Gitlab & Runner Install with Private CA SSL

This installation method is used in AWS EKS Cluster to Install Gitlab and Gitlab Kubernetes Executors. 

Tech stack used in this installations:

  • EKS Cluster(2 Node with )
  • Controller EC2 Instance (To Manage the EKS cluster)
  • Helm (Gitlab Installation)
  • SSL certs(Self-Signed/SSL Provider/Private CA)

EKS Cluster:

Creating EKS cluster is not Part of this Discussion. Please fallow this EKS Cluster creation Doc.

Controller EC2 Instance:

Create Ec2 Instance with Proffered, in this case i am using Amazon Linux AMI.(Make Sure that EKS cluster and Controller in Same VPC.) In-Order to maintain the EKS you need kubectl installed in EC2 and also you need to import the kubeconfg from the Cluster. Lets see how we can do that.

And Also, we will be using helm to Install the Gitlab.

Install Kubectl:

https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubect
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
yum install bash-completion
kubectl version --client

Install Kubectl bash completion:

yum install bash-completion
type _init_completion
source /usr/share/bash-completion/bash_completion
type _init_completion
echo 'source <(kubectl completion bash)' >>~/.bashrc
kubectl completion bash >/etc/bash_completion.d/kubectl

Get EKS Cluster list and Import kubeconfig:
(replace the –name with Cluster name)

aws eks update-kubeconfig --name <NAME OF THE EKS CLUSTER >

Install Helm:

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
cp /usr/local/bin/helm /usr/bin/

Install Helm Auto completion:

helm completion bash >> ~/.bash_completion
. /etc/profile.d/bash_completion.sh
. ~/.bash_completion
source <(helm completion bash)

Now, EC2 instance is ready for the Gitlab installation. Before going to install the Gitlab in EKS. Let create TLS and Generic Secrets for Gitlab and Gitlab-Runner.

You can use any other SSL provider like(Lets Encrypt, Digicert, Comodo …). Here i am using Self Signed Certificates. You can generate Self Signed Certificates with this Link.

Create TLS Secret for Gitlab’s Helm chart Global Values:

kubectl create secret tls gitlab-self-signed --cert=gitlab.gitlabtesting.com.crt --key=gitlab.gitlabtesting.com.key

Here we created secret name gitlab-self-signed with cert and Key. It is better way of mounting the SSL certificate to Ingress.

Create SSL Generic cert Secret:

This will be used for communication between the Gitlab Server and Gitlab-runner Visa SSL. (IMPORTANT: Make sure the filename you mounting Match with the Domain). in this Case my Domain name is gitlab.gitlabtesting.com.

kubectl create secret generic gitlabsr-runner-certs-secret-3 --from-file=gitlab.gitlabtesting.com.crt=gitlab.gitlabtesting.com.crt

Create service account:(This will be used for gitlab-runner to perform actions)

vim gitlab-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system
kubectl apply -f vim gitlab-serviceaccount.yaml

Now that everything ready lets create vaules.yaml for Gitlab Values.

Example file look below.

Add Gitlab Helm to repo:

certmanager-issuer:
  email: [email protected]
certmanager:
  install: false
gitlab:
  sidekiq:
    resources:
      requests:
        cpu: 50m
        memory: 650M
  webservice:
    ingress:
      tls:
        secretName: gitlab-self-signed #TLS Secret we catered above
    resources:
      requests:
        memory: 1.5G
gitlab-runner:
  install: false
  runners:
    privileged: true
global:
  hosts:
    domain: gitlabtesting.com
  ingress:
    tls:
      enabled: true
registry:
  enabled: false
  install: false
  ingress:
    tls:
      secretName: gitlab-self-signed #TLS Secret we catered above
helm repo add gitlab https://charts.gitlab.io/

Install Gitlab with Helm with Values file we created above:

helm install gitlab gitlab/gitlab -f values.yaml

After 5 min, all the pods will be up. You can check with below command and Also get Root password of Gitlab Login:

kubectl get po


#Get Root password:

kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo

Now Gitlab Installation Completed. You can access the Gitlab with https://gitlab.gitlabtesting.com

Continues….

15 replies on “Gitlab & Runner Install with Private CA SSL”

Leave a Comment
  1. Reply

    I realized more new things on this fat loss issue. One issue is a good nutrition is especially vital while dieting. An enormous reduction in bad foods, sugary foods, fried foods, sweet foods, pork, and white-colored flour products may perhaps be necessary. Keeping wastes organisms, and wastes may prevent targets for fat-loss. While selected drugs temporarily solve the condition, the terrible side effects usually are not worth it, and so they never give more than a short lived solution. It can be a known undeniable fact that 95 of celebrity diets fail. Thanks for sharing your opinions on this weblog.

    https://www.ifashionstyles.com

  2. Reply

    Nice post. I learn one thing tougher on different blogs everyday. It’ll always be stimulating to read content material from other writers and follow just a little one thing from their store. I抎 prefer to use some with the content on my weblog whether you don抰 mind. Natually I抣l provide you with a link on your net blog. Thanks for sharing.

    https://www.ifashionstyles.com

  3. Reply

    Someone essentially help to make seriously articles I would state. This is the first time I frequented your web page and thus far? I surprised with the research you made to make this particular publish incredible. Great job!

    https://www.ifashionstyles.com

  4. Reply

    Nice read, I just passed this onto a colleague who was doing a little research on that. And he actually bought me lunch since I found it for him smile Thus let me rephrase that: Thanks for lunch!

    https://www.hairstylesvip.com

  5. Reply

    Thanks for the sensible critique. Me and my neighbor were just preparing to do some research on this. We got a grab a book from our area library but I think I learned more clear from this post. I’m very glad to see such wonderful info being shared freely out there.

    https://www.zoritolerimol.com

  6. Reply

    Great goods from you, man. I’ve bear in mind your stuff previous to and you are simply extremely fantastic. I actually like what you have bought right here, certainly like what you’re saying and the way wherein you are saying it. You’re making it enjoyable and you continue to take care of to keep it sensible. I can not wait to read much more from you. That is really a tremendous site.

    https://www.ifashionstyles.com/health

  7. Reply

    Howdy! This post couldn’t be written any better! Reading through this post reminds me of my good old room mate! He always kept talking about this. I will forward this page to him. Fairly certain he will have a good read. Thank you for sharing!

    https://www.hairstylesvip.com

  8. Reply

    Hiya, I am really glad I have found this information. Nowadays bloggers publish only about gossips and net and this is really irritating. A good site with exciting content, that’s what I need. Thanks for keeping this web-site, I will be visiting it. Do you do newsletters? Cant find it.

    https://www.ifashionstyles.com/lifestyle

  9. Reply

    Customers can rely on Elitepipe Plastic Factory’s technical expertise and dedicated customer support to assist them in selecting the most suitable fittings for their specific needs. Elitepipe Plastic Factory

  10. Reply

    Elitepipe Plastic Factory’s HDPE pipes offer excellent resistance to chemicals, abrasion, and environmental stress, making them ideal for a wide range of applications. Elitepipe Plastic Factory

  11. Reply

    Elitepipe Plastic Factory’s fittings undergo rigorous quality control processes to ensure that they meet the most stringent performance and durability requirements. Elitepipe Plastic Factory

  12. Reply

    It?¦s really a nice and useful piece of info. I am happy that you simply shared this helpful information with us. Please stay us up to date like this. Thank you for sharing.

    https://officeblock.io

Leave a Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href=""> <abbr> <acronym> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Send a Message