SKIP UPDATE CHECK Update Ironbank to v17.1.0

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.66.0-bb.0] - 2024-07-17
+
+## Changed
+
+- Upgrade gitlab runner from 17.0.0 to 17.1.0:
+    - Make lifecycle options configurable in the deployment [upstream !473](https://gitlab.com/gitlab-org/charts/gitlab-runner/-/merge_requests/473)
+    - Add dedicated ServiceAccount configuration [upstream !415](https://gitlab.com/gitlab-org/charts/gitlab-runner/-/merge_requests/415/commits)
+    - Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner 17.0.0 -> 17.1.0
+    - Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper 17.0.0 -> 17.1.0
+
+
 ## [0.65.0-bb.3] - 2024-07-01
 
 ### Fixed

README.md

 # gitlab-runner
 
-![Version: 0.65.0-bb.3](https://img.shields.io/badge/Version-0.65.0--bb.3-informational?style=flat-square) ![AppVersion: 17.0.0](https://img.shields.io/badge/AppVersion-17.0.0-informational?style=flat-square)
+![Version: 0.66.0-bb.0](https://img.shields.io/badge/Version-0.66.0--bb.0-informational?style=flat-square) ![AppVersion: 17.1.0](https://img.shields.io/badge/AppVersion-17.1.0-informational?style=flat-square)
 
 GitLab Runner
 
@@ -38,7 +38,7 @@ helm install gitlab-runner chart/
 |-----|------|---------|-------------|
 | image.registry | string | `"registry1.dso.mil"` |  |
 | image.image | string | `"ironbank/gitlab/gitlab-runner/gitlab-runner"` |  |
-| image.tag | string | `"v17.0.0"` |  |
+| image.tag | string | `"v17.1.0"` |  |
 | useTini | bool | `true` |  |
 | imagePullPolicy | string | `"IfNotPresent"` |  |
 | gitlabUrl | string | `"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"` |  |
@@ -54,6 +54,10 @@ helm install gitlab-runner chart/
 | rbac.clusterWideAccess | bool | `false` |  |
 | rbac.podSecurityPolicy.enabled | bool | `false` |  |
 | rbac.podSecurityPolicy.resourceNames[0] | string | `"gitlab-runner"` |  |
+| rbac.imagePullSecrets | list | `[]` |  |
+| serviceAccount.name | string | `""` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.imagePullSecrets | list | `[]` |  |
 | metrics.enabled | bool | `false` |  |
 | metrics.portName | string | `"tcp-metrics"` |  |
 | metrics.port | int | `9252` |  |
@@ -65,7 +69,7 @@ helm install gitlab-runner chart/
 | runners.job.tag | string | `"9.4"` |  |
 | runners.helper.registry | string | `"registry1.dso.mil"` |  |
 | runners.helper.repository | string | `"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"` |  |
-| runners.helper.tag | string | `"v17.0.0"` |  |
+| runners.helper.tag | string | `"v17.1.0"` |  |
 | runners.config | string | `"[[runners]]\n  clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n  cache_dir = \"/tmp/gitlab-runner/cache\"\n  [runners.kubernetes]\n    pull_policy = \"always\"\n    namespace = \"{{.Release.Namespace}}\"\n    image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n    helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n    image_pull_secrets = [\"private-registry\"]\n  [runners.kubernetes.pod_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.helper_container_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.pod_labels]\n    \"job_id\" = \"${CI_JOB_ID}\"\n    \"job_name\" = \"${CI_JOB_NAME}\"\n    \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n    \"app\" = \"gitlab-runner\"\n"` |  |
 | runners.configPath | string | `""` |  |
 | runners.locked | bool | `true` |  |
@@ -100,6 +104,7 @@ helm install gitlab-runner chart/
 | hostAliases | list | `[]` |  |
 | deploymentAnnotations | object | `{}` |  |
 | deploymentLabels | object | `{}` |  |
+| deploymentLifecycle | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | priorityClassName | string | `""` |  |

chart/Chart.yaml

 apiVersion: v2
 name: gitlab-runner
-version: 0.65.0-bb.3
-appVersion: 17.0.0
+version: 0.66.0-bb.0
+appVersion: 17.1.0
 description: GitLab Runner
 keywords:
 - git
@@ -21,12 +21,12 @@ dependencies:
     repository: oci://registry1.dso.mil/bigbang
 annotations:
   bigbang.dev/applicationVersions: |
-    - Gitlab Runner: v17.0.0
+    - Gitlab Runner: v17.1.0
   helm.sh/images: |
     - name: gitlab-runner
-      image: registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v17.0.0
+      image: registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v17.1.0
     - name: gitlab-runner-helper
-      image: registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v17.0.0
+      image: registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v17.1.0
     - name: ubi9
       image: registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4
 

chart/Kptfile

@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: e3df4d644b3c152ac35c2005ae8559e14af1aaf0
+    commit: f70d01fd3871c77202a3066bef69492d818eff5e
     repo: https://gitlab.com/gitlab-org/charts/gitlab-runner
     directory: /
-    ref: v0.65.0
+    ref: v0.66.0

chart/templates/NOTES.txt

@@ -34,3 +34,32 @@ Runner namespace {{ $runnerNamespace }} was found in runners.config template.
 #############################################################################################
 {{- end }}
 {{- end }}
+{{- if and .Values.rbac.create (kindIs "invalid" .Values.serviceAccount.create) }}
+
+#############################################################################################
+## WARNING: You enabled `rbac` without specifying if a service account should be created.  ##
+## Please set `serviceAccount.create` to either `true` or `false`.                         ##
+## For backwards compatibility a service account will be created.                          ##
+#############################################################################################
+{{- end }}
+{{- if .Values.rbac.serviceAccountName }}
+
+#############################################################################################
+## WARNING: You have set the deprecated field `rbac.serviceAccountName`.                   ##
+## Please use `serviceAccount.name` instead.                                               ##
+#############################################################################################
+{{- end }}
+{{- if .Values.rbac.serviceAccountAnnotations }}
+
+#############################################################################################
+## WARNING: You have set the deprecated field `rbac.serviceAccountAnnotations`.            ##
+## Please use `serviceAccount.annotations` instead.                                        ##
+#############################################################################################
+{{- end }}
+{{- if .Values.rbac.imagePullSecrets }}
+
+#############################################################################################
+## WARNING: You have set the deprecated field `rbac.imagePullSecrets`.                     ##
+## Please use `serviceAccount.imagePullSecrets` instead.                                   ##
+#############################################################################################
+{{- end }}
\ No newline at end of file

chart/templates/_helpers.tpl

@@ -30,17 +30,6 @@ Create chart name and version as used by the chart label.
 {{-   printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Define the name of the service account
-*/}}
-{{- define "gitlab-runner.serviceAccount" -}}
-{{- if .Values.rbac.create -}}
-{{- default (include "gitlab-runner.fullname" .) .Values.rbac.generatedServiceAccountName | quote -}}
-{{- else -}}
-{{- .Values.rbac.serviceAccountName | quote -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Define the name of the secret containing the tokens
 */}}
@@ -68,6 +57,20 @@ Template for outputing the gitlabUrl
 {{- .Values.gitlabUrl | quote -}}
 {{- end -}}
 
+{{/*
+Define the name of the service account
+*/}}
+# TODO: Remove references to .Values.rbac
+{{- define "gitlab-runner.serviceAccountName" -}}
+{{- if or .Values.serviceAccount.create .Values.serviceAccount.name -}}
+{{- .Values.serviceAccount.name | default (include "gitlab-runner.fullname" .) | quote -}}
+{{- else if .Values.rbac.create -}}
+{{- default (include "gitlab-runner.fullname" .) .Values.rbac.generatedServiceAccountName | quote -}}
+{{- else -}}
+"{{- .Values.rbac.serviceAccountName -}}"
+{{- end -}}
+{{- end -}}
+
 {{/*
 Define the image, using .Chart.AppVersion and GitLab Runner image as a default value
 */}}

chart/templates/deployment.yaml

@@ -60,7 +60,7 @@ spec:
       {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName | quote }}
       {{- end }}
-      serviceAccountName: {{ include "gitlab-runner.serviceAccount" . }}
+      serviceAccountName: {{ include "gitlab-runner.serviceAccountName" . }}
       containers:
       - name: {{ include "gitlab-runner.fullname" . }}
         image: {{ include "gitlab-runner.image" . }}
@@ -72,6 +72,9 @@ spec:
         {{- else }}
         command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"]
         {{- end }}
+        {{- if .Values.deploymentLifecycle }}
+        lifecycle: {{ toYaml .Values.deploymentLifecycle | nindent 10 }}
+        {{- end }}
         env:
         {{- include "gitlab-runner.runner-env-vars" . | indent 8 }}
         livenessProbe:

chart/templates/role-binding.yaml

@@ -17,6 +17,6 @@ roleRef:
   name: {{ include "gitlab-runner.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "gitlab-runner.serviceAccount" . }}
+  name: {{ include "gitlab-runner.serviceAccountName" . }}
   namespace: "{{ .Release.Namespace }}"
 {{- end -}}

chart/templates/service-account.yaml

-{{- if .Values.rbac.create -}}
+{{- /* TODO: Remove references to `.Values.rbac` */ -}}
+{{- if or .Values.serviceAccount.create (and .Values.rbac.create (kindIs "invalid" .Values.serviceAccount.create))   -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  {{- if .Values.rbac.serviceAccountAnnotations }}
+  {{- if or .Values.serviceAccount.annotations .Values.rbac.serviceAccountAnnotations }}
   annotations:
-    {{- range $key, $value := .Values.rbac.serviceAccountAnnotations }}
+    {{- range $key, $value := merge .Values.serviceAccount.annotations .Values.rbac.serviceAccountAnnotations }}
     {{   $key }}: {{ tpl ($value) $ | quote }}
     {{- end }}
   {{- end}}
-  name: {{ include "gitlab-runner.serviceAccount" . }}
+  name: {{ include "gitlab-runner.serviceAccountName" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     app: {{ include "gitlab-runner.fullname" . }}
     chart: {{ include "gitlab-runner.chart" . }}
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
-{{- if .Values.rbac.imagePullSecrets }}
+{{- if or .Values.serviceAccount.imagePullSecrets .Values.rbac.imagePullSecrets }}
 imagePullSecrets:
-  {{- range .Values.rbac.imagePullSecrets }}
+  {{- range concat .Values.serviceAccount.imagePullSecrets .Values.rbac.imagePullSecrets }}
   - name: {{ . | quote }}
   {{- end }}
 {{- end }}

chart/values.yaml

@@ -12,7 +12,7 @@
 image:
   registry: registry1.dso.mil
   image: ironbank/gitlab/gitlab-runner/gitlab-runner
-  tag: v17.0.0
+  tag: v17.1.0
 
 ## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry)
 ## the installation fails because dumb-init is not packaged in the image. However, the tini is present.
@@ -149,9 +149,13 @@ sessionServer:
 
 ## For RBAC support:
 rbac:
+  ## Specifies whether a Role and RoleBinding should be created
+  ## If this value is set to `true`, `serviceAccount.create` should also be set to either `true` or `false`
+  ##
   create: true
   ## Define the generated serviceAccountName when create is set to true
   ## It defaults to "gitlab-runner.fullname" if not provided
+  ## DEPRECATED: Please use `serviceAccount.name` instead
   generatedServiceAccountName: ""
 
   ## Define list of rules to be added to the rbac role permissions.
@@ -179,6 +183,7 @@ rbac:
   clusterWideAccess: false
 
   ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
+  ## DEPRECATED: Please use `serviceAccount.name` instead
   ##
   # serviceAccountName: default
 
@@ -189,7 +194,9 @@ rbac:
   ##
   ## ref: https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
   ##
-  # serviceAccountAnnotations: {}
+  ## DEPRECATED: Please use `serviceAccount.annotations` instead
+  ##
+  # serviceAccountAnnotations: { }
 
   ## Use podSecurity Policy
   ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@@ -202,7 +209,34 @@ rbac:
   ##
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
   ##
-  # imagePullSecrets: []
+  ## DEPRECATED: Please use `serviceAccount.imagePullSecrets` instead
+  ##
+  imagePullSecrets: []
+
+## Configure ServiceAccount
+##
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created
+  ##
+  ## TODO: Set default to `false`
+  # create: false
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is `true`, a name is generated using the `gitlab-runner.fullname`` template
+  ##
+  name: ""
+  ## Additional custom annotations for the ServiceAccount, useful for annotations such as eks.amazonaws.com/role-arn.
+  ## Values may refer other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g.
+  ## serviceAccountAnnotations:
+  ##   eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}"
+  ##
+  ## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
+  ##
+  annotations: { }
+  ## Specify one or more imagePullSecrets used for pulling the runner image
+  ##
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+  ##
+  imagePullSecrets: [ ]
 
 ## Configure integrated Prometheus metrics exporter
 ##
@@ -335,7 +369,7 @@ runners:
   helper:
     registry: registry1.dso.mil
     repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
-    tag: "v17.0.0"
+    tag: "v17.1.0"
 
   # runner configuration, where the multi line strings is evaluated as
   # template so you can specify helm values inside of it.
@@ -711,6 +745,14 @@ deploymentLabels: {}
   # Example:
   # owner.team: <my_cool_team>
 
+## Lifecycle options to be added to deployment
+##  
+deploymentLifecycle: {}
+  # Example
+  # preStop:
+  #   exec:
+  #     command: ["/bin/sh", "-c", "echo 'shutting down'"] 
+
 ## Set hostname for runner pods
 #hostname: my-gitlab-runner
 

tests/images.txt

-registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v17.0.0
+registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v17.1.0
 registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4