Getting Started with GoCD on Kubernetes
Step 1: Setup your Kubernetes cluster
Before you can get started with GoCD on Kubernetes, make sure that you have taken a look at the list below.
1. Install kubectl
The Kubernetes CLI
kubectl is used for cluster management purposes. The Kubernetes install documentation provides various ways of installing kubectl for different platforms.
2. Setup a Kubernetes Cluster
Before installing GoCD, you need to setup a Kubernetes cluster. Some of the popular options are:
Option 1: Minikube (setup guide)
Once minikube is installed, start minikube with the
kubeadm bootstrapper. The
kubeadm toolkit helps to easily bootstrap a cluster so that appropriate privileges are granted for performing read-write operations on Kubernetes authentication and authorization (RBAC) resources.
minikube start --vm-driver=virtualbox --bootstrapper=kubeadm --memory 4096
Tip: You can enable Ingress on minikube with this command
minikube addons enable ingress
Option 2: Google Kubernetes Engine or GKE (setup guide)
Tip: Once the cluster is running, execute the following command to see if kubectl is using right context.
kubectl config current-context
Option 3: Amazon Elastic Kubernetes Service (EKS) (Getting Started)
Tip: eksctl is a useful CLI for setting up Kubernetes clusters on Amazon EKS
3. Install and configure Helm - The Kubernetes package manager
Helm is a package manager for Kubernetes. Kubernetes packages are called charts. Charts are curated applications for Kubernetes.
Helm has two parts to it, the
helm client and a server called
Install the Helm client
The helm client is a CLI that let’s you install and update packaged applications on Kubernetes. Helm’s installation documentation details various ways to install the Helm client.
Install the Helm server (Tiller) with RBAC
With Helm, it is a good practice to grant a role to a Tiller specific service account, to control the scope under which your application is deployed. You can refer the Kubernetes RBAC documentation for more on Kubernetes service accounts and RBAC.
To create a service account for Tiller with the rather permissive cluster-admin role, create a file called
rbac-config.yaml with this content:
apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system
cluster-admin role is available by default in a Kubernetes cluster, you don’t have to create it.
kubectl create -f rbac-config.yaml
Now that we have the Helm service account created and assigned to a role, let’s deploy Tiller with this service account.
helm init --service-account tiller
Refer the Helm RBAC guide for more secure and advanced RBAC configurations.