This installation method is used in AWS EKS Cluster to Install Gitlab and Gitlab Kubernetes Executors.
Tech stack used in this installations:
- EKS Cluster(2 Node with )
- Controller EC2 Instance (To Manage the EKS cluster)
- Helm (Gitlab Installation)
- SSL certs(Self-Signed/SSL Provider/Private CA)
EKS Cluster:
Creating EKS cluster is not Part of this Discussion. Please fallow this EKS Cluster creation Doc.
Controller EC2 Instance:
Create Ec2 Instance with Proffered, in this case i am using Amazon Linux AMI.(Make Sure that EKS cluster and Controller in Same VPC.) In-Order to maintain the EKS you need kubectl installed in EC2 and also you need to import the kubeconfg from the Cluster. Lets see how we can do that.
And Also, we will be using helm to Install the Gitlab.
Install Kubectl:
https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubect chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin yum install bash-completion kubectl version --client
Install Kubectl bash completion:
yum install bash-completion type _init_completion source /usr/share/bash-completion/bash_completion type _init_completion echo 'source <(kubectl completion bash)' >>~/.bashrc kubectl completion bash >/etc/bash_completion.d/kubectl
Get EKS Cluster list and Import kubeconfig:
(replace the –name with Cluster name)
aws eks update-kubeconfig --name <NAME OF THE EKS CLUSTER >
Install Helm:
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh cp /usr/local/bin/helm /usr/bin/
Install Helm Auto completion:
helm completion bash >> ~/.bash_completion . /etc/profile.d/bash_completion.sh . ~/.bash_completion source <(helm completion bash)
Now, EC2 instance is ready for the Gitlab installation. Before going to install the Gitlab in EKS. Let create TLS and Generic Secrets for Gitlab and Gitlab-Runner.
You can use any other SSL provider like(Lets Encrypt, Digicert, Comodo …). Here i am using Self Signed Certificates. You can generate Self Signed Certificates with this Link.
Create TLS Secret for Gitlab’s Helm chart Global Values:
kubectl create secret tls gitlab-self-signed --cert=gitlab.gitlabtesting.com.crt --key=gitlab.gitlabtesting.com.key
Here we created secret name gitlab-self-signed with cert and Key. It is better way of mounting the SSL certificate to Ingress.
Create SSL Generic cert Secret:
This will be used for communication between the Gitlab Server and Gitlab-runner Visa SSL. (IMPORTANT: Make sure the filename you mounting Match with the Domain). in this Case my Domain name is gitlab.gitlabtesting.com.
kubectl create secret generic gitlabsr-runner-certs-secret-3 --from-file=gitlab.gitlabtesting.com.crt=gitlab.gitlabtesting.com.crt
Create service account:(This will be used for gitlab-runner to perform actions)
vim gitlab-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab
namespace: kube-system
kubectl apply -f vim gitlab-serviceaccount.yaml
Now that everything ready lets create vaules.yaml for Gitlab Values.
Example file look below.
Add Gitlab Helm to repo:
certmanager-issuer:
email: [email protected]
certmanager:
install: false
gitlab:
sidekiq:
resources:
requests:
cpu: 50m
memory: 650M
webservice:
ingress:
tls:
secretName: gitlab-self-signed #TLS Secret we catered above
resources:
requests:
memory: 1.5G
gitlab-runner:
install: false
runners:
privileged: true
global:
hosts:
domain: gitlabtesting.com
ingress:
tls:
enabled: true
registry:
enabled: false
install: false
ingress:
tls:
secretName: gitlab-self-signed #TLS Secret we catered above
helm repo add gitlab https://charts.gitlab.io/
Install Gitlab with Helm with Values file we created above:
helm install gitlab gitlab/gitlab -f values.yaml
After 5 min, all the pods will be up. You can check with below command and Also get Root password of Gitlab Login:
kubectl get po
#Get Root password:
kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo
Now Gitlab Installation Completed. You can access the Gitlab with https://gitlab.gitlabtesting.com
Continues….