Skip to content

Instantly share code, notes, and snippets.

@hardyscc

hardyscc/gitlab-microk8s.md

Last active August 26, 2023 02:44
Show Gist options
  • Save hardyscc/b64d3c0e1ab20004a3e9431e74fd88cd to your computer and use it in GitHub Desktop.
Save hardyscc/b64d3c0e1ab20004a3e9431e74fd88cd to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab MicroK8s CI/CD Integration
Raw
gitlab-microk8s.md

Gitlab MicroK8s CI/CD Integration

Install microk8s

sudo apt-get update
sudo apt-get upgrade -y

sudo snap install microk8s --classic --channel=1.25/stable
sudo microk8s status --wait-ready

Install plugins

sudo microk8s enable dns ingress rbac hostpath-storage

Switch to use kubectl

sudo snap install kubectl helm --classic
mkdir ~/.kube
sudo microk8s config > ~/.kube/config
chmod 600 ~/.kube/config

Install Ingress & Cert Manager

sudo microk8s enable community
sudo microk8s enable cert-manager
kubectl apply -f - <<EOF
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: letsencrypt-account-key
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          class: public
EOF

Sample Ingress for your service

kubectl create ingress my-ingress     
  --annotation cert-manager.io/cluster-issuer=letsencrypt     
  --rule 'my-service.example.com/*=my-service:80,tls=my-service-tls'

Add your domain as follow

sudo sed -i '/DNS.5/a \
DNS.6 = api.yourdomain.com' /var/snap/microk8s/current/certs/csr.conf.template

Config DNS

  • A-Record : yourdomain.com > <YOUR_IP_ADDRESS>
  • Alias (CNAME) : api.yourdomain.com > yourdomain.com
  • Alias (CNAME) : *.apps.yourdomain.com > yourdomain.com

Config Port Forward

  • 80
  • 443
  • 16443

Gitlab setup

  • Kubernetes cluster name : microk8s-cluster
  • API URL : https://api.yourdomain.com:16443
  • Base Domain : apps.yourdomain.com

Get the CA Certificate

sudo cat /var/snap/microk8s/current/certs/ca.crt

Get the Service Token

kubectl -n kube-system create serviceaccount gitlab
kubectl create clusterrolebinding gitlab-admin --clusterrole=cluster-admin --serviceaccount=kube-system:gitlab
kubectl apply -n kube-system -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: gitlab-token
  annotations:
    kubernetes.io/service-account.name: gitlab
type: kubernetes.io/service-account-token
EOF
kubectl -n kube-system describe secret gitlab-token

Reset microk8s

sudo microk8s reset

Uninstall microk8s

sudo snap remove microk8s
@LucianoFaretra
Copy link

@LucianoFaretra so your Cert is simular to this right?

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIJALEkmUYtmH2oMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
...
z3GpblY=
-----END CERTIFICATE-----

Was my mistake, i didn't include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- strings of the certificate

@PhMakowski
Copy link

Thanks
can you explain "Config Port Forward" please ?

@hardyscc
Copy link
Author

@PhMakowski this only needed if you running your server through a NAT router.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment