Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running on GitLab CI using Kubernetes runner #31

Open
mitar opened this issue Jan 27, 2021 · 2 comments
Open

Running on GitLab CI using Kubernetes runner #31

mitar opened this issue Jan 27, 2021 · 2 comments

Comments

@mitar
Copy link

mitar commented Jan 27, 2021
edited
Loading

So existing example configuration works well with GitLab.com shared runners. But if you want to use your own runner, a Kubernetes runner, then it seems there are some issues. First, this applies. I addressed it by adding:

[[runners.kubernetes.volumes.host_path]]
  name = "modules"
  mount_path = "/lib/modules"
  host_path = "/lib/modules"
  read_only = true
[[runners.kubernetes.volumes.host_path]]
  name = "cgroup"
  mount_path = "/sys/fs/cgroup"
  host_path = "/sys/fs/cgroup"
  read_only = true

I set cgroup mount to read-only, too, because it has been reported that it works and it seems it does. This blog post documents more things to be done, but I am not sure how to do them on GitLab CI, or if they are even necessary.

Next issue was that modern Docker uses TLS, but I have not read this configuration in time, so I just ended up disabling it by having the following environment variables in my .gitlab-ci.yml:

variables:
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""

Next, Kubernetes runner sets environment variables like:

declare -x KUBERNETES_PORT="tcp://10.62.0.1:443"
declare -x KUBERNETES_PORT_443_TCP="tcp://10.62.0.1:443"
declare -x KUBERNETES_PORT_443_TCP_ADDR="10.62.0.1"
declare -x KUBERNETES_PORT_443_TCP_PORT="443"
declare -x KUBERNETES_PORT_443_TCP_PROTO="tcp"
declare -x KUBERNETES_SERVICE_HOST="10.62.0.1"
declare -x KUBERNETES_SERVICE_PORT="443"
declare -x KUBERNETES_SERVICE_PORT_HTTPS="443"

When using kubectl this means that it tries to connect to your external Kubernetes cluster and not to kind's. I had to add:

for name in $(printenv | grep "^KUBERNETES_" | cut -f1 -d=); do export -n $name; done

at the beginning of before_script and after_script sections in my CI job.

I have also added kind delete cluster at the end of after_script, as it seems it is necessary to cleanup things.
@adamrushuk
Copy link

If it's useful to have the TLS working too, I've just posted my working configuration for running kind in GitLab CI on Kubernetes.

@BenTheElder
Copy link
Contributor

thank you both for sharing 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mitar @BenTheElder @adamrushuk