GitLab y u no easy Kubernetes

GitLab y u no easy Kubernetes

The first thing we need to do is add a Kubernetes cluster to GitLab. You can do this at the Group level (share cluster between projects) or the project level. The project I am working on has a React application for the Front-end and a Service Stack API for the Back-end, so I am going to add the cluster at the Group level.

Navigate to the group in GitLab and select Kubernetes, currently found in the left side menu, and click "Add Kubernetes cluster"

GitLab allows you to add a Google hosted Kubernetes Engine, however I ran into many errors and issues so decided to go for a DigitalOcean hosted cluster. This option worked out much cheaper and I was also able to actually get it to work, a win win in my mind, as we are not going to use Google Compute we will opted to "Add existing cluster".

To get these values is straight forward but not immediately apparent and you may end up doing a lot of documentation diving to work out what is what, so if you want to reuse my excursion in to the documentation here is what to do.

After following the getting started guide from DigitalOcean on cluster set up the following bash commands will get you the values for the first three fields in the above form.

Kubernetes cluster name

kubectl config view --raw --flatten -o json | jq -r '.clusters[] | select(.name == "'$(kubectl config current-context)'") | .name'

API URL

kubectl config view --raw --flatten -o json | jq -r '.clusters[] | select(.name == "'$(kubectl config current-context)'") | .cluster.server'

CA Certificate

kubectl config view --raw --flatten -o json | jq -r '.clusters[] | select(.name == "'$(kubectl config current-context)'") | .cluster."certificate-authority-data"' | base64 --decode

To get the Token we first need to create a user with the correct ClusterRoleBindings, we can do this by creating the following YAML files

gitlab-serviceaccount.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: default

gitlab-serviceaccount-ClusterRoleBinding.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab
  namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

With these two files create you can use ```kubectl create -f``` to apply them to the cluster.

kubectl create -f gitlab-serviceaccount.yaml
kubectl create -f gitlab-serviceaccount-ClusterRoleBinding.yml

Now with a GitLab service account created we can get the Token with this bash command

kubectl -o json get secret | jq -r '.items[] | select(.metadata.annotations."kubernetes.io/service-account.name" == "gitlab") | .data.token' | base64 --decode

Finally make sure RBAC-enabled cluster is checked.

With the form now complete click the "Add Kubernetes cluster" and we are done.