Read Time:2 Minute, 16 Second
I upgraded the GitLab Helm chart version, and the GitLab Runner started throwing the following errors.
- At the time of writing, the Gitlab Helm chart version is 8.5.0, and the GitLab version is 17.5.0.
- The GitLab Runner Helm chart version is 0.69.0.
Error messages:
ERROR: Verifying runner... is removed runner status POST https://gitlab.chrislee.local/api/v4/
Registering runner... forbidden (check registration token) runner status POST https://gitlab.chrislee.local/api/v4/runners: 403 Forbidden (403 Forbidden - invalid token supplied)
Failed to register the runner.
Runner configuration other than name and executor configuration is reserved (specifically --locked, --access-level, --run-untagged, --maximum-timeout, --paused, --tag-list, and --maintenance-note) and cannot be specified when registering with a runner authentication token. This configuration is specified on the GitLab server. Please try again without specifying any of those arguments. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html#changes-to-the-gitlab-runner-register-command-syntax
After investigating, I found a few key issues:
runnerRegistrationToken
is deprecated.runUntagged
should not be defined.- The new runner registration workflow can be done via UI or programmatically, but not with Terraform by providing
kubernetest_secret
.
Here’s how I fixed it for now (maybe there are better ways) – https://github.com/chrisleekr/homelab-infrastructure/pull/14
- Manually create a GitLab runner authentication token and provide it as a Terraform value:
- Go to Admin Area -> CI/CD -> Runners -> New instance runner.
- Make sure to enable Run untagged jobs.
- Copy the token and add it to the Terraform configuration.
- Update the GitLab Helm chart values:
- Remove
gitlab-runner.envVars
–REGISTER_RUN_UNTAGGED
- Add
gitlab-runner.gitlabUrl
- Add
gitlab-runner.runnerToken
- Provide the plain secret value. The GitLab Runner Chart will generate the secret:
gitlab-gitlab-runner-secret
.
- Provide the plain secret value. The GitLab Runner Chart will generate the secret:
- Remove
gitlab-runner.runners.secret
- Passing the secret value didn’t work for some reason (maybe I did wrong).
- https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/v0.69.0/templates/deployment.yaml#L133
- https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/v0.69.0/templates/secrets.yaml#L1
- Keep
global.runner.registrationToken.secret
- To prevent Gitlab Chart creating the secret with
runner-registration-token
- https://gitlab.com/gitlab-org/charts/gitlab/-/blob/v7.5.0/templates/shared-secrets/_generate_secrets.sh.tpl?ref_type=tags#L105
- To prevent Gitlab Chart creating the secret with
- Remove
References:
- https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html#installing-gitlab-runner-with-helm-chart
- https://docs.gitlab.com/ee/tutorials/automate_runner_creation/index.html
- https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/blob/main/docs/resources/user_runner.md?ref_type=heads
- https://gitlab.com/gitlab-org/charts/gitlab-runner
- https://gitlab.com/gitlab-org/charts/gitlab