Hi Krisztian, I'm successfully implement GOCD in K8s but not using their Helm chart as he is not friendly when GOCD needs to be upgraded to new version. From my experience its best to write your own yml files and deploy it in K8s. Use env variables to add 2 plugins for docker and elastic agents. Manually configure elastic profile and add persistent storage. Also some best practice was to edit agents pod templates to include ssh keys.
On this way all is working without errors, all upgrades went fine. Using it more that 1 year without issues in k8s. As advice install GOCD with Helm chart and then see configuration he created there for elastic profiles, then use what you can in generated yaml's. Regards петак, 19. јул 2019. 13.03.44 UTC+2, Bánhidy Krisztián је написао/ла: > > Hello, > > I am evaluating gocd to replace jenkins in an environment, but find some > missing points I would ask for some guidance on. > The goal would be to run gocd in a kubernetes environmnet. I know there is > helm charts but I would ask some further questions. > > - Elastic agents have problems connecting to gocd-server. According to > forums and issues I read I found out following: > - main Loadbalancer can't be used because of Reverse proxy issue > - the main service endpoint withing kubernetes doesnt work out of the > box, because gocd generates self signed certificate for its hostname: > > bash-4.4# openssl s_client -connect gocd-server.gocd:8154 > CONNECTED(00000003) > depth=0 CN = gocd-7766dcc46-jj5h9, OU = Cruise server webserver certificate > verify error:num=18:self signed certificate > verify return:1 > depth=0 CN = gocd-7766dcc46-jj5h9, OU = Cruise server webserver certificate > verify return:1 > --- > > What is the "best practice" or recommended way to handle the ssl > certificate on gocd server or agents? Should I generate a self signed > certificate for gocd-server.gocd.svc.cluster.local and inject it into the > container? > According to doc to replace the certificate I would need to run commands > during the init container to inject it? in helm chart did not find any > reference to this. > Also the agents should get the certificate injected to be able to verify > the chain? > > - There is declerative pipeline possibility from git repository. But could > not find any documentation for defining setup for gocd server itself. I > want to have a base configuration with Saml login configured (SAML plugin), > also server settings I would like to have configured when I move gocd to > new server enviroment. Even in salt formula I found no options to define > settings that should be used during creation. > How is this normally handled? > > Thank you > Krisztian > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/3097142c-04da-4c0e-a1b7-8092383efcb3%40googlegroups.com.
