GitLab

Deploy GitLab

Instead of using the official helm chart for GitLab, we use a stripped down version that

  • Exposes GitLab at gitlab.example.com.
  • Exposes Docker Registry at registry.example.com.
  • Listens only on HTTP while TLS is handled by Ingress.
  • Uses an admin service account.
  • Uses a PVC to store data.

To deploy GitLab run:

$ kubectl apply -f gitlab/gitlab.yaml

To expose GitLab, create an Ingress resource:

$ kubectl apply -f gitlab/ingress.yaml

To visit GitLab go to https://gitlab.example.com.

Note

Serving GitLab under prefix is not that straightforward (see https://docs.gitlab.com/ee/install/relative_url.html)

Add Kubernetes Cluster to GitLab

To add the Kubernetes Cluster to GitLab follow https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster.

We have enabled private access to the EKS cluster so we have to allow Requests to the local network in GitLab (see https://gitlab.com/gitlab-org/gitlab-foss/-/issues/57948). Go to Admin -> Settings -> Network -> Outbound Requests -> Allow requests to the local network from hooks and services and allow both.

To obtain the endpoint of the cluster run:

$ kubectl config view -o json --raw --minify=true | jq -r '.clusters[].cluster.server'

To obtain the CA certificate of the cluster run:

$ kubectl config view -o json --raw --minify=true | \ > jq -r '.clusters[].cluster["certificate-authority-data"]' | \ > base64 -d

To obtain an admin token, since GitLab is already running with admin service account create a dedicated admin token:

$ kubectl apply -f gitlab/gitlab-admin-token.yaml $ kubectl get secrets -n gitlab gitlab-admin-token -o json | \ > jq -r '.data.token' | base64 -d