Add freely configurable securityContext to deployment
What does this MR do?
Continue the work started in !309 (closed)
Why was this MR needed?
Mostly rebase the and fix conflicts so the changes can be merged in the main branch
What's the best way to test this MR?
values.yaml
image:
registry: registry.gitlab.com
image: gitlab-org/gitlab-runner
# tag: alpine-v11.6.0
imagePullPolicy: IfNotPresent
replicas: 1
gitlabUrl: https://gitlab.com/
runnerRegistrationToken: "__TOKEN__"
terminationGracePeriodSeconds: 0
concurrent: 10
checkInterval: 30
logLevel: "debug"
sessionServer:
enabled: false
# annotations: {}
# timeout: 1800
# internalPort: 8093
# externalPort: 9000
# publicIP: ""
# loadBalancerSourceRanges:
# - 1.2.3.4/32
## For RBAC support:
rbac:
create: true
rules: []
clusterWideAccess: false
serviceAccountAnnotations: {}
podSecurityPolicy:
enabled: false
resourceNames:
- gitlab-runner
metrics:
enabled: true
portName: metrics
port: 9252
serviceMonitor:
enabled: false
service:
enabled: false
type: ClusterIP
runners:
config: |
[[runners]]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "alpine"
cache: {}
builds: {}
services: {}
helpers: {}
pod_security_context:
run_as_non_root: true
run_as_user: 100
run_as_group: 100
fs_group: 65533
supplemental_groups: [101, 102]
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
privileged: false
capabilities:
drop: ["ALL"]
podSecurityContext:
runAsUser: 100
# runAsGroup: 65533
fsGroup: 65533
# supplementalGroups: [65533]
## Note: values for the ubuntu image:
# runAsUser: 999
# fsGroup: 999
resources: {}
affinity: {}
nodeSelector: {}
tolerations: []
hostAliases: []
podAnnotations: {}
podLabels: {}
secrets: []
configMaps: {}
volumeMounts: []
volumes: []- Install the chart
helm install -f values.yaml gitlab-runner .- Run a job
- The job should run as expected
- Delete the chart
helm delete gitlab-runnerWhat are the relevant issue numbers?
close #305 (closed)
Edited by Romuald Atchadé