GitLab CI pipeline with IBM Cloud Kubernetes Service (IKS)

IBM Cloud Kubernetes Service

Last week I worked with GitLab CI (which I used to build, test and deploy) and IBM Cloud Kubernetes Service aka IKS (where I deployed to). I used the GitLab Kubernetes Runner to integrate my GitLab CI pipeline with my IBM Cloud Kubernetes Service Cluster. Unfortunately, there were some difficulties to integrate both. In this post, I will provide the needed information to deploy the GitLab Kubernetes Runner successfully as well as your applications using your CI/CD pipeline.

Configure IKS Cluster

First of all, you need to create a namespace with will be used to store all GitLab CI related resources:

apiVersion: v1
kind: Namespace
metadata:
  name: gitlab-managed-apps
spec:
  finalizers:
  - kubernetes

Because IBM Cloud Kubernetes Service is using RBAC authorization you will need to create ClusterRolebinding to allow GitLab CI to create and manage resources. In this case, I use the default service account. You can, of course, also create a specific service account:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-ci
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: system:serviceaccount:gitlab-managed-apps:default

After this steps, IBM Cloud Kubernetes Service is ready.

Configure GitLab CI

You now need to integrate your IKS Cluster with GitLab CI. This is done via the GitLab UI. More information on the needed steps is listed here. You will need to provide some information like the API URL, the clusters CA certificate, authentication token and others. I created a small script which you can use to extract all the needed information:

CLUSTER=$(kubectl config view --minify | grep name | cut -f 2- -d ":" | tr -d " " | head -n 1)
APISERVER=$(kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " ")
CAPATH=$(echo "${KUBECONFIG%/*}");CAFILE=$(kubectl config view --minify | grep certificate-authority | cut -f 2- -d ":" | tr -d " ")
TOKEN=$(kubectl describe secret -n gitlab-managed-apps $(kubectl get secrets -n gitlab-managed-apps | grep ^default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d " ")

echo "Cluster name: "
echo $CLUSTER
echo ""
echo "API URL: " 
echo $APISERVER
echo ""
echo "Token: "
echo $TOKEN
echo ""
echo "CA: "
cat $CAPATH/$CAFILE
echo ""
echo "Namespace:"
echo "gitlab-managed-apps"

In the next step, the GitLab UI will ask you to deploy Tiller (Helm server component) as well as the Kubernetes Runner. After installing those you are able to use the Kubernetes Runner as well as deploy applications on your IKS Cluster.

I created a script which will configure IKS and export the needed information in one step. You can view/and download it from my public GitLab Demo Project. This project also includes scripts to create an IKS Lite Cluster as well as a GitLab CI demo pipeline.

Leave a Reply

Your email address will not be published. Required fields are marked *