/circleci-runner-k8s

Repository with Helm charts to install CircleCI's runner on a Kubernetes cluster.

Primary LanguageSmartyApache License 2.0Apache-2.0

CircleCI Runner on Kubernetes

Repository with various files to install CircleCI's runner on Kubernetes via Helm chart.

Prerequisites

  • You must be on our Scale Plan or sign up for a trial. Reach out to our sales team to ask about both.
  • Generate a token and resource class for your runner. For each different type of runner you want to run, you will need to repeat these same steps.
    • For example, if you want ten runners that pull the same types of jobs or run the same parallel job based on availability, you only need to create one runner resource class. All ten runners would share the same token.
    • If you want to run ten separate runners that pull different jobs that do different things, we recommend creating ten different runner resource classes. Each one would have a different name and use a different token, and you would a copy of this Helm chart for each type of runner resource.
  • Have a Kubernetes cluster (and nodes) you would like to install the runner pod(s) in.

Setup

  1. Clone this repository.
  2. Modify values as needed in values.yaml:
Value Description Default
image.repository
image.tag
You can extend a custom Docker image from the CircleCI default runner and use that instead. circleci/runner
launch-agent
replicaCount The number of replicas of this runner you want in your cluster. Must currently be set and updated manually. See pending work 1
resourceClass The resource class you created for your runner. We recommend not inserting it into values.yaml directly and setting it when you install your chart instead. See next step. ""
runnerToken The token you created for your runner. We recommend not inserting it into values.yaml directly and setting it when you install your chart instead. See next step. ""
All other values Modify at your own discretion and risk. N/A
  1. Using the resource class name and token you created in the Prerequisites section, you'll want to set parameters as you install the Helm chart:
$ helm install "circleci-runner" ./ \
  --set runnerToken=$CIRCLECI_RUNNER_TOKEN \
  --set resourceClass=$CIRCLECI_RUNNER_RESOURCE_CLASS \
  --namespace your-namespace
  1. Call your runner class(es) in your job(s). Example:
version: 2.1

executors:
  my-runner:
    machine: true
    resource_class: my-namespace/my-runner-resource-class
  
workflows:
  my-workflow:
    jobs:
      - my-job

jobs:
  my-job:
    executor: my-runner
    steps:
      - checkout
      - run: echo "Hello from my custom runner!"

Setup with Optional Secret Creation

There may be cases where you do not want Helm to create the Secret resource for you. One case would be if you were using a GitOps deployment tool such as ArgoCD or Flux. In these cases you would need to create a secret manually in the same namespace and cluster where the Helm managed runner resources will be deployed.

  1. Create the secret
$ kubectl create secret generic config-values \
  --namespace your-namespace \
  --from-literal resourceClass=$CIRCLECI_RUNNER_RESOURCE_CLASS \
  --from-literal runnerToken=$CIRCLECI_RUNNER_TOKEN
  1. Install the Helm chart
$ helm install "circleci-runner" ./ \
  --set configSecret.create=false \
  --namespace your-namespace

Support Scope

  • Customers who modify the chart beyond values in values.yaml do so at their own risk. The type of support CircleCI provides for those customizations will be limited.

Reporting Issues

  • Customers are encouraged to open issues here to report bugs or problems, and open support tickets to receive specific help from support engineers.

Known Issues/Pending Work

  • Autoscaling is not yet implemented - for now, you'll need to manually modify the replicaCount in values.yaml and update the cluster and run:
$ helm upgrade "circleci-runner" ./ \
  --set runnerToken=$CIRCLECI_RUNNER_TOKEN \
  --set resourceClass=$CIRCLECI_RUNNER_RESOURCE_CLASS \
  --namespace your-namespace
  • Containers are not currently privileged, so you would not be able to execute privileged workloads (e.g., Docker in Docker).