2021-09-30 23:02:18 +05:30
---
stage: Configure
group: Configure
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
2021-11-11 11:23:49 +05:30
# CI/CD Tunnel **(PREMIUM)**
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327409) in GitLab 14.1.
2021-11-11 11:23:49 +05:30
> - The pre-configured `KUBECONFIG` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/324275) in GitLab 14.2.
> - The ability to authorize groups was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
2021-09-30 23:02:18 +05:30
2021-11-18 22:05:49 +05:30
WARNING:
The CI/CD Tunnel is not supported for GitLab self-managed instances installed via Omnibus. We
plan to [add support for Omnibus ](https://gitlab.com/gitlab-org/gitlab/-/issues/324272 ) in the future.
2021-09-30 23:02:18 +05:30
The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network
connectivity between GitLab Runner and a cluster. GitLab Runner does not have to be running in the same cluster.
Only CI/CD jobs set in the configuration project can access one of the configured agents.
2021-11-11 11:23:49 +05:30
## Prerequisites
2021-09-30 23:02:18 +05:30
- A running [`kas` instance ](index.md#set-up-the-kubernetes-agent-server ).
- A [configuration repository ](index.md#define-a-configuration-repository ) with an Agent config file
installed (`.gitlab/agents/< agent-name > /config.yaml`).
- An [Agent record ](index.md#create-an-agent-record-in-gitlab ).
2021-11-11 11:23:49 +05:30
- The Agent [installed in the cluster ](index.md#install-the-agent-into-the-cluster ).
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
## Use the CI/CD Tunnel to run Kubernetes commands from GitLab CI/CD
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
If your project has access to one or more Agent records available, its CI/CD
jobs provide a `KUBECONFIG` variable compatible with `kubectl` .
Also, each Agent has a separate context (`kubecontext`). By default,
there isn't any context selected.
2021-10-27 15:23:28 +05:30
Contexts are named in the following format: `<agent-configuration-project-path>:<agent-name>` .
2021-11-11 11:23:49 +05:30
To get the list of available contexts, run `kubectl config get-contexts` .
## Example for a `kubectl` command using the CI/CD Tunnel
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
The following example shows a CI/CD job that runs a `kubectl` command using the CI/CD Tunnel.
You can run any Kubernetes-specific commands similarly, such as `kubectl` , `helm` ,
`kpt` , and so on. To do so:
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
1. Set your Agent's context in the first command with the format `<agent-configuration-project-path>:<agent-name>` .
1. Run Kubernetes commands.
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
For example:
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
```yaml
deploy:
image:
name: bitnami/kubectl:latest
entrypoint: [""]
script:
- kubectl config use-context path/to/agent-configuration-project:your-agent-name
- kubectl get pods
```