rpsene · January 21, 2021 20:05
diff --git a/gitlab-kubernetes b/gitlab-kubernetes
 ## Get API URL

 oc cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}'

 output: https://api.ocp-46-20210119-145312-23b3a025d7.158.175.162.14.nip.io:6443

 ## Get CA certificate

 oc get secrets

 NAME                       TYPE                                  DATA   AGE
 builder-dockercfg-t76gr    kubernetes.io/dockercfg               1      23h
 builder-token-7tm2c        kubernetes.io/service-account-token   4      23h
 builder-token-99fhw        kubernetes.io/service-account-token   4      23h
 default-dockercfg-4dzv6    kubernetes.io/dockercfg               1      23h
 >>>> default-token-7gpgt        kubernetes.io/service-account-token   4      23h <<<<
 default-token-f4mqb        kubernetes.io/service-account-token   4      23h
 deployer-dockercfg-68cjd   kubernetes.io/dockercfg               1      23h
 deployer-token-5ph47       kubernetes.io/service-account-token   4      23h
 deployer-token-phw7h       kubernetes.io/service-account-token   4      23h

 oc get secret default-token-7gpgt -o jsonpath="{['data']['ca\.crt']}" | base64 --decode

 A chain file has following structure:

   -----BEGIN MY CERTIFICATE-----
   -----END MY CERTIFICATE-----
   -----BEGIN INTERMEDIATE CERTIFICATE-----
   -----END INTERMEDIATE CERTIFICATE-----
   -----BEGIN INTERMEDIATE CERTIFICATE-----
   -----END INTERMEDIATE CERTIFICATE-----
   -----BEGIN ROOT CERTIFICATE-----
   -----END ROOT CERTIFICATE-----

 # cat ./gitlab-admin-service-account.yaml

 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: gitlab
  namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: gitlab-admin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system

 oc apply -f gitlab-admin-service-account.yaml

 ## Get the token for the gitlab service account:

 oc -n kube-system describe secret $(oc -n kube-system get secret | grep gitlab | awk '{print $1}')
	## Get API URL

	oc cluster-info \| grep -E 'Kubernetes master\|Kubernetes control plane' \| awk '/http/ {print $NF}'

	output: https://api.ocp-46-20210119-145312-23b3a025d7.158.175.162.14.nip.io:6443

	## Get CA certificate

	oc get secrets

	NAME TYPE DATA AGE
	builder-dockercfg-t76gr kubernetes.io/dockercfg 1 23h
	builder-token-7tm2c kubernetes.io/service-account-token 4 23h
	builder-token-99fhw kubernetes.io/service-account-token 4 23h
	default-dockercfg-4dzv6 kubernetes.io/dockercfg 1 23h
	>>>> default-token-7gpgt kubernetes.io/service-account-token 4 23h <<<<
	default-token-f4mqb kubernetes.io/service-account-token 4 23h
	deployer-dockercfg-68cjd kubernetes.io/dockercfg 1 23h
	deployer-token-5ph47 kubernetes.io/service-account-token 4 23h
	deployer-token-phw7h kubernetes.io/service-account-token 4 23h

	oc get secret default-token-7gpgt -o jsonpath="{['data']['ca\.crt']}" \| base64 --decode

	A chain file has following structure:

	-----BEGIN MY CERTIFICATE-----
	-----END MY CERTIFICATE-----
	-----BEGIN INTERMEDIATE CERTIFICATE-----
	-----END INTERMEDIATE CERTIFICATE-----
	-----BEGIN INTERMEDIATE CERTIFICATE-----
	-----END INTERMEDIATE CERTIFICATE-----
	-----BEGIN ROOT CERTIFICATE-----
	-----END ROOT CERTIFICATE-----

	# cat ./gitlab-admin-service-account.yaml

	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: gitlab
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: gitlab-admin
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: gitlab
	namespace: kube-system

	oc apply -f gitlab-admin-service-account.yaml

	## Get the token for the gitlab service account:

	oc -n kube-system describe secret $(oc -n kube-system get secret \| grep gitlab \| awk '{print $1}')