I'm trying to set up Kubernetes executor for Gitlab but I get this error: ERROR: Job failed (system failure): Post https://api.kubernetes.de/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority
This is my configmap.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: gitlab
data:
config.toml: |
concurrent = 4
[[runners]]
name = "Kubernetes Runner"
url = "http://########/ci"
token = "############"
executor = "kubernetes"
[runners.kubernetes]
host = "https://api.kubernetes.de"
namespace = "gitlab"
namespace_overwrite_allowed = "ci-.*"
privileged = true
cpu_limit = "1"
memory_limit = "1Gi"
service_cpu_limit = "1"
service_memory_limit = "1Gi"
helper_cpu_limit = "500m"
helper_memory_limit = "100Mi"
poll_interval = 5
poll_timeout = 3600
[runners.kubernetes.node_selector]
gitlab = "true"
And this is deployment.yml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
name: gitlab-runner
template:
metadata:
labels:
name: gitlab-runner
spec:
containers:
- args:
- run
image: gitlab/gitlab-runner:latest
imagePullPolicy: Always
name: gitlab-runner
volumeMounts:
- mountPath: /etc/gitlab-runner
name: config
- mountPath: /etc/ssl/certs
name: cacerts
readOnly: true
restartPolicy: Always
volumes:
- configMap:
name: gitlab-runner
name: config
- hostPath:
path: /usr/share/ca-certificates/mozilla
name: cacerts
you are using
https
, so where are the certs, are they self signed certs ? if yes you have to mention--tls-cert-file
and--tls-private-key-file
flags in your configmap for kubelet.