Thursday, June 11, 2026
DevOps Git GitLab

Belajar GitLab Part 3-Container Registry

admin

Sekarang pipeline CI/CD Kubernetes akan kita buat end-to-end dengan flow berikut:

Yang sekarang sudah berjalan:

Git Push

GitLab Pipeline

Docker Build

Push ke GitLab Registry

K3s Pull Image

Rolling Update Deployment

STEP 1 — Buat GitLab Access Token

Di GitLab:

Profile
→ Preferences
→ Access -> Personal Access Tokens

Buat token:

Scope:

read_registry

Misal token:

glpat-xxxxxxxx

Simpan baik-baik.

STEP 2 — Create Secret di K3s

Di kube1:

kubectl create secret docker-registry gitlab-registry \
  --docker-server=registry.gitlab.com \
  --docker-username=USERNAME_GITLAB \
  --docker-password=TOKEN_GITLAB \
  [email protected]

Contoh:

kubectl create secret docker-registry gitlab-registry \
  --docker-server=registry.gitlab.com \
  --docker-username=project7112620 \
  --docker-password=glpat-xxxxxxxx \
  [email protected]

STEP 3 – Buat Config Khusus untuk Gitlab Runner

1 — Copy File

Di kube1:

sudo cp /etc/rancher/k3s/k3s.yaml /opt/kubeconfig-gitlab.yaml

2 — Edit File Baru

sudo nano /opt/kubeconfig-gitlab.yaml

ubah:

server: https://127.0.0.1:6443

menjadi:

server: https://IP-KUBE1:6443

contoh:

server: https://192.168.1.10:6443

3 — Permission

sudo chmod 644 /opt/kubeconfig-gitlab.yaml

4 — Mount ke Runner

Edit:

sudo nano /etc/gitlab-runner/config.toml

ubah volumes jadi:

volumes = [
  "/cache",
  "/opt/kubeconfig-gitlab.yaml:/kubeconfig"
]
more /etc/gitlab-runner/config.toml
concurrent = 1
check_interval = 0
connection_max_age = "15m0s"
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "master-runner"
  url = "https://gitlab.com"
  id = 53125612
  token = "glrt-T2W3hsya775bXIB7_TdsVmM6MQpvOjEKcDoxY3c0NXIKdDozCnU6OG94MnAc.01.1o0ngqaug"
  token_obtained_at = 2026-05-12T10:07:25Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  tag_list = ["k3s"]
  [runners.cache]
    MaxUploadedArchiveSize = 0
    [runners.cache.s3]
      AssumeRoleMaxConcurrency = 0
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "docker:latest"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache", "/opt/kubeconfig-gitlab.yaml:/kubeconfig"]
    volume_keep = false
    shm_size = 0
    network_mtu = 0

5 — Restart Runner

sudo systemctl restart gitlab-runner

STEP 4 – Copy Code dari github masukan ke gitlab

ambil code dari -> https://github.com/kyuby13/belajar-gitlab-registry

STEP 5 – Coba push

git add .
git commit -m "add registry secret"
git push origin master

cek di K3s
kubectl get pods

root@kube1:~# kubectl get pods
NAME                                READY   STATUS        RESTARTS      AGE
nginx-app-5d7b94f74c-w857g          1/1     Running       0             60m
nginx-deployment-59f86b59ff-b5tx2   1/1     Terminating   1 (32h ago)   12d
root@kube1:~# kubectl describe pod nginx-app-5d7b94f74c-w857g
Name:             nginx-app-5d7b94f74c-w857g
Namespace:        default
Priority:         0
Service Account:  default
Node:             kube1/192.168.10.15
Start Time:       Wed, 13 May 2026 10:20:30 +0000
Labels:           app=nginx-app
                  pod-template-hash=5d7b94f74c
Annotations:      kubectl.kubernetes.io/restartedAt: 2026-05-13T10:20:30Z
Status:           Running
IP:               10.42.0.71
IPs:
  IP:           10.42.0.71
Controlled By:  ReplicaSet/nginx-app-5d7b94f74c
Containers:
  nginx-app:
    Container ID:   containerd://5b56b7d0c5a5ed39bf568c47d0e143b9f02bf5111450c027a98e013ba69ae982
    Image:          registry.gitlab.com/project7112620/belajar-gitlab/nginx-app:latest
    Image ID:       registry.gitlab.com/project7112620/belajar-gitlab/nginx-app@sha256:70b3f43e9ce94524a89f9a220c124d729d74a8cab49e445c2d04a8d2b807f53e
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Wed, 13 May 2026 10:20:37 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pjdhb (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       True 
  ContainersReady             True 
  PodScheduled                True 
Volumes:
  kube-api-access-pjdhb:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  61m   default-scheduler  Successfully assigned default/nginx-app-5d7b94f74c-w857g to kube1
  Normal  Pulling    61m   kubelet            Pulling image "registry.gitlab.com/project7112620/belajar-gitlab/nginx-app:latest"
  Normal  Pulled     61m   kubelet            Successfully pulled image "registry.gitlab.com/project7112620/belajar-gitlab/nginx-app:latest" in 5.353s (5.353s including waiting). Image size: 62954769 bytes.
  Normal  Created    61m   kubelet            Container created
  Normal  Started    61m   kubelet            Container started

Noted : image sudah di simpan di gitlab registry

Similar Posts