General info about runners
Runner types
GitLab at KIT provides project/group and instance (shared) runners.
The project and group runner in KIT only serves jobs for a group or a project. On the other hand the instance runners are shared with everyone. In both cases a individual temporary container is created for each job.
In case of the project runner, the runner can be used for all projects and subgroups inside of that group.
How to request a gitlab-runner for our group or project?
To use a gitlab-runner, you must fill out a short form. First, visit IT-Surpport Ticket page and go to customer login.
If you open a new ticket, you will find a request form in the text template with the title "GitLab at KIT: Request for the provision of GitLab Runner (en)"
You can fill out your profile and request in this form. Here is an example:
- Name: Your Name
- E-mail: your.name@kit.edu
-
GitLab Runner will be placed for following project/group (URL): [https://gitlab.kit.edu/gruppe/projekt]
-
(Optional) Do you have to parallelise your jobs/tasks with several Runners? How many runners are required in the CI/CD pipeline? (Default : 1 Runner): [x runner]
-
(Optional) How long do you need GitLab Runners in your personal or group project (max 6 months): [1 week/3 months/6 months]
The runner will be provided to you as soon as the provisioining and assignment process is completed.
Runner specification
The GitLab-Runner is installed on a Kubernetes-Tanzu-Cluster in the VMware infrastructure and ready to process jobs/tasks in a container.
There are multiple sizes of runners. For project/group runners the standard size is used (on demand the size or number of runners can be adjusted for project runners). For instance runners all sizes are used. The sizes are following:
NOTE 🗒: The sizes are in format
lower
-upper
- lower size in the range is guaranteed, the upper number is the ressource limit.
Tags and availability
Class | Tag | Parallelizability | Timeout |
---|---|---|---|
mini | kgr1-instance-mini |
20 (high) | 1 hour |
standard | kgr1-instance-standard |
20 (high) | 1 hour |
extraordinary | kgr1-instance-extraordinary |
1 (low) | 1 hour |
Container sizes
Cores | Memory (GiB) | Disk (GiB) | |
---|---|---|---|
kgr1-instance-mini | 0.5 - 0.5 | 1.6 - 2 | 11 - 13 |
kgr1-instance-standard | 1 - 1 | 2.8 - 3.7 | 16 - 26 |
kgr1-instance-extraordinary | 4 - 6 | 44 - 45 | 103 - 112 |
How to use the runner
NOTE 🗒: This is a brief guide on how to use our runners. To get information on how to use GitLab Runner please read the official documentation about runners.
- Enable the runner for your project
- You can do this inside of projects settings->CI/CD->runners
- Create a CI/CD configuration with a name
.gitlab-ci.yml
file and commit changes - The runner should pick up jobs and go with the steps of the runner
Choosing Linux Distribution (Optional)
Use image
variable to specify the runner. If you don't specify it, the runner will use Ubuntu.
We recommend following two images:
ubuntu:latest"
- default image if not specified otherwisealpine:latest
- lightweight linux image, that is recommended if you want to keep more resources for your builds, scripts, etc.
If those images do not suit your needs you can choose others like: debian:latest
, centos:latest
, fedora:latest
, archlinux:latest
, opensuse/leap:latest
...
NOTE🗒: Not every version might be available, check before or use the specified version or latest if available.
CI/CD configuration files examples
Example of .gitlab-ci.yml - hello world
hello_world:
# using tagged runner with tag "eager-blackbear-0"
tags:
- "eager-blackbear-0"
# specifying stage
# (most common stage and order is build->test->deploy)
stage: build
# if image not specified then the default is used
# default: image: "gitlab/gitlab-runner:ubuntu"
# specifying the commands to be run by the runner
script:
- echo "Hello world"
Example of .gitlab-ci.yml - extension
build_the_script:
tags:
- "eager-blackbear-0"
stage: build
image: "gitlab/gitlab-runner:ubuntu"
script:
- echo "print(42)" > get_answer.py
# using artifact to pass script to next stage
artifacts:
paths:
- get_answer.py
test_the_script:
tags:
- "eager-blackbear-0"
stage: test
image: "gitlab/gitlab-runner:ubuntu"
script:
- apt update
- apt install python3 -y
- if [ "$(python3 get_answer.py)" == "42" ]; then echo 'Answer is correct'; else echo 'Answer is NOT correct'; fi
Runner with a tag and variables
A tag can be used to control which jobs can be executed on which runners and for which sub-group or specific projects. If tags have been assigned to a job, it will only run on a runner with the appropriate tags.
In the .gitlab-ci.yml file, use CI/CD variables with tags for dynamic runner selection:
variables:
KIT_KUBERNETES_RUNNER: kit-öjwenadnh64$s82gowß3urhnßü1nvwß1nvsa
job:
tags:
- docker
- $KIT_KUBERNETES_RUNNER
script:
- echo "Hello runner selector feature"
Tag of KIT runner
Specify the tag of the runner in tags
sequence if you need to specify the runner to be used (more on that in section below):
Variables
Sensitive variables such as tokens or passwords should be stored in the settings in the user interface, preferably not in the .gitlab-ci.yml file. You can define CI/CD variables in the UI Settings -> CI/CD -> Variables
.
Security
When setting up your runners, you should pay attention to the security and protection of confidential data. Any user who has the access rights to the project can also execute arbitrary but unverified commands. When you are setting up your runner, you must ensure that no confidential information is accessible to ungranted user. Particularly for using shared runners, it should be noticed that the runner's private authentication token could be readable and the runner could be imitated by another machine.
Rate-Limit
To ensure a continuous service for all users, projects and groups, each project can start a maximum of 5 pipelines per minute. If this is not sufficient in your case, please write us a ticket with a brief explanation why more simultaneous pipelines need to be active in your project.
Specific needs
If you have specific needs for a runner with a good reason you can contact us with the ticket and write your request.