2025-12-31 21:19:40 -03:00
parent 07b7ee62d3
commit 8e743f6e69
14 changed files with 1611 additions and 0 deletions
							
							
							
						
@@ -0,0 +1,132 @@
# =============================================================================
# GitLab Runner Helm Chart - Executor Kubernetes
# =============================================================================
#
# Configura GitLab Runner para executar jobs como pods no Kubernetes.
# Suporta Docker-in-Docker para build de imagens.
#
# Valores dinâmicos (configurados via --set no setup.sh):
#   - gitlabUrl
#   - runnerToken (novo método) ou runnerRegistrationToken (legacy)
#
# =============================================================================
# Número máximo de jobs simultâneos
concurrent: 2
# Intervalo de check por novos jobs (segundos)
checkInterval: 30
# Intervalo de heartbeat (segundos)
heartbeatInterval: 30
# =============================================================================
# CONFIGURAÇÃO DO RUNNER
# =============================================================================
runners:
  # Executor: kubernetes (jobs rodam como pods)
  executor: kubernetes
  # Privileged mode necessário para Docker-in-Docker
  privileged: true
  # Namespace onde os jobs serão executados
  namespace: gitlab
  # Tags para identificar o runner
  tags: "kubernetes,docker,hetzner"
  # Rodar jobs sem tag também
  runUntagged: true
  # Proteger branches protegidas
  protected: false
  # Imagem padrão para jobs
  image: alpine:latest
  # Helper image (para git clone, artifacts, etc)
  helper:
    image: gitlab/gitlab-runner-helper:alpine-latest
  # Configuração TOML adicional
  config: |
    [[runners]]
      [runners.kubernetes]
        image = "alpine:latest"
        privileged = true
        # Recursos para pods de job
        cpu_request = "100m"
        cpu_limit = "500m"
        memory_request = "256Mi"
        memory_limit = "512Mi"
        # Timeout para pods
        poll_timeout = 600
        # Pull policy
        pull_policy = ["if-not-present"]
        # Volume para Docker certs (DinD)
        [[runners.kubernetes.volumes.empty_dir]]
          name = "docker-certs"
          mount_path = "/certs/client"
          medium = "Memory"
        # Volume para cache de build
        [[runners.kubernetes.volumes.empty_dir]]
          name = "build-cache"
          mount_path = "/cache"
          medium = ""
# =============================================================================
# RECURSOS DO RUNNER (manager pod)
# =============================================================================
resources:
  requests:
    memory: 128Mi
    cpu: 50m
  limits:
    memory: 256Mi
    cpu: 200m
# =============================================================================
# RBAC
# =============================================================================
rbac:
  create: true
  # Permissões para criar pods, secrets, configmaps
  rules:
    - apiGroups: [""]
      resources: ["pods", "pods/exec", "secrets", "configmaps"]
      verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
    - apiGroups: [""]
      resources: ["pods/attach", "pods/log"]
      verbs: ["get", "create"]
# =============================================================================
# SERVICE ACCOUNT
# =============================================================================
serviceAccount:
  create: true
  name: gitlab-runner
# =============================================================================
# MÉTRICAS (opcional)
# =============================================================================
metrics:
  enabled: false
# =============================================================================
# POD SECURITY
# =============================================================================
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 100
securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: false
  capabilities:
    drop: ["ALL"]