Error Authenticating Pulling Helper
I'm running K8 runners in GKE and can't seem to get a build working due to the error below.
GKE Version: 1.26.7-gke.500
Gitlab Runner Version: 0.58.1
Running with gitlab-runner 16.5.0 (853330f9)
on gitlab-runner-868548678f-695gx dFKAEC6sb, system ID: r_HDWN0xaHtEPw
Preparing the "kubernetes" executor 00:00
Using Kubernetes namespace: gitlab-runner
Using Kubernetes executor with image maven:3-jdk-8-slim ...
Using attach strategy to execute scripts...
Preparing environment 00:03
Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
Waiting for pod gitlab-runner/runner-dfkaec6sb-project-10246619-concurrent-0-w5vt8rlh to be running, status is Pending
WARNING: Failed to pull image with policy "Always": image pull failed: rpc error: code = Unknown desc = failed to pull and unpack image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-853330f9": failed to resolve reference "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-853330f9": failed to authorize: failed to fetch oauth token: unexpected status: 401 Unauthorized
ERROR: Job failed: prepare environment: waiting for pod running: pulling image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-853330f9": image pull failed: rpc error: code = Unknown desc = failed to pull and unpack image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-853330f9": failed to resolve reference "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-853330f9": failed to authorize: failed to fetch oauth token: unexpected status: 401 Unauthorized. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
Here's my config:
## How many runner pods to launch.
##
replicas: 3
## How many old ReplicaSets for this Deployment you want to retain
# revisionHistoryLimit: 10
## The GitLab Server URL (with protocol) that want to register the runner against
## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
##
gitlabUrl: https://gitlab.com/
## The Runner Token for adding new Runners to the GitLab Server. This must
## be retrieved from your GitLab Instance. It is token of already registered runner.
## ref: (we don't yet have docs for that, but we want to use existing token)
##
runnerToken: "******"
## For RBAC support:
rbac:
create: true
## Define list of rules to be added to the rbac role permissions.
## Each rule supports the keys:
## - apiGroups: default "" (indicates the core API group) if missing or empty.
## - resources: default "*" if missing or empty.
## - verbs: default "*" if missing or empty.
##
## Read more about the recommended rules on the following link
##
## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configure-runner-api-permissions
##
rules:
- resources: ["configmaps", "events", "pods", "pods/attach", "pods/exec", "secrets", "services"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create", "patch", "delete"]
## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
## cluster-wide or only within namespace
clusterWideAccess: false
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
##
# serviceAccountName: default
## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn.
## Values may refer other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g.
## serviceAccountAnnotations:
## eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}"
##
## ref: https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
##
# serviceAccountAnnotations: {}
## Use podSecurity Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
resourceNames:
- gitlab-runner
## Configuration for the Pods that the runner launches for each new job
##
runners:
# runner configuration, where the multi line strings is evaluated as
# template so you can specify helm values inside of it.
#
# tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
# runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
config: |
[[runners]]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "ubuntu:16.04"
pull_policy = "always"
privileged = true
Any help would be appreciated!
Thanks -
Edited by Mathew Deyo