问题描述
大家好,
我已经使用 ubuntu 服务器 18 LTS 建立了一个带有 k3s(目前是 1 个 Intel NUC)的本地 kubernetes 集群。 我还有一个带 GitLab 的 Synology diskstation 和一个私有注册表(在 docker 上运行)。两者(GitLab 和 Registry)都使用相同的自定义自签名证书(https://my.domain/ = GitLab - https://my.domain:8050/ = Registry)。
现在我已经将我的 kubernetes 集群添加到 gitlab 并尝试使用 gitlab auto devops。 我使用以下配置安装了 gitlab-runner helm chart:
# GitLab Runner Image
##
## By default it's using gitlab/gitlab-runner:alpine-v{VERSION}
## where {VERSION} is taken from Chart.yaml from appVersion field
##
## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/
##
## Note: If you change the image to the ubuntu release
## don't forget to change the securityContext;
## these images run on different user IDs.
##
# image: gitlab/gitlab-runner:alpine-v11.6.0
## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest',else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
imagePullPolicy: IfNotPresent
## Specifying ImagePullSecrets on a Pod
## Kubernetes supports specifying container image registry keys on a Pod.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets:
# - name: "image-pull-secret"
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register
##
gitlabUrl: https://my.domain/
## The Registration Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance.
## ref: https://docs.gitlab.com/ce/ci/runners/README.html
##
runnerRegistrationToken: my_token
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that,but we want to use existing token)
##
# runnerToken: ""
#
## Unregister all runners before termination
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated and created again. This may cause your Gitlab instance to reference
## non-existant runners. Un-registering the runner before termination mitigates this issue.
## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister
##
# unregisterRunners: true
## When stopping the runner,give it time to wait for its jobs to terminate.
##
## Updating the runner's chart version or configuration will cause the runner container
## to be terminated with a graceful stop request. terminationGracePeriodSeconds
## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
## ref: https://docs.gitlab.com/runner/commands/#signals
terminationGracePeriodSeconds: 3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
## Provide resource name for a Kubernetes Secret Object in the same namespace,## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates
##
certsSecretName: "gitlab-crt"
...
起初我遇到的问题是 gitlab-runner 由于自签名证书而无法连接到我的 gitlab 实例(注册到 gitlab 实例时出现 x509 错误)。但是我可以通过将 values.config 文件中的 certsSecretName 设置为包含我的自签名证书的机密来修复它。但是现在当我的跑步者试图从我的注册表中提取时,我也遇到了该死的 x509 错误。
Logging to GitLab Container Registry with CI credentials...
time="2021-03-01T20:49:12Z" level=info msg="Error logging in to v2 endpoint,trying next endpoint: Get https://my.domain:8050/v2/: x509: certificate signed by unkNown authority"
Get https://my.domain:8050/v2/: x509: certificate signed by unkNown authority
Cleaning up file based variables
00:00
ERROR: Job Failed: command terminated with exit code 1
有人知道如何解决这个问题吗?我认为这与我的 gitlab-runner 中拉出的 gitlab-runner-helper 图像有关吗?但是我找不到任何如何将我的自签名证书添加到此帮助程序图像的方法。 (注意:我已经在我的 intel nucs ca 证书上安装了自定义证书。所以 curl 或 wget 可以正常工作)
请帮帮我。 非常感谢。 西蒙
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)