Connecting GitLab to Kubernetes

GitLab has this cool looking “Add Kubernetes Cluster” button which let’s you connect a project to Kubernetes and automate the DevOps workflow. I’m honestly not entirely sure what it does, but the button looks cool and I’ve been wanting to click it for a few months now.

Enabling API Access

The Kubernetes API is only available over HTTPS (by default?) and uses a bunch of self-signed certificates in the process. Those self-signed certificates reference the hostname of the Master Node — which in my case has an address like 192.168.1.2. If you try and connect to that Master Node using an address other than 192.168.1.2, like an external IP address or public DNS name, the TLS check will fail because the certificate doesn’t include that name. GitLab will need to connect using an external IP or public DNS name, so we need to update the certificates for the API server to keep the TLS gods happy.

On your firewall / router, forward port 6443 to the internal IP of the Kubernetes master node. Boom, the internet can talk to your API server.

Adding a Service Account

Instead of giving GitLab your default login information I created a new Service Account and granted it cluster-admin privileges to set everything up. To create a new Service Account called “gitlab” use:

And assign it the cluster-admin role using:

In this case, gitlab-cluster-admin refers to the name of this service account↔role mapping and our service account was created in the default namespace

Filling out the Gitlab UI

Kubernetes cluster name: Any name you want to reference this cluster.

API URL: https://73.112.123.115:6443, substitute in your external IP address or public DNS name for the cluster.

CA Certificate: This value should be the same for all users accessing your cluster but you can use a command to fish it out for the specific Service Account we’ll be using.

Token: Usekubectl get secret gitlab2-token-r56q4 -o jsonpath=”{[‘data’][‘token’]}” | base64 -d again replacing gitlab-token-r56q4 with the name of your secret.

Project namespace (optional, unique): Leave blank. gitlab will auto generate this.

RBAC-enabled cluster: Check the box. I don’t know what RBAC is, but it seems to be setup by default(?) on most clusters.

The final form should look something like this —

Click “Add Kubernetes cluster” and enjoy your setup!

If for some reason that didn’t work] I found it useful to try to cURL at your API server from another external machine using a command like:

You should see a JSON structure describing your pods (if any). The errors from cURL are pretty useful to debug and seem to provide a bit more detail than the Gitlab UI currently does.

Happy clustering!

Related posts:

O principal objetivo dos veículos de comunicação é levar a notícia ao público de maneira isenta, que dá ao receptor liberdade de tirar suas próprias conclusões sobre o assunto. Sendo esse objetivo…

This post is the submission made by SHOUT, the campaign for social housing (@4socialhousing) to the Affordable Housing Commission. The AHC is chaired by Lord Best with a strong team of Commissioners…

I recently finished the book called “The Magic of Thinking Big” by David Schwartz and its one of the best books I have ever read. Here are my thoughts about the book. According to David Schwartz…