Gitlab里面的runner，gitlab的CI/CD自动化，都是由gitlab下发指令，依靠runner这个组件去执行的，我们这里也是把runner运行在k8s上面。

runner按字面意思就是奔跑者的意思，它在整个自动化流程里面的角色也相当于一个外卖小哥，它接收gitlab下发的自动化指令，来去做相应的操作，从而实现整个CI/CD的效果。

创建目录

mkdir -pv /nfs_dir/{gitlab-runner1-ver130806-docker,gitlab-runner2-ver130806-share}

gitlab-runner.yaml

# pv
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: gitlab-runner1-ver130806-docker
  labels:
    type: gitlab-runner1-ver130806-docker
spec:
  capacity:
    storage: 0.1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /nfs_dir/gitlab-runner1-ver130806-docker
    server: ‘IP地址’

# pvc
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: gitlab-runner1-ver130806-docker
  namespace: gitlab-ver130806
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 0.1Gi
  storageClassName: nfs
  selector:
    matchLabels:
      type: gitlab-runner1-ver130806-docker

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-runner1-ver130806-docker
  namespace: gitlab-ver130806
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab-runner1-ver130806-docker
  template:
    metadata:
      labels:
        name: gitlab-runner1-ver130806-docker
    spec:
      hostAliases:
      - ip: "ClusterIP"
        hostnames:
        - "git.test.com"
      serviceAccountName: gitlab
      containers:
      - args:
        - run
        image: gitlab/gitlab-runner:v13.10.0
        name: gitlab-runner1-ver130806-docker
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
        - mountPath: /etc/ssl/certs
          name: cacerts
          readOnly: true
      restartPolicy: Always
      volumes:
      - persistentVolumeClaim:
          claimName: gitlab-runner1-ver130806-docker
        name: config
      - hostPath:
          path: /usr/share/ca-certificates/mozilla
        name: cacerts

进入runner-pod里面配置

26b8d84451320eedcee068dd815a317.png

image.png

2c6b29a94786505907031ece93ed0f6.png

vim /nfs_dir/gitlab-runner1-ver130806-docker/config.toml
concurrent = 30
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "gitlab-runner1-ver130806-docker"
  url = "http://git.test.com"
  token = "xxxxxxxxxxxxxxxxxxxxxx"
  executor = "kubernetes"
  [runners.kubernetes]
    namespace = "gitlab-ver130806"
    image = "docker:stable"
    helper_image = "gitlab/gitlab-runner-helper:x86_64-9fc34d48-pwsh"
    privileged = true
    [[runners.kubernetes.volumes.pvc]]
      name = "gitlab-runner1-ver130806-docker"
      mount_path = "/mnt"

gitlab-share.yaml

# pv
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: gitlab-runner2-ver130806-share
  labels:
    type: gitlab-runner2-ver130806-share
spec:
  capacity:
    storage: 0.1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /nfs_dir/gitlab-runner2-ver130806-share
    server: 10.0.1.201

# pvc
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: gitlab-runner2-ver130806-share
  namespace: gitlab-ver130806
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 0.1Gi
  storageClassName: nfs
  selector:
    matchLabels:
      type: gitlab-runner2-ver130806-share

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab-runner2-ver130806-share
  namespace: gitlab-ver130806
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab-runner2-ver130806-share
  template:
    metadata:
      labels:
        name: gitlab-runner2-ver130806-share
    spec:
      hostAliases:
      - ip: "ClusterIP"
        hostnames:
        - "git.test.com"
      serviceAccountName: gitlab
      containers:
      - args:
        - run
        image: gitlab/gitlab-runner:v13.10.0
        name: gitlab-runner2-ver130806-share
        volumeMounts:
        - mountPath: /etc/gitlab-runner
          name: config
        - mountPath: /etc/ssl/certs
          name: cacerts
          readOnly: true
      restartPolicy: Always
      volumes:
      - persistentVolumeClaim:
          claimName: gitlab-runner2-ver130806-share
        name: config
      - hostPath:
          path: /usr/share/ca-certificates/mozilla
        name: cacerts

# 进入K8S集群的share pod里，运行gitlab-ci-multi-runner register
# 打开Gitlab页面编辑勾选必要的条件
                   Active  √ Paused Runners don't accept new jobs
                Protected     This runner will only run on pipelines triggered on protected branches
        Run untagged jobs  √ Indicates whether this runner can pick jobs without tags
 Lock to current projects     When a runner is locked, it cannot be assigned to other projects

vim /nfs_dir/gitlab-runner2-ver130806-share/config.toml
concurrent = 30
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "gitlab-runner2-ver130806-share"
  url = "http://git.test.com"
  token = "xxxxxxxxxxxxxxxx"
  executor = "kubernetes"
  [runners.kubernetes]
    namespace = "gitlab-ver130806"
    image = "registry.cn-beijing.aliyuncs.com/acs/busybox/busybox:v1.29.2"
    helper_image = "gitlab/gitlab-runner-helper:x86_64-9fc34d48-pwsh"
    privileged = false
    [[runners.kubernetes.volumes.pvc]]
      name = "gitlab-runner2-v1230-share"
      mount_path = "/mnt"