gitlab runner operator部署配置
背景说明
由于公司管理的git runner资源不足,导致并发的任务比较多时,出现大面积的排队,比较影响效率。基于此问题,我们可以自建一部分Runner给到相应的仓库使用。这里我们有自建的
在k8s集群自建Runner
先决条件
- Kubernetes v1.21 及更高版本
- Cert manager v1.7.1
安装配置Operator
- 安装OLM(Operator Lifecycle Manager)
curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.32.0/install.sh | bash -s v0.32.0
# 如果下载了install.sh,可以直接执行 chmod +x install.sh && ./install.sh v0.32.0
root@yuhaohao-10-10-7-19:~# kubectl get pod -n olm
NAME READY STATUS RESTARTS AGE
catalog-operator-55894c8cf8-d84vw 1/1 Running 0 3d
olm-operator-6946d4b877-t55w6 1/1 Running 0 3d
operatorhubio-catalog-nvq9q 1/1 Running 0 17h
packageserver-64fdd96cbb-ggpnh 1/1 Running 0 3d
packageserver-64fdd96cbb-s7r59 1/1 Running 0 3d
2.安装Operator
kubectl create -f https://operatorhub.io/install/gitlab-runner-operator.yaml
3.查看安装的资源
root@yuhaohao-10-10-7-19:~# kubectl get csv -n operators
NAME DISPLAY VERSION REPLACES PHASE
gitlab-runner-operator.v1.37.0 GitLab Runner 1.37.0 gitlab-runner-operator.v1.36.0 Succeeded
root@yuhaohao-10-10-7-19:~# kubectl get pod -n operators
NAME READY STATUS RESTARTS AGE
gitlab-runner-gitlab-runnercontroller-manager-84d6f69dc8-7nsdc 2/2 Running 0 3d
安装配置Gitlab Runner
1.安装minio
# 这里为了实现gitlab runner的缓存,提高构建效率,可以部署minio作为gitlab runner的缓存
# 这里我们安装的是minio 12.9.0版本
# 这里我们可以基于主机目录,配置StorageClass,实现动态PVC存储
# 配置local-path-provisioner
root@yuhaohao-10-10-7-19:~/minio-install# cat /home/yuhaohao/local-path.yaml
apiVersion: v1
kind: Namespace
metadata:
name: local-path-storage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: local-path-provisioner-role
namespace: local-path-storage
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: local-path-provisioner-role
rules:
- apiGroups: [""]
resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: local-path-provisioner-bind
namespace: local-path-storage
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-path-provisioner-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: local-path-provisioner
namespace: local-path-storage
spec:
replicas: 1
selector:
matchLabels:
app: local-path-provisioner
template:
metadata:
labels:
app: local-path-provisioner
spec:
serviceAccountName: local-path-provisioner-service-account
containers:
- name: local-path-provisioner
image: registry.test.com/test/rancher/local-path-provisioner:v0.0.31
imagePullPolicy: IfNotPresent
command:
- local-path-provisioner
- --debug
- start
- --config
- /etc/config/config.json
volumeMounts:
- name: config-volume
mountPath: /etc/config/
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_MOUNT_PATH
value: /etc/config/
volumes:
- name: config-volume
configMap:
name: local-path-config
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-path
provisioner: rancher.io/local-path
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
kind: ConfigMap
apiVersion: v1
metadata:
name: local-path-config
namespace: local-path-storage
data:
config.json: |-
{
"nodePathMap":[
{
"node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
"paths":["/data"]
}
]
}
setup: |-
#!/bin/sh
set -eu
mkdir -m 0777 -p "$VOL_DIR"
teardown: |-
#!/bin/sh
set -eu
rm -rf "$VOL_DIR"
helperPod.yaml: |-
apiVersion: v1
kind: Pod
metadata:
name: helper-pod
spec:
priorityClassName: system-node-critical
tolerations:
- key: node.kubernetes.io/disk-pressure
operator: Exists
effect: NoSchedule
containers:
- name: helper-pod
image: registry.test.com/test/busybox
imagePullPolicy: IfNotPresent
$ kubectl apply -f local-path.yaml
$ kubectl get pod -n local-path-storage
NAME READY STATUS RESTARTS AGE
local-path-provisioner-6bf6d4456b-f9sbr 1/1 Running 0 3d
$ kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
local-path rancher.io/local-path Delete WaitForFirstConsumer false 16d
# 创建minio所需的pvc
$ cat gitlab-runner-minio-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
name: gitlab-runner-minio-pvc
namespace: gitlab-runner
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: local-path
volumeMode: Filesystem
$ kubectl apply -f gitlab-runner-minio-pvc.yaml
$ kubectl get pvc -n gitlab-runner
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE
gitlab-runner-minio-pvc Bound pvc-31430c05-16cc-4441-814b-7aae70b7b134 100Gi RWO local-path <unset> 15d
# 部署minio
$ cat minio-values.yaml
root@yuhaohao-10-10-7-19:~/minio-install# cat minio-values.yaml
image:
registry: registry.test.com
repository: test/bitnami/minio
tag: 2023.11.1-debian-11-r0
pullPolicy: IfNotPresent
fullnameOverride: "minio"
auth:
rootUser: admin
rootPassword: "minio12345"
defaultBuckets: "gitlab"
persistence:
## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir
##
enabled: true
storageClass: ""
## @param persistence.mountPath Data volume mount path
mountPath: /bitnami/minio/data
accessModes:
- ReadWriteOnce
size: 100Gi
## @param persistence.annotations Annotations for the PVC
##
annotations: {}
## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode)
##
existingClaim: "gitlab-runner-minio-pvc"
$ helm install -f minio-values.yaml minio ./minio -n gitlab-runner
root@yuhaohao-10-10-7-19:~/minio-install# kubectl get pod -n gitlab-runner
NAME READY STATUS RESTARTS AGE
minio-6d947866f5-rhmwz 1/1 Running 0 3d
2.安装gitlab runner
# 配置通用的runner配置信息
# 注意pre_clone_script 这里的配置是为了解决`Git LFS is not enabled on this GitLab server`的报错
$ cat custom.yaml
apiVersion: v1
data:
config.toml: |-
[[runners]]
environment = ["GIT_LFS_SKIP_SMUDGE=1"]
pre_clone_script = """
echo "Setting up secrets"
################## run in runner-helper
echo "######### ${GITLAB_USER_LOGIN}"
git config --global lfs.url "https://lfs.test.com"
git config --global credential.helper store
echo "https://test:test@lfs.test.com" >> $HOME/.git-credentials
mkdir -pv $HOME/.ssh >> /dev/null
chmod 700 $HOME/.ssh
echo -e "Host gitlab.testcom\n\tStrictHostKeyChecking no\n" >> $HOME/.ssh/config
"""
[runners.kubernetes]
image_pull_secrets = ["inner"]
pull_policy = "if-not-present"
privileged = true
[runners.kubernetes.node_selector]
"ci-node" = "True"
[runners.kubernetes.node_tolerations]
"ci-node=true" = "NoSchedule"
kind: ConfigMap
metadata:
name: runner-custom-config
namespace: gitlab-runner
# 配置minio的secret
$ cat minio-secret.yaml
---
apiVersion: v1
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM0NQ==
kind: Secret
metadata:
name: minio-secret-for-runner
namespace: gitlab-runner
type: Opaque
# 配置拉取镜像的secrets
$ cat secrets-inner.yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyjkjkj9ib3QuZG9ja2VyIiwicGFzc3dvcmQiOiJTVGFpMjAyMy5kayIsImF1dGgiOiJkbWx3WlhJdWNtOWliM1F1Wkc5amEyVnlPbE5VWVdreU1ESXpMbVJyIn19fQ==
kind: Secret
metadata:
name: inner
namespace: gitlab-runner
type: kubernetes.io/dockerconfigjson
# 配置具体的runner
$ cat test-runner.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-runner-secret-test
namespace: gitlab-runner
type: Opaque
stringData:
runner-registration-token: ""
runner-token: "glrt-t2_73uew3jtestEhDM" # 注意,这里是gitlab runner注册的token
---
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
name: test
namespace: gitlab-runner
spec:
logLevel: debug
# 这里,不要用gitlab-runner-ocp 13.x版本,会有重启runner后,runner无法重新注册连接的问题。
runnerImage: "registry.test.com/test/gitlab-runner-ocp:v17.4.0"
gitlabUrl: https://gitlab.test.com/
buildImage: alpine
helperImage: registry.test.com/test/gitlab-runner-helper:ubuntu-x86_64-v17.5.1
concurrent: 50
token: gitlab-runner-secret-test
tags: "test"
locked: true
cacheType: s3
cacheShared: true
s3:
server: minio:9000
credentials: minio-secret-for-runner
bucket: sumo19
insecure: true
config: runner-custom-config
$ kubectl apply -f .
# 查看runner
$ kubectl get pod -n gitlab-runner
NAME READY STATUS RESTARTS AGE
minio-6d947866f5-rhmwz 1/1 Running 0 3d1h
test-runner-7475ddc7f-nn7xh 1/1 Running 0 15h
运行测试
gitlab runner operator部署配置的更多相关文章
- 用GitLab Runner自动部署GitBook并不难
相信很多程序员喜欢用 GitBook 来写电子书.教程或者博客,看了不少文章,貌似都缺少说明如何将 GitBook 部署到版本库,并自动在服务器上 build,然后将生成的静态网站部署到云服务器上. ...
- Gitlab + Gitlab runner + Window powershell
需求说明 根据领导要求,要把python 项目移到Gitlab 进行管理,并利用Gitlab CI/CD 进行自动化测试,打包,部署.(听起来很简单吧) 比较头大,完全没有经验,python 也是刚上 ...
- GitLab Runner部署(kubernetes环境)
欢迎访问我的GitHub https://github.com/zq2599/blog_demos 内容:所有原创文章分类汇总及配套源码,涉及Java.Docker.Kubernetes.DevOPS ...
- 超详细Gitlab Runner环境配置中文教程
配置GitlabRunner环境 GitLab Runner 是一个开源项目, 它用来运行你定制的任务(jobs)并把结果返回给 GitLab. GitLab Runner 配合GitLab CI(G ...
- [转] Gitlab 8.x runner安装与配置
[From]http://muchstudy.com/2018/07/13/Gitlab-8-x-runner%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE ...
- 使用gitlab runner 进行CI(二):gitlab runner的安装与配置
参考 https://docs.gitlab.com/runner/install/index.html,可以选择与gitlab相同的版本. gitlab runner可以通过安装binary包或do ...
- gitlab runner 配置
gitlab runnerhttps://scarletsky.github.io/2016/07/29/use-gitlab-ci-for-continuous-integration/https: ...
- Gitlab Runner实现CI/CD自动化部署asp.net core应用
环境说明 一台git服务器(192.168.169.7),安装gitlab,docker. 一台web服务器(192.168.169.6),安装git,gitlab runner,docker,dot ...
- 使用Gitlab实现自动化部署与持续集成
Gitlab-Ci运行原理: 由以下两个模块组成gitlab-ci servergitlab-ci-runner其中,gitlab-ci server负责调度.触发Runner,以及获取返回结果. 而 ...
- 使用GitLab CI + Capistrano部署CakePHP应用程序
使用GitLab CI + Capistrano部署CakePHP应用程序 摘要:本文描述了如使用GitLab CI + Capistrano部署CakePHP应用程序. 目录 1. 问题2. 解决方 ...
随机推荐
- 栈的应用(后进先出 LIFO)--括号匹配问题
博客地址:https://www.cnblogs.com/zylyehuo/ # -*- coding: utf-8 -*- class Stack: def __init__(self): self ...
- Code Runner MCP Server,来了!
大家好!我是韩老师. 如果作为程序员的你,还不了解 MCP (Model Context Protocol) 的话,那韩老师劝你赶紧去补补课吧! 本文不对 MCP 进行详细介绍~ 简单来说,MCP i ...
- 深入浅出CPU眼中的函数调用&栈溢出攻击
深入浅出CPU眼中的函数调用--栈溢出攻击 原理解读 函数调用,大家再耳熟能详了,我们先看一个最简单的函数: #include <stdio.h> #include <stdlib. ...
- Oracle AI应用的LLM模型典型配置
最近在做一些基于Oracle的一些AI应用测试工作,AI肯定离不开配置LLM相关,虽然是简单配置类,但实际还是遇到一些卡点,记录下来供今后参考. 1.配置Embedding模型 2.特殊语法传参JSO ...
- WebKit Inside: 渲染树
经过CSS的匹配,就要进入渲染树的构建. 渲染树也叫RenderObject树,因为渲染树上每一个节点,都是RenderObject的子类. 首先来看一下RenderObject的继承类图. 1 Re ...
- gitee 删库跑路的正确打开方式
前言 又是一个周一, 阳光一点都不明媚... 码云 gitee.com 五群 (QQ群号: 515965326) 又发生了一起删库跑路事件(手动滑稽). 手动部分截图 看图说话 为了更好的复现完整的流 ...
- Spring AI与DeepSeek实战三:打造企业知识库
一.概述 企业应用集成大语言模型(LLM)落地的两大痛点: 知识局限性:LLM依赖静态训练数据,无法覆盖实时更新或垂直领域的知识: 幻觉:当LLM遇到训练数据外的提问时,可能生成看似合理但错误的内容. ...
- adb环境配置笔记
adb环境配置不需要先配置好jdk,然后配置adb环境,才能命令行运行adb https://blog.csdn.net/shengmer/article/details/79027828 https ...
- Robot Framework原生库的编辑与应用
RF有一些操作指令不存在,需要自己添加方法,比如selenium里有click_and_hold指令(鼠标保持点击状态)而RF内没有.所以需要在库文件里加入这个方法 C:\Python27\Lib\s ...
- MySQL 中的 MVCC 是什么?
MySQL 中的 MVCC 是什么? MVCC(Multi-Version Concurrency Control) 是 MySQL 数据库用来处理并发访问的技术,特别是在 InnoDB 存储引擎中, ...