Cannot run jobs after v14.2.0 update: error setting ownerReferences
Summary
I was investigating #28094 (closed), when I followed @ggeorgiev_gitlab's suggestion about trying out v14.2.0 and all subsequent CI jobs turned red.
Steps to reproduce
- Update gitlab-runner (kubernetes executor) to v14.2.0
- Rerun a green job
Actual behavior
Job fails immediately with these logs:
Running with gitlab-runner 14.2.0 (58ba2b95)
on malt-gitlab-runner-ops-1306-gitlab-runner-7789fd9cb7-g4xk9 2nPrdUaA
Resolving secrets 00:00
Preparing the "kubernetes" executor 00:00
Using Kubernetes namespace: gitlab-runner
Using Kubernetes executor with image ubuntu:20.04 ...
Using attach strategy to execute scripts...
Preparing environment 00:00
ERROR: Error cleaning up secrets: resource name may not be empty
ERROR: Job failed (system failure): prepare environment: setting up build pod: error setting ownerReferences: secrets "runner-2nprduaa-project-29093473-concurrent-08pg4s" is forbidden: User "system:serviceaccount:gitlab-runner:malt-gitlab-runner-ops-1306-gitlab-runner" cannot update resource "secrets" in API group "" in the namespace "gitlab-runner". Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
Expected behavior
Job remains green.
Possible fixes
I suspect the rbac section in values.yaml needs be tweaked as a followup of !2983 (merged). This way, the service account is granted the missing permission. How does that sound to you @ratchade?
Edited by Johan Lorenzo