workshop/aula-11/gitlab-runner-values.yaml

# =============================================================================
# GitLab Runner Helm Chart - Executor Kubernetes
# =============================================================================
#
# Configura GitLab Runner para executar jobs como pods no Kubernetes.
# Suporta Docker-in-Docker para build de imagens.
#
# Valores dinâmicos (configurados via --set no setup.sh):
#   - gitlabUrl
#   - runnerToken (novo método) ou runnerRegistrationToken (legacy)
#
# =============================================================================

# Número máximo de jobs simultâneos
concurrent: 2

# Intervalo de check por novos jobs (segundos)
checkInterval: 30

# Intervalo de heartbeat (segundos)
heartbeatInterval: 30

# =============================================================================
# CONFIGURAÇÃO DO RUNNER
# =============================================================================
runners:
  # Executor: kubernetes (jobs rodam como pods)
  executor: kubernetes

  # Privileged mode necessário para Docker-in-Docker
  privileged: true

  # Namespace onde os jobs serão executados
  namespace: gitlab

  # Tags para identificar o runner
  tags: "kubernetes,docker,hetzner"

  # Rodar jobs sem tag também
  runUntagged: true

  # Proteger branches protegidas
  protected: false

  # Imagem padrão para jobs
  image: alpine:latest

  # Helper image (para git clone, artifacts, etc)
  helper:
    image: gitlab/gitlab-runner-helper:alpine-latest

  # Configuração TOML adicional
  config: |
    [[runners]]
      [runners.kubernetes]
        image = "alpine:latest"
        privileged = true

        # Recursos para pods de job
        cpu_request = "100m"
        cpu_limit = "500m"
        memory_request = "256Mi"
        memory_limit = "512Mi"

        # Timeout para pods
        poll_timeout = 600

        # Pull policy
        pull_policy = ["if-not-present"]

        # Volume para Docker certs (DinD)
        [[runners.kubernetes.volumes.empty_dir]]
          name = "docker-certs"
          mount_path = "/certs/client"
          medium = "Memory"

        # Volume para cache de build
        [[runners.kubernetes.volumes.empty_dir]]
          name = "build-cache"
          mount_path = "/cache"
          medium = ""

# =============================================================================
# RECURSOS DO RUNNER (manager pod)
# =============================================================================
resources:
  requests:
    memory: 128Mi
    cpu: 50m
  limits:
    memory: 256Mi
    cpu: 200m

# =============================================================================
# RBAC
# =============================================================================
rbac:
  create: true
  # Permissões para criar pods, secrets, configmaps
  rules:
    - apiGroups: [""]
      resources: ["pods", "pods/exec", "secrets", "configmaps"]
      verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
    - apiGroups: [""]
      resources: ["pods/attach", "pods/log"]
      verbs: ["get", "create"]

# =============================================================================
# SERVICE ACCOUNT
# =============================================================================
serviceAccount:
  create: true
  name: gitlab-runner

# =============================================================================
# MÉTRICAS (opcional)
# =============================================================================
metrics:
  enabled: false

# =============================================================================
# POD SECURITY
# =============================================================================
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 100

securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: false
  capabilities:
    drop: ["ALL"]