Running GitLab-Runners on Kubernetes

In the DevOps era, where very much emphasis is placed on automation, having reliable, predictable and fast pipelines is a must. Fortunately, there are many options for you to try, like Jenkins, Buildbot, Drone, Concourse and so on. If you are trying to run jobs on k8s there is also the new Jenkins X available, which brings major changes to Jenkins, like running jobs in the cluster, but if you host your code on GitLab, you should use their CI/CD tool because it can save you a lot of time and money when done right.

The first step is to configure your projects to use the CI/CD pipeline offered by GitLab and after that you can start deploying. At first, you can use GitLab’s free shared runners, but if you are deploying your code when the servers are overcrowded, you are in for a world of hurt. To makes things easier, GitLab enables you to run jobs in your own cluster, and it is pretty simple to do so.

The first thing you need to do is to go to your project, then to Settings –> CI/CD –> Runners settings and fetch the URL and the token to use when creating your runner. Keep in mind, that this is not the token that you will place in your configuration file, it is just a token that registers your runner, which in turn generates another token that is used to identify it.

The next step is running a gitlab-runner container locally to configure you runner:

docker run --rm --entrypoint="" -it gitlab/gitlab-runner:latest bash

Once you are in the container run the following command:

gitlab-runner register

It will open a prompt where it will ask for the URL and token that you copied earlier. It will ask you for other things too, like:

  • Adding tags to your runner
  • Allowing untagged jobs to run
  • Lock this runner to this project

After finishing the registration, the command will generate a configuration file located in /etc/gitlab-runner/config.toml

This is the file that you will use when creating your runner pod on Kubernetes.

Store this configuration file in a ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
    concurrent = 4
    
    [[runners]]
      name = "Kubernetes Runner"
      url = "https://gitlab.com/"
      token = "xxxxx"
      executor = "kubernetes"
      [runners.cache]
      [runners.kubernetes]
        host = ""
        bearer_token_overwrite_allowed = false
        namespace = "gitlab"
        namespace_overwrite_allowed = ""
        privileged = true
        service_account_overwrite_allowed = ""
        pod_annotations_overwrite_allowed = ""

concurrent specifies the number of parallel jobs that the runner will run, and the privileged field should be set to true if you plan on using the docker:dind image as a service. If you do so, do not forget to set the DOCKER_HOST environment variable in your build container to tcp://localhost:2375 in your Settings –> CI/CD from your root directory where you can see all the projects.

After this you can pack the gitlab-runner into a deployment and mount the configmap like this:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: gitlab-runner
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab-runner
  template:
    metadata:
      labels:
        name: gitlab-runner
    spec:
      containers:
      - args:
        - run
        image: gitlab/gitlab-runner:latest
        imagePullPolicy: Always
        name: gitlab-runner
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
        - mountPath: /etc/ssl/certs
          name: cacerts
          readOnly: true
      restartPolicy: Always
      volumes:
      - configMap:
          name: gitlab-runner
        name: config
      - hostPath:
          path: /usr/share/ca-certificates/mozilla
        name: cacerts

Hope this helped you and happy deploying!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.