Install Kubernettes Cluster & Gitlab server (On-Premise Environment)
Kubernetes Cluster:
OS Version : Ubuntu 18.04.4 LTS
Docker Version : 18.06.1~ce~3-0~ubuntu
Kubernetes Version : 1.13.5
devops@dmanager01:~$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
dmanager01 Ready master 10m v1.13.5
dworker01 Ready <none> 41s v1.13.5
dworker02 Ready <none> 22s v1.13.5
GitLab Server (Communitte Edition)
Gitlab Version : gitlab-ce-12.9.2-ce
[root@gitlab ~]# gitlab-rake gitlab:env:info
System information
System:
Current User: git
Using RVM: no
Ruby Version: 2.6.5p114
Gem Version: 2.7.10
Bundler Version:1.17.3
Rake Version: 12.3.3
Redis Version: 5.0.7
Git Version: 2.24.1
Sidekiq Version:5.2.7
Go Version: unknown
GitLab information
Version: 12.9.2
Revision: ac5568eb5d8
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 10.12
URL: https://gitlab.domain.com
HTTP Clone URL: https://gitlab.domain.com/some-group/some-project.git
SSH Clone URL: git@gitlab.domain.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:
GitLab Shell
Version: 12.0.0
Repository storage paths: – default: /var/opt/gitlab/git-data/repositories
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Git: /opt/gitlab/embedded/bin/git
To integrate the internal (private) kubernetes cluster
1. Login to your Gitlab Portal with root account and access https://gitlab.domain.com/admin/application_settings/network
Check both Outbound requests (by default unchecked and internal network not allowed)
Allow requests to the local network from web hooks and services
Allow requests to the local network from system hooks
2. Login to your portal https://gitlab.domain.com/
Create User, Group and New Private Project
3. Integration kubenetes with the GitLab project
From the GitLab’s web interface, Select your project – Goto Operations Kubernetes – Add Kubernetes cluster – Add existing cluster
A. Kubernetes cluster name (required) – The name you wish to give the cluster – ProjectACluster
B. Environment scope (required) – The associated environment to this cluster – Staging
C. API URL (required) – URL that GitLab uses to access the Kubernetes API – https://10.64.213.100:6443 (You can get the URL by this command : kubectl cluster-info | grep ‘Kubernetes master’ | awk ‘/http/ {print $NF}’)
D. CA certificate (required) – A valid Kubernetes certificate is needed to authenticate to the cluster. You can use the certificate created by default.
List the secrets and get the CA Certificate
kubectl get secrets
kubectl get secret <secret name> -o jsonpath=”{[‘data’][‘ca\.crt’]}” | base64 –decode
E. Token – GitLab authenticates against Kubernetes using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. To create this service account create the following YAML file and apply – kubectl apply -f gitlab-admin-service-account.yaml
vi gitlab-admin-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-admin
namespace: kube-system
—
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
– kind: ServiceAccount
name: gitlab-admin
namespace: kube-system
Retrieve the token for the gitlab-admin service account, Copy the Token and paste in the Token field.
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk ‘{print $1}’)
F. GitLab-managed cluster – Leave this checked if you want GitLab to manage namespaces and service accounts for this cluster
G. Project namespace (optional) – You don’t have to fill it in; by leaving it blank, GitLab will create one for you. Also:
Finally, click the Create Kubernetes cluster button.