Unable to use kubernetes executer for Gitlabs

0 votes

I'm getting the following error when I tray and set up kubernetes executor for Gitlab:
ERROR: Job failed (system failure): Post https://api.kubernetes.de/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

my configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
     concurrent = 4

[[runners]]
  name = "Kubernetes Runner"
  url = "http://########/ci"
  token = "############"
  executor = "kubernetes"
  [runners.kubernetes]
    host = "https://api.kubernetes.de"
    namespace = "gitlab"
    namespace_overwrite_allowed = "ci-.*"
    privileged = true
    cpu_limit = "1"
    memory_limit = "1Gi"
    service_cpu_limit = "1"
    service_memory_limit = "1Gi"
    helper_cpu_limit = "500m"
    helper_memory_limit = "100Mi"
    poll_interval = 5
    poll_timeout = 3600
    [runners.kubernetes.node_selector]
      gitlab = "true"

my deployment.yml:

 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitlab-runner
   namespace: gitlab
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: gitlab-runner
   template:
     metadata:
       labels:
         name: gitlab-runner
     spec:
       containers:
       - args:
         - run
         image: gitlab/gitlab-runner:latest
         imagePullPolicy: Always
         name: gitlab-runner
         volumeMounts:
         - mountPath: /etc/gitlab-runner
           name: config
         - mountPath: /etc/ssl/certs
           name: cacerts
           readOnly: true
       restartPolicy: Always
       volumes:
       - configMap:
           name: gitlab-runner
         name: config
       - hostPath:
           path: /usr/share/ca-certificates/mozilla
         name: cacerts
Dec 26, 2018 in Kubernetes by DragonLord999
• 8,360 points
144 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

You are trying to use https, so your certificates should be self signed. You'll have to add --tls-cert-file and --tls-private-key-file flagse in you configmap for your kubelet.

answered Dec 26, 2018 by DareDev
• 6,670 points

Related Questions In Kubernetes

0 votes
1 answer

unable to start Kubernetes due to so many open files in system

You can try the following steps: You can ...READ MORE

answered May 1, 2018 in Kubernetes by shubham
• 6,560 points
151 views
0 votes
1 answer

How to use gravitational teleport in a container/kubernetes environment?

You can use teleport to augment kubernetes ...READ MORE

answered Jun 28, 2018 in Kubernetes by ajs3033
• 7,080 points
195 views
0 votes
1 answer

Unable to access kubernetes dashboard

You’re trying to access a private IP. ...READ MORE

answered Aug 27, 2018 in Kubernetes by Kalgi
• 36,260 points
117 views
0 votes
1 answer

Unable to run Kubernetes on rancher cluster

switch Docker to 1.12.x; Kubernetes doesn't support ...READ MORE

answered Aug 28, 2018 in Kubernetes by Kalgi
• 36,260 points
91 views
0 votes
1 answer
+13 votes
2 answers
0 votes
1 answer

permissions related to AWS ECR

if you add allowContainerRegistry: true, kops will add those permissions ...READ MORE

answered Oct 9, 2018 in Kubernetes by Kalgi
• 36,260 points
37 views
0 votes
1 answer

Unable to get cgroup stats for docker and kubelet services

Try and start kubelet with the following ...READ MORE

answered Sep 3, 2018 in Kubernetes by DareDev
• 6,670 points
115 views
0 votes
1 answer

Kubernetes:Unable to mount volumes with cloud-provider

Kuberenetes 1.5.0 and 1.5.3 does support cinder. ...READ MORE

answered Nov 29, 2018 in Kubernetes by DareDev
• 6,670 points
495 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.