diff --git a/k8s/gitlab-agent/README.md b/k8s/gitlab-agent/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..b26b72515b715f3ace693afdd5adeae93da89e66
--- /dev/null
+++ b/k8s/gitlab-agent/README.md
@@ -0,0 +1,7 @@
+### Deploy gitlab-agent using Helm chart
+
+---
+
+| Helm repository | Helm chart | Git repository |
+| ------------------------ | ------------------- | ------------------------------------------------- |
+| https://charts.gitlab.io | gitlab/gitlab-agent | https://gitlab.com/gitlab-org/charts/gitlab-agent |
diff --git a/k8s/gitlab-agent/gitlab-agent-1.17.1.tgz b/k8s/gitlab-agent/gitlab-agent-1.17.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7fdd23cb606a800040e5cf7e796b1732bca70bce
Binary files /dev/null and b/k8s/gitlab-agent/gitlab-agent-1.17.1.tgz differ
diff --git a/k8s/gitlab-agent/values.yaml b/k8s/gitlab-agent/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b567724518e7b08f8d9d59336528f35c97806d8d
--- /dev/null
+++ b/k8s/gitlab-agent/values.yaml
@@ -0,0 +1,130 @@
+image:
+ repository: "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk"
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: "v16.0.1"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: "agentk"
+
+replicas: 1
+maxSurge: 1
+maxUnavailable: 0
+
+rbac:
+ # Specifies whether RBAC resources should be created
+ create: false
+ ## Set to a rolename to use existing role. Default is cluster-admin
+ # useExistingRole: somerolename
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: "gitlab-agentk"
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext:
+ {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+# runAsUser: 1000
+
+podAnnotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: "/metrics"
+ prometheus.io/port: "8080"
+
+serviceMonitor:
+ # Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
+ enabled: false
+
+config:
+ kasAddress: "wss://gitlab.epfl.ch//-/kubernetes-agent/"
+ # kasHeaders:
+ # - "Cookie: gitlab-canary"
+ # token: "put your token here"
+ secretName: "gitlab-agentk-token"
+ # caCert: "PEM certificate file to use to verify config.kasAddress. Useful if config.kasAddress is self-signed."
+
+ observability:
+ enabled: true
+ # Application-level TLS configuration for the observability service
+ tls:
+ enabled: false
+ # cert: "Public key for the TLS certificate"
+ # key: "Private key for the TLS certificate"
+ secret:
+ {}
+ # create: false # when true, creates a certificate with values cert and key from above
+ # name: "gitlab-agent-observability"
+
+extraEnv: []
+# Add additional environment settings to the pod. Can be useful in proxy
+# environments
+
+extraArgs: []
+# Add additional args settings to the pod.
+
+extraVolumeMounts: []
+# Add extra volume mounts
+
+extraVolumes: []
+# Add extra volumes
+
+resources:
+ {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+priorityClassName: ""
+
+## list of hosts and IPs that will be injected into the pod's hosts file
+hostAliases:
+ []
+ # Example:
+ # - ip: "127.0.0.1"
+ # hostnames:
+ # - "foo.local"
+ # - "bar.local"
+ # - ip: "10.1.2.3"
+ # hostnames:
+ # - "foo.remote"
+ # - "bar.remote"
+
+# Labels to be added to each agent pod
+podLabels:
+ {}
+ # Example:
+ # role: developer
+
+# Additional labels to be added to all created objects
+additionalLabels: {}
+
+# Optional initContainers definition
+initContainers: []
+
+# Show the last 80 lines or 2048 bytes (whichever is smaller) of pod logs in kubectl describe output when container exits with non-zero exit code
+# Useful for when pod logs are cycled out of a node post-crash before an operator can capture the logs
+# Valid values are 'File' which is the Kubernetes API default, or 'FallbackToLogsOnError'
+# See https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/ for more information
+terminationMessagePolicy: FallbackToLogsOnError
diff --git a/k8s/gitlab-runner/README.md b/k8s/gitlab-runner/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..b4e93afe92e535f36c9e0a85702344778e7a5a99
--- /dev/null
+++ b/k8s/gitlab-runner/README.md
@@ -0,0 +1,7 @@
+### Deploy gitlab-runner using Helm chart
+
+---
+
+| Helm repository | Helm chart | Git repository |
+| ------------------------ | -------------------- | -------------------------------------------------- |
+| https://charts.gitlab.io | gitlab/gitlab-runner | https://gitlab.com/gitlab-org/charts/gitlab-runner |
diff --git a/k8s/gitlab-runner/gitlab-runner-0.53.2.tgz b/k8s/gitlab-runner/gitlab-runner-0.53.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c725a76a099562c87f8c8caefb3d03623ddf969e
Binary files /dev/null and b/k8s/gitlab-runner/gitlab-runner-0.53.2.tgz differ
diff --git a/k8s/gitlab-runner/values.yaml b/k8s/gitlab-runner/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0baa60678e3fc0140c882405ed02b5030fa6b626
--- /dev/null
+++ b/k8s/gitlab-runner/values.yaml
@@ -0,0 +1,575 @@
+## GitLab Runner Image
+##
+## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION}
+## where {VERSION} is taken from Chart.yaml from appVersion field
+##
+## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]=
+##
+## Note: If you change the image to the ubuntu release
+## don't forget to change the securityContext;
+## these images run on different user IDs.
+##
+image:
+ registry: registry.gitlab.com
+ image: gitlab-org/gitlab-runner
+ # tag: alpine-v11.6.0
+
+## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry)
+## the installation fails because dumb-init is not packaged in the image. However, the tini is present.
+## This configuration will allow gitlab-runner-ubi-images users to explicitly enabled the use of `tini` instead of `dumb-init`
+useTini: false
+
+## Specify a imagePullPolicy for the main runner deployment
+## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
+##
+## Note: it does not apply to job containers launched by this executor.
+## Use `pull_policy` in [runners.kubernetes] to change it.
+##
+## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+##
+imagePullPolicy: IfNotPresent
+
+## Specifying ImagePullSecrets on a Pod
+## Kubernetes supports specifying container image registry keys on a Pod.
+## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+##
+# imagePullSecrets:
+# - name: "image-pull-secret"
+
+## Timeout, in seconds, for liveness and readiness probes of a runner pod.
+# probeTimeoutSeconds: 1
+
+# How many runner pods to launch.
+#
+replicas: 1
+
+# How many old ReplicaSets for this Deployment you want to retain
+revisionHistoryLimit: 3
+
+# The GitLab Server URL (with protocol) that want to register the runner against
+# ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
+#
+gitlabUrl: https://gitlab.epfl.ch/
+
+## DEPRECATED: The Registration Token for adding new Runners to the GitLab Server.
+##
+## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+##
+# runnerRegistrationToken: ""
+
+## The Runner Token for adding new Runners to the GitLab Server. This must
+## be retrieved from your GitLab Instance. It is token of already registered runner.
+## ref: (we don't yet have docs for that, but we want to use existing token)
+##
+# runnerToken: ""
+#
+
+## Unregister all runners before termination
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated and created again. This may cause your Gitlab instance to reference
+## non-existant runners. Un-registering the runner before termination mitigates this issue.
+## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
+##
+# unregisterRunners: true
+
+## When stopping the runner, give it time to wait for its jobs to terminate.
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated with a graceful stop request. terminationGracePeriodSeconds
+## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
+## ref: https://docs.gitlab.com/runner/commands/#signals
+terminationGracePeriodSeconds: 3600
+
+## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
+## Provide resource name for a Kubernetes Secret Object in the same namespace,
+## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
+## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
+##
+# certsSecretName:
+
+## Configure the maximum number of concurrent jobs
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+concurrent: 2
+
+## Defines in seconds how often to check GitLab for a new builds
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+checkInterval: 60
+
+## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logLevel:
+
+## Configure GitLab Runner's logging format. Available values are: runner, text, json
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logFormat:
+
+## Configure GitLab Runner's Sentry DSN.
+## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# sentryDsn:
+
+## A custom bash script that will be executed prior to the invocation
+## gitlab-runner process
+#
+#preEntrypointScript: |
+# echo "hello"
+
+## Specify whether the runner should start the session server.
+## Defaults to false
+## ref:
+##
+## When sessionServer is enabled, the user can either provide a public publicIP
+## or rely on the external IP auto discovery
+## When a serviceAccountName is used with the automounting to the pod disable,
+## we recommend the usage of the publicIP
+sessionServer:
+ enabled: false
+ # annotations: {}
+ # timeout: 1800
+ # internalPort: 8093
+ # externalPort: 9000
+ # publicIP: ""
+ # loadBalancerSourceRanges:
+ # - 1.2.3.4/32
+
+## For RBAC support:
+rbac:
+ create: true
+
+ ## Define list of rules to be added to the rbac role permissions.
+ ## Each rule supports the keys:
+ ## - apiGroups: default "" (indicates the core API group) if missing or empty.
+ ## - resources: default "*" if missing or empty.
+ ## - verbs: default "*" if missing or empty.
+ ##
+ ## Read more about the recommended rules on the following link
+ ##
+ ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configuring-executor-service-account
+ ##
+ rules:
+ - apiGroups: [""]
+ resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
+ verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+ - apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["create", "patch", "delete"]
+
+ ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
+ ## cluster-wide or only within namespace
+ clusterWideAccess: false
+
+ ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
+ ##
+ # serviceAccountName: default
+
+ ## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn
+ ##
+ ## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
+ ##
+ # serviceAccountAnnotations: {}
+
+ ## Use podSecurity Policy
+ ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ podSecurityPolicy:
+ enabled: false
+ resourceNames:
+ - gitlab-runner
+
+ ## Specify one or more imagePullSecrets used for pulling the runner image
+ ##
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+ ##
+ # imagePullSecrets: []
+
+## Configure integrated Prometheus metrics exporter
+##
+## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
+##
+metrics:
+ enabled: false
+
+ ## Define a name for the metrics port
+ ##
+ portName: metrics
+
+ ## Provide a port number for the integrated Prometheus metrics exporter
+ ##
+ port: 9252
+
+ ## Configure a prometheus-operator serviceMonitor to allow autodetection of
+ ## the scraping target. Requires enabling the service resource below.
+ ##
+ serviceMonitor:
+ enabled: false
+
+ ## Provide additional labels to the service monitor ressource
+ ##
+ ## labels: {}
+
+ ## Define a scrape interval (otherwise prometheus default is used)
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
+ ##
+ # interval: ""
+
+ ## Specify the scrape protocol scheme e.g., https or http
+ ##
+ # scheme: "http"
+
+ ## Supply a tls configuration for the service monitor
+ ##
+ ## ref: https://github.com/helm/charts/blob/master/stable/prometheus-operator/crds/crd-servicemonitor.yaml
+ ##
+ # tlsConfig: {}
+
+ ## The URI path where prometheus metrics can be scraped from
+ ##
+ # path: "/metrics"
+
+ ## A list of MetricRelabelConfigs to apply to samples before ingestion
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ # metricRelabelings: []
+
+ ## A list of RelabelConfigs to apply to samples before scraping
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ ## relabelings: []
+
+## Configure a service resource e.g., to allow scraping metrics via
+## prometheus-operator serviceMonitor
+service:
+ enabled: false
+
+ ## Provide additonal labels for the service
+ ##
+ # labels: {}
+
+ ## Provide additonal annotations for the service
+ ##
+ # annotations: {}
+
+ ## Define a specific ClusterIP if you do not want a dynamic one
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
+ ##
+ # clusterIP: ""
+
+ ## Define a list of one or more external IPs for this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
+ ##
+ # externalIPs: []
+
+ ## Provide a specific loadbalancerIP e.g., of an external Loadbalancer
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+ ##
+ # loadBalancerIP: ""
+
+ ## Provide a list of source IP ranges to have access to this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support
+ ##
+ # loadBalancerSourceRanges: []
+
+ ## Specify the service type e.g., ClusterIP, NodePort, Loadbalancer or ExternalName
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ ##
+ type: ClusterIP
+
+ ## Specify the services metrics nodeport if you use a service of type nodePort
+ ##
+ # metrics:
+
+ ## Specify the node port under which the prometheus metrics of the runner are made
+ ## available.
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
+ ##
+ # nodePort: ""
+
+ ## Provide a list of additional ports to be exposed by this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ ##
+ # additionalPorts: []
+
+## Configuration for the Pods that the runner launches for each new job
+##
+runners:
+ # runner configuration, where the multi line strings is evaluated as
+ # template so you can specify helm values inside of it.
+ #
+ # tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
+ # runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+ config: |
+ [[runners]]
+ [runners.kubernetes]
+ namespace = "{{.Release.Namespace}}"
+ image = "ubuntu:16.04"
+ [runners.kubernetes.dns_config]
+ nameservers = ["8.8.8.8"]
+
+ ## Which executor should be used
+ ##
+ # executor: kubernetes
+
+ ## DEPRECATED: Specify whether the runner should be locked to a specific project: true, false.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # locked: true
+
+ ## DEPRECATED: Specify the tags associated with the runner. Comma-separated list of tags.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # tags: ""
+
+ ## Specify the name for the runner.
+ ##
+ # name: ""
+
+ ## DEPRECATED:Specify the maximum timeout (in seconds) that will be set for job when using this Runner
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # maximumTimeout: ""
+
+ ## DEPRECATED: Specify if jobs without tags should be run.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # runUntagged: true
+
+ ## DEPRECATED: Specify whether the runner should only run protected branches.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # protected: true
+
+ ## The name of the secret containing runner-token and runner-registration-token
+ # secret: gitlab-runner
+
+ ## Distributed runners caching
+ ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
+ ##
+ ## If you want to use s3 based distributing caching:
+ ## First of all you need to uncomment General settings and S3 settings sections.
+ ##
+ ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
+ ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
+ ##
+ ## $ kubectl create secret generic s3access \
+ ## --from-literal=accesskey="YourAccessKey" \
+ ## --from-literal=secretkey="YourSecretKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## If you want to use gcs based distributing caching:
+ ## First of all you need to uncomment General settings and GCS settings sections.
+ ##
+ ## Access using credentials file:
+ ## Create a secret 'google-application-credentials' containing your application credentials file.
+ ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+ ## You could configure
+ ## $ kubectl create secret generic google-application-credentials \
+ ## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## Access using access-id and private-key:
+ ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
+ ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+ ## You could configure
+ ## $ kubectl create secret generic gcsaccess \
+ ## --from-literal=gcs-access-id="YourAccessID" \
+ ## --from-literal=gcs-private-key="YourPrivateKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## If you want to use Azure-based distributed caching:
+ ## First, uncomment General settings.
+ ##
+ ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
+ ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
+ ##
+ ## $ kubectl create secret generic azureaccess \
+ ## --from-literal=azure-account-name="YourAccountName" \
+ ## --from-literal=azure-account-key="YourAccountKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+
+ cache:
+ {}
+ ## S3 the name of the secret.
+ # secretName: s3access
+ ## Use this line for access using gcs-access-id and gcs-private-key
+ # secretName: gcsaccess
+ ## Use this line for access using google-application-credentials file
+ # secretName: google-application-credentials
+ ## Use this line for access using Azure with azure-account-name and azure-account-key
+ # secretName: azureaccess
+
+## Specify the name of the scheduler which used to schedule runner pods.
+## Kubernetes supports multiple scheduler configurations.
+## ref: https://kubernetes.io/docs/reference/scheduling
+# schedulerName: "my-custom-scheduler"
+
+## Configure securitycontext for the main container
+## ref: http://kubernetes.io/docs/user-guide/security-context/
+##
+securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: false
+ runAsNonRoot: true
+ privileged: false
+ capabilities:
+ drop: ["ALL"]
+
+## Configure securitycontext valid for the whole pod
+## ref: http://kubernetes.io/docs/user-guide/security-context/
+##
+podSecurityContext:
+ runAsUser: 100
+ # runAsGroup: 65533
+ fsGroup: 65533
+ # supplementalGroups: [65533]
+
+ ## Note: values for the ubuntu image:
+ # runAsUser: 999
+ # fsGroup: 999
+
+## Configure resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ {}
+ # limits:
+ # memory: 256Mi
+ # cpu: 200m
+ # requests:
+ # memory: 128Mi
+ # cpu: 100m
+
+## Affinity for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector:
+ {}
+ # Example: The gitlab runner manager should not run on spot instances so you can assign
+ # them to the regular worker nodes only.
+ # node-role.kubernetes.io/worker: "true"
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations:
+ []
+ # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
+ # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
+ # - key: "node-role.kubernetes.io/worker"
+ # operator: "Exists"
+
+## Configure environment variables that will be present when the registration command runs
+## This provides further control over the registration process and the config.toml file
+## ref: `gitlab-runner register --help`
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+##
+# envVars:
+# - name: RUNNER_EXECUTOR
+# value: kubernetes
+
+## list of hosts and IPs that will be injected into the pod's hosts file
+hostAliases:
+ []
+ # Example:
+ # - ip: "127.0.0.1"
+ # hostnames:
+ # - "foo.local"
+ # - "bar.local"
+ # - ip: "10.1.2.3"
+ # hostnames:
+ # - "foo.remote"
+ # - "bar.remote"
+
+## Annotations to be added to manager pod
+##
+podAnnotations:
+ {}
+ # Example:
+ # iam.amazonaws.com/role: <my_role_arn>
+
+## Labels to be added to manager pod
+##
+podLabels:
+ {}
+ # Example:
+ # owner.team: <my_cool_team>
+
+## HPA support for custom metrics:
+## This section enables runners to autoscale based on defined custom metrics.
+## In order to use this functionality, Need to enable a custom metrics API server by
+## implementing "custom.metrics.k8s.io" using supported third party adapter
+## Example: https://github.com/directxman12/k8s-prometheus-adapter
+##
+#hpa: {}
+# minReplicas: 1
+# maxReplicas: 10
+# metrics:
+# - type: Pods
+# pods:
+# metricName: gitlab_runner_jobs
+# targetAverageValue: 400m
+
+## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works:
+## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: ""
+
+## Secrets to be additionally mounted to the containers.
+## All secrets are mounted through init-runner-secrets volume
+## and placed as readonly at /init-secrets in the init container
+## and finally copied to an in-memory volume runner-secrets that is
+## mounted at /secrets.
+secrets:
+ []
+ # Example:
+ # - name: my-secret
+ # - name: myOtherSecret
+ # items:
+ # - key: key_one
+ # path: path_one
+
+## Additional config files to mount in the containers in `/configmaps`.
+##
+## Please note that a number of keys are reserved by the runner.
+## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml
+## for a current list.
+configMaps: {}
+
+## Additional volumeMounts to add to the runner container
+##
+volumeMounts:
+ []
+ # Example:
+ # - name: my-volume
+ # mountPath: /mount/path
+
+## Additional volumes to add to the runner deployment
+##
+volumes:
+ []
+ # Example:
+ # - name: my-volume
+ # persistentVolumeClaim:
+ # claimName: my-pvc