CI/CD Tunnel

The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster. In the current iteration, only CI/CD jobs in the Configuration project are able to access one of the configured agents. GitLab Runner does not have to be running in the same cluster.

Prerequisistes:

• A running kas instance.
• A Configuration repository with an Agent config file installed (.gitlab/agents/<agent-name>/config.yaml).
• An Agent record.
• The agent is installed in the cluster.

To create the Tunnel:

1. In your .gitlab-ci.yml add a section that creates a kubectl compatible configuration file and use it in one or more jobs:

   variables:
     AGENT_ID: 4 # agent id that you got when you created the agent record
   
   .kubectl_config: &kubectl_config
     - |
       cat << EOF > "$HOME/agent_config.yaml"
       apiVersion: v1
       kind: Config
       clusters:
       - cluster:
         server: https://kas.gitlab.com/k8s-proxy
         name: agent
       users:
       - name: agent
         user:
         token: "ci:$AGENT_ID:$CI_JOB_TOKEN"
       contexts:
       - context:
         cluster: agent
         user: agent
         name: agent
       current-context: agent
       EOF
     - export KUBECONFIG="$KUBECONFIG:$HOME/agent_config.yaml"
   
   deploy:
     script:
     - *kubectl_config
     - kubectl get pods
   

2. Execute kubectl commands directly against your cluster with this CI/CD job you just created.

We are working to automate the first step to simplify the process.