README
¶
uds-capability-gitlab-runner
Platform One Gitlab Runner deployed via flux
Prerequisites
General
- Gitlab is deployed and running in the cluster
- Create
gitlab-runner-sandboxnamespace - Label
gitlab-runner-sandboxnamespace withistio-injection: enabled&zarf.dev/agent: ignore - Create an
rbacfile for thegitlab-runnerservice account - Replace zarf-created
ImagePullSecret- See below
ImagePullSecret
By default Zarf will create an ImagePullSecret in any new namespace in the cluster called private-registry. Since
we have specified that the gitlab-runner-sandbox namespace will not be using the zarf registry that secret must be deleted.
However, the CI job pods will still require one that has the required credentials for where you expect your users to want to pull
CI images from.
- Delete the
secretcalledprivate-registryin thegitlab-runner-sandboxnamespace - Create an
ImagePullSecrettypesecretcalledprivate-registryin thegitlab-runner-sandboxwith the credentials required- Example using kubectl:
kubectl create secret generic private-registry --from-file=$(printf ~/.docker/config.json) --type=kubernetes.io/dockerconfigjson -n gitlab-runner-sandbox
RBAC file
- The
rbac.yamlshould create aClusterRolewith the namegitlab-runner-sandboxand the following values:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner-sandbox
rules:
- apiGroups: [""]
resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create", "patch", "delete"]
- The
ClusterRoleshould then be bound using aRoleBindingin thegitlab-runner-sandboxnamespace to the service account thatgitlab-runneruses example:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner-sandbox
namespace: gitlab-runner-sandbox
subjects:
- kind: ServiceAccount
name: default
namespace: gitlab-runner
roleRef:
apiGroup: ""
kind: ClusterRole
name: gitlab-runner-sandbox
Deploy
Use zarf to login to the needed registries i.e. registry1.dso.mil and ghcr.io
# Download Zarf
make build/zarf
# Login to the registry
set +o history
# registry1.dso.mil (To access registry1 images needed during build time)
export REGISTRY1_USERNAME="YOUR-USERNAME-HERE"
export REGISTRY1_TOKEN="YOUR-TOKEN-HERE"
echo $REGISTRY1_TOKEN | build/zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin
set -o history
Build and Deploy Everything via Makefile and local package
# This will run make build/all, make cluster/reset, and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it.
make all
Declare This Package In Your UDS Bundle
Below is an example of how to use this projects zarf package in your UDS Bundle
kind: UDSBundle
metadata:
name: example-bundle
description: An Example UDS Bundle
version: 0.0.1
architecture: amd64
zarf-packages:
# Gitlab Runner
- name: gitlab-runner
repository: ghcr.io/defenseunicorns/uds-capability/gitlab-runner
ref: x.x.x
Directories
¶
| Path | Synopsis |
|---|---|
|
test
|
|
|
e2e/terratest/teststructure
Package teststructure is customized test-structure code based on https://github.com/gruntwork-io/terratest/tree/5913a2925623d3998841cb25de7b26731af9ab13 that fixes the issue identified in https://github.com/gruntwork-io/terratest/issues/1135
|
Package teststructure is customized test-structure code based on https://github.com/gruntwork-io/terratest/tree/5913a2925623d3998841cb25de7b26731af9ab13 that fixes the issue identified in https://github.com/gruntwork-io/terratest/issues/1135 |
|
e2e/types
Package types contains the types that are used in the e2e tests
|
Package types contains the types that are used in the e2e tests |
|
e2e/utils
Package utils contains helper functions for the e2e tests
|
Package utils contains helper functions for the e2e tests |
Click to show internal directories.
Click to hide internal directories.