· 4 years ago · Mar 02, 2021, 08:02 PM
1
2
3## GitLab Runner Image
4##
5## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
6## where {VERSION} is taken from Chart.yaml from appVersion field
7##
8## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
9##
10## Note: If you change the image to the ubuntu release
11## don't forget to change the securityContext;
12## these images run on different user IDs.
13##
14# image: gitlab/gitlab-runner:alpine-v11.6.0
15
16## Specify a imagePullPolicy
17## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
18## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
19##
20imagePullPolicy: Always
21
22## Specifying ImagePullSecrets on a Pod
23## Kubernetes supports specifying container image registry keys on a Pod.
24## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
25##
26imagePullSecrets:
27 - name: "registry-harbor"
28
29## The GitLab Server URL (with protocol) that want to register the runner against
30## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
31##
32gitlabUrl: https://gitlab.minhafirma.com.br
33
34## The Registration Token for adding new Runners to the GitLab Server. This must
35## be retrieved from your GitLab Instance.
36## ref: https://docs.gitlab.com/ce/ci/runners/README.html
37##
38runnerRegistrationToken: "HHwpkr5TKZyVXddascUz"
39
40## The Runner Token for adding new Runners to the GitLab Server. This must
41## be retrieved from your GitLab Instance. It is token of already registered runner.
42## ref: (we don't yet have docs for that, but we want to use existing token)
43##
44# runnerToken: ""
45#
46## Unregister all runners before termination
47##
48## Updating the runner's chart version or configuration will cause the runner container
49## to be terminated and created again. This may cause your Gitlab instance to reference
50## non-existant runners. Un-registering the runner before termination mitigates this issue.
51## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
52##
53# unregisterRunners: true
54
55## When stopping the runner, give it time to wait for its jobs to terminate.
56##
57## Updating the runner's chart version or configuration will cause the runner container
58## to be terminated with a graceful stop request. terminationGracePeriodSeconds
59## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
60## ref: https://docs.gitlab.com/runner/commands/#signals
61terminationGracePeriodSeconds: 3600
62
63## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
64## Provide resource name for a Kubernetes Secret Object in the same namespace,
65## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
66## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
67##
68# certsSecretName:
69
70## Configure the maximum number of concurrent jobs
71## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
72##
73concurrent: 20
74
75## Defines in seconds how often to check GitLab for a new builds
76## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
77##
78checkInterval: 30
79
80## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
81## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
82##
83# logLevel:
84
85## Configure GitLab Runner's logging format. Available values are: runner, text, json
86## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
87##
88logFormat: json
89
90## Configure GitLab Runner's Sentry DSN.
91## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
92##
93# sentryDsn:
94
95## A custom bash script that will be executed prior to the invocation
96## gitlab-runner process
97#
98#preEntrypointScript: |
99# echo "hello"
100
101## For RBAC support:
102rbac:
103 create: true
104 ## Define specific rbac permissions.
105 # resources: ["pods", "pods/exec", "secrets"]
106 # verbs: ["get", "list", "watch", "create", "patch", "delete"]
107
108 ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
109 ## cluster-wide or only within namespace
110 clusterWideAccess: false
111
112 ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
113 ##
114 # serviceAccountName: default
115
116 ## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn
117 ##
118 ## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
119 ##
120 # serviceAccountAnnotations: {}
121
122 ## Use podSecurity Policy
123 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
124 podSecurityPolicy:
125 enabled: false
126 resourceNames:
127 - gitlab-runner
128
129 ## Specify one or more imagePullSecrets used for pulling the runner image
130 ##
131 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
132 ##
133 imagePullSecrets:
134 - registry-harbor
135
136## Configure integrated Prometheus metrics exporter
137## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
138metrics:
139 enabled: true
140
141## Configuration for the Pods that the runner launches for each new job
142##
143runners:
144 config: |
145 [[runners]]
146 environment = ["FEATURE_FLAG_NAME=1","FF_GITLAB_REGISTRY_HELPER_IMAGE=true"]
147 [runners.kubernetes]
148 image = "alpine:latest"
149 pull_policy = "always"
150
151 ## Which executor should be used
152 ##
153 executor: kubernetes
154
155 ## Default container image to use for builds when none is specified
156 ##
157 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
158 # image: ubuntu:16.04
159
160 ## Specify one or more imagePullSecrets
161 ##
162 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
163 ##
164 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
165 # imagePullSecrets:
166
167 ## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
168 ##
169 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
170 # imagePullPolicy: ""
171
172 ## Defines number of concurrent requests for new job from GitLab
173 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
174 ##
175 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
176 # requestConcurrency: 1
177
178 ## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
179 ##
180 locked: false
181
182 ## Specify the tags associated with the runner. Comma-separated list of tags.
183 ##
184 ## ref: https://docs.gitlab.com/ce/ci/runners/#use-tags-to-limit-the-number-of-jobs-using-the-runner
185 ##
186 tags: "k8s"
187
188 ## Specify the name for the runner.
189 ##
190 # name: ""
191
192
193 ## Specify if jobs without tags should be run.
194 ## If not specified, Runner will default to true if no tags were specified. In other case it will
195 ## default to false.
196 ##
197 ## ref: https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs
198 ##
199 # runUntagged: true
200
201 ## Specify whether the runner should only run protected branches.
202 ## Defaults to False.
203 ##
204 ## ref: https://docs.gitlab.com/ee/ci/runners/#prevent-runners-from-revealing-sensitive-information
205 ##
206 # protected: true
207
208 ## Run all containers with the privileged flag enabled
209 ## This will allow the docker:dind image to run if you need to run Docker
210 ## commands. Please read the docs before turning this on:
211 ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
212 ##
213 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
214 privileged: true
215
216 ## The name of the secret containing runner-token and runner-registration-token
217 # secret: gitlab-runner
218
219 ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
220 ##
221 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
222 # namespace:
223
224 ## The amount of time, in seconds, that needs to pass before the runner will
225 ## timeout attempting to connect to the container it has just created.
226 ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html
227 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
228 # pollTimeout: 180
229
230 ## Set maximum build log size in kilobytes, by default set to 4096 (4MB)
231 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
232 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
233 # outputLimit: 4096
234
235 ## Distributed runners caching
236 ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
237 ##
238 ## If you want to use s3 based distributing caching:
239 ## First of all you need to uncomment General settings and S3 settings sections.
240 ##
241 ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
242 ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
243 ##
244 ## $ kubectl create secret generic s3access \
245 ## --from-literal=accesskey="YourAccessKey" \
246 ## --from-literal=secretkey="YourSecretKey"
247 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
248 ##
249 ## If you want to use gcs based distributing caching:
250 ## First of all you need to uncomment General settings and GCS settings sections.
251 ##
252 ## Access using credentials file:
253 ## Create a secret 'google-application-credentials' containing your application credentials file.
254 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
255 ## You could configure
256 ## $ kubectl create secret generic google-application-credentials \
257 ## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
258 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
259 ##
260 ## Access using access-id and private-key:
261 ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
262 ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
263 ## You could configure
264 ## $ kubectl create secret generic gcsaccess \
265 ## --from-literal=gcs-access-id="YourAccessID" \
266 ## --from-literal=gcs-private-key="YourPrivateKey"
267 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
268 ##
269 ## If you want to use Azure-based distributed caching:
270 ## First, uncomment General settings.
271 ##
272 ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
273 ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
274 ##
275 ## $ kubectl create secret generic azureaccess \
276 ## --from-literal=azure-account-name="YourAccountName" \
277 ## --from-literal=azure-account-key="YourAccountKey"
278 ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
279
280 cache:
281 ## General settings
282 cacheType: s3
283 cachePath: "gitlab_runner"
284 cacheShared: true
285
286 ## S3 settings
287 s3ServerAddress: s3.amazonaws.com
288 s3BucketName: gitlab-runnercache-objectstore
289 s3BucketLocation: eu-central-1
290 s3CacheInsecure: false
291 secretName: s3access
292 ## Build Container specific configuration
293 ##
294 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
295 builds: {}
296 # cpuLimit: 200m
297 # cpuLimitOverwriteMaxAllowed: 400m
298 # memoryLimit: 256Mi
299 # memoryLimitOverwriteMaxAllowed: 512Mi
300 # cpuRequests: 100m
301 # cpuRequestsOverwriteMaxAllowed: 200m
302 # memoryRequests: 128Mi
303 # memoryRequestsOverwriteMaxAllowed: 256Mi
304
305 ## Service Container specific configuration
306 ##
307 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
308 services: {}
309 # cpuLimit: 200m
310 # memoryLimit: 256Mi
311 # cpuRequests: 100m
312 # memoryRequests: 128Mi
313
314 ## Helper Container specific configuration
315 ##
316 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
317 helpers: {}
318 # cpuLimit: 200m
319 # memoryLimit: 256Mi
320 # cpuRequests: 100m
321 # memoryRequests: 128Mi
322 # image: "gitlab/gitlab-runner-helper:x86_64-${CI_RUNNER_REVISION}"
323
324 ## Helper container security context configuration
325 ## Refer to https://docs.gitlab.com/runner/executors/kubernetes.html#using-security-context
326 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
327 # pod_security_context:
328 # run_as_non_root: true
329 # run_as_user: 100
330 # run_as_group: 100
331 # fs_group: 65533
332 # supplemental_groups: [101, 102]
333
334 ## Service Account to be used for runners
335 ##
336 # serviceAccountName:
337
338 ## If Gitlab is not reachable through $CI_SERVER_URL
339 ##
340 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
341 # cloneUrl:
342
343 ## Specify node labels for CI job pods assignment
344 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
345 ##
346 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
347 nodeSelector:
348 node.kubernetes.io/lifecycle: spots
349
350 ## Specify node tolerations for CI job pods assignment
351 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
352 ##
353 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
354 # nodeTolerations: {}
355
356 ## Specify pod labels for CI job pods
357 ##
358 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
359 # podLabels: {}
360
361 ## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role
362 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
363 # podAnnotations: {}
364
365 ## Configure environment variables that will be injected to the pods that are created while
366 ## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`,
367 ## to `gitlab-runner register` command.
368 ##
369 ## Note that `envVars` (see below) are only present in the runner pod, not the pods that are
370 ## created for each build.
371 ##
372 ## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register
373 ##
374 ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
375 # env:
376 # NAME: VALUE
377
378
379## Configure securitycontext
380## ref: http://kubernetes.io/docs/user-guide/security-context/
381##
382securityContext:
383 fsGroup: 65533
384 runAsUser: 100
385 ## Note: values for the ubuntu image:
386 # fsGroup: 999
387 # runAsUser: 999
388
389## Configure resource requests and limits
390## ref: http://kubernetes.io/docs/user-guide/compute-resources/
391##
392resources: {}
393 # limits:
394 # memory: 256Mi
395 # cpu: 200m
396 # requests:
397 # memory: 128Mi
398 # cpu: 100m
399
400## Affinity for pod assignment
401## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
402##
403affinity: {}
404
405## Node labels for pod assignment
406## Ref: https://kubernetes.io/docs/user-guide/node-selection/
407##
408nodeSelector:
409 node.kubernetes.io/lifecycle: normal
410 # Example: The gitlab runner manager should not run on spot instances so you can assign
411 # them to the regular worker nodes only.
412 # node-role.kubernetes.io/worker: "true"
413
414## List of node taints to tolerate (requires Kubernetes >= 1.6)
415## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
416##
417tolerations: []
418 # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
419 # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
420 # - key: "node-role.kubernetes.io/worker"
421 # operator: "Exists"
422
423## Configure environment variables that will be present when the registration command runs
424## This provides further control over the registration process and the config.toml file
425## ref: `gitlab-runner register --help`
426## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
427##
428# envVars:
429# - name: RUNNER_EXECUTOR
430# value: kubernetes
431
432## list of hosts and IPs that will be injected into the pod's hosts file
433hostAliases: []
434 # Example:
435 # - ip: "127.0.0.1"
436 # hostnames:
437 # - "foo.local"
438 # - "bar.local"
439 # - ip: "10.1.2.3"
440 # hostnames:
441 # - "foo.remote"
442 # - "bar.remote"
443
444## Annotations to be added to manager pod
445##
446podAnnotations: {}
447 # Example:
448 # iam.amazonaws.com/role: <my_role_arn>
449
450## Labels to be added to manager pod
451##
452podLabels: {}
453 # Example:
454 # owner.team: <my_cool_team>
455
456## HPA support for custom metrics:
457## This section enables runners to autoscale based on defined custom metrics.
458## In order to use this functionality, Need to enable a custom metrics API server by
459## implementing "custom.metrics.k8s.io" using supported third party adapter
460## Example: https://github.com/directxman12/k8s-prometheus-adapter
461##
462#hpa: {}
463 # minReplicas: 1
464 # maxReplicas: 10
465 # metrics:
466 # - type: Pods
467 # pods:
468 # metricName: gitlab_runner_jobs
469 # targetAverageValue: 400m
470