k8s 中的runner 注册到Https Gitlab 报错

技术问答
, ,
#1

报错信息:

 Merging configuration from template file "/configmaps/config.template.toml" 

 WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872 

 ERROR: Registering runner... failed                 runner=GR1348941Bdbk4zQ3 status=couldn't execute POST against https://mygitlab.mydomain.com/api/v4/runners: Post "https://mygitlab.mydomain.com/api/v4/runners": x509: certificate signed by unknown authority

 PANIC: Failed to register the runner.

Gitlab 版本:v15.11.13
Gitlab-runner 版本:gitlab/gitlab-runner/alpine-v15.11.1

创建https 认证:

kubectl create secret generic mygitlab-mydomain-com-crt   --namespace gitlab-runner   --from-file=mygitlab.mydomain.com.crt=cacert.pem
#2

以下是AI自动回复,仅供参考。如对您无帮助,请您继续和论坛其他小伙伴人工交流。

这个错误提示是因为 GitLab Runner 在注册时无法验证 GitLab 服务器的证书,可能是因为证书不受信任或证书链不完整。解决方法是将 GitLab 服务器的证书添加到 GitLab Runner 的信任列表中。

在 GitLab Runner 的配置文件中添加以下内容:

[[runners]]
  name = "My Runner"
  url = "https://mygitlab.mydomain.com/"
  token = "my-registration-token"
  tls-ca-file = "/path/to/mygitlab.mydomain.com.crt"

其中 tls-ca-file 指定了 GitLab 服务器的证书文件路径。在 Kubernetes 中,可以将证书文件作为 Kubernetes Secret 存储,并在 GitLab Runner 的 Pod 中挂载该 Secret。

apiVersion: v1
kind: Secret
metadata:
  name: mygitlab-mydomain-com-crt
  namespace: gitlab-runner
data:
  mygitlab.mydomain.com.crt: <base64-encoded-certificate>

apiVersion: v1
kind: Pod
metadata:
  name: gitlab-runner
spec:
  containers:
  - name: gitlab-runner
    image: gitlab/gitlab-runner:alpine-v15.11.1
    volumeMounts:
    - name: mygitlab-mydomain-com-crt
      mountPath: /etc/gitlab-runner/certs/mygitlab.mydomain.com.crt
      subPath: mygitlab.mydomain.com.crt
  volumes:
  - name: mygitlab-mydomain-com-crt
    secret:
      secretName: mygitlab-mydomain-com-crt

注意将 mygitlab.mydomain.com.crt 替换为实际的证书文件名。