GitLab 连接 Kubernetes姿势一_查看gitlab部署到kubernetes集群的api地址

• API URL 是你的集群的apiserver的地址， 通过输入kubectl cluster-info获取，Kubernetes master 地址就是需要的

[root@m50 mnt]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.10.50:6443
CoreDNS is running at https://192.168.10.50:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy .......
1
2
3

• 1 创建一个名为gitlab的 namespace 下面

 kubectl create ns gitlab
1

• 2 .部署阶段需要去创建、删除一些资源对象，所以需要对象的 RBAC 权限，这里为了简单，直接新建一个 ServiceAccount先吧，绑定上一个cluster-admin的权限：(gitlab-sa.yaml)

tee gitlab-sa.yaml<<-'EOF'
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: gitlab
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab
  namespace: gitlab
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: gitlab
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

kubectl apply -f  gitlab-sa.yaml
1

通过上面创建的 ServiceAccount 获取 CA 证书和 Token

kubectl get serviceaccount gitlab -n gitlab -o json | jq -r '.secrets[0].name'
gitlab-token-qhm94
1
2

根据上面的Secret找到CA证书

kubectl get secret  gitlab-token-qhm94   -n gitlab -o json | jq -r '.data["ca.crt"]' | base64 -d
1

找到对应的 Token

kubectl get secret  gitlab-token-qhm94   -n gitlab -o json | jq -r '.data.token' | base64 -d
1

gitlab变量添加

stages:
deploy:
  tags:
    - k8s
  image: rancher/kubectl:v1.23.3
  stage: deploy
  script:
    - kubectl config set-context my-k8s --server=$K8S_URL --certificate-authority="$K8S_CA"
    - kubectl config  set-credentials gitlab-token-qhm94 --token="$KS8_TOKEN"
    - kubectl  get pods -n gitlab
`
1
2
3
4
5
6
7
8
9
10
11

gitlab-token-qhm94 是你的用户不要乱写

kubectl config set-context my-k8s --server=$K8S_URL --certificate-authority="$K8S_CA"
kubectl config  set-credentials gitlab-token-qhm94 --token="$KS8_TOKEN"
1
2