1

I have some GitLab pipelines which are using Kubernetes pods in EKS

I had some issues initially with token registration which was solved by resetting the token on GitLab and replacing it in gitlab-runner-secret

I do specify that I used for encoding

echo -n <key> | base 64

Now, I can see that the token registration is successfully, but I encounter the following error

ERROR: Job failed (system failure): prepare environment: Post https://xxx/api/v1/namespaces/kube-system/secrets: net/http: invalid header field value "Bearer \xbd\xxx" for key Authorization.

msilviu
  • 11
  • 3

1 Answers1

0

If possible, I would make a step which:

  • retrieve the secret value
  • display it (for testing; change it after debugging this issue)

You need to make sure the token does not contain any newlines or other special trailing characters (like an invisible stray Unicode character).

Check also if you can (or have) managed your Kubernetes secrets through a Sealed Secrets controller.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I did pass the token through all kinds of encoding and testing and also in Lens, before the encoding, was indeed a new line (when I went to show as decoding), but after all coding/decoding process "seemed" ok The problem that I have now is that i found the old token/or a different token? in another file (gitlab-runner-token) and I replaced with new one and now I get **ERROR: Job failed (system failure): prepare environment: Unauthorized.** (Maybe I am doing stupid things but I am a beginner with this process) – msilviu Jul 05 '22 at 06:23
  • @msilviu Maybe old files remains in that runner? (as [in here](https://stackoverflow.com/a/71662175/6309) or [there](https://stackoverflow.com/a/63159740/6309)) – VonC Jul 05 '22 at 06:26
  • I deleted the pod after the changes had been made, if this is what you mean – msilviu Jul 05 '22 at 06:29
  • @msilviu If that deletes the GitLab runner, then what I mentioned is not the issue, since everything would have been deleted. – VonC Jul 05 '22 at 06:30
  • Yes, indeed, the gitlab runner was also deleted, the new pod registered as a new runner But now the issue that I have is that maybe the token that I pasted doesn't fit with a certificate which I do not know from where to get it data: ca.crt.: xxx namespace: xxx token: xxx – msilviu Jul 05 '22 at 06:32
  • @msilviu OK. Can you edit and update your question with those additional details? – VonC Jul 05 '22 at 06:34