- API URL 是你的集群的apiserver的地址, 通过输入kubectl cluster-info获取,Kubernetes master 地址就是需要的
[root@m50 mnt]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.10.50:6443
CoreDNS is running at https://192.168.10.50:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy .......
-
1 创建一个名为gitlab的 namespace 下面
kubectl create ns gitlab
-
2 .部署阶段需要去创建、删除一些资源对象,所以需要对象的 RBAC 权限,这里为了简单,直接新建一个 ServiceAccount先吧,绑定上一个cluster-admin的权限:(gitlab-sa.yaml)
tee gitlab-sa.yaml<<-'EOF'
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: gitlab
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab
namespace: gitlab
subjects:
- kind: ServiceAccount
name: gitlab
namespace: gitlab
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF
kubectl apply -f gitlab-sa.yaml
通过上面创建的 ServiceAccount 获取 CA 证书和 Token
kubectl get serviceaccount gitlab -n gitlab -o json | jq -r '.secrets[0].name'
gitlab-token-qhm94
根据上面的Secret找到CA证书
kubectl get secret gitlab-token-qhm94 -n gitlab -o json | jq -r '.data["ca.crt"]' | base64 -d
找到对应的 Token
kubectl get secret gitlab-token-qhm94 -n gitlab -o json | jq -r '.data.token' | base64 -d
gitlab变量添加
stages:
deploy:
tags:
- k8s
image: rancher/kubectl:v1.23.3
stage: deploy
script:
- kubectl config set-context my-k8s --server=$K8S_URL --certificate-authority="$K8S_CA"
- kubectl config set-credentials gitlab-token-qhm94 --token="$KS8_TOKEN"
- kubectl get pods -n gitlab
`
gitlab-token-qhm94 是你的用户不要乱写
kubectl config set-context my-k8s --server=$K8S_URL --certificate-authority="$K8S_CA"
kubectl config set-credentials gitlab-token-qhm94 --token="$KS8_TOKEN"
|