d380cd8585
- Aula 10: Gitea + Registry + Actions + Runner (substituiu GitLab) - gitea-values.yaml: PostgreSQL standalone, Valkey standalone, ~800Mi RAM - setup.sh/cleanup.sh: namespace gitea, Helm gitea-charts/gitea + actions - README.md: documentação completa com de→para (GitLab/Harbor/Tekton vs Gitea) - Aula 11: ArgoCD (GitOps) — removido GitLab Runner (runner vive na aula-10) - setup.sh: só ArgoCD, integração SSH com Gitea - node-bugado/.gitea/workflows/ci.yml: pipeline convertida - Aula 13: Container Factory — atualizado para Gitea - setup.sh/cleanup.sh: referências GitLab → Gitea - pipelines/postgresql/ci.yml: Gitea Actions workflow - README.md: conexão com act_runner explicada - CLAUDE.md: tabela de aulas atualizada
149 lines
4.4 KiB
YAML
149 lines
4.4 KiB
YAML
# =============================================================================
|
|
# GitLab Runner Helm Chart - Executor Kubernetes
|
|
# =============================================================================
|
|
#
|
|
# Configura GitLab Runner para executar jobs como pods no Kubernetes.
|
|
# Suporta Docker-in-Docker para build de imagens.
|
|
#
|
|
# Valores dinâmicos (configurados via --set no setup.sh):
|
|
# - gitlabUrl
|
|
# - runnerToken (novo método) ou runnerRegistrationToken (legacy)
|
|
#
|
|
# =============================================================================
|
|
|
|
# Número máximo de jobs simultâneos
|
|
concurrent: 2
|
|
|
|
# Intervalo de check por novos jobs (segundos)
|
|
checkInterval: 30
|
|
|
|
# Intervalo de heartbeat (segundos)
|
|
heartbeatInterval: 30
|
|
|
|
# =============================================================================
|
|
# CONFIGURAÇÃO DO RUNNER
|
|
# =============================================================================
|
|
runners:
|
|
# Executor: kubernetes (jobs rodam como pods)
|
|
executor: kubernetes
|
|
|
|
# Privileged mode necessário para Docker-in-Docker
|
|
privileged: true
|
|
|
|
# Namespace onde os jobs serão executados
|
|
namespace: gitlab
|
|
|
|
# Tags para identificar o runner
|
|
tags: "kubernetes,docker,hetzner"
|
|
|
|
# Rodar jobs sem tag também
|
|
runUntagged: true
|
|
|
|
# Proteger branches protegidas
|
|
protected: false
|
|
|
|
# Imagem padrão para jobs
|
|
image: alpine:latest
|
|
|
|
# Helper image (para git clone, artifacts, etc)
|
|
helper:
|
|
image: gitlab/gitlab-runner-helper:alpine-latest
|
|
|
|
# Configuração TOML adicional
|
|
config: |
|
|
[[runners]]
|
|
[runners.kubernetes]
|
|
image = "alpine:latest"
|
|
privileged = true
|
|
|
|
# IMPORTANTE: Helper image para ARM64 (Hetzner CAX nodes)
|
|
# Sem isso, o runner tenta usar x86_64 e falha
|
|
helper_image = "gitlab/gitlab-runner-helper:arm64-latest"
|
|
|
|
# Recursos para pods de job (aumentados para builds Docker)
|
|
# CAX31 tem 8 vCPU e 16GB - aproveitar para builds rápidos
|
|
cpu_request = "500m"
|
|
cpu_limit = "4000m"
|
|
memory_request = "1Gi"
|
|
memory_limit = "8Gi"
|
|
|
|
# Timeout para pods
|
|
poll_timeout = 600
|
|
|
|
# Pull policy
|
|
pull_policy = ["if-not-present"]
|
|
|
|
# Node selector para usar o build-pool (CAX31)
|
|
[runners.kubernetes.node_selector]
|
|
"node-pool" = "build"
|
|
|
|
# Toleration para o taint do build-pool
|
|
[[runners.kubernetes.node_tolerations]]
|
|
key = "dedicated"
|
|
operator = "Equal"
|
|
value = "builds"
|
|
effect = "NoSchedule"
|
|
|
|
# Volume para Docker certs (DinD)
|
|
[[runners.kubernetes.volumes.empty_dir]]
|
|
name = "docker-certs"
|
|
mount_path = "/certs/client"
|
|
medium = "Memory"
|
|
|
|
# Volume para cache de build
|
|
[[runners.kubernetes.volumes.empty_dir]]
|
|
name = "build-cache"
|
|
mount_path = "/cache"
|
|
medium = ""
|
|
|
|
# =============================================================================
|
|
# RECURSOS DO RUNNER (manager pod)
|
|
# =============================================================================
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
|
|
# =============================================================================
|
|
# RBAC
|
|
# =============================================================================
|
|
rbac:
|
|
create: true
|
|
# Permissões para criar pods, secrets, configmaps
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/exec", "secrets", "configmaps"]
|
|
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/attach", "pods/log"]
|
|
verbs: ["get", "create"]
|
|
|
|
# =============================================================================
|
|
# SERVICE ACCOUNT
|
|
# =============================================================================
|
|
serviceAccount:
|
|
create: true
|
|
name: gitlab-runner
|
|
|
|
# =============================================================================
|
|
# MÉTRICAS (opcional)
|
|
# =============================================================================
|
|
metrics:
|
|
enabled: false
|
|
|
|
# =============================================================================
|
|
# POD SECURITY
|
|
# =============================================================================
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 100
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
drop: ["ALL"]
|