Is CI_SERVER_TOKEN a drop in replacement for token in config.toml?
I'm setting up a Docker executor on Kubernetes. There's a token secret in the config.toml
config file, token
for runners. If I remove the token entry from the config.toml
config file and use the environmental variable CI_SERVER_TOKEN
with the same value, the following error gets logged, seemingly when the runner is attempting to contact the GitLab server:
[0;33mWARNING: Checking for jobs... failed [0;m [0;33mstatus[0;m=400 Bad Request
I know that the environmental variable CI_SERVER_TOKEN
is set because I can see it set when I shell into the container.
Details
Note: I am passing the runner token, not the registration token.
Secret
:
apiVersion: v1
kind: Secret
metadata:
name: gitlab-release-gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.1.0
release: gitlab-release
heritage: Tiller
data:
CI_SERVER_TOKEN: "base64 encoded Runner token"
ConfigMap
:
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-release-gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.1.0
release: gitlab-release
heritage: Tiller
data:
config.toml: |
concurrent = 1
[[runners]]
name = "Docker Runner"
url = "https://<gitlabserver>/ci"
tls-skip-verify = true
# token = "Runner token"
executor = "docker"
[runners.docker]
image = "openjdk:8-jdk"
privileged = false
pull_policy = "if-not-present"
volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
Deployment
:
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: gitlab-release-gitlab-runner
labels:
app: gitlab-runner
chart: gitlab-runner-0.1.0
release: gitlab-release
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-runner
release: gitlab-release
template:
metadata:
labels:
app: gitlab-runner
release: gitlab-release
spec:
containers:
- name: gitlab-runner
image: "gitlab/gitlab-runner:v11.3.1"
imagePullPolicy: Always
args:
- run
ports:
- containerPort: 9100
name: http-metrics
protocol: TCP
resources:
requests:
cpu: 3
memory: 12G
envFrom:
- secretRef:
name: gitlab-release-gitlab-runner
volumeMounts:
- mountPath: /etc/gitlab-runner
name: config
- mountPath: /etc/ssl/certs
name: cacerts
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
restartPolicy: Always
volumes:
- configMap:
name: gitlab-release-gitlab-runner
name: config
- hostPath:
path: /usr/share/ca-certificates/mozilla
name: cacerts
- hostPath:
path: /var/run/docker.sock
name: docker-socket
nodeSelector:
cloud.google.com/gke-nodepool: tf-gitlab-runner-pool