Deprecation - runnerRegistrationToken in the GitLab Runner Helm Chart
/label release post release post item Technical Writing ~devops:: ~group:: release post itemdeprecation
/label typemaintenance
/milestone %
/assign @EM/PM
(choose the DRI; remove backticks here, and below)
Be sure to link this MR to the relevant deprecation issue(s).
- Deprecation Issue: #381111 (closed)
If there is no relevant deprecation issue, hit pause and:
- Review the process for deprecating and removing features.
- Connect with the Product Manager DRI.
Deprecation announcements can and should be created and merged into Docs at any time, to optimize user awareness and planning. We encourage confirmed deprecations to be merged as soon as the required reviews are complete, even if weeks ahead of the target milestone's release post. For the announcement to be included in a specific release post and that release's documentation packages, this MR must be reviewed/merged per the due dates below:
By the 10th: Assign this MR to these team members as Reviewer and for Approval (optional unless noted as required):
- Product Marketing:
@PMM
- Product Designer(s):
@ProductDesigners
- Product Group Manager or Director:
@PM
- Required - Engineering Manager:
@EM
- Required - Technical writer:
@TW
- Required
By 11:59 AM PDT 15th: EM/PM assigns this MR to the TW reviewer for final review and merge: @EM/PM
By 11:59 PM PDT 17th: TW Reviewer updates Docs by merging this MR to master
: @TW
Please review:
- The definitions of "Deprecation", "End of Support", and "Removal".
- The guidelines for deprecations.
- The process for creating a deprecation entry.
They are frequently updated, and everyone should make sure they are aware of the current standards (PM, PMM, EM, and TW).
EM/PM release post item checklist
-
Set yourself as the Assignee, meaning you are the DRI. -
If the deprecation is a breaking change, add label breaking change
. -
Follow the process to create a deprecation YAML file. -
Add reviewers by the 10th. -
When ready to be merged and not later than the 15th, add the ~ready
label and @ message the TW for final review and merge.
Reviewers
When the content is ready for review, it must be reviewed by a Technical Writer and Engineering Manager, but can also be reviewed by
Product Marketing, Product Design, and the Product Leaders for this area. Please use the
Reviewers for Merge Requests
feature for all reviews. Reviewers will then approve
the MR and remove themselves from Reviewers when their review is complete.
-
(Recommended) PMM -
(Optional) Product Designer -
(Optional) Group Manager or Director -
Required review and approval: Technical Writer designated to the corresponding DevOps stage/group.
Tech writer review
After being added as a Reviewer to this merge request, the TW performs their review according to the criteria described below.
Review deprecation MRs with a similar process as regular docs MRs. Add suggestions as needed, @ message the PM to inform them the first review is complete, and remove yourself as a reviewer if it's not ready for merge yet.
Expand for Details
-
Title: - Length limit: 7 words (not including articles or prepositions).
- Capitalization: ensure the title is sentence cased.
- Rewrite to exclude the words
deprecation
,deprecate
,removal
, andremove
if necessary.
-
Consistency: - Ensure that all resources (docs, deprecation, etc.) refer to the feature with the same term / feature name.
-
Content: - Make sure the deprecation is accurate based on your understanding. Look for typos or grammar mistakes. Work with PM and PMM to ensure a consistent GitLab style and tone for messaging, based on other features and deprecations.
- Review use of whitespace and bullet lists. Will the deprecation item be easily scannable when published? Consider adding line breaks or breaking content into bullets if you have more than a few sentences.
- Make sure there aren't acronyms readers may not understand per https://about.gitlab.com/handbook/communication/#writing-style-guidelines.
-
Links: - All links must be full URLs, as the deprecation YAML files are used in two different projects. Do not use relative links. The generated doc is an exception to the relative link rule and currently uses absolute links only.
- Make sure all links and anchors are correct. Do not link to the H1 (top) anchor on a docs page.
-
Code. Make sure any included code is wrapped in code blocks. -
Capitalization. Make sure to capitalize feature names. Stay consistent with the Documentation Style Guidance on Capitalization. -
Blank spaces. Remove unnecessary spaces (end of line spaces, double spaces, extra blank lines, and lines with only spaces).
When the PM indicates it is ready for merge and all issues have been addressed, start the merge process.
Technical writer merge process
The deprecations doc's .md
file
must be updated before this MR is merged:
- Check out the MR's branch (in the
gitlab-org/gitlab
project). - From the command line (in the branch), run
bin/rake gitlab:docs:compile_deprecations
. If you want to double check that it worked, you can runbin/rake gitlab:docs:check_deprecations
to verify that the doc is up to date. - Commit the updated file and push the changes.
- Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete).
If you have trouble running the Rake task, check the troubleshooting steps.
Merge request reports
Activity
@DarrenEastman thanks for adding the breaking change label!
This merge request introduces breaking changes. Learn more about breaking changes.
It's important to identify how the breaking change was introduced. To estimate the impact, try to assess the following:
- Are there existing users depending on this feature?
- Are self-managed customers affected?
- To verify and quantify usage, use Grafana or Kibana.
- If you're not sure about how to query the data, contact the infrastructure team on their Slack channel, #infrastructure-lounge
- Was sufficient time given to communicate the change?
- Changes in the permissions, the API schema, and the API response might affect existing 3rd party integrations.
- Reach out to the Support team or Technical Account Managers and ask about the possible impact of this change.
This message was generated automatically. You're welcome to improve it.
- Are there existing users depending on this feature?
added release post itemdeprecation label
assigned to @DarrenEastman
requested review from @fneill
requested review from @pedropombeiro
requested review from @ggeorgiev_gitlab
marked the checklist item If the deprecation is a breaking change, add label
breaking change
. as completedmarked the checklist item Follow the process to create a deprecation YAML file. as completed
1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/update/deprecations.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
@pedropombeiro @fneill @ggeorgiev_gitlab For review - this is the deprecation entry for Deprecation - runnerRegistrationToken in GitLab... (#381111 - closed)
- Resolved by Pedro Pombeiro (OOO from Feb 17th-21st)
- Resolved by Pedro Pombeiro (OOO from Feb 17th-21st)
changed milestone to %15.6
- Resolved by Pedro Pombeiro (OOO from Feb 17th-21st)
- Resolved by Pedro Pombeiro (OOO from Feb 17th-21st)
- Resolved by Pedro Pombeiro (OOO from Feb 17th-21st)
added Technical Writing label
added documentation label
marked the checklist item Required review and approval: Technical Writer designated to the corresponding DevOps stage/group. as completed
@fneill
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.
For more info, please refer to the following links:
marked the checklist item Capitalization. Make sure to capitalize feature names. Stay consistent with the Documentation Style Guidance on Capitalization. as completed
- Resolved by Fiona Neill
@DarrenEastman @pedropombeiro I've approved this MR, let me know when I'm good to merge
removed review request for @pedropombeiro
added Architecture Evolution Blueprint label
added 1079 commits
-
d11069e7...3fb99de9 - 1075 commits from branch
master
- 2d2c1428 - Initial deprecation post content
- ab22297a - Address MR review comments
- 41ab3923 - Apply 1 suggestion(s) to 1 file(s)
- 464ad496 - Amend deprecation announcement with more information
Toggle commit list-
d11069e7...3fb99de9 - 1075 commits from branch
added 619 commits
-
464ad496...2a4680d8 - 615 commits from branch
master
- 2b81869a - Initial deprecation post content
- e01ff4c6 - Address MR review comments
- 1234ff35 - Apply 1 suggestion(s) to 1 file(s)
- b78f9d7b - Amend deprecation announcement with more information
Toggle commit list-
464ad496...2a4680d8 - 615 commits from branch
enabled an automatic merge when the pipeline for f8ff7bff succeeds
enabled an automatic merge when the pipeline for d8831bfc succeeds
mentioned in commit 24eaa4ff
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
removed maintenanceremoval label
added deprecation label
mentioned in epic &7505
added workflowpost-deploy-db-production label and removed workflowproduction label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
mentioned in epic &9526
So how do I create an authentication token for a gitlab runner running in kubernetes now?
If I click here on Kubernetes
I am forwarded in this section (https://docs.gitlab.com/runner/install/kubernetes.html#required-configuration) to this URL to create a Group runner with authentication token (https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-a-group-runner-with-a-runner-authentication-token) which then leads me to exactly the same section that I posted above?
Edited by Raul Garcia Sanchez@raulgs you'd create the runner in that page, obtain the runner authentication token, and use that token for the
runnerToken
key invalues.yml
.@pedropombeiro any idea? To me the instructions look very confusing.
@raulgs to me it is not clear what your question refers to. Are you asking which operating system you should select in the screenshot above? I'd imagine you're running Linux?
@pedropombeiro I do not understand according to the updated documentation how I create a runner authentication token for a gitlab runner that is deployed to kubernetes. As I mentioned above the documentation is misleading and leads you in a circle without providing you an answer.
As shown in the screenshot for kubernetes you are provided with a URL which leads you to the first documentation which I posted. There you will forward to the next documentation which then tells you to go back to the page (Group Project/Build/Runners) of the screenshot.
@raulgs did you try completing the steps in the https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-a-group-runner-with-a-runner-authentication-token section that you linked? In step 9 you should see the token that you can use in
runnerToken
.Despite the deprecation warnings about
runnerRegisterToken
in the documentation, I can't use the new workflow fully. I would get an error like below, if I fill inrunnerToken
instead ofrunnerRegisterToken
. Is that what supposed to be? Thechart
andapp versions
arechart app gitlab-runner-0.59.2 16.6.1 Error:
ERROR: Verifying runner... is removed runner="redacted" status=POST https://gitlab.com/api/v4/runners/verify: 403 Forbidden PANIC: Failed to verify the runner. You may be having network problems.
@Nevroz are you creating the runner in the UI, taking its resulting runner token, and plugging that into the
runnerToken
value?@pedropombeiro Yes, that is what I do.
I made several attempts to find out whatrunnerToken
is.
I read this New Creation Workflow.
Nothing mentions whatrunnerToken
is though.
After then I read Workflow Diagram - Next GitLab Runner Token Architecture (parent epic).
There, you obtain a token as we did before for kubernetes. I didn't find any hint that differentiatesrunnerToken
fromrunnerRegisterToken
.
Surely I miss something. Then where can I obtain therunnerToken
?Edited by Nevroz Arslan@Nevroz the
runnerToken
is documented for instance in https://docs.gitlab.com/runner/install/kubernetes.html#required-configuration:When you go to the UI and create a runner configuration, you get back a runner authentication token (or
runnerToken
). You then need to add this to the helm chart so that it can authenticate with the GitLab instance and start to fetch jobs.@pedropombeiro With Kubernetes do we use the UI at all for runner creation? I have almost never used the UI.
I only use the UI for obtaining the registration token.
The instructions in the link that you have suggested assume a management with UI. I would use UI if I want to install the runner on OS Platform (Linux...), not on Kubernetes.
And a side note, the link that you suggested does not lead to a section of document, which identified by the anchor "generate-an-authentication-token". It looks like a mismatch. https://docs.gitlab.com/ee/ci/runners/runners_scope.html#generate-an-authentication-token
With Kubernetes do we use the UI at all for runner creation? I have almost never used the UI.
Exactly, as part of the changes done to remove the runner registration token, creating a runner now is more like creating a runner configuration. So you'd go to the UI to create a runner configuration, and then plug it in into the
values.yaml
. This is because we want to remove the ability for a bad actor to be able to create any configuration he wishes with a single registration token.And a side note, the link that you suggested does not lead to a section of document, which identified by the anchor "generate-an-authentication-token".
Hmm, looks like a broken link. I guess it should be linking to https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-a-shared-runner-with-a-runner-authentication-token. I'll open an MR to fix that, thanks for bringing it up
mentioned in merge request gitlab-runner!4539 (merged)
mentioned in epic &13319
mentioned in merge request gitlab-runner!5038 (merged)
mentioned in merge request gitlab-runner!5054 (merged)
mentioned in issue gitlab-runner#38236