1、add gitlab helm repo

  1. $ helm repo add gitlab https://charts.gitlab.io
  3. # For Helm 3
  4. $ helm install --namespace <NAMESPACE> gitlab-runner -f <CONFIG_VALUES_FILE> gitlab/gitlab-runner

2、upgrade gitlab runner chart

Once your GitLab Runner Chart is installed, configuration changes and chart updates should be done using helm upgrade:

  1. $ helm upgrade --namespace <NAMESPACE> -f <CONFIG_VALUES_FILE> <RELEASE-NAME> gitlab/gitlab-runner

3、Check available GitLab Runner Helm Chart versions

  1. # For Helm 3
  2. helm search repo -l gitlab/gitlab-runner

4、Configuring GitLab Runner using the Helm Chart

ref: https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/main/values.yaml

4.1、必须配置

For GitLab Runner to function, your configuration file must specify the following:

gitlabUrl - the GitLab server full URL (e.g., https://gitlab.example.com)) to register the runner against.

runnerRegistrationToken - The registration token for adding new runners to GitLab. This must be retrieved from your GitLab instance.

4.2、可选配置

Using cache with configuration template
To use the cache with your configuration template, set the following variables in values.yaml:

runners.cache.secretName with the secret name for your object storage provider (s3access, gcsaccess, google-application-credentials, or azureaccess).
runners.config with the other settings for the cache. Use toml formatting.

S3

  1. runners:
  2.   config: |
  3.     [[runners]]
  4.       [runners.kubernetes]
  5.         image = "ubuntu:16.04"
  6.         [runners.cache]
  7.           Type = "s3"
  8.           Path = "runner"
  9.           Shared = true
  10.           [runners.cache.s3]
  11.             ServerAddress = "s3.amazonaws.com"
  12.             BucketName = "my_bucket_name"
  13.             BucketLocation = "eu-west-1"
  14.             Insecure = false
  16.   cache:
  17.       secretName: s3access

Next, create an s3access Kubernetes secret that contains accesskey and secretkey:

  1. $ kubectl create secret generic s3access \
  2.     --from-literal=accesskey="YourAccessKey" \
  3.     --from-literal=secretkey="YourSecretKey"

其他可选配置参考:https://docs.gitlab.com/runner/install/kubernetes.html

完整value.yaml参考:

  1. ## GitLab Runner Image
  2. ##
  3. ## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
  4. ## where {VERSION} is taken from Chart.yaml from appVersion field
  5. ##
  6. ## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
  7. ##
  8. #image: gitlab/gitlab-runner:alpine
  9. image: registry.cn-beijing.aliyuncs.com/xljc-proxy/gitlab-runner:alpine
  11. ## Specify a imagePullPolicy
  12. ## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
  13. ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  14. ##
  15. imagePullPolicy: Always
  17. ## The GitLab Server URL (with protocol) that want to register the runner against
  18. ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
  19. ##
  20. gitlabUrl: http://gitlab.xljc.art/
  22. ## The Registration Token for adding new Runners to the GitLab Server. This must
  23. ## be retrieved from your GitLab Instance.
  24. ## ref: https://docs.gitlab.com/ce/ci/runners/README.html
  25. ##
  26. runnerRegistrationToken: "Wzb_***v_z5A"
  28. ## The Runner Token for adding new Runners to the GitLab Server. This must
  29. ## be retrieved from your GitLab Instance. It is token of already registered runner.
  30. ## ref: (we don't yet have docs for that, but we want to use existing token)
  31. ##
  32. # runnerToken: ""
  33. #
  34. ## Unregister all runners before termination
  35. ##
  36. ## Updating the runner's chart version or configuration will cause the runner container
  37. ## to be terminated and created again. This may cause your Gitlab instance to reference
  38. ## non-existant runners. Un-registering the runner before termination mitigates this issue.
  39. ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
  40. ##
  41. unregisterRunners: true
  43. ## When stopping ther runner, give it time to wait for it's jobs to terminate.
  44. ##
  45. ## Updating the runner's chart version or configuration will cause the runner container
  46. ## to be terminated with a graceful stop request. terminationGracePeriodSeconds
  47. ## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
  48. ## ref: https://docs.gitlab.com/runner/commands/#signals
  49. terminationGracePeriodSeconds: 3600
  51. ## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
  52. ## Provide resource name for a Kubernetes Secret Object in the same namespace,
  53. ## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
  54. ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
  55. ##
  56. # certsSecretName:
  58. ## Configure the maximum number of concurrent jobs
  59. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
  60. ##
  61. concurrent: 10
  63. ## Defines in seconds how often to check GitLab for a new builds
  64. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
  65. ##
  66. checkInterval: 30
  68. ## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
  69. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
  70. ##
  71. # logLevel:
  73. ## Configure GitLab Runner's logging format. Available values are: runner, text, json
  74. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
  75. ##
  76. # logFormat:
  78. ## For RBAC support:
  79. rbac:
  80.   create: true
  81.   ## Define specific rbac permissions.
  82.   # resources: ["pods", "pods/exec", "secrets"]
  83.   # verbs: ["get", "list", "watch", "create", "patch", "delete"]
  85.   ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
  86.   ## cluster-wide or only within namespace
  87.   clusterWideAccess: true
  89.   ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
  90.   ##
  91.   # serviceAccountName: default
  93. ## Configure integrated Prometheus metrics exporter
  94. ## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
  95. metrics:
  96.   enabled: true
  98. ## Configuration for the Pods that that the runner launches for each new job
  99. ##
  100. runners:
  101.   ## Default container image to use for builds when none is specified
  102.   ##
  103.   config: |
  104.     [[runners]]
  105.       [runners.kubernetes]
  106.         image = "ubuntu:16.04"
  107.         [runners.cache]
  108.         Type = "s3"
  109.         Shared = false
  110.         [runners.cache.s3]
  111.           ServerAddress = "minio-storage.infra.svc.cluster.local:9000"
  112.           AccessKey = "LTAI4Fh****1rWf"
  113.           SecretKey = "d3vu*****HdVYG"
  114.           BucketName = "gitlab-runner-caches"
  115.           Insecure = false
  117. #  image: maven:3-jdk-8
  118.   image: registry.cn-******/maven:3-jdk-8
  119.   ## Specify one or more imagePullSecrets
  120.   ##
  121.   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  122.   ##
  123.   imagePullSecrets:
  124.     - name: dockerconfig
  126.   ## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
  127.   ##
  128.   imagePullPolicy: "always"
  130.   ## Defines number of concurrent requests for new job from GitLab
  131.   ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
  132.   ##
  133.   requestConcurrency: 1
  135.   ## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
  136.   ##
  137.   # locked: true
  139.   ## Specify the tags associated with the runner. Comma-separated list of tags.
  140.   ##
  141.   ## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags
  142.   ##
  143.   tags: "jdk,maven,jdk-8,k8s,golang,go"
  145.   ## Specify if jobs without tags should be run.
  146.   ## If not specified, Runner will default to true if no tags were specified. In other case it will
  147.   ## default to false.
  148.   ##
  149.   ## ref: https://docs.gitlab.com/ce/ci/runners/#allowing-runners-with-tags-to-pick-jobs-without-tags
  150.   ##
  151.   runUntagged: false
  153.   ## Specify whether the runner should only run protected branches.
  154.   ## Defaults to False.
  155.   ##
  156.   ## ref: https://docs.gitlab.com/ee/ci/runners/#protected-runners
  157.   ##
  158.   # protected: true
  160.   ## Run all containers with the privileged flag enabled
  161.   ## This will allow the docker:dind image to run if you need to run Docker
  162.   ## commands. Please read the docs before turning this on:
  163.   ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind
  164.   ##
  165.   privileged: false
  167.   ## The name of the secret containing runner-token and runner-registration-token
  168.   # secret: gitlab-runner
  170.   ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
  171.   ##
  172.   namespace: cicd
  174.   ## The amount of time, in seconds, that needs to pass before the runner will
  175.   ## timeout attempting to connect to the container it has just created.
  176.   ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html
  177.   pollTimeout: 180
  179.   ## Set maximum build log size in kilobytes, by default set to 4096 (4MB)
  180.   ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
  181.   outputLimit: 4096
  183.   ## Distributed runners caching
  184.   ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching
  185.   ##
  186.   ## If you want to use s3 based distributing caching:
  187.   ## First of all you need to uncomment General settings and S3 settings sections.
  188.   ##
  189.   ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
  190.   ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
  191.   ##
  192.   ## $ kubectl create secret generic s3access \
  193.   ##   --from-literal=accesskey="YourAccessKey" \
  194.   ##   --from-literal=secretkey="YourSecretKey"
  195.   ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  196.   ##
  197.   ## If you want to use gcs based distributing caching:
  198.   ## First of all you need to uncomment General settings and GCS settings sections.
  199.   ##
  200.   ## Access using credentials file:
  201.   ## Create a secret 'google-application-credentials' containing your application credentials file.
  202.   ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
  203.   ## You could configure
  204.   ## $ kubectl create secret generic google-application-credentials \
  205.   ##   --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json
  206.   ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  207.   ##
  208.   ## Access using access-id and private-key:
  209.   ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
  210.   ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
  211.   ## You could configure
  212.   ## $ kubectl create secret generic gcsaccess \
  213.   ##   --from-literal=gcs-access-id="YourAccessID" \
  214.   ##   --from-literal=gcs-private-key="YourPrivateKey"
  215.   ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
  216.   cache:
  217.     ## General settings
  218.     cacheType: s3
  219.     cachePath: ""
  220.     cacheShared: true
  222.     ## S3 settings
  223.     s3ServerAddress: minio-storage.infra.svc.cluster.local:9000
  224.     s3BucketName: gitlab-runner-caches
  225.     # s3BucketLocation:
  226.     s3CacheInsecure: true
  227.     secretName: gitlab-runner-cache-access
  229.     ## GCS settings
  230.     # gcsBucketName:
  231.     ## Use this line for access using access-id and private-key
  232.     # secretName: gcsaccess
  233.     ## Use this line for access using google-application-credentials file
  234.     # secretName: google-application-credentials
  236.   ## Build Container specific configuration
  237.   ##
  238.   builds: {}
  239.     # cpuLimit: 200m
  240.     # memoryLimit: 256Mi
  241.     # cpuRequests: 100m
  242.     # memoryRequests: 128Mi
  244.   ## Service Container specific configuration
  245.   ##
  246.   services: {}
  247.     # cpuLimit: 200m
  248.     # memoryLimit: 256Mi
  249.     # cpuRequests: 100m
  250.     # memoryRequests: 128Mi
  252.   ## Helper Container specific configuration
  253.   ##
  254.   helpers:
  255.     # cpuLimit: 200m
  256.     # memoryLimit: 256Mi
  257.     # cpuRequests: 100m
  258.     # memoryRequests: 128Mi
  259. #    image: gitlab/gitlab-runner-helper:x86_64-latest
  260.     image: registry.cn-****/gitlab-runner-helper:x86_64-latest
  261.   ## Service Account to be used for runners
  262.   ##
  263.   # serviceAccountName:
  264.   serviceAccountOverwriteAllowed: "gitlab-ci"
  266.   ## If Gitlab is not reachable through $CI_SERVER_URL
  267.   ##
  268.   # cloneUrl:
  270.   ## Specify node labels for CI job pods assignment
  271.   ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  272.   ##
  273.   # nodeSelector: {}
  275.   ## Specify pod labels for CI job pods
  276.   ##
  277.   # podLabels: {}
  279.   ## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role
  280.   # podAnnotations: {}
  282.   ## Configure environment variables that will be injected to the pods that are created while
  283.   ## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`,
  284.   ## to `gitlab-runner register` command.
  285.   ##
  286.   ## Note that `envVars` (see below) are only present in the runner pod, not the pods that are
  287.   ## created for each build.
  288.   ##
  289.   ## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register
  290.   ##
  291.   # env:
  292.   #   NAME: VALUE
  293.   env:
  294.     DOCKER_AUTH_CONFIG: '{\"auths\":{\"registry.cn-beijing.aliyuncs.com\":{\"auth\": \"5bCP57uD*****MyMDIx\"}}}'
  297. ## Configure securitycontext
  298. ## ref: http://kubernetes.io/docs/user-guide/security-context/
  299. ##
  300. securityContext:
  301.   fsGroup: 65533
  302.   runAsUser: 100
  305. ## Configure resource requests and limits
  306. ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  307. ##
  308. resources: {}
  309.   # limits:
  310.   #   memory: 256Mi
  311.   #   cpu: 200m
  312.   # requests:
  313.   #   memory: 128Mi
  314.   #   cpu: 100m
  316. ## Affinity for pod assignment
  317. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  318. ##
  319. affinity: {}
  321. ## Node labels for pod assignment
  322. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  323. ##
  324. nodeSelector: {}
  325.   # Example: The gitlab runner manager should not run on spot instances so you can assign
  326.   # them to the regular worker nodes only.
  327.   # node-role.kubernetes.io/worker: "true"
  329. ## List of node taints to tolerate (requires Kubernetes >= 1.6)
  330. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  331. ##
  332. tolerations: []
  333.   # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
  334.   # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
  335.   # - key: "node-role.kubernetes.io/worker"
  336.   #   operator: "Exists"
  338. ## Configure environment variables that will be present when the registration command runs
  339. ## This provides further control over the registration process and the config.toml file
  340. ## ref: `gitlab-runner register --help`
  341. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
  342. ##
  343. # envVars:
  345. ## list of hosts and IPs that will be injected into the pod's hosts file
  346. hostAliases: []
  347.   # Example:
  348.   # - ip: "127.0.0.1"
  349.   #   hostnames:
  350.   #   - "foo.local"
  351.   #   - "bar.local"
  352.   # - ip: "10.1.2.3"
  353.   #   hostnames:
  354.   #   - "foo.remote"
  355.   #   - "bar.remote"
  357. ## Annotations to be added to manager pod
  358. ##
  359. podAnnotations: {}
  360.   # Example:
  361.   # iam.amazonaws.com/role: <my_role_arn>
  363. ## Labels to be added to manager pod
  364. ##
  365. podLabels: {}
  366.   # Example:
  367.   # owner.team: <my_cool_team>
  369. ## HPA support for custom metrics:
  370. ## This section enables runners to autoscale based on defined custom metrics.
  371. ## In order to use this functionality, Need to enable a custom metrics API server by
  372. ## implementing "custom.metrics.k8s.io" using supported third party adapter
  373. ## Example: https://github.com/directxman12/k8s-prometheus-adapter
  374. ##
  375. hpa:
  376.   minReplicas: 1
  377.   maxReplicas: 10
  378.   metrics:
  379.   - type: Pods
  380.     pods:
  381.       metricName: gitlab_runner_jobs
  382.       targetAverageValue: 400m