How to configure a staging namespace for all GitLab repos to use?

9/8/2019

On group level I have a Kubernetes Cluster configured in GitLab, and I wish to be able to configure a dedicated namespace for staging to use for all my repos, in order to communicate between microservices easily.

In my .gitlab-ci.yml file:

staging:
  stage: staging
  variables:
    APP_NAME: staging-website-frontend
    APP_LABEL: staging
    DEPLOY_HOST: lanorr.eu
  environment:
    name: staging
    url: http://lanorr.eu/
  image: roffe/kubectl:v1.13.0
  script:
    - kubectl delete --ignore-not-found=true secret gitlab-auth
    - kubectl create secret docker-registry gitlab-auth --docker-server=$CI_REGISTRY --docker-username=$KUBE_PULL_USER --docker-password=$KUBE_PULL_PASS
    - cat k8s/deployment.yml | envsubst | kubectl apply -f -
  only:
    - master

I have tried to add - export KUBE_NAMESPACE=staging to the script section, but that didn't work out as expected.

and my k8s/deployment.yml file:

kind: Service
apiVersion: v1
metadata:
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "5000"
  name: ${APP_NAME}
spec:
  selector:
    app: ${APP_LABEL}
  type: NodePort
  ports:
    - protocol: TCP
      port: 80
      targetPort: 5000
---
kind: Deployment
apiVersion: apps/v1beta1
metadata:
  name: ${APP_NAME}
  labels:
    app: ${APP_LABEL}
spec:
  replicas: 3
  selector:
    matchLabels:
      app: ${APP_LABEL}
  template:
    metadata:
      labels:
        app: ${APP_LABEL}
    spec:
      imagePullSecrets:
        - name: gitlab-auth
      containers:
        - name: ${APP_NAME}
          image: "${DOCKER_IMAGE_TAG}"
          ports:
            - containerPort: 5000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ${APP_NAME}-ingress
spec:
  rules:
    - host: ${DEPLOY_HOST}
      http:
        paths:
          - backend:
              serviceName: ${APP_NAME}
              servicePort: 80

Here I have also tried to add namespace manually and through a ENV_VARIABLE, but without luck.. I keep getting the same error, that the ServiceAccount for the GitLab Repo, doesn't have permission to find services and deployments in this namespace.

The ERROR:

Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"

...

from server for: "STDIN": ingresses.extensions "review-ci-testing-updqhr-la-danesa-web-ingress" is forbidden: User "system:serviceaccount:la-danesa-website-5:la-danesa-website-5-service-account" cannot get resource "ingresses" in API group "extensions" in the namespace "review-ci-testing"

It is a self-hosted gitlab server and a self-hosted and self-managed kubernetes cluster. Everything is working fine except when I attempt to use a custom namespace for my staging deployment.

Do any of you have suggestions how to go about this?

Update 09-09-2019

I just updated to 12.2 and I noticed that I could add ENVIRONMENT SCOPED variables, though adding KUBE_NAMESPACE = 'staging' for environment staging doesn’t seem to work. Now GitLab has a feature to automatically create environment specific namespaces, but I can’t find a way to customise this myself, despite this documentation saying that it should be possible to overwrite: https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables

I have also removed the cluster and recreated it in GitLab after I made the update to 12.2, so everything is available as per change log, but I still can’t figure out how to create a dedicated staging namespace for all my staging microservices.

-- Dimser
docker
git
gitlab
kubernetes

0 Answers