# Init helm client on k8s cluster for using helm with gitlab runnerfunction ini

1. # Init helm client on k8s cluster for using helm with gitlab runner
2. function init_helm() {
3. docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
4. mkdir -p /etc/deploy
5. echo ${kube_config} | base64 -d > ${KUBECONFIG}
6. kubectl config use-context ${K8S_CURRENT_CONTEXT}
7. helm init --client-only
8. helm repo add stable https://kubernetes-charts.storage.googleapis.com/
9. helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
10. helm repo update
11. }
12.  
13. # Deploy latest tagged image on k8s cluster
14. function deploy_k8s_cluster() {
15. echo "Create and apply secret for docker gitlab runner access to gitlab private registry ..."
16. kubectl create secret -n "$KUBERNETES_NAMESPACE_OVERWRITE"
17. docker-registry gitlab-registry
18. --docker-server="https://registry.gitlab.com/v2/"
19. --docker-username="${CI_DEPLOY_USER:-$CI_REGISTRY_USER}"
20. --docker-password="${CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}"
21. --docker-email="$GITLAB_USER_EMAIL"
22. -o yaml --dry-run | kubectl replace -n "$KUBERNETES_NAMESPACE_OVERWRITE" --force -f -
23. echo "Build helm dependancies in $CHART_TEMPLATE"
24. cd $CHART_TEMPLATE/
25. helm dep build
26. export DEPLOYS="$(helm ls | grep $PROJECT_NAME | wc -l)"
27. if [[ ${DEPLOYS} -eq 0 ]]; then
28. echo "Creating the new chart ..."
29. helm install --name ${PROJECT_NAME} --namespace=${KUBERNETES_NAMESPACE_OVERWRITE} . -f values.yaml
30. else
31. echo "Updating the chart ..."
32. helm upgrade ${PROJECT_NAME} --namespace=${KUBERNETES_NAMESPACE_OVERWRITE} . -f values.yaml
33. fi
34. }
35.  
36. Failed to pull image "registry.gitlab.com/path/to/repo/project/image:TAG_NUMBER": rpc error: code
37. = Unknown desc = Error response from daemon: Get https://registry.gitlab.com/v2/path/to/repo/project/image/manifests/image:TAG_NUMBER: denied: access forbidden
38.  
39. ## GitLab Runner Image
40. ##
41. ## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
42. ## where {VERSION} is taken from Chart.yaml from appVersion field
43. ##
44. ## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
45. ##
46. # image: gitlab/gitlab-runner:alpine-v11.6.0
47.  
48. ## Specify a imagePullPolicy
49. ## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
50. ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
51. ##
52. imagePullPolicy: IfNotPresent
53.  
54. ## The GitLab Server URL (with protocol) that want to register the runner against
55. ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
56. ##
57. gitlabUrl: https://gitlab.com/
58.  
59. ## The Registration Token for adding new Runners to the GitLab Server. This must
60. ## be retrieved from your GitLab Instance.
61. ## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner
62. ##
63. runnerRegistrationToken: "<token>"
64.  
65. ## The Runner Token for adding new Runners to the GitLab Server. This must
66. ## be retrieved from your GitLab Instance. It is token of already registered runner.
67. ## ref: (we don't yet have docs for that, but we want to use existing token)
68. ##
69. # runnerToken: ""
70. #
71. ## Unregister all runners before termination
72. ##
73. ## Updating the runner's chart version or configuration will cause the runner container
74. ## to be terminated and created again. This may cause your Gitlab instance to reference
75. ## non-existant runners. Un-registering the runner before termination mitigates this issue.
76. ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
77. ##
78. unregisterRunners: true
79.  
80. ## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
81. ## Provide resource name for a Kubernetes Secret Object in the same namespace,
82. ## this is used to populate the /etc/gitlab-runner/certs directory
83. ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
84. ##
85. # certsSecretName:
86.  
87. ## Configure the maximum number of concurrent jobs
88. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
89. ##
90. concurrent: 10
91.  
92. ## Defines in seconds how often to check GitLab for a new builds
93. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
94. ##
95. checkInterval: 30
96.  
97. ## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
98. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
99. ##
100. # logLevel:
101.  
102. ## For RBAC support:
103. rbac:
104. create: true
105.  
106. ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
107. ## cluster-wide or only within namespace
108. clusterWideAccess: true
109.  
110. ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
111. ##
112. serviceAccountName: default
113.  
114. ## Configure integrated Prometheus metrics exporter
115. ## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
116. metrics:
117. enabled: true
118.  
119. ## Configuration for the Pods that that the runner launches for each new job
120. ##
121. runners:
122. ## Default container image to use for builds when none is specified
123. ##
124. image: ubuntu:16.04
125.  
126. ## Specify one or more imagePullSecrets
127. ##
128. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
129. ##
130. imagePullSecrets: ["namespace-1", "namespace-2", "default"]
131.  
132. ## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set.
133. ##
134. # imagePullPolicy: ""
135.  
136. ## Specify whether the runner should be locked to a specific project: true, false. Defaults to true.
137. ##
138. # locked: true
139.  
140. ## Specify the tags associated with the runner. Comma-separated list of tags.
141. ##
142. ## ref: https://docs.gitlab.com/ce/ci/runners/#using-tags
143. ##
144. tags: my-tag-1, my-tag-2"
145.  
146. ## Run all containers with the privileged flag enabled
147. ## This will allow the docker:dind image to run if you need to run Docker
148. ## commands. Please read the docs before turning this on:
149. ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind
150. ##
151. privileged: true
152.  
153. ## The name of the secret containing runner-token and runner-registration-token
154. # secret: gitlab-runner
155.  
156. ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release)
157. ##
158. # namespace:
159.  
160. # Regular expression to validate the contents of the namespace overwrite environment variable (documented following).
161. # When empty, it disables the namespace overwrite feature
162. namespace_overwrite_allowed: overrided-namespace-*
163.  
164. ## Distributed runners caching
165. ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching
166. ##
167. ## If you want to use s3 based distributing caching:
168. ## First of all you need to uncomment General settings and S3 settings sections.
169. ##
170. ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
171. ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
172. ##
173. ## $ kubectl create secret generic s3access
174. ## --from-literal=accesskey="YourAccessKey"
175. ## --from-literal=secretkey="YourSecretKey"
176. ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
177. ##
178. ## If you want to use gcs based distributing caching:
179. ## First of all you need to uncomment General settings and GCS settings sections.
180. ##
181. ## Access using credentials file:
182. ## Create a secret 'google-application-credentials' containing your application credentials file.
183. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
184. ## You could configure
185. ## $ kubectl create secret generic google-application-credentials
186. ## --from-file=gcs-applicaton-credentials-file=./path-to-your-google-application-credentials-file.json
187. ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
188. ##
189. ## Access using access-id and private-key:
190. ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
191. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-gcs-section
192. ## You could configure
193. ## $ kubectl create secret generic gcsaccess
194. ## --from-literal=gcs-access-id="YourAccessID"
195. ## --from-literal=gcs-private-key="YourPrivateKey"
196. ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
197. cache: {}
198. ## General settings
199. # cacheType: s3
200. # cachePath: "cache"
201. # cacheShared: true
202.  
203. ## S3 settings
204. # s3ServerAddress: s3.amazonaws.com
205. # s3BucketName:
206. # s3BucketLocation:
207. # s3CacheInsecure: false
208. # secretName: s3access
209.  
210. ## GCS settings
211. # gcsBucketName:
212. ## Use this line for access using access-id and private-key
213. # secretName: gcsaccess
214. ## Use this line for access using google-application-credentials file
215. # secretName: google-application-credential
216.  
217. ## Build Container specific configuration
218. ##
219. builds:
220. # cpuLimit: 200m
221. # memoryLimit: 256Mi
222. cpuRequests: 100m
223. memoryRequests: 128Mi
224.  
225. ## Service Container specific configuration
226. ##
227. services:
228. # cpuLimit: 200m
229. # memoryLimit: 256Mi
230. cpuRequests: 100m
231. memoryRequests: 128Mi
232.  
233. ## Helper Container specific configuration
234. ##
235. helpers:
236. # cpuLimit: 200m
237. # memoryLimit: 256Mi
238. cpuRequests: 100m
239. memoryRequests: 128Mi
240. image: gitlab/gitlab-runner-helper:x86_64-latest
241.  
242. ## Service Account to be used for runners
243. ##
244. # serviceAccountName:
245.  
246. ## If Gitlab is not reachable through $CI_SERVER_URL
247. ##
248. # cloneUrl:
249.  
250. ## Specify node labels for CI job pods assignment
251. ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
252. ##
253. nodeSelector: {}
254. # gitlab: true
255.  
256. ## Configure resource requests and limits
257. ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
258. ##
259. resources:
260. # limits:
261. # memory: 256Mi
262. # cpu: 200m
263. requests:
264. memory: 128Mi
265. cpu: 100m
266.  
267. ## Affinity for pod assignment
268. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
269. ##
270. affinity: {}
271.  
272. ## Node labels for pod assignment
273. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
274. ##
275. nodeSelector: {}
276. # Example: The gitlab runner manager should not run on spot instances so you can assign
277. # them to the regular worker nodes only.
278. # node-role.kubernetes.io/worker: "true"
279.  
280. ## List of node taints to tolerate (requires Kubernetes >= 1.6)
281. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
282. ##
283. tolerations: []
284. # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
285. # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
286. # - key: "node-role.kubernetes.io/worker"
287. # operator: "Exists"
288.  
289. ## Configure environment variables that will be present when the registration command runs
290. ## This provides further control over the registration process and the config.toml file
291. ## ref: `gitlab-runner register --help`
292. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
293. ##
294. envVars:
295. - name: RUNNER_EXECUTOR
296. value: kubernetes