rpsene/gitlab-kubernetes

## gitlab-kubernetes
## Get API URL

oc cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}'

output: https://api.ocp-46-20210119-145312-23b3a025d7.158.175.162.14.nip.io:6443

## Get CA certificate

oc get secrets

NAME                       TYPE                                  DATA   AGE
builder-dockercfg-t76gr    kubernetes.io/dockercfg               1      23h
builder-token-7tm2c        kubernetes.io/service-account-token   4      23h
builder-token-99fhw        kubernetes.io/service-account-token   4      23h
default-dockercfg-4dzv6    kubernetes.io/dockercfg               1      23h
>>>> default-token-7gpgt        kubernetes.io/service-account-token   4      23h <<<<
default-token-f4mqb        kubernetes.io/service-account-token   4      23h
deployer-dockercfg-68cjd   kubernetes.io/dockercfg               1      23h
deployer-token-5ph47       kubernetes.io/service-account-token   4      23h
deployer-token-phw7h       kubernetes.io/service-account-token   4      23h

oc get secret default-token-7gpgt -o jsonpath="{['data']['ca\.crt']}" | base64 --decode

A chain file has following structure:

   -----BEGIN MY CERTIFICATE-----
   -----END MY CERTIFICATE-----
   -----BEGIN INTERMEDIATE CERTIFICATE-----
   -----END INTERMEDIATE CERTIFICATE-----
   -----BEGIN INTERMEDIATE CERTIFICATE-----
   -----END INTERMEDIATE CERTIFICATE-----
   -----BEGIN ROOT CERTIFICATE-----
   -----END ROOT CERTIFICATE-----

# cat ./gitlab-admin-service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system

oc apply -f gitlab-admin-service-account.yaml

## Get the token for the gitlab service account:

oc -n kube-system describe secret $(oc -n kube-system get secret | grep gitlab | awk '{print $1}')
	## Get API URL

	oc cluster-info \| grep -E 'Kubernetes master\|Kubernetes control plane' \| awk '/http/ {print $NF}'

	output: https://api.ocp-46-20210119-145312-23b3a025d7.158.175.162.14.nip.io:6443

	## Get CA certificate

	oc get secrets

	NAME TYPE DATA AGE
	builder-dockercfg-t76gr kubernetes.io/dockercfg 1 23h
	builder-token-7tm2c kubernetes.io/service-account-token 4 23h
	builder-token-99fhw kubernetes.io/service-account-token 4 23h
	default-dockercfg-4dzv6 kubernetes.io/dockercfg 1 23h
	>>>> default-token-7gpgt kubernetes.io/service-account-token 4 23h <<<<
	default-token-f4mqb kubernetes.io/service-account-token 4 23h
	deployer-dockercfg-68cjd kubernetes.io/dockercfg 1 23h
	deployer-token-5ph47 kubernetes.io/service-account-token 4 23h
	deployer-token-phw7h kubernetes.io/service-account-token 4 23h

	oc get secret default-token-7gpgt -o jsonpath="{['data']['ca\.crt']}" \| base64 --decode

	A chain file has following structure:

	-----BEGIN MY CERTIFICATE-----
	-----END MY CERTIFICATE-----
	-----BEGIN INTERMEDIATE CERTIFICATE-----
	-----END INTERMEDIATE CERTIFICATE-----
	-----BEGIN INTERMEDIATE CERTIFICATE-----
	-----END INTERMEDIATE CERTIFICATE-----
	-----BEGIN ROOT CERTIFICATE-----
	-----END ROOT CERTIFICATE-----

	# cat ./gitlab-admin-service-account.yaml

	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: gitlab
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: gitlab-admin
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: gitlab
	namespace: kube-system

	oc apply -f gitlab-admin-service-account.yaml

	## Get the token for the gitlab service account:

	oc -n kube-system describe secret $(oc -n kube-system get secret \| grep gitlab \| awk '{print $1}')