Gitlab Agent not working across projects

andrew-musoke · March 31, 2022, 9:49am

Replace this template with your information

Describe your question in as much detail as possible:

What are you seeing, and how does that differ from what you expect to see?
My usecase is that I want to have one agent only to run pipelines for all my projects. The hierrachy is GROUP > SUBGROUP[1…n] > projects. I have placed my config.yaml in group/subgroup1/config_repo. My .gitlab-ci.yaml is placed in group/subgroup1/my_repo

I registered the Gitlab agent successfully in the project group/subgroup1/config_repo and I can see it accepted the configurations.

I followed the official documentation for authorizing the agent to work with another project and met the only condition I could see, i.e.

“The Kubernetes projects must be in the same group hierarchy as the project where the agent’s configuration is.”

When I run the pipeline in group/subgroup1/my_repo, it returns this error.

But when I register an agent in the repo, it works as expected. Not sure what am doing wrong.

Also, am I supposed to register runners when I am using an agent?

What version are you on? Are you using self-managed or GitLab.com?
Using Gitlab.com
Add the CI configuration from .gitlab-ci.yml and other configuration if relevant (e.g. docker-compose.yml)

.gitlab-ci.yaml

test:
  image:
    name: bitnami/kubectl:latest
    entrypoint: [""]
  script:
  - kubectl config get-contexts
  - kubectl config use-context group/subgroup1/config_repo:my_agent
  - kubectl get pods -A

.gitlab/agents/agent/config.yaml

ci_access:
  # This agent is accessible from CI jobs in projects in these groups
  projects:
  - id: oltranz-team/notification-domain/slackbot
observability:
  logging:
    level: debug

What troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?

andrew-musoke · March 31, 2022, 9:50am

cc: @dnsmichi please assist if possible

andrew-musoke · April 11, 2022, 10:38am

Can I get some assistance. Issue still unresolved

robin-charli · May 5, 2022, 7:51pm

I’m having the same issue where I cannot access an agent from another project

jurbano3 · May 25, 2022, 8:05am

+1, having the same issue… went through all documentation as well all youtube materials and did not work. Is there any update?

@andrew-musoke, have you solved the issue? If so, how?

Thanks a lot!

JustDoItSascha · July 18, 2022, 7:42am

Same problem here

andrew-musoke · July 18, 2022, 11:55am

@jurbano3 @JustDoItSascha I have not been able to fix this and not received any Gitlab support. If you could ping someone useful, that would help.

itaprak · July 20, 2022, 8:57am

hi @andrew-musoke @JustDoItSascha !

I’ve got the same problem as you! I was able to make it work by move my project that contains the agent’s config.yaml to the root group level from the subgroup.

jurbano3 · July 25, 2022, 8:15am

Hi @andrew-musoke, @itaprak, @JustDoItSascha ,

Starting that I have this Gitlab setup:

group/subgroup/project-api
group/subgroup/project-ui

I solved it using the following configuration:

Project group/subgroup/project-api.

I placed the following configuration

.gitlab/agents/agent-deploy/config.yaml

gitops:
  manifest_projects:
  - id: group/subgroup/project-api
    default_namespace: project-api-prod
    paths:
    - glob: '/**/*.{yaml,yml,json}'
    
ci_access:
  # Provide access by project
  projects:
    - id: group/subgroup/project-ui
      default_namespace: project-ui-prod
  # This agent is accessible from CI jobs in projects in these groups
  groups:
    - id: group/subgroup
      default_namespace: project-ui-prod

Using it from project-ui.

Using it from outside let’s say project-ui you call it gitlab-ci.yaml and pointing the context to:
group/subgroup/project-api and selecting the agent you have access to it in this case agent-deploy

So in your project-ui CI/CD pipeline will look like the example below.

deploy-job-stg: 
  stage: deploy-prod
  image:
    name: bitnami/kubectl:latest
    entrypoint: ['']
  script:
    - kubectl config use-context group/subgroup/project-api:agent-deploy
    - kubectl .....
    - kubectl .....

deybhayden · September 14, 2022, 4:55pm

@jurbano3’s set up worked for me as well. The main issue I imagine the OP was posting about were limitations with the GitLab K8s Agent itself. Mainly this statement (pulled from Gitlab docs)

The Kubernetes projects must be in the same group hierarchy as the project where the agent’s configuration is.
You can install additional agents into the same cluster to accommodate additional hierarchies.

jurbano3 · September 20, 2022, 12:47pm

Happy to hear that @deybhayden !