Gitlab runner fail to use cache with minio
I installed a self-hosted Gitlab using the Helm chart on a Kubernetes cluster. Everything is working fine except one thing: the cache.
In my .gitlab-ci.yml file I have
cache:
paths:
- .m2/repository/
- target/
But when running the job I have this warning when trying to download the cache:
WARNING: Retrying...
error=Get https://minio.mydomain.com/runner-cache/gitlab-runner/project/6/default?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx: x509: certificate signed by unknown authority
And when uploading I have:
WARNING: Retrying... error=received: 501 Not Implemented
Uploading cache.zip to https://minio.mydomain.com/runner-cache/gitlab-runner/project/6/default
FATAL: received: 501 Not Implemented
But the certificate is provided by LetsEncrypt so it's not an unknown authority. When I go on minio.mydomain.com I can see that the connection is secure
I've also check that the runner is using the right credentials and yes it is.
I'm kind of lost here. Any hints is welcome.
Thanks.
Similar Questions
1 Answer
You need to add the CA to the image that is hosting the cache.
You can follow these instructions from this gitlab issue for a workaround:
Update the helper image to have the ca chain for the self-signed certificate trusted.
FROM gitlab/gitlab-runner-helper:x86_64-latest RUN apk add --no-cache ca-certificates COPY ca.crt /usr/local/share/ca-certificates/ca.crt RUN update-ca-certificates RUN rm /usr/local/share/ca-certificates/ca.crt
docker build -t registry.gitlab.com/namespace/project/tools/gitlab-runner-helper:$SOME_TAGOverride the helper image used by GitLab by updating the config.toml to use the image you just build with the correct CA trusted.
If you are using the helm chart you can define
KUBERNETES_HELPER_CPU_LIMITenvironment variable and define it inenvVars
Hope this helps.