Connect GKE clusters through cluster certificates

caution
Use Infrastrucure as Code to create a cluster hosted on Google Kubernetes Engine (GKE).

Through GitLab, you can create new and connect existing clusters hosted on Google Kubernetes Engine (GKE).

Connect an existing GKE cluster

If you already have a GKE cluster and want to connect it to GitLab, use the GitLab Kubernetes Agent.

Alternatively, you can connect them with cluster certificates, altough this method is not recommended for security implications.

Create a new GKE cluster from GitLab

Introduced in GitLab 12.4, all the GKE clusters provisioned by GitLab are VPC-native.

To create a new GKE cluster from GitLab, use Infrastructure as Code.

Alternatively, you can create new GKE clusters using cluster certificates. Although still available in the GitLab UI, this method was deprecated in GitLab 14.0 and is scheduled for removal in GitLab 15.0. It also has security implications.

Create a new cluster on GKE through cluster certificates (DEPRECATED)

Deprecated in GitLab 14.0.

Prerequisites:

Note the following:

  • The Google authentication integration must be enabled in GitLab at the instance level. If that’s not the case, ask your GitLab administrator to enable it. On GitLab.com, this is enabled.
  • In GitLab 12.1 and later, all GKE clusters created by GitLab are RBAC-enabled. Take a look at the RBAC section for more information.
  • In GitLab 12.5 and later, the cluster’s pod address IP range is set to /16 instead of the regular /14. /16 is a CIDR notation.
  • GitLab requires basic authentication enabled and a client certificate issued for the cluster to set up an initial service account. In GitLab versions 11.10 and later, the cluster creation process explicitly requests GKE to create clusters with basic authentication enabled and a client certificate.

To create new Kubernetes clusters to your project, group, or instance, through cluster certificates:

  1. Navigate to your:
    • Project’s Infrastructure > Kubernetes clusters page, for a project-level cluster.
    • Group’s Kubernetes page, for a group-level cluster.
    • Menu > Admin > Kubernetes page, for an instance-level cluster.
  2. Click Integrate with a cluster certificate.
  3. Under the Create new cluster tab, click Google GKE.
  4. Connect your Google account if you haven’t done already by clicking the Sign in with Google button.
  5. Choose your cluster’s settings:
    • Kubernetes cluster name - The name you wish to give the cluster.
    • Environment scope - The associated environment to this cluster.
    • Google Cloud Platform project - Choose the project you created in your GCP console to host the Kubernetes cluster. Learn more about Google Cloud Platform projects.
    • Zone - Choose the region zone under which to create the cluster.
    • Number of nodes - Enter the number of nodes you wish the cluster to have.
    • Machine type - The machine type of the Virtual Machine instance to base the cluster on.
    • Enable Cloud Run for Anthos - Check this if you want to use Cloud Run for Anthos for this cluster. See the Cloud Run for Anthos section for more information.
    • GitLab-managed cluster - Leave this checked if you want GitLab to manage namespaces and service accounts for this cluster. See the Managed clusters section for more information.
  6. Finally, click the Create Kubernetes cluster button.

After a couple of minutes, your cluster is ready.

Cloud Run for Anthos

Introduced in GitLab 12.4.

You can choose to use Cloud Run for Anthos in place of installing Knative and Istio separately after the cluster has been created. This means that Cloud Run (Knative), Istio, and HTTP Load Balancing are enabled on the cluster from the start, and cannot be installed or uninstalled.