Commit 849f0d93 authored by Mikhail Mazurskiy's avatar Mikhail Mazurskiy

Fix issues and improve CI tunnel doc

parent 2ba6fcec
...@@ -9,17 +9,19 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -9,17 +9,19 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327409) in GitLab 14.1. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327409) in GitLab 14.1.
The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network
connectivity between GitLab Runner and a cluster. In the current iteration, only CI/CD jobs in the Configuration project connectivity between GitLab Runner and a cluster. GitLab Runner does not have to be running in the same cluster.
are able to access one of the configured agents. GitLab Runner does not have to be running in the same cluster.
Prerequisistes: Only CI/CD jobs set in the configuration project can access one of the configured agents.
Prerequisites:
- A running [`kas` instance](index.md#set-up-the-kubernetes-agent-server). - A running [`kas` instance](index.md#set-up-the-kubernetes-agent-server).
- A [Configuration repository](index.md#define-a-configuration-repository) with an Agent config file installed (`.gitlab/agents/<agent-name>/config.yaml`). - A [configuration repository](index.md#define-a-configuration-repository) with an Agent config file
installed (`.gitlab/agents/<agent-name>/config.yaml`).
- An [Agent record](index.md#create-an-agent-record-in-gitlab). - An [Agent record](index.md#create-an-agent-record-in-gitlab).
- The agent is [installed in the cluster](index.md#install-the-agent-into-the-cluster). - The agent is [installed in the cluster](index.md#install-the-agent-into-the-cluster).
To create the Tunnel: To access your cluster from a CI/CD job through the tunnel:
1. In your `.gitlab-ci.yml` add a section that creates a `kubectl` compatible configuration file (`kubecontext`) and use it in one 1. In your `.gitlab-ci.yml` add a section that creates a `kubectl` compatible configuration file (`kubecontext`) and use it in one
or more jobs: or more jobs:
...@@ -27,34 +29,39 @@ To create the Tunnel: ...@@ -27,34 +29,39 @@ To create the Tunnel:
```yaml ```yaml
variables: variables:
AGENT_ID: 4 # agent id that you got when you created the agent record AGENT_ID: 4 # agent id that you got when you created the agent record
KUBE_CFG_FILE: "$CI_PROJECT_DIR/.kubeconfig.agent.yaml"
.kubectl_config: &kubectl_config .kubectl_config: &kubectl_config
- | - |
cat << EOF > "$CI_PROJECT_DIR/.kubeconfig.agent.yaml" cat << EOF > "$KUBE_CFG_FILE"
apiVersion: v1 apiVersion: v1
kind: Config kind: Config
clusters: clusters:
- cluster: - name: agent
server: https://kas.gitlab.com/k8s-proxy cluster:
name: agent server: https://kas.gitlab.com/k8s-proxy/
users: users:
- name: agent - name: agent
user: user:
token: "ci:$AGENT_ID:$CI_JOB_TOKEN" token: "ci:$AGENT_ID:$CI_JOB_TOKEN"
contexts: contexts:
- context: - name: agent
cluster: agent context:
cluster: agent
user: agent user: agent
name: agent
current-context: agent current-context: agent
EOF EOF
deploy: deploy:
image:
name: bitnami/kubectl:latest
entrypoint: [""]
script: script:
- *kubectl_config - *kubectl_config
- kubectl --kubeconfig="$CI_PROJECT_DIR/.kubeconfig.agent.yaml" get pods - kubectl --kubeconfig="$KUBE_CFG_FILE" get pods
``` ```
1. Execute `kubectl` commands directly against your cluster with this CI/CD job you just created. 1. Execute `kubectl` commands directly against your cluster with this CI/CD job you just created.
We are [working to automate the first step](https://gitlab.com/gitlab-org/gitlab/-/issues/324275) to simplify the process. We are working on [creating the configuration file automatically](https://gitlab.com/gitlab-org/gitlab/-/issues/324275)
to simplify the process.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment