Gitlab上的Kubernetes执行程序-错误:作业失败(系统故障):发布* api/v1/命名空间/gitlab/pods:x509:证书由未知授权机构签名 [英] Kubernetes executor on Gitlab - ERROR: Job failed (system failure): Post *api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

问题描述

我正在尝试为Gitlab设置Kubernetes执行器，但出现此错误: 错误:作业失败(系统故障):发布 https://api.kubernetes.de/api/v1/namespaces/gitlab/豆荚:x509: 未知权限签署的证书

I'm trying to set up Kubernetes executor for Gitlab but I get this error: ERROR: Job failed (system failure): Post https://api.kubernetes.de/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority

这是我的configmap.yml:

This is my configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-runner
  namespace: gitlab
data:
  config.toml: |
     concurrent = 4

[[runners]]
  name = "Kubernetes Runner"
  url = "http://########/ci"
  token = "############"
  executor = "kubernetes"
  [runners.kubernetes]
    host = "https://api.kubernetes.de"
    namespace = "gitlab"
    namespace_overwrite_allowed = "ci-.*"
    privileged = true
    cpu_limit = "1"
    memory_limit = "1Gi"
    service_cpu_limit = "1"
    service_memory_limit = "1Gi"
    helper_cpu_limit = "500m"
    helper_memory_limit = "100Mi"
    poll_interval = 5
    poll_timeout = 3600
    [runners.kubernetes.node_selector]
      gitlab = "true"

这是Deployment.yml:

And this is deployment.yml:

 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitlab-runner
   namespace: gitlab
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: gitlab-runner
   template:
     metadata:
       labels:
         name: gitlab-runner
     spec:
       containers:
       - args:
         - run
         image: gitlab/gitlab-runner:latest
         imagePullPolicy: Always
         name: gitlab-runner
         volumeMounts:
         - mountPath: /etc/gitlab-runner
           name: config
         - mountPath: /etc/ssl/certs
           name: cacerts
           readOnly: true
       restartPolicy: Always
       volumes:
       - configMap:
           name: gitlab-runner
         name: config
       - hostPath:
           path: /usr/share/ca-certificates/mozilla
         name: cacerts

推荐答案

您正在使用https，所以证书在哪里，它们是自签名证书吗?如果是，则必须在configmap中为kubelet提及--tls-cert-file和--tls-private-key-file标志.

you are using https, so where are the certs, are they self signed certs ? if yes you have to mention --tls-cert-file and --tls-private-key-file flags in your configmap for kubelet.

这篇关于Gitlab上的Kubernetes执行程序-错误:作业失败(系统故障):发布* api/v1/命名空间/gitlab/pods:x509:证书由未知授权机构签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！