Skip to content

Private Registry Authentication

I have a privately hosted set of runners in an Amazon EKS cluster that I have configured to run with a Docker image in a private container registry on gitlab.com. In the process of setting this up, I wanted to validate that the pipelines would fail to pull the image before I configured the imagePullSecrets which were set deployed by #181 (closed). When I tested a CI job, it succeeded in pulling the image without issue. I am struggling to understand how this is happening and would be curious if anyone can provide insight into any auto-generated credentials I might be unaware of. Below is the values for my Helm chart.

gitlabUrl: "https://gitlab.com"

runners:
  config: |
    [[runners]]
      [runners.kubernetes]
        namespace = "{{.Release.Namespace}}"
        image = "my-image:tag"
        pull_policy = "always"

rbac:
  create: true

I also notice that if I disable the rbac creation I get the following error although I suspect this is only tangentially related:

ERROR: Job failed (system failure): prepare environment: setting up credentials: secrets is forbidden: User "system:serviceaccount:gitlab-runner:default" cannot create resource "secrets" in API group "" in the namespace "gitlab-runner"
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information