sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[add] gitlab-runner helm chart

Browse Source 
contents:
- gitlab-runner helm chart 추가
This commit is contained in:
jungsungrock
2024-02-07 10:02:16 +09:00
parent 6074d4cfb1
commit d85f51e018
27 changed files with 2682 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
exemONE/helm/gitlab-runner/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,36 @@
{{- if include "gitlab-runner.gitlabUrl" . }}
Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ include "gitlab-runner.gitlabUrl" . }}
{{- else -}}
#############################################################################################
## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ##
#############################################################################################
This deployment will be incomplete until you provide the URL that your
GitLab instance is reachable at:
helm upgrade {{ .Release.Name }} \
--set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \
gitlab/gitlab-runner
{{- end -}}
{{- if not .Values.runners.config }}
#############################################################################################
## WARNING: You don't seem to be using the GitLab Runner config template functionality. ##
## Configuring the GitLab Runner through that template is recommended as other ##
## configuration options will be deprecated in Helm Chart 1.0. Read more at ##
## https://docs.gitlab.com/runner/install/kubernetes.html#using-configuration-template. ##
#############################################################################################
{{- end }}
{{- $runnerNamespace := regexFind "\\s*namespace\\s*=.+\\s*" (tpl .Values.runners.config $) | regexFind "=.+" | trimPrefix "=" | trim -}}
{{- if regexMatch "\\s*namespace\\s*=" .Values.runners.config }}
Runner namespace {{ $runnerNamespace }} was found in runners.config template.
{{- if .Values.runners.namespace }}
#############################################################################################
## WARNING: You have set the namespace in runners.config and also set in deprecated ##
## runner.namespace element. The runners.config namespace will be ignored. ##
#############################################################################################
{{- end }}
{{- end }}

28
exemONE/helm/gitlab-runner/templates/_env_vars.tpl Normal file
View File

@@ -0,0 +1,28 @@
{{- define "gitlab-runner.runner-env-vars" }}
- name: CI_SERVER_URL
value: {{ include "gitlab-runner.gitlabUrl" . }}
- name: RUNNER_EXECUTOR
value: {{ default "kubernetes" .Values.runners.executor | quote }}
{{- if eq (include "gitlab-runner.isAuthToken" .) "false" }}
- name: REGISTER_LOCKED
{{ if or (not (hasKey .Values.runners "locked")) .Values.runners.locked -}}
value: "true"
{{- else -}}
value: "false"
{{- end }}
- name: RUNNER_TAG_LIST
value: {{ default "" .Values.runners.tags | quote }}
{{- end }}
{{- if eq (default "kubernetes" .Values.runners.executor) "kubernetes" }}
{{- if not (regexMatch "\\s*namespace\\s*=" .Values.runners.config) }}
- name: KUBERNETES_NAMESPACE
value: {{ .Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- if .Values.envVars -}}
{{ range .Values.envVars }}
- name: {{ .name }}
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- end }}

115
exemONE/helm/gitlab-runner/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,115 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gitlab-runner.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "gitlab-runner.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if hasPrefix $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gitlab-runner.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Define the name of the secret containing the tokens
*/}}
{{- define "gitlab-runner.secret" -}}
{{- default (include "gitlab-runner.fullname" .) .Values.runners.secret | quote -}}
{{- end -}}
{{/*
Define the name of the s3 cache secret
*/}}
{{- define "gitlab-runner.cache.secret" -}}
{{- if hasKey .Values.runners.cache "secretName" -}}
{{- .Values.runners.cache.secretName | quote -}}
{{- end -}}
{{- end -}}
{{/*
Template for outputing the gitlabUrl
*/}}
{{- define "gitlab-runner.gitlabUrl" -}}
{{- .Values.gitlabUrl | quote -}}
{{- end -}}
{{/*
Define the image, using .Chart.AppVersion and GitLab Runner image as a default value
*/}}
{{- define "gitlab-runner.image" }}
{{- $appVersion := ternary "bleeding" (print "v" .Chart.AppVersion) (eq .Chart.AppVersion "bleeding") -}}
{{- $appVersionImageTag := printf "alpine-%s" $appVersion -}}
{{- $imageRegistry := ternary "" (print .Values.image.registry "/") (eq .Values.image.registry "") -}}
{{- $imageTag := default $appVersionImageTag .Values.image.tag -}}
{{- printf "%s%s:%s" $imageRegistry .Values.image.image $imageTag }}
{{- end -}}
{{/*
Define the server session timeout, using 1800 as a default value
*/}}
{{- define "gitlab-runner.server-session-timeout" }}
{{- default 1800 .Values.sessionServer.timeout }}
{{- end -}}
{{/*
Define the server session internal port, using 9000 as a default value
*/}}
{{- define "gitlab-runner.server-session-external-port" }}
{{- default 9000 .Values.sessionServer.externalPort }}
{{- end -}}
{{/*
Define the server session external port, using 8093 as a default value
*/}}
{{- define "gitlab-runner.server-session-internal-port" }}
{{- default 8093 .Values.sessionServer.internalPort }}
{{- end -}}
{{/*
Unregister runners on pod stop
*/}}
{{- define "gitlab-runner.unregisterRunners" -}}
{{- if or (and (hasKey .Values "unregisterRunners") .Values.unregisterRunners) (and (not (hasKey .Values "unregisterRunners")) .Values.runnerRegistrationToken) -}}
lifecycle:
preStop:
exec:
command: ["/entrypoint", "unregister", "--all-runners"]
{{- end -}}
{{- end -}}
{{/*
Define if the registration token provided (if any)
is an authentication token or not
*/}}
{{- define "gitlab-runner.isAuthToken" -}}
{{- $isAuthToken := false -}}
{{- $hasRegistrationToken := hasKey .Values "runnerRegistrationToken" -}}
{{- if $hasRegistrationToken -}}
{{- $token := .Values.runnerRegistrationToken -}}
{{- $isAuthToken = or (empty $token) (hasPrefix "glrt-" $token) -}}
{{- else -}}
{{- $token := default "" .Values.runnerToken -}}
{{- $isAuthToken = and (not (empty $token)) (hasPrefix "glrt-" $token) -}}
{{- end -}}
{{- $isAuthToken -}}
{{- end -}}

226
exemONE/helm/gitlab-runner/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,226 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
entrypoint: |
#!/bin/bash
set -e
export CONFIG_PATH_FOR_INIT="{{ ternary "/.gitlab-runner/" "/home/gitlab-runner/.gitlab-runner/" (and (hasKey .Values.securityContext "runAsNonRoot") (not .Values.securityContext.runAsNonRoot)) }}"
mkdir -p ${CONFIG_PATH_FOR_INIT}
cp /configmaps/config.toml ${CONFIG_PATH_FOR_INIT}
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
quit() {
kill -TERM "$child"
}
trap quit QUIT TERM
sh /configmaps/set-session-server-address &
child=$!
wait "$child"
{{- end }}
# Set up environment variables for cache
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey)
fi
if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file"
elif [[ -f /secrets/gcs-application-credentials-file ]]; then
export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file"
else
if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then
export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id)
# echo -e used to make private key multiline (in google json auth key private key is oneline with \n)
export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key))
fi
fi
if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then
export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name)
export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key)
fi
if [[ -f /secrets/runner-registration-token ]]; then
export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token)
fi
if [[ -f /secrets/runner-token ]]; then
export CI_SERVER_TOKEN=$(cat /secrets/runner-token)
fi
# Register the runner
if ! sh /configmaps/register-the-runner; then
exit 1
fi
# Run pre-entrypoint-script
if ! bash /configmaps/pre-entrypoint-script; then
exit 1
fi
# Start the runner
exec /entrypoint run \
{{- if and .Values.runners.executor (ne "shell" ((.Values.runners.executor) | toString)) }}
--user=gitlab-runner \
{{- end }}
--working-directory=/home/gitlab-runner
config.toml: |
shutdown_timeout = {{ .Values.shutdown_timeout }}
concurrent = {{ .Values.concurrent }}
check_interval = {{ .Values.checkInterval }}
log_level = {{ default "info" .Values.logLevel | quote }}
{{- if .Values.logFormat }}
log_format = {{ .Values.logFormat | quote }}
{{- end }}
{{- if .Values.metrics.enabled }}
listen_address = ":{{ .Values.metrics.port }}"
{{- end }}
{{- if .Values.sentryDsn }}
sentry_dsn = "{{ .Values.sentryDsn }}"
{{- end }}
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
[session_server]
session_timeout = {{ include "gitlab-runner.server-session-timeout" . }}
listen_address = "0.0.0.0:{{ include "gitlab-runner.server-session-internal-port" . }}"
advertise_address = "SESSION_SERVER_IP:{{ include "gitlab-runner.server-session-external-port" . }}"
{{- end }}
{{ if .Values.runners.config }}
config.template.toml: {{ tpl .Values.runners.config $ | toYaml | indent 2 }}
{{ end }}
register-the-runner: |
#!/bin/bash
function signal_handler() {
if [ ! -d "/proc/$register_pid" ]; then
wait $register_pid
fi
exit
}
trap 'signal_handler' SIGQUIT
trap 'signal_handler' SIGINT
MAX_REGISTER_ATTEMPTS=30
# Reset/unset the not needed flags when an authentication token
RUN_UNTAGGED="{{ ternary "--run-untagged=true" "" (and (hasKey .Values.runners "runUntagged") .Values.runners.runUntagged) }}"
ACCESS_LEVEL="{{ ternary "--access-level=ref_protected" "" (and (hasKey .Values.runners "protected") .Values.runners.protected) }}"
{{- if eq (include "gitlab-runner.isAuthToken" . ) "true" }}
RUN_UNTAGGED=""
ACCESS_LEVEL=""
unset REGISTER_LOCKED
unset RUNNER_TAG_LIST
{{- end }}
for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do
echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}"
/entrypoint register \
{{- if and (hasKey .Values.runners "name") .Values.runners.name }}
--name={{ .Values.runners.name | quote -}} \
{{- end }}
{{- if and (hasKey .Values.runners "maximumTimeout") .Values.runners.maximumTimeout }}
--maximum-timeout={{ .Values.runners.maximumTimeout | quote -}} \
{{- end }}
{{- if eq (include "gitlab-runner.isAuthToken" . ) "false" }}
${RUN_UNTAGGED} \
${ACCESS_LEVEL} \
{{- end }}
{{- if .Values.runners.config }}
--template-config /configmaps/config.template.toml \
{{- else if .Values.runners.configPath }}
--template-config {{ .Values.runners.configPath }} \
{{- end }}
--non-interactive &
register_pid=$!
wait $register_pid
retval=$?
if [ ${retval} = 0 ]; then
break
elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then
exit 1
fi
sleep 5
done
exit 0
check-live: |
#!/bin/bash
set -eou pipefail
if ! /usr/bin/pgrep -f ".*register-the-runner" > /dev/null && ! /usr/bin/pgrep -f "gitlab.*runner" > /dev/null ; then
exit 1
fi
name=$(awk -F'"' '/^ name = ".*"/ { print $2 }' "${HOME%/root}/.gitlab-runner/config.toml")
url=$(awk -F'"' '/^ url = ".*"/ { print $2 }' "${HOME%/root}/.gitlab-runner/config.toml")
gitlab-runner verify -n "$name" -u "$url" 2>&1 | grep -E "is alive|is valid"
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
set-session-server-address: |
#!/bin/bash
{{- if (not .Values.sessionServer.publicIP) }}
APISERVER=https://kubernetes.default.svc \
&& SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount \
&& NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) \
&& TOKEN=$(cat ${SERVICEACCOUNT}/token) \
&& CACERT=${SERVICEACCOUNT}/ca.crt \
&& header="Authorization: Bearer ${TOKEN}"
SERVICEURL=${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/{{ include "gitlab-runner.fullname" . }}-session-server
has_address=false
while [ "${has_address}" = false ]; do
SERVICEIP=$(curl —-silent \
--cacert ${CACERT} \
--header "${header}" \
-X GET ${SERVICEURL} 2>/dev/null \
| grep '"ip":' | cut -d ":" -f2 | xargs)
# for aws, the hostname is available but not the external IP
SERVICEHOSTNAME=$(curl —-silent \
--cacert ${CACERT} \
--header "${header}" \
-X GET ${SERVICEURL} 2>/dev/null \
| grep '"hostname":' | cut -d ":" -f2 | xargs)
ADDRESS="${SERVICEHOSTNAME:-$SERVICEIP}"
if [ -z "${ADDRESS}" ]
then
echo "Service LoadBalancer External Address not yet available"
has_address=false
sleep 5
else
has_address=true
sed -i -e "s/SESSION_SERVER_IP/${ADDRESS}/g" ${CONFIG_PATH_FOR_INIT}/config.toml
fi
done
{{- else }}
sed -i -e "s/SESSION_SERVER_IP/{{ .Values.sessionServer.publicIP }}/g" ${CONFIG_PATH_FOR_INIT}/config.toml
{{- end}}
{{ end }}
pre-entrypoint-script: |
{{ .Values.preEntrypointScript | default "" | indent 4 }}
{{ if not (empty .Values.configMaps) }}{{ toYaml .Values.configMaps | indent 2 }}{{ end }}

183
exemONE/helm/gitlab-runner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,183 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- range $key, $value := .Values.deploymentLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- toYaml .Values.deploymentAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.hpa}}
replicas: {{ default 1 .Values.replicas }}
{{- end}}
revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }}
selector:
matchLabels:
app: {{ include "gitlab-runner.fullname" . }}
{{- with .Values.strategy }}
strategy: {{ toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.metrics.enabled }}
prometheus.io/scrape: 'true'
prometheus.io/port: {{ .Values.metrics.port | quote }}
{{- end }}
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if hasKey .Values "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
containers:
- name: {{ include "gitlab-runner.fullname" . }}
image: {{ include "gitlab-runner.image" . }}
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
securityContext: {{ toYaml .Values.securityContext | nindent 10 }}
{{- include "gitlab-runner.unregisterRunners" . | nindent 8 }}
{{- if .Values.useTini }}
command: ["/usr/local/bin/tini", "--", "/bin/bash", "/configmaps/entrypoint"]
{{- else }}
command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
{{- end }}
env:
{{ include "gitlab-runner.runner-env-vars" . | indent 8 }}
livenessProbe:
exec:
command: ["/bin/bash", "/configmaps/check-live"]
initialDelaySeconds: 60
timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }}
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command: ["/usr/bin/pgrep","gitlab.*runner"]
initialDelaySeconds: 10
timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }}
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- name: {{ .Values.metrics.portName | quote }}
containerPort: {{ .Values.metrics.port }}
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
- name: session-server
containerPort: {{ include "gitlab-runner.server-session-internal-port" . }}
protocol: TCP
{{- end }}
volumeMounts:
{{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }}
- name: projected-secrets
mountPath: /secrets
{{- end }}
- name: etc-gitlab-runner
mountPath: /home/gitlab-runner/.gitlab-runner
- name: configmaps
mountPath: /configmaps
{{- if .Values.certsSecretName }}
- name: custom-certs
readOnly: true
mountPath: /home/gitlab-runner/.gitlab-runner/certs/
{{- end }}
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
volumes:
- name: runner-secrets
emptyDir:
medium: "Memory"
- name: etc-gitlab-runner
emptyDir:
medium: "Memory"
{{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }}
- name: projected-secrets
projected:
sources:
{{- if include "gitlab-runner.cache.secret" . }}
- secret:
name: {{ include "gitlab-runner.cache.secret" . }}
{{- end }}
{{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }}
- secret:
name: {{ include "gitlab-runner.secret" . }}
items:
- key: runner-registration-token
path: runner-registration-token
- key: runner-token
path: runner-token
{{- end }}
{{- range .Values.secrets }}
- secret:
{{ toYaml . | indent 16 }}
{{- end }}
{{- end }}
{{- if .Values.certsSecretName }}
- name: custom-certs
secret:
secretName: {{ .Values.certsSecretName }}
{{- end }}
- name: configmaps
configMap:
name: {{ include "gitlab-runner.fullname" . }}
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 6 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.topologySpreadConstraints | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}

22
exemONE/helm/gitlab-runner/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.hpa}}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
apiVersion: autoscaling/v2
{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }}
apiVersion: autoscaling/v2beta2
{{- else }}
apiVersion: autoscaling/v2beta1
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "gitlab-runner.fullname" . }}
minReplicas: {{ default 1 .Values.hpa.minReplicas }}
maxReplicas: {{ default 1 .Values.hpa.maxReplicas }}
metrics:
{{ toYaml .Values.hpa.metrics | indent 2 }}
{{- end}}

22
exemONE/helm/gitlab-runner/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRoleBinding"{{ else }}"RoleBinding"{{ end }}
metadata:
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if not .Values.rbac.clusterWideAccess -}}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }}
name: {{ include "gitlab-runner.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "gitlab-runner.fullname" . }}
namespace: "{{ .Release.Namespace }}"
{{- end -}}

32
exemONE/helm/gitlab-runner/templates/role.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }}
metadata:
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if not .Values.rbac.clusterWideAccess -}}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
rules:
{{- if .Values.rbac.podSecurityPolicy.enabled }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{ toYaml .Values.rbac.podSecurityPolicy.resourceNames | indent 2 }}
{{- end }}
{{- if empty .Values.rbac.rules }}
- apiGroups: [""]
resources: {{ (list "*") | toJson }}
verbs: {{ (list "*") | toJson }}
{{- end -}}
{{ range .Values.rbac.rules }}
- apiGroups: {{ (default (list "") .apiGroups) | toJson }}
resources: {{ (default (list "*") .resources) | toJson }}
verbs: {{ (default (list "*") .verbs) | toJson }}
{{- end }}
{{- end -}}

16
exemONE/helm/gitlab-runner/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or .Values.runnerRegistrationToken .Values.runnerToken -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitlab-runner.secret" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }}
runner-token: {{ default "" .Values.runnerToken | b64enc | quote }}
{{- end -}}

24
exemONE/helm/gitlab-runner/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.rbac.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- if .Values.rbac.serviceAccountAnnotations }}
annotations:
{{- range $key, $value := .Values.rbac.serviceAccountAnnotations }}
{{ $key }}: {{ tpl ($value) $ | quote }}
{{- end }}
{{- end}}
name: {{ include "gitlab-runner.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if .Values.rbac.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.rbac.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

32
exemONE/helm/gitlab-runner/templates/service-session-server.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitlab-runner.fullname" . }}-session-server
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.sessionServer.annotations }}
annotations:
{{- toYaml .Values.sessionServer.annotations | nindent 4 }}
{{- end }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
app: {{ include "gitlab-runner.fullname" . }}
release: "{{ .Release.Name }}"
type: LoadBalancer
{{- if .Values.sessionServer.publicIP }}
loadBalancerIP: {{ .Values.sessionServer.publicIP }}
{{- end }}
{{- if .Values.sessionServer.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.sessionServer.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- protocol: TCP
port: {{ include "gitlab-runner.server-session-external-port" . }}
targetPort: {{ include "gitlab-runner.server-session-internal-port" . }}
{{- end }}

52
exemONE/helm/gitlab-runner/templates/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if and .Values.service.enabled .Values.metrics.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitlab-runner.fullname" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.service.labels }}
{{- toYaml .Values.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP | quote }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
- {{ $cidr | quote }}
{{- end }}
{{- end }}
ports:
{{- if .Values.metrics.enabled }}
- name: {{ .Values.metrics.portName | quote }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.service.metrics.nodePort }}
{{- end }}
port: {{ .Values.metrics.port }}
targetPort: {{ .Values.metrics.portName | quote }}
{{- end }}
{{- if .Values.service.additionalPorts }}
{{- toYaml .Values.service.additionalPorts | nindent 2 }}
{{- end }}
selector:
app: {{ include "gitlab-runner.fullname" . | quote }}
release: {{ .Release.Name | quote }}
type: {{ .Values.service.type | default "ClusterIP" | quote }}
{{- end }}

56
exemONE/helm/gitlab-runner/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,56 @@
{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.enabled .Values.service.enabled -}}
{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "gitlab-runner.fullname" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.metrics.portName | quote }}
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scheme }}
scheme: {{ .Values.metrics.serviceMonitor.scheme | quote }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml .Values.metrics.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6) . }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.path }}
path: {{ .Values.metrics.serviceMonitor.path }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $.Release.Namespace | quote }}
selector:
matchLabels:
app: {{ include "gitlab-runner.fullname" . | quote }}
chart: {{ include "gitlab-runner.chart" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- end }}
{{- end }}