After having spent some time the other day to redo my (“standalone”) runner setup, I figured that I would share this for the benefit of the community.
.env:
RUNNER_NAME=RUNNER-NAME
REGISTRATION_TOKEN=TOKEN
CI_SERVER_URL=https://gitlab.com/
docker-compose.yml:
version: "3.5"
services:
dind:
image: docker:20-dind
restart: always
privileged: true
environment:
DOCKER_TLS_CERTDIR: ""
command:
- --storage-driver=overlay2
runner:
restart: always
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
depends_on:
- dind
environment:
- DOCKER_HOST=tcp://dind:2375
volumes:
- ./config:/etc/gitlab-runner:z
register-runner:
restart: 'no'
image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
depends_on:
- dind
environment:
- CI_SERVER_URL=${CI_SERVER_URL}
- REGISTRATION_TOKEN=${REGISTRATION_TOKEN}
command:
- register
- --non-interactive
- --locked=false
- --name=${RUNNER_NAME}
- --executor=docker
- --docker-image=docker:20-dind
- --docker-volumes=/var/run/docker.sock:/var/run/docker.sock
volumes:
- ./config:/etc/gitlab-runner:z
Source: TyIsI / gitlab-runner-docker-compose · GitLab
Notes:
- Because networks are not specified, docker-compose will create project network, which defaults to bridge mode.
- The docker references can be a little bit confusing. So let me try to clear that up:
- By setting
DOCKER_TLS_CERTDIRto empty, thedindinstance is forced to use plain TCP - The runner connects to
dindover TCP. - The
docker.sockreferenced in theregister-runneris in reference to thedindexecutor. It’s how the containers in the docker container can talk to docker.
- By setting
- This config runs fully in
dind. - This config is based on a config that I found and then optimized (and brought up to docker 20).
- The config in the repo does some filesystem caching.
Hope this helps anyone!