Get "Kubernetes error: Unauthorized" when try to configure GitLab CI Runner with Kubernetes

0
votes

I try to run GitLab CI for private GitLab instance with Kubernetes at GCP following this instruction.

I got IP of Kubernetes master with kubectl cluster-info

Then I created ServiceAccount with kubectl, and also get token with command kubectl describe secret/SERVICEACCOUNT-XXXXX

Then I got the certificate with

kubectl -o json get secret SERVICEACCOUNT-XXXXX | jq -r '.data."ca.crt"' | base64 -d - | tee ca.crt

I inserted IP, token and ca.crt content in the Kubernetes integration fields for "Add an existing Kubernetes cluster" command at GitLab.

After that, I tried to install Helm at GitLab, but get an error 

Something went wrong while installing Helm Tiller
Kubernetes error: Unauthorized

Can you help me, please, to find out how to solve these problems?

1
kubernetesgoogle-cloud-platformgitlabgitlab-cikubernetes-helm
You can try adding --v=10 to kubectl commands to get more debug output. This error message is common and points to an authentication/authorization problem, but you would need to know about what actions you are not allowed to perform. In particular Tiller needs wide permissions to modify almost all resources on the cluster. - giorgiosironi

1 Answers

0
votes

Not 100% for gitlab CI but if its building inside the cluster then maybe this https://kubernetes.io/docs/reference/access-authn-authz/rbac/

RBAC is enabled by default on GKE so you may need to set cluster role permissions for Gitlab so it can spin up containers.