diff --git a/docs/system_requirements/ci/gitlab_ci.md b/docs/system_requirements/ci/gitlab_ci.md index 679292a010..a53671a8bf 100644 --- a/docs/system_requirements/ci/gitlab_ci.md +++ b/docs/system_requirements/ci/gitlab_ci.md @@ -27,7 +27,7 @@ See below for an example runner configuration: Please also include the following in your GitlabCI pipeline definitions (`.gitlab-ci.yml`) that use Testcontainers: -```yml +```yaml variables: TESTCONTAINERS_HOST_OVERRIDE: "host.docker.internal" ``` @@ -39,9 +39,9 @@ So edit your `.gitlab-ci.yml` to include the [Docker-In-Docker service](https:// Caveat: Current Docker releases (verified for 20.10.9) intentionally delay the startup, if the Docker API is bound to a network address but not TLS protected. To avoid this delay, the Docker process needs to be started with the argument `--tls=false`. Otherwise jobs which access the Docker API at the very beginning might fail. -Here is a sample `.gitlab-ci.yml` that executes test with gradle: +Here is a sample `.gitlab-ci.yml` that executes go test: -```yml +```yaml # DinD service is required for Testcontainers services: - name: docker:dind @@ -61,3 +61,124 @@ test: stage: test script: go test ./... -v ``` + +## Example using Kubedock + +This applies if your executor is `kubernetes` and you don't want to use DinD. One option is to use [kubedock](https://github.com/joyrex2001/kubedock). This library is a minimal implementation of the Docker API that will orchestrate containers on a Kubernetes cluster. + +Here is the example Kubernetes configuration you must create: + +```yaml +# ServiceAccount for Kubedock +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubedock + namespace: gitlab-runner + +# Role for Kubedock +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubedock-role + namespace: gitlab-runner +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["create", "get", "list", "delete", "watch"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["list", "get"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "delete"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "delete"] + +# RoleBinding for Kubedock +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubedock-rolebinding + namespace: gitlab-runner +subjects: + - kind: User + name: system:serviceaccount:gitlab-runner:kubedock + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: kubedock-role + apiGroup: rbac.authorization.k8s.io + +# Deployment for Kubedock Server +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kubedock-server + namespace: gitlab-runner +spec: + replicas: 1 + selector: + matchLabels: + app: kubedock-server + template: + metadata: + labels: + app: kubedock-server + spec: + serviceAccountName: kubedock + containers: + - name: kubedock-server + image: joyrex2001/kubedock:0.17.0 + resources: + limits: + memory: "4Gi" + cpu: "1000m" + requests: + memory: "2Gi" + cpu: "200m" + ports: + - containerPort: 2475 + args: [ + # Configuration options described here: + # https://github.com/joyrex2001/kubedock/blob/master/config.md + "server", + "--namespace=gitlab-runner", + "--service-account=kubedock", + "--timeout=20m0s", + "--request-cpu=1", + "--request-memory=2Gi", + "--disable-dind", + "--reverse-proxy", + "--reapmax=60m", + ] + +# Service for Kubedock +apiVersion: v1 +kind: Service +metadata: + name: kubedock-service + namespace: gitlab-runner +spec: + selector: + app: kubedock-server + type: ClusterIP + clusterIP: None +``` + + +Here is a sample `.gitlab-ci.yml` that executes go test: + +```yaml +variables: + # Instruct Testcontainers to use the daemon of kubedock to create containers in kubernetes + DOCKER_HOST: "tcp://kubedock-service:2475" +test: + image: golang:1.22 + stage: test + script: go test ./... -v +```