kubernetes-executor should allow specifying volumes (HostPath, Secrets)
The docker executor has the option to mount directories from the Host, but the kubernetes executor doesn't. Additionally it would be nice to specify Secrets, which hold sensitive information (e.g. dockerhub credentials, kubeconfig credentials).
I have hacked it in, but the real solution should be to make it configurable:
diff --git a/executors/kubernetes/executor_kubernetes.go b/executors/kubernetes/executor_kubernetes.go
index dc011fa..18d2faa 100644
--- a/executors/kubernetes/executor_kubernetes.go
+++ b/executors/kubernetes/executor_kubernetes.go
@@ -138,6 +138,18 @@ func (s *executor) buildContainer(name, image string, limits api.ResourceList, c
Name: "repo",
MountPath: strings.Join(path, "/"),
},
+ api.VolumeMount{
+ Name: "docker-socket",
+ MountPath: "/var/run/docker.sock",
+ },
+ api.VolumeMount{
+ Name: "docker-cred",
+ MountPath: "/root/.docker/",
+ },
+ api.VolumeMount{
+ Name: "kube-cred",
+ MountPath: "/root/.kube/",
+ },
},
SecurityContext: &api.SecurityContext{
Privileged: &privileged,
@@ -167,6 +179,30 @@ func (s *executor) setupBuildPod() error {
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
+ api.Volume{
+ Name: "docker-socket",
+ VolumeSource: api.VolumeSource{
+ HostPath: &api.HostPathVolumeSource{
+ Path: "/var/run/docker.sock",
+ },
+ },
+ },
+ api.Volume{
+ Name: "docker-cred",
+ VolumeSource: api.VolumeSource{
+ Secret: &api.SecretVolumeSource{
+ SecretName: "docker-cred",
+ },
+ },
+ },
+ api.Volume{
+ Name: "kube-cred",
+ VolumeSource: api.VolumeSource{
+ Secret: &api.SecretVolumeSource{
+ SecretName: "kube-cred",
+ },
+ },
+ },
},
RestartPolicy: api.RestartPolicyNever,
Containers: append([]api.Container{The image is availabe on dockerhub: willies/gitlab-runner:1.7.1_kube.3 (https://hub.docker.com/r/willies/gitlab-runner/)
Some instructions and a demo how to use it are here: https://github.com/janwillies/taw16-k8s-cd