GitLab¶
Deploy GitLab¶
Instead of using the official helm chart for GitLab, we use a stripped down version that
- Exposes GitLab at
gitlab.example.com
. - Exposes Docker Registry at
registry.example.com
. - Listens only on HTTP while TLS is handled by Ingress.
- Uses an admin service account.
- Uses a PVC to store data.
To deploy GitLab run:
$ kubectl apply -f gitlab/gitlab.yaml
To expose GitLab, create an Ingress resource:
$ kubectl apply -f gitlab/ingress.yaml
To visit GitLab go to https://gitlab.example.com.
Note
Serving GitLab under prefix is not that straightforward (see https://docs.gitlab.com/ee/install/relative_url.html)
Add Kubernetes Cluster to GitLab¶
To add the Kubernetes Cluster to GitLab follow https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster.
We have enabled private access to the EKS cluster so we have to allow Requests to the local network in GitLab (see https://gitlab.com/gitlab-org/gitlab-foss/-/issues/57948). Go to Admin -> Settings -> Network -> Outbound Requests -> Allow requests to the local network from hooks and services and allow both.
To obtain the endpoint of the cluster run:
$ kubectl config view -o json --raw --minify=true | jq -r '.clusters[].cluster.server'
To obtain the CA certificate of the cluster run:
$ kubectl config view -o json --raw --minify=true | \
> jq -r '.clusters[].cluster["certificate-authority-data"]' | \
> base64 -d
To obtain an admin token, since GitLab is already running with admin service account create a dedicated admin token:
$ kubectl apply -f gitlab/gitlab-admin-token.yaml
$ kubectl get secrets -n gitlab gitlab-admin-token -o json | \
> jq -r '.data.token' | base64 -d