So existing example configuration works well with GitLab.com shared runners. But if you want to use your own runner, a Kubernetes runner, then it seems there are some issues. First, this applies. I addressed it by adding:
[[runners.kubernetes.volumes.host_path]]
name = "modules"
mount_path = "/lib/modules"
host_path = "/lib/modules"
read_only = true
[[runners.kubernetes.volumes.host_path]]
name = "cgroup"
mount_path = "/sys/fs/cgroup"
host_path = "/sys/fs/cgroup"
read_only = true
I set cgroup mount to read-only, too, because it has been reported that it works and it seems it does. This blog post documents more things to be done, but I am not sure how to do them on GitLab CI, or if they are even necessary.
Next issue was that modern Docker uses TLS, but I have not read this configuration in time, so I just ended up disabling it by having the following environment variables in my .gitlab-ci.yml:
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
Next, Kubernetes runner sets environment variables like:
declare -x KUBERNETES_PORT="tcp://10.62.0.1:443"
declare -x KUBERNETES_PORT_443_TCP="tcp://10.62.0.1:443"
declare -x KUBERNETES_PORT_443_TCP_ADDR="10.62.0.1"
declare -x KUBERNETES_PORT_443_TCP_PORT="443"
declare -x KUBERNETES_PORT_443_TCP_PROTO="tcp"
declare -x KUBERNETES_SERVICE_HOST="10.62.0.1"
declare -x KUBERNETES_SERVICE_PORT="443"
declare -x KUBERNETES_SERVICE_PORT_HTTPS="443"
When using kubectl this means that it tries to connect to your external Kubernetes cluster and not to kind's. I had to add:
for name in $(printenv | grep "^KUBERNETES_" | cut -f1 -d=); do export -n $name; done
at the beginning of before_script and after_script sections in my CI job.
I have also added kind delete cluster at the end of after_script, as it seems it is necessary to cleanup things.
So existing example configuration works well with GitLab.com shared runners. But if you want to use your own runner, a Kubernetes runner, then it seems there are some issues. First, this applies. I addressed it by adding:
I set cgroup mount to read-only, too, because it has been reported that it works and it seems it does. This blog post documents more things to be done, but I am not sure how to do them on GitLab CI, or if they are even necessary.
Next issue was that modern Docker uses TLS, but I have not read this configuration in time, so I just ended up disabling it by having the following environment variables in my
.gitlab-ci.yml:Next, Kubernetes runner sets environment variables like:
When using
kubectlthis means that it tries to connect to your external Kubernetes cluster and not to kind's. I had to add:at the beginning of
before_scriptandafter_scriptsections in my CI job.I have also added
kind delete clusterat the end ofafter_script, as it seems it is necessary to cleanup things.