Skip to content

Allow to mount arbitrary Kubernetes secrets

Tomasz Maczukin requested to merge pass-additional-secrets-to-the-pod into master

What does this MR do?

Allows to configure arbitrary secrets that should be additionally mounted to Runner's Pod.

Notice: This is a configuration of Runner's Pod, not the job Pods that Runner will create!

Why was this MR needed?

Sometimes it's needed that some secret values are passed to the Pod and available to the Runner or the startup script. Especially with the preEntrypointScript feature that was added some time ago.

An example configuration may look like this:

secrets:
  - name: my-secret
  - name: myOtherSecret
    items:
      - key: key_one
        path: path_one

The volumes definition in the deployment looks then like that:

      volumes:
      - name: runner-secrets
        emptyDir:
          medium: "Memory"
      - name: etc-gitlab-runner
        emptyDir:
          medium: "Memory"
      - name: init-runner-secrets
        projected:
          sources:
            - secret:
                name: "deployment.yml-gitlab-runner"
                items:
                  - key: runner-registration-token
                    path: runner-registration-token
                  - key: runner-token
                    path: runner-token
            - secret:
                name: my-secret
            - secret:
                items:
                - key: key_one
                  path: path_one
                name: myOtherSecret

We can see the two secrets added to the init-runner-secrets definition after the deployemtn.yml-gitlab-runner one.

With this MR it will be possible to

What's the best way to test this MR?

What are the relevant issue numbers?

Edited by Tomasz Maczukin

Merge request reports