Gitlab Runner Build DinD fails "Fetching changes" from Repo - Connection Refused

GitLab CI/CD
, , ,
1

I set up a diid build runner which gets triggerd as expected but fails when fetching changes:

Getting source from Git repository 00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/###/###/###/.git/
fatal: unable to access 'https://gitlab.company.tld/###/###/###/': Failed to connect to gitlab.compyn.tld port 443 after 2 ms: Connection refused

First I thought this is a network issue, that the build container can’t reach the gitlab instance but the “connection refused” let’s me think it’s a permission error or the firewall of the gitlab server rejects connections from the build conainer?

So I was wandering whom I must grant access to the repo to let the runner access it? Or with what network/ip the build container tries to access the repo and what I have to let the firewall pass.
Or does is the problem something completely different?

I’m not (yet) that deep into docker and it’s networking to get that info with a blink of an eye and due to thinking and trialing that a lot I’m not getting it straight in my head anymore :wink: .

I’d be really happy for any hints or explanations regarding this.

Setup:
Gitlab CE 14.9.5
gitlab-runner 15.1.0

gitlab-ci.yml:

image: docker:dind
variables:
  DOCKER_HOST: tcp://docker:2376
  DOCKER_TLS_CERTDIR: "/certs"
  DOCKER_TLS_VERIFY: 1
  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"

services:
  - docker:dind

before_script:
  - docker info

docker_build:
  stage: build
  script:
    - export
    - docker login registry.gitlab.company.tld -u <USER> -p <PW>
    - docker build -t registry.gitlab.company.tld/###/###/###:latest .
    - docker push registry.gitlab.company.tld/###/###/###:latest

config.toml:

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "build runner"
  url = "https://gitlab.company.tld/"
  token = "#######"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:dind"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/certs/client","/cache"]
    shm_size = 0```