- Adding and removing clusters
- Cluster configuration
- Installing applications
- Deploying to a Kubernetes cluster
- Monitoring your Kubernetes cluster
GitLab provides many features with a Kubernetes integration. Kubernetes can be integrated with projects, but also:
Using the GitLab project Kubernetes integration, you can:
- Use Review Apps.
- Run pipelines.
- Deploy your applications.
- Detect and monitor Kubernetes.
- Use it with Auto DevOps.
- Use Web terminals.
- Use Deploy Boards.
- Use Canary Deployments.
- View Pod logs.
- Run serverless workloads on Kubernetes with Knative.
GitLab’s Deploy Boards offer a consolidated view of the current health and status of each CI environment running on Kubernetes, displaying the status of the pods in the deployment. Developers and other teammates can view the progress and status of a rollout, pod by pod, in the workflow they already use without any need to access Kubernetes.
Leverage Kubernetes’ Canary deployments and visualize your canary deployments right inside the Deploy Board, without the need to leave GitLab.
GitLab makes it easy to view the logs of running pods in connected Kubernetes clusters. By displaying the logs directly in GitLab, developers can avoid having to manage console tools or jump to a different interface.
Automatically detect and monitor Kubernetes metrics. Automatic monitoring of NGINX Ingress is also supported.
Auto DevOps automatically detects, builds, tests, deploys, and monitors your applications.
To make full use of Auto DevOps(Auto Deploy, Auto Review Apps, and Auto Monitoring) you will need the Kubernetes project integration enabled.
Introduced in GitLab 8.15.
When enabled, the Kubernetes service adds web terminal
support to your environments. This is based on the
exec functionality found in
Docker and Kubernetes, so you get a new shell session within your existing
containers. To use this integration, you should deploy to Kubernetes using
the deployment variables above, ensuring any deployments, replica sets, and
pods are annotated with:
$CI_PROJECT_PATH_SLUG are the values of
the CI variables.
You must be the project owner or have
maintainer permissions to use terminals. Support is limited
to the first container in the first pod of your environment.
See Adding and removing Kubernetes clusters for details on how to:
- Create a cluster in Google Cloud Platform (GCP) or Amazon Elastic Kubernetes Service (EKS) using GitLab’s UI.
- Add an integration to an existing cluster from any Kubernetes platform.
After adding a Kubernetes cluster to GitLab, read this section that covers important considerations for configuring Kubernetes clusters with GitLab.
The default cluster configuration grants access to a wide set of functionalities needed to successfully build and deploy a containerized application. Bear in mind that the same credentials are used for all the applications running on the cluster.
You can choose to allow GitLab to manage your cluster for you. If your cluster is managed by GitLab, resources for your projects will be automatically created. See the Access controls section for details on which resources will be created.
If you choose to manage your own cluster, project-specific resources will not be created
automatically. If you are using Auto DevOps, you will
need to explicitly provide the
KUBE_NAMESPACE deployment variable
that will be used by your deployment jobs, otherwise a namespace will be created for you.
Note the following with GitLab and clusters:
- If you install applications on your cluster, GitLab will create the resources required to run these even if you have chosen to manage your own cluster.
- Be aware that manually managing resources that have been created by GitLab, like namespaces and service accounts, can cause unexpected errors. If this occurs, try clearing the cluster cache.
Introduced in GitLab 12.6.
If you choose to allow GitLab to manage your cluster for you, GitLab stores a cached version of the namespaces and service accounts it creates for your projects. If you modify these resources in your cluster manually, this cache can fall out of sync with your cluster, which can cause deployment jobs to fail.
To clear the cache:
- Navigate to your project’s Operations > Kubernetes page, and select your cluster.
- Expand the Advanced settings section.
- Click Clear cluster cache.
Introduced in GitLab 11.8.
Specifying a base domain will automatically set
KUBE_INGRESS_BASE_DOMAIN as an environment variable.
If you are using Auto DevOps, this domain will be used for the different
stages. For example, Auto Review Apps and Auto Deploy.
The domain should have a wildcard DNS configured to the Ingress IP address. After Ingress has been installed (see Installing Applications), you can either:
- Create an
Arecord that points to the Ingress IP address with your domain provider.
- Enter a wildcard DNS address using a service such as nip.io or xip.io. For example,
When adding more than one Kubernetes cluster to your project, you need to differentiate them with an environment scope. The environment scope associates clusters with environments similar to how the environment-specific variables work.
The default environment scope is
*, which means all jobs, regardless of their
environment, will use that cluster. Each scope can only be used by a single
cluster in a project, and a validation error will occur if otherwise.
Also, jobs that don’t have an environment keyword set will not be able to access any cluster.
For example, let’s say the following Kubernetes clusters exist in a project:
And the following environments are set in
stages: - test - deploy test: stage: test script: sh test deploy to staging: stage: deploy script: make deploy environment: name: staging url: https://staging.example.com/ deploy to production: stage: deploy script: make deploy environment: name: production url: https://example.com/
The result will then be:
- The Development cluster details will be available in the
deploy to stagingjob.
- The production cluster details will be available in the
deploy to productionjob.
- No cluster details will be available in the
testjob because it doesn’t define any environment.
Introduced in GitLab Premium 10.3.
With GitLab Premium, you can associate more than one Kubernetes cluster to your project. That way you can have different clusters for different environments, like dev, staging, production, etc.
Simply add another cluster, like you did the first time, and make sure to set an environment scope that will differentiate the new cluster with the rest.
GitLab can install and manage some applications like Helm, GitLab Runner, Ingress, Prometheus, etc., in your project-level cluster. For more information on installing, upgrading, uninstalling, and troubleshooting applications for your project cluster, see GitLab Managed Apps.
A Kubernetes cluster can be the destination for a deployment job. If
- The cluster is integrated with GitLab, special
deployment variables are made available to your job
and configuration is not required. You can immediately begin interacting with
the cluster from your jobs using tools such as
- You don’t use GitLab’s cluster integration you can still deploy to your cluster. However, you will need configure Kubernetes tools yourself using environment variables before you can interact with the cluster from your jobs.
The Kubernetes cluster integration exposes the following deployment variables in the GitLab CI/CD build environment.
|Equal to the API URL.|
|The Kubernetes token of the environment service account.|
|The namespace associated with the project’s deployment service account. In the format |
|Path to a file containing PEM data. Only present if a custom CA bundle was specified.|
|(deprecated) Raw PEM data. Only if a custom CA bundle was specified.|
|Path to a file containing |
|From GitLab 11.8, this variable can be used to set a domain per cluster. See cluster domains for more information.|
KUBE_TOKENwas the Kubernetes token of the main service account of the cluster integration.
KUBE_NAMESPACEwill be set to
When deploying a custom namespace:
- The custom namespace must exist in your cluster.
- The project’s deployment service account must have permission to deploy to the namespace.
KUBECONFIGmust be updated to use the custom namespace instead of the GitLab-provided default (this is not automatic).
- If deploying with Auto DevOps, you must also override
KUBE_NAMESPACEwith the custom namespace.
Before the deployment jobs starts, GitLab creates the following specifically for the deployment job:
- A namespace.
- A service account.
However, sometimes GitLab can not create them. In such instances, your job will fail with the message:
This job failed because the necessary resources were not successfully created.
To find the cause of this error when creating a namespace and service account, check the logs.
Reasons for failure include:
- The token you gave GitLab does not have
cluster-adminprivileges required by GitLab.
KUBE_TOKENvariables. To be passed to your job, they must have a matching
environment:name. If your job has no
environment:nameset, it will not be passed the Kubernetes credentials.
When Prometheus is deployed, GitLab will automatically monitor the cluster’s health. At the top of the cluster settings page, CPU and Memory utilization is displayed, along with the total amount available. Keeping an eye on cluster resources can be important, if the cluster runs out of memory pods may be shutdown or fail to start.