GitLab

Deploy GitLab

Instead of using the official helm chart for GitLab, we use a stripped down version that:

  • Exposes GitLab at gitlab.example.com
  • Exposes Docker Registry at registry.example.com
  • Listens only on HTTP while TLS is handled by Ingress
  • Uses an admin service account
  • Uses a PVC to store data

To deploy GitLab run:

$ kubectl apply -f gitlab/gitlab.yaml

To expose GitLab, create an Ingress resource:

$ kubectl apply -f gitlab/ingress.yaml

To visit GitLab go to https://gitlab.example.com.

Note

Serving GitLab under prefix is not that straightforward (see https://docs.gitlab.com/ee/install/relative_url.html)

Add Kubernetes Cluster to GitLab

To add the Kubernetes Cluster to GitLab follow https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster.

We have enabled privateAccess to the EKS cluster so we have to allow Requests to the local network in GitLab (see https://gitlab.com/gitlab-org/gitlab-foss/-/issues/57948). Go to Admin -> Settings -> Network -> Outbound Requests -> Allow requests to the local network from hooks and services and allow both.

To obtain the endpoint of the cluster run:

$ kubectl config view -o json --raw --minify=true | jq -r '.clusters[].cluster.server'

To obtain the CA certificate of the cluster run:

$ kubectl config view -o json --raw --minify=true | \
>     jq -r '.clusters[].cluster["certificate-authority-data"]' | \
>           base64 -d

To obtain an admin token, since GitLab is already running with admin service account create a dedicated admin token:

$ kubectl apply -f gitlab/gitlab-admin-token.yaml
$ kubectl get secrets -n gitlab gitlab-admin-token -o json | \
>     jq -r '.data.token' | base64 -d