· 6 years ago · Feb 04, 2019, 09:28 AM
1# Init helm client on k8s cluster for using helm with gitlab runner
2function init_helm() {
3 docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
4 mkdir -p /etc/deploy
5 echo ${kube_config} | base64 -d > ${KUBECONFIG}
6 kubectl config use-context ${K8S_CURRENT_CONTEXT}
7 helm init --client-only
8 helm repo add stable https://kubernetes-charts.storage.googleapis.com/
9 helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
10 helm repo update
11}
12
13# Deploy latest tagged image on k8s cluster
14function deploy_k8s_cluster() {
15 echo "Create and apply secret for docker gitlab runner access to gitlab private registry ..."
16 kubectl create secret -n "$KUBERNETES_NAMESPACE_OVERWRITE"
17 docker-registry gitlab-registry
18 --docker-server="https://registry.gitlab.com/v2/"
19 --docker-username="${CI_DEPLOY_USER:-$CI_REGISTRY_USER}"
20 --docker-password="${CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}"
21 --docker-email="$GITLAB_USER_EMAIL"
22 -o yaml --dry-run | kubectl replace -n "$KUBERNETES_NAMESPACE_OVERWRITE" --force -f -
23 echo "Build helm dependancies in $CHART_TEMPLATE"
24 cd $CHART_TEMPLATE/
25 helm dep build
26 export DEPLOYS="$(helm ls | grep $PROJECT_NAME | wc -l)"
27 if [[ ${DEPLOYS} -eq 0 ]]; then
28 echo "Creating the new chart ..."
29 helm install --name ${PROJECT_NAME} --namespace=${KUBERNETES_NAMESPACE_OVERWRITE} . -f values.yaml
30 else
31 echo "Updating the chart ..."
32 helm upgrade ${PROJECT_NAME} --namespace=${KUBERNETES_NAMESPACE_OVERWRITE} . -f values.yaml
33 fi
34}
35
36Failed to pull image "registry.gitlab.com/path/to/repo/project/image:TAG_NUMBER": rpc error: code
37= Unknown desc = Error response from daemon: Get https://registry.gitlab.com/v2/path/to/repo/project/image/manifests/image:TAG_NUMBER: denied: access forbidden
38
39## GitLab Runner Image
40##
41## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
42## where {VERSION} is taken from Chart.yaml from appVersion field
43##
44## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
45##
46# image: gitlab/gitlab-runner:alpine-v11.6.0
47
48## Specify a imagePullPolicy
49## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
50## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
51##
52imagePullPolicy: IfNotPresent
53
54## The GitLab Server URL (with protocol) that want to register the runner against
55## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
56##
57gitlabUrl: https://gitlab.com/
58
59## The Registration Token for adding new Runners to the GitLab Server. This must
60## be retrieved from your GitLab Instance.
61## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner
62##
63runnerRegistrationToken: "<token>"
64
65## The Runner Token for adding new Runners to the GitLab Server. This must
66## be retrieved from your GitLab Instance. It is token of already registered runner.
67## ref: (we don't yet have docs for that, but we want to use existing token)
68##
69# runnerToken: ""
70#
71## Unregister all runners before termination
72##
73## Updating the runner's chart version or configuration will cause the runner container
74## to be terminated and created again. This may cause your Gitlab instance to reference
75## non-existant runners. Un-registering the runner before termination mitigates this issue.
76## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
77##
78unregisterRunners: true
79
80## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
81## Provide resource name for a Kubernetes Secret Object in the same namespace,
82## this is used to populate the /etc/gitlab-runner/certs directory
83## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
84##
85# certsSecretName:
86
87## Configure the maximum number of concurrent jobs
88## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
89##
90concurrent: 10
91
92## Defines in seconds how often to check GitLab for a new builds
93## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
94##
95checkInterval: 30
96
97## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
98## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
99##
100# logLevel:
101
102## For RBAC support:
103rbac:
104 create: true
105
106 ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
107 ## cluster-wide or only within namespace
108 clusterWideAccess: true
109
110 ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
111 ##
112 serviceAccountName: default
113
114## Configure integrated Prometheus metrics exporter
115## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
116metrics:
117 enabled: true
118
119## Configuration for the Pods that that the runner launches for each new job
120##
121runners:
122 ## Default container image to use for builds when none is specified
123 ##
124 image: ubuntu:16.04
125
126 ## Specify one or more imagePullSecrets
127 ##
128 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
129 ##
130 imagePullSecrets: ["namespace-1", "namespace-2", "default"]
131
132 ## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
133 ##
134 # imagePullPolicy: ""
135
136 ## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
137 ##
138 # locked: true
139
140 ## Specify the tags associated with the runner. Comma-separated list of tags.
141 ##
142 ## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags
143 ##
144 tags: my-tag-1, my-tag-2"
145
146 ## Run all containers with the privileged flag enabled
147 ## This will allow the docker:dind image to run if you need to run Docker
148 ## commands. Please read the docs before turning this on:
149 ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind
150 ##
151 privileged: true
152
153 ## The name of the secret containing runner-token and runner-registration-token
154 # secret: gitlab-runner
155
156 ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
157 ##
158 # namespace:
159
160 # Regular expression to validate the contents of the namespace overwrite environment variable (documented following).
161 # When empty, it disables the namespace overwrite feature
162 namespace_overwrite_allowed: overrided-namespace-*
163
164 ## Distributed runners caching
165 ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching
166 ##
167 ## If you want to use s3 based distributing caching:
168 ## First of all you need to uncomment General settings and S3 settings sections.
169 ##
170 ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
171 ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
172 ##
173 ## $ kubectl create secret generic s3access
174 ## --from-literal=accesskey="YourAccessKey"
175 ## --from-literal=secretkey="YourSecretKey"
176 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
177 ##
178 ## If you want to use gcs based distributing caching:
179 ## First of all you need to uncomment General settings and GCS settings sections.
180 ##
181 ## Access using credentials file:
182 ## Create a secret 'google-application-credentials' containing your application credentials file.
183 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
184 ## You could configure
185 ## $ kubectl create secret generic google-application-credentials
186 ## --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json
187 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
188 ##
189 ## Access using access-id and private-key:
190 ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
191 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
192 ## You could configure
193 ## $ kubectl create secret generic gcsaccess
194 ## --from-literal=gcs-access-id="YourAccessID"
195 ## --from-literal=gcs-private-key="YourPrivateKey"
196 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
197 cache: {}
198 ## General settings
199 # cacheType: s3
200 # cachePath: "cache"
201 # cacheShared: true
202
203 ## S3 settings
204 # s3ServerAddress: s3.amazonaws.com
205 # s3BucketName:
206 # s3BucketLocation:
207 # s3CacheInsecure: false
208 # secretName: s3access
209
210 ## GCS settings
211 # gcsBucketName:
212 ## Use this line for access using access-id and private-key
213 # secretName: gcsaccess
214 ## Use this line for access using google-application-credentials file
215 # secretName: google-application-credential
216
217 ## Build Container specific configuration
218 ##
219 builds:
220 # cpuLimit: 200m
221 # memoryLimit: 256Mi
222 cpuRequests: 100m
223 memoryRequests: 128Mi
224
225 ## Service Container specific configuration
226 ##
227 services:
228 # cpuLimit: 200m
229 # memoryLimit: 256Mi
230 cpuRequests: 100m
231 memoryRequests: 128Mi
232
233 ## Helper Container specific configuration
234 ##
235 helpers:
236 # cpuLimit: 200m
237 # memoryLimit: 256Mi
238 cpuRequests: 100m
239 memoryRequests: 128Mi
240 image: gitlab/gitlab-runner-helper:x86_64-latest
241
242 ## Service Account to be used for runners
243 ##
244 # serviceAccountName:
245
246 ## If Gitlab is not reachable through $CI_SERVER_URL
247 ##
248 # cloneUrl:
249
250 ## Specify node labels for CI job pods assignment
251 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
252 ##
253 nodeSelector: {}
254 # gitlab: true
255
256## Configure resource requests and limits
257## ref: http://kubernetes.io/docs/user-guide/compute-resources/
258##
259resources:
260 # limits:
261 # memory: 256Mi
262 # cpu: 200m
263 requests:
264 memory: 128Mi
265 cpu: 100m
266
267## Affinity for pod assignment
268## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
269##
270affinity: {}
271
272## Node labels for pod assignment
273## Ref: https://kubernetes.io/docs/user-guide/node-selection/
274##
275nodeSelector: {}
276 # Example: The gitlab runner manager should not run on spot instances so you can assign
277 # them to the regular worker nodes only.
278 # node-role.kubernetes.io/worker: "true"
279
280## List of node taints to tolerate (requires Kubernetes >= 1.6)
281## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
282##
283tolerations: []
284 # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
285 # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
286 # - key: "node-role.kubernetes.io/worker"
287 # operator: "Exists"
288
289## Configure environment variables that will be present when the registration command runs
290## This provides further control over the registration process and the config.toml file
291## ref: `gitlab-runner register --help`
292## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
293##
294envVars:
295 - name: RUNNER_EXECUTOR
296 value: kubernetes