gitlab runner operator部署配置
背景说明
由于公司管理的git runner资源不足,导致并发的任务比较多时,出现大面积的排队,比较影响效率。基于此问题,我们可以自建一部分Runner给到相应的仓库使用。这里我们有自建的
在k8s集群自建Runner
先决条件
- Kubernetes v1.21 及更高版本
- Cert manager v1.7.1
安装配置Operator
- 安装OLM(Operator Lifecycle Manager)
curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.32.0/install.sh | bash -s v0.32.0
# 如果下载了install.sh,可以直接执行 chmod +x install.sh && ./install.sh v0.32.0
root@yuhaohao-10-10-7-19:~# kubectl get pod -n olm
NAME READY STATUS RESTARTS AGE
catalog-operator-55894c8cf8-d84vw 1/1 Running 0 3d
olm-operator-6946d4b877-t55w6 1/1 Running 0 3d
operatorhubio-catalog-nvq9q 1/1 Running 0 17h
packageserver-64fdd96cbb-ggpnh 1/1 Running 0 3d
packageserver-64fdd96cbb-s7r59 1/1 Running 0 3d
2.安装Operator
kubectl create -f https://operatorhub.io/install/gitlab-runner-operator.yaml
3.查看安装的资源
root@yuhaohao-10-10-7-19:~# kubectl get csv -n operators
NAME DISPLAY VERSION REPLACES PHASE
gitlab-runner-operator.v1.37.0 GitLab Runner 1.37.0 gitlab-runner-operator.v1.36.0 Succeeded
root@yuhaohao-10-10-7-19:~# kubectl get pod -n operators
NAME READY STATUS RESTARTS AGE
gitlab-runner-gitlab-runnercontroller-manager-84d6f69dc8-7nsdc 2/2 Running 0 3d
安装配置Gitlab Runner
1.安装minio
# 这里为了实现gitlab runner的缓存,提高构建效率,可以部署minio作为gitlab runner的缓存
# 这里我们安装的是minio 12.9.0版本
# 这里我们可以基于主机目录,配置StorageClass,实现动态PVC存储
# 配置local-path-provisioner
root@yuhaohao-10-10-7-19:~/minio-install# cat /home/yuhaohao/local-path.yaml
apiVersion: v1
kind: Namespace
metadata:
name: local-path-storage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: local-path-provisioner-role
namespace: local-path-storage
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: local-path-provisioner-role
rules:
- apiGroups: [""]
resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: local-path-provisioner-bind
namespace: local-path-storage
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-path-provisioner-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: local-path-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: local-path-provisioner
namespace: local-path-storage
spec:
replicas: 1
selector:
matchLabels:
app: local-path-provisioner
template:
metadata:
labels:
app: local-path-provisioner
spec:
serviceAccountName: local-path-provisioner-service-account
containers:
- name: local-path-provisioner
image: registry.test.com/test/rancher/local-path-provisioner:v0.0.31
imagePullPolicy: IfNotPresent
command:
- local-path-provisioner
- --debug
- start
- --config
- /etc/config/config.json
volumeMounts:
- name: config-volume
mountPath: /etc/config/
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_MOUNT_PATH
value: /etc/config/
volumes:
- name: config-volume
configMap:
name: local-path-config
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-path
provisioner: rancher.io/local-path
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
kind: ConfigMap
apiVersion: v1
metadata:
name: local-path-config
namespace: local-path-storage
data:
config.json: |-
{
"nodePathMap":[
{
"node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
"paths":["/data"]
}
]
}
setup: |-
#!/bin/sh
set -eu
mkdir -m 0777 -p "$VOL_DIR"
teardown: |-
#!/bin/sh
set -eu
rm -rf "$VOL_DIR"
helperPod.yaml: |-
apiVersion: v1
kind: Pod
metadata:
name: helper-pod
spec:
priorityClassName: system-node-critical
tolerations:
- key: node.kubernetes.io/disk-pressure
operator: Exists
effect: NoSchedule
containers:
- name: helper-pod
image: registry.test.com/test/busybox
imagePullPolicy: IfNotPresent
$ kubectl apply -f local-path.yaml
$ kubectl get pod -n local-path-storage
NAME READY STATUS RESTARTS AGE
local-path-provisioner-6bf6d4456b-f9sbr 1/1 Running 0 3d
$ kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
local-path rancher.io/local-path Delete WaitForFirstConsumer false 16d
# 创建minio所需的pvc
$ cat gitlab-runner-minio-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
name: gitlab-runner-minio-pvc
namespace: gitlab-runner
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: local-path
volumeMode: Filesystem
$ kubectl apply -f gitlab-runner-minio-pvc.yaml
$ kubectl get pvc -n gitlab-runner
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE
gitlab-runner-minio-pvc Bound pvc-31430c05-16cc-4441-814b-7aae70b7b134 100Gi RWO local-path <unset> 15d
# 部署minio
$ cat minio-values.yaml
root@yuhaohao-10-10-7-19:~/minio-install# cat minio-values.yaml
image:
registry: registry.test.com
repository: test/bitnami/minio
tag: 2023.11.1-debian-11-r0
pullPolicy: IfNotPresent
fullnameOverride: "minio"
auth:
rootUser: admin
rootPassword: "minio12345"
defaultBuckets: "gitlab"
persistence:
## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir
##
enabled: true
storageClass: ""
## @param persistence.mountPath Data volume mount path
mountPath: /bitnami/minio/data
accessModes:
- ReadWriteOnce
size: 100Gi
## @param persistence.annotations Annotations for the PVC
##
annotations: {}
## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode)
##
existingClaim: "gitlab-runner-minio-pvc"
$ helm install -f minio-values.yaml minio ./minio -n gitlab-runner
root@yuhaohao-10-10-7-19:~/minio-install# kubectl get pod -n gitlab-runner
NAME READY STATUS RESTARTS AGE
minio-6d947866f5-rhmwz 1/1 Running 0 3d
2.安装gitlab runner
# 配置通用的runner配置信息
# 注意pre_clone_script 这里的配置是为了解决`Git LFS is not enabled on this GitLab server`的报错
$ cat custom.yaml
apiVersion: v1
data:
config.toml: |-
[[runners]]
environment = ["GIT_LFS_SKIP_SMUDGE=1"]
pre_clone_script = """
echo "Setting up secrets"
################## run in runner-helper
echo "######### ${GITLAB_USER_LOGIN}"
git config --global lfs.url "https://lfs.test.com"
git config --global credential.helper store
echo "https://test:test@lfs.test.com" >> $HOME/.git-credentials
mkdir -pv $HOME/.ssh >> /dev/null
chmod 700 $HOME/.ssh
echo -e "Host gitlab.testcom\n\tStrictHostKeyChecking no\n" >> $HOME/.ssh/config
"""
[runners.kubernetes]
image_pull_secrets = ["inner"]
pull_policy = "if-not-present"
privileged = true
[runners.kubernetes.node_selector]
"ci-node" = "True"
[runners.kubernetes.node_tolerations]
"ci-node=true" = "NoSchedule"
kind: ConfigMap
metadata:
name: runner-custom-config
namespace: gitlab-runner
# 配置minio的secret
$ cat minio-secret.yaml
---
apiVersion: v1
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM0NQ==
kind: Secret
metadata:
name: minio-secret-for-runner
namespace: gitlab-runner
type: Opaque
# 配置拉取镜像的secrets
$ cat secrets-inner.yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyjkjkj9ib3QuZG9ja2VyIiwicGFzc3dvcmQiOiJTVGFpMjAyMy5kayIsImF1dGgiOiJkbWx3WlhJdWNtOWliM1F1Wkc5amEyVnlPbE5VWVdreU1ESXpMbVJyIn19fQ==
kind: Secret
metadata:
name: inner
namespace: gitlab-runner
type: kubernetes.io/dockerconfigjson
# 配置具体的runner
$ cat test-runner.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-runner-secret-test
namespace: gitlab-runner
type: Opaque
stringData:
runner-registration-token: ""
runner-token: "glrt-t2_73uew3jtestEhDM" # 注意,这里是gitlab runner注册的token
---
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
name: test
namespace: gitlab-runner
spec:
logLevel: debug
# 这里,不要用gitlab-runner-ocp 13.x版本,会有重启runner后,runner无法重新注册连接的问题。
runnerImage: "registry.test.com/test/gitlab-runner-ocp:v17.4.0"
gitlabUrl: https://gitlab.test.com/
buildImage: alpine
helperImage: registry.test.com/test/gitlab-runner-helper:ubuntu-x86_64-v17.5.1
concurrent: 50
token: gitlab-runner-secret-test
tags: "test"
locked: true
cacheType: s3
cacheShared: true
s3:
server: minio:9000
credentials: minio-secret-for-runner
bucket: sumo19
insecure: true
config: runner-custom-config
$ kubectl apply -f .
# 查看runner
$ kubectl get pod -n gitlab-runner
NAME READY STATUS RESTARTS AGE
minio-6d947866f5-rhmwz 1/1 Running 0 3d1h
test-runner-7475ddc7f-nn7xh 1/1 Running 0 15h
运行测试
gitlab runner operator部署配置的更多相关文章
- 用GitLab Runner自动部署GitBook并不难
相信很多程序员喜欢用 GitBook 来写电子书.教程或者博客,看了不少文章,貌似都缺少说明如何将 GitBook 部署到版本库,并自动在服务器上 build,然后将生成的静态网站部署到云服务器上. ...
- Gitlab + Gitlab runner + Window powershell
需求说明 根据领导要求,要把python 项目移到Gitlab 进行管理,并利用Gitlab CI/CD 进行自动化测试,打包,部署.(听起来很简单吧) 比较头大,完全没有经验,python 也是刚上 ...
- GitLab Runner部署(kubernetes环境)
欢迎访问我的GitHub https://github.com/zq2599/blog_demos 内容:所有原创文章分类汇总及配套源码,涉及Java.Docker.Kubernetes.DevOPS ...
- 超详细Gitlab Runner环境配置中文教程
配置GitlabRunner环境 GitLab Runner 是一个开源项目, 它用来运行你定制的任务(jobs)并把结果返回给 GitLab. GitLab Runner 配合GitLab CI(G ...
- [转] Gitlab 8.x runner安装与配置
[From]http://muchstudy.com/2018/07/13/Gitlab-8-x-runner%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE ...
- 使用gitlab runner 进行CI(二):gitlab runner的安装与配置
参考 https://docs.gitlab.com/runner/install/index.html,可以选择与gitlab相同的版本. gitlab runner可以通过安装binary包或do ...
- gitlab runner 配置
gitlab runnerhttps://scarletsky.github.io/2016/07/29/use-gitlab-ci-for-continuous-integration/https: ...
- Gitlab Runner实现CI/CD自动化部署asp.net core应用
环境说明 一台git服务器(192.168.169.7),安装gitlab,docker. 一台web服务器(192.168.169.6),安装git,gitlab runner,docker,dot ...
- 使用Gitlab实现自动化部署与持续集成
Gitlab-Ci运行原理: 由以下两个模块组成gitlab-ci servergitlab-ci-runner其中,gitlab-ci server负责调度.触发Runner,以及获取返回结果. 而 ...
- 使用GitLab CI + Capistrano部署CakePHP应用程序
使用GitLab CI + Capistrano部署CakePHP应用程序 摘要:本文描述了如使用GitLab CI + Capistrano部署CakePHP应用程序. 目录 1. 问题2. 解决方 ...
随机推荐
- go 结构体根据某个字段进行排序
前言 在任何编程语言中,关乎到数据的排序都会有对应的策略,我们来看下 Golang 是怎样对数据进行排序,以及我们如何优化处理使用 go 排序 go 可以针对任何对象排序,虽然很多情况下是一个 sli ...
- Java基于XXLJOB的定时任务实现阶梯式通知方式
数据库表设计 CREATE TABLE `tx_order_push_info` ( `order_no` varchar(64) DEFAULT NULL COMMENT '交易单号', `orde ...
- 边缘检测及Canny算法
对边缘的直观理解 边缘有助于我们对图像进行语义理解.直观上,边缘发生在图像强度值变化剧烈的地方 如何描述变化?自然是用导数/梯度 如上图,我们对图中的信号在水平方向上求导,可以得到右侧的导数图像,可以 ...
- 响应式编程之Project Reactor
Project Reactor作为响应式编程范式的核心实现框架,严格遵循Reactive Streams规范体系,其架构设计完整包含了规范定义的四个核心组件:Publisher(数据源).Subscr ...
- Visual Studio 外部工具中添加 git-bash
引言 旧版的 Visual Studio 没有集成 git 工具,并且自己也习惯用 git-bash 命令行来操作, 那么如何在旧版的 Visual Studio 快速打开 git-bash 终端呢? ...
- 如何在Ubuntu系统中重置root密码
很多人有个问题,就是喜欢把密码设置得很长很复杂,结果谁也没防住,却成功防住了自己 ヽ(.◕ฺˇд ˇ◕ฺ;)ノ 对于现代人,特别是年轻人,都有过忘记密码的经历吧.在这篇文章中,我们来了解如何在 Ubu ...
- 『Plotly实战指南』--箱线图绘制与应用
在数据可视化领域,箱线图(Box Plot)是一种强大的工具,用于展示数据的分布特征.集中趋势以及异常值. 它不仅能够快速揭示数据的偏态.离散程度,还能帮助我们识别潜在的数据问题. 本文将从基础绘制到 ...
- mybatis的模糊查询的实现方式
一.比较灵活 1:xml的配置 <select id="selectUserByUsername1" parameterType="string" res ...
- MongoDB学习(二)
MongoDB基本操作 查看数据库 语法: show databases 选择数据库 语法:use 数据库名 注意:在MongoDB中选择不存在的数据库不会报错,后期当该数据库有数据时,系统会自动创建 ...
- 全局搜索——Lucene.net 项目
1.GitHub - LonghronShen/Lucene.Net.Analysis.PanGu at netcore 2.Net Core使用Lucene.Net和盘古分词器 实现全文检索 - t ...