Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Developer Evangelism Team / 24 Feb 2021
GitLab / Developer Evangelism Team / 24 Feb 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: How to Integrate a GKE Autopilot Cluster with GitLab

Description

In this part 2 of the GitLab + GKE Autopilot video, Abubakar, a Developer Evangelist at GitLab demonstrates how to integrate a GKE Autopilot cluster with GitLab.

Read the announcement blogpost to learn more about GKE Autopilot: https://cloud.google.com/blog/products/containers-kubernetes/introducing-gke-autopilot

Learn other ways GitLab works with GKE Autopilot: https://about.gitlab.com/blog/2021/02/24/gitlab-gke-autopilot/

Part 1: https://youtu.be/cNffh-qyXhQ

A

Hi, I'm our city angler, developer, evangelism program manager at kitla and in this second part of the two part series on how to install uh to set up the gke autopilot cluster, we'll be looking at. How do you integrate.

A

An autopilot cluster with gitlab in the first video we saw how to install gitlab itself on the gke autopilot poster. Now there are two ways to integrate: git lab with a cluster or any kubernetes cluster, using the certificate or using the kubernetes agent uh server. Now the kubernetes agent server takes the approach of infrastructure as code of githubs, where you configure the cluster to be able to listen to gitlab and receive deployments.

A

That way you don't. This is relevant for scenarios where you, your developers, don't have all the people- configuring your gitlab instance. Don't have cluster admin privileges to your cluster or you are not comfortable exposing details on your certificate and other things publicly. This is also useful for people who have their cluster within a private network where gitlab can not necessarily connect to it, or in this case they can pull jobs. They can receive jobs from the cloud now, but for the purpose of this video be integrating with gitlab using a certificate.

A

That is you, your cluster is publicly accessible and you you can create cluster admin privileges you default namespace and obtain the certificate and tokens necessary to configure gitlab. Now one consideration you need to take notes uh when working with with gke autopilot is the cube system. Namespace is managed, you cannot do anything in the cubesystem namespace, so anything you need to do while configuring, your cluster will have to be in a defending space or in the default namespace.

A

Now, let's see an example of how to do this. Now. First, I have a sample repository that I prepared to work on this. It's just a simple ruby, app that displays hello world. Now, let's see what it looks like and the way it does, it has a script. It has a simple record with all the necessary tests. How it does is hello world. Now let me introduce to you auto devops, auto devops is a github feature that allows you to just push your code.

A

Nothing else. Then it automatically uses a set of templates of ci files to test your code using clarity, build packs. Now that is, it checks whether your code already has tests to run it tests. The code packages builds your code, it packages it and deploys your code automatically without you having to write a single ci file. This is one of the great features that gitlab comes with now.

A

All you need to do to enable that is just to come to your settings for the project go to ci cd and enable auto devops. Originally, it should be enabled by default, but if your organization has disabled it, you can enable it here, but first for auto devops to work. You need a cluster.

A

You need a runner that can do the kind of purpose, because at this time, although the box builds docker images with docker in docker now I I have an existing runner with a gitlab runner which is running externally to our close down. So I will register the runner with my gitlab install. The next thing we need to do is.

A

To go to configure and integrate our cluster to.

A

Gitlab now, like I mentioned previously, you have two options: you can either connect to your cluster with a certificate or you can use gitlab agent managed crosstalks, but for this particular video, this video will be integrated with the cluster certificate.

A

Now, if I click on this, to give me two options either to create a new cluster on google gke or to connect to an existing cluster, I have my existing cluster that I've created here. So I don't need to create a new one.

A

Now, what's the cost name, I can just give it gke, auto dash pilot. Then.

A

I need my api url is now we've provided a guide for you to be able to see how? How do you uh obtain your api url? How do you you need to come to connect? You need to api need to your a certificate for the cluster, and you need a service token now here it specified that you should create sas scopes to keep system.

A

Remember keep system is managed by gku autopilot. You cannot create anything like your system. Instead, you can create this in defaults. So if you come to the guide here, you'll see detailed information on okay. How to obtain your url, how to obtain your cs certificate?

A

How to create your token, you will need to create a service account and a cluster rule by name so that you can create a cluster admin in the default namespace. The guide here skip system. You should use default once it will fail. If you try to deploy to keep system um yeah, once you've done this you'll be able to now obtain the token you need to specify for gitlab. Now, let's uh go back to my cluster. I already have most of these set up for the purpose of this uh of our session here.

A

So let me switch back to my close typing coming here. Let me make sure I'm in the right cluster.

A

Here now we.

A

Have the first thing we need to obtain is.

A

Our cluster url.

A

Which is this.

A

Now we have environment scope, you can decide to create different environments like production or staging or testing, or whichever one, but here we are specifying that it should work with any environment now. The next thing I need to provide is the cs certificate. I've already uh copied the certificate somewhere so to be easier and faster for us to move.

A

This is the certificate and the service token. You first need to create a cluster admin, and here I've already created my resource file for its cloud.

A

Sc.

A

Now here I created the service account remember in the default namespace. You can't create any resource in the keep system in space. Now then, I'm creating a cluster rule by name for the account which, for the service account also in the default namespace. Now, once you apply this, you apply I've already applied for my cluster here. Once you apply this, you can then retrieve the token uh of the user. I've already retrieved mine so it to be easier and faster for us to proceed.

A

Let me provide token.

A

If you want to get more information on how you can retrieve all of these, you can do that in our documentation, but I mean I don't have it. Let me retrieve token was more.

A

Yeah I want to go back to the earlier time when I did it, because I need to ensure that I'm running it in the default namespace remember the guide I'll be sending a match request for the guide shortly the guide mentions that you should use namespace and sure you are doing it in default. Namespace now, once you've done this, you can leave everything else as is, and click on, add kubernetes cluster.

A

There was a problem: please ensure your case. Certificate and token are valid. They are so let's go to settings here, details and expand and ensure that we have everything.

A

Correctly, yes, some times we have scenarios where certificates are copied with new lines. Let me.

A

Open code and check if there are any new lines that have been added here, come on yeah.

A

Nice, this.

A

Slow.

A

Yeah because I'm recording this.

A

Is.

A

Yep.

A

Okay, everything seems fine here. Certificate is fine, let's check our our token. The token is supposed to be on a single line.

A

Also come on what's going on with.

A

Okay, we need this.

A

Oh okay, we have new lines. So let's remove all the new lines and try.

A

Again,.

A

Now we've removed all the new lines. Let's try again now. Let's put our service token here, paste and save.

A

Well, see that's one of the things you need to take note of when setting this up now. The next thing we need to create is a base domain name. The best domain name is necessary when just like, when we're installing um gitlab on gk autopilot. Earlier, you need to specify the menu here. You need to specify the meaning that gitlab will use to to deploy your applications. When it's deployed on the cluster and ingress is deploy is, is set up.

A

You need to be able to find a way to see your application or access the application. So this page domain name helps you to do that. So here I'll be using one of the examples start showing to me here when you there's a state where you'll be provided with an ip address, to link to set and a wildcard a recording with your dns with this domain name, once we get to installing applications.

A

Now, let's save and let's go to health will not be functioning for now, because you need to install prometheus now when we go to applications, you have a couple of options here of applications. You can install to your cluster first is ingress. Ingress is necessary for gitlab to be able to access your application for gitlab to be able to provision resources to your application and make it available.

A

Then we have search manager, provisional certificates for application. We have prometheus to be able to monitor, what's happening within your application and a lot of other things, including gitlab runner. You can set up a gitlab runner from here. Also, that's one of the ways where you can set up a github runner. You can also set up elastic stack to monitor your ports. You can k native lots of other awesome things that you can set up from here before this video will only be setting up ingress, search manager and prometheus.

A

We will not be setting up the rest now I'll, be posting the video here so that I can install all of these apps that take quite some time to set them up.

A

Hi welcome back now, as you can see on the screen here here, ingress has come as installed and it has given us an ip address to use for our base domain name. We use this to create a wildcard dns, a record that our domain name based domain name points to the benefit of the base domain is any application we install within our application uh within our our project.

A

Subdomains gets created so that we can easily preview the application or see them launched. Now I couldn't install start manager because there was a restriction in uh dku autopilot, where let me check the error, it is mutating webhook configuration is managed and access is denied, so I've escalated this to a development team and uh very soon a fix or a walk around be published. Now we also have prometheus prometheus, allows you to monitor all these ports and the notes that are running so that you can get a knife overview of how your application is performing.

A

Now, let's see the health section now previously, there was no contents there, but let's give it a little. Second, you can see the cpu usage within the cluster and the memory usage within the cluster. All this within your gitlab interface. Now, let's go to our project and to see.

A

Now I was in in the beginning I was mentioning about. I was talking about gitlab, auto devops gitlab, auto devops allows you without having to set up your ci file.

A

You just need to push and gitlab handles building your application testing application, doing all the necessary dynamic security testing and pushing to production here on our gk youtube pilot cluster. Now it also gives you url to preview your application, since we've set up the ingress endpoint and the domain name for it to use. Now, let's see an example of one that ran while I was testing previously now, just by pushing our application. Let's see this job this pipeline, you would see here right from the inception without necessarily specifying a ci fi. It builds the application.

A

What it does is it checks your project? Do you have a docker file? If you do, it builds with the docker file? If you don't, it uses cognitive, build packs to build your application for you by identifying what programming language it's written in and building the package, it does a series of tests, secret detection, license scanning and so on and so forth down to production.

A

Now production means it publishes your application on the uh gku auto pilot and provides you with the url to access it. If you remember autopilot demo, dot abandoned me is the base domain name that we specified while we were integrating gitlab with gke autopilot. Now, if I visit this url remember, it doesn't come with https, because uh we couldn't install search manager. Yeah, you see, it shows hello world, which is just a text that is uh that was in the code. Now, let's make it change to this.

A

Let's go back to our project uh files and, uh let's open it web ide bytes within gitlab we go to server.rb. You see there is no gitlab ci file here, oh okay! Let's then change this to uh let's, instead of hello, let's say: hi dutch yeah, I'm living in the netherlands. Now so I'm trying to learn dutch hi uh dk autopilot, then we can probably make it uh yeah. Let's just leave it this way. For now.

A

What we'll do here is I'm trying to show you what deploy review? Apps is now, but first, let's see the different features that are available for you to use with autodevops. Now you it does build monitoring dependency scanning, like I mentioned later, everything for you automatically, but the key components I want to showcase now is review apps. If you have so when you are working within a branch, you would want to see a live preview of the change you've made first before you push to production review.

A

Apps allows you to be able to see those changes. First, make sure everything is fine. Before you merge to master once you match the master in the default configuration of autodevops it's to production now, autodevops is mainly a bunch of templates that have been created for you to use. You can retrieve the code, the template files and change them to suit your own needs. Now, let's go back to our project. We are saying hi gku autopilot.

A

Now let me commit here and put it on a branch. Let's see autopilot, let's name the branch autopilot and we start a match request.

A

Okay, let me assign to myself and submit match request now. It should start a pipeline with series of jobs that will run against this specific branch, and you will notice a difference between these and the earlier pipeline we saw now. This is the pipeline. Let's check what the pipeline is.

A

Doing now, it first starts with the build and all the tests that needs to be done, but the new thing that is here is review. Let's see the previous one in the previous one, the first one here.

A

Yes, it creates a dust environment before production before performance, but under review. But if we look at the new.

A

One it's just review: it's not dust environment and there's no production, it's performance! It's because we are working on a branch and it because are working on a branch.

A

It will allow us to preview our application first, using auto review apps before it now pushes to production. After we've accepted we've seen the changes and everything is fine. Then we match to production.

A

We match to the master branch or main branch if you've renamed your master and it pushes to production. Now this will take a while I'll pause. The video repeats. While this complete sign gets to review. Then we see what it looks like.

A

Yeah welcome back, all our tests are finished have completed and we now have the review job now. Let's visit, let's see the logs of the review job and see. Is it run lots of things installed lots of components on pods and was able to retrieve.

A

A ui of us to dedicated just for us to review our application. Now, let's click on this see, it starts with two review autopilot and this now, if I click on this, it should show me the change that we need yeah. We don't have a certificate. So, let's proceed now, you see it shows hoi gk, auto pilots. Let me zoom in so that we can see it clearly high tk, auto pilot. This is just a review. Okay, we've seen, probably there's a mistake. We can correct.

A

Go back to the code correct before we merge and once once we merge it gets pushed to production and this review uh setup that was made is destroyed. Now we, you can efficiently review your applications and preview everything before you actually match them to production. Now, let's go back to our mod request. The pipelining will still be running since there are still a couple of jobs left so.

A

Let's see what jobs is left and we can simply allow it to margin pipeline. Succeeds it's just going to display the same thing on production, so there'll be no need for us to wait for it to finish in this video. So let me go to my mad request and merge. One pipeline succeeds.

A

Now that's the end of our example, but in here we've seen how you can use a gke autopilot cluster, integrate it with gitlab and deploy your application. I mentioned to you previously that we have two methods of integrating with gitlab. We have you can integrate using certificates or you can integrate using the gitlab agent.

A

Now, the main advantage is using a gitlab agent is more secure and your team members that don't necessarily have access to being a cluster admin or your cluster is not public on the internet can use this now. The process of integrating this is totally different.

A

From what we've seen in this video, we used the crossta integration with certificates just for us to show how that decay, autopilot works well into integrates well with gitlab, but if your organization requires integrating using an agent use this option, when you click on this link, it links to the documentation to show you how you can integrate, but we also have a blog post recently written by one of my colleagues victor nagy, who is a product manager on the configuration that worked on this.

A

It shows you how you can integrate the kubernetes agent with gitlab and be able to run your application seamlessly. The main difference between the two options is in the other option. You need to create cluster admins, which is not right for every organization.

A

Also, your cluster needs to be publicly available on the internet, but here you need what you just simply need to do is to set up the kubernetes agent server on your gitlab installation. If you remember in the first video we enabled it while installing using the home chart, then we have agent k. Agents. K is the components that will be running within your cluster. It should be using grpc to pull your the gitlab agent server for any new job. It needs to execute or anything it needs to run.

A

So that way, you can be behind the firewall and run and integrate gitlab uh the gku autopilot with gitlab. So you can go through this check. This blog. It has a video that demonstrates how you can get this done. Also now, thank you very much for joining in this video. I hope you get to use gku autopilot and use it gitlab.

A

Thank.

A

You.