Commit f76c5cec authored by Edmund Ochieng's avatar Edmund Ochieng

expose adding Custom CA certs

parent 54f778cc
......@@ -63,6 +63,10 @@ type RunnerSpec struct {
// Path defines the Runner Cache path
CachePath string `json:"cachePath,omitempty"`
// Name of tls secret containing the custom certificate
// authority (CA) certificates
CertificateAuthority string `json:"ca,omitempty"`
// Enable sharing of cache between Runners
CacheShared bool `json:"cacheShared,omitempty"`
......
......@@ -47,6 +47,9 @@ spec:
buildImage:
description: The name of the default image to use to run build jobs, when none is specified
type: string
ca:
description: Name of tls secret containing the custom certificate authority (CA) certificates
type: string
cachePath:
description: Path defines the Runner Cache path
type: string
......@@ -70,13 +73,11 @@ spec:
description: Name of the bucket in which the cache will be stored
type: string
credentials:
description: contains the GCS accessID and privateKey
description: contains the GCS 'access-id' and 'private-key'
type: string
credentialsFile:
description: Takes GCS credentials file, 'keys.json'
type: string
required:
- credentialsFile
type: object
gitlab:
description: gitlab specifies the GitLab instance the GitLab Runner will register against
......@@ -102,7 +103,7 @@ spec:
description: Name of the bucket in which the cache will be stored
type: string
credentials:
description: Credentials is the name of the secret containing the 'accesskey' and 'secretkey' used to access the object storage
description: Name of the secret containing the 'accesskey' and 'secretkey' used to access the object storage
type: string
insecure:
description: Use insecure connections or HTTP
......
......@@ -58,6 +58,10 @@ spec:
description: The name of the default image to use to run build jobs,
when none is specified
type: string
ca:
description: Name of tls secret containing the custom certificate authority
(CA) certificates
type: string
cachePath:
description: Path defines the Runner Cache path
type: string
......
......@@ -47,6 +47,9 @@ spec:
buildImage:
description: The name of the default image to use to run build jobs, when none is specified
type: string
ca:
description: Name of tls secret containing the custom certificate authority (CA) certificates
type: string
cachePath:
description: Path defines the Runner Cache path
type: string
......@@ -70,13 +73,11 @@ spec:
description: Name of the bucket in which the cache will be stored
type: string
credentials:
description: contains the GCS accessID and privateKey
description: contains the GCS 'access-id' and 'private-key'
type: string
credentialsFile:
description: Takes GCS credentials file, 'keys.json'
type: string
required:
- credentialsFile
type: object
gitlab:
description: gitlab specifies the GitLab instance the GitLab Runner will register against
......@@ -102,7 +103,7 @@ spec:
description: Name of the bucket in which the cache will be stored
type: string
credentials:
description: Credentials is the name of the secret containing the 'accesskey' and 'secretkey' used to access the object storage
description: Name of the secret containing the 'accesskey' and 'secretkey' used to access the object storage
type: string
insecure:
description: Use insecure connections or HTTP
......
......@@ -194,6 +194,10 @@ func runnerSecretsVolume(cr *gitlabv1beta1.Runner) []corev1.VolumeProjection {
secrets = append(secrets, gcsCredentialsSecretProjection(cr))
}
if cr.Spec.CertificateAuthority != "" {
secrets = append(secrets, getCertificateAuthoritySecretProjection(cr))
}
return secrets
}
......@@ -251,6 +255,22 @@ func gcsCredentialsSecretProjection(cr *gitlabv1beta1.Runner) corev1.VolumeProje
}
}
func getCertificateAuthoritySecretProjection(cr *gitlabv1beta1.Runner) corev1.VolumeProjection {
return corev1.VolumeProjection{
Secret: &corev1.SecretProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: cr.Spec.CertificateAuthority,
},
Items: []corev1.KeyToPath{
{
Key: "tls.crt",
Path: "hostname.crt",
},
},
},
}
}
// isCacheS3 checks if the GitLab Runner Cache is of type S3
func isCacheS3(cr *gitlabv1beta1.Runner) bool {
return cr.Spec.S3 != nil && cr.Spec.S3.Credentials != ""
......
#!/bin/bash
set -e
mkdir -p ~/.gitlab-runner/
mkdir -p ~/.gitlab-runner/certs
cp /scripts/config.toml ~/.gitlab-runner/
# Add custom CA certificate if available
if [[ -f /secrets/custom-ca.crt ]]
then
cp /secrets/hostname.crt ~/.gitlab-runner/certs/
fi
# Register the runner
if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then
export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment