/templates/secrets.yaml new file mode 100644 index 0000000..767f515 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.runnerRegistrationToken .Values.runnerToken -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitlab-runner.secret" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }} + runner-token: {{ default "" .Values.runnerToken | b64enc | quote }} +{{- end -}} diff --git a/exemONE/helm/gitlab-runner/templates/service-account.yaml b/exemONE/helm/gitlab-runner/templates/service-account.yaml new file mode 100644 index 0000000..b7139d7 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- if .Values.rbac.serviceAccountAnnotations }} + annotations: + {{- range $key, $value := .Values.rbac.serviceAccountAnnotations }} + {{ $key }}: {{ tpl ($value) $ | quote }} + {{- end }} + {{- end}} + name: {{ include "gitlab-runner.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.rbac.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.rbac.imagePullSecrets }} + - name: {{ . | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/exemONE/helm/gitlab-runner/templates/service-session-server.yaml b/exemONE/helm/gitlab-runner/templates/service-session-server.yaml new file mode 100644 index 0000000..0cb825f --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/service-session-server.yaml @@ -0,0 +1,32 @@ +{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitlab-runner.fullname" . }}-session-server + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.sessionServer.annotations }} + annotations: + {{- toYaml .Values.sessionServer.annotations | nindent 4 }} + {{- end }} + labels: + app: {{ include "gitlab-runner.fullname" . }} + chart: {{ include "gitlab-runner.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + app: {{ include "gitlab-runner.fullname" . }} + release: "{{ .Release.Name }}" + type: LoadBalancer + {{- if .Values.sessionServer.publicIP }} + loadBalancerIP: {{ .Values.sessionServer.publicIP }} + {{- end }} + {{- if .Values.sessionServer.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.sessionServer.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - protocol: TCP + port: {{ include "gitlab-runner.server-session-external-port" . }} + targetPort: {{ include "gitlab-runner.server-session-internal-port" . }} +{{- end }} diff --git a/exemONE/helm/gitlab-runner/templates/service.yaml b/exemONE/helm/gitlab-runner/templates/service.yaml new file mode 100644 index 0000000..af9e821 --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/service.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.service.enabled .Values.metrics.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitlab-runner.fullname" . | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . | quote }} + chart: {{ include "gitlab-runner.chart" . | quote }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if .Values.service.labels }} + {{- toYaml .Values.service.labels | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP | quote }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: + {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.service.loadBalancerSourceRanges }} + - {{ $cidr | quote }} + {{- end }} + {{- end }} + ports: + {{- if .Values.metrics.enabled }} + - name: {{ .Values.metrics.portName | quote }} + {{- if eq .Values.service.type "NodePort" }} + nodePort: {{ .Values.service.metrics.nodePort }} + {{- end }} + port: {{ .Values.metrics.port }} + targetPort: {{ .Values.metrics.portName | quote }} + {{- end }} + {{- if .Values.service.additionalPorts }} + {{- toYaml .Values.service.additionalPorts | nindent 2 }} + {{- end }} + selector: + app: {{ include "gitlab-runner.fullname" . | quote }} + release: {{ .Release.Name | quote }} + type: {{ .Values.service.type | default "ClusterIP" | quote }} +{{- end }} diff --git a/exemONE/helm/gitlab-runner/templates/servicemonitor.yaml b/exemONE/helm/gitlab-runner/templates/servicemonitor.yaml new file mode 100644 index 0000000..ec0ed5e --- /dev/null +++ b/exemONE/helm/gitlab-runner/templates/servicemonitor.yaml @@ -0,0 +1,56 @@ +{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.enabled .Values.service.enabled -}} +{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "gitlab-runner.fullname" . | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ include "gitlab-runner.fullname" . | quote }} + chart: {{ include "gitlab-runner.chart" . | quote }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.metrics.portName | quote }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scheme }} + scheme: {{ .Values.metrics.serviceMonitor.scheme | quote }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.metrics.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6) . }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.path }} + path: {{ .Values.metrics.serviceMonitor.path }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + namespaceSelector: + matchNames: + - {{ $.Release.Namespace | quote }} + selector: + matchLabels: + app: {{ include "gitlab-runner.fullname" . | quote }} + chart: {{ include "gitlab-runner.chart" . | quote }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- end }} +{{- end }} diff --git a/exemONE/helm/gitlab-runner/values.yaml b/exemONE/helm/gitlab-runner/values.yaml new file mode 100644 index 0000000..18e5ac3 --- /dev/null +++ b/exemONE/helm/gitlab-runner/values.yaml @@ -0,0 +1,623 @@ +## GitLab Runner Image +## +## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION} +## where {VERSION} is taken from Chart.yaml from appVersion field +## +## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]= +## +## Note: If you change the image to the ubuntu release +## don't forget to change the securityContext; +## these images run on different user IDs. +## +image: + registry: registry.gitlab.com + image: gitlab-org/gitlab-runner + # tag: alpine-v11.6.0 + +## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry) +## the installation fails because dumb-init is not packaged in the image. However, the tini is present. +## This configuration will allow gitlab-runner-ubi-images users to explicitly enabled the use of `tini` instead of `dumb-init` +useTini: false + +## Specify a imagePullPolicy for the main runner deployment +## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' +## +## Note: it does not apply to job containers launched by this executor. +## Use `pull_policy` in [runners.kubernetes] to change it. +## +## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images +## +imagePullPolicy: IfNotPresent + +## Specifying ImagePullSecrets on a Pod +## Kubernetes supports specifying container image registry keys on a Pod. +## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +## +# imagePullSecrets: +# - name: "image-pull-secret" + +## Timeout, in seconds, for liveness and readiness probes of a runner pod. +# probeTimeoutSeconds: 3 + +## How many runner pods to launch. +## +# replicas: 1 + +## How many old ReplicaSets for this Deployment you want to retain +# revisionHistoryLimit: 10 + +## The GitLab Server URL (with protocol) that want to register the runner against +## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register +## +# gitlabUrl: http://gitlab.your-domain.com/ + +## DEPRECATED: The Registration Token for adding new Runners to the GitLab Server. +## +## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html +## +# runnerRegistrationToken: "" + +## The Runner Token for adding new Runners to the GitLab Server. This must +## be retrieved from your GitLab Instance. It is token of already registered runner. +## ref: (we don't yet have docs for that, but we want to use existing token) +## +# runnerToken: "" +# + +## Unregister all runners before termination +## +## Updating the runner's chart version or configuration will cause the runner container +## to be terminated and created again. This may cause your Gitlab instance to reference +## non-existant runners. Un-registering the runner before termination mitigates this issue. +## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister +## +# unregisterRunners: true + +## When stopping the runner, give it time to wait for its jobs to terminate. +## +## Updating the runner's chart version or configuration will cause the runner container +## to be terminated with a graceful stop request. terminationGracePeriodSeconds +## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully. +## ref: https://docs.gitlab.com/runner/commands/#signals +terminationGracePeriodSeconds: 3600 + +## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use +## Provide resource name for a Kubernetes Secret Object in the same namespace, +## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory +## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server +## +# certsSecretName: + +## Configure the maximum number of concurrent jobs +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +concurrent: 10 + +## Number of seconds until the forceful shutdown operation times out and exits the process. +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +shutdown_timeout: 0 + +## Defines in seconds how often to check GitLab for a new builds +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +checkInterval: 30 + +## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +# logLevel: + +## Configure GitLab Runner's logging format. Available values are: runner, text, json +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +# logFormat: + +## Configure GitLab Runner's Sentry DSN. +## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +# sentryDsn: + +## A custom bash script that will be executed prior to the invocation +## gitlab-runner process +# +#preEntrypointScript: | +# echo "hello" + +## Specify whether the runner should start the session server. +## Defaults to false +## ref: +## +## When sessionServer is enabled, the user can either provide a public publicIP +## or rely on the external IP auto discovery +## When a serviceAccountName is used with the automounting to the pod disable, +## we recommend the usage of the publicIP +sessionServer: + enabled: false + # annotations: {} + # timeout: 1800 + # internalPort: 8093 + # externalPort: 9000 + # publicIP: "" + # loadBalancerSourceRanges: + # - 1.2.3.4/32 + +## For RBAC support: +rbac: + create: false + + ## Define list of rules to be added to the rbac role permissions. + ## Each rule supports the keys: + ## - apiGroups: default "" (indicates the core API group) if missing or empty. + ## - resources: default "*" if missing or empty. + ## - verbs: default "*" if missing or empty. + ## + ## Read more about the recommended rules on the following link + ## + ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configure-runner-api-permissions + ## + rules: [] + # - resources: ["configmaps", "events", "pods", "pods/attach", "pods/exec", "secrets", "services"] + # verbs: ["get", "list", "watch", "create", "patch", "update", "delete"] + # - apiGroups: [""] + # resources: ["pods/exec"] + # verbs: ["create", "patch", "delete"] + # - apiGroups: [""] + # resources: ["pods/log"] + # verbs: ["get"] + + ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs + ## cluster-wide or only within namespace + clusterWideAccess: false + + ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create) + ## + # serviceAccountName: default + + ## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn. + ## Values may refer other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g. + ## serviceAccountAnnotations: + ## eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}" + ## + ## ref: https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html + ## + # serviceAccountAnnotations: {} + + ## Use podSecurity Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + enabled: false + resourceNames: + - gitlab-runner + + ## Specify one or more imagePullSecrets used for pulling the runner image + ## + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + ## + # imagePullSecrets: [] + +## Configure integrated Prometheus metrics exporter +## +## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server +## +metrics: + enabled: false + + ## Define a name for the metrics port + ## + portName: metrics + + ## Provide a port number for the integrated Prometheus metrics exporter + ## + port: 9252 + + ## Configure a prometheus-operator serviceMonitor to allow autodetection of + ## the scraping target. Requires enabling the service resource below. + ## + serviceMonitor: + enabled: false + + ## Provide additional labels to the service monitor resource + ## + ## labels: {} + + ## Provide annotations to the service monitor ressource + ## + ## annotations: {} + + ## Define a scrape interval (otherwise prometheus default is used) + ## + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config + ## + # interval: "" + + ## Specify the scrape protocol scheme e.g., https or http + ## + # scheme: "http" + + ## Supply a tls configuration for the service monitor + ## + ## ref: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml + ## + # tlsConfig: {} + + ## The URI path where prometheus metrics can be scraped from + ## + # path: "/metrics" + + ## A list of MetricRelabelConfigs to apply to samples before ingestion + ## + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + # metricRelabelings: [] + + ## A list of RelabelConfigs to apply to samples before scraping + ## + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + ## relabelings: [] + +## Configure a service resource e.g., to allow scraping metrics via +## prometheus-operator serviceMonitor +service: + enabled: false + + ## Provide additonal labels for the service + ## + # labels: {} + + ## Provide additonal annotations for the service + ## + # annotations: {} + + ## Define a specific ClusterIP if you do not want a dynamic one + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## + # clusterIP: "" + + ## Define a list of one or more external IPs for this service + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + # externalIPs: [] + + ## Provide a specific loadbalancerIP e.g., of an external Loadbalancer + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + # loadBalancerIP: "" + + ## Provide a list of source IP ranges to have access to this service + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support + ## + # loadBalancerSourceRanges: [] + + ## Specify the service type e.g., ClusterIP, NodePort, LoadBalancer or ExternalName + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + type: ClusterIP + + ## Specify the services metrics nodeport if you use a service of type nodePort + ## + # metrics: + + ## Specify the node port under which the prometheus metrics of the runner are made + ## available. + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + ## + # nodePort: "" + + ## Provide a list of additional ports to be exposed by this service + ## + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + ## + # additionalPorts: [] + +## Configuration for the Pods that the runner launches for each new job +## +runners: + # runner configuration, where the multi line strings is evaluated as + # template so you can specify helm values inside of it. + # + # tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function + # runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html + config: | + [[runners]] + [runners.kubernetes] + namespace = "{{.Release.Namespace}}" + image = "alpine" + + ## Absolute path for an existing runner configuration file + ## Can be used alongside "volumes" and "volumeMounts" to use an external config file + ## Active if runners.config is empty or null + configPath: "" + + ## Which executor should be used + ## + # executor: kubernetes + + ## DEPRECATED: Specify whether the runner should be locked to a specific project: true, false. + ## + ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html + ## + # locked: true + + ## DEPRECATED: Specify the tags associated with the runner. Comma-separated list of tags. + ## + ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html + ## + # tags: "" + + ## Specify the name for the runner. + ## + # name: "" + + ## DEPRECATED:Specify the maximum timeout (in seconds) that will be set for job when using this Runner + ## + ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html + ## + # maximumTimeout: "" + + ## DEPRECATED: Specify if jobs without tags should be run. + ## + ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html + ## + # runUntagged: true + + ## DEPRECATED: Specify whether the runner should only run protected branches. + ## + ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html + ## + # protected: true + + ## The name of the secret containing runner-token and runner-registration-token + # secret: gitlab-runner + + ## Distributed runners caching + ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching + ## + ## If you want to use s3 based distributing caching: + ## First of all you need to uncomment General settings and S3 settings sections. + ## + ## Create a secret 's3access' containing 'accesskey' & 'secretkey' + ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ + ## + ## $ kubectl create secret generic s3access \ + ## --from-literal=accesskey="YourAccessKey" \ + ## --from-literal=secretkey="YourSecretKey" + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + ## + ## If you want to use gcs based distributing caching: + ## First of all you need to uncomment General settings and GCS settings sections. + ## + ## Access using credentials file: + ## Create a secret 'google-application-credentials' containing your application credentials file. + ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section + ## You could configure + ## $ kubectl create secret generic google-application-credentials \ + ## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + ## + ## Access using access-id and private-key: + ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'. + ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section + ## You could configure + ## $ kubectl create secret generic gcsaccess \ + ## --from-literal=gcs-access-id="YourAccessID" \ + ## --from-literal=gcs-private-key="YourPrivateKey" + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + ## + ## If you want to use Azure-based distributed caching: + ## First, uncomment General settings. + ## + ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key' + ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction + ## + ## $ kubectl create secret generic azureaccess \ + ## --from-literal=azure-account-name="YourAccountName" \ + ## --from-literal=azure-account-key="YourAccountKey" + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + + cache: {} + ## S3 the name of the secret. + # secretName: s3access + ## Use this line for access using gcs-access-id and gcs-private-key + # secretName: gcsaccess + ## Use this line for access using google-application-credentials file + # secretName: google-application-credentials + ## Use this line for access using Azure with azure-account-name and azure-account-key + # secretName: azureaccess + +## Specify the name of the scheduler which used to schedule runner pods. +## Kubernetes supports multiple scheduler configurations. +## ref: https://kubernetes.io/docs/reference/scheduling +# schedulerName: "my-custom-scheduler" + +## Configure securitycontext for the main container +## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ +## +securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: true + privileged: false + capabilities: + drop: ["ALL"] + +## Configure update strategy for multi-replica deployments +## Kubernetes supports types Recreate, and RollingUpdate +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +strategy: {} + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + # type: RollingUpdate + +## Configure securitycontext valid for the whole pod +## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ +## +podSecurityContext: + runAsUser: 100 + # runAsGroup: 65533 + fsGroup: 65533 + # supplementalGroups: [65533] + + ## Note: values for the ubuntu image: + # runAsUser: 999 + # fsGroup: 999 + +## Configure resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +## +resources: {} + # limits: + # memory: 256Mi + # cpu: 200m + # ephemeral-storage: 512Mi + # requests: + # memory: 128Mi + # cpu: 100m + # ephemeral-storage: 256Mi + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## TopologySpreadConstraints for pod assignment +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +## +topologySpreadConstraints: {} + # Example: The gitlab runner should be evenly spread across zones + # - maxSkew: 1 + # topologyKey: zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # foo: bar + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} + # Example: The gitlab runner manager should not run on spot instances so you can assign + # them to the regular worker nodes only. + # node-role.kubernetes.io/worker: "true" + +## List of node taints to tolerate (requires Kubernetes >= 1.6) +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint + # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes. + # - key: "node-role.kubernetes.io/worker" + # operator: "Exists" + +## Configure environment variables that will be present when the registration command runs +## This provides further control over the registration process and the config.toml file +## ref: `gitlab-runner register --help` +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html +## +# envVars: +# - name: RUNNER_EXECUTOR +# value: kubernetes + +## list of hosts and IPs that will be injected into the pod's hosts file +hostAliases: [] + # Example: + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # - ip: "10.1.2.3" + # hostnames: + # - "foo.remote" + # - "bar.remote" + +## Annotations to be added to deployment +## +deploymentAnnotations: {} + # Example: + # downscaler/uptime: + +## Labels to be added to deployment +## +deploymentLabels: {} + # Example: + # owner.team: + +## Annotations to be added to manager pod +## +podAnnotations: {} + # Example: + # iam.amazonaws.com/role: + +## Labels to be added to manager pod +## +podLabels: {} + # Example: + # owner.team: + +## HPA support for custom metrics: +## This section enables runners to autoscale based on defined custom metrics. +## In order to use this functionality, Need to enable a custom metrics API server by +## implementing "custom.metrics.k8s.io" using supported third party adapter +## Example: https://github.com/directxman12/k8s-prometheus-adapter +## +#hpa: {} + # minReplicas: 1 + # maxReplicas: 10 + # metrics: + # - type: Pods + # pods: + # metricName: gitlab_runner_jobs + # targetAverageValue: 400m + +## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works: +## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +priorityClassName: "" + +## Secrets to be additionally mounted to the containers. +## All secrets are mounted through init-runner-secrets volume +## and placed as readonly at /init-secrets in the init container +## and finally copied to an in-memory volume runner-secrets that is +## mounted at /secrets. +secrets: [] + # Example: + # - name: my-secret + # - name: myOtherSecret + # items: + # - key: key_one + # path: path_one + +## Boolean to turn off the automountServiceAccountToken in the deployment +## ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume +## +# automountServiceAccountToken: false + +## Additional config files to mount in the containers in `/configmaps`. +## +## Please note that a number of keys are reserved by the runner. +## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml +## for a current list. +configMaps: {} + +## Additional volumeMounts to add to the runner container +## +volumeMounts: [] + # Example: + # - name: my-volume + # mountPath: /mount/path + +## Additional volumes to add to the runner deployment +## +volumes: [] + # Example: + # - name: my-volume + # persistentVolumeClaim: + # claimName: my-pvc