From 18ea7d50c0705a7b5280786bda2c7cedfeff845f Mon Sep 17 00:00:00 2001 From: "Georgi N. Georgiev" Date: Thu, 5 Oct 2023 14:07:17 +0000 Subject: [PATCH] operator gitlab-runner-operator (1.18.0) Signed-off-by: Georgi N. Georgiev --- .../manifests/apps.gitlab.com_runners.yaml | 248 +++++++ ...ole_rbac.authorization.k8s.io_v1_role.yaml | 28 + ...c.authorization.k8s.io_v1_rolebinding.yaml | 13 + ...er-manager-metrics-service_v1_service.yaml | 18 + ...c.authorization.k8s.io_v1_rolebinding.yaml | 13 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 10 + ...runner-operator.clusterserviceversion.yaml | 623 ++++++++++++++++++ .../gitlab-runner-sa_v1_serviceaccount.yaml | 5 + ...lab-runner-webhook-service_v1_service.yaml | 17 + .../1.18.0/metadata/annotations.yaml | 15 + .../1.18.0/tests/scorecard/config.yaml | 70 ++ 11 files changed, 1060 insertions(+) create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/apps.gitlab.com_runners.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-role_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-manager-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-operator.clusterserviceversion.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-sa_v1_serviceaccount.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-webhook-service_v1_service.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/metadata/annotations.yaml create mode 100644 operators/gitlab-runner-operator/1.18.0/tests/scorecard/config.yaml diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/apps.gitlab.com_runners.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/apps.gitlab.com_runners.yaml new file mode 100644 index 00000000000..a29629f9507 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/apps.gitlab.com_runners.yaml @@ -0,0 +1,248 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: gitlab-runner-system/gitlab-runner-serving-cert + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: runners.apps.gitlab.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: gitlab-runner-webhook-service + namespace: gitlab-runner-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: apps.gitlab.com + names: + kind: Runner + listKind: RunnerList + plural: runners + singular: runner + scope: Namespaced + versions: + - name: v1beta2 + schema: + openAPIV3Schema: + description: Runner is the open source project used to run your jobs and send + the results back to GitLab + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of a GitLab Runner + instance + properties: + azure: + description: options used to setup Azure blob storage as GitLab Runner + Cache + properties: + container: + description: Name of the Azure container in which the cache will + be stored + type: string + credentials: + description: Credentials secret contains 'accountName' and 'privateKey' + used to authenticate against Azure blob storage + type: string + storageDomain: + description: The domain name of the Azure blob storage e.g. blob.core.windows.net + type: string + type: object + buildImage: + description: The name of the default image to use to run build jobs, + when none is specified + type: string + ca: + description: Name of tls secret containing the custom certificate + authority (CA) certificates + type: string + cachePath: + description: Path defines the Runner Cache path + type: string + cacheShared: + description: Enable sharing of cache between Runners + type: boolean + cacheType: + description: 'Type of cache used for Runner artifacts Options are: + gcs, s3, azure' + type: string + cloneURL: + description: If specified, overrides the default URL used to clone + or fetch the Git ref + type: string + concurrent: + description: Option to limit the number of jobs globally that can + run concurrently. The operator sets this to 10, if not specified + format: int32 + type: integer + config: + description: allow user to provide configmap name containing the user + provided config.toml + type: string + env: + description: Accepts configmap name. Provides user mechanism to inject + environment variables in the GitLab Runner pod via the key value + pairs in the ConfigMap + type: string + gcs: + description: options used to setup GCS (Google Container Storage) + as GitLab Runner Cache + properties: + bucket: + description: Name of the bucket in which the cache will be stored + type: string + credentials: + description: contains the GCS 'access-id' and 'private-key' + type: string + credentialsFile: + description: Takes GCS credentials file, 'keys.json' + type: string + type: object + gitlabUrl: + description: The fully qualified domain name for the GitLab instance. + For example, https://gitlab.example.com + type: string + helperImage: + description: If specified, overrides the default GitLab Runner helper + image + type: string + imagePullPolicy: + description: 'ImagePullPolicy sets the Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + interval: + description: Option to define the number of seconds between checks + for new jobs. This is set to a default of 30s by operator if not + set + format: int32 + type: integer + locked: + description: Specify whether the runner should be locked to a specific + project. Defaults to false. + type: boolean + podSpec: + items: + description: KubernetesPodSpec represents the structure expected + when adding a custom PodSpec to configure the Pod running the + GitLab Runner Manager + properties: + name: + description: Name is the name given to the custom Pod Spec + type: string + patch: + description: A JSON or YAML format string that describes the + changes which must be applied to the final PodSpec object + before it is generated. You cannot set the patch_path and + patch in the same pod_spec configuration, otherwise an error + occurs. + type: string + patchFile: + description: Path to the file that defines the changes to apply + to the final PodSpec object before it is generated. The file + must be a JSON or YAML file. You cannot set the patch_path + and patch in the same pod_spec configuration, otherwise an + error occurs. + type: string + patchType: + description: The strategy the runner uses to apply the specified + changes to the PodSpec object generated by GitLab Runner. + The accepted values are merge, json, and strategic (default + value). + type: string + required: + - name + - patchType + type: object + type: array + protected: + description: Specify whether the runner should only run protected + branches. Defaults to false. + type: boolean + runUntagged: + description: Specify if jobs without tags should be run. If not specified, + runner will default to true if no tags were specified. In other + case it will default to false. + type: boolean + runnerImage: + description: If specified, overrides the default GitLab Runner image. + Default is the Runner image the operator was bundled with. + type: string + s3: + description: options used to setup S3 object store as GitLab Runner + Cache + properties: + bucket: + description: Name of the bucket in which the cache will be stored + type: string + credentials: + description: Name of the secret containing the 'accesskey' and + 'secretkey' used to access the object storage + type: string + insecure: + description: Use insecure connections or HTTP + type: boolean + location: + description: Name of the S3 region in use + type: string + server: + type: string + type: object + serviceaccount: + description: allow user to override service account used by GitLab + Runner + type: string + tags: + description: 'List of comma separated tags to be applied to the runner + More info: https://docs.gitlab.com/ee/ci/runners/#use-tags-to-limit-the-number-of-jobs-using-the-runner' + type: string + token: + description: Name of secret containing the 'runner-registration-token' + key used to register the runner + type: string + required: + - gitlabUrl + - token + type: object + status: + description: Most recently observed status of the GitLab Runner. It is + read-only to the user + properties: + message: + description: Additional information of GitLab Runner registration + type: string + phase: + description: Reports status of the GitLab Runner instance + type: string + registration: + description: Reports status of GitLab Runner registration + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-role_rbac.authorization.k8s.io_v1_role.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-role_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..47f02107868 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-role_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: gitlab-runner-app-role +rules: +- apiGroups: + - "" + resources: + - secrets + - pods + - services + - services/status + - services/proxy + - services/finalizers + - pods/attach + - pods/exec + - pods/log + - persistentvolumeclaims + - configmaps + verbs: + - create + - get + - list + - watch + - delete + - patch + - update diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 00000000000..2d67d3e1885 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-app-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + name: gitlab-runner-app-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gitlab-runner-app-role +subjects: +- kind: ServiceAccount + name: gitlab-runner-sa + namespace: gitlab-runner-system diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-controller-manager-metrics-service_v1_service.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..e7ee96b58dd --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: controller-manager + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: gitlab-runner-operator + name: gitlab-runner-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + app.kubernetes.io/name: gitlab-runner-operator +status: + loadBalancer: {} diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-manager-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-manager-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 00000000000..53bd81b7b22 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-manager-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + name: gitlab-runner-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: gitlab-runner-system diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..a95da2b8f1a --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: gitlab-runner-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-operator.clusterserviceversion.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..f42aee9629e --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-operator.clusterserviceversion.yaml @@ -0,0 +1,623 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "apps.gitlab.com/v1beta2", + "kind": "Runner", + "metadata": { + "name": "example" + }, + "spec": { + "gitlabUrl": "https://gitlab.com", + "imagePullPolicy": "Always", + "tags": "openshift, test", + "token": "gitlab-dev-runner-secret" + } + } + ] + capabilities: Deep Insights + categories: Integration & Delivery, Developer Tools + certified: "false" + containerImage: registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/gitlab-runner-operator:v1.18.0 + createdAt: "2023-10-05T14:06:19Z" + description: GitLab Runner operator manages lifecycle of GitLab Runner instances + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.operatorframework.io/builder: operator-sdk-v1.25.2 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator + support: GitLab, Inc. + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.ppc64le: supported + name: gitlab-runner-operator.v1.18.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Runner is the open source project used to run your jobs and send the results back to GitLab + displayName: GitLab Runner + kind: Runner + name: runners.apps.gitlab.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Deployment + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: Pod + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Option to limit the number of jobs globally that can run concurrently. The operator sets this to 10, if not specified + displayName: Concurrent + path: concurrent + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The fully qualified domain name for the GitLab instance. For example, https://gitlab.example.com + displayName: GitLab URL + path: gitlabUrl + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Option to define the number of seconds between checks for new jobs. This is set to a default of 30s by operator if not set + displayName: Check Interval + path: interval + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: 'List of comma separated tags to be applied to the runner More info: https://docs.gitlab.com/ee/ci/runners/#use-tags-to-limit-the-number-of-jobs-using-the-runner' + displayName: Tags + path: tags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of secret containing the 'runner-registration-token' key used to register the runner + displayName: Registration Token + path: token + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + statusDescriptors: + - description: Additional information of GitLab Runner registration + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Reports status of the GitLab Runner instance + displayName: Phase + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Reports status of GitLab Runner registration + displayName: Registration + path: registration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1beta2 + description: | + GitLab Runner is the lightweight, highly-scalable agent that runs your build jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab. + + The GitLab Runner operator manages the lifecycle of GitLab Runner in Kubernetes or Openshift clusters. The operator aims to automate the tasks needed to run your CI/CD jobs in your container orchestration platform. + + ## Prerequisites + + For Kubernetes cluster, install cert-manager: + + ```shell + kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.yaml + ``` + + ## GitLab Runner version + + This version of **GitLab Runner Operator** ships with **GitLab Runner v16.4.0**. + + To use a different version of **GitLab Runner** change the [`runnerImage` and `helperImage` properties](https://docs.gitlab.com/runner/configuration/configuring_runner_operator.html#operator-properties). + + ## Usage + + To link a GitLab Runner instance to a self-hosted GitLab instance or the hosted [GitLab](https://gitlab.com), you first need to: + + 1. Create a secret containing the `runner-registration-token` from your GitLab project. + + ``` + cat > gitlab-runner-secret.yml << EOF + apiVersion: v1 + kind: Secret + metadata: + name: gitlab-runner-secret + type: Opaque + stringData: + runner-registration-token: REPLACE_ME # your project runner secret + EOF + ``` + + ``` + oc apply -f gitlab-runner-secret.yml + ``` + + 2. Create the Custom Resource Definition (CRD) file and include the following information. The tags value must be openshift for the job to run. + + ``` + cat > gitlab-runner.yml << EOF + apiVersion: apps.gitlab.com/v1beta2 + kind: Runner + metadata: + name: gitlab-runner + spec: + gitlabUrl: https://gitlab.example.com + buildImage: alpine + token: gitlab-runner-secret + tags: openshift + EOF + ``` + + ``` + oc apply -f gitlab-runner.yml + ``` + + ## Full documentation + + Visit [Install GitLab Runner Operator](https://docs.gitlab.com/runner/install/operator.html) + displayName: GitLab Runner + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABJQAAAReCAMAAAC2B5qlAAABDlBMVEVHcEzwWSfsUijpTSjnSyjiQynlSCnpTijtVSjxWyfvVyjvVyjvWCjsUyjkRSntUyjrUCjqTyjqUCjwWCfuVijmSSnlRyn1YSfwWCjrUSjuVCjqTijuVifrUijpTijsUijnSyjuVif0cifwWCj8oyb8oyb8jyb8bSb8iSb8jib8gSb0Xyf8lSb8oCb8dyb7ayb6aSb8nCb8cCb8jSb8kib8lib8iCb8fib8dCb8mSb8jCb8lCb8nSb8jCbuVSj8kib4ZSf8iyb8iyb8hSb8kSb8iibrUSj2Yyf8myb8iib8kCb8eyb8mib8kib8kCb8mCb8gCb8jib8lib8lyb8kCb8lCb8kSb8iSb8kCb8kCYx+jFhAAAAWnRSTlMALq/o////8cJKulc8pv+cz9zWZJL4+xAfkoficUrCuPB87f8Q////H5L//9////////+H////////cNb7ZP/P//9X/8BK///3PK//8y6m7y6c5+t8yLh8yN3b2h1aAAAhEElEQVR4AezdB24ryRWF4VI4yiKVKenl9/a/RyMZhZ6RQLftUddtfd8WiPSDXec2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT+vg8Og4ycnp2XkbFudnpydJjo8uDtqawcFRuqPLNiQuJz/TVVstuN5k4qwNiLNMbLZtpeAmf3XbhsNt/uqsrRIc5u/u2mC4y98dthWC+7zloQ2Fbd5y39YHHvOWp10bCLunvOWxrQ5s87brNhAO87ZtWxs4zdse20B4zNuO2srAQd5z3obBed7z3NYFrvOeszYMzvKebVsXOMp79FuBetNvrM5z3nfVGL7e9Bur/e/Nl3k1602/scp6028F6k2/od4S6xgF6i3ZtfVDvfl+sky9JS9t3VBv3Wkbjw9c1zzpALtEvxX9wLXbtNWAh0S/Vf3AtXttawFfEv1Wp97W32+wSVfgwzz1tvJ+g9d0VT7MU2/r7zeMPvswr0C96TfU2zj9pt70G+qtUr+pt+RrWzfUW/eljUa9rfb4DDxlv82usajdJvs9tRWAr9lj9FNLPnDtLlt9cJfU7jcfuHY3bR1Qb1X+2FFv6+83uEznw7wC9bb2foObdD7MK1Bv+g31Nka/qTf9hnor12/qLfnWykO91e839dZ9b+XhPsbw/cbuJNFvuI9R7GGVD1zdDmUNfqSr87DKB65uh6LehEGBv0jr3w6Fq8xx34am3ur3GxymK/BhnnrTb6i3MfpNvek31Nu4D6vUm9uhqLc6/abe3A6l/sJq/X5TbxM/W124jzF+v3GfuZ5bTXCduc4aH+4sc21bTXCUzh871f8irX87FJ4z33kblOeJ9fsNtpnvR2OBetNvqLcC/abe9BvqrcbDKvWW7Fp5qLf6D6vUW/fSikO91e839Vb/dijuY5ToN/Wm33AfY5x+4yIzlL49A7f575y2AXmeWP/2DPR6qz+M4Xli/dsz8JquwDCG54n6DfVW4cM89abfUG8eVg1Vb/oN9eZhVYl6S341qF9v+q1IvbkdioVV/TZSvek33Mco02+eJ3ZfG9Rxk9TvN88T3Z5BvVXoN88T3Z6hnsv8bx7aojxPdHsG9WYYYwFfEv2GevPHTrl602+oNw+rhqo3/YZ687CqRL0l3xvUX1jVb1XqTb9hYVW/Fau35FuDCn4klfrN80T9hnrTbwM4yXxuz1DSVbL2fvM80e0ZKjlMZxhjWHeZcnsG9eaPnQofuOo31JsP8xaoN/2GevOwqkC96TcsrOq3YvWW/GxQf2FVv9WoN7dDcR9Dvw1Qb26HYmFVvy3gOPPZLqak50S/VR6XsV2M+xj6bQFnmXJ7BvWm36p94KrfUG/JeWOAcRn9hnrzYd4C9abfsLDqYVWBenN7BgurHlZVq7dk16D+wqp+K19v3UuD+gur+q1+vek3Ctgkn6bfjMt0DQb1mhTrN88TbRej3vRbgXEZt2dQb/qtwLiM2zOoN8MYQ9SbfsNGj4dVA9WbfsPCqodVBepNv1HAfToPqz5VvSVfG4znJtFvxevN7VDUm34rMC6j37Cwqt+KjMt09w0q1Jt+KzAuY7sY9abfCozL2C5Gvem3AcZl3J7BRo9hjAL1pt+w0TPVWLre9BsWVj2sKlZvybcGIzlM52HVJ6y35HuDAvXmw7wC9abfsLCq3wqMy+g31Jt+G2Aa1HYx6m2AfvOBq+1i1NsS/cbXTNguRr0V6TfToPoNGz31+029JT9bfVhYrT+Mod66g1YANnqqPaxSb/Vvz8BRugIf5qk3/YaF1QLDGOpNv6Heluk306D6DfWm3wZwnAnbxai3Av1mXMZ2MeqtQL+ZBrVdjI0e/TbA80T9ho2e6sMY6i3ZtfKw0VN/2FC9dS+tAGz01BnGUG/1b89Ar7cCwxjqTb+h3goMY6g3/YZ6K9BvxmX0G+qtQL8Zl7F9hXr7n/uN60zYLsZGT4F+U2+2i7HRU2AYQ73V6je4z4RhDPWWfG0wzEaPYUP1ltw1GKDe9Jt6028M4DJdpWEM9abfUG+GMQaoN/2GejNsOIDnTTrbV6i3pfuNh0zYLsYrzwL9ZhrUdjE2egr0m2lQ/YaNnqrDGOpNvzGAw3SGMdSb7WKGqjfDhupt6X6Dq0S/qbcCt2dQb+WGMdSbfkO91X9Ypd70G+rNsOF8vzJhuxivPAv0m2lQ28V45Vm53zxPtF2MjZ6JX+0/xtfkk/QbbNMZxlBvtosXx1Gi39Sb7WKG8ZwJw4bqzXYxA9SbflNv+g31Nr/f1Jt+Q70ZxhjCfaLf8MqzwLChaVDbxXjlWeBhleeJhbeLYRP9ZhrUdjHjeE1nGEO92b5aHLeJflNvtotRb4YNx6k328Wot/n9pt70G+qtYL+pN/2Geqvfb+pNv2FhdeJHY4+LRL/hladhQ9OgtosZ4JWnYUPToAu+nYbLTBimd9hh2dszcJPOMIZ6s32FejOMMaPe9BvqzbCherNdvDD1pt/Um35Dvem3ffWm31Bv+k29LdxveOVp2FC92S7GK0/DhvvtNulW/XYarjJhmN5hB9vFy+Iw0W8OO9i+Qr0Zxphfb/oN9WYYQ73ZvmKQejNsqN70G+pNv+2vN/2GetNv6k2/seB3wvpNvek3fCes3/Y4yQyVt4vhOVOGDYf0NTOU3i6GbSYM0zvsYLt4WRylM4xhXMb2FerNMMbMerN9hXozbKjebF8tSb3pN/Wm31Bv+m1Pvek3fCes39SbfsN3wm/2G8fJJ+k32ES/Oexgu5hxvCb6zWEH28WM4zb7GMYwLmO7GPVmmH7iPP/m7TTqzTCGerN9hXrTb3vqzfYV6s2woXr7gH6DX4l+U2/6Dd8Jz+839abf8MpTvznssF8aLPCdsH5zlu9DtovhJtFvDjvYLka9Gaaf4yCdt9OoN8P0zvJ5O416M4wxYL15O41668OG6k2/4Tthw4bqTb/hO2H9tq/e9Bu+E9Zv6k2/4Tth/dZtM777Bh/5nbB+c5Zvj5v2SaDeot92m3S+vUe96Tdn+bydRr0Zxhj1LJ+306i3ZKfe9Bv+aTZsqN70G74T1m976k2/4Z9m/abePqzf4DlVvDjLp9/wnbB+c5Zvph8NFq83/WZcpntssP56029f0/n2HvWm35zl8+096q3r1Fu8nWbtdqnkq3rTb/hO2LCheptJv/G/+P2nlJ+f1J9Sfjf4F3v3ldW4/2xRvB5oHnn9DYA+FhjLgAAbB3LOnXv+M7m3w/pXJ5IsyyV/92cOhL10pCrtrVpZkyy8SdJC1iQtrRhQ1qrUzhpk7U2S1rIGaUurBpTVkfJu1hzrb5K0kTVHV1LHUBZySZsF/RbbYtYcxaakvOz2HtjSN9v0W2zLWXPs6JstKw3U2zc9+q0a1FtPEv2GCeT6oU+/VYF66+uH3MoD9fZNvps1xTL1FtduLol+w8T19s2gyBpig3oLqxhIqqLfQL1JDdpQLlJvUbUk0W+YxFBObfqNeptMW65UvwEj/apLv1Fvk+jK0W+YuN7Cbijpt6WsGYpcvxob8Gp7+t0O/RbRfqNWk25owGsd6A89+i2gw6wRjvSHkQGvNdaf+vRbOdRbX45+KwnHchNtKOk36q2b6y/HVhqot4ZtKA+pt7irSXdgpYF6a9qGcol6C7uapN+qQb25k6wB9qm3UE7k6LfScKp/69Jv1Fv51ST9VhXqzeUF/Ua9lV1N0m/l4UyP2aHf4jjP4hvI0W8Vot7cEf0WxkUDV5Pu1F4OuNTj+vRbFOtZdG097tJeDLjSE/Iu/Ua9lV9NujN7KeBarokbygvqLe5q0l1bCaDemrmhpN5C2Jaj3ypCvTV0Q3lOvcVdTborKwHUW7kNJf1Gvd3I0W+Twa1cQzeU1Fu41ST9Vh7u9LwB/Ua9lVhN0m+l4F4u7IaSfluLv5qk32pAvbk2/Ua9lVtNugcDStRbyA0l/bbQ4NWke2fA897LldlQ0m/UW7Gpl7k34Hkf9ELbWWDr1Fvc1aT7aMCzVuSavKFcoN5mpqcXW7HJgXpzN1lca9Rb3NWke29ARfX2yIaSfqPednO93AcDnvFWrzGg36g356tJ+g3VWdWrHNFvv6PeWnL0GyrQkQu7oaTfNuKvJuk3VF5vcTeU9Nti41eT7j8Dqqg3t1nQb7Vbbvxq0q0aUEW9Od9Q0m/U245erWPAU3K9Xi8LapF6C7uadDn9hqdsyTV/Q7lMvdWrrzK2DKim3ly+m4W0Qb0FWE3W12+g3twgo9+ot2KgUnIDHvVJJbXoN+qtJUe/oSIjldVOvd+ot7Yc/Ybq6y3uhpJ+W8oi6srRb6jKUC7shpJ+2w+7mgzQb6De3Db9VpPDOVlNupEB1dWb66Xbb9RbT5MYG/BPx5pMP9V+o976mszQAOcO5OZlQ3lIvdWgm2syBwY4N1Z5YY8uLVFv9awmY/QbqLf4G8p96i3uatIdG/C3z5pcO71+o95O5IL0G6g3102t36i3rhz9hiqdyYXdUNJv51kwRS5Hv6FKp6rEDv02VRcRV5MB+w3Um+ul1G8coTySC9VvoN5cP51+o976qsqZ/Q74IjdfG8oL6i3uatKd2u+AS7k521BSb3FXk+7SfgNcyc3bhvKcepuSbVXoyoBfXatKJ/RbCvV2oipd26+AW1WqS7/Nf73dyNFvqNqdqpUX9FuAeguymqTfUMK9XNgNJf22lgUykKPfwqLe3BH9Nt/1diRHvwVGvbk+/Va1hfgHlei3cKg3l3fpt4qtxV9N0m8hUG/xN5Tr1Fvc1aR7sJ+AFbn53FAuUG9xV5Punf0AvJebzw3lGvVWpZ6m495+AD5oSrr02zzW242m5IN9B7zVtOQF/TZ/9baba1pW7BtgVVMzoN/mr94Gmpr39g3QkQu7oaTfNuIfVKLf4qLeXJt+q8Zi/NUk/VY96i3uhpJ+W46/mqTfIqPe3KCg3+an3opNOfqtUag3t52FsEi9hV1Nuvw/A1bl5nlDuUy9xV1NulUDOpq6myyADeot7mrSdQzI5aJuKOm3xfleTbrckodPqsGAfpuDeisGqsGWpQ4j1eGIfmt+vbVUB/oNuVzUDSX9tjTnq0lHv2EoF3ZDSb/tB1hNytFvzUW9uc2CfivvMMhqkn5rPurNbdNvTa63HTn6rdGoN9ej35pbbz3V56s5UG/zvaE8pN5K6qtGI0sZxqpRvpvN2BL1FnY16caWMBzLpbCh3Kfe4q4m3dDShQPVq0W/NbHeWqrXgYF6q02bfmtevZ2oLvQbzuTCbijpt/NEVpPu2FKFU7mwG0r67SKbpSJX7Q4M1Jvibijpt/V4q0n6rfmoN9ej35pUb0eqGf1GvdWvn83QBfUWdzVJv2Esl8yGknqLc1DpcZcG6q16QY8unVNvcVeT7sxShGvNSot+a0a9tTQrp5YiXMoltKGk3oKuJuk33GmGuvH7jXq70QxdWXpwLxd2Q0m/rSW1mnTXlh7capZ2ovcb9TbQrNBv1FvcDSX9tpDYapJ+o95mqB+536i3tmpGv+GjXFobynXqLe5q0j1YaiCX2oZygXqLu5p0lhjsyaW2oVyj3p6zrbrxUVy8VwAnMfuNejtRAPcGvhAQbUNJvy2ks5rkTRMcKIK8iNdv1FuRK4KOgYdv0TaU9NtGOqtJHr/hQTEc0W+PW0zo0wD8UsJHBdGn3x61nNBqkl9KGCmIvBup36i3bq4gOgaeviW0oVyk3v6t2FQUpwZefUtoQ7lMvQVbTfLyG4ZyCW4oN6i3f+ppVlh0460C6cboN+rtRoFYanCrOPIiQr9Rb7u54ri11OCLAhlE6DfqbaBAri01uFIkR/Tbn5aSXU3y5Un6LYQ2/faH/dRWk0wnsSoXb0NJvx1m9eoqlC1LEMZyCW4oF6m3YKtJjpngk0LZnmW/UW87CuWTgZdyk9tQHlJv0VaT7qOlCXe5QrnJarVEvf1PX6Hkd5YobMmlt6Hcp958NUm8ObCgdIOZ9Bv1VgwUBbtJdBRxQ0m/LSW8mtTIwG+laBtK+u083dWkDgyJuw+4oaTfLtJdTd4bkjfMFchmQb/9v/W0Diq5fM8AW/mY6oZyn3oLtpr8sGLfANcKpJfV5oJ6y45CphtwfJnmhpJ66yuOy2MDPOH+j737Sk7j+eIo3g8Uj7x6AXg0GNQDjIgSJigQnbP3v5B/Dj9ZqRl6boc5n118q07de554Q09SKeuqr7dMJ964eq0qD/dc6Ao2lJv411so1aS+UMAfdtsKPl2Kf70FUk2+e68eAm6r11CuK73ebng8CZIl+YYywP3WCaSaFIiTgNaXqjWU4a83kWqSOAkkS4Pq7rdatapJTZwUCJKlkdv9Fv96WxEnIRStq8QL41RCt6rrrZ14YUGcJIBkKayGslbN9ZZp4iSEZPeuOk+XOuGvt2CryY/icRJIlgJoKLuVXG+DxAM/FBBastSu4H6rVaWanBEnIcRkKYt/v7lYb4fEvfOWAgJMlvp55fZbz+dqkjgJJEvDqu23elq+qfs46U4BoSZLo4rtt6bn1SRxEkiWxtXab734q0n9TQHyyVJQDWW9Sust08RJIFnyvaFsVmi95X3iJJAsed9Q9iq03gbESacDydKN/H6Ldb2NiJNsAMlSVpX91oy6mtSfFSJBsqRz+f0W43qbaOIkxKO1cN9QRr/fGjFXkwuFmJAsrSqx3+YhP1QiTpKH3Uf3DWXc+20ZbTX5saUQGZIlncW/3xqhV5PESfJwOYu0oWzGu97cV5OzayUMJEvhN5TL6NfbgDgJsdrrKBvKRuTrbUScBJKlsBrKedzrbUychJi9XkTYUC7DX2/i1SRxEkiWpjHvt0Y8D5WIk+ThvaNkaRXxflsHWE0SJ4FkqR3vfttEVU0SJ8nD21lkDWUj1ieUGXESSJaCbCjnka63vE+chMr4oBN5g7Qkm0jX2zCRp9+o2IFkSaChjHO9jVzESTsFVClZOqTlWMe43lxUk98VUK1kSecR7rdNNKcB9KUCqpYsTSPcb91YqsmvLQVUL1laRbff1rFUk3sFVDJZase23zppGW6Ik0CyFHZDGdl6y4iTxIBkqZ9Htd9qaQlyTZwEkqXAG8pNVOttSJwkCSRLo9S+bkzrbUWcBJIlHXxDWYtnvY2JkwDVEk2W9CS1rhPNess0cRIgnSxNo9lv3bKqSeIk4HoW9tOlWiTrbUCcBLhIltpx7LdOmdUkcRLwWcs3lGHvt15q2SERoy8UQLJUZkPpYL/Vy64miZOAhXxDGfB+a6aWTRMptwoIxDcdakPZC3+9rYiTAJfJ0ji1qx76emsnQr60FBCSH4E2lM3A11umiZMAt8nSNA97v/WCrCa3xEkIUOs8yIayHvR6E6omr5huIFkSayib8utNqpokTgLuZJKlLOD91guvmnxHnASSJamGUn6/NVKLJtqPOAkgWRoGu9/m0tUkcRIgkiyNQt1vS/mHSsRJwI/AGspGmOut7VGcBJAs6UmQ+20eVDVJnASSJTcN5TLE9Zb3k7ItmG4gWXLUUDYCXG8D3+IkgGTpJrVlHt56GyUl+0icBJIldw3lMrj1dvAwTgJIlnQe2H5rhFJNzgrFSQDJ0jCw/bZ2fRqAOAnYJ6VahbXfNkFUk5o4CSRL7hvKRkhPKNvexkkAyZLO3O836fWWScdJAMmSfEO5cbbe5KtJ4iRgt/W/oQxnvQ2Jk4DTLbxvKNehrLcRcZINwKX2vKHcBLLexsRJdgCtr543lGGst4n2P04CSJamQey3tVA16T5OAkiWViHst45UNek+TgJIltoB7Leuxw+VFq9UNQFvtKOG0v1+q/lZTRIngWTJ24Zy4/t6y3VJcVJLVRnwPSnFID1V1/f1NpSMkwCSJfcNZc3v9bYqJ066VkA5SJYO6Yk6Xq+3MXESEFiypHOf91vXx4dK+rMCUF6yNPV4v9XEq0n3cRJAsrTyd791PKwmFwpAyclS29v91pOvJt3HSQDJks483W91F9Wk+zgJIFnq537ut6ZANSkQJwEkS8INZc/P9TYlTgLCTZZG6SnqPq63lWCcBGDvVUPZ9HC9tYmTgKCTJT3xb7/1PKomt3cKgGiyNPVuv9VPqibF4yQAF9qbp0tN39bbILFJ/1QA5JOlttB+E1hvN27iJAC38g2l2H5rpIUdEpt+KDcAkqV+7tN+m59eTcrHSQBaX+QbSpn9tvSimjw/droB2HvRUDb8WW9nbuMkANfbxJqx8H4rYb21XcdJAFpX7hvKpS/rLdMexkkAyZL806WGH+st7/sQJwHYvXPdUM79WG8DT+IkALeOG8qlF+ttlFiyV74ASJYyD/ZbQ6iaJE4CAkiW+rn7/bZOi5joGOMkgGRp6H6/bRxWk/qN8gtAsjRyvt+67qrJ7U75BiBZGjveb2t31eQvBUAgWZJoKDdu11uWWKAvFQCBZEmmoSxhvQlXk19byj4At44ayrXL9TaMO04CSJZuHO63jZNqcisQJwEkS6INpbv1No4+TgJIlnTuar+t5atJ4iQggGRp6Gq/deQfKhEnASEkSytH+60rXk0SJwFhJEtjJ/utJlNNysdJAHYfhZ8ubVyst4w4CQjHrWxD2XWw3vI+cRIQkMuZaENZk19vQ+IkILBkSbKh7Iivt1VyiiumGyBvr+Uayq70ehtXLE4CSJZ0LrvfanIPld45ipMAvF4kxU1l91tHrJokTgICTZZWovutJ1RNzpzGSQDen5AstQX3Wz09wk0l4ySAZElncvutKVJN6r1yDsDbmURD2RNbb7muapwEkCwNUnN1qfU2JE4CgvdBl99QNgXW2ynVpL5QAMJPlg6l7LcT1lu70nESQLKkc4n9Vi+9mrxVcQBIlqYS+61pXk0SJwFVT5ZW5vut/PU2SIr40lLxAEiW2qXvt4Z5NUmcBJAs6azs/TZPzRyIk/4BIFnq5yXvt2WJ1eTVKwUgtmTJtKFslLvepsRJAMnSv41K3W/z0qrJd58UgCiTJbOGclnmemsTJwEkS/+jJ+Xtt0ZJ1eTsrQIQbbJk1lDOLaw3k2qSOAkgWTorbb8ty6gm9QcFICjXxyZL7bL2W2pgRJwEkCyZNJQW9tvavJokTgLi9llbbygL7LdN+qKJJk4CSJaKNZSNMp5QTomTgKpY2G4o5yWstzPiJKA6vh21jMbpSzb211ubOAmoktZHuw2l9fWWaeIkoFp+WH26tLa83vI+cdLTAJKlM8v7bWOxmtzeqSgAaJ1bbCjtrrcRcdLzAJKlzOZ+q6XPG5tPt58qIgDutuYNpcX91rFVTX4kTqoskCwNLe63rqXTAD9UdQEkSyNr+61moZokTgJIlsa29lvHSjV53lJxAvDDxsGArqX1lhEnAbieWWgoa8XXm3k1SZwEkCyZNpQdK+ttmJhYECf9E0CydGNjv3WLV5PESQDJknlDWTt9vY2Jk44CkCzp3GC/FV5vmSZOOg5AsjQ8eb/1DKtJ4iQAJsnS6sT9VjevJomTAPwwbCiL77dm+pSbl8fjZwWAZMm4oeydtN4y4iQA5smSUUNZP2G95Tp5wS/iJIBk6biGsnnCehsSJz0BwG5bsKHsFV9vq+R5X5+OkwCQLB2K7rd6kWqSOAnApS7UUDYN1luBanL7fJwEgGRpWnC/Lc2ryXtxEgDsjRtK8/3WMKkmiZMAFEiW2kX229ygmjSIkwCQLBk2lL0C6+1gGCcBwBt9bEPZOHq95dpGnASAZGmQPmJ+9HqbHhEnAcD34xrK5bHrbWUrTgJAsnQ4br81jnqotL1WjwCA1leDhtJkv82PqSZ/txQAHJksTY/ab0vzalK/UQBwfLJ0dsx+Sx8YJI97R5wEoFiy1Dbfb2vjavKXAoBiyZLOjPfbxrCanBEnASieLPVz0/3WTe+b6MfjpJYCgOLJ0sBwv62NqklNnATgxGRplN63MVtvZxbiJAAkSwYNpdF6a5cUJwEgWdKT9J61wXrLdFlxEgCSpanBfru/3vK+xTgJAMnS8w3ly+ttYC1OAoAL/VhD+fx+q6V/NSo1TgJAsqSzF/Zb5141aTdOAoDb5xvK59fbRJcdJwEgWRo+t9/urbd8aj1OAoDWl2cays1z6+3szzjplQIA+8nSOP2f7jPrrV1OnAQA19snG8rak+st+yNO2ilLAKB19dTTpc5T6y3vlxknASBZeryh7D613ob34qRLZRUA7N493lDWHl9vI8k4CQDJUvbnfru/3sbJ/+m9AoCSk6V+/th+692rJuXiJAAkS8NH9lv9kWrySiROAkCyNHq435p/qSb/3t492AgQBGAYnejiLeJs27b7L+ZujQKW70WLCv7ky0y7cRIgWcobyu36eqtVk+/fAaClZCk/MGCmsd42u4iTAMlS3lDO1dfbbv77/CK0CZAsLdb323ZeTXYTJwGSpbtyv+Xr7Sbbdp8BoPVkabOy3+Yq1eTzQwBoP1na2C3323V+oVJncRIgWToo9ltUVJMbewGgo2TpJt9vl3k1KU4COkyW4oZyO1tvd/H7fQDoMFmKG8ooWW+bHcdJAC9fSUN5Ga+3uJr8FScBnSdLi0vX8Xo76UGcBHB6/t9QRtHSjTgJ6Euy9HZ5udqXOAngdWd7d6c3cRLA7eKNOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/gAkfH+FBWMSNQAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - runners + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - runners/finalizers + verbs: + - delete + - patch + - update + - apiGroups: + - apps.gitlab.com + resources: + - runners/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/attach + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/proxy + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: default + deployments: + - label: + app.kubernetes.io/component: controller-manager + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: gitlab-runner-operator + name: gitlab-runner-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gitlab-runner-operator + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/component: controller-manager + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: gitlab-runner-operator + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + resources: {} + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + command: + - /manager + env: + - name: ENABLE_WEBHOOK + value: "false" + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.operatorNamespace'] + - name: WATCH_NAMESPACES + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + image: registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/gitlab-runner-operator:v1.18.0 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + resources: + limits: + cpu: 150m + memory: 300Mi + requests: + cpu: 100m + memory: 180Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: default + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - GitLab + - CI/CD + - DevOps + - SAST + - DAST + links: + - name: Gitlab Runner Operator + url: https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator + - name: GitLab Docs + url: https://docs.gitlab.com + - name: GitLab Runner + url: https://docs.gitlab.com/runner/ + - name: GitLab CI/CD + url: https://docs.gitlab.com/ee/ci/quick_start/ + maintainers: + - email: support@gitlab.com + name: Georgi N. Georgiev + maturity: stable + minKubeVersion: 1.21.0 + provider: + name: GitLab, Inc. + version: 1.18.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - runners.apps.gitlab.com + deploymentName: gitlab-runner-controller-manager + generateName: crunners.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1beta1 + - v1 + containerPort: 443 + deploymentName: gitlab-runner-controller-manager + failurePolicy: Fail + generateName: mrunner.kb.io + rules: + - apiGroups: + - apps.gitlab.com + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - runners + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-apps-gitlab-com-v1beta2-runner + - admissionReviewVersions: + - v1beta1 + - v1 + containerPort: 443 + deploymentName: gitlab-runner-controller-manager + failurePolicy: Fail + generateName: vrunner.kb.io + rules: + - apiGroups: + - apps.gitlab.com + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - runners + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-apps-gitlab-com-v1beta2-runner + replaces: gitlab-runner-operator.v1.17.0 diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-sa_v1_serviceaccount.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-sa_v1_serviceaccount.yaml new file mode 100644 index 00000000000..53618a0d22f --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-sa_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: gitlab-runner-sa diff --git a/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-webhook-service_v1_service.yaml b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..1a9e67bd84b --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/manifests/gitlab-runner-webhook-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: controller-manager + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: gitlab-runner-operator + name: gitlab-runner-webhook-service +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app.kubernetes.io/name: gitlab-runner-operator +status: + loadBalancer: {} diff --git a/operators/gitlab-runner-operator/1.18.0/metadata/annotations.yaml b/operators/gitlab-runner-operator/1.18.0/metadata/annotations.yaml new file mode 100644 index 00000000000..8add9bc3a55 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: gitlab-runner-operator + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/gitlab-runner-operator/1.18.0/tests/scorecard/config.yaml b/operators/gitlab-runner-operator/1.18.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..ffc0447e073 --- /dev/null +++ b/operators/gitlab-runner-operator/1.18.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}