Gitlab-Runner | x509: certificate signed by unknown authority

Question

I'm trying to build then push image on gitlab container registry but i found below issue i'm using on premise Gitlab instance and the Gitlab runner is ubuntu that using shell executor I appreciate if someone can help to solve this issue Thanks a lot in advance

gitlab-runner config.toml

Answer 1

I solved the problem after adding the above configurations and i found the secret that i've created with wrong username for the gitlab but after adding the gitlab container registry on all the worker nodes and modifed the docker-registry secret everything is okay now but without your guidance i wouldn't solve it .

kubectl create secret docker-registry my-registry-key --docker-server=$CI_REGISTRY --docker-username=$GITLAB_USER --docker-password=$GITLAB_PASSWORD -n gitlab-test --dry-run=client -o yaml | kubectl apply -f -

Answer 2

Thanks Telinov for your efforts i just want to share with you that the kubernetes cluster is using container.d and these are the configurations that i set trying to solve the issue but it failed with the same issue : path : /etc/containerd/config.toml

  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."gitlab.example.com:5050"]
      insecure_skip_verify = true
  [plugins."io.containerd.grpc.v1.cri".registry.headers]

  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gitlab.example.com:5050"]
      endpoint = ["https://gitlab.example.com:5050"]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]

then systemctl restart containerd on all the kubernete nodes

Answer 3

Edit the daemon.json file, whose default location is /etc/docker/daemon.json inside gitlab-runner:

{
  "insecure-registries" : ["gitlab.example.com:5050"]
}