大家好,
我已经使用 ubuntu 服务器 18 LTS 设置了带有 k3s(当前为 1 个 Intel NUC)的本地 kubernetes 集群。 我还有一个带有 GitLab 的工作 Synology Diskstation 和一个私有注册表(在 docker 上运行)。两者(GitLab 和Registry)都使用相同的自定义自签名证书(https://my.domain/=GitLab - https://my.domain:8050/=Registry)。
现在我已将我的 kubernetes 集群添加到 gitlab 并尝试使用 gitlab auto devops。 我使用以下配置安装了 gitlab-runner helm 图表:
# GitLab Runner Image
##
## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
##
## Note: If you change the image to the ubuntu release
## don't forget to change the securityContext;
## these images run on different user IDs.
##
# image: gitlab/gitlab-runner:alpine-v11.6.0
## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
imagePullPolicy: IfNotPresent
## Specifying ImagePullSecrets on a Pod
## Kubernetes supports specifying container image registry keys on a Pod.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets:
# - name: "image-pull-secret"
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
##
gitlabUrl: https://my.domain/
## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/README.html
##
runnerRegistrationToken: my_token
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that, but we want to use existing token)
##
# runnerToken: ""
#
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
##
# unregisterRunners: true
## When stopping the runner, give it time to wait for its jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,
## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
##
certsSecretName: "gitlab-crt"
...
起初我遇到了 gitlab-runner 由于自签名证书而无法连接到我的 gitlab 实例的问题(注册到 gitlab 实例时出现 x509 错误)。但我可以通过将 value.config 文件中的
certsSecretNameLogging to GitLab Container Registry with CI credentials...
time="2021-03-01T20:49:12Z" level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://my.domain:8050/v2/: x509: certificate signed by unknown authority"
Get https://my.domain:8050/v2/: x509: certificate signed by unknown authority
Cleaning up file based variables
00:00
ERROR: Job failed: command terminated with exit code 1
有人知道如何解决这个问题吗?我认为这与我的 gitlab-runner 中拉取的 gitlab-runner-helper 图像有关?但我找不到任何如何将我的自签名证书添加到此帮助程序映像的信息。 (注意:我已经在我的 intel nucs ca 证书上安装了自定义证书。因此,curl 或 wget 确实可以正常工作,不会出现错误)
请帮助我。 多谢。 西蒙
这里是教程如何使用自签名证书注册gitlab-runners