DEV Community

giveitatry
giveitatry

Posted on

Complete Guide: Install GitLab with SSL, Docker Runners, Kubernetes Deployment, and CI/CD Pipelines

This guide covers the full process of setting up a self-hosted GitLab instance with SSL certificates, Docker runners for CI/CD, Kubernetes integration via GitLab Agent, and automating Docker image builds and deployments through the pipeline.

1. Installing GitLab on Ubuntu with SSL

Prerequisites

  • Ubuntu 20.04 LTS VPS
  • Domain pointing to your VPS (e.g., gitlab.example.com)
  • Minimum: 4 CPUs, 4GB RAM

Step 1: Update the System

sudo apt update && sudo apt upgrade -y
Enter fullscreen mode Exit fullscreen mode

Step 2: Install Dependencies

sudo apt install curl ca-certificates apt-transport-https gnupg2 -y
Enter fullscreen mode Exit fullscreen mode

Step 3: Add GitLab Repository

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt update
Enter fullscreen mode Exit fullscreen mode

Step 4: Install GitLab

sudo apt install gitlab-ce -y
Enter fullscreen mode Exit fullscreen mode

Step 5: Configure SSL and Domain

Edit GitLab config:

sudo nano /etc/gitlab/gitlab.rb
Enter fullscreen mode Exit fullscreen mode

Set domain and SSL:

external_url 'https://gitlab.example.com'
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['admin@example.com']
letsencrypt['auto_renew'] = true
Enter fullscreen mode Exit fullscreen mode

Apply configuration:

sudo gitlab-ctl reconfigure
Enter fullscreen mode Exit fullscreen mode

2. Install Docker Runner for GitLab CI/CD

Step 1: Install Docker

sudo apt install docker.io -y
sudo systemctl enable docker && sudo systemctl start docker
Enter fullscreen mode Exit fullscreen mode

Step 2: Install GitLab Runner

curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
chmod +x /usr/local/bin/gitlab-runner
useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
Enter fullscreen mode Exit fullscreen mode

Step 3: Register the Runner

sudo gitlab-runner register
Enter fullscreen mode Exit fullscreen mode

Respond to prompts:

  • GitLab URL: https://gitlab.example.com
  • Token: Get it from your GitLab project > Settings > CI/CD > Runners
  • Description: docker-runner
  • Executor: docker
  • Docker Image: docker:20.10.16

Step 4: Start Runner

sudo gitlab-runner start
Enter fullscreen mode Exit fullscreen mode

3. Connect Kubernetes Cluster via GitLab Agent

Prerequisites

  • A running Kubernetes cluster
  • Helm CLI installed
  • Access to GitLab project

Step 1: Register Kubernetes Agent

  • Go to GitLab project > Operate > Kubernetes Clusters
  • Click Connect a cluster (agent), give it a name, and register
  • Save the Helm command and agent token

Step 2: Install Agent in Kubernetes

helm repo add gitlab https://charts.gitlab.io
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
  --namespace gitlab-agent \
  --create-namespace \
  --set config.token=<your_token> \
  --set config.kasAddress=wss://gitlab.example.com/-/kubernetes-agent/
Enter fullscreen mode Exit fullscreen mode

4. Build and Push Docker Images in GitLab CI

.gitlab-ci.yml Example

default:
  image: docker:20.10.16
  services:
    - docker:20.10.16-dind
  before_script:
    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin

variables:
  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG

stages:
  - build
  - deploy

build:
  stage: build
  script:
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

deploy:
  stage: deploy
  script:
    - kubectl rollout restart deployment your-deployment-name -n your-namespace
  only:
    - main
Enter fullscreen mode Exit fullscreen mode

Notes:

  • $CI_REGISTRY_IMAGE is provided by GitLab CI.
  • Use kubectl inside a custom Docker image if needed.

5. Customize Helm for Secure Agent Deployment

For production systems:

  • Create a custom service account with limited RBAC.
  • Add flags like --set rbac.create=false and manually bind roles.
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
  --namespace gitlab-agent \
  --set config.token=<your_token> \
  --set rbac.create=false \
  --set serviceAccount.create=false \
  --set serviceAccount.name=my-custom-sa
Enter fullscreen mode Exit fullscreen mode

Summary

By following this guide, you've:

  • Installed GitLab with SSL
  • Set up Docker runners for CI/CD
  • Registered and installed Kubernetes agents
  • Configured GitLab CI to build and push Docker images
  • Integrated Kubernetes to deploy builds automatically

This full-stack setup gives you a robust, automated DevOps pipeline entirely self-managed and secure.

For maintenance, regularly update GitLab, rotate tokens, and monitor logs via gitlab-ctl and kubectl logs.

Additional resources

Top comments (0)