Kubernetes executor on Gitlab - ERROR: Job failed

2019-03-01 07:08发布

I'm trying to set up Kubernetes executor for Gitlab but I get this error: ERROR: Job failed (system failure): Post https://api.kubernetes.de/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

This is my configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
     concurrent = 4

[[runners]]
  name = "Kubernetes Runner"
  url = "http://########/ci"
  token = "############"
  executor = "kubernetes"
  [runners.kubernetes]
    host = "https://api.kubernetes.de"
    namespace = "gitlab"
    namespace_overwrite_allowed = "ci-.*"
    privileged = true
    cpu_limit = "1"
    memory_limit = "1Gi"
    service_cpu_limit = "1"
    service_memory_limit = "1Gi"
    helper_cpu_limit = "500m"
    helper_memory_limit = "100Mi"
    poll_interval = 5
    poll_timeout = 3600
    [runners.kubernetes.node_selector]
      gitlab = "true"

And this is deployment.yml:

 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitlab-runner
   namespace: gitlab
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: gitlab-runner
   template:
     metadata:
       labels:
         name: gitlab-runner
     spec:
       containers:
       - args:
         - run
         image: gitlab/gitlab-runner:latest
         imagePullPolicy: Always
         name: gitlab-runner
         volumeMounts:
         - mountPath: /etc/gitlab-runner
           name: config
         - mountPath: /etc/ssl/certs
           name: cacerts
           readOnly: true
       restartPolicy: Always
       volumes:
       - configMap:
           name: gitlab-runner
         name: config
       - hostPath:
           path: /usr/share/ca-certificates/mozilla
         name: cacerts

1条回答
贪生不怕死
2楼-- · 2019-03-01 07:31

you are using https, so where are the certs, are they self signed certs ? if yes you have to mention --tls-cert-file and --tls-private-key-file flags in your configmap for kubelet.

查看更多
登录 后发表回答