- Create a k8s cluster https://cloud.digitalocean.com/kubernetes/clusters
- Install kubectl https://kubernetes.io/docs/tasks/tools/install-kubectl/
- Download config file from cluster page to
~/.kube/config
More info here: https://gitlab.com/help/user/project/clusters/index#adding-an-existing-kubernetes-cluster
Go to the group and add Kubernetes cluster https://gitlab.com/groups/urbica/-/clusters/
- Create a gitlab service account in the default namespace:
kubectl create -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: default
EOF
- Create a cluster role binding to give the gitlab service account cluster-admin privileges:
kubectl create -f - <<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
EOF
To determine the API URL
, run
kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
To determine the Token
, list the secrets by running:
kubectl get secrets
Note the name of the secret you need the token for. Get the token for the appropriate secret by running:
kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['token']}" | base64 -D
To determine the CA certificate
, run:
kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['ca\.crt']}" | base64 -D
Don't forget to enable RBAC
.
On the cluster settings page install:
- Helm Tiller
- Ingress
- Cert Manager
After installing Ingress, check that external ip is set and pointing to the right load balancer https://gitlab.com/help/user/project/clusters/index.md#getting-the-external-ip-address
For those who looking at this gitst in 2021, the ServiceAccount should be created under a
kube-system
namespace.But better check the GitLab docs https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html