Browse --- Chat --- Wekan

Skip to content
GitLab
Closed
Issue created by kc@kcOwner

Certificate-based Kubernetes integration deprecation

As of recently, it's been officially documented Kubernetes cert-based integration with GitLab will be deprecated.
https://docs.gitlab.com/ee/user/infrastructure/clusters/#deprecated-features

They will not drop support for it, but will be in maintenance mode according to the epic on the matter. And (slightly vague) do plan to support future kubernetes versions. Unclear if this means cert-based until 15.0 or not.

Also nothing should seriously change before 15.0, but getting a head start on the transition is important.

Luckily we did not deeply integrate GitLab and Kubernetes too much (because of these exact scenarios, namely things like their Serverless attempt).

The recommended route will be using the Gitlab Kubernetes Agent.
Overview
Installation

As the CI tunnel is only being introduced to Core in 14.5, (closed a week ago) we have a few weeks before we can even attempt migrating.

I also have to assume the Kubernetes Agent Server (KAS) will have to move to Core as well in future releases, as its the first step in setting up the agent? At the moment its a premium feature and unable to quickly find setting up an external KAS. I'm assuming their being intentionally obtuse with the naming of it to buy into it, but it appears it's just the Kubernetes API server that's run in the cluster (at least when using kubeadm) and connect to it over websockets.

According to the GitLab Kubernetes Agent repo and this architectural overview. The agentk is a component in the cluster to allow NAT holepunching for the KAS server that sits "within" GitLab. It's appearing GitLab is attempting to run some type of service using GitLab, offering the agentk as a client (like a browser) and kas is a paid feature (SaaS).

Hopefully the closer to the agent releasing to core and the deprecation of the cert based approach more details on how the internal or external kas works, becomes apparent.

Until their path is clearer and more fleshed out, this can sit for a few months.

As more work gets put into migrating to the agent, basic integration functionality needed will be listed below to ensure everything's working before fully migrating.

  • Kubernetes runners/executors working with CI/CD
  • CI/CD deploying to specific namespaces
  • Viewing Pods/Environments for applications deployed from GitLab
  • Viewing Pod logs/Using web terminal
    • They've indicated this may not be supported as users don't really use it

11/28/21 Update

KAS indeed is moved to free in 14.5 and was a documenting error that was still showing premium over free.
Related issue
Related MR

Edited by kc