Runner use service account kubeconfig instead of user's (!2) · Merge requests · HSRN Projects / gitlab-windows-runner · GitLab

Nick Chao requested to merge use-sa into main Oct 16, 2023

Todos

figure out the required permissions for the service account

Service account requires permissions to persistentvolumeclaims, virtualmachineinstances, virtualmachineinstances/portforward, and a kubevirt.io:edit role associated with to run the custom executor. See this failed job

add the service account creation as part of the helm chart

Limitations

Right now each VM uses a 50G ssd disk, meaning with 4 of them running user will hit the usage limit. Pls be aware of this when testing.

how to test

make sure to test this in my namesapce yc6371 as the runner and ssh key credentials are ready there.

helm repo add --username <username> --password <access_token> windows-runner https://dev.hsrn.nyu.edu/api/v4/projects/253/packages/helm/stable
helm install my-release windows-runner/gitlab-runner-win

trigger a test job from the pipeline

Edited Oct 25, 2023 by Nick Chao