2.3 KiB
2.3 KiB
stage | group | info |
---|---|---|
Configure | Configure | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
CI/CD Tunnel
Introduced in GitLab 14.1.
The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster. GitLab Runner does not have to be running in the same cluster.
Only CI/CD jobs set in the configuration project can access one of the configured agents.
Prerequisites:
- A running
kas
instance. - A configuration repository with an Agent config file
installed (
.gitlab/agents/<agent-name>/config.yaml
). - An Agent record.
- The agent is installed in the cluster.
To access your cluster from a CI/CD job through the tunnel:
-
In your
.gitlab-ci.yml
add a section that creates akubectl
compatible configuration file (kubecontext
) and use it in one or more jobs:variables: AGENT_ID: 4 # agent id that you got when you created the agent record KUBE_CFG_FILE: "$CI_PROJECT_DIR/.kubeconfig.agent.yaml" .kubectl_config: &kubectl_config - | cat << EOF > "$KUBE_CFG_FILE" apiVersion: v1 kind: Config clusters: - name: agent cluster: server: https://kas.gitlab.com/k8s-proxy/ users: - name: agent user: token: "ci:$AGENT_ID:$CI_JOB_TOKEN" contexts: - name: agent context: cluster: agent user: agent current-context: agent EOF deploy: image: name: bitnami/kubectl:latest entrypoint: [""] script: - *kubectl_config - kubectl --kubeconfig="$KUBE_CFG_FILE" get pods
-
Execute
kubectl
commands directly against your cluster with this CI/CD job you just created.
We are working on creating the configuration file automatically to simplify the process.