Question

Adding kubernetes cluster to our private gitlab server

Hello, we have a private gitlab server and I am trying to connect a DO kubernetes cluster to our CI/CD. On the setup page, I have the following fields:

Kubernetes cluster name API URL CA Certificate Token Project namespace (optional, unique)

From the config file generated from the DO kubernetes page, I have the cluster name and CA Certificate. What is the API URL and Token that I must use here?

Thanks, David

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

For installing Helm, described rights was not enough for me. I have to do this:

### http://centosquestions.com/kubernetes-error-namespaces-gitlab-managed-apps-forbidden-user-systemserviceaccountgitlab-managed-appsgitlab-sa-cannot-get-namespaces-namespace-gitlab-managed-apps/
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts

I figured out how add a DigitalOcean Cluster to GitLab. The steps I took (set up your kubectl to use your DigitalOcean Cluster first):

create a new namespace kubectl create namespace gitlabkubesandbox switch to that new namespace kubectl config set-context $(kubectl config current-context) --namespace=gitlabkubesandbox create a service account kubectl create -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: gitlab EOF make the new service account cluster admin kubectl create clusterrolebinding gitlab-cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=gitlabkubesandbox:gitlab describe the new service account kubectl describe serviceAccounts gitlab get the secret kubectl describe secret [secret name found in the response form above] copy the token start the dashboard kubectl proxy open the dashboard in your browser http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ switch to the namespace “gitlabkubesandbox” go to secrets => the secret from above

Values for GitLab: Kubernetes cluster name: whatever API URL: cluster server from the kubeconfig.yml CA Certificate: ca.crt from the Dashboard Token: token from the Dashboard Project namespace: gitlabkubesandbox Check RBAC-enabled when adding the Cluster to GitLab.

Done!

I figured out how add a DigitalOcean Cluster to GitLab. The steps I took (set up your kubectl to use your DigitalOcean Cluster first):

create a new namespace kubectl create namespace gitlabkubesandbox switch to that new namespace kubectl config set-context $(kubectl config current-context) --namespace=gitlabkubesandbox create a service account kubectl create -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: gitlab EOF make the new service account cluster admin kubectl create clusterrolebinding gitlab-cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=gitlabkubesandbox:gitlab describe the new service account kubectl describe serviceAccounts gitlab get the secret kubectl describe secret [secret name found in the response form above] copy the token start the dashboard kubectl proxy open the dashboard in your browser http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ switch to the namespace “gitlabkubesandbox” go to secrets => the secret from above

Values for GitLab: Kubernetes cluster name: whatever API URL: cluster server from the kubeconfig.yml CA Certificate: ca.crt from the Dashboard Token: token from the Dashboard Project namespace: gitlabkubesandbox Check RBAC-enabled when adding the Cluster to GitLab.

Done!

If you are getting a Kubernetes Error 401 it means your Token is incorrect as it was in my case. Here I was using a token from an API tab in the Dashboard BUT should really create the Token by command line like recommended. After generating a user and a token using kubectl commands and changing the Token the installation of Helm worked perfectly. Hope it helps!

I have create a small project under https://devops.ck99.io/ck/gitlab-kubernetes-setup

This contains a summary in a script “setup.sh” with all the steps discussed here.

This comment has been deleted

Hi John, thanks for your help.

I am using the OD <beta> kubernetes. I managed to enter on the console and when I run the kubectl config view, everything is empty…

I’m sorry but I don’t have too much experience with Kubernetes.

Thanks, David

Hey there - would the below two commands help?

# Get server
echo $(kubectl config view | grep server | cut -f 2- -d ":" | tr -d " ")

# Get server token
echo $(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')

Just copy what shows in the terminal when you run those. May be applicable to you.

https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy