2

I am trying to deploy an image from a private gitlab registry to a self-hosted kubernets cluster that is connected and managed by gitlab. As far as I understood it, I need a ImagePullSecret created and referenced in my Deployment-Config for this to work. Gitlab is creating a namespace per project so I am trying to create a secret at the start of my CI-Job. Strangely I always get the error, that an argument is missing, despite all of the required arguments being present. What am I doing wrong?

Here is the CI-Job out of my gitlab-ci.yml

deploy-app:
  stage: deploy
  image:
    name: bitnami/kubectl:latest
    entrypoint: [""]
  script:
    - kubectl create secret docker-registry gitlab-registry --docker-username=$CI_DEPLOY_USER --docker-password=$CI_DEPLOY_PASSWORD --docker-server=$CI_REGISTRY --dry-run=client -o yaml | kubectl apply -f -
    - kubectl apply -f k8s/configmap.yaml
    - kubectl apply -f k8s/deployment.yaml
    - kubectl apply -f k8s/service.yaml
    - kubectl apply -f k8s/ingress.yaml
  environment:
    name: production
    url: <my-url>
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

The CI-Job always runs into the following error:

error: either --from-file or the combination of --docker-username, --docker-password and --docker-server is required

I tried to run the command directly on the server without an error, so this has something to do with this specific environment. Has someone an idea for another approach? I am a bit lost right now.

HOERNSCHEN
  • 730
  • 1
  • 8
  • 19
  • you can try below command, will create if not exist. create variable for `(kubectl get secret gitlab-com --namespace=${NAMESPACE} || kubectl --namespace=${NAMESPACE} create secret docker-registry gitlab-com --docker-server=$CI_REGISTRY --docker-username=$GITLAB_USER_DOCKERCFG --docker-password=$GITLAB_PASSWORD_DOCKERCFG --docker-email=DOCKER_EMAIL` – Adiii Nov 01 '21 at 02:10
  • 2
    @Adiii Can you explain why that would fix my error? – HOERNSCHEN Nov 01 '21 at 09:28
  • Does it works the provided solution? – aironman Nov 02 '21 at 11:21
  • 1
    @aironman No the error stays the same – HOERNSCHEN Nov 09 '21 at 17:17
  • 1
    So I decided to go for a workaround that i found here: https://stackoverflow.com/questions/63639218/how-to-pull-from-private-projects-image-registry-using-gitlab-managed-kubernete. I created a deploy token and logged into the registry using the docker-command on the server (So I have to do this once per node). In my case I had to edit the kubernetes service (I use k3s). There I add "User=root" and "HOME=/root" to the service-File in /etc/systemd/system. Else kubernetes was not using the right docker-config and the Pod was failing to load the image. – HOERNSCHEN Nov 10 '21 at 08:12

2 Answers2

2

Had the same issue. Fixed by using proper CI variable names: $CI_REGISTRY_USER and $CI_REGISTRY_PASSWORD.

Looks like $CI_DEPLOY_USER and $CI_DEPLOY_PASSWORD variables from GitLab documentation are just an example, and are not actually defined.

Check actual variable names here: https://docs.gitlab.com/ee/ci/variables/

macrokernel
  • 21
  • 4
0

In order for CI_DEPLOY_USER and CI_DEPLOY_PASSWORD to be exposed in the pipeline jobs a Deploy Token named gitlab-deploy-token have to be created according to GitLab Docs.

Joaquín L. Robles
  • 6,261
  • 10
  • 66
  • 96