2026-05-30 23:41:23 +00:00 · 2026-05-30 01:15:14 -04:00 · 2026-05-30 01:15:14 -04:00 · 0d88ffdd6e
commit 0d88ffdd6e
parent dcda5be0dd
1 changed files with 280 additions and 0 deletions
--- a/GITLAB_SETUP_GUIDE.md
+++ b/GITLAB_SETUP_GUIDE.md
@ -0,0 +1,280 @@
+# GitLab Setup for Phase 3 K8s E2E Testing
+
+**Status**: Action Required (User/Ops actions in GitLab UI)  
+**Timeline**: ~15 minutes total  
+**Prerequisite**: Access to both GitLab projects as admin/maintainer
+
+---
+
+## Overview
+
+Two GitLab actions are required to enable Phase 3 E2E testing:
+
+1. **Create GitLab Deploy Token** (for K8s to pull Docker image)
+2. **Set KUBE_CONFIG CI/CD Variable** (for K8s cluster access)
+
+Both are UI-based and take ~5 minutes each.
+
+---
+
+## Action 1: Create GitLab Deploy Token
+
+**Project**: `itsulu-odoo/itsulu-blog-publisher`  
+**Purpose**: Allow K8s to pull the Docker image from GitLab container registry  
+**Scope**: Read-only registry access
+
+### Steps
+
+1. **Navigate to Deploy Tokens**
+   ```
+   Project: itsulu-odoo/itsulu-blog-publisher
+   → Settings (left sidebar)
+   → Repository
+   → Deploy Tokens
+   ```
+
+2. **Create New Deploy Token**
+   - **Name**: `k8s-registry-pull`
+   - **Expires at**: (optional, or 1 year from now)
+   - **Scopes**: Check ONLY `read_registry`
+   - Click: **Create deploy token**
+
+3. **Save the Credentials**
+   - Copy and save the displayed values:
+     - **Username**: (usually format: `<project>+<token-name>`)
+     - **Token**: (secret token value)
+   
+   ⚠️ **Important**: You'll only see these values once. Copy them now.
+
+### Example Output
+```
+Deploy Token Created
+Username: itsulu-blog-publisher+k8s-registry-pull
+Token: K1x9mPq2zL8nFvWx
+```
+
+### Verification
+Once created, you should see in the Deploy Tokens list:
+- Name: `k8s-registry-pull`
+- Scopes: `read_registry`
+- Status: Active
+- Created: Today's date
+
+---
+
+## Action 2: Create K8s Secret from Deploy Token
+
+Once you have the Deploy Token credentials from Action 1, provide them to create the K8s secret.
+
+### Option A: I Create the Secret (Recommended)
+
+Provide me with:
+- Deploy token **username**
+- Deploy token **token value**
+
+I'll then:
+1. Create the K8s secret `gitlab-docker-creds` in itsulu-testing namespace
+2. Verify it's working
+3. Confirm ready for E2E tests
+
+### Option B: You Create the Secret Manually
+
+If you prefer to create it yourself:
+
+```bash
+kubectl create secret docker-registry gitlab-docker-creds \
+  --docker-server=registry.gitlab.com \
+  --docker-username='<deploy-token-username>' \
+  --docker-password='<deploy-token-token>' \
+  --docker-email=noreply@gitlab.com \
+  -n itsulu-testing
+
+# Verify
+kubectl get secret gitlab-docker-creds -n itsulu-testing
+```
+
+---
+
+## Action 3: Set KUBE_CONFIG CI/CD Variable
+
+**Project**: `itsulu-odoo/itsulu-blog-publisher`  
+**Purpose**: Provide K8s cluster access to GitLab CI/CD pipeline  
+**Scope**: itsulu-testing namespace only
+
+### Prerequisites
+
+You need a **kubeconfig file** that has access to the itsulu-testing namespace.
+
+The kubeconfig should:
+- Have context: `itsulu-testing` (or similar)
+- Have user credentials for K8s cluster
+- Have permissions to create Jobs in itsulu-testing namespace
+
+If you don't have this, get it from the infrastructure team.
+
+### Steps
+
+1. **Encode the Kubeconfig**
+   ```bash
+   # Get your kubeconfig path (usually ~/.kube/config or provided by infrastructure team)
+   cat /path/to/kubeconfig | base64 -w0
+   
+   # On macOS:
+   cat /path/to/kubeconfig | base64 | pbcopy  # Copies to clipboard
+   
+   # Output: Long base64 string (starts with "Y3..." and ends with "==")
+   ```
+
+2. **Navigate to CI/CD Variables**
+   ```
+   Project: itsulu-odoo/itsulu-blog-publisher
+   → Settings (left sidebar)
+   → CI/CD
+   → Variables
+   ```
+
+3. **Add New Variable**
+   - **Key**: `KUBE_CONFIG`
+   - **Value**: (paste base64 kubeconfig from step 1)
+   - **Type**: Secret
+   - **Protected**: ✓ Yes (checked)
+   - **Masked**: ✓ Yes (checked)
+   - Click: **Add variable**
+
+4. **Verify**
+   You should see in the Variables list:
+   - Key: `KUBE_CONFIG`
+   - Type: Secret
+   - Protected: ✓
+   - Masked: ✓
+
+### Example
+
+**Input** (kubeconfig file):
+```yaml
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://itsulu-k8s.example.com:6443
+  name: itsulu-testing
+contexts:
+- context:
+    cluster: itsulu-testing
+    user: itsulu-testing-admin
+  name: itsulu-testing
+current-context: itsulu-testing
+kind: Config
+...
+```
+
+**After encoding** (paste into KUBE_CONFIG variable):
+```
+YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6CisgY2x1c3RlcjoKICAgIHNlcnZlcjog...
+```
+
+### Testing the Variable
+
+Once set, GitLab CI/CD will have access to:
+- K8s cluster via kubectl
+- itsulu-testing namespace
+- Ability to create/delete Jobs
+- Ability to access Pod logs and copy files
+
+The first MR will automatically test this when the e2e_tests job runs.
+
+---
+
+## Action 4: Verify Everything is Ready
+
+### In GitLab
+
+```
+Project → Settings → CI/CD → Variables
+Should see:
+  ✓ KUBE_CONFIG (Secret, Protected, Masked)
+```
+
+### In Kubernetes (Once Manifests Applied)
+
+```bash
+# Check secrets exist
+kubectl get secrets -n itsulu-testing
+# Should show: test-db-info, gitlab-docker-creds
+
+# Test registry authentication
+kubectl run --rm -it test-registry \
+  --image=registry.gitlab.com/itsulu-odoo/itsulu-blog-publisher:latest \
+  --overrides='{"spec":{"imagePullSecrets":[{"name":"gitlab-docker-creds"}]}}' \
+  -n itsulu-testing \
+  -- /bin/sh -c "echo 'Registry pull successful'"
+
+# Test database connection
+kubectl run --rm -it test-db \
+  --image=postgres:15-alpine \
+  -n itsulu-testing \
+  -- psql -h test-db-svc -U odoo_test -d odoo_template -c "SELECT 1"
+```
+
+---
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| "Deploy Token created but I can't see the token value" | Deploy tokens only show once. You must have copied it before clicking away. Create a new token. |
+| "KUBE_CONFIG variable appears in pipeline logs" | It should be masked. If visible, check the "Masked" checkbox in variable settings. |
+| "Invalid kubeconfig" error in CI/CD pipeline | Check the base64 encoding is correct: `echo "KUBE_CONFIG_VALUE" \| base64 -d` should be valid YAML. |
+| "Permission denied: Jobs" error in e2e_tests job | ServiceAccount `test-runner` missing Job permissions. Check RBAC in K8s. |
+| "ErrImagePull" in K8s job | GitLab registry credentials missing. Run Action 1 + 2. |
+
+---
+
+## Summary
+
+### ✅ When You're Done
+
+- [ ] Created deploy token `k8s-registry-pull` with `read_registry` scope
+- [ ] Provided me deploy token credentials (username + token)
+- [ ] I created K8s secret `gitlab-docker-creds`
+- [ ] You set KUBE_CONFIG CI/CD variable (base64 kubeconfig)
+- [ ] You verified variables in GitLab Settings → CI/CD
+
+### ✅ Then I Will
+
+- [ ] Apply K8s manifests to itsulu-testing namespace
+- [ ] Initialize template database with Odoo modules
+- [ ] Confirm everything is ready
+
+### ✅ Then You Can
+
+- [ ] Create an MR in itsulu-blog-publisher
+- [ ] Watch E2E tests run automatically on K8s cluster
+- [ ] Download test artifacts from GitLab
+
+---
+
+## Timeline
+
+1. **Action 1**: Create deploy token (~2 min)
+2. **Action 2a**: Provide credentials to me (~1 min)
+3. **Action 2b**: I create K8s secret (~1 min)
+4. **Action 3**: Set KUBE_CONFIG variable (~5 min)
+5. **Verification**: Test connectivity (~5 min)
+6. **Ready for K8s setup**: ~15 min total
+
+---
+
+## Next Steps
+
+1. Follow Actions 1-3 above
+2. Provide deploy token credentials (username + token)
+3. Provide kubeconfig file or base64-encoded kubeconfig
+4. I'll handle K8s operations (apply manifests + init template DB)
+5. Create MR to trigger first E2E test run
+
+---
+
+**Questions?** See:
+- [K8S_DEPLOYMENT_SETUP.md](K8S_DEPLOYMENT_SETUP.md) — Full K8s setup guide
+- [PHASE3_K8S_DEPLOYMENT_READY.md](PHASE3_K8S_DEPLOYMENT_READY.md) — Architecture overview
+- [kubernetes/itsulu-testing/README.md](../git/kubernetes/itsulu-testing/README.md) — Infrastructure details