Adding kubernetes cluster to our private gitlab server

For installing Helm, described rights was not enough for me. I have to do this:

### http://centosquestions.com/kubernetes-error-namespaces-gitlab-managed-apps-forbidden-user-systemserviceaccountgitlab-managed-appsgitlab-sa-cannot-get-namespaces-namespace-gitlab-managed-apps/
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts

I figured out how add a DigitalOcean Cluster to GitLab. The steps I took (set up your kubectl to use your DigitalOcean Cluster first):

create a new namespace kubectl create namespace gitlabkubesandbox switch to that new namespace kubectl config set-context $(kubectl config current-context) --namespace=gitlabkubesandbox create a service account kubectl create -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: gitlab EOF make the new service account cluster admin kubectl create clusterrolebinding gitlab-cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=gitlabkubesandbox:gitlab describe the new service account kubectl describe serviceAccounts gitlab get the secret kubectl describe secret [secret name found in the response form above] copy the token start the dashboard kubectl proxy open the dashboard in your browser http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ switch to the namespace “gitlabkubesandbox” go to secrets => the secret from above

Values for GitLab: Kubernetes cluster name: whatever API URL: cluster server from the kubeconfig.yml CA Certificate: ca.crt from the Dashboard Token: token from the Dashboard Project namespace: gitlabkubesandbox Check RBAC-enabled when adding the Cluster to GitLab.

Done!

I figured out how add a DigitalOcean Cluster to GitLab. The steps I took (set up your kubectl to use your DigitalOcean Cluster first):

create a new namespace kubectl create namespace gitlabkubesandbox switch to that new namespace kubectl config set-context $(kubectl config current-context) --namespace=gitlabkubesandbox create a service account kubectl create -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: gitlab EOF make the new service account cluster admin kubectl create clusterrolebinding gitlab-cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=gitlabkubesandbox:gitlab describe the new service account kubectl describe serviceAccounts gitlab get the secret kubectl describe secret [secret name found in the response form above] copy the token start the dashboard kubectl proxy open the dashboard in your browser http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ switch to the namespace “gitlabkubesandbox” go to secrets => the secret from above

Values for GitLab: Kubernetes cluster name: whatever API URL: cluster server from the kubeconfig.yml CA Certificate: ca.crt from the Dashboard Token: token from the Dashboard Project namespace: gitlabkubesandbox Check RBAC-enabled when adding the Cluster to GitLab.

Done!

If you are getting a Kubernetes Error 401 it means your Token is incorrect as it was in my case. Here I was using a token from an API tab in the Dashboard BUT should really create the Token by command line like recommended. After generating a user and a token using kubectl commands and changing the Token the installation of Helm worked perfectly. Hope it helps!

I have create a small project under https://devops.ck99.io/ck/gitlab-kubernetes-setup

This contains a summary in a script “setup.sh” with all the steps discussed here.

Hi John, thanks for your help.

I am using the OD <beta> kubernetes. I managed to enter on the console and when I run the kubectl config view, everything is empty…

I’m sorry but I don’t have too much experience with Kubernetes.

Thanks, David

Hey there - would the below two commands help?

# Get server
echo $(kubectl config view | grep server | cut -f 2- -d ":" | tr -d " ")

# Get server token
echo $(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')

Just copy what shows in the terminal when you run those. May be applicable to you.

https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy