GitLab Microk8s >1.24 certificate based integration

11/3/2023
Maxime Moreillon
KubernetesMicrok8sTutorialsGitLab

GitLab Microk8s >1.24 certificate based integration

With newer versions of Microk8s, its GitLab integration changes slightly. Here are the key differences

CA certificate

The CA certificate can be obtained directly from the microk8s files:

cat /var/snap/microk8s/current/certs/ca.crt

Access Token

As per usual, the RBAC addon must be enabled

micok8s.enable rbac

Following which, the following manifest can be applied:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: gitlab
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: "gitlab"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system

This creates the access token which can be displayed using:

microk8s.kubectl -n kube-system describe secret $(microk8s.kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')