In this tutorial I will show how to configure integration of our K3S cluster with GitLab using GitLab Agent.
I will follow the official guide (Archived) for CI/CD workflow and not the GitOps one which is more complicated.
First create a new GitLab repository under the group where you want to install the agent (you can adapt the repository created in the first tutorial in this series).
In this repository create a file called config.yaml
at the path .gitlab/agents/${AGENT_NAME}/config.yaml
.
# config.yaml
ci_access:
groups:
- id: ${GROUPNAME}
In this way we give access rights to our group to use the agent. Now push the repository.
Now install helm
on your cluster if you haven't done it yet.
curl -fsSL ://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
Now we need to register the agent with GitLab, so:
- On the top bar, select Menu > Projects and find the project that has your agent configuration file.
- From the left sidebar, select Infrastructure > Kubernetes clusters.
- Select Actions > Connect with Agent.
- From the Select an agent dropdown list, select the agent you want to register and select Register an agent.
- GitLab generates a registration token for this agent. Store this token securely since you need it to install the agent in your cluster.
- Copy the command under Recommended installation method. You need it when you use the one-liner installation method to install the agent in your cluster.
Now install the agent in the cluster using the provided helm commands and you should see it connected under the Agent menu.
Now in the GitLab CI/CD we can refer to the agent as a Kubernetes context, which allows us to run Kubernetes API commands as part of the CI/CD pipeline. To see further configuration of the CI/CD Workflow you can see the official instruction page (Archived).
The authorized projects/groups now include a KUBECONFIG
variable with context for every shared agent connection. We can choose the context to run kubectl
commands from our CI/CD scripts.
You may want to follow How to secure GitOps workflow on Kubernetes (Archived) to create many agents each of which grants access to various namespaces. The whole thing can be automated to segregate control of each repository to single namespaces.
An example of a deploy job in .gitlab-ci.yaml
file is the following:
deploy:
image:
name: bitnami/kubectl:latest
entrypoint: [""]
script:
- kubectl config use-context ${GROUP_NAME}/${AGENT_PROJECT}:${AGENT_NAME}
- kubectl get pods