01 Prerequisites

Prerequisites #

In order to get started with GitLab DevSecOps, you will need the following:

  • A GitLab account
  • A License for GitLab Ultimate
  • Google Cloud SDK
  • Kubectl
  • A Kubernetes Cluster (I am using GKE)
Note In the future I will try and create an example of setting up a local cluster and deploying GitLab to that cluster

GitLab Account #

You may already have a GitLab account, if not you can register here: https://gitlab.com/users/sign_up

GitLab Ultimate #

In order to get the most out of GitLab DevSecOps, you will require GitLab Ultimate. If you do not have GitLab Ultimate, you can sign-up for a 30-day trial license here: https://about.gitlab.com/free-trial/

Google Cloud SDK #

Before starting, you should download and install the Google Cloud SDK. It will allow us to interact with set our cluster via the command-line.

Download it from here: https://cloud.google.com/sdk/docs/quickstart

KubeCtl #

The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters. We will need it to interact with the cluster we have created via the CLI.

You can download it from here: https://kubernetes.io/docs/tasks/tools/

Kubernetes Cluster (GKE) #

In this particular tutorial, we will be using a GKE cluster. You can get $300 towards a GKE cluster when you first sign-up here: https://cloud.google.com/kubernetes-engine

Once you have access to the Google cloud console, you can create a cluster as follows:

  1. Go to the Google Cloud Console - console.cloud.google.com

  2. Click on the Menu Tab

  3. Go to the Kubernetes Engine Menu in Google Cloud Platform

  4. Click on the Create button

  5. Click on the Configure button under GKE Standard

  6. Give the cluster a name

  7. Make sure there are 3 nodes under Size in the Node Pools section

  8. In the Nodes menu, select the Series and a Machine type and then press the Create button

Note I selected the e2-micro (2 vCPU, 1GB memory) machine, since this workshop doesn’t require anything more than that.
  1. Under Networking scroll down and select HTTP load balancing if it isn’t already

  2. Press the Create Button

  3. Wait for the cluster to render

  4. Click on the rendered cluster

  5. Click on the Connect button

  1. Copy the Command-line access command. Then paste the command into your terminal

It should look something like this:

$ gcloud container clusters get-credentials fern-initech --zone us-central1-c --project fdiaz-02874dfa

Fetching cluster endpoint and auth data.
kubeconfig entry generated for fern-initech.
  1. Run a simple command to verify the cluster
$ kubectl cluster-info
Kubernetes master is running at
GLBCDefaultBackend is running at
KubeDNS is running at
Metrics-server is running at
$ kubectl get nodes
NAME                                          STATUS   ROLES    AGE   VERSION
gke-fern-initech-default-pool-c3bad177-f4vj   Ready    <none>   53d   v1.22.3-gke.1500
gke-fern-initech-default-pool-c3bad177-pb8d   Ready    <none>   53d   v1.22.3-gke.1500
gke-fern-initech-default-pool-c3bad177-vg5j   Ready    <none>   53d   v1.22.3-gke.1500

Helm #

Helm is a package manager for Kubernetes. It makes it easy for us to install applications containing several Kubernetes manifests, such as Deployments, Services, Ingress, etc. Let’s go ahead an install Helm.

  1. Download the installation file
$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
  1. Make file executable
$ chmod 700 get_helm.sh
  1. Run the installation command
$ ./get_helm.sh

Ingress-Nginx Controller #

In order to access our application from the outside world, we need to install an Ingress Controller. I am choosing Ingress-Nginx since it is supported by the Kubernetes community. Let’s go ahead and install it with helm.

  1. Run the installation command
$ helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace

Release "ingress-nginx" does not exist. Installing it now.
NAME: ingress-nginx
LAST DEPLOYED: Mon May  2 13:09:20 2022
NAMESPACE: ingress-nginx
STATUS: deployed
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'
  1. See if pods are coming up
$ kubectl get pods --namespace=ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE
ingress-nginx-controller-5849c9f946-r4l7g   1/1     Running   0          70s
Note I selected the e2-micro (2 vCPU, 1GB memory) machine, since this workshop doesn’t require anything more than that.
  1. Obtain the External-IP
kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller

NAME                       TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE     SELECTOR
ingress-nginx-controller   LoadBalancer   80:30688/TCP,443:31926/TCP   2m10s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx

The Ingress Controller will automatically create an External-IP using the Load-Balancer provided by Google. My external IP as seen here is

Congratulations! You have just met all the prerequisites and created a Kubernetes Cluster.

Go Home Next Lesson