GitLab运行程序kubernetes executor需要什么kubernetes权限?
我已经在kubernetes集群的名称空间GitLab运行程序kubernetes executor需要什么kubernetes权限?,kubernetes,gitlab-ci,gitlab-ci-runner,Kubernetes,Gitlab Ci,Gitlab Ci Runner,我已经在kubernetes集群的名称空间GitLab runner下安装了GitLab runner。像这样 # cat <<EOF | kubectl create -f - { "apiVersion": "v1", "kind": "Namespace", "metadata": { "name": "gitlab-runner", "labels": { "name": "gitlab-runner" } } } # h
GitLab runner
下安装了GitLab runner。像这样
# cat <<EOF | kubectl create -f -
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gitlab-runner",
"labels": {
"name": "gitlab-runner"
}
}
}
# helm repo add gitlab https://charts.gitlab.io
# cat <<EOF|helm install --namespace gitlab-runner gitlab-runner -f - gitlab/gitlab-runner
gitlabUrl: https://gitlab.mycompany.com
runnerRegistrationToken: "c................Z"
gitlab运行程序kubernetes executor需要什么权限?我在权限列表中找不到权限,但我尝试逐个添加权限,并编译了基本功能所需的权限列表
gitlab runner将使用服务帐户system:serviceCount:gitlab runner:default
,因此我们需要创建一个角色并将该角色分配给该服务帐户
# cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitlab-runner
namespace: gitlab-runner
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "get", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
# kubectl create rolebinding --namespace=gitlab-runner gitlab-runner-binding --role=gitlab-runne r --serviceaccount=gitlab-runner:default
#cat
# cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitlab-runner
namespace: gitlab-runner
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "get", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
# kubectl create rolebinding --namespace=gitlab-runner gitlab-runner-binding --role=gitlab-runne r --serviceaccount=gitlab-runner:default