嘿伙计们,
我已经使用 ubuntu 服务器 18 LTS 建立了一个带有 k3s(目前是 1 个 Intel NUC)的本地 kubernetes 集群。我还有一个带有 GitLab 和私有注册表(在 docker 上运行)的可用 Synology Diskstation。两者(GitLab 和 Registry)都使用相同的自定义自签名证书(https://my.domain/ = GitLab - https://my.domain:8050/ = Registry)。
现在我已将我的 kubernetes 集群添加到 gitlab 并尝试使用 gitlab auto devops。我使用以下配置安装了 gitlab-runner helm chart:
# GitLab Runner Image
##
## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
##
## Note: If you change the image to the ubuntu release
## don't forget to change the securityContext;
## these images run on different user IDs.
##
# image: gitlab/gitlab-runner:alpine-v11.6.0
## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
imagePullPolicy: IfNotPresent
## Specifying ImagePullSecrets on a Pod
## Kubernetes supports specifying container image registry keys on a Pod.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets:
# - name: "image-pull-secret"
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
##
gitlabUrl: https://my.domain/
## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/README.html
##
runnerRegistrationToken: my_token
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that, but we want to use existing token)
##
# runnerToken: ""
#
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
##
# unregisterRunners: true
## When stopping the runner, give it time to wait for its jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
##
certsSecretName: "gitlab-crt"
...
起初,由于自签名证书(注册到 gitlab 实例时出现 x509 错误),我遇到了 gitlab-runner 无法连接到我的 gitlab 实例的问题。但是我可以通过certsSecretName在我的 values.config 文件中设置一个包含我的自签名证书的秘密来修复它。但是现在当我的跑步者试图从我的注册表中提取时,我也得到了那个该死的 x509 错误。
Logging to GitLab Container Registry with CI credentials...
time="2021-03-01T20:49:12Z" level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://my.domain:8050/v2/: x509: certificate signed by unknown authority"
Get https://my.domain:8050/v2/: x509: certificate signed by unknown authority
Cleaning up file based variables
00:00
ERROR: Job failed: command terminated with exit code 1
有人知道如何解决这个问题吗?我认为这与我的 gitlab-runner 中拉取的 gitlab-runner-helper 图像有关吗?但我找不到任何如何将我的自签名证书添加到这个帮助图像的东西。(注意:我已经在我的 intel nucs ca-certificates 上安装了自定义证书。所以 curl 或 wget 可以正常工作)
请帮我。非常感谢。西蒙