Using the GitLab CI/CD Pipelines Integrated Workflow To Build, Test, Deploy, and Monitor Your Code with Container Engine for Kubernetes and Registry

September 21, 2021 | 8 minute read
Gilson Melo
Director of Product Management
Text Size 100%:

Oracle Kubenertes Engine for Gitlab continuous integration pipelines

Oracle’s public cloud embraces open source technologies and the communities that support them. With the strong shift to cloud native technologies and DevOps methodologies, we’ve heard from many organizations that they want a high-performance, high-reliability cloud that avoids cloud lock-in and allows them to run what they want, whether or not it's built by the cloud provider. Running GitLab on Oracle Cloud Infrastructure gives customers a choice in their DevOps platform as one application for the entire DevOps lifecycle.

GitLab CI/CD and Oracle Cloud

GitLab is a complete open source DevOps platform, delivered as a single application. It fundamentally changes the way Dev, Security, and Ops teams collaborate and build software. When you combine the GitLab CI/CD Pipelines Auto DevOps features with Oracle Cloud Infrastructure Container Engine for Kubernetes, you have a reliable and scalable integrated workflow platform to build, test, deploy, and monitor your code in the cloud.

Container Engine for Kubernetes is a service that helps you deploy, manage, and scale Kubernetes clusters in the cloud. With it, organizations can build dynamic containerized applications by incorporating Kubernetes with services running on their Oracle Cloud Infrastructure.

CI/CD Workflow

Continuous integration (CI) integrates your team’s code in a shared repository. Developers use a pull request to share new code, and the request triggers a pipeline to build, test, and validate the code before it’s merged in the repository. CI helps you catch errors early in the development cycle, reduces integration issues, and avoid compounding problems.

Continuous delivery (CD) ensures that CI-validated code is delivered to your application through a structured deployment pipeline. CD ensures that every change is releasable, lowers the risk for each release, delivers more value frequently, and enables you to get faster and more frequent feedback from customers.

Together, CI and CD enable your team to build quickly and effectively, and they are critical for ensuring an optimized development practice.

Getting Started

First, let’s explore the components needed to build and deploy GitLab CI/CD services in Container Engine for Kubernetes. To install GitLab on Container Engine for Kubernetes, you must have a desktop (cloud VM or on premises) with the Oracle Cloud Infrastructure (oci) and kubectl command lines installed and configured.

Then, the following components are required before proceeding:

  • Kubernetes version 1.14.8 or later
  • Helm/Tiller version 2.14 or later
  • Subnet CIDR and ports for Kubernetes pods and worker nodes open in the local virtual cloud network (VCN) security list

Deployment Process

To deploy GitLab on Oracle Contain Engine for Kubernetes, review the Deployment Guide and follow these steps.

  1. Run the following commands. Change to your own DNS. If you want Helm to install the GitLab resources in a different namespace, add --namespace NEW_NAME_SPACE after the --install option.

    helm repo add gitlab
    helm repo update
    helm upgrade --install gitlab gitlab/gitlab \
      --timeout 600s \
      --set \
      --set global.hosts.https=true \
      --set \ 
  2. After the provisioning process is done, run the following command to identify the external IP address assigned to GitLab:

    kubectl get services gitlab-nginx-ingress-controller
  3. Point the DNS entry from step 1 (for example, to GitLab. Use your own DNS zone management service to update the DNS record entry. Otherwise, you will get a "default backend - 404" error message in step 5. If you get the 404 error message, fix the DNS entry and re-create the gitlab-runner pod.

  4. After the DNS zone record has been created, use the following command to get the base64 root password, which you need to connect in the dashboard.

    kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo "
  5. Wait for all the pods to be up and running before proceeding. The following screenshot shows a list of the pods that will be installed through Helm.

    Screenshot of command line showing a list of pods and their statuses.

  6. Open a browser, type the DNS address, and then use the root username with the base64 password.

    Screenshot showing the GitLab signin screen.

  7. Add your existing Container Engine for Kubernetes cluster information in GitLab. Select Kubernetes in the Admin Area menu, click Add Kubernetes cluster, click the Add existing cluster tab, and enter the following information:

    • Name: Your cluster’s name, available in the ~/.kube/config file.

    • Environment scope: Enter * .

    • API URL: Get the API URL by running this command:

      kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
    • CA Certificate: Run kubectl get secrets. One of the secrets listed should be named similar to default-token-xxxxx. Copy that token name and use it in the following command. Get the certificate by running this command:

      kubectl get secret <secret name> -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
    • Token: GitLab authenticates against Kubernetes by using service tokens, which are scoped to a particular namespace. The token used should belong to a service account with cluster-admin privileges. Follow these steps to create this service account:

      1. Create a file called gitlab-admin-service-account.yaml with the following contents:

        apiVersion: v1
        kind: ServiceAccount
          name: gitlab-admin
          namespace: kube-system
        kind: ClusterRoleBinding
          name: gitlab-admin
          kind: ClusterRole
          name: cluster-admin
        - kind: ServiceAccount
          name: gitlab-admin
          namespace: kube-system
      2. Run the following command to apply the service account and cluster role binding to your cluster:

        kubectl apply -f gitlab-admin-service-account.yaml


        serviceaccount "gitlab-admin" created
        clusterrolebinding "gitlab-admin" created
      3. Retrieve the token for the gitlab-admin service account:

        kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')
  8. Click Add Kubernetes Cluster. An instance cluster is added.

  9. In the Instance Cluster, install the following components:

    • Helm Tiller
    • Ingress
    • Cert-Manager
    • Prometheus
    • GitLab Runner

    After you install Ingress, a new public Oracle Cloud Infrastructure load balancer is provisioned.

  10. Change the base domain to the load balancer public IP address as suggested in the UI (for example,, and then click Save Changes. Additional details are available in the GitLab documentation.

That's it! The GitLab CI/CD Pipelines installation and integration with Container Engine for Kubernetes is done. Now, it's time to test your GitLab CI/CD workflow.

Using GitLab CI/CD Pipelines with Oracle Cloud Infrastructure Registry

This example demonstrates how to use the GitLab CI/CD workflow to pull an image from a private Oracle Cloud Infrastructure Registry repo, rebuild it, and push it back into the Registry using a new build name.

  1. If you have a private image available in your Registry repo, skip to the next step. If you don’t have a private image available, build a Docker image, upload it to a private Registry repo, and create a Kubernetes secret (use your Registry username and password for the secret info). The following tutorials explain these steps.

  2. Add the following variables to GitLab. Navigate to Settings > CI/CD, expand Variables, and add the following variable keys and values:

    • OKE_REGISTRY: Your Registry region endpoint (for example,
    • OKE_REGISTRY_IMAGE: Your Registry image (for example,
    • OKE_REGISTRY_NEW_IMAGE: Your new Registry image build version that will be pushed into Registry after the build process (for example,
    • OKE_REGISTRY_PASSWORD: Your Oracle Cloud Infrastructure auth token. For more information, see the documentation.
    • OKE_REGISTRY_USER: Oracle_Cloud_Infrastructure_tenancy_name/usernam
  3. Create an internal blank project (for example, gitlab-docker-ocir-oke).

  4. Create two new files, Dockerfile and .gitla-ci.yml. These are just basic examples to get GitLab working with Container Engine for Kubernetes and Registry. Modify them to match your requirements.

    • .gitlab-ci.yml

        # Official docker image.
        image: docker:latest
        stage: build
          - name: docker:19.03.0-dind
            entrypoint: ["env", "-u", "DOCKER_HOST"]
            command: [""]
          #CI_DEBUG_TRACE: "true"
          DOCKER_HOST: tcp://localhost:2375/
          DOCKER_DRIVER: overlay2
          DOCKER_TLS_CERTDIR: ""
          - docker login -u "$OKE_REGISTRY_USER" -p "$OKE_REGISTRY_PASSWORD" $OKE_REGISTRY
          - docker info 
          - docker build  --pull -t "$OKE_REGISTRY_IMAGE" .
          - docker tag "$OKE_REGISTRY_IMAGE" "$OKE_REGISTRY_NEW_IMAGE"
          - docker push "$OKE_REGISTRY_NEW_IMAGE"
          - master
        # Official docker image.
        image: docker:latest
        stage: build
          - docker:19.03.0-dind
          - docker login -u "$OKE_REGISTRY_USER" -p "$OKE_REGISTRY_PASSWORD" $OKE_REGISTRY
          - docker info
          - docker build  --pull -t "$OKE_REGISTRY_IMAGE" .
          - docker tag "$OKE_REGISTRY_IMAGE" "$OKE_REGISTRY_NEW_IMAGE"
          - docker push "$OKE_REGISTRY_NEW_IMAGE"
          - master
    • Dockerfile

      FROM nginx
         VOLUME /usr/share/nginx/html

    After these files have been created and saved, GitLab Auto DevOps triggers Pipelines. Then, it pulls your Registry image, builds a new one, tags it using the $OKE_REGISTRY_NEW_IMAGE name, and pushes it into Registry.

  5. Refresh the Registry dashboard, and a new image appears.

    Screenshot of GitLab showing the pipeline.

    Screenshot of GitLab showing the new image.

Your setup and tests are done! GitLab CI/CD Pipelines has been deployed and integrated with Container Engine for Kubernetes and Registry.


Combining Container Engine for Kubernetes with the GitLab CI/CD integrated workflow capabilities gives you a robust and scalable DevOps platform that’s production ready. For more information, see the Container Engine for Kubernetes documentation and the Gitlab website. If you want to experience Gitlab on Container Engine for Kubernetes for yourself, sign up for an Oracle Cloud Infrastructure account and start testing today!

Gilson Melo

Director of Product Management

Previous Post

A simple guide to deploying MySQL Router with MySQL Database service in OCI

Sam Eu | 2 min read

Next Post

High availability for ActiveMQ with MySQL and Kubernetes on OCI

James Hartman | 9 min read