Blog
  • Welcome to egonzalez blog
  • Software Supply Chain Security
    • Software Supply Chain Security: Why It Matters
    • Software Supply Chain Security: A Technical Deep Dive
    • SLSA and the Software Supply Chain Security: Time to Get Serious
  • Provenance
    • Understanding Provenance in Software Supply Chain Security
  • Building a secure development framework
  • Hacking
    • Index
      • Hack the box writeups
        • Dyplesher HTB writeup
        • Fatty HTB writeup
        • Oouch HTB writeup
        • Sauna HTB writeup
      • Python Vulnerabilities
        • Data Deserialization
          • Pickle
          • XML
          • YAML
      • Hacking cheatsheet
  • DevSecOps
    • Index
      • Gitlab CI minikube development environment
      • Gerrit review minikube
      • Gerrit and gitlab replication and CI job hooks on k8s
      • Vault integration with Gitlab CI
      • Gitlab CI template for DefectDojo
      • Falco real time runtime thread detection on k8s
      • Zarf - Airgap deployment in kubernetes
      • OWASP Dependency-track
      • OpenDaylight in a Docker
      • To conditional or to skip, that's the Ansible question
      • Spacewalk Red Hat Satellite v5 in a Docker container PoC
      • Ansible INI file module
  • OpenStack
    • Index
      • OpenStack tacker and service function chaining sfc with kolla
      • Deploy OpenStack designate with kolla-ansible
      • OpenStack keystone zero downtime upgrade process newton to ocata
      • Midonet integration with OpenStack Mitaka
      • OpenStack kolla deployment
      • Magnum in RDO OpenStack Liberty
      • Nova VNC flows under the hood
      • Ceph Ansible baremetal deployment
      • Rally OpenStack benchmarking with Docker
      • OpenStack affinity/anti-affinity groups
      • Migrate keystone v2.0 to keystone v3 OpenStack
      • Neutron DVR OpenStack Liberty
      • OpenStack segregation with availability zones and host aggregates
      • Nova Docker driver
      • Murano in RDO OpenStack manual installation
      • Ceph RadosGW admin Ops
      • Multiple store locations for glance images
      • List all tenants belonging an user
      • Load balancer as a service OpenStack LbaaS
      • OpenStack nova API start error
      • Delete OpenStack neutron networks
Powered by GitBook
On this page

Was this helpful?

  1. DevSecOps
  2. Index

Gitlab CI minikube development environment

Gitlab installation on minikube for CI testing

Install minikube

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64

Create minikube machine

minikube start --cpus 4 --memory 8192 --addons ingress

Install gitlab helm repository

helm repo add gitlab https://charts.gitlab.io
helm repo update

Optional install traefik for git clone through ssh

helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefik

Install Gitlab Helm charts

helm dependency update
helm upgrade --install gitlab gitlab/gitlab \
--timeout 600s \
--set global.ingress.provider=traefik \
--set certmanager-issuer.email=me@localhost \
--set global.hosts.domain=$(minikube ip).nip.io \
--set global.hosts.externalIP=$(minikube ip) \
-f https://gitlab.com/gitlab-org/charts/gitlab/raw/master/examples/values-minikube.yaml

Installation may take for a while, if not too much resources some pods will be restarting a couple of times. Wait until the webserver is running at gitlab main page https://$(minikube ip)

Default login user is root and password can be get with the following command

kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo

Gitlab runner

With the default gitlab helm chart a runner is already installed, but if you wish to add more runners or used a custom values follow the following steps.

Generate values.yml with gitlab runner contents.

Registration token can be made in the admin user interface at https://$(minikube ip)/admin/runners/new

Certificate is created by default with the helm deployment name, otherwise download and create a secret or find whats the secret name in k8s

gitlabUrl: https://gitlab.192.168.49.2.nip.io
runnerRegistrationToken: "glrt-t1_P1oviNSAj83aiiKXr4UQ"
rbac:
    create: true
runners:
    privileged: true
certsSecretName: gitlab-wildcard-tls-chain

Deploy gitlab runner helm

helm install -f values.yml gitlab-runner gitlab/gitlab-runner

Create a file.gitlab-ci.yml in a new project to verify CI jobs

stages:
  - build

image-build:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:v1.23.2-debug
    entrypoint: [""]
  script:
    - |
      cat <<EOF > Dockerfile
      FROM alpine:latest
      RUN echo "Hello World from CI"
      EOF
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT}"
      --no-push
PreviousIndexNextGerrit review minikube

Last updated 4 months ago

Was this helpful?