Runner
8 分钟阅读
简要概述
基于 gitlab 方案实现的自动化部署
官方代码仓库:https://gitlab.com/gitlab-org/gitlab-runner
配置示例
docker 执行器
[[runners]]
name = "test1"
url = "{gitlab url}"
id = 4
token = "{gitlab token}"
token_obtained_at = 2022-12-10T13:29:11Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
hsotname = "test-docker"
image = "registry.cn-hangzhou.aliyuncs.com/kube-image-repo/busybox:1.35.0"
pull_policy = "if-not-present"
helper_image = "registry.cn-hangzhou.aliyuncs.com/kube-image-repo/gitlab-runner-helper:x86_64-133d7e76"
kubernetes 执行器
[[runners]]
name = "test1"
url = "{gitlab url}"
id = 4
token = "{gitlab token}"
token_obtained_at = 2022-12-10T13:29:11Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "kubernetes"
[runners.custom_build_dir]
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.kubernetes]
host = "https://192.168.31.200:6443"
cert_file = "/etc/gitlab-runner/tls/client.crt"
key_file = "/etc/gitlab-runner/tls/client.key"
ca_file = "/etc/gitlab-runner/tls/ca.crt"
image = "registry.cn-hangzhou.aliyuncs.com/kube-image-repo/busybox:1.35.0"
pull_policy = "if-not-present"
namespace = "default"
[[runners.kubernetes.host_aliases]]
ip = "192.168.31.10"
hostnames = ["git.lmq.io"]
helper_image = "registry.cn-hangzhou.aliyuncs.com/kube-image-repo/gitlab-runner-helper:x86_64-133d7e76"
custom 执行器
[[runners]]
name = "test1"
url = "{gitlab url}"
id = 4
token = "{gitlab token}"
token_obtained_at = 2022-12-10T13:29:11Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "custom"
[runners.custom_build_dir]
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.custom]
config_exec = "/etc/gitlab-runner/custom/config.sh"
prepare_exec = "/etc/gitlab-runner/custom/config.sh"
run_exec = "/etc/gitlab-runner/custom/config.sh"
cleanup_exec = "/etc/gitlab-runner/custom/config.sh"
以上除 config.sh 脚本需返回特定 json 内容,其他可以是具体工作逻辑:
#!/usr/bin/env bash
cat << EOS
{
"builds_dir": "/builds/${CUSTOM_ENV_CI_CONCURRENT_PROJECT_ID}/${CUSTOM_ENV_CI_PROJECT_PATH_SLUG}",
"cache_dir": "/cache/${CUSTOM_ENV_CI_CONCURRENT_PROJECT_ID}/${CUSTOM_ENV_CI_PROJECT_PATH_SLUG}",
"builds_dir_is_shared": true,
"hostname": "custom-hostname",
"driver": {
"name": "test driver",
"version": "v0.0.1"
},
"job_env" : {
"CUSTOM_ENVIRONMENT": "example"
}
}
EOS
数据结构
这里主要指 “/etc/gitlab-runner/config.toml” 配置文件数据结构。
Config
type Config struct {
// 定义 Prometheus 指标 HTTP 服务器应该侦听的地址
ListenAddress string `toml:"listen_address,omitempty" json:"listen_address"`
// 仅配置后才开启,当 job 运行时可选择是否开启 debug
SessionServer SessionServer `toml:"session_server,omitempty" json:"session_server"`
// TODO; 限制可并行执行处理的任务数,如果小于1则当前没有任何job可以被处理
Concurrent int `toml:"concurrent" json:"concurrent"`
// 默认3秒,用于 runner 检查 job 的健康状态
CheckInterval int `toml:"check_interval" json:"check_interval"`
// 日志级别,可取:panic, fatal, error, warning, info, debug
LogLevel *string `toml:"log_level" json:"log_level"`
// 日志格式,可取:runner, text, json
LogFormat *string `toml:"log_format" json:"log_format"`
// TODO;
User string `toml:"user,omitempty" json:"user"`
// 定义一个具体runner
Runners []*RunnerConfig `toml:"runners" json:"runners"`
// sentry服务,异常捕获
SentryDSN *string `toml:"sentry_dsn"`
// 最大等待关闭的时间,默认30秒
ShutdownTimeout int `toml:"shutdown_timeout,omitempty" json:"shutdown_timeout"
}
SessionServer
https://docs.gitlab.cn/jh/ci/interactive_web_terminal/index.html
开启交付web终端,可用于job的调试。
type SessionServer struct {
ListenAddress string `toml:"listen_address,omitempty" json:"listen_address"`
AdvertiseAddress string `toml:"advertise_address,omitempty" json:"advertise_address"`
SessionTimeout int `toml:"session_timeout,omitempty" json:"session_timeout"`
}
RunnerConfig
type RunnerConfig struct {
// 该 Runner 的描述,如:dcim-k8s-c1
Name string `toml:"name"`
// 限制能够并发处理的作业数量,默认为0表示无限制
Limit int `toml:"limit,omitzero"`
// 最大构建日志大小(千字节),默认为 4096 (4MB)
OutputLimit int `toml:"output_limit,omitzero"`
// 新作业的并发请求限制数量,默认为1
RequestConcurrency int `toml:"request_concurrency,omitzero"`
// runner的认证配置
RunnerCredentials
RunnerSettings
}
RunnerCredentials
type RunnerCredentials struct {
// gitlab服务端的url地址
URL string `toml:"url"`
// TODO;
ID int64 `toml:"id"`
// 在runner注册的过程中生成的token
Token string `toml:"token"`
// TODO;
TokenObtainedAt time.Time `toml:"token_obtained_at"`
// TODO;
TokenExpiresAt time.Time `toml:"token_expires_at"`
// 使用 HTTPS 时,包含验证对端的证书的文件
TLSCAFile string `toml:"tls-ca-file,omitempty"`
TLSCertFile string `toml:"tls-cert-file,omitempty"`
TLSKeyFile string `toml:"tls-key-file,omitempty"`
}
RunnerSettings
type RunnerSettings struct {
// 设置runner的运行构建项目的方式,如:shell,docker 等
Executor string `toml:"executor"`
// 存储构建数据的绝对路径
BuildsDir string `toml:"builds_dir,omitempty"`
// 存储构建缓存的绝对路径
CacheDir string `toml:"cache_dir,omitempty"`
// 只有当 runner 无法连接 url 时使用
CloneURL string `toml:"clone_url,omitempty"`
// 自定义环境变量
Environment []string `toml:"environment,omitempty"`
// 克隆 Git 仓库前,Runner 上要执行的命令
PreCloneScript string `toml:"pre_clone_script,omitempty"`
// 克隆 Git 仓库和更新子模块前,Runner 上要执行的命令
PostCloneScript string `toml:"post_clone_script,omitempty"`
// 执行构建前,Runner 上要执行的命令
PreBuildScript string `toml:"pre_build_script,omitempty"`
// 执行构建后且执行 after_script 前,Runner 上要执行的命令
PostBuildScript string `toml:"post_build_script,omitempty"`
// 设置成 true 时,调试日志一直禁用,尽管 CI_DEBUG_TRACE 设置为 true
DebugTraceDisabled bool `toml:"debug_trace_disabled,omitempty"`
// Shell 执行器,构建时脚本运行使用的shell,如:bash
Shell string `toml:"shell,omitempty"`
// TODO;
CustomBuildDir *CustomBuildDir `toml:"custom_build_dir,omitempty"`
// 仅 docker-machine 支持
Referees *referees.Config `toml:"referees,omitempty"`
// TODO;
Cache *CacheConfig `toml:"cache,omitempty"`
// 开启的特性
// https://docs.gitlab.com/runner/configuration/feature-flags.html
FeatureFlags map[string]bool `toml:"feature_flags"`
// ssh 执行器
SSH *ssh.Config `toml:"ssh,omitempty" json:"ssh" group:"ssh executor" namespace:"ssh"`
// docker 执行器
Docker *DockerConfig `toml:"docker,omitempty" json:"docker" group:"docker executor" namespace:"docker"`
// 一般少用;parallels 执行器
Parallels *ParallelsConfig `toml:"parallels,omitempty" json:"parallels" group:"parallels executor" namespace:"parallels"`
// 一般少用;virtual box 执行器
VirtualBox *VirtualBoxConfig `toml:"virtualbox,omitempty" json:"virtualbox" group:"virtualbox executor" namespace:"virtualbox"`
// 一般少用;docker machine 执行器
Machine *DockerMachine `toml:"machine,omitempty" json:"machine" group:"docker machine provider" namespace:"machine"`
// k8s 执行器
Kubernetes *KubernetesConfig `toml:"kubernetes,omitempty" json:"kubernetes" group:"kubernetes executor" namespace:"kubernetes"`
// 一般少用;custom 执行器
Custom *CustomConfig `toml:"custom,omitempty" json:"custom" group:"custom executor" namespace:"custom"`
// TODO; 目前看仅有数据结构定义没有具体实现
Autoscaler *AutoscalerConfig `toml:"autoscaler,omitempty"`
}
CustomBuildDir
type CustomBuildDir struct {
Enabled bool `toml:"enabled,omitempty"`
}
referees.Config
仅 docker-machine 执行器支持
gitlab-org/gitlab-runner/referees.Config
type Config struct {
Metrics *MetricsRefereeConfig `toml:"metrics,omitempty"`
}
type MetricsRefereeConfig struct {
PrometheusAddress string `toml:"prometheus_address,omitempty"`
QueryInterval int `toml:"query_interval,omitempty"`
Queries []string `toml:"queries"`
}
CacheConfig
type CacheConfig struct {
Type string `toml:"Type,omitempty"`
Path string `toml:"Path,omitempty"`
Shared bool `toml:"Shared,omitempty"`
MaxUploadedArchiveSize int64 `toml:"MaxUploadedArchiveSize,omitempty"`
S3 *CacheS3Config `toml:"s3,omitempty" json:"s3" namespace:"s3"`
GCS *CacheGCSConfig `toml:"gcs,omitempty" json:"gcs" namespace:"gcs"`
Azure *CacheAzureConfig `toml:"azure,omitempty" json:"azure" namespace:"azure"`
}
type CacheS3Config struct {
ServerAddress string `toml:"ServerAddress,omitempty"`
AccessKey string `toml:"AccessKey,omitempty"`
SecretKey string `toml:"SecretKey,omitempty"`
BucketName string `toml:"BucketName,omitempty"`
BucketLocation string `toml:"BucketLocation,omitempty"`
Insecure bool `toml:"Insecure,omitempty"`
AuthenticationType S3AuthType `toml:"AuthenticationType,omitempty"`
ServerSideEncryption string `toml:"ServerSideEncryption,omitempty"`
ServerSideEncryptionKeyID string `toml:"ServerSideEncryptionKeyID,omitempty"`
}
type S3AuthType string
const (
S3AuthTypeAccessKey S3AuthType = "access-key"
S3AuthTypeIAM S3AuthType = "iam"
)
ssh.Config
在 runner 节点接收到任务后会通过 ssh 到以下配置的机器,通过登录去处理各个任务。
type Config struct {
User string `toml:"user,omitempty"`
Password string `toml:"password,omitempty"`
Host string `toml:"host,omitempty"`
Port string `toml:"port,omitempty"`
IdentityFile string `toml:"identity_file,omitempty"`
DisableStrictHostKeyChecking *bool `toml:"disable_strict_host_key_checking,omitempty"`
KnownHostsFile string `toml:"known_hosts_file,omitempty"`
}
DockerConfig
type DockerConfig struct {
docker.Credentials
// 生成容器自定义的主机名
Hostname string `toml:"hostname,omitempty"`
// 默认运行作业的容器镜像,可被 .gitlab-ci.yml 中的 default.image 覆盖
Image string `toml:"image"`
// TODO; 容器运行时
Runtime string `toml:"runtime,omitempty"`
// 容器内存限制,不包含swap,格式为:<number>[<unit>],单位可取:b, k, m
Memory string `toml:"memory,omitempty"`
// 容器内存限制,包含swap,格式同上
MemorySwap string `toml:"memory_swap,omitempty"`
// 容器内存软限制,格式同上
MemoryReservation string `toml:"memory_reservation,omitempty"`
// TODO; cgroups 设置
CPUSetCPUs string `toml:"cpuset_cpus,omitempty"`
// 可用cpu数量
CPUS string `toml:"cpus,omitempty"`
// TODO; 用于设置相对 CPU 使用的 CPU share 的数量,默认 1024
CPUShares int64 `toml:"cpu_shares,omitzero"`
// 容器使用的 dns 列表
DNS []string `toml:"dns,omitempty"`
// 容器 dns 搜索域名列表
DNSSearch []string `toml:"dns_search,omitempty"`
// 使容器在特权模式下运行
Privileged bool `toml:"privileged,omitzero"`
// TODO;
PrivilegedServices *bool `toml:"privileged_services,omitempty"`
// 禁用对容器的 entrypoint 做覆盖
DisableEntrypointOverwrite bool `toml:"disable_entrypoint_overwrite,omitzero"`
// 容器运行脚步的用户
User string `toml:"user,omitempty"`
// 用户命名空间重新映射
UsernsMode string `toml:"userns_mode,omitempty"`
// 向容器添加额外 Linux 能力
CapAdd []string `toml:"cap_add"`
// 向容器移除额外 Linux 能力
CapDrop []string `toml:"cap_drop"`
// 如果发生了内存溢出错误,不要在容器中结束进程
OomKillDisable bool `toml:"oom_kill_disable,omitzero"`
// 内存溢出得分调整,正数表明早些结束
OomScoreAdjust int `toml:"oom_score_adjust,omitzero"`
// TODO;
SecurityOpt []string `toml:"security_opt"`
// 与容器共享额外主机设备
Devices []string `toml:"devices"`
// TODO; 自定义设备 cgroup 规则
DeviceCgroupRules []string `toml:"device_cgroup_rules"`
// TODO;
Gpus string `toml:"gpus,omitempty" json:"gpus" long:"gpus" env:"DOCKER_GPUS" description:"Request GPUs to be used by Docker"`
// 阻止创建存储构建临时文件的容器
DisableCache bool `toml:"disable_cache,omitzero"`
// 容器挂载的卷,语法同:docker -v
Volumes []string `toml:"volumes,omitempty"`
// 容器要使用的卷驱动
VolumeDriver string `toml:"volume_driver,omitempty"`
// TODO;
VolumeDriverOps map[string]string `toml:"volume_driver_ops,omitempty"`
// 存储容器缓存的目录
CacheDir string `toml:"cache_dir,omitempty"`
// 容器环境中定义的主机
ExtraHosts []string `toml:"extra_hosts,omitempty"`
// TODO;
VolumesFrom []string `toml:"volumes_from,omitempty"`
// 添加容器至自定义网络
NetworkMode string `toml:"network_mode,omitempty"`
// 链接至其他容器
Links []string `toml:"links,omitempty"`
// TODO;
Services []Service `toml:"services,omitempty"`
// TODO;
WaitForServicesTimeout int `toml:"wait_for_services_timeout,omitzero"`
// 限制 gitlab-ci.yml 中可使用的镜像列表,默认:["*/*:*"],既允许所有
AllowedImages []string `toml:"allowed_images,omitempty"`
// 镜像拉取策略列表
AllowedPullPolicies []DockerPullPolicy `toml:"allowed_pull_policies,omitempty"`
// TODO; 限制 gitlab-ci.yml 中可使用的服务列表
AllowedServices []string `toml:"allowed_services,omitempty"`
// 镜像拉取策略:never、 if-not-present 或 always (默认)
PullPolicy StringOrArray `toml:"pull_policy,omitempty"`
// 镜像(单位为 byte)的共享内存的大小
ShmSize int64 `toml:"shm_size,omitempty"`
// TODO;
Tmpfs map[string]string `toml:"tmpfs,omitempty"`
// TODO;
ServicesTmpfs map[string]string `toml:"services_tmpfs,omitempty"`
// 自定义 sysctl
SysCtls DockerSysCtls `toml:"sysctls,omitempty"`
// 覆盖默认用于克隆仓库与上传附件的镜像
// helper 镜像里面包含 git gitlab-runner-helper 二进制文件,用于辅助用户提供的镜像
HelperImage string `toml:"helper_image,omitempty"`
// 设置 helper 镜像的类型,默认为:alpine,可取:alpine、ubuntu
HelperImageFlavor string `toml:"helper_image_flavor,omitempty"`
// 添加到 Runner 创建的每个容器的一组标记
ContainerLabels map[string]string `toml:"container_labels,omitempty"`
// 开启 ipv6
EnableIPv6 bool `toml:"enable_ipv6,omitempty"`
}
- docker.Credentials
type Credentials struct {
Host string `toml:"host,omitempty"`
CertPath string `toml:"tls_cert_path,omitempty"`
TLSVerify bool `toml:"tls_verify,omitzero"`
}
KubernetesConfig
type KubernetesConfig struct {
// k8s 控制节点地址
Host string `toml:"host"`
// k8s 连接证书认证
CertFile string `toml:"cert_file,omitempty"`
KeyFile string `toml:"key_file,omitempty"`
CAFile string `toml:"ca_file,omitempty"`
// TODO;
BearerTokenOverwriteAllowed bool `toml:"bearer_token_overwrite_allowed"`
// k8s 连接token认证
BearerToken string `toml:"bearer_token,omitempty"`
// 默认运行作业的容器镜像,可被 .gitlab-ci.yml 中的 default.image 覆盖
Image string `toml:"image"`
// 容器在 k8s 上运行的命名空间
Namespace string `toml:"namespace"`
// TODO;
NamespaceOverwriteAllowed string `toml:"namespace_overwrite_allowed"`
// 容器是否运行在特权模式
Privileged *bool `toml:"privileged,omitzero"`
// 容器使用的 runtime class
RuntimeClassName *string `toml:"runtime_class_name,omitempty"`
// 容器 security context 是否开启 allowPrivilegeEscalation
AllowPrivilegeEscalation *bool `toml:"allow_privilege_escalation,omitzero"`
// 容器 cpu 限制
CPULimit string `toml:"cpu_limit,omitempty"`
// TODO;
CPULimitOverwriteMaxAllowed string `toml:"cpu_limit_overwrite_max_allowed,omitempty"`
// 对应 k8s resources cpu
CPURequest string `toml:"cpu_request,omitempty"`
CPURequestOverwriteMaxAllowed string `toml:"cpu_request_overwrite_max_allowed,omitempty"`
// 对应 k8s resources memory
MemoryLimit string `toml:"memory_limit,omitempty"`
MemoryLimitOverwriteMaxAllowed string `toml:"memory_limit_overwrite_max_allowed,omitempty"`
MemoryRequest string `toml:"memory_request,omitempty"`
MemoryRequestOverwriteMaxAllowed string `toml:"memory_request_overwrite_max_allowed,omitempty"`
// TODO; 存储限制
EphemeralStorageLimit string `toml:"ephemeral_storage_limit,omitempty"`
EphemeralStorageLimitOverwriteMaxAllowed string `toml:"ephemeral_storage_limit_overwrite_max_allowed,omitempty"`
EphemeralStorageRequest string `toml:"ephemeral_storage_request,omitempty"`
EphemeralStorageRequestOverwriteMaxAllowed string `toml:"ephemeral_storage_request_overwrite_max_allowed,omitempty"`
// TODO;
ServiceCPULimit string `toml:"service_cpu_limit,omitempty"`
ServiceCPULimitOverwriteMaxAllowed string `toml:"service_cpu_limit_overwrite_max_allowed,omitempty"`
ServiceCPURequest string `toml:"service_cpu_request,omitempty"`
ServiceCPURequestOverwriteMaxAllowed string `toml:"service_cpu_request_overwrite_max_allowed,omitempty"`
ServiceMemoryLimit string `toml:"service_memory_limit,omitempty"`
ServiceMemoryLimitOverwriteMaxAllowed string `toml:"service_memory_limit_overwrite_max_allowed,omitempty"`
ServiceMemoryRequest string `toml:"service_memory_request,omitempty"`
ServiceMemoryRequestOverwriteMaxAllowed string `toml:"service_memory_request_overwrite_max_allowed,omitempty"`
ServiceEphemeralStorageLimit string `toml:"service_ephemeral_storage_limit,omitempty"`
ServiceEphemeralStorageLimitOverwriteMaxAllowed string `toml:"service_ephemeral_storage_limit_overwrite_max_allowed,omitempty"`
ServiceEphemeralStorageRequest string `toml:"service_ephemeral_storage_request,omitempty"`
ServiceEphemeralStorageRequestOverwriteMaxAllowed string `toml:"service_ephemeral_storage_request_overwrite_max_allowed,omitempty"`
// 对应 k8s resources cpu
HelperCPULimit string `toml:"helper_cpu_limit,omitempty"`
HelperCPULimitOverwriteMaxAllowed string `toml:"helper_cpu_limit_overwrite_max_allowed,omitempty"`
HelperCPURequest string `toml:"helper_cpu_request,omitempty"`
HelperCPURequestOverwriteMaxAllowed string `toml:"helper_cpu_request_overwrite_max_allowed,omitempty"`
HelperMemoryLimit string `toml:"helper_memory_limit,omitempty"`
HelperMemoryLimitOverwriteMaxAllowed string `toml:"helper_memory_limit_overwrite_max_allowed,omitempty"`
HelperMemoryRequest string `toml:"helper_memory_request,omitempty"`
HelperMemoryRequestOverwriteMaxAllowed string `toml:"helper_memory_request_overwrite_max_allowed,omitempty"`
HelperEphemeralStorageLimit string `toml:"helper_ephemeral_storage_limit,omitempty"`
HelperEphemeralStorageLimitOverwriteMaxAllowed string `toml:"helper_ephemeral_storage_limit_overwrite_max_allowed,omitempty"`
HelperEphemeralStorageRequest string `toml:"helper_ephemeral_storage_request,omitempty"`
HelperEphemeralStorageRequestOverwriteMaxAllowed string `toml:"helper_ephemeral_storage_request_overwrite_max_allowed,omitempty"`
// 同 docker 执行器
AllowedImages []string `toml:"allowed_images,omitempty"`
// 同 docker 执行器
AllowedPullPolicies []DockerPullPolicy `toml:"allowed_pull_policies,omitempty"`
// 同 docker 执行器
AllowedServices []string `toml:"allowed_services,omitempty"`
// 同 docker 执行器
PullPolicy StringOrArray `toml:"pull_policy,omitempty"`
// 容器运行的节点亲和性调度
NodeSelector map[string]string `toml:"node_selector,omitempty"`
NodeSelectorOverwriteAllowed string `toml:"node_selector_overwrite_allowed"`
NodeTolerations map[string]string `toml:"node_tolerations,omitempty"`
Affinity KubernetesAffinity `toml:"affinity,omitempty"`
// 镜像 pull 的密钥
ImagePullSecrets []string `toml:"image_pull_secrets,omitempty"`
// 同 docker 执行器
HelperImage string `toml:"helper_image,omitempty"`
HelperImageFlavor string `toml:"helper_image_flavor,omitempty"`
// 见 k8s terminationGracePeriodSeconds
TerminationGracePeriodSeconds *int64 `toml:"terminationGracePeriodSeconds,omitzero"`
PodTerminationGracePeriodSeconds *int64 `toml:"pod_termination_grace_period_seconds,omitzero"`
CleanupGracePeriodSeconds *int64 `toml:"cleanup_grace_period_seconds,omitzero"`
// TODO; runner poll k8s pod 的时间间隔,用于检查状态
PollInterval int `toml:"poll_interval,omitzero"`
PollTimeout int `toml:"poll_timeout,omitzero"`
// TODO;
ResourceAvailabilityCheckMaxAttempts int `toml:"resource_availability_check_max_attempts,omitzero"`
// 自定义 pod 的标签
PodLabels map[string]string `toml:"pod_labels,omitempty"`
PodLabelsOverwriteAllowed string `toml:"pod_labels_overwrite_allowed"`
// 见 k8s scheduler
SchedulerName string `toml:"scheduler_name,omitempty"`
// 见 k8s service account
ServiceAccount string `toml:"service_account,omitempty"`
ServiceAccountOverwriteAllowed string `toml:"service_account_overwrite_allowed"`
// 自定义 pod 的注解
PodAnnotations map[string]string `toml:"pod_annotations,omitempty"`
PodAnnotationsOverwriteAllowed string `toml:"pod_annotations_overwrite_allowed"`
// 自定义 pod 安全策略
PodSecurityContext KubernetesPodSecurityContext `toml:"pod_security_context,omitempty"`
InitPermissionsContainerSecurityContext KubernetesContainerSecurityContext `toml:"init_permissions_container_security_context,omitempty"`
BuildContainerSecurityContext KubernetesContainerSecurityContext `toml:"build_container_security_context,omitempty"`
HelperContainerSecurityContext KubernetesContainerSecurityContext `toml:"helper_container_security_context,omitempty"`
ServiceContainerSecurityContext KubernetesContainerSecurityContext `toml:"service_container_security_context,omitempty"`
// 见 k8s volumes
Volumes KubernetesVolumes `toml:"volumes"`
// 自定义主机 IP 地址解析
HostAliases []KubernetesHostAliases `toml:"host_aliases,omitempty"`
// 见 k8s service
Services []Service `toml:"services,omitempty"`
// 同 docker 执行器
CapAdd []string `toml:"cap_add"`
// 同 docker 执行器
CapDrop []string `toml:"cap_drop"`
// 见 k8s
DNSPolicy KubernetesDNSPolicy `toml:"dns_policy,omitempty"`
DNSConfig KubernetesDNSConfig `toml:"dns_config"`
ContainerLifecycle KubernetesContainerLifecyle `toml:"container_lifecycle,omitempty"`
PriorityClassName string `toml:"priority_class_name,omitempty"`
}
- KubernetesHostAliases
type KubernetesHostAliases struct {
IP string `toml:"ip"`
Hostnames []string `toml:"hostnames"`
}
CustomConfig
自定义执行器,更多信息可以参考官方教程:https://docs.gitlab.com/runner/executors/custom.html
type CustomConfig struct {
ConfigExec string `toml:"config_exec,omitempty"`
ConfigArgs []string `toml:"config_args,omitempty"`
ConfigExecTimeout *int `toml:"config_exec_timeout,omitempty"`
PrepareExec string `toml:"prepare_exec,omitempty"`
PrepareArgs []string `toml:"prepare_args,omitempty"`
PrepareExecTimeout *int `toml:"prepare_exec_timeout,omitempty"`
RunExec string `toml:"run_exec"`
RunArgs []string `toml:"run_args,omitempty"`
CleanupExec string `toml:"cleanup_exec,omitempty"`
CleanupArgs []string `toml:"cleanup_args,omitempty"`
CleanupExecTimeout *int `toml:"cleanup_exec_timeout,omitempty"`
GracefulKillTimeout *int `toml:"graceful_kill_timeout,omitempty"`
ForceKillTimeout *int `toml:"force_kill_timeout,omitempty"`
}
AutoscalerConfig
type AutoscalerConfig struct {
CapacityPerInstance int `toml:"capacity_per_instance,omitempty"`
MaxUseCount int `toml:"max_use_count,omitempty"`
MaxInstances int `toml:"max_instances,omitempty"`
Plugin string `toml:"plugin,omitempty"`
PluginConfig AutoscalerSettingsMap `toml:"plugin_config,omitempty"`
ConnectorConfig ConnectorConfig `toml:"connector_config,omitempty"`
Policy []AutoscalerPolicyConfig `toml:"policy,omitempty"`
InstanceOperationTimeBuckets []float64 `toml:"instance_operation_time_buckets,omitempty"`
}
最后修改 2023.05.11: refactor: 重新规范 devops 目录结构 (ccb87d0)