Running GitLab Runners on Kubernetes

Renjith Ravindranathan
2 min readApr 27, 2024

--

Image courtesy — Gitlab

In this short article, we will explore how we can run Gitlab runners on Kubernetes using GitLab official helm charts with a bit of customization. GitLab Runners are integral components of GitLab’s Continuous Integration/Continuous Deployment (CI/CD) infrastructure, responsible for executing the defined tasks and workflows outlined in .gitlab-ci.ymlconfiguration files. Now let's look at how to add one to your Kubernetes cluster.

Pre-requisites

  • Kubernetes Cluster
  • Helm CLI

Setup

  1. The first step is to add the helm charts via helm cli
# Add Chart
helm repo add gitlab https://charts.gitlab.io
helm repo update

2. To register a Gitlab Runner with your GitLab Instance, it needs a registration token, which can be created from the below URL. Please note that I am using GitLab.com instance and all my projects are under a particular group. Don't forget to copy the registration token after the creation :)

https://gitlab.com/groups/<groupname>/-/runners

GitLab Runner Registration

3. Install the chart specifying the registration token, version, and values file

helm install --namespace gitlab-runner --create-namespace --set runnerRegistrationToken=<replacewithyourtoken>  gitlab-runner gitlab/gitlab-runner --version v0.63.0  --values values.yaml

values.yaml

gitlabUrl: https://gitlab.com/

imagePullPolicy: IfNotPresent
concurrent: 4

imagePullSecrets:
- name: harbor-pull-secret

replicas: 5

rbac:
create: true
serviceAccountName: default

runners:
config: |
[[runners]]
name = "gitlab-runner"
executor="kubernetes"
environment = [
"FF_KUBERNETES_HONOR_ENTRYPOINT=false",
"FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY=true",
]
[runners.kubernetes]
poll_timeout = 2000
node_selector_overwrite_allowed = ".*"
helper_image = "gitlab/gitlab-runner-helper:arm64-v16.10.0"
image_pull_secrets=["harbor-pull-secret"]

unregisterRunners: true

securityContext:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
runAsNonRoot: true
privileged: true
capabilities:
drop: ["ALL"]

4. The above value file has been used to deploy the chart on the arm64 Kubernetes nodes cluster and that is the reason the helper image used is with arm64 tag. The imagePullSecrets contains the name of the secret that the .dockerconfigjson, will be used to pull images from the external container registry. You may create one, by reading the steps here

That’s all for now. Thanks for reading and feedback is always welcome. Until next time.

In case of any queries, please feel free to connect with me via the below social links

References

--

--

Renjith Ravindranathan

A DevOps engineer by profession, Dad, Traveler & sometimes, like to tweak around stuff inside memory constrained devices. Currently living in the Netherlands.