Commit b4de23a6 authored by Evan Read's avatar Evan Read

Merge branch 'docs-add-existing-cluster-fixup' into 'master'

Docs: Improve add existing cluster section

See merge request gitlab-org/gitlab-ce!26266
parents 66054aeb 882b6479
...@@ -101,6 +101,12 @@ To add an existing Kubernetes cluster to your project: ...@@ -101,6 +101,12 @@ To add an existing Kubernetes cluster to your project:
It's the URL that GitLab uses to access the Kubernetes API. Kubernetes It's the URL that GitLab uses to access the Kubernetes API. Kubernetes
exposes several APIs, we want the "base" URL that is common to all of them, exposes several APIs, we want the "base" URL that is common to all of them,
e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`. e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
Get the API URL by running this command:
```sh
kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
```
- **CA certificate** (required) - A valid Kubernetes certificate is needed to authenticate to the EKS cluster. We will use the certificate created by default. - **CA certificate** (required) - A valid Kubernetes certificate is needed to authenticate to the EKS cluster. We will use the certificate created by default.
- List the secrets with `kubectl get secrets`, and one should named similar to - List the secrets with `kubectl get secrets`, and one should named similar to
`default-token-xxxxx`. Copy that token name for use below. `default-token-xxxxx`. Copy that token name for use below.
...@@ -124,23 +130,7 @@ To add an existing Kubernetes cluster to your project: ...@@ -124,23 +130,7 @@ To add an existing Kubernetes cluster to your project:
metadata: metadata:
name: gitlab-admin name: gitlab-admin
namespace: kube-system namespace: kube-system
``` ---
2. Apply the service account to your cluster:
```bash
kubectl apply -f gitlab-admin-service-account.yaml
```
Output:
```bash
serviceaccount "gitlab-admin" created
```
3. Create a file called `gitlab-admin-cluster-role-binding.yaml` with contents:
```yaml
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
...@@ -155,19 +145,20 @@ To add an existing Kubernetes cluster to your project: ...@@ -155,19 +145,20 @@ To add an existing Kubernetes cluster to your project:
namespace: kube-system namespace: kube-system
``` ```
4. Apply the cluster role binding to your cluster: 1. Apply the service account and cluster role binding to your cluster:
```bash ```bash
kubectl apply -f gitlab-admin-cluster-role-binding.yaml kubectl apply -f gitlab-admin-service-account.yaml
``` ```
Output: Output:
```bash ```bash
serviceaccount "gitlab-admin" created
clusterrolebinding "gitlab-admin" created clusterrolebinding "gitlab-admin" created
``` ```
5. Retrieve the token for the `gitlab-admin` service account: 1. Retrieve the token for the `gitlab-admin` service account:
```bash ```bash
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}') kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')
...@@ -212,14 +203,6 @@ To add an existing Kubernetes cluster to your project: ...@@ -212,14 +203,6 @@ To add an existing Kubernetes cluster to your project:
After a couple of minutes, your cluster will be ready to go. You can now proceed After a couple of minutes, your cluster will be ready to go. You can now proceed
to install some [pre-defined applications](#installing-applications). to install some [pre-defined applications](#installing-applications).
To determine the:
- API URL, run `kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'`.
- Token:
1. List the secrets by running: `kubectl get secrets`. Note the name of the secret you need the token for.
1. Get the token for the appropriate secret by running: `kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['token']}" | base64 --decode`.
- CA certificate, run `kubectl get secret <secret name> -o jsonpath="{['data']['ca\.crt']}" | base64 --decode`.
## Security implications ## Security implications
CAUTION: **Important:** CAUTION: **Important:**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment