-
Error:
Job failed (system failure): secrets is forbidden
-
Error:
Unable to mount volumes for pod
- Slow artifact uploads to Google Cloud Storage
-
PANIC: creating directory: mkdir /nonexistent: permission denied
-
Error:
invalid header field for "Private-Token"
- FATAL: Runner configuration is reserved
Troubleshooting GitLab Runner Helm chart
Error: Job failed (system failure): secrets is forbidden
If you see the following error, enable RBAC support to correct it:
Using Kubernetes executor with image alpine ...
ERROR: Job failed (system failure): secrets is forbidden: User "system:serviceaccount:gitlab:default"
cannot create resource "secrets" in API group "" in the namespace "gitlab"
Error: Unable to mount volumes for pod
If you see mount volume failures for a required secret, ensure that you have stored registration tokens or runner tokens in secrets.
Slow artifact uploads to Google Cloud Storage
Artifact uploads to Google Cloud Storage can experience reduced performance (a slower bandwidth rate) due to the runner helper pod becoming CPU bound. To mitigate this problem, increase the Helper pod CPU Limit:
runners:
config: |
[[runners]]
[runners.kubernetes]
helper_cpu_limit = "250m"
For more information, see issue 28393.
PANIC: creating directory: mkdir /nonexistent: permission denied
To resolve this error, switch to the Ubuntu-based GitLab Runner Docker image.
Error: invalid header field for "Private-Token"
You might see this error if the runner-token
value in gitlab-runner-secret
is base64-encoded with a newline character (\n
) at the end:
couldn't execute POST against "https:/gitlab.example.com/api/v4/runners/verify":
net/http: invalid header field for "Private-Token"
To resolve this issue, ensure a newline (\n
) is not appended to the token value.
For example: echo -n glrt-A5sFGybkt0pY8AdVLnx4 | base64
.
FATAL: Runner configuration is reserved
You might get the following error in the pod logs after installing the GitLab Runner Helm chart:
FATAL: Runner configuration other than name and executor configuration is reserved
(specifically --locked, --access-level, --run-untagged, --maximum-timeout, --paused, --tag-list, and --maintenance-note)
and cannot be specified when registering with a runner authentication token. This configuration is specified
on the GitLab server. Please try again without specifying any of those arguments
This error happens when you use an authentication token, and provide a token through a secret. To fix it, review your values YAML file and make sure that you are not using any deprecated values. For more information about which values are deprecated, see Installing GitLab Runner with Helm chart.