diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-03-06 08:26:50 +0000 |
---|---|---|
committer | Kamil TrzciĆski <ayufan@ayufan.eu> | 2018-03-06 08:26:50 +0000 |
commit | 7237ed59ac90148945efebf9624949c80c1298a4 (patch) | |
tree | f90e1dc83cb22117aa50bef46664c17d69edfa5c | |
parent | 2e87923dcb1cf7984690f5b5fdfc61bddfba923e (diff) | |
download | gitlab-ce-7237ed59ac90148945efebf9624949c80c1298a4.tar.gz |
Resolve "Enable privileged mode for Runner installed on Kubernetes"
-rw-r--r-- | app/models/clusters/applications/runner.rb | 5 | ||||
-rw-r--r-- | changelogs/unreleased/43793-enable-privileged-mode-for-runner.yml | 5 | ||||
-rw-r--r-- | db/migrate/20180305144721_add_privileged_to_runner.rb | 18 | ||||
-rw-r--r-- | db/schema.rb | 3 | ||||
-rw-r--r-- | spec/models/clusters/applications/runner_spec.rb | 30 | ||||
-rw-r--r-- | vendor/runner/values.yaml | 2 |
6 files changed, 58 insertions, 5 deletions
diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb index 7adf1663c35..16efe90fa27 100644 --- a/app/models/clusters/applications/runner.rb +++ b/app/models/clusters/applications/runner.rb @@ -56,12 +56,13 @@ module Clusters def specification { "gitlabUrl" => gitlab_url, - "runnerToken" => ensure_runner.token + "runnerToken" => ensure_runner.token, + "runners" => { "privileged" => privileged } } end def content_values - specification.merge(YAML.load_file(chart_values_file)) + YAML.load_file(chart_values_file).deep_merge!(specification) end end end diff --git a/changelogs/unreleased/43793-enable-privileged-mode-for-runner.yml b/changelogs/unreleased/43793-enable-privileged-mode-for-runner.yml new file mode 100644 index 00000000000..08109632e8e --- /dev/null +++ b/changelogs/unreleased/43793-enable-privileged-mode-for-runner.yml @@ -0,0 +1,5 @@ +--- +title: Enable privileged mode for GitLab Runner +merge_request: 17528 +author: +type: added diff --git a/db/migrate/20180305144721_add_privileged_to_runner.rb b/db/migrate/20180305144721_add_privileged_to_runner.rb new file mode 100644 index 00000000000..32e73dba8d5 --- /dev/null +++ b/db/migrate/20180305144721_add_privileged_to_runner.rb @@ -0,0 +1,18 @@ +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class AddPrivilegedToRunner < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + add_column_with_default :clusters_applications_runners, :privileged, :boolean, default: true, allow_null: false + end + + def down + remove_column :clusters_applications_runners, :privileged + end +end diff --git a/db/schema.rb b/db/schema.rb index 9e117440ed2..e28a7560d00 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180304204842) do +ActiveRecord::Schema.define(version: 20180305144721) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -603,6 +603,7 @@ ActiveRecord::Schema.define(version: 20180304204842) do t.datetime_with_timezone "updated_at", null: false t.string "version", null: false t.text "status_reason" + t.boolean "privileged", default: true, null: false end add_index "clusters_applications_runners", ["cluster_id"], name: "index_clusters_applications_runners_on_cluster_id", unique: true, using: :btree diff --git a/spec/models/clusters/applications/runner_spec.rb b/spec/models/clusters/applications/runner_spec.rb index 612a3c8e413..a574779e39d 100644 --- a/spec/models/clusters/applications/runner_spec.rb +++ b/spec/models/clusters/applications/runner_spec.rb @@ -34,6 +34,8 @@ describe Clusters::Applications::Runner do is_expected.to include('checkInterval') is_expected.to include('rbac') is_expected.to include('runners') + is_expected.to include('privileged: true') + is_expected.to include('image: ubuntu:16.04') is_expected.to include('resources') is_expected.to include("runnerToken: #{ci_runner.token}") is_expected.to include("gitlabUrl: #{Gitlab::Routing.url_helpers.root_url}") @@ -65,5 +67,33 @@ describe Clusters::Applications::Runner do expect(gitlab_runner.runner).not_to be_nil end end + + context 'with duplicated values on vendor/runner/values.yaml' do + let(:values) do + { + "concurrent" => 4, + "checkInterval" => 3, + "rbac" => { + "create" => false + }, + "clusterWideAccess" => false, + "runners" => { + "privileged" => false, + "image" => "ubuntu:16.04", + "builds" => {}, + "services" => {}, + "helpers" => {} + } + } + end + + before do + allow(gitlab_runner).to receive(:chart_values).and_return(values) + end + + it 'should overwrite values.yaml' do + is_expected.to include("privileged: #{gitlab_runner.privileged}") + end + end end end diff --git a/vendor/runner/values.yaml b/vendor/runner/values.yaml index b7e2e24acaf..e5f95152ac7 100644 --- a/vendor/runner/values.yaml +++ b/vendor/runner/values.yaml @@ -15,10 +15,8 @@ rbac: clusterWideAccess: false ## Configuration for the Pods that that the runner launches for each new job -## runners: image: ubuntu:16.04 - privileged: false builds: {} services: {} helpers: {} |