If a tag is changed on the runner, it's correctly registered on gitlab servers getting a new auth token, however, it shows that it has never contacted the gitlab server.
Check if the propagation from deployment to the pod is working as expected, write a test which covers the issue if it;s not.
In a classical gitlab-runner deployment, I will set some properties like "environment" (for example in order to declare HTTP proxy). This property is not specific to the Kubernetes executor. So, I cannot declare it in the executor_config.
I'm actively looking for a way to have a single gilab-runner instance running multiple «runners» in order to create a single shared runner for dedicated groups/projects (cf. https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/230) while controlling the number of total jobs via a single concurrent property.
Do you think it make sense to improve your operator with a new CRD (for example SharedRunner) allowing to define multiple registrations while keeping a single gitlab-runner?