Replace this template with your information
Describe your question in as much detail as possible:
I have two Gitlab Runners in Kubernetes deployed using the Helm chart. For this environment my organization uses an internal, self-signed certificate so we need to inject the CA’s certificate into the runner. My values file specifies certsSecretName: gitlab-domain-cert and indeed, there’s a repository.mydomain.com: certificategoeshere secret by the name of gitlab-domain-cert. If I exec into the runner pod and look in the /home/gitlab-runner/.gitlab-runner/ directory the certificate is in there. This is what I’d expect. However, when I run a job that requires interaction with Gitlab (building a container image for example) it errors with a “signed by unknown authority” error. Upon further investigation I see the job pod that gets spun up doesn’t have the certificate and I see the following error:
(⎈ |staging:gitlab-runner)[~]$ kubectl logs runner-rdxvbkh--project-66-concurrent-09cjkw svc-0
cp: can't stat '/etc/gitlab-image-runner/certs/ca.crt': No such file or directory
I would expect gitlab-runner to inject the certificate into the proper location but it doesn’t appear to be happening.
-
What version are you on? Are you using self-managed or GitLab.com? Self-managed, standard
-
GitLab (Hint:
/help): 14.6.5 -
Runner (Hint:
/admin/runners): 14.6.1
-
GitLab (Hint:
-
Add the CI configuration from
.gitlab-ci.ymland other configuration if relevant (e.g. docker-compose.yml)
Values File:
image: gitlab/gitlab-runner:alpine-v14.6.1
gitlabUrl: https://repository.mydomain.com
runnerRegistrationToken: redacted
certsSecretName: gitlab-domain-cert
rbac:
create: true
Snippet of CI file.
services:
- name: docker:19.03.12-dind
command:
- /bin/sh
- -c
- mkdir -p /etc/docker/certs.d/${CI_REGISTRY}/ && cp /etc/gitlab-image-runner/certs/ca.crt /etc/docker/certs.d/${CI_REGISTRY}/ && dockerd-entrypoint.sh || exit
stages:
- build
- test
- release
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker info