How to register Openshift Runner

Problem to solve

I’ve got a Gitlab Runner Operator in my Openshift Environment up and running. Apparently its not a shared runner, since it loses its activation on one project if used on another.
A shared or a group runner is needed.

When I installed the existing Runner, I used the legacy method by retrieving a registration token in the Gitlab UI.

Following the hint in the Web-UI “Next GitLab Runner Token Architecture” the new registration flow look like:

  • User create a runner in Gitlab UI and adds the runner configuration

  • Gitlab creates ci_runners record and returns new “glrt-” prefixed auth token


I can’t create a runner in the Gitlab Web-UI in order to retrive the auth token, which I would need to provide the Gitlab Runner instance as a secret, because only Linux, Mac and Windows is supported to install. The “Kubernetes” Link leads to a method using Helm Charts. Since I use an Operator I’d follow the “Operator” manual (Install GitLab Runner Operator | GitLab) …which in turn needs the project runner token.

glueless… :thinking:

Thanks for any hint!


Please select whether options apply, and add the version information.

  • Self-managed
  • SaaS
  • Self-hosted Runners


  • GitLab: 16.6.6 Community Edition
  • GitLab Runner: 16.4.1; Operator v1.18.1
1 Like


I came across your post and was having similar issues. There’s a long on going discussion on this found here: Feedback issue: New Runner registration flow (#387993) · Issues · / GitLab · GitLab

I also have Gitlab Runner Operator in an OpenShift Environment. Like you mentioned before I was just using the Group Runner Registration Token but now that its going to be deprecated it’s going to affect our current work flow.

For now these are the steps I’m taking to register new group runner tokens.

  1. Create token via gitlab API

You can create runner tokens via API. For more info on the flags you can check out: Users API | GitLab

Here’s an example of the command I ran:

curl -X POST -H private-token: -H ‘content-type: application/json’ -d ‘{“runner_type”:“group_type”,“group_id”:“your group id”,“run_untagged”:“false”,“tag_list”:[“Your”,“Tags”,“Here”]}’

This will return a token for the newly created group runner and in the UI you’ll see it as an idle/not active runner.

  1. Create a secret containing the new token in OpenShift

I think there is some confusion on how the gitlab runner secret must be structured in order for your gitlab runner to register properly. I got my working with the following secret structure:

apiVersion: v1
kind: Secret
name: gitlab-runner-secret
namespace: gitlab-testing
type: Opaque
runner-registration-token: “new-group-runner-token”

For more information why I did this I followed this link: FATAL: Runner configuration other than name and executor configuration is reserved (#191) · Issues · / OpenShift / GitLab Runner Operator · GitLab

  1. Create the runner in OpenShift

kind: Runner
name: dev
namespace: gitlab-testing
token: gitlab-runner-secret # Name of the secret containing the Runner token
tags: “Your,Tags,Here”

Once you create the runner in OpenShift you should see the runner active in gitlab. Not as straight forward as using the UI but I’ve been able to stand up runners and verify the can accept jobs. Hope this helps.

1 Like