gitlab
添加helm仓库
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update
kubectl create namespace gitlabhttp方式部署
helm upgrade --install gitlab gitlab-9.0.1.tgz --namespace gitlab \
--set global.hosts.domain=pursue.pub \
--set minio.persistence.size=100Gi \
--set gitlab.gitaly.persistence.size=500Gi \
--set prometheus.install=false \
--set gitlab-runner.install=false \
--set nginx-ingress.enabled=false \
--set global.ingress.class=traefik \
--set global.hosts.https=false \
--set global.ingress.tls.enabled=false \
--set global.ingress.configureCertmanager=false \
--set global.hosts.gitlab.name=gitlab.pursue.pub \
--set global.hosts.kas.name=kas.pursue.pub \
--set global.hosts.minio.name=minio.pursue.pub \
--set global.hosts.registry.name=registry.pursue.pub \
--set global.hosts.gitlab.https=false \
--set global.hosts.registry.https=false \
--set global.hosts.kas.https=false \
--set global.hosts.minio.https=falseshell
helm upgrade --install gitlab gitlab-jh/gitlab --namespace gitlab \
--set global.hosts.domain=pursue.pub \
--set minio.persistence.size=100Gi \
--set gitlab.gitaly.persistence.size=500Gi \
--set prometheus.install=false \
-f gitlab-jh-values.yamlhelm upgrade --install gitlab gitlab-jh/gitlab -n gitlab \
--timeout 600s \
--set global.hosts.domain=pursue.pub \
--set global.hosts.externalIP=10.10.220.108 \
--set certmanager-issuer.email=pursue_c@163.com
kubectl -n gitlab get pohelm show values gitlab-jh/gitlab > gitlab-jh-values.yaml
helm show values milvus/milvus > milvus-values.yaml
helm install gitlab gitlab-jh/gitlab -n gitlab \
--create-namespace \
-f gitlab-jh-values.yaml使用 NodePort 暴露gitlab服务
kubectl -n gitlab patch svc gitlab-webservice-default -p '{"spec":{"type":"NodePort"}}'查看gitlab root账户密码
root@m1:/home/yanfa# kubectl get secrets -n gitlab
NAME TYPE DATA AGE
gitlab-certmanager-webhook-ca Opaque 3 53m
gitlab-gitaly-secret Opaque 1 54m
gitlab-gitlab-initial-root-password Opaque 1 54m
gitlab-gitlab-kas-secret Opaque 1 54m
gitlab-gitlab-runner-secret Opaque 2 54m
gitlab-gitlab-shell-host-keys Opaque 6 54m
gitlab-gitlab-shell-secret Opaque 1 54m
gitlab-gitlab-suggested-reviewers Opaque 1 54m
gitlab-gitlab-workhorse-secret Opaque 1 54m
gitlab-kas-private-api Opaque 1 54m
gitlab-kas-websocket-token Opaque 1 54m
gitlab-minio-secret Opaque 2 54m
gitlab-postgresql-password Opaque 2 54m
gitlab-rails-secret Opaque 1 54m
gitlab-redis-secret Opaque 1 54m
gitlab-registry-httpsecret Opaque 1 54m
gitlab-registry-notification Opaque 1 54m
gitlab-registry-secret Opaque 2 54m
gitlab-zoekt-basicauth Opaque 2 54m
sh.helm.release.v1.gitlab.v1 helm.sh/release.v1 1 54m
root@m1:/home/yanfa# kubectl get secret gitlab-gitlab-initial-root-password -n gitlab -o jsonpath="{.data.password}" | base64 --decode; echo
FUcJP5Pt8bHCwc2H3ifVKCegWnSaha6AxGgasPDLOOyy87sh9yw8Gbbpqu3x1xhelm卸载gitlab
helm uninstall gitlab -n gitlabhttps://github.com/helmwave/helmwave/releases/download/v0.42.0/helmwave_0.42.0_linux_amd64.tar.gz
yaml
# values-runner.yaml
gitlabUrl: http://10.10.220.110/ # 替换为你的 GitLab 地址
runnerToken: "glrt-5CQ_I6RFEgwe8ui0SMmr1HQ6MQp1OjIH.01.xxxxxxxx" # 👇 从 GitLab 获取
rbac:
create: true # ✅ 必须启用 RBAC
unregisterRunners: true # 卸载时自动注销 Runner
serviceAccount:
create: true # 创建专用 ServiceAccount
runners:
config: |
[[runners]]
name = "k3s-runner"
executor = "kubernetes"
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
privileged = true
cpu_limit = "1"
memory_limit = "2Gi"
service_cpu_limit = "1"
service_memory_limit = "1Gi"
helper_cpu_limit = "500m"
helper_memory_limit = "500Mi"yaml
## GitLab Runner Image
##
## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]=
##
## Note: If you change the image to the ubuntu release
## don't forget to change the securityContext;
## these images run on different user IDs.
##
image:
registry: registry.gitlab.com
image: gitlab-org/gitlab-runner
# tag: alpine-v{{.Chart.AppVersion}}
## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry)
## the installation fails because `dumb-init` is not packaged in the image. However, `tini` is present.
## This configuration will allow gitlab-runner-ubi-images users to explicitly enable the use of `tini` instead of `dumb-init`
useTini: false
## Specify a imagePullPolicy for the main runner deployment
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
##
## Note: it does not apply to job containers launched by this executor.
## Use `pull_policy` in [runners.kubernetes] to change it.
##
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
imagePullPolicy: IfNotPresent
## Specifying ImagePullSecrets on a Pod
## Kubernetes supports specifying container image registry keys on a Pod.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets:
# - name: "image-pull-secret"
## Timeout, in seconds, for liveness and readiness probes of a runner pod.
# probeTimeoutSeconds: 4
## Configure the livenessProbe
livenessProbe: {}
# initialDelaySeconds: 60
# periodSeconds: 60
# successThreshold: 1
# failureThreshold: 3
# terminationGracePeriodSeconds: 30
## Configure the readinessProbe
readinessProbe: {}
# initialDelaySeconds: 60
# periodSeconds: 60
# successThreshold: 1
# failureThreshold: 3
## How many runner pods to launch.
##
# replicas: 1
## How many old ReplicaSets for this Deployment you want to retain
# revisionHistoryLimit: 10
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
##
# gitlabUrl: https://gitlab.your-domain.com/
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab instance. It is the token of an already registered runner.
## ref: (we don't have docs for that yet, but we want to use an existing token)
##
# runnerToken: ""
#
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
##
## This property ensures that all the Runners present in the local config.toml are unregistered when the chart is uninstalled
## - If the token is prefixed with `glrt-` (meaning the runner was created in the UI or API),
## the unregisterRunners property deletes the runner manager, not the runner.
## The runner manager is identified by the runner and the machine that contains the config.toml.
unregisterRunners: true
## When stopping the runner, give it time to wait for its jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use.
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
##
# certsSecretName:
## Configure the maximum number of concurrent jobs
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
concurrent: 10
## Number of seconds until the forceful shutdown operation times out and exits the process.
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
shutdown_timeout: 0
## Defines in seconds how often to check GitLab for new builds
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
checkInterval: 3
## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logLevel:
## Configure GitLab Runner's logging format. Available values are: runner, text, json
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# logFormat:
## Configure GitLab Runner's Sentry DSN.
## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# sentryDsn:
## Configure GitLab Runner's maximum connection age for TLS keepalive connections.
## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
##
# connectionMaxAge: "15m"
## A custom bash script that will be executed prior to the invocation of the
## gitlab-runner process
#
#preEntrypointScript: |
# echo "hello"
## Specify whether the runner should start the session server.
## Defaults to false
## ref:
##
## When sessionServer is enabled, the user can either provide a public publicIP
## or rely on the external IP auto discovery.
## When a serviceAccountName is used with the automounting to the pod disabled,
## we recommend the usage of the publicIP
sessionServer:
enabled: false
# annotations: {}
# timeout: 1800
# internalPort: 8093
# externalPort: 9000
#In case sessionServer.serviceType is NodePort. If not defined, auto NodePort will be assigned.
# nodePort: 30093
# publicIP: ""
# loadBalancerSourceRanges:
# - 1.2.3.4/32
#Valid values: ClusterIP, Headless, NodePort, LoadBalancer
serviceType: LoadBalancer
## Specify the services external traffic policy
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
##
# externalTrafficPolicy:
## Specify the services internal traffic policy
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
##
# internalTrafficPolicy:
# if enabled, sessionServer.publicIP variable should be set to the host e.g. runner1.example.com
ingress:
enabled: false
className: ""
annotations: {}
tls:
- secretName: gitlab-runner-session-server
## For RBAC support:
rbac:
## Specifies whether a Role and RoleBinding should be created
## If this value is set to `true`, `serviceAccount.create` should also be set to either `true` or `false`
##
create: false
## Define the generated serviceAccountName when create is set to true
## It defaults to "gitlab-runner.fullname" if not provided
## DEPRECATED: Please use `serviceAccount.name` instead
generatedServiceAccountName: ""
## Define list of rules to be added to the rbac role permissions.
## Each rule supports the keys:
## - apiGroups: default "" (indicates the core API group) if missing or empty.
## - resources: default "*" if missing or empty.
## - verbs: default "*" if missing or empty.
##
## Read more about the recommended rules on the following link
##
## ref: https://docs.gitlab.com/runner/executors/kubernetes/index.html#configure-runner-api-permissions
##
rules: []
# - resources: ["events"]
# verbs: ["list", "watch"]
# - resources: ["namespaces"]
# verbs: ["create", "delete"]
# - resources: ["pods"]
# verbs: ["create","delete","get"]
# - apiGroups: [""]
# resources: ["pods/attach","pods/exec"]
# verbs: ["get","create","patch","delete"]
# - apiGroups: [""]
# resources: ["pods/log"]
# verbs: ["get","list"]
# - resources: ["secrets"]
# verbs: ["create","delete","get","update"]
# - resources: ["serviceaccounts"]
# verbs: ["get"]
# - resources: ["services"]
# verbs: ["create","get"]
## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
## cluster-wide or only within namespace
clusterWideAccess: false
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
## DEPRECATED: Please use `serviceAccount.name` instead
##
# serviceAccountName: default
## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn.
## Values may refer to other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g.
## serviceAccountAnnotations:
## eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}"
##
## ref: https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
##
## DEPRECATED: Please use `serviceAccount.annotations` instead
##
serviceAccountAnnotations: {}
## Use podSecurity Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
resourceNames:
- gitlab-runner
## Specify one or more imagePullSecrets used for pulling the runner image
##
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
##
## DEPRECATED: Please use `serviceAccount.imagePullSecrets` instead
##
imagePullSecrets: []
## Configure ServiceAccount
##
serviceAccount:
## Specifies whether a ServiceAccount should be created
##
## TODO: Set default to `false`
# create: false
## The name of the ServiceAccount to use.
## If not set and create is `true`, a name is generated using the `gitlab-runner.fullname`` template
##
name: ""
## Additional custom annotations for the ServiceAccount, useful for annotations such as eks.amazonaws.com/role-arn.
## Values may refer other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g.
## serviceAccountAnnotations:
## eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}"
##
## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
##
annotations: {}
## Specify one or more imagePullSecrets used for pulling the runner image
##
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
##
imagePullSecrets: []
## Configure integrated Prometheus metrics exporter
##
## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
##
metrics:
enabled: false
## Define a name for the metrics port
##
portName: metrics
## Provide a port number for the integrated Prometheus metrics exporter
##
port: 9252
## Configure a prometheus-operator serviceMonitor to allow autodetection of
## the scraping target. Requires enabling the service resource below.
##
serviceMonitor:
enabled: false
## Namespace where ServiceMonitor should be installed. Defaults to the
## same namespace where the release will be installed.
##
namespace: ""
## Provide additional labels to the service monitor resource
##
## labels: {}
## Provide annotations to the service monitor ressource
##
## annotations: {}
## Define a scrape interval (otherwise prometheus default is used)
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
##
# interval: ""
## Specify the scrape protocol scheme e.g., https or http
##
# scheme: "http"
## Supply a tls configuration for the service monitor
##
## ref: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml
##
# tlsConfig: {}
## The URI path where prometheus metrics can be scraped from
##
# path: "/metrics"
## A list of MetricRelabelConfigs to apply to samples before ingestion
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
##
# metricRelabelings: []
## A list of RelabelConfigs to apply to samples before scraping
##
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
##
## relabelings: []
## Configure a service resource e.g., to allow scraping metrics via
## prometheus-operator serviceMonitor
service:
enabled: false
## Provide additonal labels for the service
##
# labels: {}
## Provide additonal annotations for the service
##
# annotations: {}
## Define a specific ClusterIP if you do not want a dynamic one
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
# clusterIP: ""
## Define a list of one or more external IPs for this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
##
# externalIPs: []
## Provide a specific loadbalancerIP e.g., of an external Loadbalancer
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
##
# loadBalancerIP: ""
## Provide a list of source IP ranges to have access to this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support
##
# loadBalancerSourceRanges: []
## Specify the service type e.g., ClusterIP, NodePort, LoadBalancer or ExternalName
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
##
type: ClusterIP
## Specify the services metrics nodeport if you use a service of type nodePort
##
# metrics:
## Specify the node port under which the prometheus metrics of the runner are made
## available.
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
##
# nodePort: ""
## Provide a list of additional ports to be exposed by this service
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
##
# additionalPorts: []
## Specify the services external traffic policy
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
##
# externalTrafficPolicy:
## Specify the services internal traffic policy
##
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
##
# internalTrafficPolicy:
## Configuration for the Pods that the runner launches for each new job
##
runners:
# runner configuration, where the multi line string is evaluated as a
# template so you can specify helm values inside of it.
#
# tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
# runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
config: |
[[runners]]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "alpine"
## Absolute path for an existing runner configuration file
## Can be used alongside "volumes" and "volumeMounts" to use an external config file
## Active if runners.config is empty or null
configPath: ""
## Which executor should be used
##
# executor: kubernetes
## Specify the name for the runner.
##
# name: ""
## The name of the secret containing runner-token and runner-registration-token
# secret: gitlab-runner
## Distributed runners caching
## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
##
## If you want to use s3 based distributing caching:
## First of all you need to uncomment General settings and S3 settings sections.
##
## Create a secret 's3access' containing 'accesskey' & 'secretkey'
## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
##
## $ kubectl create secret generic s3access \
## --from-literal=accesskey="YourAccessKey" \
## --from-literal=secretkey="YourSecretKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## If you want to use gcs based distributing caching:
## First of all you need to uncomment General settings and GCS settings sections.
##
## Access using credentials file:
## Create a secret 'google-application-credentials' containing your application credentials file.
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
## You could configure
## $ kubectl create secret generic google-application-credentials \
## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## Access using access-id and private-key:
## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
## You could configure
## $ kubectl create secret generic gcsaccess \
## --from-literal=gcs-access-id="YourAccessID" \
## --from-literal=gcs-private-key="YourPrivateKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
##
## If you want to use Azure-based distributed caching:
## First, uncomment General settings.
##
## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
##
## $ kubectl create secret generic azureaccess \
## --from-literal=azure-account-name="YourAccountName" \
## --from-literal=azure-account-key="YourAccountKey"
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
cache: {}
## S3 the name of the secret.
# secretName: s3access
## Use this line for access using gcs-access-id and gcs-private-key
# secretName: gcsaccess
## Use this line for access using google-application-credentials file
# secretName: google-application-credentials
## Use this line for access using Azure with azure-account-name and azure-account-key
# secretName: azureaccess
## Specify the name of the scheduler which is used to schedule runner pods.
## Kubernetes supports multiple scheduler configurations.
## ref: https://kubernetes.io/docs/reference/scheduling
# schedulerName: "my-custom-scheduler"
## Configure securitycontext for the main container
## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
##
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
privileged: false
capabilities:
drop: ["ALL"]
## Configure update strategy for multi-replica deployments
## Kubernetes supports types Recreate, and RollingUpdate
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
strategy: {}
# rollingUpdate:
# maxSurge: 1
# maxUnavailable: 0
# type: RollingUpdate
## Configure securitycontext valid for the whole pod
## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
##
podSecurityContext:
runAsUser: 100
# runAsGroup: 65533
fsGroup: 65533
# supplementalGroups: [65533]
## Note: values for the ubuntu image:
# runAsUser: 999
# fsGroup: 999
## Configure resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
##
resources: {}
# limits:
# memory: 256Mi
# cpu: 200m
# ephemeral-storage: 512Mi
# requests:
# memory: 128Mi
# cpu: 100m
# ephemeral-storage: 256Mi
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## TopologySpreadConstraints for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
##
topologySpreadConstraints: {}
# Example: The gitlab runner should be evenly spread across zones
# - maxSkew: 1
# topologyKey: zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# foo: bar
## RuntimeClass name for pod assignment
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
# Example: Once RuntimeClasses are configured for the cluster, you can specify it.
# runtimeClassName: myclass
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
# Example: The gitlab runner manager should not run on spot instances so you can assign
# them to the regular worker nodes only.
# node-role.kubernetes.io/worker: "true"
## List of node taints to tolerate (requires Kubernetes >= 1.6)
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
# Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
# when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
# - key: "node-role.kubernetes.io/worker"
# operator: "Exists"
## Configure environment variables that will be present when the registration command runs
## This provides further control over the registration process and the config.toml file
## ref: `gitlab-runner register --help`
## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
##
# envVars:
# - name: RUNNER_EXECUTOR
# value: kubernetes
## Additional environment variables from key-value pairs.
extraEnv: {}
# CACHE_S3_SERVER_ADDRESS: s3.amazonaws.com
# CACHE_S3_BUCKET_NAME: runners-cache
# CACHE_S3_BUCKET_LOCATION: us-east-1
# CACHE_SHARED: true
## Additional environment variables from other data sources
extraEnvFrom: {}
# CACHE_S3_ACCESS_KEY:
# secretKeyRef:
# name: s3access
# key: accesskey
# CACHE_S3_SECRET_KEY:
# secretKeyRef:
# name: s3access
# key: secretkey
## list of hosts and IPs that will be injected into the pod's hosts file
hostAliases: []
# Example:
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
## Annotations to be added to deployment
##
deploymentAnnotations: {}
# Example:
# downscaler/uptime: <my_uptime_period>
## Labels to be added to deployment
##
deploymentLabels: {}
# Example:
# owner.team: <my_cool_team>
# owner.team: "{{ .Values.team }}"
# tags.{{ .Values.tag }}/env: "{{ .Values.environment }}"
## Lifecycle options to be added to deployment
##
deploymentLifecycle: {}
# Example
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo 'shutting down'"]
## Set hostname for runner pods
#hostname: my-gitlab-runner
## Annotations to be added to manager pod
##
podAnnotations: {}
# Example:
# iam.amazonaws.com/role: <my_role_arn>
## Labels to be added to manager pod
##
## Supports templating
podLabels: {}
# Example:
# owner.team: <my_cool_team>
# owner.team: "{{ .Values.team }}"
# tags.{{ .Values.tag }}/env: "{{ .Values.environment }}"
## HPA support for custom metrics:
## This section enables runners to autoscale based on defined custom metrics.
## In order to use this functionality, you need to enable a custom metrics API server by
## implementing "custom.metrics.k8s.io" using supported third party adapter
## Example: https://github.com/directxman12/k8s-prometheus-adapter
##
# hpa: {}
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Pods
# pods:
# metricName: gitlab_runner_jobs
# targetAverageValue: 400m
## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works:
## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
## Secrets to be additionally mounted to the containers.
## All secrets are mounted through init-runner-secrets volume
## and placed as readonly at /init-secrets in the init container
## and finally copied to an in-memory volume runner-secrets that is
## mounted at /secrets.
secrets: []
# Example:
# - name: my-secret
# - name: myOtherSecret
# items:
# - key: key_one
# path: path_one
## Boolean to turn off the automountServiceAccountToken in the deployment
## ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume
##
# automountServiceAccountToken: false
## Additional config files to mount in the containers in `/configmaps`.
##
## Please note that a number of keys are reserved by the runner.
## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml
## for a current list.
configMaps: {}
## Additional volumeMounts to add to the runner container
##
volumeMounts: []
# Example:
# - name: my-volume
# mountPath: /mount/path
## Additional volumes to add to the runner deployment
##
volumes: []
# Example:
# - name: my-volume
# persistentVolumeClaim:
# claimName: my-pvc
## Array of extra K8s manifests to deploy
##
extraObjects: []
# - apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: '{{ include "gitlab-runner.secret" . }}'
# spec:
# refreshInterval: 1h
# secretStoreRef:
# kind: SecretStore
# name: my-secret-store
# target:
# template:
# data:
# runner-registration-token: "" # need to leave as an empty string for compatibility reasons
# runner-token: "{{`{{ .runnerToken }}`}}"
# dataFrom:
# - extract:
# key: my-secret-store-secret
## Add additional containers to the Pod, e.g. to run as sidecars.
##
## Example:
# - name: docker
# image: docker:20.10-dind
# securityContext:
# privileged: true
# volumeMounts:
# - mountPath: /var/run/
# name: dind-socket
# lifecycle:
# postStart:
# exec:
# command: [ "sh", "-c", "until docker info; do sleep 1; done;" ]
extraContainers: []