Gitlab CI - Kubernetes image_pull_secrets Not Respected

Hey. I’m facing an issue trying to successfully pull images from a private Docker registry during a build. I’ve deployed gitlab-runner on a private K8s cluster, and used imagePullSecrets in my Deployment manifest to pull gitlab/gitlab-runner:ubuntu-v11.8.0 from a private registry. All is well up to this point.

When running a build, the Runner’s executor appears to try to pull the “helper” image from Docker Hub, and fails (possibly restricted by our K8s cluster). In my config.toml, I’ve set image_pull_secrets to the same value as specified in my K8s Deployment.

config.toml
image_pull_secrets = ["docker_registry_secret"]

The error given by the Runner is “image pull failed”.

Is the secret supposed live on the cluster?

Possible solutions in my opinion are to 1) request an exception from my security team to allow traffic to and from Docker Hub, 2) use Gitlab’s container registry, 3) create a fork of the gitlab-runner project, and pass through imagePullSecrets in the body of POST /pods (can become a maintenance issue).

Does anyone have a more straight-forward and simple solution?

Thanks.

Well, I guess you dont need a solution anymore but if someone hits this again … ensure that:

  • your cluster, in general, can use the secret (by creating a deployment manually without using GitLab)
  • the secret is available in the correct namespace (gitlab-managed-apps)

The second one killed me …