Published in


GitLab CI pipeline with IBM Cloud Kubernetes Service (IKS)

Last week I worked with GitLab CI (which I used to build, test and deploy) and IBM Cloud Kubernetes Service aka IKS (where I deployed to). I used the GitLab Kubernetes Runner to integrate my GitLab CI pipeline with my IBM Cloud Kubernetes Service Cluster. Unfortunately, there were some difficulties to integrate both. In this post, I will provide the needed information to deploy the GitLab Kubernetes Runner successfully as well as your applications using your CI/CD pipeline.

Configure IKS Cluster

First of all, you need to create a namespace with will be used to store all GitLab CI related resources:

apiVersion: v1
kind: Namespace
name: gitlab-managed-apps
- kubernetes

Because IBM Cloud Kubernetes Service is using RBAC authorization you will need to create ClusterRolebinding to allow GitLab CI to create and manage resources. In this case, I use the default service account. You can, of course, also create a specific service account:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
name: gitlab-ci
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:gitlab-managed-apps:default

After this steps, IBM Cloud Kubernetes Service is ready.

Configure GitLab CI

You now need to integrate your IKS Cluster with GitLab CI. This is done via the GitLab UI. More information on the needed steps is listed here. You will need to provide some information like the API URL, the clusters CA certificate, authentication token and others. I created a small script which you can use to extract all the needed information:

CLUSTER=$(kubectl config view --minify | grep name | cut -f 2- -d ":" | tr -d " " | head -n 1)
APISERVER=$(kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " ")
CAPATH=$(echo "${KUBECONFIG%/*}");CAFILE=$(kubectl config view --minify | grep certificate-authority | cut -f 2- -d ":" | tr -d " ")
TOKEN=$(kubectl describe secret -n gitlab-managed-apps $(kubectl get secrets -n gitlab-managed-apps | grep ^default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d " ")
echo "Cluster name: "
echo ""
echo "API URL: "
echo ""
echo "Token: "
echo $TOKEN
echo ""
echo "CA: "
echo ""
echo "Namespace:"
echo "gitlab-managed-apps"

In the next step, the GitLab UI will ask you to deploy Tiller (Helm server component) as well as the Kubernetes Runner. After installing those you are able to use the Kubernetes Runner as well as deploy applications on your IKS Cluster.

I created a script which will configure IKS and export the needed information in one step. You can view/and download it from my public GitLab Demo Project. This project also includes scripts to create an IKS Lite Cluster as well as a GitLab CI demo pipeline.



Stories related to Kubernetes, CloudNative & DevOps topics by Nico Meisenzahl... 01001101? First char of my surname.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store