-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-machine.ts
46 lines (41 loc) · 1.59 KB
/
docker-machine.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { GitlabRunnerAutoscaling } from "@pepperize/cdk-autoscaling-gitlab-runner";
import { Stack } from "aws-cdk-lib";
import { ParameterTier, ParameterType, StringParameter } from "aws-cdk-lib/aws-ssm";
import { Construct } from "constructs";
import { RunnerStackProps } from "./runner-stack-props";
export interface WithCustomDockerMachineConfigurationProps extends RunnerStackProps {}
export class DockerMachineStack extends Stack {
constructor(scope: Construct, id: string, props: WithCustomDockerMachineConfigurationProps) {
super(scope, id, props);
const { gitlabToken } = props;
const token = new StringParameter(this, "Token", {
parameterName: "/gitlab-runner/token",
stringValue: gitlabToken,
type: ParameterType.SECURE_STRING,
tier: ParameterTier.STANDARD,
});
new GitlabRunnerAutoscaling(this, "Runner", {
runners: [
{
token: token,
configuration: {
name: "gitlab-runner-with-custom-docker-config",
environment: [], // Reset the OverlayFS driver for every project
docker: {
capAdd: ["CAP_NET_ADMIN"], // Remove the CAP_SYS_ADMIN
capDrop: ["CAP_CHOWN"],
privileged: false, // Run unprivileged
pullPolicy: "never",
waitForServicesTimeout: 600,
},
machine: {
idleCount: 2, // Number of idle machine
idleTime: 3000, // Waiting time in idle state
maxBuilds: 1, // Max builds before instance is removed
},
},
},
],
});
}
}