Quick Start
This document will help you quickly understand how to create a GitLab Connector and use it for securely cloning repositories and performing GitLab operations without directly handling credentials.
TOC
Estimated Reading TimePrerequisitesProcess OverviewSteps to OperateStep 1: Create NamespaceStep 2: Create GitLab Credentials and ConnectorStep 3: Create a Clone JobStep 4: Verify OperationHow It WorksTroubleshootingNext StepsEstimated Reading Time
15 minutes
Prerequisites
- Kubernetes cluster with Connectors system installed (ConnectorsCore and ConnectorsGitLab components). See the Installation Guide for details on installing these components.
- kubectl configured to communicate with your cluster
- GitLab repository with valid Private Access Token (PAT)
- Basic knowledge of Kubernetes resources
Process Overview
Steps to Operate
Step 1: Create Namespace
Create a dedicated namespace for this demonstration:
Step 2: Create GitLab Credentials and Connector
Create both the Secret containing GitLab Private Access Token and the GitLab Connector resource. For more detailed information about creating and configuring connectors, please refer to the Connectors Quick Start Guide.
Important Notes:
- The secret type must be
connectors.cpaas.io/gitlab-pat-auth - For GitLab.com, use
https://gitlab.comas the address - For self-hosted GitLab, use your GitLab server URL (e.g.,
https://gitlab.example.com) - The
addressshould be the GitLab server URL for repository cloning, not the API address
Verify that the connector is in "Ready" status:
The output should show:
Step 3: Create a Clone Job
Create a job that uses the connector to clone a GitLab repository using Git CLI:
Replace https://<your-gitlab-server>/<your-group>/<your-repo>.git with your actual GitLab repository URL.
Key parameters:
connector.name: The name of your GitLab connectorconfiguration.names: Set to "gitconfig" to mount the Git configuration filemountPath: Mount the configuration to/opt/gitand copy to/root/for Git to use
Step 4: Verify Operation
Check the job's logs to confirm the repository was successfully cloned:
You should see the Git clone operation completing successfully without any authentication errors. The output should include:
How It Works
The GitLab Connector works by:
- Replacing the original GitLab repository URL with a proxy service URL
- Injecting authentication information (K8S API Token) into requests to the proxy service
- The proxy service adding the necessary credentials (Secret of the Connector) when forwarding requests to the GitLab server
- For Git operations, the
.gitconfigfile contains URL rewriting rules and authentication headers
To examine the generated configuration:
View the generated Git configuration:
Example output:
This configuration:
- Adds an Authorization header with the encoded K8S API Token
- Rewrites the GitLab URL to use the proxy service
Troubleshooting
If your clone operation fails, check the following:
-
Connector Status: Ensure the connector is in "Ready" state:
-
Private Access Token: Verify your GitLab PAT has the necessary permissions:
read_repositoryscope is required for cloning
-
Job Configuration:
- Ensure the volume mount path is correct
- Verify the repository URL matches your GitLab repository
- Check that the
.gitconfigfile is properly copied to/root/
-
Network Connectivity: Ensure your cluster can reach the GitLab server
Next Steps
After successfully cloning your first repository using the GitLab Connector, you can:
- Learn how to use GitLab CLI (glab) with the connector to interact with GitLab in the Using GitLab CLI Guide
- Using custom CLI tools like reviewdog to interact with GitLab in the Using Reviewdog CLI Tools Guide
- Integrate this approach into your CI/CD pipelines in the CI/CD Integration Guide
- Explore the GitLab ConnectorClass Concepts for advanced configuration options