gitlab-runner Readiness probe failed
Summary
while use helm install gitlab. some of image pull error. the pod of gitlab-gitlab-runner Frequent loss of contact.
Steps to reproduce
helm install gitlab gitlab/gitlab -f .\values.yaml -n gitlab --version 4.9.0
Current behavior
Readiness probe failed: Back-off restarting failed container
Expected behavior
wish Readiness probe can be ok.
Versions
- Chart: gitlab 4.9.0
- Platform:
- Cloud: aliyun
 
- Kubernetes: (kubectl version)- Client: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11", GitCommit:"637c7e288581ee40ab4ca210618a89a555b6e7e9", GitTreeState:"clean", BuildDate:"2018-11-26T14:38:32Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"windows/amd64"}
- Server: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.8-aliyun.1", GitCommit:"cff3030", GitTreeState:"", BuildDate:"2020-11-19T07:19:32Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
 
- Helm: (helm version)- version.BuildInfo{Version:"v3.5.0", GitCommit:"32c22239423b3b4ba6706d450bd044baffdcf9e6", GitTreeState:"clean", GoVersion:"go1.15.6"}
 
Configuration used
# Default values for gitlab/gitlab chart
## NOTICE
# Due to the scope and complexity of this chart, all possible values are
# not documented in this file. Extensive documentation for these values
# and more can be found at https://gitlab.com/gitlab-org/charts/gitlab/
## Advanced Configuration
# Documentation for advanced configuration can be found under doc/advanced
# - external PostgreSQL
# - external Gitaly
# - external Redis
# - external NGINX
# - PersistentVolume configuration
# - external Object Storage providers
## The global properties are used to configure multiple charts at once.
## Extended documentation at doc/charts/globals.md
global:
  persistence:
    storageClass: aliyun-ssd
    accessMode: ReadWriteOnce
    size: 30Gi
    # matchLabels: {}
    # matchExpressions: []
    # subPath: "data"
    # annotations: {}
  common:
    labels: {}
  ## GitLab operator is Alpha. Not for production use.
  operator:
    enabled: false
    rollout:
      # Enables automatic pause for deployment rollout. This must be set to `true` to fix
      # Helm's issue with 3-way merge. See:
      #   https://gitlab.com/gitlab-org/charts/gitlab/issues/1262
      #   https://github.com/helm/helm/issues/3805
      autoPause: true
  ## Supplemental Pod labels. Will not be used for selectors.
  pod:
    labels: {}
  ## doc/installation/deployment.md#deploy-the-community-edition
  edition: ce
  ## doc/charts/globals.md#gitlab-version
  # gitlabVersion: 13.8.4
  ## doc/charts/globals.md#application-resource
  application:
    create: false
    links: []
    allowClusterRoles: true
  ## doc/charts/globals.md#configure-host-settings
  hosts:
    domain: example.com
    hostSuffix: 
    https: false
    externalIP:
    ssh: ~
    gitlab: 
      name: git.example.com
      https: false
    minio:  
      name: minio.example.com
      https: false
    registry: 
      name: registry.example.com
      https: false
    tls: 
      name: tls.example.com
      https: false
    smartcard: 
      name: smartcard.example.com
      https: false
    kas:  
      name: kas.example.com
      https: false
    pages: 
      name: pages.example.com
      https: false
  ## doc/charts/globals.md#configure-ingress-settings
  ingress:
    configureCertmanager: false
    annotations: {}
    enabled: true
    tls: {}
    #   enabled: true
    #   secretName:
  gitlab:
    ## Enterprise license for this GitLab installation
    ## Secret created according to doc/installation/secrets.md#initial-enterprise-license
    ## If allowing shared-secrets generation, this is OPTIONAL.
    license: {}
      # secret: RELEASE-gitlab-license
      # key: license
  ## Initial root password for this GitLab installation
  ## Secret created according to doc/installation/secrets.md#initial-root-password
  ## If allowing shared-secrets generation, this is OPTIONAL.
  initialRootPassword: {}
    # secret: RELEASE-gitlab-initial-root-password
    # key: password
  ## doc/charts/globals.md#configure-postgresql-settings
  psql:
    connectTimeout:
    password:
      useSecret: true
      secret: my-release-postgresql
      key: postgresql-password
      # file:
    serviceName: my-release-postgresql
    port: 5432
    username: postgres
    # database: gitlabhq_production
    # applicationName:
    # preparedStatements: false
  ## doc/charts/globals.md#configure-redis-settings
  redis:
    password:
      enabled: true
      secret: my-redis-cluster
      key: redis-password
    host: my-redis-cluster
    port: 6379
    # sentinels:
    #   - host:
    #     port:
  ## doc/charts/globals.md#configure-gitaly-settings
  gitaly:
    enabled: true
    authToken: {}
      # secret:
      # key:
    # serviceName:
    internal:
      names: ['default']
    external: []
    service:
      name: gitaly
      type: ClusterIP
      externalPort: 8075
      internalPort: 8075
      tls:
        externalPort: 8076
        internalPort: 8076
    tls:
      enabled: false
      # secretName:
    # todo
    # persistence:
    #   enabled: true
    #   storageClass: aliyun-ssd
    #   accessMode: ReadWriteOnce
    #   size: 50Gi
    #   matchLabels: {}
    #   matchExpressions: []
    #   subPath: "/data"
    #   annotations: {}
  praefect:
    enabled: false
    authToken: {}
    autoMigrate: true
    dbSecret: {}
    virtualStorages:
      - name: default
        gitalyReplicas: 3
        maxUnavailable: 1
    psql:
      sslMode: 'disable'
    # serviceName:
    service:
      name: praefect
      type: ClusterIP
      externalPort: 8075
      internalPort: 8075
      tls:
        externalPort: 8076
        internalPort: 8076
    tls:
      enabled: false
      # secretName:
  ## doc/charts/globals.md#configure-minio-settings
  minio:
    enabled: true
    credentials: {}
      # secret:
  ## doc/charts/globals.md#configure-grafana-integration
  grafana:
    enabled: false
  ## doc/charts/globals.md#configure-appconfig-settings
  ## Rails based portions of this chart share many settings
  appConfig:
    ## doc/charts/globals.md#general-application-settings
    enableUsagePing: true
    enableSeatLink: true
    enableImpersonation:
    defaultCanCreateGroup: true
    usernameChangingEnabled: true
    issueClosingPattern:
    defaultTheme:
    defaultProjectsFeatures:
      issues: true
      mergeRequests: true
      wiki: true
      snippets: true
      builds: true
    webhookTimeout:
    maxRequestDurationSeconds:
    ## doc/charts/globals.md#cron-jobs-related-settings
    cron_jobs: {}
      ## Flag stuck CI builds as failed
      # stuck_ci_jobs_worker:
      #   cron: "0 * * * *"
      ## Schedule pipelines in the near future
      # pipeline_schedule_worker:
      #   cron: "19 * * * *"
      ## Remove expired build artifacts
      # expire_build_artifacts_worker:
      #   cron: "*/7 * * * *"
      ## Periodically run 'git fsck' on all repositories.
      # repository_check_worker:
      #   cron: "20 * * * *"
      ## Send admin emails once a week
      # admin_email_worker:
      #   cron: "0 0 * * 0"
      ## Remove outdated repository archives
      # repository_archive_cache_worker:
      #   cron: "0 * * * *"
      ## Verify custom GitLab Pages domains
      # pages_domain_verification_cron_worker:
      #   cron: "*/15 * * * *"
      ## Export pseudonymized data
      # pseudonymizer_worker:
      #   cron: "0 * * * *"
      # schedule_migrate_external_diffs_worker:
      #   cron: "15 * * * *"
      ### GitLab Geo
      # Geo Primary only!
      # geo_prune_event_log_worker:
      #   cron: "*/5 * * * *"
      ## GitLab Geo repository sync worker
      # geo_repository_sync_worker:
      #   cron: "*/5 * * * *"
      ## GitLab Geo file download dispatch worker
      # geo_file_download_dispatch_worker:
      #  cron: "*/10 * * * *"
      ## GitLab Geo repository verification primary batch worker
      # geo_repository_verification_primary_batch_worker:
      #   cron: "*/5 * * * *"
      ## GitLab Geo repository verification secondary scheduler worker
      # geo_repository_verification_secondary_scheduler_worker:
      #   cron: "*/5 * * * *"
      ## GitLab Geo migrated local files clean up worker
      # geo_migrated_local_files_clean_up_worker:
      #   cron: "15 */6 * * *"
      ### LDAP
      # ldap_sync_worker:
      #   cron: "30 1 * * *"
      # ldap_group_sync_worker:
      #   cron: "0 * * * *"
      ### Snapshot active user statistics
      # historical_data_worker:
      #   cron: "0 12 * * *"
    ## doc/charts/globals.md#content-security-policy
    contentSecurityPolicy:
      enabled: false
      report_only: true
      # directives: {}
    ## doc/charts/globals.md#gravatarlibravatar-settings
    gravatar:
      plainUrl:
      sslUrl:
    ## doc/charts/globals.md#hooking-analytics-services-to-the-gitlab-instance
    extra:
      googleAnalyticsId:
      matomoUrl:
      matomoSiteId:
    ## doc/charts/globals.md#lfs-artifacts-uploads-packages-external-mr-diffs
    object_store:
      enabled: false
      proxy_download: true
      storage_options: {}
        # server_side_encryption:
        # server_side_encryption_kms_key_id
      connection: {}
        # secret:
        # key:
    lfs:
      enabled: true
      proxy_download: true
      bucket: git-lfs
      connection: {}
        # secret:
        # key:
    artifacts:
      enabled: true
      proxy_download: true
      bucket: gitlab-artifacts
      connection: {}
        # secret:
        # key:
    uploads:
      enabled: true
      proxy_download: true
      bucket: gitlab-uploads
      connection: {}
        # secret:
        # key:
    packages:
      enabled: true
      proxy_download: true
      bucket: gitlab-packages
      connection: {}
    externalDiffs:
      enabled: false
      when:
      proxy_download: true
      bucket: gitlab-mr-diffs
      connection: {}
    terraformState:
      enabled: false
      bucket: gitlab-terraform-state
      connection: {}
    dependencyProxy:
      enabled: false
      proxy_download: true
      bucket: gitlab-dependency-proxy
      connection: {}
    ## doc/charts/globals.md#pseudonymizer-settings
    pseudonymizer:
      configMap:
      bucket: gitlab-pseudo
      connection: {}
        # secret:
        # key:
    backups:
      bucket: gitlab-backups
      tmpBucket: tmp
    ## doc/charts/globals.md#incoming-email-settings
    ## doc/installation/deployment.md#incoming-email
    incomingEmail:
      enabled: false
      address: ""
      host: "imap.gmail.com"
      port: 993
      ssl: true
      startTls: false
      user: ""
      password:
        secret: ""
        key: password
      expungeDeleted: false
      logger:
        logPath: "/dev/stdout"
      mailbox: inbox
      idleTimeout: 60
    ## doc/charts/globals.md#service-desk-email-settings
    ## doc/installation/deployment.md#service-desk-email
    serviceDeskEmail:
      enabled: false
      address: ""
      host: "imap.gmail.com"
      port: 993
      ssl: true
      startTls: false
      user: ""
      password:
        secret: ""
        key: password
      expungeDeleted: false
      logger:
        logPath: "/dev/stdout"
      mailbox: inbox
      idleTimeout: 60
    ## doc/charts/globals.md#ldap
    ldap:
      # prevent the use of LDAP for sign-in via web.
      preventSignin: false
      servers: {}
      ## 'main' is the GitLab 'provider ID' of this LDAP server
      # main:
      #   label: 'LDAP'
      #   host: '_your_ldap_server'
      #   port: 636
      #   uid: 'sAMAccountName'
      #   bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
      #   password:
      #     secret: _the_secret_containing_your_ldap_password
      #     key: _the_key_which_holds_your_ldap_password
      #   encryption: 'plain'
    ## doc/charts/globals.md#kas
    gitlab_kas: {}
      # secret:
      # key:
    ## doc/charts/globals.md#omniauth
    omniauth:
      enabled: false
      autoSignInWithProvider:
      syncProfileFromProvider: []
      syncProfileAttributes: ['email']
      allowSingleSignOn: ['saml']
      blockAutoCreatedUsers: true
      autoLinkLdapUser: false
      autoLinkSamlUser: false
      autoLinkUser: []
      externalProviders: []
      allowBypassTwoFactor: []
      providers: []
      # - secret: gitlab-google-oauth2
      #   key: provider
    ## doc/charts/globals.md#configure-appconfig-settings
    sentry:
      enabled: false
      dsn:
      clientside_dsn:
      environment:
    smartcard:
      enabled: false
      CASecret:
      clientCertificateRequiredHost:
      sanExtensions: false
      requiredForGitAccess: false
    # Config that only applies to the defaults on initial install
    initialDefaults: {}
      # signupEnabled:
  ## End of global.appConfig
  ## doc/charts/geo.md
  geo:
    enabled: false
    # Valid values: primary, secondary
    role: primary
    ## Geo Secondary only
    # nodeName allows multiple instances behind a load balancer.
    nodeName: # defaults to `gitlab.gitlab.host`
    # PostgreSQL connection details only needed for `secondary`
    psql:
      password: {}
        # secret:
        # key:
      # host: postgresql.hostedsomewhere.else
      # port: 123
      # username: gitlab_replicator
      # database: gitlabhq_geo_production
      # ssl:
        # secret:
        # clientKey:
        # clientCertificate:
        # serverCA:
  ## doc/charts/gitlab/kas/index.md
  kas:
    enabled: false
  ## doc/charts/globals.md#configure-gitlab-shell-settings
  shell:
    authToken: {}
      # secret:
      # key:
    hostKeys: {}
      # secret:
  ## Rails application secrets
  ## Secret created according to doc/installation/secrets.md#gitlab-rails-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
  railsSecrets: {}
    # secret:
  ## Rails generic setting, applicable to all Rails-based containers
  rails:
    bootsnap: # Enable / disable Shopify/Bootsnap cache
      enabled: true
  ## doc/charts/globals.md#configure-registry-settings
  registry:
    bucket: registry
    certificate: {}
      # secret:
    httpSecret: {}
      # secret:
      # key:
    # https://docs.docker.com/registry/notifications/#configuration
    notifications: {}
      # endpoints:
      #   - name: FooListener
      #     url: https://foolistener.com/event
      #     timeout: 500ms
      #     threshold: 10
      #     backoff: 1s
      #     headers:
      #       FooBar: ['1', '2']
      #       Authorization:
      #         secret: gitlab-registry-authorization-header
      #       SpecificPassword:
      #         secret: gitlab-registry-specific-password
      #         key: password
      # events: {}
  pages:
    enabled: false
    accessControl: false
    path:
    host:
    port:
    https: # default true
    externalHttp: []
    externalHttps: []
    artifactsServer: true
    objectStore:
      enabled: true
      bucket: gitlab-pages
      # proxy_download: true
      connection: {}
        # secret:
        # key:
    apiSecret: {}
      # secret:
      # key:
  ## GitLab Runner
  ## Secret created according to doc/installation/secrets.md#gitlab-runner-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
  runner:
    registrationToken: {}
      # secret:
  ## doc/installation/deployment.md#outgoing-email
  ## Outgoing email server settings
  smtp:
    enabled: false
    address: smtp.mailgun.org
    port: 2525
    user_name: ""
    ## doc/installation/secrets.md#smtp-password
    password:
      secret: ""
      key: password
    # domain:
    authentication: "plain"
    starttls_auto: false
    openssl_verify_mode: "peer"
  ## doc/installation/deployment.md#outgoing-email
  ## Email persona used in email sent by GitLab
  email:
    from: 'gitlab@example.com'
    display_name: GitLab
    reply_to: ''
    subject_suffix: ''
    smime:
      enabled: false
      secretName: ""
      keyName: "tls.key"
      certName: "tls.crt"
  ## Timezone for containers.
  time_zone: UTC
  ## Global Service Annotations and Labels
  service:
    labels: {}
    annotations: {}
  ## Global Deployment Annotations
  deployment:
    annotations: {}
  antiAffinity: soft
  ## doc/charts/globals.md#workhorse
  ## Global settings related to Workhorse
  workhorse:
    serviceName: webservice-default
    # scheme:
    # host:
    # port:
    ## doc/installation/secrets.md#gitlab-workhorse-secret
    # secret:
    # key:
  ## doc/charts/globals.md#configure-webservice
  webservice:
    workerTimeout: 60
  ## doc/charts/globals.md#custom-certificate-authorities
  # configuration of certificates container & custom CA injection
  certificates:
    image:
      repository: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates
      tag: 20191127-r2
    customCAs: []
    # - secret: custom-CA
    # - secret: more-custom-CAs
  ## kubectl image used by hooks to carry out specific jobs
  kubectl:
    image:
      repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
      tag: 1.13.12
      pullSecrets: []
    securityContext:
      # in most base images, this is `nobody:nogroup`
      runAsUser: 65534
      fsGroup: 65534
  busybox:
    image:
      repository: busybox
      tag: latest
  ## docs/charts/globals.md#service-accounts
  serviceAccount:
    enabled: false
    create: true
    annotations: {}
    ## Name to be used for serviceAccount, otherwise defaults to chart fullname
    # name:
  ## docs/charts/globals/tracing.md#tracing
  tracing:
    connection:
      string: ""
    urlTemplate: ""
  ## docs/charts/globals.md
  extraEnv: {}
   # SOME_KEY: some_value
   # SOME_OTHER_KEY: some_other_value
## End of global
upgradeCheck:
  enabled: true
  image: {}
    # repository:
    # tag:
  securityContext:
    # in alpine/debian/busybox based images, this is `nobody:nogroup`
    runAsUser: 65534
    fsGroup: 65534
  tolerations: []
  resources:
    requests:
      cpu: 50m
## Settings to for the Let's Encrypt ACME Issuer
certmanager-issuer:
  # The email address to register certificates requested from Let's Encrypt.
  # Required if using Let's Encrypt.
  email: kongx@example.com
## Installation & configuration of jetstack/cert-manager
## See requirements.yaml for current version
certmanager:
  createCustomResource: true
  nameOverride: cert-manager
  # Install cert-manager chart. Set to false if you already have cert-manager
  # installed or if you are not using cert-manager.
  install: true
  # Other cert-manager configurations from upstream
  # See https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/README.md#configuration
  rbac:
    create: true
  webhook:
    enabled: false
## doc/charts/nginx/index.md
## doc/architecture/decisions.md#nginx-ingress
## Installation & configuration of charts/ingress-nginx:
nginx-ingress:
  enabled: false
  tcpExternalConfig: "true"
  controller:
    addHeaders:
      Referrer-Policy: strict-origin-when-cross-origin
    config:
      hsts: "false"
      hsts-include-subdomains: "false"
      server-name-hash-bucket-size: "256"
      use-http2: "true"
      ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
      ssl-protocols: "TLSv1.3 TLSv1.2"
      server-tokens: "false"
    service:
      externalTrafficPolicy: "Local"
    resources:
      requests:
        cpu: 100m
        memory: 100Mi
    publishService:
      enabled: true
    replicaCount: 2
    minAvailable: 1
    scope:
      enabled: true
    metrics:
      enabled: true
      service:
        annotations:
          gitlab.com/prometheus_scrape: "true"
          gitlab.com/prometheus_port: "10254"
          prometheus.io/scrape: "true"
          prometheus.io/port: "10254"
    admissionWebhooks:
      enabled: false
  defaultBackend:
    enabled: true
    minAvailable: 1
    replicaCount: 1
    resources:
      requests:
        cpu: 5m
        memory: 5Mi
  rbac:
    create: true
    scope: true
  serviceAccount:
    create: true
## Installation & configuration of stable/prometheus
## See requirements.yaml for current version
prometheus:
  install: false
  rbac:
    create: true
  alertmanager:
    enabled: false
  alertmanagerFiles:
    alertmanager.yml: {}
  kubeStateMetrics:
    enabled: false
  nodeExporter:
    enabled: false
  pushgateway:
    enabled: false
  server:
    retention: 15d
  #
  serverFiles:
    prometheus.yml:
      scrape_configs:
        - job_name: prometheus
          static_configs:
            - targets:
              - localhost:9090
        - job_name: 'kubernetes-apiservers'
          kubernetes_sd_configs:
            - role: endpoints
          scheme: https
          tls_config:
            ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
            insecure_skip_verify: true
          bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
          relabel_configs:
            - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
              action: keep
              regex: default;kubernetes;https
        - job_name: 'kubernetes-pods'
          kubernetes_sd_configs:
            - role: pod
          relabel_configs:
            - source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape]
              action: keep
              regex: true
            - source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_path]
              action: replace
              target_label: __metrics_path__
              regex: (.+)
            - source_labels: [__address__, __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port]
              action: replace
              regex: ([^:]+)(?::\d+)?;(\d+)
              replacement: $1:$2
              target_label: __address__
            - action: labelmap
              regex: __meta_kubernetes_pod_label_(.+)
            - source_labels: [__meta_kubernetes_namespace]
              action: replace
              target_label: kubernetes_namespace
            - source_labels: [__meta_kubernetes_pod_name]
              action: replace
              target_label: kubernetes_pod_name
        - job_name: 'kubernetes-service-endpoints'
          kubernetes_sd_configs:
            - role: endpoints
          relabel_configs:
            - action: keep
              regex: true
              source_labels:
                - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape
            - action: replace
              regex: (https?)
              source_labels:
                - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme
              target_label: __scheme__
            - action: replace
              regex: (.+)
              source_labels:
                - __meta_kubernetes_service_annotation_gitlab_com_prometheus_path
              target_label: __metrics_path__
            - action: replace
              regex: ([^:]+)(?::\d+)?;(\d+)
              replacement: $1:$2
              source_labels:
                - __address__
                - __meta_kubernetes_service_annotation_gitlab_com_prometheus_port
              target_label: __address__
            - action: labelmap
              regex: __meta_kubernetes_service_label_(.+)
            - action: replace
              source_labels:
                - __meta_kubernetes_namespace
              target_label: kubernetes_namespace
            - action: replace
              source_labels:
                - __meta_kubernetes_service_name
              target_label: kubernetes_name
            - action: replace
              source_labels:
                - __meta_kubernetes_pod_node_name
              target_label: kubernetes_node
        - job_name: 'kubernetes-services'
          metrics_path: /probe
          params:
            module: [http_2xx]
          kubernetes_sd_configs:
            - role: service
          relabel_configs:
            - source_labels: [__meta_kubernetes_service_annotation_gitlab_com_prometheus_probe]
              action: keep
              regex: true
            - source_labels: [__address__]
              target_label: __param_target
            - target_label: __address__
              replacement: blackbox
            - source_labels: [__param_target]
              target_label: instance
            - action: labelmap
              regex: __meta_kubernetes_service_label_(.+)
            - source_labels: [__meta_kubernetes_namespace]
              target_label: kubernetes_namespace
            - source_labels: [__meta_kubernetes_service_name]
              target_label: kubernetes_name
## Configuration of Redis
## doc/architecture/decisions.md#redis
## doc/charts/redis
redis:
  install: false
  existingSecret: gitlab-redis-secret
  existingSecretKey: redis-password
  usePasswordFile: true
  cluster:
    enabled: false
  metrics:
    enabled: true
## Installation & configuration of stable/prostgresql
## See requirements.yaml for current version
postgresql:
  postgresqlUsername: gitlab
  # This just needs to be set. It will use a second entry in existingSecret for postgresql-postgres-password
  postgresqlPostgresPassword: bogus
  install: false
  postgresqlDatabase: gitlabhq_production
  image:
    tag: 11.9.0
  usePasswordFile: true
  existingSecret: 'bogus'
  initdbScriptsConfigMap: 'bogus'
  master:
    extraVolumeMounts:
      - name: custom-init-scripts
        mountPath: /docker-entrypoint-preinitdb.d/init_revision.sh
        subPath: init_revision.sh
    podAnnotations:
      postgresql.gitlab/init-revision: "1"
  metrics:
    enabled: true
    ## Optionally define additional custom metrics
    ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
## Installation & configuration charts/registry
## doc/architecture/decisions.md#registry
## doc/charts/registry/
# registry:
#   enabled: false
minio:
  persistence:
    storageClass: aliyun-ssd
    accessMode: ReadWriteOnce
    size: 30Gi
    matchLabels: {}
    matchExpressions: []
    subPath: "data"
    annotations: {}
## Automatic shared secret generation
## doc/installation/secrets.md
## doc/charts/shared-secrets
shared-secrets:
  enabled: true
  rbac:
    create: true
## Installation & configuration of gitlab/gitlab-runner
## See requirements.yaml for current version
gitlab-runner:
  install: true
  image: 	gitlab/gitlab-runner:v13.9.0
  rbac:
    create: true
  runners:
    locked: false
#    cache:
#      cacheType: s3
#      s3BucketName: runner-cache
#      cacheShared: true
#      s3BucketLocation: us-east-1
#      s3CachePath: gitlab-runner
#      s3CacheInsecure: false
  podAnnotations:
    gitlab.com/prometheus_scrape: "true"
    gitlab.com/prometheus_port: 9252
## Installation & configuration of stable/grafana
## See requirements.yaml for current version
## Controlled by `global.grafana.enabled`
grafana:
  ## Override and provide "bogus" administation secrets
  ## gitlab/gitlab-grafana provides overrides via shared-secrets
  admin:
    existingSecret: bogus
  env:
    GF_SECURITY_ADMIN_USER: bogus
    GF_SECURITY_ADMIN_PASSWORD: bogus
  ## This override allows gitlab/gitlab-grafana to completely override the secret
  ##   handling behavior of the upstream chart in combination with the above.
  command: [ "sh", "-x", "/tmp/scripts/import-secret.sh" ]
  ## The following settings allow Grafana to dynamically create
  ## dashboards and datasources from configmaps. See
  ## https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards
  sidecar:
    dashboards:
      enabled: true
      label: gitlab_grafana_dashboard
    datasources:
      enabled: true
      label: gitlab_grafana_datasource
  ## We host Grafana as a sub-url of GitLab
  grafana.ini:
    server:
      root_url: http://localhost/-/grafana/
  ## We generate and provide random passwords
  ## NOTE: the Secret & ConfigMap names are hard coded!
  extraSecretMounts:
    - name: initial-password
      mountPath: /tmp/initial
      readOnly: true
      secretName: gitlab-grafana-initial-password
      defaultMode: 400
  extraConfigmapMounts:
    - name: import-secret
      mountPath: /tmp/scripts
      configMap: gitlab-grafana-import-secret
      readOnly: true
  testFramework:
    enabled: false
## Settings for individual sub-charts under GitLab
## Note: Many of these settings are configurable via globals
gitlab:
  ## doc/charts/gitlab/task-runner
  task-runner:
    replicas: 1
    antiAffinityLabels:
      matchLabels:
        app: 'gitaly'
    image:
      repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
      tag: gitlab-task-runner-v13.8.4
## doc/charts/gitlab/migrations
  migrations:
     enabled: false
## doc/charts/gitlab/webservice
  webservice:
    enabled: false
    image:
      repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
      tag: gitlab-webservice-v13.8.4
## doc/charts/gitlab/sidekiq
  sidekiq:
    enabled: false
    image:
      repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
      tag: gitlab-sidekiq-v13.8.4
# doc/charts/gitlab/gitaly
  gitaly:
    persistence:
      enabled: true
      storageClass: aliyun-ssd
      accessMode: ReadWriteOnce
      size: 50Gi
      matchLabels: {}
      matchExpressions: []
      subPath: "data"
      annotations: {}
## doc/charts/gitlab/gitlab-shell
  gitlab-shell:
    enabled: true
    image:
      repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
      tag: gitlab-shell-v13.8.4
## doc/charts/gitlab/gitlab-grafana
#   gitlab-grafana:
  gitlab-exporter:
    enabled: true
    image:
      repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
      tag: gitlab-exporter-v13.8.4
Relevant logs
kubectl log -n gitlab gitlab-gitlab-runner-7f4894988d-bv4x8
ERROR: Registering runner... failed               [0;m  [31;1mrunner[0;m=WG21imqp [31;1mstatus[0;m=couldn't execute POST against http://git.example.com/api/v4/runners: Post http://git.example.com/api/v4/runners: dial tcp 47.101.209.165:80: connect: connection refused
[31;1mPANIC: Failed to register the runner. You may be having network problems.[0;m
then i consider is ingress config wrong? kubectl get ingress -n gitlab
NAME              HOSTS                  ADDRESS          PORTS     AGE
gitlab-gitaly     git.example.com        47.101.209.166   80        1d
gitlab-minio      minio.example.com                       80, 443   1d
gitlab-registry   registry.example.com                    80, 443   1d