Commit c8a58c27 authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Cambia servicio dind por contenedor local 

El modo privilegiado es un requisito indispensable para gitlab-runner, y
no es posible habilitarlo desde modo swarm (añadir capacidades y
opciones de seguridad no es suficiente). Por tanto, se cambia del modelo
de servicio swarm para dind a un lanzamiento de contenedor local para
dind, en modo privilegiado. Adapta las configuraciones para esta nueva
variante.
parent 163a0877

deploy/.env

+2 −1
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ DOCKER_IMAGE=alpine:latest 
DOCKER_PRIVILEGED=true

DOCKER_OOM_KILL_DISABLE=true

DOCKER_DISABLE_CACHE=false

DOCKER_NETWORK_MODE=gitlab-net

DOCKER_SHM_SIZE=1000000000

DOCKER_MEMORY=4g

DOCKER_MEMORY_RESERVATION=1g
@@ -46,6 +45,8 @@ CONFIG_VOL_NAME=gitlab-runner-config-vol 
CONFIG_VOL_DEVICE=:/gitlab-runner-config-vol/

DIND_VOL_NAME=gitlab-runner-dind-vol

WORK_VOL_NAME=gitlab-runner-work-vol

CONFIG_DIR=/etc/gitlab-runner

WORK_DIR=/home/gitlab-runner



GITLAB_NET_NAME=gitlab-net

GITLAB_NET_DRIVER=overlay

deploy/docker-compose.gitlab-runner-registrar.tmpl.yml

+2 −2
Original line number Diff line number Diff line
@@ -46,8 +46,8 @@ services: 
    networks:

      gitlab-net:

    volumes:

      - config-vol:/etc/gitlab-runner

      - work-vol:/home/gitlab-runner

      - config-vol:${CONFIG_DIR}

      - work-vol:${WORK_DIR}

    deploy:

      mode: replicated

      replicas: ${REPLICAS:-1}

deploy/docker-compose.gitlab-runner.tmpl.yml

+23 −31
Original line number Diff line number Diff line 
version: '3.9'



services:

  gitlab-dind:

    image: docker:${DIND_IMAGE_TAG}

    command: --tls=false

    environment:

      DOCKER_TLS_CERTDIR: ""

    networks:

      gitlab-net:

    volumes:

      - dind-vol:/var/lib/docker

    cap_add:

      - SYS_ADMIN

      - NET_ADMIN

    security_opt:

      - apparmor:unconfined

    deploy:

      mode: replicated

      replicas: ${DIND_REPLICAS:-1}

      restart_policy:

        delay: ${DIND_RESTART_DELAY:-5s}

      update_config:

        delay: ${DIND_UPDATE_DELAY:-1m}

      resources:

        limits:

          cpus: '${DIND_RESOURCES_LIMITS_CPUS:-4}'

          memory: ${DIND_RESOURCES_LIMITS_MEMORY:-4G}

        reservations:

          cpus: '${DIND_RESOURCES_RESERVATIONS_CPUS:-0.001}'

          memory: ${DIND_RESOURCES_RESERVATIONS_MEMORY:-1G}



  gitlab-runner:

    image: ${IMAGE_NAME}:${IMAGE_TAG}

    entrypoint:

      - docker network create ${GITLAB_NET_NAME} || true

      - >

        docker run --rm -d

          --name gitlab-dind

          -e DOCKER_TLS_CERTDIR=""

          -v gitlab-runner-dind-vol:/var/lib/docker

          --network ${GITLAB_NET_NAME}

          --privileged

          --restart always

          --cpus ${DIND_CPUS:-4}

          --memory ${DIND_MEMORY:-4G}

          --memory-reservation ${DIND_MEMORY_RESERVATION:-1G}

          docker:${DIND_IMAGE_TAG}

          --tls=false

      - /usr/bin/dumb-init

      - /entrypoint

    command:

      - run

      - --user=gitlab-runner

      - --working-directory=${WORK_DIR}

    environment:

      CONFIG_FILE:

      DOCKER_HOST: ${RUNNER_DOCKER_HOST}
@@ -39,8 +31,8 @@ services: 
      gitlab-net:

    volumes:

      - /var/run/docker.sock:/var/run/docker.sock

      - config-vol:/etc/gitlab-runner

      - work-vol:/home/gitlab-runner

      - config-vol:${CONFIG_DIR}

      - work-vol:${WORK_DIR}

    deploy:

      mode: replicated

      replicas: ${REPLICAS:-1}