Allow to mount arbitrary Kubernetes secrets
What does this MR do?
Allows to configure arbitrary secrets that should be additionally mounted to Runner's Pod.
Notice: This is a configuration of Runner's Pod, not the job Pods that Runner will create!
Why was this MR needed?
Sometimes it's needed that some secret values are passed to the Pod and available to the Runner or the startup script. Especially with the preEntrypointScript
feature that was added some time ago.
An example configuration may look like this:
secrets:
- name: my-secret
- name: myOtherSecret
items:
- key: key_one
path: path_one
The volumes definition in the deployment looks then like that:
volumes:
- name: runner-secrets
emptyDir:
medium: "Memory"
- name: etc-gitlab-runner
emptyDir:
medium: "Memory"
- name: init-runner-secrets
projected:
sources:
- secret:
name: "deployment.yml-gitlab-runner"
items:
- key: runner-registration-token
path: runner-registration-token
- key: runner-token
path: runner-token
- secret:
name: my-secret
- secret:
items:
- key: key_one
path: path_one
name: myOtherSecret
We can see the two secrets added to the init-runner-secrets
definition after the deployemtn.yml-gitlab-runner
one.
With this MR it will be possible to
What's the best way to test this MR?
What are the relevant issue numbers?
Merge request reports
Activity
added [Deprecated] Category:Runner devopsverify grouprunner sectionops labels
mentioned in merge request !109 (closed)
- Resolved by Steve Xuereb
@steveazz Do you think you could take a look at this somewhere in next week? No rush needed
🙂
assigned to @steveazz and unassigned @tmaczukin
- Resolved by Steve Xuereb
@tmaczukin this change looks good!
However
Sometimes it's needed that some secret values are passed to the Pod and available
when is this actually needed did you face a problem with this or some customer did? I'd rather not add another config field if it's not really needed or have it "just in case"😅
assigned to @tmaczukin and unassigned @steveazz
assigned to @steveazz and unassigned @tmaczukin
changed milestone to %13.10
added featureaddition label
added typefeature label
LGTM! We should try and keep #209 in mind for the next field we add that is runner deployment-specific
🙇 Unless we decide something about gitlab-org/gitlab-runner#27546.mentioned in commit 02dabb54
mentioned in merge request !285 (merged)