Resolve "Enable privileged mode for Runner installed on Kubernetes"

app/models/clusters/applications/runner.rb

@@ -56,12 +56,13 @@ module Clusters
       def specification
         {
           "gitlabUrl" => gitlab_url,
-          "runnerToken" => ensure_runner.token
+          "runnerToken" => ensure_runner.token,
+          "runners" => { "privileged" => privileged }
         }
       end
 
       def content_values
-        specification.merge(YAML.load_file(chart_values_file))
+        YAML.load_file(chart_values_file).deep_merge!(specification)
       end
     end
   end

changelogs/unreleased/43793-enable-privileged-mode-for-runner.yml

@@ -0,0 +1,5 @@
+---
+title: Enable privileged mode for GitLab Runner
+merge_request: 17528
+author:
+type: added

db/migrate/20180305144721_add_privileged_to_runner.rb

@@ -0,0 +1,18 @@
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddPrivilegedToRunner < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :clusters_applications_runners, :privileged, :boolean, default: true, allow_null: false
+  end
+
+  def down
+    remove_column :clusters_applications_runners, :privileged
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180304204842) do
+ActiveRecord::Schema.define(version: 20180305144721) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -603,6 +603,7 @@ ActiveRecord::Schema.define(version: 20180304204842) do
     t.datetime_with_timezone "updated_at", null: false
     t.string "version", null: false
     t.text "status_reason"
+    t.boolean "privileged", default: true, null: false
   end
 
   add_index "clusters_applications_runners", ["cluster_id"], name: "index_clusters_applications_runners_on_cluster_id", unique: true, using: :btree

spec/models/clusters/applications/runner_spec.rb

@@ -34,6 +34,8 @@ describe Clusters::Applications::Runner do
       is_expected.to include('checkInterval')
       is_expected.to include('rbac')
       is_expected.to include('runners')
+      is_expected.to include('privileged: true')
+      is_expected.to include('image: ubuntu:16.04')
       is_expected.to include('resources')
       is_expected.to include("runnerToken: #{ci_runner.token}")
       is_expected.to include("gitlabUrl: #{Gitlab::Routing.url_helpers.root_url}")
@@ -65,5 +67,33 @@ describe Clusters::Applications::Runner do
         expect(gitlab_runner.runner).not_to be_nil
       end
     end
+
+    context 'with duplicated values on vendor/runner/values.yaml' do
+      let(:values) do
+        {
+          "concurrent" => 4,
+          "checkInterval" => 3,
+          "rbac" => {
+            "create" => false
+          },
+          "clusterWideAccess" => false,
+          "runners" => {
+            "privileged" => false,
+            "image" => "ubuntu:16.04",
+            "builds" => {},
+            "services" => {},
+            "helpers" => {}
+          }
+        }
+      end
+
+      before do
+        allow(gitlab_runner).to receive(:chart_values).and_return(values)
+      end
+
+      it 'should overwrite values.yaml' do
+        is_expected.to include("privileged: #{gitlab_runner.privileged}")
+      end
+    end
   end
 end

vendor/runner/values.yaml

@@ -15,10 +15,8 @@ rbac:
   clusterWideAccess: false
 
 ## Configuration for the Pods that that the runner launches for each new job
-##
 runners:
   image: ubuntu:16.04
-  privileged: false
   builds: {}
   services: {}
   helpers: {}