kubernetes 部署文件 - gitlab-runner

apiVersion: v1kind: ServiceAccountmetadata:labels:k8s-app: gitlab-runnername: gitlab-runnernamespace: gitlab---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmeta...

kunyus

476人浏览 · 2019-02-28 19:26:05

kunyus · 2019-02-28 19:26:05 发布

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: gitlab-runner
  name: gitlab-runner
  namespace: gitlab

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-runner
  namespace: gitlab
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab-runner
  namespace: gitlab

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
    concurrent = 10
    check_interval = 0

    [[runners]]
    name = "Kubernetes global runner"
    url = "https://git.huoys.com/"
    token = "1249303cd023150a51c66e93cdcfa5"
    executor = "kubernetes"
    [runners.cache]
    [runners.kubernetes]
        image = "alpine"
        privileged = false
        namespace = "gitlab"
        namespace_overwrite_allowed = ""
        bearer_token_overwrite_allowed = false
        service_account = "gitlab-runner"
        service_account_overwrite_allowed = ""
        pod_annotations_overwrite_allowed = ""
        [[runners.kubernetes.volumes.host_path]]
            name = "hosts"
            mount_path = "/etc/hosts"
            read_only = true
            host_path = "/etc/hosts"
  git.huoys.com.crt: |    
    -----BEGIN CERTIFICATE-----
    MIICXTCCAcYCCQCYHOYqK1PRyzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
    UzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5zd2FycDETMBEGA1UECgwK
    aVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEWMBQGA1UEAwwNZ2l0Lmh1
    b3lzLmNvbTAeFw0xODA4MDYxMDE2NDlaFw0yODA4MDMxMDE2NDlaMHMxCzAJBgNV
    BAYTAlVTMQ0wCwYDVQQIDARNYXJzMRMwEQYDVQQHDAppVHJhbnN3YXJwMRMwEQYD
    VQQKDAppVHJhbnN3YXJwMRMwEQYDVQQLDAppVHJhbnN3YXJwMRYwFAYDVQQDDA1n
    aXQuaHVveXMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWYwIWGwJk
    ljXfy8oWhYkmWshAzZBj8WTDEErfQhv8ADKIhiUhUdhhiqO5dMY78jNgZsaBVwXD
    7YfCVGqw91ZyiivuED9RfCADmFNLtpyVnYtlzXf36OQxEHniOXYMzLsEt+niacoB
    J8dwer0VwjcP7V9qh+jMbkxNMFhJCi4nswIDAQABMA0GCSqGSIb3DQEBCwUAA4GB
    AHxEqAHfz2u+wH9Id8kmFvbYaZm1uHp9NO4fWDiESL9tEfkGMwrxPPdJh2YUpRm7
    XHFtkKVqf/JG4mWrotdVF0/XdsE/lS5pVul0anlV32hfvyhEytQk1pSq0ndeoVGm
    8+7I2EUv5NMQDInNPfa4qDn/31hgmoNRG+WZ/tLLtvqE
    -----END CERTIFICATE-----

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: gitlab-runner
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab-runner
  template:
    metadata:
      labels:
        name: gitlab-runner
    spec:
      hostAliases:
        - ip: 172.13.0.51
          hostnames:
            - git.huoys.com
            - apiserver.k8s.com
      containers:
      - args:
        - run
        image: gitlab/gitlab-runner:latest
        name: gitlab-runner
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
        - mountPath: /etc/ssl/certs/ca-certificates.crt
          name: certs
          subPath: ca-certificates.crt
      restartPolicy: Always
      serviceAccountName: gitlab-runner
      volumes:
      - name: config
        configMap:
          name: gitlab-runner
          items:
           - key: config.toml
             path: config.toml
      - name: certs
        configMap:
          name: gitlab-runner
          items:
           - key: git.huoys.com.crt
             path: ca-certificates.crt