Unable to schedule windows jobs using gitlab kubernetes executor
Problem
A GitLab Ultimate customer cannot use GitLab Kubernetes executor to schedule windows jobs.
Error
ERROR: Job failed (system failure): prepare environment: admission webhook "windows.common-webhooks.networking.gke.io" denied the request: [spec.containers[0].securityContext: Invalid value: v1.SecurityContext{Capabilities:(*v1.Capabilities)(0xc0006f80c0), Privileged:(*bool)(0xc000866c6a), SELinuxOptions:(*v1.SELinuxOptions)(nil), WindowsOptions:(*v1.WindowsSecurityContextOptions)(nil), RunAsUser:(*int64)(nil), RunAsGroup:(*int64)(nil), RunAsNonRoot:(*bool)(nil), ReadOnlyRootFilesystem:(*bool)(nil), AllowPrivilegeEscalation:(*bool)(nil), ProcMount:(*v1.ProcMountType)(nil), SeccompProfile:(*v1.SeccompProfile)(nil)}: Windows does not support this field. Note that defaults may be allowed for compatibility., spec.containers[1].securityContext: Invalid value: v1.SecurityContext{Capabilities:(*v1.Capabilities)(0xc0006f8120), Privileged:(*bool)(0xc000867277), SELinuxOptions:(*v1.SELinuxOptions)(nil), WindowsOptions:(*v1.WindowsSecurityContextOptions)(nil), RunAsUser:(*int64)(nil), RunAsGroup:(*int64)(nil), RunAsNonRoot:(*bool)(nil), ReadOnlyRootFilesystem:(*bool)(nil), AllowPrivilegeEscalation:(*bool)(nil), ProcMount:(*v1.ProcMountType)(nil), SeccompProfile:(*v1.SeccompProfile)(nil)}: Windows does not support this field. Note that defaults may be allowed for compatibility.]. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
More info:
Kubernetes version: GKE Standard (v1.21)
Gitlab runner: chart-version (gitlab-runner-0.27.0), app version (13.10.0)
GitLab Runner Version: 14.10.1
Gitlab runner config.toml file:
[[runners]]
shell = "pwsh"
[runners.kubernetes]
helper_image = "gitlab/gitlab-runner-helper:x86_64-bleeding-servercore20H2"
environment = ["FF_USE_POWERSHELL_PATH_RESOLVER=1"]
service_account_overwrite_allowed = "cicd"
[runners.kubernetes.pod_annotations]
"cluster-autoscaler.kubernetes.io/safe-to-evict" = "true"
[runners.cache]
Type = "gcs"
Path = "cache"
Shared = true
[runners.cache.gcs]
CredentialsFile = "/secrets/runners-cache-sa.json"
BucketName = "runners-cache-gto-npd-r-ue4"
[runners.kubernetes.node_selector]
"kubernetes.io/os" = "windows"
related issue: #4014 (comment 617105726)
support ticket: ZD
This comment is from 9 months ago and the issue has since been closed: #4014 (comment 628148189)
However, it seems to still be affecting at least some customers, as the following new issue reflects.