This instruction is how to get the required information for adding a kubernetes cluster into GitLab from DigitalOcean
Create your cluster in DigitalOcean however you wish and once complete and ready, login to your GitLab project / group and use the following instructions.
For this you need to get the API URL, cert, token and make a service account for gitlab to use.
Note: Ensure that you check RBAC enabled when setting up the cluster
Download the JSON config from digitalocean and copy it it to ~/.kube/cluster-name.yaml You can then modify your KUBE config in your bash profile like so:
# use multiple kubeconfig files at the same time and view merged config
export KUBECONFIG=~/.kube/cluster-staging-kubeconfig.yaml:~/.kube/cluster-prod-kubeconfig.yaml
Note: I am not using the default ~/.kube/config in here, I removed it
foo@bar:~$ kubectl cluster-info
Kubernetes master is running at https://abd7298c-a9eb-4ddf-8f69-4b3fe403f7a3.k8s.ondigitalocean.com
Use the above URL as API URL
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: default
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
Now use this file to create the service account in your cluster
foo@bar:~$ kubectl create -f gitlab/gitlab-service-account.yaml
serviceaccount "gitlab" created
clusterrolebinding.rbac.authorization.k8s.io "gitlab-cluster-admin" created
First list secrets and see what the name of the GitLab one is called.
foo@bar:~$ kubectl get secrets
NAME TYPE DATA AGE
default-token-dq8sx kubernetes.io/service-account-token 3 11h
gitlab-token-qghxc kubernetes.io/service-account-token 3 9h
Now using the name of the gitlab-token-* you can get the cert and token using kubectl
Note: REPLACE "gitlab-token-qghxc" with your GitLab secret name
kubectl get secret gitlab-token-qghxc -o jsonpath="{['data']['token']}" | base64 --decode
You will copy the output from this and use this as your token
kubectl get secret gitlab-token-qghxc -o jsonpath="{['data']['ca\.crt']}" | base64 -D
You will copy the output from this and use this as your cert
This is optional but I prefer it so you can use kubectl proxy and have a GUI interface into your cluster so you can easily see what is going on at a glance
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml