Ive installed standalone runners, docker runners and k8s runners with helm charts. In all these cases I could start the runner with ca files relevant to my corporate environment.
Now, I have managed to get a K8s cluster provisioned with K3s that actually works and have attached it as a managed Group Cluster and installed Helm Tiller, Prometheus and GitLab Runner from applications.
Being a corporate install, I had to do the PodPresets thing on K3s to ensure that the relevant corporate proxies were added to things run in the gitlab-managed-apps
namespace for the above to work.
Now, my problem is one that i’ve solved often, but don’t know how to in the world of AutoDevOps and managed Kubernetes to sort this problem out:
WARNING: Checking for jobs... failed runner=uagZ6Z7E status=couldn't execute POST against https://digit.mgsops.net/api/v4/jobs/request: Post https://digit.mgsops.net/api/v4/jobs/request: x509: certificate signed by unknown authority
WARNING: Checking for jobs... failed runner=uagZ6Z7E status=couldn't execute POST against https://digit.mgsops.net/api/v4/jobs/request: Post https://digit.mgsops.net/api/v4/jobs/request: x509: certificate signed by unknown authority
WARNING: Checking for jobs... failed runner=uagZ6Z7E status=couldn't execute POST against https://digit.mgsops.net/api/v4/jobs/request: Post https://digit.mgsops.net/api/v4/jobs/request: x509: certificate signed by unknown authority
WARNING: Checking for jobs... failed runner=uagZ6Z7E status=couldn't execute POST against https://digit.mgsops.net/api/v4/jobs/request: Post https://digit.mgsops.net/api/v4/jobs/request: x509: certificate signed by unknown authority
Now, we are using an internal CA, but, the GitLAb instance clearly has its own https certificates. But has not provided them to the runners. And, outside of the PodPresets to setup proxies, there is no documentation at all on how to customize the installation of things on managed K8s.
GitLab Specs
GitLab Enterprise Edition 12.9.8-ee
I think we have an Ultimate subscription but I’m just a lowly dev and don’t have the details.