我已经在 Kubernetes 集群上的命名空间 gitlab-runner
下安装了 GitLab Runner。操作步骤如下:
# cat <<EOF | kubectl create -f -
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gitlab-runner",
"labels": {
"name": "gitlab-runner"
}
}
}
# helm repo add gitlab https://charts.gitlab.io
# cat <<EOF|helm install --namespace gitlab-runner gitlab-runner -f - gitlab/gitlab-runner
gitlabUrl: https://gitlab.mycompany.com
runnerRegistrationToken: "c................Z"
GitLab Runner已经与GitLab项目正确注册,但是所有作业均失败。
快速查看GitLab Runner日志告诉我,GitLab Runner使用的服务帐户缺少适当的权限。
# kubectl logs --namespace gitlabrunner gitlab-runner-gitlab-runner-xxxxxxxxx
ERROR: Job failed (system failure): pods is forbidden: User "system:serviceaccount:gitlabrunner:default" cannot create resource "pods" in API group "" in the namespace "gitlab-runner" duration=42.095493ms job=37482 project=yyy runner=xxxxxxx
GitLab Runner Kubernetes执行程序需要哪些权限?