Running Agent in Kubernetes

---

Attention!

• Kubernetes installation is available starting from agent version 3.5.2!
• Supported Kubernetes versions: 1.28, 1.29, 1.30
• The agent may contain bugs or inaccuracies!
• Please report any bugs or suggestions to support@gitflic.ru

Information

• You'll need to install kubectl
• You'll need to install helm
• You'll need to create a Cluster Role and Namespace once per cluster where you want to use GitFlic Runner agents
• When using private image repositories, you'll need to create a Secret of type kubernetes.io/dockerconfigjson

Cluster Preparation

• Create gitflic-runner namespace, role for full namespace access, and cluster role for listing namespaces. Copy the content from the spoiler to static.yaml and apply it:

  static.yaml

  apiVersion: v1  
  kind: Namespace  
  metadata:  
    name: gitflic-runner  
    labels:  
      name: gitflic-runner  
  ---  
  apiVersion: rbac.authorization.k8s.io/v1  
  kind: Role  
  metadata:  
    namespace: gitflic-runner  
    name: manager-role  
  rules:  
    - apiGroups: ["*"]  
      resources: ["*"]  
      verbs: ["*"]  
  ---  
  apiVersion: rbac.authorization.k8s.io/v1  
  kind: ClusterRole  
  metadata:  
      name: gitflic-runner-read-only  
  rules:  
    - apiGroups: [""]  
      resources: ["namespaces"]  
      verbs: ["get", "list"]  
  

  kubectl apply -f static.yaml  
  

• To work with private image repositories, add kubernetes.imagePullSecret parameter to the agent configuration in the additional block.
  This parameter accepts a string value - the name of the Secret object in the cluster that will be used for authentication.

  Creating Cluster Secret

  For single registry:
  

  kubectl create secret docker-registry my-registry-secret \  
      --namespace=gitflic-runner \  
      --docker-email=my-email@example.com \  
      --docker-username=my-username \  
      --docker-password=my-password \  
      --docker-server=registry.gitflic.ru  
  

  For multiple registries, first create a config.json file:
  

  {  
      "auths": {  
          "registry1.example.com": {  
              "username": "user1",  
              "password": "password1",  
              "auth": "dXNlcjE6cGFzc3dvcmQx"  
          },  
          "registry2.example.com": {  
              "username": "user2",  
              "password": "password2",  
              "auth": "dXNlcjI6cGFzc3dvcmQy"  
          }  
      }  
  }  
  

  "auth" value is "username:password" in base64

  Then run:
  

  kubectl create secret generic my-multi-registry-secret \  
      --namespace=gitflic-runner \  
      --from-file=.dockerconfigjson=config.json \  
      --type=kubernetes.io/dockerconfigjson  
  

  The created Secret name (either my-registry-secret or my-multi-registry-secret) should be used in kubernetes.imagePullSecret parameter.

  If the specified Secret is missing, pod events will show errors like:
  

  Unable to retrieve some image pull secrets (%kubernetes.imagePullSecret%); attempting to pull the image may not succeed  
  Failed to pull image "registry.gitflic.ru/project/{username}/my-project/bash": Error response from daemon: unauthorized: This transport access gitflic token doesn't exist  
  

GitFlic Runner Agent Installation

1. Create values.yaml file with required information:

   values.yaml

   image:  
       tag: <gitflic server version>  
   
   registerUrl:  <Agent registration URL>  
   registerToken: <Agent registration token>  
   

   Complete list of available settings and defaults

   # Cluster role name created in step 1  
   clusterRoleName: gitflic-runner-read-only  
   # Namespace role name created in step 1  
   roleRefName: manager-role  
   # Number of agent replicas to deploy  
   replicaCount: 1  
   # Job volume size created during pipeline execution  
   # Set to "Maximum repo size + artifacts size + 20%"  
   jobVolumeSize: 4Gi  
   # Run scripts in single context  
   inSession: true  
   # Image overrides  
   image:  
       # Agent image repository  
       repository: registry.gitflic.ru/company/gitflic/runner  
       # Image tag  
       tag: latest  
       # Image pull policy  
       pullPolicy: IfNotPresent  
   
   # Additional application settings  
   config:  
       # Create application.properties file (Beta)  
       static: null  
       # Custom helper image source  
       helper: null  
       # Additional agent settings  
       additional: |  
   
         # Timeout in seconds for helper & job containers startup  
         kubernetes.volumes.pollTimeout=3600  
         # Namespace for pipeline execution  
         kubernetes.namespace=my-custom-namespace  
   
   # Security context  
   securityContext:  
       privileged: true  
   
   # Agent registration URL  
   registerUrl:  ""  
   # Agent registration token  
   registerToken: ""  
   # Agent name for registration  
   registerName: ""  
   # Agent tags for registration  
   registerTags: ""  
   

2. Install helm chart

   Use one of these commands based on your OS:

   LinuxMacOS (via Homebrew)Windows (via Chocolatey)

   curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash  
   

   brew install helm  
   

   choco install kubernetes-helm  
   

3. Install gitflic agent

   helm install <release-name> oci://registry.gitflic.ru/helm/company/gitflic/gitflic-runner-chart -f values.yaml  
   

Automatic Translation!

This page has been translated using automated tools. The text may contain inaccuracies.