在遵循官方文档-> https://docs.gitlab.com/runner/install/kubernetes.html(使用kubernetes执行程序)后,我试图在kubernetes集群上“运行” gitlab-runner,一旦部署,我会收到错误消息:
错误:无法启动容器“ gitlab-runner”:错误响应来自 守护程序:创建装入源路径时出错 '/ usr / share / ca-certificates / mozilla':mkdir / usr / share / ca-certificates / mozilla:只读文件系统
我正在使用该网站中的示例,但无法弄清楚为什么不允许创建该目录(据我了解,默认用户是root)
这是我的config-map.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: gitlab
data:
config.toml: |
concurrent = 1
[[runners]]
name = "Kubernetes Runner"
url = "URL"
token = "TOKEN"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab"
这是Deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
name: gitlab-runner
template:
metadata:
labels:
name: gitlab-runner
spec:
containers:
- args:
- run
image: gitlab/gitlab-runner:alpine-v11.5.0
imagePullPolicy: Always
name: gitlab-runner
volumeMounts:
- mountPath: /etc/gitlab-runner
name: config
- mountPath: /etc/ssl/certs
name: cacerts
readOnly: true
restartPolicy: Always
volumes:
- configMap:
name: gitlab-runner
name: config
- hostPath:
path: /usr/share/ca-certificates/mozilla
name: cacerts
这是初始化容器的事件的完整列表:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 29s default-scheduler Successfully assigned gitlab-runner-5b689c7cbc-hw6r5 to gke-my-project-dev-default-pool-0d32b263-6skk
Normal SuccessfulMountVolume 29s kubelet, gke-my-project-dev-default-pool-0d32b263-6skk MountVolume.SetUp succeeded for volume "cacerts"
Normal SuccessfulMountVolume 29s kubelet, gke-my-project-dev-default-pool-0d32b263-6skk MountVolume.SetUp succeeded for volume "config"
Normal SuccessfulMountVolume 29s kubelet, gke-my-project-dev-default-pool-0d32b263-6skk MountVolume.SetUp succeeded for volume "default-token-6hr2h"
Normal Pulling 23s (x2 over 28s) kubelet, gke-my-project-dev-default-pool-0d32b263-6skk pulling image "gitlab/gitlab-runner:alpine-v11.5.0"
Normal Pulled 19s (x2 over 24s) kubelet, gke-my-project-dev-default-pool-0d32b263-6skk Successfully pulled image "gitlab/gitlab-runner:alpine-v11.5.0"
Normal Created 19s (x2 over 24s) kubelet, gke-my-project-dev-default-pool-0d32b263-6skk Created container
Warning Failed 19s (x2 over 24s) kubelet, gke-my-project-dev-default-pool-0d32b263-6skk Error: failed to start container "gitlab-runner": Error response from daemon: error while creating mount source path '/usr/share/ca-certificates/mozilla': mkdir /usr/share/ca-certificates/mozilla: read-only file system
Warning BackOff 14s kubelet, gke-my-project-dev-default-pool-0d32b263-6skk Back-off restarting failed container
任何线索都会受到赞赏
谢谢
答案 0 :(得分:1)
从日志中,我猜测您正在使用 GKE 。 Google安全性可挂载您的/文件系统(请参见here)。这就是为什么您会出错。
通过启用容器的privileged模式进行尝试:
containers:
securityContext:
privileged: true
如果这不起作用,则将/usr/share/ca-certificates/mozilla更改为/var/SOMETHING(不确定,这是一个好的解决方案)。如果/usr/share/ca-certificates/mozilla中有文件,则将它们移动/复制到/var/SOMETHING
答案 1 :(得分:1)
最后,我在这里使用它来注册并运行在GKE上运行gitlab-runner
ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner-cm
namespace: gitlab
data:
config.toml: |
concurrent = 4
check_interval = 30
entrypoint: |
#!/bin/bash
set -xe
cp /scripts/config.toml /etc/gitlab-runner/
# Register the runner
/entrypoint register --non-interactive \
--url $GITLAB_URL \
--tag-list "kubernetes, my_project" \
--kubernetes-image "alpine:latest" \
--kubernetes-namespace "gitlab" \
--executor kubernetes \
--config "/etc/gitlab-runner/config.toml" \
--locked=false \
--run-untagged=true \
--description "My Project - Kubernetes Runner" \
--kubernetes-privileged
# Start the runner
/entrypoint run --user=gitlab-runner \
--working-directory=/home/gitlab-runner \
--config "/etc/gitlab-runner/config.toml"
部署:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
spec:
containers:
- name: gitlab-runner
image: gitlab/gitlab-runner:latest
command: ["/bin/bash", "/scripts/entrypoint"]
env:
- name: GITLAB_URL
value: "URL"
- name: REGISTRATION_TOKEN
value: "TOKEN"
- name: KUBERNETES_NAMESPACE
value: gitlab
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
imagePullPolicy: Always
volumeMounts:
- name: config
mountPath: /scripts
- name: google-cloud-key
mountPath: /var/secrets/google
restartPolicy: Always
volumes:
- name: config
configMap:
name: gitlab-runner-cm
- name: google-cloud-key
secret:
secretName: gitlab-runner-sa
自动缩放:
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: gitlab-runner-hpa
namespace: gitlab
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: gitlab-runner
minReplicas: 1
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 50
我希望这对尝试在Google Kubernetes Engine上的Kubernetes集群中运行Gitlab Runner的人有所帮助