How to connect to Kubernetes from GitLab?

October 26, 2018 6.8k views
Kubernetes CI/CD


I wanted to connect to my kubernetes (limited availability) cluster from my gitlab repo, firstly I followed this guide and successfully created a user 'admin-user' which I could use to sign into Kubernetes Dashboard as an admin

GitLab's Kubernetes connection page asks for:

  • Cluster name -> Which I got from the kubeconfig file beside 'name'
  • API URL -> From kubeconfig file beside 'server'
  • CA Certificate (PEM) -> From kubeconfig file beside 'certificate-authority-data' (then base64 decoded)
  • Token -> The token created for my admin-user account
  • Project namespace -> A new unique one as specified by GitLabs Docs

But I had limited success. GItLab reported 'Something went wrong while installing Helm Tiller', when I clicked install. There is a final experimental settings in the GitLab UI called 'RBAC-enabled cluster', I have tried with this setting both checked and unchecked, same results.

After looking at the dashboard, I see a 'gitlab-managed-apps' namespace had appeared which has done a few things like create a tiller-token secret, a config map and there's some items listed under events

Is this something I'm doing wrong, a bug with GitLab or a bug with DigitalOcean?
I'm relatively new to Kubernetes so if there's more I can do to debug the issue please let me know


EDIT: Oh, very strange, I deleted the tiller-secret and config-map left behind, tried clicking install about 3 more times, and now Helm Tiller has deployed successfully, no more errors. So solved for me, although I suspect more people will encounter this issue. (I had RBAC-enabled cluster checked for anyone looking for the same 'fix')

4 Answers

I had the same issue, I was able to fix it after installing helm on my own, but it also required to create a helm tiller service account first:

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' 

then (assuming helm is already installed)

helm reset 
helm init

for some reason it only worked until I removed the namespace gitlab created

kubectl delete namespace gitlab-managed-apps

Then I went to the gitlab cluster configuration, clicked the helm install button and it worked. I think the tiller account is the only prerrequisite I'll try with a fresh cluster later, the above instructions are for fixing an existing one.

kubectl get pods -n gitlab-managed-apps
NAME                                    READY     STATUS    RESTARTS   AGE
runner-gitlab-runner-7b9c6c6bc9-tw6wg   1/1       Running   0          8m
tiller-deploy-6cc8b46cf-bfbwk           1/1       Running   0          12m

To anyone still having issues here: the above has been resolved, just check the

RBAC-enabled cluster
Enable this setting if using role-based access control (RBAC). This option will allow you to install applications on RBAC clusters.

option in GitLab while you're add the cluster. To get the API url, try this:

kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'

Source: GitLab Documentation

If you are getting a Kubernetes Error 401 it means your Token is incorrect as it was in my case. Here I was using a token from an API tab in the Dashboard BUT should really create the Token by command line like recommended. After generating a user and a token using kubectl commands and changing the Token the installation of Helm worked perfectly.
Hope it helps!

Hi Wearing, I am just facing the same issue.

Have another answer? Share your knowledge.