From 77f6aae937d0333f50b04533a81ed068fb051420 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 3 Nov 2020 15:07:04 +0000 Subject: [PATCH 01/30] Adding support for Oracle Kubernetes --- doc/installation/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/index.md b/doc/installation/index.md index 82cb9b5a58..70f35cf2bd 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -48,6 +48,7 @@ choice: - [Google Kubernetes Engine](cloud/gke.md) - [Amazon EKS](cloud/eks.md) - [OpenShift Origin](cloud/openshift.md) +- [Oracle Kubernetes Engine](cloud/oke.md) - Azure Container Service - Documentation to be added. - VMware Tanzu - Documentation to be added. - On-Premises solutions - Documentation to be added. -- GitLab From f40abdca9f8f76e5922af214984dc6b128a0c7be Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 3 Nov 2020 15:14:38 +0000 Subject: [PATCH 02/30] Adding the file oke.md as a place holder. --- doc/installation/cloud/oke.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/installation/cloud/oke.md diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md new file mode 100644 index 0000000000..79d4a6f19f --- /dev/null +++ b/doc/installation/cloud/oke.md @@ -0,0 +1 @@ +Place Holder \ No newline at end of file -- GitLab From 38e7a476d1e7b43c0e9f47e4b466e575464e50ab Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 3 Nov 2020 15:15:18 +0000 Subject: [PATCH 03/30] Place holder for oke.md file. --- doc/installation/cloud/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 79d4a6f19f..29454e5694 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -1 +1 @@ -Place Holder \ No newline at end of file +Place Holder -- GitLab From 2578e4eac0501f9b4cbe49216a8295f5964cb0a9 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Wed, 4 Nov 2020 22:19:54 +0000 Subject: [PATCH 04/30] Formatting is not looking great. --- doc/installation/cloud/oke.md | 140 +++++++++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 1 deletion(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 29454e5694..a0e4d56457 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -1 +1,139 @@ -Place Holder +# Gitlab on Oracle Kubernetes Engine (OKE) - Quick Install and Config Guide + +## Assumptions: +1. Builtin Container Registry +2. Builtin Runner +3. Domain name and ability to update DNS records +4. OKE Cluster has access to the internet +5. Access to OCI and necissary resources to provision OKE Environment. + +## Install +1. Setup OKE Cluster with necessary resources + +2. Configure Local Shell to access OKE Cluster + +NOTE: **Note:** Cloud Shell had an old version of HELM installed that was below the minimum version that Gitlab documentation says to use. + + - Follow this Quickstart Guide: \ + [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) + - Ensure to upload your public API key + - Default location: + ```/Users/%username%/.oci/oci_api_key_public.pem``` + +3. Return to OKE and navigate to the cluster page. + - Click on Access Cluster at the top of the page + - Select Local Access and follow the steps using your local CLI + - Ensure correct versions are installed and update using brew (on Mac) if necessary. + +4. Ensure the requirements are meet by checking [here](https://docs.gitlab.com/charts/quickstart/index.html#requirements): + +NOTE: **Note:** Requirements will change overtime as the Helm chart is updated. + +5. From your local CLI - Type the following commands: + - Add the Gitlab Helm Repo: \ + ```helm repo add gitlab https://charts.gitlab.io/``` + - Install Gitlab using: + ```shell + helm install gitlab gitlab/gitlab \ + --timeout 600s \ + --set global.hosts.domain=%DOMAIN_NAME% \ + --set global.hosts.https=true \ + --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ + --set certmanager-issuer.email=%EMAIL_ADDRESS% \ + --set gitlab-runner.runners.privileged=true + ``` + + - Additional Helm install paramaters can be found [here]() + +6. You can validate the pods are being initialized by typing: \ + ```kubectl get pods``` + +7. Get the external IP addresses: \ +```kubectl get ingress -lrelease=gitlab``` + +8. Update your DNS records to point to the IP address displayed from the above command. + - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. + - Navigating to the webpage will result in a: + ```"default backend" - 404 error."``` + +9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard + - Run: + ```kubectl get secret \<name\>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo``` + - Copy the output to enter into the Gitlab configuration screen later. + +10. Ensure all pods are running before proceeding by running: + - Run: + ```kubectl get pods``` +11. Login to Gitlab + - Within a Web Browser navigate to the DNS address of the Gitlab Instance (configured above) + - Enter the follow credentials: + - Username: + ```root``` + - Password: It was copied from above command. (base64 string) +12. You will be forced to update the root password. + - Please record this for future reference. + +## Configure +We will now do a basic configuration of Gitlab to include setting up some users, importing a sample project, configure an Operations K8s integration, enabling AutoDevOps and starting your pipeline. + +1. Create new admin users - Login to Gitlab using the root account. + 1. Admin Area (wrench at the top) -> Users +2. Import Express project and configure AutoDevops + 1. From Welcome Page -> Create Project -> Import Project -> Repo by URL + 1. Project to Import (Example): [here](https://gitlab.com/gitlab-org/express-example.git) + 2. Paste the URL and follow fill out the remaining items and click create. + 2. Enable AutoDevOps on your project + 1. In the project Navigate to Settings -> CI/CD -> Auto DevOps and enable Default to Auto DevOps pipeline +3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: + 1. Get the API URL by running this command: + 1. kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' + 2. Record the API URL for later. + 2. Obtain the CA Certificate, Run: + 1. kubectl get secrets. + 1. One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. + 1. Example: default-token-l5x6k + 3. Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: + 1. Create a file called gitlab-admin-service-account.yaml on your local machine with the following contents: + 2. + +| apiVersion: v1 kind: ServiceAccount metadata: name: gitlab-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: gitlab-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: gitlab-admin namespace: kube-system | +| --- | + + 1. Run the following command to apply the service account and cluster role binding to your cluster: + 1. kubectl apply -f gitlab-admin-service-account.yaml + 2. You should receive the following output: + +serviceaccount "gitlab-admin" created + +clusterrolebinding "gitlab-admin" created + + 1. Retrieve the token for the gitlab-admin service account: + 1. kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') + 2. Record this for later +1. Add the Kubernetes Cluster in Gitlab. + 1. From your project navigate to Operations -> Kubernetes -> Connect existing cluster + 2. From here enter in the recorded information + 1. Kubernetes cluster name + 1. Create a name + 2. API URL + 1. Previously recorded + 3. CA Certificate + 1. Previously recorded + 4. Service Token + 1. Previously recorded + 3. Click Add Kubernetes cluster when finished +2. Install Applications within the Gitlab connected Kubernetes cluster + 1. From your project navigate to Operations -> Kubernetes -> Click on the newly created cluster -> Applications + 2. Install the following components: + 1. Ingress - Disable WAF + 1. Endpoint should be the IP address + 2. Cert-Manager + 3. Prometheus +3. Upload Gitlab License Key + 1. [https://gitlabtest.onsg.us/admin/license](https://gitlabtest.onsg.us/admin/license) + 2. Note you will need Gitlab Ultimate to have the security scans working. +4. Run your CI pipeline + 1. Navigate to your project -> CI/CD + 2. Click on Run Pipeline + 3. You should have successfully completed a pipeline +5. Success! -- GitLab From 7a2b2139f84e6967efa7930690409727f2c8cc92 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 10 Nov 2020 16:43:39 +0000 Subject: [PATCH 05/30] Update doc/installation/cloud/oke.md --- doc/installation/cloud/oke.md | 243 +++++++++++++++++++--------------- 1 file changed, 136 insertions(+), 107 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index a0e4d56457..8590f30c7d 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -8,132 +8,161 @@ 5. Access to OCI and necissary resources to provision OKE Environment. ## Install + 1. Setup OKE Cluster with necessary resources +2. Configure Local Shell to access OKE Cluster
+ - NOTE: Cloud Shell had an old version of HELM installed that was below the minimum version that Gitlab documentation says to use. + - Follow this Quickstart Guide: + - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) + - Ensure to upload your public API key + - Typically found in /Users/<username>/.oci/oci_api_key_public.pem

-2. Configure Local Shell to access OKE Cluster +3. Return to OKE and navigate to the cluster page. + - Click on **Access Cluster** at the top of the page + - Select **Local Access** and follow the steps using your local CLI + - Ensure correct versions are installed and update using brew (on Mac) if necessary.

-NOTE: **Note:** Cloud Shell had an old version of HELM installed that was below the minimum version that Gitlab documentation says to use. - - - Follow this Quickstart Guide: \ - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - - Ensure to upload your public API key - - Default location: - ```/Users/%username%/.oci/oci_api_key_public.pem``` +4. Ensure the requirements are meet by checking here: + - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](https://docs.gitlab.com/charts/quickstart/index.html#requirements) + - Note: Requirements will change overtime as the Helm chart is updated.

-3. Return to OKE and navigate to the cluster page. - - Click on Access Cluster at the top of the page - - Select Local Access and follow the steps using your local CLI - - Ensure correct versions are installed and update using brew (on Mac) if necessary. +5. From your local CLI - Type the following commands: + - Add the Gitlab Helm Repo: -4. Ensure the requirements are meet by checking [here](https://docs.gitlab.com/charts/quickstart/index.html#requirements): + `helm repo add gitlab https://charts.gitlab.io/` -NOTE: **Note:** Requirements will change overtime as the Helm chart is updated. + - Install Gitlab using: + ``` + helm install gitlab gitlab/gitlab \ + --timeout 600s \ + --set global.hosts.domain=%DOMAIN_NAME% \ + --set global.hosts.https=true \ + --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ + --set certmanager-issuer.email=%EMAIL_ADDRESS% \ + --set gitlab-runner.runners.privileged=true + ``` -5. From your local CLI - Type the following commands: - - Add the Gitlab Helm Repo: \ - ```helm repo add gitlab https://charts.gitlab.io/``` - - Install Gitlab using: - ```shell - helm install gitlab gitlab/gitlab \ - --timeout 600s \ - --set global.hosts.domain=%DOMAIN_NAME% \ - --set global.hosts.https=true \ - --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ - --set certmanager-issuer.email=%EMAIL_ADDRESS% \ - --set gitlab-runner.runners.privileged=true - ``` - - - Additional Helm install paramaters can be found [here]() +6. You can validate the pods are being initialized by typing: + + `kubectl get pods` -6. You can validate the pods are being initialized by typing: \ - ```kubectl get pods``` +7. Get the external IP addresses: -7. Get the external IP addresses: \ -```kubectl get ingress -lrelease=gitlab``` + `kubectl get ingress -lrelease=gitlab` -8. Update your DNS records to point to the IP address displayed from the above command. - - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - - Navigating to the webpage will result in a: - ```"default backend" - 404 error."``` +8. Update your DNS records to point to the IP address displayed from the above command. + - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. + - Navigating to the webpage will result in a: “default backend - 404” error.

9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard - - Run: - ```kubectl get secret \<name\>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo``` - - Copy the output to enter into the Gitlab configuration screen later. + + `kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` + - Copy the output to enter into the Gitlab configuration screen later. 10. Ensure all pods are running before proceeding by running: - - Run: - ```kubectl get pods``` + + `kubectl get pods` + 11. Login to Gitlab - - Within a Web Browser navigate to the DNS address of the Gitlab Instance (configured above) - - Enter the follow credentials: - - Username: - ```root``` - - Password: It was copied from above command. (base64 string) + - Within a Web Browser navigate to the DNS address of the Gitlab Instance (configured above) + - Enter the follow credentials: + - Username=root + - Password that was copied from above command. (base64 string)

+ 12. You will be forced to update the root password. - - Please record this for future reference. + - Please record this for future reference. + ## Configure + We will now do a basic configuration of Gitlab to include setting up some users, importing a sample project, configure an Operations K8s integration, enabling AutoDevOps and starting your pipeline. 1. Create new admin users - Login to Gitlab using the root account. - 1. Admin Area (wrench at the top) -> Users + - Admin Area (wrench at the top) -> **Users**

+ 2. Import Express project and configure AutoDevops - 1. From Welcome Page -> Create Project -> Import Project -> Repo by URL - 1. Project to Import (Example): [here](https://gitlab.com/gitlab-org/express-example.git) - 2. Paste the URL and follow fill out the remaining items and click create. - 2. Enable AutoDevOps on your project - 1. In the project Navigate to Settings -> CI/CD -> Auto DevOps and enable Default to Auto DevOps pipeline -3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: - 1. Get the API URL by running this command: - 1. kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' - 2. Record the API URL for later. - 2. Obtain the CA Certificate, Run: - 1. kubectl get secrets. - 1. One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. - 1. Example: default-token-l5x6k - 3. Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: - 1. Create a file called gitlab-admin-service-account.yaml on your local machine with the following contents: - 2. - -| apiVersion: v1 kind: ServiceAccount metadata: name: gitlab-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: gitlab-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: gitlab-admin namespace: kube-system | -| --- | - - 1. Run the following command to apply the service account and cluster role binding to your cluster: - 1. kubectl apply -f gitlab-admin-service-account.yaml - 2. You should receive the following output: - -serviceaccount "gitlab-admin" created - -clusterrolebinding "gitlab-admin" created - - 1. Retrieve the token for the gitlab-admin service account: - 1. kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') - 2. Record this for later -1. Add the Kubernetes Cluster in Gitlab. - 1. From your project navigate to Operations -> Kubernetes -> Connect existing cluster - 2. From here enter in the recorded information - 1. Kubernetes cluster name - 1. Create a name - 2. API URL - 1. Previously recorded - 3. CA Certificate - 1. Previously recorded - 4. Service Token - 1. Previously recorded - 3. Click Add Kubernetes cluster when finished -2. Install Applications within the Gitlab connected Kubernetes cluster - 1. From your project navigate to Operations -> Kubernetes -> Click on the newly created cluster -> Applications - 2. Install the following components: - 1. Ingress - Disable WAF - 1. Endpoint should be the IP address - 2. Cert-Manager - 3. Prometheus -3. Upload Gitlab License Key - 1. [https://gitlabtest.onsg.us/admin/license](https://gitlabtest.onsg.us/admin/license) - 2. Note you will need Gitlab Ultimate to have the security scans working. -4. Run your CI pipeline - 1. Navigate to your project -> CI/CD - 2. Click on Run Pipeline - 3. You should have successfully completed a pipeline -5. Success! + - From Welcome Page -> **Create Project -> Import Project -> Repo by URL** + - Project to Import (Example): [https://gitlab.com/gitlab-org/express-example.git](https://gitlab.com/gitlab-org/express-example.git) + - Paste the URL and follow fill out the remaining items and click create. + - Enable AutoDevOps on your project + - In the project Navigate to **Settings -> CI/CD -> Auto DevOps** and enable **Default to Auto DevOps pipeline**

+ +3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: + - Get the API URL by running this command: + + `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'` + + - Record the API URL for later.

+ - Obtain the CA Certificate, Run: + + `kubectl get secrets` + + - One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. + - Example: default-token-l5x6k

+ + - Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: + - Create a file called gitlab-admin-service-account.yaml on your local machine with the following contents: + + ``` + apiVersion: v1 + kind: ServiceAccount + metadata: + name: gitlab-admin + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: gitlab-admin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: gitlab-admin + namespace: kube-system + ``` + + + - Run the following command to apply the service account and cluster role binding to your cluster: + 9. kubectl apply -f gitlab-admin-service-account.yaml + 10. You should receive the following output: + + serviceaccount "gitlab-admin" created + clusterrolebinding "gitlab-admin" created + + + - Retrieve the token for the gitlab-admin service account: + + `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` + - Record this for later

+ +- Add the Kubernetes Cluster in Gitlab. + - From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** + - From here enter in the recorded information + - Kubernetes cluster name + - Create a name + - API URL + - Previously recorded + - CA Certificate + - Previously recorded + - Service Token + - Previously recorded

+ + - Click **Add Kubernetes cluster** when finished +- Install Applications within the Gitlab connected Kubernetes cluster + - From your project navigate to **Operations -> Kubernetes ->Click on the newly created cluster -> Applications** + - Install the following components: + - Ingress - Disable WAF + - Endpoint should be the IP address + - Cert-Manager + - Prometheus

+- Upload Gitlab License Key + - [https://gitlabtest.onsg.us/admin/license](https://gitlabtest.onsg.us/admin/license) + - Note you will need Gitlab Ultimate to have the security scans working.

+- Run your CI pipeline + - Navigate to your project -> **CI/CD** + - Click on **Run Pipeline** + - You should have successfully completed a pipeline

+- Success! -- GitLab From 0414e5cbe7f6ffbff74d9c9f2145fd6deb81e173 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 10 Nov 2020 16:52:21 +0000 Subject: [PATCH 06/30] Update doc/installation/cloud/oke.md --- doc/installation/cloud/oke.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 8590f30c7d..4163d6bc71 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -15,7 +15,8 @@ - Follow this Quickstart Guide: - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - Ensure to upload your public API key - - Typically found in /Users/<username>/.oci/oci_api_key_public.pem

+ - Default location: + `/Users//.oci/oci_api_key_public.pem`

3. Return to OKE and navigate to the cluster page. - Click on **Access Cluster** at the top of the page @@ -66,8 +67,8 @@ 11. Login to Gitlab - Within a Web Browser navigate to the DNS address of the Gitlab Instance (configured above) - Enter the follow credentials: - - Username=root - - Password that was copied from above command. (base64 string)

+ - Username= `root` + - Password= Password that was copied from above command. (base64 string)

12. You will be forced to update the root password. - Please record this for future reference. @@ -98,7 +99,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, `kubectl get secrets` - One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. - - Example: default-token-l5x6k

+ - Example: `default-token-l5x6k`

- Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: - Create a file called gitlab-admin-service-account.yaml on your local machine with the following contents: @@ -126,11 +127,14 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Run the following command to apply the service account and cluster role binding to your cluster: - 9. kubectl apply -f gitlab-admin-service-account.yaml - 10. You should receive the following output: + `kubectl apply -f gitlab-admin-service-account.yaml` - serviceaccount "gitlab-admin" created - clusterrolebinding "gitlab-admin" created + - You should receive the following output: + + ``` + serviceaccount "gitlab-admin" created + clusterrolebinding "gitlab-admin" created + ``` - Retrieve the token for the gitlab-admin service account: -- GitLab From 9f669f5d1a4a9e377bdc7939161a087bb9893e55 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 10 Nov 2020 17:04:58 +0000 Subject: [PATCH 07/30] Several changes to formatting and text. --- doc/installation/cloud/oke.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 4163d6bc71..1177f8ad71 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -53,12 +53,12 @@ 8. Update your DNS records to point to the IP address displayed from the above command. - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - - Navigating to the webpage will result in a: “default backend - 404” error.

+ - Navigating to the Gitlab webpage will result in a: `“default backend - 404” error.`

9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard `kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` - - Copy the output to enter into the Gitlab configuration screen later. + - Copy the output to enter into the Gitlab configuration screen later.

10. Ensure all pods are running before proceeding by running: @@ -131,10 +131,8 @@ We will now do a basic configuration of Gitlab to include setting up some users, - You should receive the following output: - ``` serviceaccount "gitlab-admin" created clusterrolebinding "gitlab-admin" created - ``` - Retrieve the token for the gitlab-admin service account: @@ -163,7 +161,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Cert-Manager - Prometheus

- Upload Gitlab License Key - - [https://gitlabtest.onsg.us/admin/license](https://gitlabtest.onsg.us/admin/license) + - https://*YOUR-GITLAB-FQDN*/admin/license - Note you will need Gitlab Ultimate to have the security scans working.

- Run your CI pipeline - Navigate to your project -> **CI/CD** -- GitLab From 71cbc4e7c0f8ea087c37b3d353261c2fb7c88ae8 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 17:26:30 +0000 Subject: [PATCH 08/30] Fixed Linter changes - Relative URL. Sentence Spacing and quoted yaml name --- doc/installation/cloud/oke.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 1177f8ad71..d0f4286fcc 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -24,7 +24,7 @@ - Ensure correct versions are installed and update using brew (on Mac) if necessary.

4. Ensure the requirements are meet by checking here: - - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](https://docs.gitlab.com/charts/quickstart/index.html#requirements) + - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](../quickstart/index.md#requirements) - Note: Requirements will change overtime as the Helm chart is updated.

5. From your local CLI - Type the following commands: @@ -52,7 +52,7 @@ `kubectl get ingress -lrelease=gitlab` 8. Update your DNS records to point to the IP address displayed from the above command. - - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. + - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - Navigating to the Gitlab webpage will result in a: `“default backend - 404” error.`

9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard @@ -102,7 +102,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Example: `default-token-l5x6k`

- Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: - - Create a file called gitlab-admin-service-account.yaml on your local machine with the following contents: + - Create a file called `gitlab-admin-service-account.yaml` on your local machine with the following contents: ``` apiVersion: v1 -- GitLab From ffd41b191068cf0626b41161ba59f96d78cd3e36 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 17:51:32 +0000 Subject: [PATCH 09/30] Fixed spacing issues with linter. --- doc/installation/cloud/oke.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index d0f4286fcc..b4c600ab28 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -52,7 +52,7 @@ `kubectl get ingress -lrelease=gitlab` 8. Update your DNS records to point to the IP address displayed from the above command. - - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. + - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - Navigating to the Gitlab webpage will result in a: `“default backend - 404” error.`

9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard @@ -88,7 +88,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Enable AutoDevOps on your project - In the project Navigate to **Settings -> CI/CD -> Auto DevOps** and enable **Default to Auto DevOps pipeline**

-3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: +3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: - Get the API URL by running this command: `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'` -- GitLab From 17aaa992fae6ca7b3eaf629efdb94cd6146a0c23 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 18:16:19 +0000 Subject: [PATCH 10/30] Fix MD linting - Gitlab to GitLab. Fencing code specified. Spacing issues resolved. --- doc/installation/cloud/oke.md | 43 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index b4c600ab28..a51f10c995 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -1,6 +1,7 @@ -# Gitlab on Oracle Kubernetes Engine (OKE) - Quick Install and Config Guide +# GitLab on Oracle Kubernetes Engine (OKE) - Quick Install and Config Guide + +## Assumptions -## Assumptions: 1. Builtin Container Registry 2. Builtin Runner 3. Domain name and ability to update DNS records @@ -11,7 +12,7 @@ 1. Setup OKE Cluster with necessary resources 2. Configure Local Shell to access OKE Cluster
- - NOTE: Cloud Shell had an old version of HELM installed that was below the minimum version that Gitlab documentation says to use. + - NOTE: Cloud Shell had an old version of HELM installed that was below the minimum version that GitLab documentation says to use. - Follow this Quickstart Guide: - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - Ensure to upload your public API key @@ -28,12 +29,13 @@ - Note: Requirements will change overtime as the Helm chart is updated.

5. From your local CLI - Type the following commands: - - Add the Gitlab Helm Repo: + - Add the GitLab Helm Repo: `helm repo add gitlab https://charts.gitlab.io/` - - Install Gitlab using: - ``` + - Install GitLab using: + + ```shell helm install gitlab gitlab/gitlab \ --timeout 600s \ --set global.hosts.domain=%DOMAIN_NAME% \ @@ -51,21 +53,21 @@ `kubectl get ingress -lrelease=gitlab` -8. Update your DNS records to point to the IP address displayed from the above command. +8. Update your DNS records to point to the IP address displayed from the above command. - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - - Navigating to the Gitlab webpage will result in a: `“default backend - 404” error.`

+ - Navigating to the GitLab webpage will result in a: `“default backend - 404” error.`

9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard `kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` - - Copy the output to enter into the Gitlab configuration screen later.

+ - Copy the output to enter into the GitLab configuration screen later.

10. Ensure all pods are running before proceeding by running: `kubectl get pods` -11. Login to Gitlab - - Within a Web Browser navigate to the DNS address of the Gitlab Instance (configured above) +11. Login to GitLab + - Within a Web Browser navigate to the DNS address of the GitLab Instance (configured above) - Enter the follow credentials: - Username= `root` - Password= Password that was copied from above command. (base64 string)

@@ -73,12 +75,11 @@ 12. You will be forced to update the root password. - Please record this for future reference. - ## Configure -We will now do a basic configuration of Gitlab to include setting up some users, importing a sample project, configure an Operations K8s integration, enabling AutoDevOps and starting your pipeline. +We will now do a basic configuration of GitLab to include setting up some users, importing a sample project, configure an Operations K8s integration, enabling AutoDevOps and starting your pipeline. -1. Create new admin users - Login to Gitlab using the root account. +1. Create new admin users - Login to GitLab using the root account. - Admin Area (wrench at the top) -> **Users**

2. Import Express project and configure AutoDevops @@ -88,7 +89,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Enable AutoDevOps on your project - In the project Navigate to **Settings -> CI/CD -> Auto DevOps** and enable **Default to Auto DevOps pipeline**

-3. Setup project level Kubernetes with existing Gitlab. You will need several pieces configuration details. Obtain the necessary information: +3. Setup project level Kubernetes with existing GitLab. You will need several pieces configuration details. Obtain the necessary information: - Get the API URL by running this command: `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'` @@ -104,7 +105,7 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: - Create a file called `gitlab-admin-service-account.yaml` on your local machine with the following contents: - ``` + ```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -125,7 +126,6 @@ We will now do a basic configuration of Gitlab to include setting up some users, namespace: kube-system ``` - - Run the following command to apply the service account and cluster role binding to your cluster: `kubectl apply -f gitlab-admin-service-account.yaml` @@ -134,13 +134,12 @@ We will now do a basic configuration of Gitlab to include setting up some users, serviceaccount "gitlab-admin" created clusterrolebinding "gitlab-admin" created - - Retrieve the token for the gitlab-admin service account: `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` - Record this for later

-- Add the Kubernetes Cluster in Gitlab. +- Add the Kubernetes Cluster in GitLab. - From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** - From here enter in the recorded information - Kubernetes cluster name @@ -153,16 +152,16 @@ We will now do a basic configuration of Gitlab to include setting up some users, - Previously recorded

- Click **Add Kubernetes cluster** when finished -- Install Applications within the Gitlab connected Kubernetes cluster +- Install Applications within the GitLab connected Kubernetes cluster - From your project navigate to **Operations -> Kubernetes ->Click on the newly created cluster -> Applications** - Install the following components: - Ingress - Disable WAF - Endpoint should be the IP address - Cert-Manager - Prometheus

-- Upload Gitlab License Key +- Upload GitLab License Key - https://*YOUR-GITLAB-FQDN*/admin/license - - Note you will need Gitlab Ultimate to have the security scans working.

+ - Note you will need GitLab Ultimate to have the security scans working.

- Run your CI pipeline - Navigate to your project -> **CI/CD** - Click on **Run Pipeline** -- GitLab From eef081c1215f095d306eda19866f2d88fccd818e Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 18:31:44 +0000 Subject: [PATCH 11/30] MD Linter - Fixed Ordered List, Helm/HELM. --- doc/installation/cloud/oke.md | 46 ++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index a51f10c995..65d37c4750 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -3,32 +3,32 @@ ## Assumptions 1. Builtin Container Registry -2. Builtin Runner -3. Domain name and ability to update DNS records -4. OKE Cluster has access to the internet -5. Access to OCI and necissary resources to provision OKE Environment. +1. Builtin Runner +1. Domain name and ability to update DNS records +1. OKE Cluster has access to the internet +1. Access to OCI and necissary resources to provision OKE Environment. ## Install 1. Setup OKE Cluster with necessary resources -2. Configure Local Shell to access OKE Cluster
- - NOTE: Cloud Shell had an old version of HELM installed that was below the minimum version that GitLab documentation says to use. +1. Configure Local Shell to access OKE Cluster
+ - NOTE: Cloud Shell had an old version of Helm installed that was below the minimum version that GitLab documentation says to use. - Follow this Quickstart Guide: - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - Ensure to upload your public API key - Default location: `/Users//.oci/oci_api_key_public.pem`

-3. Return to OKE and navigate to the cluster page. +1. Return to OKE and navigate to the cluster page. - Click on **Access Cluster** at the top of the page - Select **Local Access** and follow the steps using your local CLI - Ensure correct versions are installed and update using brew (on Mac) if necessary.

-4. Ensure the requirements are meet by checking here: +1. Ensure the requirements are meet by checking here: - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](../quickstart/index.md#requirements) - Note: Requirements will change overtime as the Helm chart is updated.

-5. From your local CLI - Type the following commands: +1. From your local CLI - Type the following commands: - Add the GitLab Helm Repo: `helm repo add gitlab https://charts.gitlab.io/` @@ -45,34 +45,34 @@ --set gitlab-runner.runners.privileged=true ``` -6. You can validate the pods are being initialized by typing: +1. You can validate the pods are being initialized by typing: `kubectl get pods` -7. Get the external IP addresses: +1. Get the external IP addresses: `kubectl get ingress -lrelease=gitlab` -8. Update your DNS records to point to the IP address displayed from the above command. +2. Update your DNS records to point to the IP address displayed from the above command. - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - Navigating to the GitLab webpage will result in a: `“default backend - 404” error.`

-9. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard +1. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard `kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` - Copy the output to enter into the GitLab configuration screen later.

-10. Ensure all pods are running before proceeding by running: +1. Ensure all pods are running before proceeding by running: `kubectl get pods` -11. Login to GitLab +1. Login to GitLab - Within a Web Browser navigate to the DNS address of the GitLab Instance (configured above) - Enter the follow credentials: - Username= `root` - Password= Password that was copied from above command. (base64 string)

-12. You will be forced to update the root password. +1. You will be forced to update the root password. - Please record this for future reference. ## Configure @@ -82,14 +82,14 @@ We will now do a basic configuration of GitLab to include setting up some users, 1. Create new admin users - Login to GitLab using the root account. - Admin Area (wrench at the top) -> **Users**

-2. Import Express project and configure AutoDevops +1. Import Express project and configure AutoDevops - From Welcome Page -> **Create Project -> Import Project -> Repo by URL** - Project to Import (Example): [https://gitlab.com/gitlab-org/express-example.git](https://gitlab.com/gitlab-org/express-example.git) - Paste the URL and follow fill out the remaining items and click create. - Enable AutoDevOps on your project - In the project Navigate to **Settings -> CI/CD -> Auto DevOps** and enable **Default to Auto DevOps pipeline**

-3. Setup project level Kubernetes with existing GitLab. You will need several pieces configuration details. Obtain the necessary information: +1. Setup project level Kubernetes with existing GitLab. You will need several pieces configuration details. Obtain the necessary information: - Get the API URL by running this command: `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'` @@ -131,10 +131,12 @@ We will now do a basic configuration of GitLab to include setting up some users, - You should receive the following output: - serviceaccount "gitlab-admin" created - clusterrolebinding "gitlab-admin" created + ```shell + serviceaccount "gitlab-admin" created + clusterrolebinding "gitlab-admin" created + ``` - - Retrieve the token for the gitlab-admin service account: + - Retrieve the token for the "gitlab-admin" service account: `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` - Record this for later

@@ -160,7 +162,7 @@ We will now do a basic configuration of GitLab to include setting up some users, - Cert-Manager - Prometheus

- Upload GitLab License Key - - https://*YOUR-GITLAB-FQDN*/admin/license + - "https://*YOUR-GITLAB-FQDN*/admin/license" - Note you will need GitLab Ultimate to have the security scans working.

- Run your CI pipeline - Navigate to your project -> **CI/CD** -- GitLab From 4516b47d97e28c8797e20630bc3995ff9f7a6150 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 19:04:07 +0000 Subject: [PATCH 12/30] MD Linter - Attempt 1 to fix Unordered lists. --- doc/installation/cloud/oke.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 65d37c4750..0c282d4db2 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -53,7 +53,7 @@ `kubectl get ingress -lrelease=gitlab` -2. Update your DNS records to point to the IP address displayed from the above command. +1. Update your DNS records to point to the IP address displayed from the above command. - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - Navigating to the GitLab webpage will result in a: `“default backend - 404” error.`

@@ -136,12 +136,12 @@ We will now do a basic configuration of GitLab to include setting up some users, clusterrolebinding "gitlab-admin" created ``` - - Retrieve the token for the "gitlab-admin" service account: + - Retrieve the token for the **gitlab-admin** service account: `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` - Record this for later

-- Add the Kubernetes Cluster in GitLab. +1. Add the Kubernetes Cluster in GitLab. - From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** - From here enter in the recorded information - Kubernetes cluster name @@ -151,21 +151,20 @@ We will now do a basic configuration of GitLab to include setting up some users, - CA Certificate - Previously recorded - Service Token - - Previously recorded

- - - Click **Add Kubernetes cluster** when finished -- Install Applications within the GitLab connected Kubernetes cluster + - Previously recorded + - Click **Add Kubernetes cluster** when finished

+1. Install Applications within the GitLab connected Kubernetes cluster - From your project navigate to **Operations -> Kubernetes ->Click on the newly created cluster -> Applications** - Install the following components: - Ingress - Disable WAF - Endpoint should be the IP address - Cert-Manager - Prometheus

-- Upload GitLab License Key +1. Upload GitLab License Key - "https://*YOUR-GITLAB-FQDN*/admin/license" - Note you will need GitLab Ultimate to have the security scans working.

-- Run your CI pipeline +1. Run your CI pipeline - Navigate to your project -> **CI/CD** - Click on **Run Pipeline** - You should have successfully completed a pipeline

-- Success! +1. Success! -- GitLab From b93d9211ac840c9cdf2a1f96439f44bb0a5e5450 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 19:08:38 +0000 Subject: [PATCH 13/30] Fixing name issues. - Hopefully last commit. --- doc/installation/cloud/oke.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 0c282d4db2..b279f838e2 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -136,7 +136,7 @@ We will now do a basic configuration of GitLab to include setting up some users, clusterrolebinding "gitlab-admin" created ``` - - Retrieve the token for the **gitlab-admin** service account: + - Retrieve the token for the `gitlab-admin` service account: `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` - Record this for later

@@ -161,7 +161,7 @@ We will now do a basic configuration of GitLab to include setting up some users, - Cert-Manager - Prometheus

1. Upload GitLab License Key - - "https://*YOUR-GITLAB-FQDN*/admin/license" + - Navigate to the licence page: `https://*YOUR-GITLAB-FQDN*/admin/license` - Note you will need GitLab Ultimate to have the security scans working.

1. Run your CI pipeline - Navigate to your project -> **CI/CD** -- GitLab From 9273df06ecbaaa06a904923a83b100da03b655f2 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 19:11:26 +0000 Subject: [PATCH 14/30] Update doc/installation/cloud/oke.md --- doc/installation/cloud/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index b279f838e2..62e5bc0ef4 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -161,7 +161,7 @@ We will now do a basic configuration of GitLab to include setting up some users, - Cert-Manager - Prometheus

1. Upload GitLab License Key - - Navigate to the licence page: `https://*YOUR-GITLAB-FQDN*/admin/license` + - Navigate to the license page: `https://*YOUR-GITLAB-FQDN*/admin/license` - Note you will need GitLab Ultimate to have the security scans working.

1. Run your CI pipeline - Navigate to your project -> **CI/CD** -- GitLab From c4e9ab1a9419fac350e6c69a245491785c8b44ef Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 12 Nov 2020 19:18:00 +0000 Subject: [PATCH 15/30] Fixed Internal Link issue. ../ -> ../../ --- doc/installation/cloud/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 62e5bc0ef4..1efe758890 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -25,7 +25,7 @@ - Ensure correct versions are installed and update using brew (on Mac) if necessary.

1. Ensure the requirements are meet by checking here: - - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](../quickstart/index.md#requirements) + - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](../../quickstart/index.md#requirements) - Note: Requirements will change overtime as the Helm chart is updated.

1. From your local CLI - Type the following commands: -- GitLab From 7ce206a84401cdb09629285fcac35ebfd67aea7a Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 17 Nov 2020 15:31:27 +0000 Subject: [PATCH 16/30] Changed title, Added assumption for Priv mode, removed https HELM command. --- doc/installation/cloud/oke.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index 1efe758890..fbcddc596f 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -1,4 +1,4 @@ -# GitLab on Oracle Kubernetes Engine (OKE) - Quick Install and Config Guide +# Preparing OKE resources ## Assumptions @@ -6,7 +6,8 @@ 1. Builtin Runner 1. Domain name and ability to update DNS records 1. OKE Cluster has access to the internet -1. Access to OCI and necissary resources to provision OKE Environment. +1. Access to OCI and necissary resources to provision OKE Environment +1. Setting the GitLab runner to privlidged mode ## Install @@ -39,7 +40,6 @@ helm install gitlab gitlab/gitlab \ --timeout 600s \ --set global.hosts.domain=%DOMAIN_NAME% \ - --set global.hosts.https=true \ --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ --set certmanager-issuer.email=%EMAIL_ADDRESS% \ --set gitlab-runner.runners.privileged=true -- GitLab From 91741b0aefa112819a60586b0d4b5e818288d707 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 17 Nov 2020 21:27:19 +0000 Subject: [PATCH 17/30] Fixed linter issue. GitLab runner -> GitLab Runner --- doc/installation/cloud/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index fbcddc596f..6817d932b4 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -7,7 +7,7 @@ 1. Domain name and ability to update DNS records 1. OKE Cluster has access to the internet 1. Access to OCI and necissary resources to provision OKE Environment -1. Setting the GitLab runner to privlidged mode +1. Setting the GitLab Runner to privlidged mode ## Install -- GitLab From 67a191e639b4a0050434708553a906905dca6fde Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Wed, 18 Nov 2020 18:34:29 +0000 Subject: [PATCH 18/30] Changing of direction - Putting oke.md page under a deployment section vs preparing cluster resources. This page is how to install GitLab on OKE not OKE setup. --- doc/installation/{cloud => deployments}/oke.md | 2 +- doc/installation/index.md | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) rename doc/installation/{cloud => deployments}/oke.md (99%) diff --git a/doc/installation/cloud/oke.md b/doc/installation/deployments/oke.md similarity index 99% rename from doc/installation/cloud/oke.md rename to doc/installation/deployments/oke.md index 6817d932b4..37ae4d224e 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/deployments/oke.md @@ -1,4 +1,4 @@ -# Preparing OKE resources +# Deploying GitLab on OKE ## Assumptions diff --git a/doc/installation/index.md b/doc/installation/index.md index 70f35cf2bd..5ca32ebe35 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -48,7 +48,7 @@ choice: - [Google Kubernetes Engine](cloud/gke.md) - [Amazon EKS](cloud/eks.md) - [OpenShift Origin](cloud/openshift.md) -- [Oracle Kubernetes Engine](cloud/oke.md) +- Oracle Kubernetes Engine - Documentation to be added. - Azure Container Service - Documentation to be added. - VMware Tanzu - Documentation to be added. - On-Premises solutions - Documentation to be added. @@ -58,6 +58,8 @@ choice: With the environment set up and configuration generated, you can now proceed to the [deployment of GitLab](deployment.md). +- [Oracle Kubernetes Engine](../deployments/oke.md) + ## Upgrading GitLab If you are upgrading an existing Kubernetes installation, follow the -- GitLab From eeb15e8ac7383a86021bb8b03dd249b1e1306764 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 19 Nov 2020 22:35:30 +0000 Subject: [PATCH 19/30] Correcting the link issue to deployments/oke.md --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 5ca32ebe35..0c2c554f07 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -58,7 +58,7 @@ choice: With the environment set up and configuration generated, you can now proceed to the [deployment of GitLab](deployment.md). -- [Oracle Kubernetes Engine](../deployments/oke.md) +- [Oracle Kubernetes Engine](deployments/oke.md) ## Upgrading GitLab -- GitLab From e701c46c8a3024c4e3ceb70b81cde1899d51d0ee Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Fri, 20 Nov 2020 14:30:11 +0000 Subject: [PATCH 20/30] Apply 1 suggestion(s) to 1 file(s) --- doc/installation/deployments/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index 37ae4d224e..d7a4e93265 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -6,7 +6,7 @@ 1. Builtin Runner 1. Domain name and ability to update DNS records 1. OKE Cluster has access to the internet -1. Access to OCI and necissary resources to provision OKE Environment +1. Access to OCI and necessary resources to provision OKE Environment 1. Setting the GitLab Runner to privlidged mode ## Install -- GitLab From addc901ec4069e9ff5e5d3b4e24a14f4a7af22e1 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Fri, 20 Nov 2020 14:31:40 +0000 Subject: [PATCH 21/30] Apply 1 suggestion(s) to 1 file(s) --- doc/installation/deployments/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index d7a4e93265..e27c3aa940 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -7,7 +7,7 @@ 1. Domain name and ability to update DNS records 1. OKE Cluster has access to the internet 1. Access to OCI and necessary resources to provision OKE Environment -1. Setting the GitLab Runner to privlidged mode +1. Setting the GitLab Runner to privileged mode ## Install -- GitLab From 4dcc78f599683daf67288220add884788f0325d3 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Fri, 20 Nov 2020 14:41:17 +0000 Subject: [PATCH 22/30] Added message about Default Location - Linux/Mac. --- doc/installation/deployments/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index e27c3aa940..ea3ea6fe75 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -17,7 +17,7 @@ - Follow this Quickstart Guide: - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - Ensure to upload your public API key - - Default location: + - Default location (on Linux a Mac): `/Users//.oci/oci_api_key_public.pem`

1. Return to OKE and navigate to the cluster page. -- GitLab From cdfbaacfa32098aeadc2d44581303eeaaee4785e Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Tue, 8 Dec 2020 15:06:40 +0000 Subject: [PATCH 23/30] Added link to "Necessary Resources" as a place holder. --- doc/installation/deployments/oke.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index ea3ea6fe75..6376a6ef65 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -12,6 +12,7 @@ ## Install 1. Setup OKE Cluster with necessary resources + - [https://docs.gitlab.com/charts/installation/#cloud-cluster-preparation](../index.md#cloud-cluster-preparation) 1. Configure Local Shell to access OKE Cluster
- NOTE: Cloud Shell had an old version of Helm installed that was below the minimum version that GitLab documentation says to use. - Follow this Quickstart Guide: -- GitLab From 81b11938a014c9ee8db28a78627ad7e4838b8d53 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 9 Dec 2020 20:18:51 +0100 Subject: [PATCH 24/30] Copyedit the OKE docs --- doc/installation/deployments/oke.md | 289 +++++++++++++++------------- 1 file changed, 152 insertions(+), 137 deletions(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index 6376a6ef65..0515a14cc9 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -1,7 +1,13 @@ -# Deploying GitLab on OKE +# Deploy GitLab on OKE + +This guide will help you deploy GitLab in +[Oracle Kubernetes Engine (OKE)](https://www.oracle.com/cloud-native/container-engine-kubernetes/) +hosted on Oracle Cloud Infrastructure (OCI). ## Assumptions +The following are assumed: + 1. Builtin Container Registry 1. Builtin Runner 1. Domain name and ability to update DNS records @@ -9,163 +15,172 @@ 1. Access to OCI and necessary resources to provision OKE Environment 1. Setting the GitLab Runner to privileged mode -## Install - -1. Setup OKE Cluster with necessary resources - - [https://docs.gitlab.com/charts/installation/#cloud-cluster-preparation](../index.md#cloud-cluster-preparation) -1. Configure Local Shell to access OKE Cluster
- - NOTE: Cloud Shell had an old version of Helm installed that was below the minimum version that GitLab documentation says to use. - - Follow this Quickstart Guide: - - [https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - - Ensure to upload your public API key - - Default location (on Linux a Mac): - `/Users//.oci/oci_api_key_public.pem`

+## Set up the OKE cluster +1. Setup OKE Cluster with the [necessary resources](../index.md#cloud-cluster-preparation). +1. Follow Oracle's [quickstart guide](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) + to configure your local shell to access the OKE cluster. +1. Ensure to [upload your public API key](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#three). + The default location should be at `~/.oci/oci_api_key_public.pem`. 1. Return to OKE and navigate to the cluster page. - - Click on **Access Cluster** at the top of the page - - Select **Local Access** and follow the steps using your local CLI - - Ensure correct versions are installed and update using brew (on Mac) if necessary.

+ 1. Click on **Access Cluster** at the top of the page. + 1. Select **Local Access** and follow the steps using your local CLI. + 1. Ensure the correct versions are installed and update them if necessary. -1. Ensure the requirements are meet by checking here: - - [https://docs.gitlab.com/charts/quickstart/index.html#requirements](../../quickstart/index.md#requirements) - - Note: Requirements will change overtime as the Helm chart is updated.

+## Install GitLab -1. From your local CLI - Type the following commands: - - Add the GitLab Helm Repo: +1. Ensure the [requirements](../../quickstart/index.md#requirements) are met. +1. From your local CLI add the GitLab Helm repo: - `helm repo add gitlab https://charts.gitlab.io/` + ```shell + helm repo add gitlab https://charts.gitlab.io/ + ``` - - Install GitLab using: +1. Install GitLab: - ```shell - helm install gitlab gitlab/gitlab \ - --timeout 600s \ - --set global.hosts.domain=%DOMAIN_NAME% \ - --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ - --set certmanager-issuer.email=%EMAIL_ADDRESS% \ - --set gitlab-runner.runners.privileged=true - ``` + ```shell + helm install gitlab gitlab/gitlab \ + --timeout 600s \ + --set global.hosts.domain=%DOMAIN_NAME% \ + --set global.hosts.gitlab.name=%GITLAB_HOSTNAME%.%DOMAIN_NAME% \ + --set certmanager-issuer.email=%EMAIL_ADDRESS% \ + --set gitlab-runner.runners.privileged=true + ``` -1. You can validate the pods are being initialized by typing: +1. You can validate the pods are being initialized: - `kubectl get pods` + ```shell + kubectl get pods + ``` 1. Get the external IP addresses: - `kubectl get ingress -lrelease=gitlab` + ```shell + kubectl get ingress -lrelease=gitlab + ``` 1. Update your DNS records to point to the IP address displayed from the above command. - - The runner pod requires the DNS to be configured so this pod will enter a CrashLoopBackOff until DNS is configured. You will not be able to proceed without this piece running. - - Navigating to the GitLab webpage will result in a: `“default backend - 404” error.`

+ The runner pod requires the DNS to be configured so this pod will enter a + `CrashLoopBackOff` until DNS is configured. You will not be able to proceed + without this piece running. Navigating to the GitLab webpage will result in a: + `default backend - 404 error.` + +1. After the DNS zone record has been created, get the base64 root password, + which you need to connect in the dashboard: + + ```shell + kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` + ``` -1. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard - - `kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo` - - Copy the output to enter into the GitLab configuration screen later.

+ Copy the output to enter into the GitLab configuration screen later. -1. Ensure all pods are running before proceeding by running: - - `kubectl get pods` +1. Ensure all pods are running before proceeding: -1. Login to GitLab - - Within a Web Browser navigate to the DNS address of the GitLab Instance (configured above) - - Enter the follow credentials: - - Username= `root` - - Password= Password that was copied from above command. (base64 string)

+ ```shell + kubectl get pods + ``` -1. You will be forced to update the root password. - - Please record this for future reference. +1. Log in to GitLab by navigating to the DNS address of the GitLab instance. + As username use `root` and as password the one you copied above. At the first + login you will be forced to update the root password. -## Configure +## Configure GitLab -We will now do a basic configuration of GitLab to include setting up some users, importing a sample project, configure an Operations K8s integration, enabling AutoDevOps and starting your pipeline. +We will now do a basic configuration of GitLab to include setting up some users, +importing a sample project, configure an Operations Kubernetes integration, +enabling Auto DevOps and starting your pipeline: 1. Create new admin users - Login to GitLab using the root account. - Admin Area (wrench at the top) -> **Users**

-1. Import Express project and configure AutoDevops - - From Welcome Page -> **Create Project -> Import Project -> Repo by URL** - - Project to Import (Example): [https://gitlab.com/gitlab-org/express-example.git](https://gitlab.com/gitlab-org/express-example.git) - - Paste the URL and follow fill out the remaining items and click create. - - Enable AutoDevOps on your project - - In the project Navigate to **Settings -> CI/CD -> Auto DevOps** and enable **Default to Auto DevOps pipeline**

- -1. Setup project level Kubernetes with existing GitLab. You will need several pieces configuration details. Obtain the necessary information: - - Get the API URL by running this command: - - `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'` - - - Record the API URL for later.

- - Obtain the CA Certificate, Run: - - `kubectl get secrets` - - - One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. - - Example: `default-token-l5x6k`

- - - Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account: - - Create a file called `gitlab-admin-service-account.yaml` on your local machine with the following contents: - - ```yaml - apiVersion: v1 - kind: ServiceAccount - metadata: - name: gitlab-admin - namespace: kube-system - --- - apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - name: gitlab-admin - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: gitlab-admin - namespace: kube-system - ``` - - - Run the following command to apply the service account and cluster role binding to your cluster: - `kubectl apply -f gitlab-admin-service-account.yaml` - - - You should receive the following output: - - ```shell - serviceaccount "gitlab-admin" created - clusterrolebinding "gitlab-admin" created - ``` - - - Retrieve the token for the `gitlab-admin` service account: - - `kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')` - - Record this for later

- -1. Add the Kubernetes Cluster in GitLab. - - From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** - - From here enter in the recorded information - - Kubernetes cluster name - - Create a name - - API URL - - Previously recorded - - CA Certificate - - Previously recorded - - Service Token - - Previously recorded - - Click **Add Kubernetes cluster** when finished

-1. Install Applications within the GitLab connected Kubernetes cluster - - From your project navigate to **Operations -> Kubernetes ->Click on the newly created cluster -> Applications** - - Install the following components: - - Ingress - Disable WAF - - Endpoint should be the IP address - - Cert-Manager - - Prometheus

-1. Upload GitLab License Key - - Navigate to the license page: `https://*YOUR-GITLAB-FQDN*/admin/license` - - Note you will need GitLab Ultimate to have the security scans working.

-1. Run your CI pipeline - - Navigate to your project -> **CI/CD** - - Click on **Run Pipeline** - - You should have successfully completed a pipeline

-1. Success! +1. Import an example project and configure Auto DevOps: + 1. From the welcome page, select **Create Project > Import Project > Repo by URL**. + For the project to import use the Express example: `https://gitlab.com/gitlab-org/express-example.git`. + Paste the URL, follow fill out the remaining items, and click create. + 1. Enable Auto DevOps on your project, by navigating to **Settings > CI/CD > Auto DevOps**, + and enable **Default to Auto DevOps pipeline**. +1. Next, set up the project level Kubernetes integration. You will need several + pieces of configuration details. Obtain the necessary information: + 1. Get the API URL: + + ```shell + kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' + ``` + + 1. Obtain the CA Certificate: + + ```shell + kubectl get secrets + ``` + + One of the secrets listed should be named similar to `default-token-xxxxx`. + Copy that token name and use it in the following command. + + 1. GitLab authenticates against Kubernetes by using service tokens, which are + scoped to a particular namespace. The token used should belong to a service + account with cluster-admin privileges. To create this service account: + + 1. Create a file called `gitlab-admin-service-account.yaml` on your local + machine with the following contents: + + ```yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + name: gitlab-admin + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: gitlab-admin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: gitlab-admin + namespace: kube-system + ``` + + 1. Apply the service account and cluster role binding to your cluster: + + ```shell + kubectl apply -f gitlab-admin-service-account.yaml + ``` + + You should receive the following output: + + ```plaintext + serviceaccount "gitlab-admin" created + clusterrolebinding "gitlab-admin" created + ``` + + 1. Retrieve the token for the `gitlab-admin` service account: + + ```shell + kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') + ``` + +1. Add the Kubernetes Cluster in GitLab: + 1. From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** + 1. From here enter in the recorded information + 1. Create a Kubernetes cluster name + 1. Add the API URL from the previous steps. + 1. Add the CA Certificate from the previous steps. + 1. Add the service token from the previous steps. + 1. Click **Add Kubernetes cluster**. +1. Install applications within the GitLab-connected Kubernetes cluster: + 1. From your project navigate to **Operations > Kubernetes**, click on the + newly-created cluster and navigate to **Applications**. + 1. Install the following components: + - Ingress (disable WAF): the endpoint should be the IP address of the cluster. + - Cert-Manager + - Prometheus +1. Upload a license key to your GitLab instance by navigating to the license page + (`https:///admin/license`). + You will need GitLab Ultimate to have the security scans working. +1. Run your CI pipeline by navigating to your project's **CI/CD** and click on + **Run Pipeline**. After a few minutes your Auto DevOps pipeline should have + successfully completed. -- GitLab From 51325502010d6d908ba619c5c384c3884570e2b0 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 9 Dec 2020 20:40:12 +0100 Subject: [PATCH 25/30] Fix lint errors --- doc/installation/deployments/oke.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index 0515a14cc9..ea79ade62b 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -144,24 +144,24 @@ enabling Auto DevOps and starting your pipeline: namespace: kube-system ``` - 1. Apply the service account and cluster role binding to your cluster: + 1. Apply the service account and cluster role binding to your cluster: - ```shell - kubectl apply -f gitlab-admin-service-account.yaml - ``` + ```shell + kubectl apply -f gitlab-admin-service-account.yaml + ``` - You should receive the following output: + You should receive the following output: - ```plaintext - serviceaccount "gitlab-admin" created - clusterrolebinding "gitlab-admin" created - ``` + ```plaintext + serviceaccount "gitlab-admin" created + clusterrolebinding "gitlab-admin" created + ``` - 1. Retrieve the token for the `gitlab-admin` service account: + 1. Retrieve the token for the `gitlab-admin` service account: - ```shell - kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') - ``` + ```shell + kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') + ``` 1. Add the Kubernetes Cluster in GitLab: 1. From your project navigate to **Operations -> Kubernetes -> Connect existing cluster** -- GitLab From 09eba0be6cf8ea1b0d76e6a47efdef2a80e40024 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 9 Dec 2020 20:49:27 +0100 Subject: [PATCH 26/30] Copyedit assumptions section --- doc/installation/deployments/oke.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index ea79ade62b..a319f3c8ba 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -1,6 +1,6 @@ # Deploy GitLab on OKE -This guide will help you deploy GitLab in +This is a quickstart guide that will help you deploy GitLab in [Oracle Kubernetes Engine (OKE)](https://www.oracle.com/cloud-native/container-engine-kubernetes/) hosted on Oracle Cloud Infrastructure (OCI). @@ -8,16 +8,16 @@ hosted on Oracle Cloud Infrastructure (OCI). The following are assumed: -1. Builtin Container Registry -1. Builtin Runner -1. Domain name and ability to update DNS records -1. OKE Cluster has access to the internet -1. Access to OCI and necessary resources to provision OKE Environment -1. Setting the GitLab Runner to privileged mode +- A builtin Container Registry will be used. +- A builtin Runner will be used. +- You have a domain name to be used with GitLab and you are able to update DNS records. +- The OKE cluster has access to the internet. +- You have access to OCI and any necessary resources to provision the OKE environment. +- The GitLab Runner will be set to [privileged mode](https://docs.gitlab.com/runner/executors/docker.html#the-privileged-mode). -## Set up the OKE cluster +## Set up and configure the OKE cluster -1. Setup OKE Cluster with the [necessary resources](../index.md#cloud-cluster-preparation). +1. Set up the OKE cluster. 1. Follow Oracle's [quickstart guide](https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) to configure your local shell to access the OKE cluster. 1. Ensure to [upload your public API key](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#three). -- GitLab From ac322f4634fb7fa2956d54ae47ef6dacdf22e478 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 9 Dec 2020 19:58:09 +0000 Subject: [PATCH 27/30] Apply 4 suggestion(s) to 2 file(s) --- doc/installation/deployments/oke.md | 6 ++---- doc/installation/index.md | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index a319f3c8ba..fb2157fc86 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -86,12 +86,10 @@ The following are assumed: ## Configure GitLab -We will now do a basic configuration of GitLab to include setting up some users, +We will now do a basic configuration of GitLab to include importing a sample project, configure an Operations Kubernetes integration, -enabling Auto DevOps and starting your pipeline: +enabling Auto DevOps, and starting your pipeline: -1. Create new admin users - Login to GitLab using the root account. - - Admin Area (wrench at the top) -> **Users**

1. Import an example project and configure Auto DevOps: 1. From the welcome page, select **Create Project > Import Project > Repo by URL**. diff --git a/doc/installation/index.md b/doc/installation/index.md index 0b30b14eb1..5b8fc9034e 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -50,7 +50,6 @@ choice: - [Amazon EKS](cloud/eks.md) - [OpenShift Origin](cloud/openshift.md) - Oracle Kubernetes Engine - Documentation to be added. -- Azure Container Service - Documentation to be added. - VMware Tanzu - Documentation to be added. - On-Premises solutions - Documentation to be added. -- GitLab From 1c58d4086e392ed709927285de15c7aca80fff9a Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 10 Dec 2020 19:30:21 +0000 Subject: [PATCH 28/30] Added the Obtain CA Cert lines. --- doc/installation/deployments/oke.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index fb2157fc86..4a65091932 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -105,7 +105,8 @@ enabling Auto DevOps, and starting your pipeline: kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' ``` - 1. Obtain the CA Certificate: + 1. CA Certificate: + 1. List the Secrets: ```shell kubectl get secrets @@ -114,6 +115,14 @@ enabling Auto DevOps, and starting your pipeline: One of the secrets listed should be named similar to `default-token-xxxxx`. Copy that token name and use it in the following command. + 1. Obtain the CA Certificate: + + ```shell + kubectl get secret -o jsonpath="{['data']['ca\.crt']}" | base64 --decode + ``` + + If the command returns the entire certificate chain, you must copy the Root CA certificate and any intermediate certificates at the bottom of the chain. + 1. GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. To create this service account: -- GitLab From bc9df70832f7dcd03d93db41bdea80cdf44f1c08 Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 10 Dec 2020 19:36:16 +0000 Subject: [PATCH 29/30] Fixing linting issues. --- doc/installation/deployments/oke.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index 4a65091932..6284f29e5a 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -90,7 +90,6 @@ We will now do a basic configuration of GitLab to include importing a sample project, configure an Operations Kubernetes integration, enabling Auto DevOps, and starting your pipeline: - 1. Import an example project and configure Auto DevOps: 1. From the welcome page, select **Create Project > Import Project > Repo by URL**. For the project to import use the Express example: `https://gitlab.com/gitlab-org/express-example.git`. -- GitLab From 4c0944375241ca8efdf4044b89b3d73604dd52cc Mon Sep 17 00:00:00 2001 From: Brian Piscitelli Date: Thu, 10 Dec 2020 19:47:18 +0000 Subject: [PATCH 30/30] Linting issue resolved - spaces --- doc/installation/deployments/oke.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/deployments/oke.md b/doc/installation/deployments/oke.md index 6284f29e5a..40c8aebb57 100644 --- a/doc/installation/deployments/oke.md +++ b/doc/installation/deployments/oke.md @@ -105,7 +105,7 @@ enabling Auto DevOps, and starting your pipeline: ``` 1. CA Certificate: - 1. List the Secrets: + 1. List the Secrets: ```shell kubectl get secrets -- GitLab