I am attempting to connect GitLab CE 12.3.5-0 to a Kubernetes cluster running on VMware Cloud PKS. I have followed the steps in Project-level Kubernetes clusters (certificate-based) (DEPRECATED) | GitLab to configure/obtain the authentication credentials. However after submitting the information, GitLab displays the error "There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid. "
I have reconfirmed the certificate and token values. I am also able to connect to the PKS cluster using kubectl.
To confirm that this is not a problem with my GitLab installation, I tried to connect with a cluster running on GKE following the same steps and this was successful. The issue therefore seems to be specific to GitLab and VMware Cloud PKS.
Please let me know if you need further information.
I have been adding rancher to gitlab, but I got the same issue with you There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid. I have no idea on this.
The same issue. Also with a Rancher-provisioned cluster. I can connect with Postman and curl - the certificate and token work perfectly to my exposed API endpoint. I double-checked the clusterrolebindings for the token and it is also fine. This is on gitlab.com, so I can’t check logs or anything…I just get the same message: “There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.”
I provisioned another cluster manually in the same vlan behind the same firewall with k3s (not via Rancher) and that worked fine following the exact same GitLab integration procedure.
I am at a loss. No idea what to do here. My only theory is that GitLab somehow doesn’t like the certificate.
Turns out that it was the certificate that wasn’t trusted. It seems the certs were bound to the external IP of the node (the main interface for that node) while external access was achieved over another interface (“public IP”). Adding the following to the Rancher cluster definition under rancher_kubernetes_engine_config made the certificates work:
authentication:
sans:
- 1.2.3.4 # public IP
- my.fqdn.com
You can get to this file by just editing the cluster from the Rancher UI. You don’t need to do this when creating the cluster, you can also apply it after your cluster is deployed by just editing the yaml file and hitting the save button - it will re-generate the certificates. GitLab works fine now by using https://my.fqdn.com:6443 as the endpoint.
Check to see if your worker node has properly registered with the following command in Vmware:
kubectl get nodes
Finally we’ll create a gitlab service account that we’ll use to deploy to Kubernetes from GitLab. Create a file called gitlab-service-account.yaml with the following contents: