Runner on kubernetes with selfisigned certificate for private gitlab


we are running a gitlab instance on prem. The gitlab instance’s certificate is signed by a private ca.
I want to install runners in kubernetes, but get

ERROR: Registering runner... failed                 runner=ymx1Xesa status=couldn't execute POST against Post x509: certificate signed by unknown authority
PANIC: Failed to register the runner. You may be having network problems.

I try to install via helm chart.
I’ve already created a generic kubernetes secret runner-tls-secret which has an entry ca.cert which holds the pem certificate of our CA. I’ve checked it within the container, the certificate file is available at /home/gitlab-runner/.gitlab-runner/certs/ca.crt

How can I register and run a runner on k8s successfully against an a selfsigned gitlab instance?
Thanks a lot, Andreas

I am a step further, but it is not a nice solution now. I downloaded the runner charts and needed some modifcation:

 # add in line 112 after        
 # - name: custom-certs
 #         readOnly: true
 #         mountPath: /home/gitlab-runner/.gitlab-runner/certs/
  - name: custom-certs
          readOnly: true
          mountPath: /etc/gitlab-runner/certs/

→ this mounts the cert additionally in /etc/gitlab.runner/certs

In values.yaml change the following change to the following:

  fsGroup: 0
  runAsUser: 0

→ seems if the certupdate can be only done as root.
Bad thing is, that the whole container is now running as root, which i personally dislike.

Are there any easier, better solutions without modifying the chart and which allows to run as non-root?