Check if the GitLab Kubernetes Agent works with OpenShift

Let's see if the Agent support OpenShift!

TODO

  • Set up the agent inside OpenShift
  • Have deployments running
  • Collect the findings in this issue, create follow-up issues if needed

Initial investigation

  1. Followed the steps presented here to get a local OpenShift cluster up
  2. Logged in as a developer: oc login -u developer -p developer https://api.crc.testing:6443
  3. Create a new project: oc new-project agent-like
  4. Added a secret: kubectl create secret generic -n agent-like gitlab-agent-token --from-literal=token=...
  5. Installed the agent following the docs: kubectl apply -n agent-like -f ~/GitLab/gitlab-kubernetes-agent/agent-install.yaml 
Error from server (Forbidden): error when creating "/Users/nagyviktor/GitLab/gitlab-kubernetes-agent/agent-install.yaml": clusterroles.rbac.authorization.k8s.io is forbidden: User "developer" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
Name: "gitlab-agent-write-binding", Namespace: ""
from server for: "/Users/nagyviktor/GitLab/gitlab-kubernetes-agent/agent-install.yaml": clusterrolebindings.rbac.authorization.k8s.io "gitlab-agent-write-binding" is forbidden: User "developer" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when creating "/Users/nagyviktor/GitLab/gitlab-kubernetes-agent/agent-install.yaml": clusterroles.rbac.authorization.k8s.io is forbidden: User "developer" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
Name: "gitlab-agent-read-binding", Namespace: ""
from server for: "/Users/nagyviktor/GitLab/gitlab-kubernetes-agent/agent-install.yaml": clusterrolebindings.rbac.authorization.k8s.io "gitlab-agent-read-binding" is forbidden: User "developer" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
  1. Logged in as kubeadmin
  2. Installed the agent again: kubectl apply -n agent-like -f ~/GitLab/gitlab-kubernetes-agent/agent-install.yaml.

The installed agentk targets staging.gitlab.com, and users v13.7.0. The logs are attached: gitlab-agent-68777977df-sdx94-agent.log, and is supposed to use https://staging.gitlab.com/nagyv-gitlab/gitlab-kubernetes-agent

Edited by Viktor Nagy (GitLab)