Gitlab-ce 14.5.0 - Kubernetes Agent

Hi,

I have an issue setting UP the gitlab kubernetes agent.

Gitlab version : 14.5.0-ce
Agentk version: 14.5.0

Followed this documentation to setup the Agent: https://docs.gitlab.com/ee/user/clusters/agent/install/

I use this configuration for the agent :

I created a configuration repository named ‘k8s’ in the ‘bioman’ group (with private visibility) and another one with public visibility (in case the project visibility would be an issue)

gitops:
  manifest_projects:
  - id: "bioman/k8s"
    paths:
      - glob: '/**/*.yaml'

With both configuration repository (private and public) the kubernetes agent says :

{"level":"error","time":"2021-11-24T11:04:11.407Z","msg":"GetObjectsToSynchronize.Recv failed","mod_name":"gitops","project_id":"bioman/k8s","agent_id":1,"error":"rpc error: code = NotFound desc = project not found","correlation_id":"01FN8SW2BX675G5261HGG0M115"}

I tried to replace the project_id with the numeric ID for the project, with or without quotes, but no luck at all.

The weird part, is that the agent configuration and project manifest are in the same repository. If i update the agent config.yaml, then the kubernetes agent properly reload config but still can’t find the project with above error.

Any ideas what could be wrong here ?

1 Like

Well according to this piece of code :

// getProjectInfo returns an error with code Unavailable if there was a retriable error.
func (s *server) getProjectInfo(ctx context.Context, log *zap.Logger, rpcApi modserver.RpcApi, agentId int64,
	agentToken api.AgentToken, projectId string) (*api.ProjectInfo, error) {
	projectInfo, err := s.projectInfoClient.GetProjectInfo(ctx, agentToken, projectId)
	switch {
	case err == nil:
		return projectInfo, nil
	case errors.Is(err, context.Canceled):
		err = status.Error(codes.Canceled, err.Error())
	case errors.Is(err, context.DeadlineExceeded):
		err = status.Error(codes.DeadlineExceeded, err.Error())
	case gitlab.IsForbidden(err):
		err = status.Error(codes.PermissionDenied, "forbidden")
	case gitlab.IsUnauthorized(err):
		err = status.Error(codes.Unauthenticated, "unauthenticated")
	case gitlab.IsNotFound(err):
		err = status.Error(codes.NotFound, "project not found")
	default:
		rpcApi.HandleProcessingError(log, agentId, "GetProjectInfo()", err)
		err = status.Error(codes.Unavailable, "unavailable")
	}
	return nil, err

it looks like, authentication and connectivity to kas are OK, but for some reason it can’t found the project (which is the same as the agent configuration repository, and kas found it properly)

Is there anything to enable for the project to be visible by kas/agentk ?

Hi, I have exactly the same issue.
I know in release notes it says that kubernetes agent is now available in community edition but maybe it’s not the case for all of it’s functionality? The documentation says that this feature is apparently premium. I have no idea if that’s how it works or is that documentation issue.
In any case the error isn’t very descriptive and the additional debug logs provide no info.

Yep i saw this but version history at top of the page say :

Version history
Introduced in GitLab Premium 13.7.
Introduced in GitLab 13.11, the Kubernetes Agent became available on GitLab.com.
Introduced in GitLab 14.0, the resource_inclusions and resource_exclusions attributes were removed and reconcile_timeout, dry_run_strategy, prune, prune_timeout, prune_propagation_policy, and inventory_policy attributes were added.
The ci_access attribute was introduced in GitLab 14.3.
The GitLab Kubernetes Agent was moved to GitLab Free in 14.5.

So my thought was the premium part was a mistake in the documentation, because no other way to use the gitlab agent is documented anywhere.

Well you can also use the agent for the CICD tunnel but it only worked for me in the same repo that the agent itself is in. Seems they weren’t well prepared to introduce this functionality to CE.

the worst part, is that you are most probably right, but the error message should say so. And honestly, if they release this agent just to allow us to execute kubectl command, then it does not worth it.

nice to see that i’m not the only one with exact the same problem.

did you opened a ticket?

1 Like

No, not yet, i was waiting to see if there is any feedback here before !

Hello!

The GitLab PM responsible for these features here.

You are trying to use a feature that is currently in Premium.

I recommend to navigate yourself using the Agent configuration reference docs that highlight when a section is not available in GitLab Free. Kubernetes Agent configuration repository | GitLab

You should be able to set up the CI/CD tunnel with GitLab CE. We are in the process of discussing what other features will be available in GitLab Free and what remains Premium.

I opened an issue where you can track changes: More core gitops features to GitLab Free (#346567) · Issues · GitLab.org / GitLab · GitLab

1 Like

You are trying to use a feature that is currently in Premium.

I guess the issue here is that the error isn’t very descriptive. It says that the project is not found which suggests an issue with the setup. If it’s not possible to move the feature to community edition it would be nice if you could at least make the error more descriptive of what the issue actually is.

You should be able to set up the CI/CD tunnel with GitLab CE. We are in the process of discussing what other features will be available in GitLab Free and what remains Premium.

That doesn’t seem to work for me with repositories other than the one with the agent config. Could you maybe take a look at the issue I have here? Kubernetes contexts from agent not injected into pipeline of projects authorized to use the agent

Hi, thanks for the reply, but as @jiji616 mention, CI/CD tunnel does not work for other repository than the configuration repository. So we basically end up with a broken feature:

  • Cannot sync manifest because free version, meaning i have to use a by project manifest folder
  • Cannot shared the agent configured in the configuration repository with other project

Meaning, in the current state the Gitlab Kubernetes Agent is useless …

2 Likes

hi @vnagy

you should think about rewrite your documentation. looking at

the title says “All tiers”. and then i followed all steps described in the page (create agent, write manifest, …). and now you write that the steps in this page are not available to “All tiers”.

as @Bioman wrote, i also think the agent is useless in core in the current state …

1 Like