coop-cloud/gitlab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

block out files for using socket proxy instead of dind

Browse Source
This commit is contained in:
Brooke
2025-11-05 13:44:39 -05:00
parent 4dfd52e234
commit 0d4fccf5f8
5 changed files with 86 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.env.sample
View File

@ -22,8 +22,18 @@ SECRET_REGISTRATION_TOKEN_VERSION=v1
SSO=false SSO=false
## Authentik Configuration ## Authentik Configuration
# SSO=true # SSO=true
# ORG_NAME="My Organization" # ORG_NAME="My Organization"
# SSO_PROVIDER_URL="https://authentik.mydomain.com/application/o/gitlab/" # SSO_PROVIDER_URL="https://authentik.mydomain.com/application/o/gitlab/"
# SSO_PROVIDER_ID="your authentik Client ID" # SSO_PROVIDER_ID="your authentik Client ID"
# SECRET_SSO_PROVIDER_SECRET_VERSION=v1 # SECRET_SSO_PROVIDER_SECRET_VERSION=v1
## Runner Configuration
RUNNER_TIMEOUT=30
# Number of seconds until the forceful shutdown operation times out and exits the process.
RUNNER_CONCURENCY=5
# Limits how many jobs can run concurrently, across all registered runners.

8
abra.sh
View File

@ -1,6 +1,8 @@
#!/bin/bash #!/bin/bash
GITLAB_CONF_VERSION=v1 GITLAB_CONF_VERSION=v1
ENTRYPOINT_VERSION=v1 ENTRYPOINT_VERSION=v1
RUNNER_ENTRYPOINT_VERSION=v1
RUNNER_CONF_VERSION=v1
run_rails_command() { run_rails_command() {
su -p root -s /bin/sh -c "gitlab-rails runner '$@'" su -p root -s /bin/sh -c "gitlab-rails runner '$@'"
@ -28,4 +30,10 @@ disable_signups() {
enable_signups () { enable_signups () {
run_rails_command 'Gitlab::CurrentSettings.update!(signup_enabled: true)' run_rails_command 'Gitlab::CurrentSettings.update!(signup_enabled: true)'
reconfigure reconfigure
}
register_runner() {
RUNNER_TOKEN="$1"
gitlab-runner register --non-interactive --url "https://$CI_SERVER_URL" --token "$RUNNER_TOKEN" --executor "docker"
} }

90
compose.runner.yml
View File

@ -2,55 +2,67 @@
version: "3.8" version: "3.8"
services: services:
dind:
image: docker:20-dind
privileged: true
environment:
DOCKER_TLS_CERTDIR: ""
command:
- --storage-driver=overlay2
networks:
- internal
deploy:
restart_policy:
condition: on-failure
runner: runner:
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
depends_on: depends_on:
- dind - dind
environment: environment:
- DOCKER_HOST=tcp://dind:2375 - CI_SERVER_URL=${DOMAIN}
- DOCKER_HOST=tcp://socket-proxy:2375
- RUNNER_TIMEOUT
- RUNNER_CONCURENCY
configs:
- source: runner_conf
target: /etc/gitlab-runner/config.toml
- source: entrypoint
target: /custom-entrypoint.sh
mode: 0555
volumes: volumes:
- 'runnner_config:/etc/gitlab-runner' - "runnner_config:/etc/gitlab-runner"
networks: networks:
- internal - internal
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
entrypoint: /custom-entrypoint.sh
register-runner: socket-proxy:
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine image: lscr.io/linuxserver/socket-proxy:3.2.6
depends_on:
- dind
environment: environment:
- CI_SERVER_URL=${DOMAIN} - PROXY_READ_TIMEOUT=5000
- REGISTRATION_TOKEN_file=/run/secrets/registration_token - ALLOW_START=1
command: - ALLOW_STOP=1
- register - ALLOW_RESTARTS=1
- --non-interactive - AUTH=1
- --locked=false - BUILD=1
- --name=${RUNNER_NAME} - COMMIT=1
- --executor=docker - CONFIGS=1
- --docker-image=docker:20-dind - CONTAINERS=1
- --docker-volumes=/var/run/docker.sock:/var/run/docker.sock - DISABLE_IPV6=0
- DISTRIBUTION=0
- EVENTS=1
- EXEC=1
- IMAGES=1
- INFO=1
- NETWORKS=1
- NODES=1
- PING=1
- POST=1
- PLUGINS=1
- SECRETS=1
- SERVICES=1
- SESSION=1
- SWARM=1
- SYSTEM=1
- TASKS=1
- VERSION=1
- VOLUMES=1
volumes: volumes:
- 'runnner_config:/etc/gitlab-runner' - /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- internal - internal
deploy: ports:
restart_policy: - "2375:2375"
condition: none
volumes: volumes:
runnner_config: runnner_config:
@ -58,4 +70,14 @@ volumes:
secrets: secrets:
registration_token: registration_token:
name: ${STACK_NAME}_registration_token_${SECRET_REGISTRATION_TOKEN_VERSION} name: ${STACK_NAME}_registration_token_${SECRET_REGISTRATION_TOKEN_VERSION}
external: true external: true
configs:
runner_conf:
name: ${STACK_NAME}_runner_config_${RUNNER_CONF_VERSION}
file: runner-config.toml.tmpl
template_driver: golang
entrypoint:
name: ${STACK_NAME}_runner_entrypoint_${RUNNER_ENTRYPOINT_VERSION}
file: runner-entrypoint.sh.tmpl
template_driver: golang

2
runner-config.toml.tmpl Normal file
View File

@ -0,0 +1,2 @@
concurrent = {{ env RUNNER_CONCURENCY }}
shutdown_timeout = {{ env RUNNER_TIMEOUT }}

9
runner-entrypoint.sh.tmpl Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
set -e
while [ ! -s /some/file ]
do
echo "The runner was not registered yet. Next try in 5 seconds."
sleep 5
done