Skip to content
Snippets Groups Projects

Allow to mount arbitrary Kubernetes secrets

Merged Tomasz Maczukin requested to merge pass-additional-secrets-to-the-pod into master
All threads resolved!

What does this MR do?

Allows to configure arbitrary secrets that should be additionally mounted to Runner's Pod.

Notice: This is a configuration of Runner's Pod, not the job Pods that Runner will create!

Why was this MR needed?

Sometimes it's needed that some secret values are passed to the Pod and available to the Runner or the startup script. Especially with the preEntrypointScript feature that was added some time ago.

An example configuration may look like this:

secrets:
  - name: my-secret
  - name: myOtherSecret
    items:
      - key: key_one
        path: path_one

The volumes definition in the deployment looks then like that:

      volumes:
      - name: runner-secrets
        emptyDir:
          medium: "Memory"
      - name: etc-gitlab-runner
        emptyDir:
          medium: "Memory"
      - name: init-runner-secrets
        projected:
          sources:
            - secret:
                name: "deployment.yml-gitlab-runner"
                items:
                  - key: runner-registration-token
                    path: runner-registration-token
                  - key: runner-token
                    path: runner-token
            - secret:
                name: my-secret
            - secret:
                items:
                - key: key_one
                  path: path_one
                name: myOtherSecret

We can see the two secrets added to the init-runner-secrets definition after the deployemtn.yml-gitlab-runner one.

With this MR it will be possible to

What's the best way to test this MR?

What are the relevant issue numbers?

Edited by Tomasz Maczukin

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading