ericbisme · January 27, 2020 20:42
diff --git a/gitlab-runner-job.yaml b/gitlab-runner-job.yaml
 # Initialize a gitlab-runner in a utility namespace dedicated to customer namespace
 # Designed to faciliate customer self-service to their namespace(s) via GitLab
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: deploy-gitlab-runner-<customer>-<namespace>
 spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
      - name: gitlab-bootstrap-customer
        image: praqma/helmsman:v1.7.3-rc-helm-v2.11.0
        command: ["bash",  "-c"]
        args: >- [
                kubectl config set-cluster default --server=https://kubernetes.default
                --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
                && kubectl config set-context default --cluster=default
                && token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
                && kubectl config set-credentials user --token=$token
                && kubectl config set-context default --user=user
                && kubectl config use-context default
                && init --client-only 
                && helm fetch --untar --repo https://charts.gitlab.io gitlab-runner
                && helm template gitlab-runner -n gitlab-runner-customer --namespace <utility-namespace> 
                --set imagePullPolicy=IfNotPresent
                --set gitlabUrl=http://gitlab.your-domain.com/
                --set runnerRegistrationToken=""
                --set concurrent=1
                --set checkInterval=30
                --set rbac.create=false
                --set rbac.clusterWideAccess=false
                --set metrics.enabled=true
                --set runners.image=ubuntu:16.04
                --set runners.privileged=false
                --set runners.locked=true
                --set runners.serviceAccountName=<helm-customer-namespace>
                --set envVars.KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED={name: KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED, value: ^customer-.*}
                --set envVars.KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED={name: KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED, value: ^helm-customer-namespace-.*}
                | kubectl apply -f -
              ]
      restartPolicy: Never
	# Initialize a gitlab-runner in a utility namespace dedicated to customer namespace
	# Designed to faciliate customer self-service to their namespace(s) via GitLab
	---
	apiVersion: batch/v1
	kind: Job
	metadata:
	name: deploy-gitlab-runner-<customer>-<namespace>
	spec:
	ttlSecondsAfterFinished: 100
	template:
	spec:
	containers:
	- name: gitlab-bootstrap-customer
	image: praqma/helmsman:v1.7.3-rc-helm-v2.11.0
	command: ["bash", "-c"]
	args: >- [
	kubectl config set-cluster default --server=https://kubernetes.default
	--certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	&& kubectl config set-context default --cluster=default
	&& token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
	&& kubectl config set-credentials user --token=$token
	&& kubectl config set-context default --user=user
	&& kubectl config use-context default
	&& init --client-only
	&& helm fetch --untar --repo https://charts.gitlab.io gitlab-runner
	&& helm template gitlab-runner -n gitlab-runner-customer --namespace <utility-namespace>
	--set imagePullPolicy=IfNotPresent
	--set gitlabUrl=http://gitlab.your-domain.com/
	--set runnerRegistrationToken=""
	--set concurrent=1
	--set checkInterval=30
	--set rbac.create=false
	--set rbac.clusterWideAccess=false
	--set metrics.enabled=true
	--set runners.image=ubuntu:16.04
	--set runners.privileged=false
	--set runners.locked=true
	--set runners.serviceAccountName=<helm-customer-namespace>
	--set envVars.KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED={name: KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED, value: ^customer-.*}
	--set envVars.KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED={name: KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED, value: ^helm-customer-namespace-.*}
	\| kubectl apply -f -
	]
	restartPolicy: Never