Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.
Problem to solve
Hello everybody, we are using Gitlab CE 16.11.9 and we want to upgrade to 17 version. I tried and everything works well except the runners.
In my configuration I install gitlab via helm with a values and inside of it there is a section call “runners”. Inside of it I got all config.
In other hand I have created a secret with runner-registration-token and runner-token, runner-registration-token is fill it with the token from the gitlab and when a new runner pod is created use that token to register inside of gitlab.
But with the new version I cannot use runner-registration-token because is deprecated. I know I can activate via CI/CD but in version 18 that feature will be deactivate.
So I want to know how to work with runners in kubernetes and token, because I find out many info but it is not clear to create a runner-token.
I really dont understand how is the process. Kubernetes will recreate runners pods many many time and there will be new runners in the future, so like right now.
So I need to know how to create a runner-token in version 17 and add this token to the secret and the runners start to use it.
Steps to reproduce
Run helm chart gitlab in version 17 or upper in kubernetes and try to config gitlab-runners
Configuration
gitlab-runner:
gitlabUrl: https://gitlab.example.lan
replicas: 2
## Set the certsSecretName to pass custom certificates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
##
certsSecretName: "{{ trusted_cas_secret }}"
runners:
# Changing this doesn't fully set the token everywhere
# secret: gitlab-runner-secret
config: |
[[ runners ]]
tls-ca-file = "{{ gitlab_runner_cert_path }}/{{ ldap_ca_filename }}.crt"
builds_dir = "/tmp"
environment = ["HOME=/tmp", "SSL_CERTFILE={{ gitlab_runner_cert_path }}/{{ ldap_ca_filename }}.crt", "no-proxy=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local"]
[runners.kubernetes]
# Run all containers with the privileged flag enabled.
# See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerskubernetes-section for details.
service_account = "gitlab-job-runner"
privileged = true
helper_image_flavor = "alpine"
image = "alpine"
[runners.kubernetes.pod_security_context]
run_as_nonroot = false
run_as_user = 0
run_as_group = 65533
[[runners.kubernetes.volumes.secret]]
name = "{{ trusted_cas_secret }}"
read_only = true
mount_path = "{{ gitlab_runner_cert_path }}"
rbac:
create: true
serviceAccountName: gitlab-runner-sa
Versions
Please select whether options apply, and add the version information.
- Self-managed
- GitLab.com SaaS
- Self-hosted Runners
Versions
- GitLab (Web:
/helpor self-managed system information): 17.3.2 - GitLab Runner, if self-hosted (Web
/admin/runnersor CLIgitlab-runner --version): 0.68.0
Infrastructure-as-Code
- Terraform/OpenTofu:
- Ansible:
Cloud-native
- Kubernetes (
kubectl version): 1.27.15
Helpful resources
- Before opening a new topic, make sure to search for keywords in the forum search
- Check the GitLab Runner and GitLab projects for existing issues. If you encounter a bug, please create a bug report issue.
- Troubleshooting docs: GitLab Runner, self-managed GitLab instances, GitLab agent for Kubernetes, Infrastructure-as-Code.
Thanks for taking the time to be thorough in your request, it really helps! 