运行 来自 Openshift 上 Gitlab-runner 的 K8s 集群
Running K8s cluster from Gitlab-runner on Openshift
目前我有一个 Kubernetes 集群准备与 Gitlab-runner 及其 kubernetes 执行器一起使用,我想从不同的 Openshift 集群使用它,所以我有两个不同的独立集群。
我目前是 运行 Openshift pod 上的 Gitlab-runner 镜像,像这样 config.toml,遵循 [=13= 中的文档]:
concurrent = 1
check_interval = 10
[[runners]]
name = "size-XL"
url = "https://blablabla/ci"
token = "blablabla"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab"
privileged = false
host= "https://blablabla:6443"
cert_file= "/etc/ssl/certs/cert.pem"
key_file= "/etc/ssl/certs/key.pem"
ca_keyfile= "/etc/ssl/certs/ca.pem"
cpu_limit = "4"
memory_limit = "6Gi"
service_cpu_limit = "1"
service_memory_limit = "2Gi"
helper_cpu_limit = "2"
helper_memory_limit = "2Gi"
cpu_request = "1"
memory_request = "2Gi"
service_cpu_request = "250Mi"
service_memory_request = "512Mi"
helper_cpu_request = "250Mi"
helper_memory_request = "512Mi"
service-account = "test"
service_account_overwrite_allowed = ".*"
image = "blablabla"
我的问题是,即使它能够连接到 K8s 集群并开始选择作业,但在任何时候,我都会得到这个:
Checking for jobs... received job=17311 repo_url=https://blablabla.git runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
ERROR: Job failed (system failure): error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
我运气不好,知道吗?
ca_keyfile= "/etc/ssl/certs/ca.pem"
实际上是问题所在。因为它只是 ca_file 而不是 ca_keyfile
目前我有一个 Kubernetes 集群准备与 Gitlab-runner 及其 kubernetes 执行器一起使用,我想从不同的 Openshift 集群使用它,所以我有两个不同的独立集群。
我目前是 运行 Openshift pod 上的 Gitlab-runner 镜像,像这样 config.toml,遵循 [=13= 中的文档]:
concurrent = 1
check_interval = 10
[[runners]]
name = "size-XL"
url = "https://blablabla/ci"
token = "blablabla"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab"
privileged = false
host= "https://blablabla:6443"
cert_file= "/etc/ssl/certs/cert.pem"
key_file= "/etc/ssl/certs/key.pem"
ca_keyfile= "/etc/ssl/certs/ca.pem"
cpu_limit = "4"
memory_limit = "6Gi"
service_cpu_limit = "1"
service_memory_limit = "2Gi"
helper_cpu_limit = "2"
helper_memory_limit = "2Gi"
cpu_request = "1"
memory_request = "2Gi"
service_cpu_request = "250Mi"
service_memory_request = "512Mi"
helper_cpu_request = "250Mi"
helper_memory_request = "512Mi"
service-account = "test"
service_account_overwrite_allowed = ".*"
image = "blablabla"
我的问题是,即使它能够连接到 K8s 集群并开始选择作业,但在任何时候,我都会得到这个:
Checking for jobs... received job=17311 repo_url=https://blablabla.git runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
WARNING: Preparation failed: error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
Will be retried in 3s ... job=17311 project=3128 runner=c36ccf98
ERROR: Job failed (system failure): error connecting to Kubernetes: ca file, cert file and key file must be specified when using file based auth job=17311 project=3128 runner=c36ccf98
我运气不好,知道吗?
ca_keyfile= "/etc/ssl/certs/ca.pem"
实际上是问题所在。因为它只是 ca_file 而不是 ca_keyfile