apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitlab-runner.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: app: {{ include "gitlab-runner.fullname" . }} chart: {{ include "gitlab-runner.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" {{- range $key, $value := .Values.deploymentLabels }} {{ $key }}: {{ $value | quote }} {{- end }} {{- if .Values.deploymentAnnotations }} annotations: {{- toYaml .Values.deploymentAnnotations | nindent 4 }} {{- end }} spec: {{- if not .Values.hpa}} replicas: {{ default 1 .Values.replicas }} {{- end}} revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }} selector: matchLabels: app: {{ include "gitlab-runner.fullname" . }} {{- with .Values.strategy }} strategy: {{ toYaml . | nindent 4 }} {{- end }} template: metadata: labels: app: {{ include "gitlab-runner.fullname" . }} chart: {{ include "gitlab-runner.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" {{- range $key, $value := .Values.podLabels }} {{ $key }}: {{ $value | quote }} {{- end }} annotations: checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} {{- end }} {{- if .Values.metrics.enabled }} prometheus.io/scrape: 'true' prometheus.io/port: {{ .Values.metrics.port | quote }} {{- end }} {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: {{- if hasKey .Values "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} containers: - name: {{ include "gitlab-runner.fullname" . }} image: {{ include "gitlab-runner.image" . }} imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} securityContext: {{ toYaml .Values.securityContext | nindent 10 }} {{- include "gitlab-runner.unregisterRunners" . | nindent 8 }} {{- if .Values.useTini }} command: ["/usr/local/bin/tini", "--", "/bin/bash", "/configmaps/entrypoint"] {{- else }} command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"] {{- end }} env: {{ include "gitlab-runner.runner-env-vars" . | indent 8 }} livenessProbe: exec: command: ["/bin/bash", "/configmaps/check-live"] initialDelaySeconds: 60 timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }} periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: exec: command: ["/usr/bin/pgrep","gitlab.*runner"] initialDelaySeconds: 10 timeoutSeconds: {{ default 3 .Values.probeTimeoutSeconds }} periodSeconds: 10 successThreshold: 1 failureThreshold: 3 ports: - name: {{ .Values.metrics.portName | quote }} containerPort: {{ .Values.metrics.port }} {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }} - name: session-server containerPort: {{ include "gitlab-runner.server-session-internal-port" . }} protocol: TCP {{- end }} volumeMounts: {{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }} - name: projected-secrets mountPath: /secrets {{- end }} - name: etc-gitlab-runner mountPath: /home/gitlab-runner/.gitlab-runner - name: configmaps mountPath: /configmaps {{- if .Values.certsSecretName }} - name: custom-certs readOnly: true mountPath: /home/gitlab-runner/.gitlab-runner/certs/ {{- end }} {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 8 }} {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} volumes: - name: runner-secrets emptyDir: medium: "Memory" - name: etc-gitlab-runner emptyDir: medium: "Memory" {{- if or (include "gitlab-runner.cache.secret" .) .Values.runnerRegistrationToken .Values.runnerToken .Values.secrets .Values.runners.secret }} - name: projected-secrets projected: sources: {{- if include "gitlab-runner.cache.secret" . }} - secret: name: {{ include "gitlab-runner.cache.secret" . }} {{- end }} {{- if or .Values.runnerRegistrationToken .Values.runnerToken .Values.runners.secret }} - secret: name: {{ include "gitlab-runner.secret" . }} items: - key: runner-registration-token path: runner-registration-token - key: runner-token path: runner-token {{- end }} {{- range .Values.secrets }} - secret: {{ toYaml . | indent 16 }} {{- end }} {{- end }} {{- if .Values.certsSecretName }} - name: custom-certs secret: secretName: {{ .Values.certsSecretName }} {{- end }} - name: configmaps configMap: name: {{ include "gitlab-runner.fullname" . }} {{- if .Values.volumes }} {{ toYaml .Values.volumes | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{ toYaml .Values.topologySpreadConstraints | indent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | indent 8 }} {{- end }}