Gitlab agent for Kubernetes - kube context wrong cluster name

jack.chuong · March 28, 2023, 8:44am

Hi all,
I have a Omnibus Gitlab CE 14.10.5 running with docker compose on premise
It works fine, I enabled KAS
On my Gitlab I create a project “setup_gitlab_agent” with a file .gitlab/agents/testagent/config.yaml

observability:
    logging:
        level: debug
ci_access:
    projects:
    - id: jack.chuong/setup_gitlab_agent

Go to Infrastructure → Kubernetes clusters → Agent → Connect a cluster (agent) → choose “testagent” above .
I connect to my k8s cluster on premise and install Gitlab agent

kubectl create ns gitlab-agent
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
    --namespace gitlab-agent \
    --set config.token=****** \
    --set config.kasAddress=ws://gitlab.mydomain.com/-/kubernetes-agent/ \
    --set image.tag=v14.10.0

testagent Connection status : Connected

In my project “setup_gitlab_agent” , I create .gitlab-ci.yml

stages:
  - deploy
 
 deploy:
  stage: deploy
  image:
    name: bitnami/kubectl:latest
    entrypoint: [""]
  script:
    - kubectl config get-contexts
    - kubectl config use-context jack.chuong/setup_gitlab_agent:testagent
    - kubectl get pods
  when: manual

I run pipeline and get error

$ kubectl config get-contexts
CURRENT   NAME                                       CLUSTER   AUTHINFO   NAMESPACE
          jack.chuong/setup_gitlab_agent:testagent   gitlab    agent:6    
kubectl config use-context jack.chuong/setup_gitlab_agent:testagent
Switched to context "jack.chuong/setup_gitlab_agent:testagent".
ubectl get pods
E0328 08:24:34.174016      48 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials

The cluster name “gitlab” in kube context is wrong , it should be “kubernetes” - my kubernetes cluster name.

I tried to edit .gitlab-ci.yml

 stages:
  - deploy
 
 deploy:
  stage: deploy
  image:
    name: bitnami/kubectl:latest
    entrypoint: [""]
  script:
    - kubectl config get-contexts
    - kubectl config set-context jack.chuong/setup_gitlab_agent:testagent --cluster=kubernetes --namespace=default --server="https://k8s.mydomain.com:6443"
    - kubectl config get-contexts
    - kubectl config use-context jack.chuong/setup_gitlab_agent:testagent
    - kubectl config view
    - kubectl get pods
  when: manual

This is pipeline error output

kubectl config get-contexts
CURRENT   NAME                                       CLUSTER   AUTHINFO   NAMESPACE
          jack.chuong/setup_gitlab_agent:testagent   gitlab    agent:6    
kubectl config set-context jack.chuong/setup_gitlab_agent:testagent --cluster=kubernetes --namespace=default --server="https://k8s.mydomain.com:6443"
Context "jack.chuong/setup_gitlab_agent:testagent" modified.
kubectl config get-contexts
CURRENT   NAME                                       CLUSTER      AUTHINFO   NAMESPACE
          jack.chuong/setup_gitlab_agent:testagent   kubernetes   agent:6    default
kubectl config use-context jack.chuong/setup_gitlab_agent:testagent
Switched to context "jack.chuong/setup_gitlab_agent:testagent".
kubectl config view
apiVersion: v1
clusters:
- cluster:
    server: http://gitlab.mydomain.com/-/kubernetes-agent/k8s-proxy/
  name: gitlab
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: agent:6
  name: jack.chuong/setup_gitlab_agent:testagent
current-context: jack.chuong/setup_gitlab_agent:testagent
kind: Config
preferences: {}
users:
- name: agent:6
  user:
    token: REDACTED
kubectl get pods
E0328 09:10:08.542297      65 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused

I did something wrong ? Please give me some advice, thank you very much.

jack.chuong · March 28, 2023, 12:43pm

I found the solution : Gitlab must be hosted from https and also agent should be directed to wss address. kubectl does not send authorization header if target is http

datran1122 · October 23, 2023, 1:09am

Hi Jack.chuong, i met an issue the same as you. I config the gitlab agents to GKE k8s cluster, and when the deploy stage start, no context was found. Can you share the fix for this issue. Thanks

jackchuong · October 23, 2023, 1:39am

Please read these docs

You must configure ssl for your gitlab using Let’s Encrypt or in my case, I purchased certificate from a trusted third party CA.

gitlab.rb
external_url 'https://gitlab.yourdomain.com'
letsencrypt['enable'] = false
##! Enable GitLab KAS
gitlab_kas['enable'] = true
gitlab_kas['gitlab_address'] = 'https://gitlab.yourdomain.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/cert.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/private.key"

helm upgrade --install gitlab-agent gitlab/gitlab-agent \
    --namespace gitlab-agent \
    --set config.token=*** \
    --set config.kasAddress=wss://gitlab.yourdomain.com/-/kubernetes-agent/ \
    --set image.tag=v14.10.0 --set replicas=1

datran1122 · October 23, 2023, 2:23am

Unfortunately, I’m currently using GitLab Online. Could you please guide me on how to change and configure SSL? Many thanks to you.

Topic		Replies	Views
Error when trying to connect k8s cluster with Gitlab Infrastructure as Code & Cloud Native kubernetes	1	2140	March 28, 2023
Gitlab agent unable to run kubectl commands through ci cd tunnel Infrastructure as Code & Cloud Native ci , kubernetes	2	2889	March 7, 2023
GitLab KAS (Agent) - Job failed: You must be logged in to the server GitLab CI/CD ci , runner , kubernetes	6	5940	February 14, 2022
Gitlab KAS Agent connection issue Infrastructure as Code & Cloud Native ci , runner , kubernetes	5	6368	July 12, 2022
Unable to Register Agent Infrastructure as Code & Cloud Native	1	63	September 16, 2024

Gitlab agent for Kubernetes - kube context wrong cluster name

Related topics