Skip to content

Instantly share code, notes, and snippets.

@tomcorbett

tomcorbett/digitalocean-gitlab-kubernetes-setup.md

Last active December 21, 2018 16:34
Show Gist options
  • Save tomcorbett/750210ff95ff613afff8cc311a991d7b to your computer and use it in GitHub Desktop.
Save tomcorbett/750210ff95ff613afff8cc311a991d7b to your computer and use it in GitHub Desktop.
Download ZIP
Brief Description of the steps I took to integrate GitLab with a Digital Ocean Kubernetes Cluster
Raw
digitalocean-gitlab-kubernetes-setup.md

GitLab setup for k8s

This instruction is how to get the required information for adding a kubernetes cluster into GitLab from DigitalOcean

Create your cluster

Create your cluster in DigitalOcean however you wish and once complete and ready, login to your GitLab project / group and use the following instructions.

Configure cluster ready for GitLab

For this you need to get the API URL, cert, token and make a service account for gitlab to use.

Note: Ensure that you check RBAC enabled when setting up the cluster

Auth to your cluster

Download the JSON config from digitalocean and copy it it to ~/.kube/cluster-name.yaml You can then modify your KUBE config in your bash profile like so:

# use multiple kubeconfig files at the same time and view merged config
export KUBECONFIG=~/.kube/cluster-staging-kubeconfig.yaml:~/.kube/cluster-prod-kubeconfig.yaml

Note: I am not using the default ~/.kube/config in here, I removed it

Get the API URL/ensure you can reach your cluster

foo@bar:~$ kubectl cluster-info
Kubernetes master is running at https://abd7298c-a9eb-4ddf-8f69-4b3fe403f7a3.k8s.ondigitalocean.com

Use the above URL as API URL

Make the service account for GitLab

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: default
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: gitlab-cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab
  namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

Now use this file to create the service account in your cluster

foo@bar:~$ kubectl create -f gitlab/gitlab-service-account.yaml 
serviceaccount "gitlab" created
clusterrolebinding.rbac.authorization.k8s.io "gitlab-cluster-admin" created

Get secret name

First list secrets and see what the name of the GitLab one is called.

foo@bar:~$ kubectl get secrets
NAME                  TYPE                                  DATA      AGE
default-token-dq8sx   kubernetes.io/service-account-token   3         11h
gitlab-token-qghxc    kubernetes.io/service-account-token   3         9h

Now using the name of the gitlab-token-* you can get the cert and token using kubectl

Note: REPLACE "gitlab-token-qghxc" with your GitLab secret name

kubectl get secret gitlab-token-qghxc -o jsonpath="{['data']['token']}" | base64 --decode

You will copy the output from this and use this as your token

kubectl get secret gitlab-token-qghxc -o jsonpath="{['data']['ca\.crt']}" | base64 -D

You will copy the output from this and use this as your cert

install the dashboard

This is optional but I prefer it so you can use kubectl proxy and have a GUI interface into your cluster so you can easily see what is going on at a glance

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment