This helm repo integrate gitlab auth to rancher and gitlab group/users (AutoDevOps) with rancher projects/users (Kubernetes)
Thanks for sandstorm
-
deploy helm with values
env: GITLAB_URL=https://gitlab.company.com RANCHER_URL=https://rancher.company.com GITLAB_HOOK_TOKEN: "" secret token for gitlab system hook RANCHER_CLUSTER_ID: c-m-xxxxxxxx # cluster id for integration gitlab groups and subgroups CATTLE_ACCESS_KEY: "" # access key for cluster from rancher CATTLE_SECRET_KEY: "" # secret key for cluster from rancher ingress: annotations: cert-manager.io/issuer: rancher kubernetes.io/tls-acme: 'true' enabled: true hosts: - host: gitlab-rancher-integration.company.com tls: - hosts: - gitlab-rancher-integration.company.com secretName: tls-gitlab-rancher-integration -
create gitlab admin application https://gitlab.company.com/admin/applications
name: Rancher
Redirect URI: https://rancher.company.com/verify-auth
Scopes: read_api
- Go to Rancher Authentication Provider choose Github
- select Github enterprise: https://gitlab-rancher-integration.company.com
- paste Client ID and Client Secret from step 2
- Go to giltab system hooks and create hook to
gitlab-rancher-integration.company.com/create-rancher-project-for-gitlab-group - Install jspolicy from https://charts.loft.sh to k8s from
RANCHER_CLUSTER_IDwith env
GITLAB_HOOK_TOKEN - secret token for gitlab system hook
GITLAB_RANCHER_INTEGRATION - http url gitlab rancher sever auth
GITLAB_HOST gitab host url
GITLAB_TOKEN gitlab token (read all groups)
- Install crd JsPolicy from ./jspolicy (you can do it with fleet)
Groups not show in new UI (rancher v2.6.5) use https://rancher.company.com/g to work with "Projects access" and "Assign Global Roles To Group"