Gitlab runner saves log to s3 despite expired cert

Summary

When using an external s3 storage as object store, pipeline logs will be stored even if the s3 storage is using an outdated ssl certificate. When retrieving the log again the gitlab server verifies the certificate and throws a 500-error because it's noticing that the certificate expired.

Steps to reproduce

  1. Prepare global.appConfig.object_store.enabled: true and set up your s3 connection data too.
  2. Have your s3 with an expired ssl certificate.
  3. Run any pipeline.
  4. Try to load your log after it was archived in s3. Make sure to hard-refresh all content (e.g. Ctrl + F5). See 500 error.
  5. Inspect your s3 to find the log there.

Configuration used

global:
  appConfig:
    object_store:
      enabled: true
      connection:
      ...add your own s3 connection data here, e.g. via a secret

Current behavior

Logs are saved in S3.

Expected behavior

Logs aren't saved in S3.

Versions

  • Chart: 5.10.5
  • Platform:
    • Cloud: -
    • Self-hosted: K8S
  • Kubernetes: (kubectl version)
    • Client: 1.21.0 and 1.23.5
    • Server: 1.20.9
  • Helm: (helm version)
    • Client: v3
    • Server: ?

Relevant logs

(Please provide any relevate log snippets you have collected, using code blocks (```) to format)

Edited by Peter Kruse