CI/CD Pipelines for Kubernetes Using GitLab CI

Modern software development demands rapid deployment cycles, scalability, and resilience. Kubernetes has emerged as the go-to orchestration platform, enabling scalable containerized application management. When combined with GitLab CI/CD pipelines, Kubernetes deployments become automated, repeatable, and reliable. 

This article explores the technical details of setting up CI/CD pipelines for Kubernetes using GitLab CI.

Prerequisites

Before configuring your CI/CD pipeline, ensure the following requirements are met:

• GitLab Account: Access to a GitLab repository where the CI/CD pipeline will be configured.
• Kubernetes Cluster: An existing Kubernetes cluster such as Minikube (for local testing) or managed clusters like Google Kubernetes Engine (GKE), Amazon EKS, or Azure AKS.
• kubectl: The Kubernetes command-line tool must be installed and configured for cluster interaction.
• Helm (optional): Kubernetes package manager for deploying and managing applications.
• GitLab Runner: Ensure that GitLab Runner is installed and registered with your project for executing CI/CD jobs.
• Docker: Required for building and pushing container images to a container registry.

Setting Up Kubernetes Integration With GitLab

Connect Kubernetes Cluster

Integrating Kubernetes with GitLab allows seamless deployment and resource management directly from your pipeline. Follow these steps:

1. Go to your GitLab project dashboard.
2. Navigate to Infrastructure > Kubernetes Clusters.
3. Click Add Kubernetes Cluster and either connect an existing cluster or create a new one using cloud providers.
4. Assign proper permissions to GitLab using Role-Based Access Control (RBAC).

RBAC Configuration

RBAC defines access permissions for Kubernetes resources. Below is an example YAML configuration to set up RBAC:

apiVersion: v1

kind: ServiceAccount

metadata:

  name: gitlab-sa

  namespace: default

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: gitlab-cluster-admin

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: gitlab-sa

  namespace: default

Apply Configuration

Apply the YAML file using kubectl:

kubectl apply -f gitlab-rbac.yaml

Generate Token for Authentication

Extract the service account token needed for GitLab:

kubectl -n default get secret $(kubectl -n default get sa/gitlab-sa -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 --decode

Paste this token into GitLab’s Kubernetes configuration settings.

Configuring GitLab CI/CD Pipeline

Define .gitlab-ci.yml

The GitLab CI configuration file defines pipeline stages, variables, and commands. Below is an example configuration:

image: docker:20.10

​

stages:

  - build

  - test

  - deploy

​

variables:

  KUBE_NAMESPACE: default

  KUBECONFIG: "/root/.kube/config"

  IMAGE_TAG: $CI_COMMIT_SHA

  REGISTRY: registry.gitlab.com/username/project

​

services:

  - docker:dind

​

before_script:

  - apk add --no-cache curl jq bash git

  - curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/linux/amd64/kubectl

  - chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl

  - echo "$KUBE_CONFIG" | base64 -d > $KUBECONFIG

  - chmod 600 $KUBECONFIG

​

build:

  stage: build

  script:

    - docker build -t $REGISTRY:$IMAGE_TAG .

    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

    - docker push $REGISTRY:$IMAGE_TAG

​

unit-test:

  stage: test

  script:

    - echo "Running tests..."

    - ./run-tests.sh

​

deploy:

  stage: deploy

  script:

    - kubectl set image deployment/my-app my-app=$REGISTRY:$IMAGE_TAG -n $KUBE_NAMESPACE

  only:

    - main

Explanation of Configuration 

• Stages: The pipeline is divided into build, test, and deploy stages for modular execution.
• Variables: Environment variables like image tags and namespaces simplify configuration management.
• before_script: Installs dependencies and sets up Kubernetes authentication.
• Image Tagging: Uses commit SHA for uniquely identifying each image version.
• Deployment: Updates Kubernetes deployment by setting the container image.

Secrets Management

GitLab CI supports secure secrets management using variables:

1. Navigate to Settings > CI/CD > Variables.
2. Add required variables like KUBE_CONFIG, CI_REGISTRY_USER, and CI_REGISTRY_PASSWORD.

Encode kubeconfig before adding it as a variable:

cat ~/.kube/config | base64 | tr -d '\n'

Add the result as KUBE_CONFIG in GitLab.

Helm Deployment

Helm simplifies Kubernetes deployments with reusable charts. Example Helm configuration:

apiVersion: v2

name: my-app

version: 1.0.0

appVersion: 1.0.0

​

image:

  repository: registry.gitlab.com/username/project

  tag: latest

​

service:

  type: ClusterIP

  port: 80

Add Helm commands to the pipeline:

deploy:

  stage: deploy

  script:

    - helm upgrade --install my-app ./helm-chart --set image.tag=$IMAGE_TAG

Monitoring and Debugging Tools

Monitor pipeline status in GitLab under CI/CD > Pipelines. Use tools like:

• Prometheus and Grafana: For metrics and visualization.
• Kubernetes Dashboard: Cluster management.
• kubectl logs: Fetch deployment logs.

kubectl logs -f deployment/my-app

Conclusion

This article outlines configuring CI/CD pipelines for Kubernetes with GitLab CI. It covers prerequisites, YAML configurations, secrets management, Helm deployments, and monitoring tools. With this setup, developers can build, test, and deploy containerized applications efficiently and reliably.