test

We’ve installed Gitlab CE on Ubuntu, and now we want to connect a kubernetes cluster we made so we can deploy and manage our applications.

We already made a group called softwarecompany on gitlab, which is a good middle ground for placing your kubernetes cluster. Remember, the areas you can connect your cluster are:

  • Instance level (any project can utilize the cluster)
  • Group level (any project in the group can utilize the cluster)
  • Project level (that project can utilize the cluster)

On the group page, the kubernetes button on the left shows us a

connect do cluster

You can click Integrate with a cluster certificate and we’ll continue to add our cluster.

We don’t want to create a new Amazon EKS or Google EKS. Click the Connect existing cluster button.

new k8s do

You can use any name. We’ll call ours review

We’re going to use the default scope of * meaning we’ll do deployments to any environment. Gitlab uses review/* for environment review branches, and there is also a staging and production.

If we want to add a production cluster later, we can add it with the production scope, and all future deployments to production will go to that cluster.

We found out how to get the API URL after connecting our cluster. Here is the command again:

kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}'

k8s dashboard

Here’s what we have so far.

k8s so far

Next let’s get the CA Certificate. First we have to get our cluster secrets

kubectl get secrets

k8s secrets

We only have one secret default-token-n76vz, lets plug that into the next command, to get the certificate of the cluster.

kubectl get secret default-token-n76vz -o jsonpath="{['data']['ca\.crt']}" | base64 --decode 

k8s cert1

We can put that certificate in the gitlab form to add an existing cluster. It will include the -’s and BEGIN / END CERTIFICATE.

Next we’re going to make a user for gitlab to use in the cluster. I’ll put this account detail that gitlab will use into a file. I’m going to store this in the ~/.kube directory.

First create the file.

nano ~/.kube/gitlab-admin-service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system
  • control + x to exit
  • y to save
  • enter to confirm file name

k8s user

Now use that file to create the user on the cluster.

kubectl apply -f ~/.kube/gitlab-admin-service-account.yaml

k8s user 1

Now the serviceaccount and clusterrolebinding have been created.

Let’s get the service token now.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')

k8s st 1

The highlighted part is the service token. We plug this into the rest of the Gitlab form.

k8s add done

We leave the defaults for gitlab management of the cluster, and hit Add Kubernetes Cluster.

We’ve added the cluster to Gitlab!

Before we can use it we need to install a few items on the cluster. Click the Applications tab to see what you can install on your cluster. Click install for each of the following items. Wait until one Install is finished before clicking the next one. Order does not matter.

  • Ingress
  • Cert-Manager
  • Prometheus
  • Gitlab Runner

k8s apps

  • Note: Installing Ingress will add a loadbalancer to your Digitalocean account ($10/month) k8s lb
  • Note: Installing Prometheus will add and attach 8GB of Digitalocean volume storage ($0.08/month). The monitoring log files are stored in this volume.

k8s vol

After you have installed all of the applications your cluster is now ready!

k8s app installed

You can now click the Health tab to see CPU and Memory usage of the cluster from Prometheus. This will fill up over time.

k8s health

The next step is to add a base domain so we can utilize auto devops. We will use k8s.80pxtesting.com, so we’ll add one wildcard DNS record for *.k8s. We are going to point them at our new load balancer, which should pop up under where the IP goes. You can see our loadbalancer here 164.90.246.155.

k8s add lb ns

Then we can add k8s.80pxtesting.com as the base domain, and save our changes.

k8s base domain

Finally, we can add one default environment variable for any project that uses this cluster. The environment variable is POSTGRES_ENABLED and we’re going to set it to false. The reason we do this is when it is true it will automatically provision Digitalocean Volume storage (which costs money), and create a Postgres pod on the cluster that it attaches to. This is great for auto-reviewing apps that have a database, but if you don’t you would have to set this variable on every project. Utilizing the auto database provisioning feature is available on Gitlab CE, but setting it up is an article for another day. To make our life easy, we’re going to disable it by default, and we can enable it on each project if we so choose.

Under the softwarecompany group on Gitlab, on the left select Settings > CI/CD. Now Expand Variables and add POSTGRES_ENABLED false

disable postgres automatically

  • Make sure to uncheck Protect variable so we say restrict postgres on all branches and tags
  • This variable, and more can be found in Gitlab’s documentation

And we have now fully connected gitlab to our kubernetes cluster. This is quite an accomplishment. Now we can deploy apps from docker images to our cluster, and easily manage them with gitlab’s many features. Lucky for us, gitlab auto deploy takes care of a lot of the automation for us.

Click here to learn how to deploy an app on this cluster from Gitlab.