GitLab Runner OpenShift error: could not lock config file //.gitconfig: Permission denied
Summary
Summarize the bug encountered concisely
GitLab runner with kubernetes executor wont work with privileged = false
container option .
Steps to reproduce
Configure GitLab runner for working with RH OpenShift platform , configmap :
- kind: "ConfigMap"
apiVersion: v1
metadata:
name: "${APP_NAME}"
namespace: "${NAMESPACE}"
data:
config.toml: |
concurrent = 1
check_interval = 0
[[runners]]
name = "openshift"
url = "https://gitlab.consto.com/"
token = "${TOKEN}"
executor = "kubernetes"
[runners.cache]
[runners.kubernetes]
service-account = "runner-sa"
bearer_token_overwrite_allowed = true
image = ""
namespace = "${NAMESPACE}"
namespace_overwrite_allowed = ""
privileged = false
service_account_overwrite_allowed = ""
pod_annotations_overwrite_allowed = ""
SCC for service account runner-sa
:
- kind: "SecurityContextConstraints"
apiVersion: v1
metadata:
name: gitlab-runner
allowPrivilegedContainer: yes
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
fsGroup:
type: RunAsAny
supplementalGroups:
type: RunAsAny
allowHostDirVolumePlugin: true
users:
- system:serviceaccount:${NAMESPACE}:runner-sa
Pipelines running only if option privileged
has true
value , else
I get error : error: could not lock config file //.gitconfig: Permission denied
Actual behavior
What actually happens
Expected behavior
GitLab runner working with not privileged mode .
Relevant logs and/or screenshots
Running with gitlab-runner 11.1.0 (081978aa)
on openshift ff568bcd
"BearerToken" overwritten with "XXXXXXXX..."
Using Kubernetes namespace: building-base-images
Using Kubernetes executor with image docker-registry.consto.com/openshift3/ose-ansible:latest ...
Waiting for pod building-base-images/runner-ff568bcd-project-20-concurrent-05qvzr to be running, status is Pending
Waiting for pod building-base-images/runner-ff568bcd-project-20-concurrent-05qvzr to be running, status is Pending
Running on runner-ff568bcd-project-20-concurrent-05qvzr via gitlab-runner-01-18-s9klb...
error: could not lock config file //.gitconfig: Permission denied
ERROR: Job failed: command terminated with exit code 1
Environment description
openshift 3.10 gitlab ee 11.0.3-ee (f25aa33)
Used GitLab Runner version
gitlab-runner 11.1.0 (081978aa)