Kubernetes executor on Gitlab - ERROR: Job failed (system failure): Post *api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

问题:

I'm trying to set up Kubernetes executor for Gitlab but I get this error: ERROR: Job failed (system failure): Post https://api.kubernetes.de/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

This is my configmap.yml:

apiVersion: v1 kind: ConfigMap metadata:   name: gitlab-runner   namespace: gitlab data:   config.toml: |      concurrent = 4  [[runners]]   name = "Kubernetes Runner"   url = "http://########/ci"   token = "############"   executor = "kubernetes"   [runners.kubernetes]     host = "https://api.kubernetes.de"     namespace = "gitlab"     namespace_overwrite_allowed = "ci-.*"     privileged = true     cpu_limit = "1"     memory_limit = "1Gi"     service_cpu_limit = "1"     service_memory_limit = "1Gi"     helper_cpu_limit = "500m"     helper_memory_limit = "100Mi"     poll_interval = 5     poll_timeout = 3600     [runners.kubernetes.node_selector]       gitlab = "true" 

And this is deployment.yml:

 apiVersion: extensions/v1beta1  kind: Deployment  metadata:    name: gitlab-runner    namespace: gitlab  spec:    replicas: 1    selector:      matchLabels:        name: gitlab-runner    template:      metadata:        labels:          name: gitlab-runner      spec:        containers:        - args:          - run          image: gitlab/gitlab-runner:latest          imagePullPolicy: Always          name: gitlab-runner          volumeMounts:          - mountPath: /etc/gitlab-runner            name: config          - mountPath: /etc/ssl/certs            name: cacerts            readOnly: true        restartPolicy: Always        volumes:        - configMap:            name: gitlab-runner          name: config        - hostPath:            path: /usr/share/ca-certificates/mozilla          name: cacerts 

回答1:

you are using https, so where are the certs, are they self signed certs ? if yes you have to mention --tls-cert-file and --tls-private-key-file flags in your configmap for kubelet.

文章来源: Kubernetes executor on Gitlab - ERROR: Job failed (system failure): Post *api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority