Kubernetes integration on premise / air gapped with gitlab managed apps

GitLab CI/CD
1

Hi,

We are running a private gitlab instance on prem and we are currently using CI/CD with plain docker.
I have owner permission on a gitlab group, but no global gitlab admin permission.

Now we want to evaluate the integration to kubernetes. Here we are using an on premise rancher RKE2 kubernetes cluster. (We are quite new in kubernetes.)

The servers do not have direct internet access. Internet access via http proxy is possible, and we have a nexus repository manager available. Nexus can proxy docker regestries and also it offers proxy mode for helm charts.

I granted full cluster admin access to gitlab and the rke2 cluster is connected successfully to gitlab.
We are interested in using following apps to interact with gitlab (ui) and its CI/CD:

  • ingress
  • runners
  • cert manager
  • prometeus
  • elastic-stack

Here are my questions:

Question 1

Is there a nice and sweet way to set a private registry where the images are saved, because registries.gitlab.com is not available directly?

As workaround I created an entry in /etc/rancher/rke2/registries.yaml and set our nexus as mirror for your gitlab registry. This works so far, but I have to add it on each node of the k8s cluster. Maybe there is an easier way.

Question 2

After pulling the image registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/3.2.4-kube-1.13.12-alpine-3.12 I get the following errors inside the container:

+ helm repo add runner https://charts.gitlab.io
Error: looks like "https://charts.gitlab.io" is not a valid chart repository or cannot be reached: Get https://charts.gitlab.io/index.yaml: dial tcp 35.185.44.232:443: connect: connection refused

Thats because the container is not allowed to connect to the internet without a proxy.

Is there a way to configure our nexus helm proxy as chart source instead of https://charts.gitlab.io?

Question 3

For integration into gitlab UI, do I need the bundled installation of the apps, or is it also possible to setup the apps on my own in kubernetes and can I link gitlab against these installations?

Thanks in advance, Andreas