I’m trying to install Gitlab CI/CD with our Kubernetes cluster; I have added the cluster successfully to a project, but it wants me to install tiller. We already have tiller in the cluster, but the Kubernetes page still requires it. If I click “Install”, it says " Something went wrong while installing Helm Tiller - Kubernetes error."
@ssirag is it new cluster created with GKE or an existing cluster? Check this issue for more information https://gitlab.com/gitlab-org/gitlab-ce/issues/45939. Maybe your ServiceAccount don’t have sufficient permissions to install Tiller?
It’s an internal cluster on bare metal/vm, but it is a new cluster. I deployed it through Rancher, and have been following the config described here: https://rancher.com/blog/2018/2018-08-07-cicd-pipeline-k8s-autodevops-rancher-and-gitlab/
I have the latest Gitlab version (11.5.3 omnibus), and have no firewall between Gitlab and the Kubernetes cluster. I have established that network connectivity is not the issue by testing with ping and curl to the target IP.
On the link you cited, someone says “you’ll need to disable rbac to add deploy apps to your cluster.” But there is an RBAC check box, which I have checked, as we are using RBAC. I’d rather not disable.
The ServiceAccount was set up by applying this gist (from the above blog): http://x.co/rm082018
I believe it has the permissions needed.
- I can find nothing in Gitlab logs on the attempted connection. Which log (might) it be logged in, and if the logging needs to be enhanced/turned on, which logs should I enhance/enable? I’m also getting debug-level logging from the cluster, with no mention of helm or gitlab (or its IP address) showing up.
- Is there a way to test the connection from the Gitlab server shell via command line using the same pem/token/target format? If so I’m not finding how to do it on internet searches.
Oh, so you also should see my comments on this issue According to them, ServiceAccount from http://x.co/rm082018 configuration is not working for Gitlab Managed Apps. Guys from Rancher did great job writing this blog post but this configuration works only for Auto DevOps pipelines. I think, that you shouldn’t use it.
Less than two weeks ago there was an update to GitLab Kubernetes Docs. You can see that there is a configuration for ServiceAccount - https://docs.gitlab.com/ee/user/project/clusters/#adding-an-existing-kubernetes-cluster.
You are right about RBAC checkbox. It should be checked on your Cluster integration page. Be aware that you can’t change it after the Cluster is added.
Check it and let us know is it working.