Getting Started with GoCD on Kubernetes

Step 1: Setup your Kubernetes cluster

Before you can get started with GoCD on Kubernetes, make sure that you have taken a look at the list below.

1. Install kubectl

The Kubernetes CLI kubectl is used for cluster management purposes. The Kubernetes install documentation provides various ways of installing kubectl for different platforms.

2. Setup a Kubernetes Cluster

Before installing GoCD, you need to setup a Kubernetes cluster. Some of the popular options are:

Option 1: Minikube (setup guide)

Once minikube is installed, start minikube with the kubeadm bootstrapper. The kubeadm toolkit helps to easily bootstrap a cluster so that appropriate privileges are granted for performing read-write operations on Kubernetes authentication and authorization (RBAC) resources.

  1. minikube start --vm-driver=virtualbox --bootstrapper=kubeadm --memory 4096

Tip: You can enable Ingress on minikube with this command

  1. minikube addons enable ingress

Option 2: Google Kubernetes Engine or GKE (setup guide)

Tip: Once the cluster is running, execute the following command to see if kubectl is using right context.

  1. kubectl config current-context

Option 3: Amazon Elastic Kubernetes Service (EKS) (Getting Started)

Tip: eksctl is a useful CLI for setting up Kubernetes clusters on Amazon EKS

3. Install and configure Helm - The Kubernetes package manager

Helm is a package manager for Kubernetes. Kubernetes packages are called charts. Charts are curated applications for Kubernetes.

Install the Helm client

The helm client is a CLI that let’s you install and update packaged applications on Kubernetes. Helm’s installation documentation details various ways to install the Helm client.

Upon installation, verify Helm version

  1. $ helm version
  2. version.BuildInfo{Version:"v3.0.3", GitCommit:"ac925eb7279f4a6955df663a0128044a8a6b7593", GitTreeState:"clean", GoVersion:"go1.13.7"}

For Helm Client v2 and below:

Install the Helm server (Tiller) with RBAC

With Helm, it is a good practice to grant a role to a Tiller specific service account, to control the scope under which your application is deployed. You can refer the Kubernetes RBAC documentation for more on Kubernetes service accounts and RBAC.

To create a service account for Tiller with the rather permissive cluster-admin role, create a file called rbac-config.yaml with this content:

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: tiller
  5.   namespace: kube-system
  6. ---
  7. apiVersion: rbac.authorization.k8s.io/v1
  8. kind: ClusterRoleBinding
  9. metadata:
  10.   name: tiller
  11. roleRef:
  12.   apiGroup: rbac.authorization.k8s.io
  13.   kind: ClusterRole
  14.   name: cluster-admin
  15. subjects:
  16.   - kind: ServiceAccount
  17.     name: tiller
  18.     namespace: kube-system

Note: The cluster-admin role is available by default in a Kubernetes cluster, you don’t have to create it.

  1. kubectl create -f rbac-config.yaml

Now that we have the Helm service account created and assigned to a role, let’s deploy Tiller with this service account.

  1. helm init --service-account tiller

For Helm Client v3:

As part of Helm v3, Tiller has been removed from Helm in order to simplify the experience of using Helm. There is no need any more to have cluster admin privileges or to install Tiller in every namespace. With Tiller removed, Helm v3 now uses the settings and access defined in the local kubeconfig file.

Know more about removal of Tiller at Helm v3 Changelog.

Helm’s permissions are now evaluated using your kubeconfig file. Refer the Organizing Cluster Access Using kubeconfig Files and Helm RBAC guide for configuring more secure and advanced RBAC for your cluster.