Last active
January 6, 2021 12:55
-
-
Save selimb86/f9c2a04066902c5ff45d5caf8805fcfe to your computer and use it in GitHub Desktop.
microk8s--gitlab-ci
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hint: the usage of sudo instead of becoming root user is prefered | |
$ sudo apt install -y snap | |
$ sudo snap install microk8s --classic --channel=1.17/stable | |
$ sudo usermod -a -G microk8s $USER | |
$ sudo chown -f -R $USER ~/.kube | |
# Add public IP to CA if it is not already added as this may differ from a vm to another | |
$ sudo vi /var/snap/microk8s/current/certs/csr.conf | |
$ sudo snap restart microk8s | |
$ microk8s status --wait-ready | |
$ sudo microk8s enable dns dashboard metallb metrics-server rbac storage | |
# Hint: You will be asked to enter your ip address range for metallb | |
$ alias kubectl='microk8s kubectl' | |
# Get & save the API Url change the 127.0.0.1 with your public ip | |
$ kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' | |
# Get your kubectl config | |
$ microk8s config | |
################ | |
# Now the cluster is ready we start configuring it for GitLab | |
################ | |
# This is essential to let Gitlab CI work | |
$ sudo vi /var/snap/microk8s/current/args/kube-apiserver | |
# Add this line and restart the service | |
--allow-privileged | |
$ sudo systemctl restart snap.microk8s.daemon-apiserver | |
# Get secret name | |
$ kubectl get secrets | |
# Get certificate. | |
# Hint: Do not forget to replace the secret name | |
$ kubectl get secret default-token-XXXX -o jsonpath="{['data']['ca\.crt']}" | base64 --decode | |
# Create gitlab-admin service-account | |
$ mkdir ~/resources/gitlab | |
$ cd ~/resources/gitlab | |
$ vi gitlab-admin-service-account.yaml | |
``` | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: gitlab-admin | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: gitlab-admin | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: gitlab-admin | |
namespace: kube-system | |
``` | |
$ kubectl apply -f gitlab-admin-service-account.yaml | |
# Get and save the service-account token | |
$ kubectl -n kube-system describe secret $(microk8s.kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') | |
# The cluster is now ready. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment