How to add an Azure AKS Kubernetes Cluster self-signed CA to GitLab CI/CD Kubernetes integration?

lmcarreiro

I'm trying to add my Azure AKS Kubernetes cluster to my GitLab CI/CD Kubernetes integration.

I can execute kubectl commands on the cluster from my pc, after I ran this command:

az aks get-credentials --resource-group <resource-group-name> --name <kubernetes-cluster-name>

It created a .kube/config file with a content like this:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <some long base64 string here>
    server: https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443
  name: <kubernetes-cluster-name>
contexts:
- context:
    cluster: <kubernetes-cluster-name>
    user: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
  name: <kubernetes-cluster-name>
current-context: <kubernetes-cluster-name>
kind: Config
preferences: {}
users:
- name: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
  user:
    client-certificate-data: <some long base64 string here>
    client-key-data: <some long base64 string here>
    token: <some secret string of hexadecimal chars here>

In GitLab form, I have to input these fields:

  1. Kubernetes cluster name
  2. API URL
  3. CA Certificate - Certificate Authority bundle (PEM format)
  4. Token
  5. Project namespace (optional, unique)

I tried these values:

  1. I put my <kubernetes-cluster-name> to match the name of the cluster on azure and the cluster name on the .kube/config file.
  2. I put the url https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443 copied from the .kube/config file.
  3. I tried first the certificate-authority-data from the .kube/config file, but didn't work and I already tried all three base64 strings from the .kube/config file, none worked.
  4. I put the token from the .kube/config file.
  5. Leave this empty, as it is optional.

In GitLab, When I try to hit the button Install to install the Helm Tiller, I got this error:

Something went wrong while installing Helm Tiller
Can't start installation process. nested asn1 error

And sometimes I get this error instead:

Kubernetes error: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I'm trying to make this to work since yesterday, had google it a lot and doesn't find anything.

I think the problem is with this 3rd field, the CA Certificate, maybe there are some other way to get this content from the command line az or kubectl.

Are there someone here that already got this Kubernetes integration from GitLab to Azure AKS working?

lmcarreiro

I found out later that the base64 string in the certificate-authority-data of the .kube/config file that I was coping its content into the CA Certificate field of GitLab "Add Kubernetes cluster" form, it is the PEM format, but base64 encoded.

The PEM format already is a base64 encoded representation of the certificate bits, but it has some line breaks in the middle. This whole content is base64 encoded again before it goes to the .kube/config so it is turned into a big base64 single-line string.

I just had to base64 decode this big single-line string (I used the javascript atob("....") in the Chrome's Console window), what gave me something like this:

-----BEGIN CERTIFICATE-----
MIIEyDCCArCgAwIBAgIRAOL3N8oMIwWIxcFTZhTkfgMwDQYJKoZIhvcNAQELBQAw
...
...
...
5gP7yoL1peZ+AWjCgcUVZYiItqrBLpWYDgY9g8btYDUIiWlqkmC0+kBaPfwCtckx
cUp3vlwRITrv0mzrxiQjTLTUpEy7EcD+U6IecA==
-----END CERTIFICATE-----

Then I just copied this content into the GitLab "CA Certificate" field and it worked.

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集
0

コメントを追加

0

関連記事

分類Dev

How to create a user in a Kubernetes cluster?

分類Dev

How to Integrate GitLab-Ci w/ Azure Kubernetes + Kubectl + ACR for Deployments?

分類Dev

How to use kubeadm to create kubernetes cluster?

分類Dev

how to configure already running cluster in kubernetes

分類Dev

How to remove GPU in Google Kubernetes cluster (GKE)

分類Dev

How to deploy to a (local) Kubernetes cluster using Jenkins

分類Dev

How to find available resources in a Kubernetes Cluster level?

分類Dev

Azure AKS KubernetesClusterの自己署名CAをGitLabCI / CD Kubernetes統合に追加するにはどうすればよいですか?

分類Dev

Configure kubectl command to access remote kubernetes cluster on azure

分類Dev

Configure kubectl command to access remote kubernetes cluster on azure

分類Dev

Configure kubectl command to access remote kubernetes cluster on azure

分類Dev

Reset Kubernetes cluster

分類Dev

Azure Kubernetes Service(AKS)でのDaskKubernetesのビッグデータの操作

分類Dev

Azure Kubernetes Error when running "az aks get-credentials" command

分類Dev

How to ADD self-signed certificates to default certificates in HttpsURLConnection

分類Dev

How to do scala heap dump in Kubernetes in Azure

分類Dev

How to Add Internal DNS Records in Kubernetes

分類Dev

How to create a GCP Kubernetes Engine cluster spanning two regions?

分類Dev

How to enable Client Certificate in Google Kubernetes Engine Cluster

分類Dev

Kubernetes Cluster Context with Multiple Namespaces

分類Dev

Azure Kubernetes(AKS)はパブリックIPをリリースしません

分類Dev

Enable HTTPS self signed cert for GitLab Community Edition for Ominbus installer

分類Dev

How to add resource and limits on Kubernetes Engine on Google Cloud Platform

分類Dev

Pip installing a package inside of a Kubernetes cluster

分類Dev

Kubernetes cluster autoscaler does not seem to work on GKE?

分類Dev

What is the recommended architecture for scheduled jobs in Kubernetes cluster?

分類Dev

Kubernetes on single Windows Server Core node cluster

分類Dev

Upgrade Kubernetes Cluster using Terraform's provisioner

分類Dev

Kubernetes cluster does not run after reboot

Related 関連記事

  1. 1

    How to create a user in a Kubernetes cluster?

  2. 2

    How to Integrate GitLab-Ci w/ Azure Kubernetes + Kubectl + ACR for Deployments?

  3. 3

    How to use kubeadm to create kubernetes cluster?

  4. 4

    how to configure already running cluster in kubernetes

  5. 5

    How to remove GPU in Google Kubernetes cluster (GKE)

  6. 6

    How to deploy to a (local) Kubernetes cluster using Jenkins

  7. 7

    How to find available resources in a Kubernetes Cluster level?

  8. 8

    Azure AKS KubernetesClusterの自己署名CAをGitLabCI / CD Kubernetes統合に追加するにはどうすればよいですか?

  9. 9

    Configure kubectl command to access remote kubernetes cluster on azure

  10. 10

    Configure kubectl command to access remote kubernetes cluster on azure

  11. 11

    Configure kubectl command to access remote kubernetes cluster on azure

  12. 12

    Reset Kubernetes cluster

  13. 13

    Azure Kubernetes Service(AKS)でのDaskKubernetesのビッグデータの操作

  14. 14

    Azure Kubernetes Error when running "az aks get-credentials" command

  15. 15

    How to ADD self-signed certificates to default certificates in HttpsURLConnection

  16. 16

    How to do scala heap dump in Kubernetes in Azure

  17. 17

    How to Add Internal DNS Records in Kubernetes

  18. 18

    How to create a GCP Kubernetes Engine cluster spanning two regions?

  19. 19

    How to enable Client Certificate in Google Kubernetes Engine Cluster

  20. 20

    Kubernetes Cluster Context with Multiple Namespaces

  21. 21

    Azure Kubernetes(AKS)はパブリックIPをリリースしません

  22. 22

    Enable HTTPS self signed cert for GitLab Community Edition for Ominbus installer

  23. 23

    How to add resource and limits on Kubernetes Engine on Google Cloud Platform

  24. 24

    Pip installing a package inside of a Kubernetes cluster

  25. 25

    Kubernetes cluster autoscaler does not seem to work on GKE?

  26. 26

    What is the recommended architecture for scheduled jobs in Kubernetes cluster?

  27. 27

    Kubernetes on single Windows Server Core node cluster

  28. 28

    Upgrade Kubernetes Cluster using Terraform's provisioner

  29. 29

    Kubernetes cluster does not run after reboot

ホットタグ

アーカイブ