Skip to content

Document how to use the ubuntu image with the helm chart

Overview

I have use the image gitlab/gitlab-runner:latest in values.yml file for helm, but there is an Error when the pod will come up:

 Registration attempt 1 of 30
Runtime platform                                    arch=amd64 os=linux pid=12 revision=a8a019e0 version=12.3.0
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Registering runner... succeeded                     runner=egiE45uX
PANIC: mkdir /nonexistent: permission denied       
Unregistering runner from GitLab succeeded          runner=gTiLWsE3
Registration attempt 2 of 30
Runtime platform                                    arch=amd64 os=linux pid=29 revision=a8a019e0 version=12.3.0
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...

Workaround

Use the alpine image

You can use the alpine based image gitlab/gitalb-runner:alpine-v13.0.0 and everything works as expected

Update the securityContext

Update the securityContext to be:

securityContext:
  fsGroup: 999
  runAsUser: 999

Root cause

This is because the alpine and ubuntu image have different uIDs for the gitlab-runner user, so the default securityContext is not valid for the ubuntu image. Those values are only valid of the alpine based image.

If we cat /etc/passwd we can see the difference:

$ docker run --rm -it --entrypoint='/bin/bash' gitlab/gitlab-runner:v13.0.0
root@609dabca7fd3:/# cat /etc/passwd | grep 'gitlab-runner'
gitlab-runner:x:999:999:GitLab Runner:/home/gitlab-runner:/bin/bash

$  docker run --rm -it --entrypoint='/bin/bash' gitlab/gitlab-runner:alpine-v13.0.0
bash-5.0# cat /etc/passwd | grep 'gitlab-runner'
gitlab-runner:x:100:65533:Linux User,,,:/home/gitlab-runner:/sbin/nologin

Proposal

Given that the default image is alpine I think we should leave the default value 100 since that is the value that works for the default image. If we just merge this as is it will not work for the alpine image which is the default image.

What I propose is:

  1. Update the comment about the image specifying that you want to update the image to the ubuntu one you should update the securityContext
  2. Add commented-out values under the security context with the values that are valid of the ubuntu image.
  3. Update https://docs.gitlab.com/runner/install/kubernetes.html adding a new section about the image specifying that we should have different runAs and fsGroup values.
Edited by Darren Eastman
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information