Migrate to the GitLab agent for Kubernetes

To connect your Kubernetes cluster with GitLab, you can use:

The certificate-based integration is deprecated in GitLab 14.5. It is expected to be turned off by default in 15.0 and removed in GitLab 15.6.

If you are using the certificate-based integration, you should move to another workflow as soon as possible.

As a general rule, to migrate clusters that rely on GitLab CI/CD, you can use the CI/CD workflow. This workflow uses an agent to connect to your cluster. The agent:

  • Is not exposed to the internet.
  • Does not require full cluster-admin access to GitLab.
The certificate-based integration was used for popular GitLab features like GitLab Managed Apps, GitLab-managed clusters, and Auto DevOps. Some features are currently available only when using certificate-based integration.

Migrate cluster application deployments

Migrate from GitLab-managed clusters

With GitLab-managed clusters, GitLab creates separate service accounts and namespaces for every branch and deploys by using these resources.

The GitLab agent uses impersonation strategies to deploy to your cluster with restricted account access. To do so:

  1. Choose the impersonation strategy that suits your needs.
  2. Use Kubernetes RBAC rules to manage impersonated account permissions in Kubernetes.
  3. Use the access_as attribute in your agent configuration file to define the impersonation.

Migrate from Auto DevOps

To configure your Auto DevOps project to use the GitLab agent:

  1. Follow the steps to install an agent in your cluster.
  2. Go to the project where you use Auto DevOps.
  3. On the left sidebar, select Settings > CI/CD and expand Variables.
  4. Select Add new variable.
  5. Add KUBE_CONTEXT as the key, path/to/agent/project:agent-name as the value, and select the environment scope of your choice.
  6. Select Add variable.
  7. Repeat the process to add another variable, KUBE_NAMESPACE, setting the value for the Kubernetes namespace you want your deployments to target, and set the same environment scope from the previous step.
  8. On the left sidebar, select Infrastructure > Kubernetes clusters.
  9. From the certificate-based clusters section, open the cluster that serves the same environment scope.
  10. Select the Details tab and disable the cluster.
  11. To activate the changes, on the left sidebar, select CI/CD > Pipelines and then Run pipeline.

For an example, view this project.

Migrate generic deployments

Follow the process for the CI/CD workflow.

Migrate from GitLab Managed applications

GitLab Managed Apps (GMA) were deprecated in GitLab 14.0, and the agent for Kubernetes does not support them. To migrate from GMA to the agent, go through the following steps:

  1. Migrate from GitLab Managed Apps to a cluster management project.
  2. Migrate the cluster management project to use the agent.

Migrate a cluster management project

See how to use a cluster management project with the GitLab agent.

Migrate cluster monitoring features

Cluster monitoring features are not yet supported by the GitLab agent for Kubernetes.