GitLab runner on Kubernetes couldn't execute runners api - forbidden

I am following the tutorial for setting up GitLab runners in a Kubernetes pod. https://docs.gitlab.com/ce/install/kubernetes/gitlab_runner_chart.html
I am getting this error on startup:
ERROR: Registering runner… failed
runner=OUR_TOKEN status=couldn’t execute POST against https://our.gitlab.instance.com/api/v4/runners: Post
https://our.gitlab.instance.com/api/v4/runners: Forbidden
PANIC: Failed to register this runner. Perhaps you are having network problems

Here is our cleaned up values.yaml

## GitLab Runner Image
imagePullPolicy: IfNotPresent
gitlabUrl: https://our.gitlab.instance.com/
runnerRegistrationToken: "OUR_TOKEN"
unregisterRunners: true
certsSecretName: gitlab-cert
concurrent: 10
checkInterval: 30

rbac:
  create: false
  clusterWideAccess: false
  
metrics:
  enabled: true

runners:
  image: ubuntu:16.04
  locked: false
  privileged: true
  builds: {}
    # cpuLimit: 200m
    # memoryLimit: 256Mi
    # cpuRequests: 100m
    # memoryRequests: 128Mi

  services: {}
    # cpuLimit: 200m
    # memoryLimit: 256Mi
    # cpuRequests: 100m
    # memoryRequests: 128Mi

  helpers: {}
    # cpuLimit: 200m
    # memoryLimit: 256Mi
    # cpuRequests: 100m
    # memoryRequests: 128Mi
    # image: gitlab/gitlab-runner-helper:x86_64-latest

resources: {}
affinity: {}
nodeSelector: {}
tolerations: []
envVars:
  - name: http_proxy
    value: "http://we.have.a.proxy"
  - name: https_proxy
    value: "http://we.have.a.proxy"
  - name: no_proxy
    value: "some.stuff.needs.no.proxy"

Any ideas on where to go from here? I verified that I am using the correct registration token.

1 Like

Turns out, we had 2 problems.

  1. Our proxy wasn’t set up correctly
  2. Our GitLab server was using LetsEncrypt for the CA and that didn’t seem to work with this setup. Our other GitLab server was using Amazon and that one works just fine.