Gitlab kubernetes runner ignores pull policy

Hello,

I have a problem that the gitlab kubernetes runner is ignoring pull policy, that I’ve defined in the helm values.

My values.yaml:

runners:
secret: gitlab-runner-secret
imagePullPolicy: “always”
config: |
[[runners]]
environment = [“FF_GITLAB_REGISTRY_HELPER_IMAGE=1”]
[runners.kubernetes]
image_pull_secrets = [“docker-pull-secret”]
pull_policy = “always”

Now, I have a job:

myJob:
image: myrepo:helper-images/myimage:somedevtag

When I publish new version of myimage:somedevtag, the jobs run by the kubernetes runner are using the old version of the images. I need to go to all nodes and do image prune, first then I get the actualised images.

What I’m doing wrong? The standalone gitlab runners were always pulling the images, and we often get some bugs that need fixing.

1 Like

+1 We have the same issue

Hi,
can you please post what’s the value in the config.toml? Also what version of Helm chart and GitLab Runner do you have?

gitlab-runner-0.28.0

Which config.toml do you mean? That of my gitlab server?

config.toml of your GitLab Runner as it was generated by the Helm Chart.

We have the same problem. But I think its not only ignoring the image_pull_secrets settings.

Our Runner is configured with an internal DNS. If I join the helm chart generated Gitlab-Runner on its bash, a ping to our machines over dns-names work fine over internal way. Since our DNS provides this data.

But If I start a Job which should pull a docker image from our internal registry like registry.intern.loc it could not resolve this. And so it can’t pull.

  [[runners]]
  environment = ["FF_GITLAB_REGISTRY_HELPER_IMAGE=1"]
  [runners.kubernetes]
    image = "ubuntu:16.04"
    dns_policy = "none"
    [runners.kubernetes.dns_config]
      nameservers = [
        "10.8.241.11"
      ]
  config.toml: |
concurrent = 10
check_interval = 30
log_level = "info"
listen_address = ':9252'

config.template.toml: |
[[runners]]
environment = [“FF_GITLAB_REGISTRY_HELPER_IMAGE=1”]
[runners.kubernetes]
image_pull_secrets = [“docker-hub-ringler-ch”]
pull_policy = “always”

when the job pod is created you can check what is the imagePullPolicy for it.

If it is not “Always” I would raise a bug in GitLab Runner issue tracker