how to kubectl port-forward GitLab webservice?

4/14/2021

I have deploy helm upgrade --install gitlab gitlab/gitlab --timeout 600s -f gitlab.yaml

gitlab.yaml is here, ip is minikube ip.

# values-minikube.yaml
# This example intended as baseline to use Minikube for the deployment of GitLab
# - Services that are not compatible with how Minikube runs are disabled
# - Configured to use 192.168.99.100, and nip.io for the domain

# Minimal settings
global:
  ingress:
    configureCertmanager: false
    class: "nginx"
  hosts:
    domain: "${ip}.nip.io"
    externalIP: "${ip}"
  rails:
    bootsnap:
      enabled: false
  shell:
    # Configure the clone link in the UI to include the high-numbered NodePort
    # value from below (gitlab.gitlab-shell.service.nodePort)
    port: 32022
  psql:
    host: ${POSTGRES_K8S_SERVICE}
    database: postgres
    username: postgres
    password:
      secret: ${POSTGRES_K8S_SERVICE}
      key: postgresql-password
# Don't use certmanager, we'll self-sign
certmanager:
  install: false
# Use the "ingress" addon, not our Ingress (can't map 22/80/443)
nginx-ingress:
  enabled: false
# Save resources, only 3 CPU
prometheus:
  install: false
gitlab-runner:
  install: false
# Reduce replica counts, reducing CPU & memory requirements
gitlab:
  webservice:
    minReplicas: 1
    maxReplicas: 1
  sidekiq:
    minReplicas: 1
    maxReplicas: 1
  gitlab-shell:
    minReplicas: 1
    maxReplicas: 1
    # Map gitlab-shell to a high-numbered NodePort to support cloning over SSH since
    # Minikube takes port 22.
    service:
      type: NodePort
      nodePort: 32022
registry:
  hpa:
    minReplicas: 1
    maxReplicas: 1

After deploying, it will generate several ingresses, but we cannot access them by using external machine. enter image description here

So I try to forward them by

kubectl port-forward --namespace default svc/gitlab-webservice-default 9000:8080 --address 0.0.0.0
kubectl port-forward --namespace default svc/gitlab-webservice-default 9001:8081 --address 0.0.0.0

8080 are from ingress/gitlab-webservice-default. 9001 cannot be access, It means I cannot access https

  rules:
    - host: gitlab.192.168.49.2.nip.io
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              serviceName: gitlab-webservice-default
              servicePort: 8181
          - path: /admin/sidekiq
            pathType: ImplementationSpecific
            backend:
              serviceName: gitlab-webservice-default
              servicePort: 8080

But it seems not work when I try to login.

422

The change you requested was rejected. Make sure you have access to the thing you tried to change.

Please contact your GitLab administrator if you think this is a mistake.

enter image description here

-- kyakya
gitlab
kubernetes
kubernetes-helm

1 Answer

7/14/2021

This issue is poorly documented via gitlab itself and the below 'answer' is for any googlers (hint, it's not really an answer):

The gitlab minikube setup spins up it's own ingress controllers that are bypassed, which is where TLS would normally be terminated. The '422' error is legitimate because localhost:8080 does not provide a valid authenticity token to be processed by the host gitlab.192.168.49.2.nip.io

You can confirm this by tailing the logs of the webserver container (it outputs all logging to stdout).

So you can either disable to CSRF token check in the omniauth.rb file inside config/initializers and restart the rails instance, or move away from minikube (we used KinD to get this working) since ingress appeared to be broken with the gitlab setup.

-- benjessop
Source: StackOverflow