{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷、活的狠高调 的问题《How to add an Azure AKS Kubernetes Cluster self-si》','https://www.manongdao.com/q-558053.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to add my Azure AKS Kubernetes cluster to my GitLab CI/CD Kubernetes integration.
I can execute kubectl commands on the cluster from my pc, after I ran this command:
az aks get-credentials --resource-group <resource-group-name> --name <kubernetes-cluster-name>
It created a .kube/config file with a content like this:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <some long base64 string here>
server: https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443
name: <kubernetes-cluster-name>
contexts:
- context:
cluster: <kubernetes-cluster-name>
user: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
name: <kubernetes-cluster-name>
current-context: <kubernetes-cluster-name>
kind: Config
preferences: {}
users:
- name: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
user:
client-certificate-data: <some long base64 string here>
client-key-data: <some long base64 string here>
token: <some secret string of hexadecimal chars here>
In GitLab form, I have to input these fields:
- Kubernetes cluster name
- API URL
- CA Certificate - Certificate Authority bundle (PEM format)
- Token
- Project namespace (optional, unique)
I tried these values:
- I put my
<kubernetes-cluster-name>to match the name of the cluster on azure and the cluster name on the.kube/configfile. - I put the url
https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443copied from the.kube/configfile. - I tried first the
certificate-authority-datafrom the.kube/configfile, but didn't work and I already tried all three base64 strings from the.kube/configfile, none worked. - I put the token from the
.kube/configfile. - Leave this empty, as it is optional.
In GitLab, When I try to hit the button Install to install the Helm Tiller, I got this error:
Something went wrong while installing Helm Tiller
Can't start installation process. nested asn1 error
And sometimes I get this error instead:
Kubernetes error: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I'm trying to make this to work since yesterday, had google it a lot and doesn't find anything.
I think the problem is with this 3rd field, the CA Certificate, maybe there are some other way to get this content from the command line az or kubectl.
Are there someone here that already got this Kubernetes integration from GitLab to Azure AKS working?
I found out later that the base64 string in the
certificate-authority-dataof the.kube/configfile that I was coping its content into theCA Certificatefield of GitLab "Add Kubernetes cluster" form, it is the PEM format, but base64 encoded.The PEM format already is a base64 encoded representation of the certificate bits, but it has some line breaks in the middle. This whole content is base64 encoded again before it goes to the
.kube/configso it is turned into a big base64 single-line string.I just had to base64 decode this big single-line string (I used the javascript
atob("....")in the Chrome's Console window), what gave me something like this:Then I just copied this content into the GitLab "CA Certificate" field and it worked.