Install Kubernetes on Digital Ocean and run Gitlab

kube_gitlab.md

Installing Gitlab with DigitalOcean and Kuebernetes

Prerequisites

• Have a DigitalOcean Account, right now you can get 100$
• An empty project in your DigitalOcean account
• Familiarity with Kubernetes
• Kubernetes and Helm installed on your system

Create a Kubernetes Cluster

• In your DigitalOcean account create an empty project and go to Manage > Kubernetes
• Create your Kubernetes cluster with the proper requirements for Gitlab
• Download your config file via the grey button at the bottom of the page when your cluster finishes creating
• Create a floating IP to any droplet and then unassign it

Connect to your Kubernetes Cluster

• Install the config file you downloaded in your .kube directory and copy it into config
• Test your connection by running kubectl get node

Set Up RBAC

• Create a tiller namespace kubectl create namespace tiller
• Create a file called rbac-config.yaml in your .kube directory with the following contents

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: tiller
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: tiller

• Now run: kubectl create -f rbac-config.yaml and volia! you have your service account

Reference NOTE: We created a tiller namespace instead of using kube-system as this is best practice

Install TLS

• openssl genrsa -out ./ca.key.pem 4096
• cp /etc/ssl/openssl.cnf openssl-with-ca.cnf
• cat << END >> openssl-with-ca.cnf [ v3_ca ] basicConstraints = critical,CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always END
• openssl req -key ca.key.pem -new -x509 -days 14 -sha256 -out ca.cert.pem -extensions v3_ca -config openssl-with-ca.cnf
• openssl genrsa -out ./tiller.key.pem 4096
• openssl genrsa -out ./helm.key.pem 4096
• openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem
• openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem
• openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 14
• openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem -days 14
• mkdir $(helm home); cp ca.cert.pem $(helm home)/ca.pem; cp helm.cert.pem $(helm home)/cert.pem; cp helm.key.pem $(helm home)/key.pem
• helm init --tiller-namespace tiller --service-account tiller --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem

Reference NOTE: Our instructions are modified for mac-isms

Install Gitlab

• You're going to use the floating IP address you created earlier
• Create a wildcard DNS Entry
• If you're using terraform your entry may look something like this:

// *.test-gitlab.ops-fabric.com.
resource "google_dns_record_set" "test_gitlab_ops_fabric_com" {
   managed_zone = "some zone"
   name = "*.test-gitlab.ops-fabric.com"
   type = "A"
   ttl = 300
   rrdatas = ["<FLOATING IP>"] // test-gitlab digital ocean k8s nginx ingress
}

• Get the Helm Gitlab chart: helm repo add gitlab https://charts.gitlab.io/
• Update your repo: helm repo update
• Now run the install: helm upgrade --tls --tiller-namespace=tiller --install gitlab gitlab/gitlab --timeout 600 --set global.hosts.domain=test-gitlab.ops-fabric.com --set global.hosts.externalIP=<FLOATING IP> --set [email protected]
• Now use the Load Balancer IP and change your DNS, find the gitlab-nginx-ingress-controller LoadBalancer service kubectl get services to get your external IP
• You can check the install by kubectl get pods, once all pods are completed you can go to your gitlab URL and log in

Reference

Log In To Gitlab

• kubectl get secret <name>-gitlab-initial-root-password -ojsonpath={.data.password} | base64 --decode ; echo gets you the password and root is the username
• Go to your account and change your password
• Have fun with Gitlab