Gitlab Runner error secret "gitlab-runner-test" not found

Hi, I want to install a new GitLab Runner on a Kubernetes cluster, but starting from GitLab version 16, I need to generate a token (not a registration token). I’m doing the installation through Terraform in the following way:

resource "helm_release" "gitlab_runner_test" {
  name       = "gitlab-runner-test"
  namespace  = "gitlab"
  timeout    = 600

  repository = "https://charts.gitlab.io/"
  chart      = "gitlab-runner"
  version    = "0.48.3" 

  set {
    gitlabUrl: https://gitlab.mydomain.com/
    runnerToken: ""
    
    rbac:
      create: false
      serviceAccountName: runner-aws-access

    securityContext:
      privileged: true

    runners:
      privileged: true
      config: |
        [[runners]]
          environment = [
            "DOCKER_HOST=tcp://localhost:2375",
            "DOCKER_TLS_CERTDIR="
          ]
          [runners.kubernetes]
            namespace = "{{.Release.Namespace}}"
            image = "ubuntu:20.04"

  }

  depends_on = [
    aws_iam_role.gitlab_runner_access,
    kubernetes_service_account.gitlab_runner_access
  ]
}

How do I generate a token to add a new runner in GitLab?

Here the config of the pod:

❯ kubectl describe pod gitlab-runner-test-6df9c8d5c-5bwh9 -n gitlab
Name:             gitlab-runner-test-6df9c8d5c-5bwh9
Namespace:        gitlab
Priority:         0
Service Account:  runner-aws-access
Node:             ip-10-48-15-90.ec2.internal/10.48.15.90
Start Time:       Thu, 27 Jul 2023 19:13:05 -0300
Labels:           app=gitlab-runner-test
                  chart=gitlab-runner-0.50.0
                  heritage=Helm
                  pod-template-hash=6df9c8d5c
                  release=gitlab-runner-test
Annotations:      checksum/configmap: 48a06d573f2f324bc86506d01b480498637eb5dd7783da65c03f7cd0d978d94a
                  checksum/secrets: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Status:           Pending
IP:
IPs:              <none>
Controlled By:    ReplicaSet/gitlab-runner-test-6df9c8d5c
Containers:
  gitlab-runner-test:
    Container ID:
    Image:         registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.9.0
    Image ID:
    Port:          9252/TCP
    Host Port:     0/TCP
    Command:
      /usr/bin/dumb-init
      --
      /bin/bash
      /configmaps/entrypoint
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Liveness:       exec [/bin/bash /configmaps/check-live] delay=60s timeout=1s period=10s #success=1 #failure=3
    Readiness:      exec [/usr/bin/pgrep gitlab.*runner] delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      CI_SERVER_URL:                https://gitlab.domain.com/
      CLONE_URL:
      RUNNER_EXECUTOR:              kubernetes
      REGISTER_LOCKED:              true
      RUNNER_TAG_LIST:              apps-dev
      KUBERNETES_PRIVILEGED:        true
      KUBERNETES_SERVICE_ACCOUNT:   runner-aws-access
      AWS_STS_REGIONAL_ENDPOINTS:   regional
      AWS_DEFAULT_REGION:           us-east-1
      AWS_REGION:                   us-east-1
      AWS_ROLE_ARN:                 arn:aws:iam::216501261954:role/gitlab-runner-access
      AWS_WEB_IDENTITY_TOKEN_FILE:  /var/run/secrets/eks.amazonaws.com/serviceaccount/token
    Mounts:
      /configmaps from configmaps (rw)
      /home/gitlab-runner/.gitlab-runner from etc-gitlab-runner (rw)
      /secrets from projected-secrets (rw)
      /var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gltcc (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  aws-iam-token:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  86400
  runner-secrets:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     Memory
    SizeLimit:  <unset>
  etc-gitlab-runner:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     Memory
    SizeLimit:  <unset>
  projected-secrets:
    Type:                Projected (a volume that contains injected data from multiple sources)
    SecretName:          gitlab-runner-test
    SecretOptionalName:  <nil>
  configmaps:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      gitlab-runner-test
    Optional:  false
  kube-api-access-gltcc:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                 From               Message
  ----     ------       ----                ----               -------
  Normal   Scheduled    2m4s                default-scheduler  Successfully assigned gitlab/gitlab-runner-test-6df9c8d5c-5bwh9 to ip-10-48-15-90.ec2.internal
  Warning  FailedMount  60s (x8 over 2m3s)  kubelet            MountVolume.SetUp failed for volume "projected-secrets" : secret "gitlab-runner-test" not found
  Warning  FailedMount  0s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[projected-secrets], unattached volumes=[configmaps kube-api-access-gltcc aws-iam-token projected-secrets etc-gitlab-runner]: timed out waiting for the condition

Any helps?

You get the token from GitLab UI when you open Runners page and click the “new runner” button