In the previous blog post we’ve described how to spin up a kubernetes cluster on Nectar. Around the same time, I also got to know that University of Melbourne has a self-hosted gitlab. To my delight, I found out that GitLab has Kubernetes integration.

This means that, if you are in UniMelb (or have a self-hosted gitlab), you can run CI/CD using Nectar cloud, without having to set up any infrastructure!

Spin up cluster

  1. Spin up a kubernetes (k8s) cluster and create the config directory. Instructions.

  2. Run the following
    kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin
    --user=admin --user=kubelet --group=system:serviceaccounts
  3. Get the default secret name (in format default-token-xxxx)
    kubectl get secrets
  4. Get the token for this secret
    kubectl describe secrets/default-token-xxxx
  5. Get the API URL.

    Look for the line like

    - cluster:
  6. Get the CA cert. In the directory where $KUBECONFIG is stored, do
    cat ca.pem

Configure Repo

  1. In the GitLab repo, navigate to Operations - Kubernetes

  2. Fill in the cluster details that you got from the previous steps.

  3. In the list of Applications, install the following in order:
    1. Helm Tiller
    2. GitLab Runner
  4. Create a .gitlab-ci.yml file. For example, if I want to run yamllint on my code, an example file will look like:

       - apt-get update
       - apt-get install -y python yamllint
       - apt-get install -y python3-pkg-resources python3-setuptools
       - python --version
       - which python
         - find . -type f -iname "*.yaml" -o -iname "*.eyaml" | xargs yamllint
  5. Commit and push the change. When the change is pushed to GitLab, a runner will start up and run the job specified by .gitlab-ci.yml. Jobs can be viewed from the CI/CD tab.


At this point in time, GitLab CE integration can only do one kubernetes cluster per repo. No ability to do dev/test/prod clusters per repo.

Also, it does not support RBAC, so it means that the integration will have full permissions to the cluster. So you really want to dedicate 1 k8s cluster to 1 repo, and not have any other containers running on that cluster.