Problem installing gitlab-runner on Kubernetes
Summary
Problem installing gitlab-runner on kubernetes cluster via gitlab. I have behind a restricted firewall. A lot of endpoints has been whitelisted. I guess it is because of our firewall restriction but as I cannot see deeply the error in logs, I cannot whitelist it.
Steps to reproduce
- Configure existing kubernetes cluster
- Install Helm tiller application from Gitlab
- Install Giltab-runner application from Gitlab (fail)
What is the current bug behavior?
Something went wrong while installing GitLab Runner Operation failed. Check pod logs for install-runner for more details.
Relevant logs and/or screenshots
:~$ kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:45:25Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
:~$ kubectl logs install-runner -n gitlab-managed-apps
+ helm init --upgrade
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!
+ seq 1 30
+ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
+ echo 'Retrying (1)...'
+ helm version
Retrying (1)...
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
Retrying (2)...
+ echo 'Retrying (2)...'
+ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
.....
.....
+ echo 'Retrying (24)...'
+ helm version
Retrying (24)...
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
+ echo 'Retrying (25)...'
+ helm version
Retrying (25)...
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
Retrying (26)...
+ echo 'Retrying (26)...'
+ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
+ echo 'Retrying (27)...'
+ helm version
Retrying (27)...
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
Retrying (28)...
+ echo 'Retrying (28)...'
+ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
+ echo 'Retrying (29)...'
+ helm version
Retrying (29)...
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Error: cannot connect to Tiller
+ sleep 1s
+ echo 'Retrying (30)...'
+ helm repo add runner https://charts.gitlab.io
Retrying (30)...
"runner" has been added to your repositories
+ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "runner" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
+ helm upgrade runner runner/gitlab-runner --install --reset-values --tls --tls-ca-cert /data/helm/runner/config/ca.pem --tls-cert /data/helm/runner/config/cert.pem --tls-key /data/helm/runner/config/key.pem --version 0.5.2 --set 'rbac.create=true,rbac.enabled=true' --namespace gitlab-managed-apps -f /data/helm/runner/config/values.yaml
Error: failed to download "runner/gitlab-runner" (hint: running `helm repo update` may help)
:~$ kubectl --namespace gitlab-managed-apps logs tiller-deploy-7fb68896db-bhdvf
[main] 2019/07/10 13:33:52 Starting Tiller v2.12.3 (tls=true)
[main] 2019/07/10 13:33:52 GRPC listening on :44134
[main] 2019/07/10 13:33:52 Probes listening on :44135
[main] 2019/07/10 13:33:52 Storage driver is ConfigMap
[main] 2019/07/10 13:33:52 Max history per release is 0
[tiller] 2019/07/10 13:39:42 getting history for release prometheus
[storage] 2019/07/10 13:39:42 getting release history for "prometheus"
[tiller] 2019/07/10 13:39:42 preparing install for prometheus
[storage] 2019/07/10 13:39:42 getting release history for "prometheus"
[tiller] 2019/07/10 13:39:42 rendering prometheus chart using values
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-pvc.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/server-networkpolicy.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/node-exporter-service.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-configmap.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-deployment.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/server-ingress.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/pushgateway-deployment.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/kube-state-metrics-networkpolicy.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-ingress.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/pushgateway-ingress.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-networkpolicy.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/pushgateway-service.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/node-exporter-daemonset.yaml" is empty. Skipping.
2019/07/10 13:39:42 info: manifest "prometheus/templates/alertmanager-service.yaml" is empty. Skipping.
[tiller] 2019/07/10 13:39:42 performing install for prometheus
[tiller] 2019/07/10 13:39:42 executing 0 crd-install hooks for prometheus
[tiller] 2019/07/10 13:39:42 hooks complete for crd-install prometheus
[tiller] 2019/07/10 13:39:42 executing 0 pre-install hooks for prometheus
[tiller] 2019/07/10 13:39:42 hooks complete for pre-install prometheus
[storage] 2019/07/10 13:39:42 getting release history for "prometheus"
[storage] 2019/07/10 13:39:42 creating release "prometheus.v1"
[kube] 2019/07/10 13:39:42 building resources from manifest
[kube] 2019/07/10 13:39:42 creating 15 resource(s)
[tiller] 2019/07/10 13:39:43 executing 0 post-install hooks for prometheus
[tiller] 2019/07/10 13:39:43 hooks complete for post-install prometheus
[storage] 2019/07/10 13:39:43 updating release "prometheus.v1"
[storage] 2019/07/10 13:39:43 getting last revision of "prometheus"
[storage] 2019/07/10 13:39:43 getting release history for "prometheus"
[kube] 2019/07/10 13:39:43 Doing get for ConfigMap: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ConfigMap/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for PersistentVolumeClaim: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/PersistentVolumeClaim/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for ServiceAccount: "prometheus-alertmanager"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ServiceAccount/prometheus-alertmanager
[kube] 2019/07/10 13:39:43 Doing get for ServiceAccount: "prometheus-kube-state-metrics"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ServiceAccount/prometheus-kube-state-metrics
[kube] 2019/07/10 13:39:43 Doing get for ServiceAccount: "prometheus-node-exporter"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ServiceAccount/prometheus-node-exporter
[kube] 2019/07/10 13:39:43 Doing get for ServiceAccount: "prometheus-pushgateway"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ServiceAccount/prometheus-pushgateway
[kube] 2019/07/10 13:39:43 Doing get for ServiceAccount: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/ServiceAccount/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for ClusterRole: "prometheus-kube-state-metrics"
[kube] 2019/07/10 13:39:43 get relation pod of object: /ClusterRole/prometheus-kube-state-metrics
[kube] 2019/07/10 13:39:43 Doing get for ClusterRole: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: /ClusterRole/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for ClusterRoleBinding: "prometheus-kube-state-metrics"
[kube] 2019/07/10 13:39:43 get relation pod of object: /ClusterRoleBinding/prometheus-kube-state-metrics
[kube] 2019/07/10 13:39:43 Doing get for ClusterRoleBinding: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: /ClusterRoleBinding/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for Service: "prometheus-kube-state-metrics"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/Service/prometheus-kube-state-metrics
[kube] 2019/07/10 13:39:43 Doing get for Service: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/Service/prometheus-prometheus-server
[kube] 2019/07/10 13:39:43 Doing get for Deployment: "prometheus-kube-state-metrics"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/Deployment/prometheus-kube-state-metrics
[kube] 2019/07/10 13:39:43 Doing get for Deployment: "prometheus-prometheus-server"
[kube] 2019/07/10 13:39:43 get relation pod of object: gitlab-managed-apps/Deployment/prometheus-prometheus-server
[tiller] 2019/07/10 13:39:47 getting history for release certmanager
[storage] 2019/07/10 13:39:47 getting release history for "certmanager"
[tiller] 2019/07/10 13:39:48 preparing install for certmanager
[storage] 2019/07/10 13:39:48 getting release history for "certmanager"
[tiller] 2019/07/10 13:39:48 rendering cert-manager chart using values
2019/07/10 13:39:48 info: manifest "cert-manager/templates/00-namespace.yaml" is empty. Skipping.
[tiller] 2019/07/10 13:39:48 performing install for certmanager
[tiller] 2019/07/10 13:39:48 executing 3 crd-install hooks for certmanager
[kube] 2019/07/10 13:39:48 building resources from manifest
[kube] 2019/07/10 13:39:48 creating 1 resource(s)
[kube] 2019/07/10 13:39:48 building resources from manifest
[kube] 2019/07/10 13:39:48 creating 1 resource(s)
[kube] 2019/07/10 13:39:48 building resources from manifest
[kube] 2019/07/10 13:39:48 creating 1 resource(s)
[tiller] 2019/07/10 13:39:48 hooks complete for crd-install certmanager
[tiller] 2019/07/10 13:39:48 executing 3 pre-install hooks for certmanager
[tiller] 2019/07/10 13:39:48 hooks complete for pre-install certmanager
[storage] 2019/07/10 13:39:48 getting release history for "certmanager"
[storage] 2019/07/10 13:39:48 creating release "certmanager.v1"
[kube] 2019/07/10 13:39:48 building resources from manifest
[kube] 2019/07/10 13:39:48 creating 4 resource(s)
[tiller] 2019/07/10 13:39:48 executing 3 post-install hooks for certmanager
[tiller] 2019/07/10 13:39:48 hooks complete for post-install certmanager
[storage] 2019/07/10 13:39:48 updating release "certmanager.v1"
[storage] 2019/07/10 13:39:48 getting last revision of "certmanager"
[storage] 2019/07/10 13:39:48 getting release history for "certmanager"
[kube] 2019/07/10 13:39:48 Doing get for ServiceAccount: "certmanager-cert-manager"
[kube] 2019/07/10 13:39:48 get relation pod of object: gitlab-managed-apps/ServiceAccount/certmanager-cert-manager
[kube] 2019/07/10 13:39:48 Doing get for ClusterRole: "certmanager-cert-manager"
[kube] 2019/07/10 13:39:48 get relation pod of object: /ClusterRole/certmanager-cert-manager
[kube] 2019/07/10 13:39:48 Doing get for ClusterRoleBinding: "certmanager-cert-manager"
[kube] 2019/07/10 13:39:48 get relation pod of object: /ClusterRoleBinding/certmanager-cert-manager
[kube] 2019/07/10 13:39:48 Doing get for Deployment: "certmanager-cert-manager"
[kube] 2019/07/10 13:39:48 get relation pod of object: gitlab-managed-apps/Deployment/certmanager-cert-manager
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
System information System: Ubuntu 18.04 Current User: git Using RVM: no Ruby Version: 2.6.3p62 Gem Version: 3.0.3 Bundler Version:1.17.3 Rake Version: 12.3.2 Redis Version: 4.0.9 Git Version: 2.22.0 Sidekiq Version:5.2.7 Go Version: go1.11.10 linux/amd64
GitLab information Version: 12.0.2 Revision: 1a9fd38a4ca Directory: /home/git/gitlab DB Adapter: PostgreSQL DB Version: 10.9 Using LDAP: yes Using Omniauth: yes Omniauth Providers: saml
GitLab Shell Version: 9.3.0 Repository storage paths:
- default: /home/git/repositories GitLab Shell path: /home/git/gitlab-shell Git: /usr/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
Checking GitLab subtasks ...
Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 9.3.0 ? ... OK (9.3.0) Running /home/git/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
Access to /home/git/.ssh/authorized_keys: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results) Checking LDAP ... Finished
Checking GitLab App ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... yes Init script up-to-date? ... yes Projects have namespace: ... 5/2 ... yes 6/3 ... yes 12/4 ... yes 8/6 ... yes 12/7 ... yes 12/9 ... yes 2/12 ... yes 14/13 ... yes 12/14 ... yes 14/15 ... yes 8/16 ... yes 14/17 ... yes 12/18 ... yes 12/21 ... yes 12/22 ... yes 12/23 ... yes 12/24 ... yes 4/25 ... yes 12/26 ... yes 12/28 ... yes 12/29 ... yes 46/30 ... yes 12/31 ... yes 46/32 ... yes 6/33 ... yes 12/34 ... yes 12/35 ... yes 12/36 ... yes 6/37 ... yes 46/39 ... yes 12/41 ... yes 12/42 ... yes 6/186 ... yes 6/187 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.3) Git version >= 2.21.0 ? ... yes (2.22.0) Git user has default SSH configuration? ... yes Active users: ... 19
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished