Orchestrating GitLab Runner Deployments via Kubernetes Helm Charts

Published by TechMarmot Editorail Staff on | Category GitLab CI

The orchestration of continuous integration and continuous delivery (CI/CD) pipelines within a Kubernetes ecosystem requires a robust, scalable, and highly available execution engine. The GitLab Runner serves as this critical execution agent, and when operating within a containerized environment, the most efficient and standardized method for deployment is through the official GitLab Runner Helm chart. This deployment mechanism is not merely a script but a sophisticated configuration layer that abstracts the complexities of Kubernetes resource management. By utilizing the Helm chart, engineers can automate the lifecycle of the GitLab Runner, ensuring that the runner is configured to utilize the Kubernetes executor. This specific executor type is fundamental to modern DevOps workflows because it possesses the ability to provision a discrete, ephemeral pod within a designated Kubernetes namespace for every individual CI/CD job that enters the queue. The consequence of this architectural choice is a high degree of isolation and resource efficiency, as pods are created on-demand and destroyed upon job completion, preventing leftover artifacts or configuration drift from affecting subsequent pipeline runs.

The deployment model via Helm is available across the entire spectrum of GitLab's service offerings, ensuring that whether an organization is utilizing GitLab.com, a GitLab Self-Managed instance, or a GitLab Dedicated environment, the deployment methodology remains consistent. This consistency allows DevOps professionals to maintain a unified deployment strategy across different hosting tiers, which include Free, Premium, and Ultimate levels. The impact of this-tier-agnostic deployment capability is the ability for organizations to scale their infrastructure and feature sets without needing to fundamentally redesign their Kubernetes deployment manifests.

Deployment Architecture and the Kubernetes Executor

The GitLab Runner Helm chart acts as the authoritative configuration template for injecting the runner agent into a Kubernetes cluster. The core functionality of this chart is centered around the configuration of the Kubernetes executor. This executor is the engine that interfaces directly with the Kubernetes API to manage the lifecycle of job-specific pods.

The operational mechanics of this architecture can be broken down into several critical components:

  • Kubernetes Executor Configuration: The chart automates the setup of the runner to communicate with the Kubernetes API server to request new pod resources.
  • Namespace-Based Provisioning: Every job is assigned to a specific Kubernetes namespace, which provides a logical boundary for resource management, security policies, and network isolation.
  • Ephemeral Pod Lifecycle: The creation of a new pod for each job ensures that each pipeline execution begins from a clean state, mitigating the risk of "poisoned" build environments where residual files from previous runs could cause false positives or negatives in testing.

The following table illustrates the relationship between the deployment tier and the deployment environment:

GitLab Offering Deployment Method Primary Executor Target Environment
GitLab.com Helm Chart Kubernetes Executor Kubernetes Cluster
GitLab Self-Managed Helm Chart Kubernetes Executor Kubernetes Cluster
GitLab Dedicated Helm Chart Kubernetes Executor Kubernetes Cluster

Pre-installation Prerequisites and Environment Setup

Before executing any deployment commands, several technical prerequisites must be satisfied to ensure the integrity of the installation process. Failure to meet these requirements can lead to deployment failures or, more dangerously, a partially configured runner that cannot successfully communicate with the GitLab instance.

The local environment must meet the following criteria:

  • Local Helm Client: The Helm client must be installed and functional on the machine from which the deployment commands are being issued.
  • Configuration Readiness: A properly structured values.yaml file must be prepared, containing all the custom parameters required for your specific cluster architecture.
  • Kubernetes Access: The user must have authenticated access to the target Kubernetes cluster with sufficient permissions to create namespaces, service accounts, and pods.

The values.yaml file serves as the single source of deployment truth. It is the central repository for all configuration changes, ranging from resource limits and requests to image pull secrets and environment variables. Managing changes within this file allows for version-controlled infrastructure, which is a cornerstone of GitOps methodologies.

Step-by-Step Installation Procedure

The installation of the GitLab Runner via Helm follows a precise sequence of commands. This process begins with the integration of the official GitLab Helm repository into your local Helm configuration.

The initial setup steps are as follows:

  1. Add the GitLab Helm repository to your local environment:
    helm repo add gitlab https://charts.gitlab.io

  2. If you are operating within a legacy environment utilizing Helm 2, you must initialize the Helm client:
    helm init

  3. Verify the availability of various GitLab Runner versions to ensure compatibility with your existing GitLab instance:
    helm search repo -l gitlab/gitlab-runner

  4. If the local repository cache does not contain the most recent versions of the GitLab Runner chart, update the repository metadata:
    helm repo update gitlab

Once the repository is configured and updated, the installation can proceed. The installation command varies depending on whether your environment is running Helm 2 or Helm 3. It is imperative to use the correct syntax for your version to avoid deployment errors.

For users utilizing Helm 2, the installation command is:
helm install --namespace <NAMESPACE> --name gitlab-runner -f <CONFIG_VALUES_FILE> gitlab/gitlab-runner

For users utilizing Helm 3, the installation command is:
helm install --namespace <NAMESPACE> gitlab-runner -f <CONFIG_VALUES_FILE> gitlab/gitlab-runner

In these commands, the <NAMESPACE> placeholder must be replaced with the actual Kubernetes namespace where the runner should reside, and <CONFIG_VALUES_FILE> must be replaced with the path to your customized values.yaml file.

Version Management and Chart Discrepancies

A critical point of confusion for many engineers is the distinction between the version of the GitLab Runner application and the version of the Helm chart itself. These two entities follow independent versioning tracks. The application version (the version of the actual runner binary) and the chart version (the version of the Helm template) are not identical.

To understand the specific mappings between these versions, engineers must inspect the repository metadata. Using the following command for Helm 2:
helm search -l gitlab/gitlab-runner

Or for Helm 3:
helm search repo -l gitlab/gitlab-runner

The resulting output provides a detailed mapping, as demonstrated in the following structural example:

NAME CHART VERSION APP VERSION DESCRIPTION
gitlab/gitlab-runner 0.64.0 16.11.0 GitLab Runner
gitlab/gitlab-runner 0.63.0 16.10.0 GitLab Runner
gitlab/gitlab-runner 0.62.1 16.9.1 GitLab Runner
gitlab/gitlab-runner 0.62.0 16.9.0 GitLab Runner
gitlab/gitlab-runner 0.61.3 16.8.1 GitLab Runner

This distinction is vital when performing upgrades or-specific version installations. If a user needs to install a specific version of the Helm chart to maintain compatibility with a specific values.yaml configuration, they must utilize the --version flag during the installation process.

It is important to note that while you can install any version of the chart, there is a significant risk associated with using newer values.yaml configuration parameters with older chart versions. Recent changes in the chart's structure might not be recognized by older templates, leading to configuration silent failures or deployment-time errors.

To install a specific version of the chart:
helm install --version <RUNNER_HElem_CHART_VERSION> --namespace <NAMESPACE> gitlab-runner -f <CONFIG_VALUES_FILE> gitlab/gitlab-runner

Lifecycle Management: Upgrading and Uninstalling

The maintenance of a GitLab Runner deployment involves two primary lifecycle operations: upgrading the runner to a newer version and decommissioning the runner when it is no longer required.

Upgrade Procedures

Upgrading an existing GitLab Runner installation requires careful preparation. Before initiating an upgrade via Helm, the runner must be paused within the GitLab interface. This is a non-negotiable prerequisite.

The impact of failing to pause the runner is catastrophic for active pipelines; if the runner is upgraded while jobs are running, the underlying pods may lose connectivity to the GitLab coordinator, leading to job timeouts or orphaned processes in the Kubernetes cluster.

The upgrade process is as follows:

  1. Pause the runner in the GitLab UI.
  2. Ensure all currently running jobs have reached a terminal state (success, failed, or cancelled).
  3. Execute the upgrade command. To target a specific chart version, use the following:
    helm upgrade --version <RUNNER_HELM_CHART_VERSION> <RELEASE-NAME> gitlab/gitlab-runner -f <CONFIG_VALUES_FILE>

In this context, <RELEASE-NAME> refers to the name assigned to the chart during the initial installation (e.g., gitlab-runner).

Uninstallation Procedures

Removing a GitLab Runner from a Kubernetes cluster must be handled with the same level of care as an upgrade to prevent authorization errors or hung jobs.

The decommissioning workflow is:

  1. Pause the runner in the GitLab interface.
  2. Monitor the cluster to ensure all active jobs have completed.
  3. Execute the deletion command:
    helm delete --namespace <NAMESPACE> <RELEASE-NAME>

The <NAMESPACE> must be the exact namespace where the runner was originally installed, and <RELEASE-NAME> must be the name provided during the helm install phase.

Detailed Analysis of Deployment Components

The efficacy of the GitLab Runner Helm deployment lies in its modularity. Every component of the deployment is designed to be overridden via the values.yaml file, allowing for deep customization of the Kubernetes footprint.

The following analysis outlines the core components of the deployment:

  • Release Name: This is the unique identifier for the deployment within the Helm release list. It is used for all subsequent upgrade, upgrade, and delete operations.
  • Namespace: The logical isolation unit within Kubernetes. Proper namespace management is crucial for multi-tenant clusters where multiple runners might exist for different projects.
  • Configuration Values: The values.yaml file. This is the most complex part of the deployment, as it contains the logic for:
    • Image repositories and tags.
    • Resource requests and limits (CPU/Memory).
    • Service accounts and RBAC permissions.
    • Secret management for GitLab registration tokens.

The management of these components determines the stability of the CI/CD infrastructure. An incorrectly configured namespace can lead to permission denied errors when the runner attempts to spawn job pods, while an improperly defined resource limit in the values.yaml can lead to Kubernetes OOM (Out of Memory) kills, disrupting the entire delivery pipeline.

Sources

  1. GitLab Runner Helm chart Documentation

Related Posts