Skip to content

Instantly share code, notes, and snippets.

@stepankuzmin
Created January 4, 2019 10:22
Show Gist options
  • Save stepankuzmin/796ecff801227773e920f1468e7a1ae6 to your computer and use it in GitHub Desktop.
Save stepankuzmin/796ecff801227773e920f1468e7a1ae6 to your computer and use it in GitHub Desktop.
Gitlab AutoDevops on DigitalOcean k8s

Gitlab AutoDevops on DigitalOcean k8s

Creating k8s cluster on DigitalOcean

  1. Create a k8s cluster https://cloud.digitalocean.com/kubernetes/clusters
  2. Install kubectl https://kubernetes.io/docs/tasks/tools/install-kubectl/
  3. Download config file from cluster page to ~/.kube/config

Adding k8s cluster to Gitlab project

More info here: https://gitlab.com/help/user/project/clusters/index#adding-an-existing-kubernetes-cluster

Go to the group and add Kubernetes cluster https://gitlab.com/groups/urbica/-/clusters/

  1. Create a gitlab service account in the default namespace:
kubectl create -f - <<EOF
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: gitlab
    namespace: default
EOF
  1. Create a cluster role binding to give the gitlab service account cluster-admin privileges:
kubectl create -f - <<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: gitlab-cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab
  namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF

To determine the API URL, run

kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'

To determine the Token, list the secrets by running:

kubectl get secrets

Note the name of the secret you need the token for. Get the token for the appropriate secret by running:

kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['token']}" | base64 -D

To determine the CA certificate, run:

kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['ca\.crt']}" | base64 -D

Don't forget to enable RBAC.

On the cluster settings page install:

  • Helm Tiller
  • Ingress
  • Cert Manager

After installing Ingress, check that external ip is set and pointing to the right load balancer https://gitlab.com/help/user/project/clusters/index.md#getting-the-external-ip-address

@SilverFire
Copy link

For those who looking at this gitst in 2021, the ServiceAccount should be created under a kube-system namespace.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system

But better check the GitLab docs https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment