Specifying K8s namesapce for Gitlab runner

Question

I have a Gitlab runner using a K8s executor. But when running the pipeline I am getting below error

Checking for jobs... received                       job=552009999 
repo_url=https://gitlab.com/deadbug/rns.git runner=ZuT1t3BJ
WARNING: Namespace is empty, therefore assuming 'default'.  job=552009999 project=18763260 
runner=ThT1t3BJ
ERROR: Job failed (system failure): secrets is forbidden: User "deadbug" cannot create resource 
"secrets" in API group "" in the namespace "default"  duration=548.0062ms job=552009999 

From the error message, I undestand the namespace needs to be updated. I specified namespace in the Gitlab variables

But after this also, pipeline is failing with the above error message. How do I change the namespace for the runner ?

Answer 1

You may be having the same issue I was having. Instead of installing the Gitlab Runner into the existing Kubernetes cluster with helm install, I used helm template and another manager to install it (kapp). This breaks the logic in the Helm template that specifies the namespace as the one used in the helm install (See code). This led the runner to attempt to create the pods in the default namespace, instead of the namespace I created. I was able to specify it manually in my values.yml file though:

runners:
  namespace: my-namespace

Answer 2

This seems to be linked to the permissions of the service account rather than the namespace directly. If you use GitLab's Kubernetes integration, you should not override the namespace, as GitLab will create one for you.

Make sure the service account you added to GitLab has the correct role. From https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html:

When GitLab creates the cluster, a gitlab service account with cluster-admin privileges is created in the default namespace to manage the newly created cluster