CI/CD Tunnel (FREE)
The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster. GitLab Runner does not have to be running in the same cluster.
Only CI/CD jobs set in the configuration project can access one of the configured agents.
- A running
- A configuration repository with an agent config file
- A registered agent.
- The agent installed in the cluster.
Use the CI/CD Tunnel to run Kubernetes commands from GitLab CI/CD
If your project has access to one or more Agent records available, its CI/CD
jobs provide a
KUBECONFIG variable compatible with
Also, each Agent has a separate context (
kubecontext). By default,
there isn't any context selected.
Contexts are named in the following format:
To get the list of available contexts, run
kubectl config get-contexts.
Share the CI/CD Tunnel provided by an Agent with other projects and groups
The Agent can be configured to enable access to the CI/CD Tunnel to other projects or all the projects under a given group. This way you can have a single agent serving all the requests for several projects saving on resources and maintenance.
You can read more on how to authorize access in the Agent configuration reference.
Restrict access of authorized projects and groups (PREMIUM)
You can configure various impersonations to restrict the permissions of a shared CI/CD Tunnel.
Example for a
kubectl command using the CI/CD Tunnel
The following example shows a CI/CD job that runs a
kubectl command using the CI/CD Tunnel.
You can run any Kubernetes-specific commands similarly, such as
kpt, and so on. To do so:
- Set your Agent's context in the first command with the format
- Run Kubernetes commands.
- kubectl config use-context path/to/agent-configuration-project:your-agent-name
- kubectl get pods