Hello Krisztian, I would actually recommend using the helm chart, rather than rolling your own. At the end of the day, the helm chart is a set of k8s deployment yamls, which have done a lot of the work for you.
To get to your questions around the LoadBalancer: 1. Are you trying to connect agents from outside the Kubernetes cluster? From within, I'd expect them to not have any trouble connecting to port 8154. 2. Assuming that's true, what you mentioned about the self-signed certificate is relevant for GoCD versions less than 19.5.0. Since 19.5.0, there is a beta feature which allows you to terminate SSL outside. It is mentioned in the release notes: https://www.gocd.org/releases/#19-5-0 - you shouldn't even need port 8154 in that case. Since you are having some trouble, we're assuming others would too. We're going to look into a setup such as the one you mention, so that we can improve the documentation, if nothing else. Please expect a reply here, with some more information. If you can provide more information about the kind of setup you have, please let us know. About your question around the initial setup: The server.persistence.subpath.godata property in the helm chart is probably going to be useful. It's usually pointed to a persistent volume, which has the setup you want. Cheers, Aravind On Fri, Jul 19, 2019 at 04:03:44 -0700, Bánhidy Krisztián wrote: > I am evaluating gocd to replace jenkins in an environment, but find some > missing points I would ask for some guidance on. > The goal would be to run gocd in a kubernetes environmnet. I know there is > helm charts but I would ask some further questions. > > - Elastic agents have problems connecting to gocd-server. According to > forums and issues I read I found out following: > - main Loadbalancer can't be used because of Reverse proxy issue > - the main service endpoint withing kubernetes doesnt work out of the > box, because gocd generates self signed certificate for its hostname: > > bash-4.4# openssl s_client -connect gocd-server.gocd:8154 > CONNECTED(00000003) > depth=0 CN = gocd-7766dcc46-jj5h9, OU = Cruise server webserver certificate > verify error:num=18:self signed certificate > verify return:1 > depth=0 CN = gocd-7766dcc46-jj5h9, OU = Cruise server webserver certificate > verify return:1 > --- > > What is the "best practice" or recommended way to handle the ssl > certificate on gocd server or agents? Should I generate a self signed > certificate for gocd-server.gocd.svc.cluster.local and inject it into the > container? > According to doc to replace the certificate I would need to run commands > during the init container to inject it? in helm chart did not find any > reference to this. > Also the agents should get the certificate injected to be able to verify > the chain? > > - There is declerative pipeline possibility from git repository. But could > not find any documentation for defining setup for gocd server itself. I > want to have a base configuration with Saml login configured (SAML plugin), > also server settings I would like to have configured when I move gocd to > new server enviroment. Even in salt formula I found no options to define > settings that should be used during creation. > How is this normally handled? > > Thank you > Krisztian > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/2efd56e1-ab45-4181-af4d-6caac070abed%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/20190730213708.g5kfkard4zhlo5a3%40arvindsv.com.
