Gitlab-runner with kubernetes executor behind proxy

Infrastructure as Code & Cloud Native
1

Dear all,

please I would like to ask how to configure gitlab-runner with kubernetes executor (in openshift) behind proxy

I prepared images for runner, runner-helper and image (KUBERNETES_IMAGE)
Registering runner is successful - with environment variables http and https proxy in container runner
when I start my first gitlab-ci using this runner it always fails on step cloning the current git project
fatal: Failed to connect to git.atosone.com port 443: Connection timed out

I already provided the http and https_proxy as environment variables for helper and also for KUBERNETES_IMAGE (in the moment they are part of each image - I accept that this is for troubleshooting mainly) and when I connected to command line of the running container
runner-qsa5nkep-project-8691-concurrent-0jhmxf
I was able to see created environment variables http https_proxy
and I was also successful with curl access to the git.atosone.com

I expected successful download the repository for current project.

  • *GitLab GitLab Enterprise Edition [13.9.4-ee] selfmanaged
  • *Runner version 13.9.0

Thank you for your help

2

And I also found second right place to provide the http https proxy variables and this is in .gitlab-ci.yaml file:

deploy:
variables:
HTTP_PROXY: http://server:port/
HTTPS_PROXY: http://server:port/
NO_PROXY: localhost,127.0.0.1

and now finally also repository is successfully cloned to actual container. First place for proxy variables is - deployment of gitlab-runner container.
and no need to put variables for proxy anywhere else.

1 Like
3

edit your gitlab-runner config.toml


[[runners]]
  executor: "kubernetes"
+ environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"] # insert this line in your [[runners]] section
  [runners.kubernetes]
+   [[runners.kubernetes.pod_spec]]
+     name = "build envvars"
+     patch_path = ""
+     patch = "      containers:\n        - name: build\n          env:\n          - name: HTTPS_PROXY\n            value: \"<your proxy server>\"\n          - name: HTTP_PROXY\n            value: \"<your proxy server>\"\n          - name: NO_PROXY\n            value: \"<no proxy list>\"\n        - name: helper\n          env:\n          - name: HTTPS_PROXY\n            value: \"<your proxy server>\"\n          - name: HTTP_PROXY\n            value: \"<your proxy server>\"\n          - name: NO_PROXY\n            value: \"<no proxy list>\"\n      "
+     patch_type = "strategic"

if your gitlab-runner install by helm, edit your helm values.yaml:

 extraEnv:
+  HTTPS_PROXY: <your proxy server> # proxy for runner
+  HTTP_PROXY: <your proxy server>
+  NO_PROXY: <no proxy list> # such as 192.168.0.0/12,172.30.0.0/12

runners:
  cache: {}
  config: |
    [[runners]]
+     environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"] # insert this line in [[runners]] section
      [runners.kubernetes]
+        [[runners.kubernetes.pod_spec]] # proxy setting for job execution.
+         name = "build envvars"
+         patch = '''
+         containers:
+           - name: build
+             env:
+             - name: HTTPS_PROXY
+               value: "<your proxy server>"
+             - name: HTTP_PROXY
+               value: "<your proxy server>"
+             - name: NO_PROXY
+               value: ""
+           - name: helper
+             env:
+             - name: HTTPS_PROXY
+               value: "<your proxy server>"
+             - name: HTTP_PROXY
+               value: "<your proxy server>"
+             - name: NO_PROXY
+               value: "1"
+         '''
+         patch_type = "strategic"