Adding custom executable to helper image and accessing secret variables from Kubernetes runner
I'm trying to add a custom executable binary to our gitlab helper image that would setup credentials for users. The idea for this binary is to read Gitlab CI secret variables and use those for authentication and then write the resulting credentials file which could be used in the pipeline. I'd like to get some input on this approach and know if there are alternatives available. I have a couple questions about how I am currently attempting to implement this:
1. Executing my binary in the helper image.
The Kubernetes pod manifest for the runner build pod has this command
for the helper container: if [ -x /usr/local/bin/bash ]; then\n\texec /usr/local/bin/bash \nelif [ -x /usr/bin/bash ]; then\n\texec /usr/bin/bash \nelif [ -x /bin/bash ]; then\n\texec /bin/bash \nelif [ -x /usr/local/bin/sh ]; then\n\texec /usr/local/bin/sh \nelif [ -x /usr/bin/sh ]; then\n\texec /usr/bin/sh \nelif [ -x /bin/sh ]; then\n\texec /bin/sh \nelif [ -x /busybox/sh ]; then\n\texec /busybox/sh \nelse\n\techo shell not found\n\texit 1\nfi\n\n
.
To get my binary executing I've added a script to my helper image: /usr/local/bin/bash
. In this script it executes my binary and the last line has exec /bin/bash
. For example:
#!/bin/bash
nohup /path/to/my/binary
exec /bin/bash
This seems to work but I'm unsure if there are other issues this method could cause. Is there a config option that would allow me to specify a command for the container?
2. Accessing Gitlab CI secret variables from the helper container.
When I'm executing my binary, I don't have access to the secret variables. It seems I can only access them by invoking them from the script
section of a gitlab-ci.yml
. Are there any other ways of getting access to these variables from inside the helper container?
I'd like to make this process as seamless possible for users of our gitlab runner but right now I can't see a clear solution. Thoughts or suggestions of how I can accomplish this?