Gitlab runner operator is not able to attach customized volumes from config.toml to pods / deployments

GitLab CI/CD
1

Kubernetes volumes from config.toml are not mounted on to pod or deployment

I am trying to mount volumes in the form of secret and configmap onto a runner pod / deployment. The Configmap “custom-config-toml” is as follows:

apiVersion: v1
data:
  config.toml: |
    [[runners]]
      [runners.kubernetes]
        pull_policy = ["if-not-present"]
        image_pull_secrets = ["regpw"]
        allowed_pull_policies = ["always", "if-not-present"]
      [[runners.kubernetes.volumes.secret]]
         name = "company-tls-ca"
         mount_path = "/etc/gitlab-runner/certs/"
      [[runners.kubernetes.volumes.config_map]]
         name = "k8sCluster-CABundles"
         mount_path = "/et/ssl/certs"
kind: ConfigMap
metadata:
  name: custom-config-toml
  namespace: glrunner

The GitLab Runner Operator configuration looks like following.

apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
  name: gl-runner
  namespace: glrunner
spec:
  gitlabUrl: https://gitlab.company.com
  buildImage: alpine
  ca: company-tls-ca
  token: register-token-secret
  config: custom-config-toml
  tags: s3cache
  cacheType: s3
  s3:
    bucket: job-cache
    credentials: s3credentials
    location: dc1
    server: s3cache.company.com:9000

After creating the runner from the operator, the runner deployment and its pod are able to attach the above mentioned Configmap: custom-config-toml . The /home/gitlab-runner/.gitlab-runner/config.toml of the runner pod is also showing the above customization of config.toml in it. Is my understanding correct, in assuming the above mentioned volumes secret: company-tls-ca and configmap: k8sCluster-CABundles should also be attached to the runner pod/deployment? If yes, they are not attached at all. I expect to see the files at /etc/gitlab-runner/certs/ and at /etc/ssl/certs respectively from inside runner pod. In principal, I am trying to mount a custom CA certificate using the secret inside the runner pod, so that a job can install it in the helper container. Additionally I would like to install a CA-Bundle inside the runner pod. Can you suggest the best possible way to achieve this otherwise? Thanks in advance.

We are using Gitlab runner operator to roll out a Gitlab runner in Kubernetes executor. It is a self-managed gitlab instace version 16.2.4. Gitlab runner Version: 16.0.1 Git revision: 79704081 Git branch: 16-0-stable GO version: go1.19.9 Built: 2023-05-23T22:23:03+0000 OS/Arch: linux/amd64.

2

GitLab Runner architecture consists of 2 different pods:

  • Controller Pod
  • Job Pod (lives only to execute a single job, spawned and killed by controller pod)

GitLab Runner Operator currently only has option to set a custom CA using the spec.ca parameter, to customize Controller Pod.

Anything in config.toml in the ConfigMap customizes the “job pod” spec. So by adding the secret and configmap there it will be applied to each spawned Job Pod, not the Controller Pod.

If you want to further customize the Controller pod spec, Operator does not provide such option and you have to use GitLab Runner Helm Chart | GitLab customizing the values.yaml