How to create runner token in terraform.
Hi everyone. I have read the documentation and in GitLab version 16, registration tokens are no longer used, but a runner token is used instead. I have not found in the Terraform documentation how to generate a runner token.
I have tried installing through Terraform and Helm by leaving the runnerToken value empty, but I am seeing errors like this:
❯ kubectl describe pod gitlab-runner-test-786c49fcd7-k4cff -n gitlab
Name: gitlab-runner-test-786c49fcd7-k4cff
Namespace: gitlab
Priority: 0
Service Account: runner-aws-access
Node: ip-x-x8-x-x.ec2.internal/x.x.x.x
Start Time: Thu, 27 Jul 2023 14:12:40 -0300
Labels: app=gitlab-runner-test
chart=gitlab-runner-0.50.0
heritage=Helm
pod-template-hash=786c49fcd7
release=gitlab-runner-test
Annotations: checksum/configmap: 01944aa04313f9ff16a6c21e2d00bc2df149f27835ed8bb586a2061cd750d19d
checksum/secrets: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/gitlab-runner-test-786c49fcd7
Containers:
gitlab-runner-test:
Container ID:
Image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.9.0
Image ID:
Port: 9252/TCP
Host Port: 0/TCP
Command:
/usr/bin/dumb-init
--
/bin/bash
/configmaps/entrypoint
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Liveness: exec [/bin/bash /configmaps/check-live] delay=60s timeout=1s period=10s #success=1 #failure=3
Readiness: exec [/usr/bin/pgrep gitlab.*runner] delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
CI_SERVER_URL: https://gitlab.aws.kiusys.com/
CLONE_URL:
RUNNER_EXECUTOR: kubernetes
REGISTER_LOCKED: true
RUNNER_TAG_LIST:
KUBERNETES_PRIVILEGED: true
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ROLE_ARN: arn:aws:iam::xxxxx:role/gitlab-runner-access
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
Mounts:
/configmaps from configmaps (rw)
/home/gitlab-runner/.gitlab-runner from etc-gitlab-runner (rw)
/secrets from projected-secrets (rw)
/var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qqkxx (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
aws-iam-token:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 86400
runner-secrets:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: Memory
SizeLimit: <unset>
etc-gitlab-runner:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: Memory
SizeLimit: <unset>
projected-secrets:
Type: Projected (a volume that contains injected data from multiple sources)
SecretName: gitlab-runner-test
SecretOptionalName: <nil>
configmaps:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: gitlab-runner-test
Optional: false
kube-api-access-qqkxx:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m43s default-scheduler Successfully assigned gitlab/gitlab-runner-test-786c49fcd7-k4cff to ip-10-48-8-220.ec2.internal
Warning FailedMount 5m40s kubelet Unable to attach or mount volumes: unmounted volumes=[projected-secrets], unattached volumes=[etc-gitlab-runner configmaps kube-api-access-qqkxx aws-iam-token projected-secrets]: timed out waiting for the condition
Warning FailedMount 3m26s kubelet Unable to attach or mount volumes: unmounted volumes=[projected-secrets], unattached volumes=[kube-api-access-qqkxx aws-iam-token projected-secrets etc-gitlab-runner configmaps]: timed out waiting for the condition
Warning FailedMount 91s (x11 over 7m43s) kubelet MountVolume.SetUp failed for volume "projected-secrets" : secret "gitlab-runner-test" not found
Warning FailedMount 71s kubelet Unable to attach or mount volumes: unmounted volumes=[projected-secrets], unattached volumes=[configmaps kube-api-access-qqkxx aws-iam-token projected-secrets etc-gitlab-runner]: timed out waiting for the condition
Here my terraform config:
resource "helm_release" "gitlab_runner_test" {
name = "gitlab-runner-test"
namespace = "gitlab"
timeout = 600
repository = "https://charts.gitlab.io/"
chart = "gitlab-runner"
version = "0.50.0"
values = [
file("${path.module}/test-values.yaml")
]
depends_on = [
aws_iam_role.gitlab_runner_access,
kubernetes_service_account.gitlab_runner_access
]
}
gitlabUrl: https://gitlab.aws.kiusys.com/
runnerToken: ""
rbac:
create: false
serviceAccountName: runner-aws-access
securityContext:
privileged: true
allowPrivilegeEscalation: true
runners:
privileged: true
config: |
[[runners]]
environment = [
"DOCKER_HOST=tcp://localhost:2375",
"DOCKER_TLS_CERTDIR="
]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "ubuntu:20.04"
[[runners.kubernetes.volumes.empty_dir]]
name = "docker-certs"
mount_path = "/certs/client"
medium = "Memory"
Any helps?