This project was originally deployed to a Kubernetes cluster via GitLab CI. Use this guide to verify if your Kubernetes credentials still work.
kubectlCLI installed (Download)- Kubernetes service account token from your previous GitLab deployment
If you previously configured kubectl:
# Check current context
kubectl config current-context
# List all pods in staging namespace
kubectl get pods -n power-ranger-staging
# List all pods in production namespace
kubectl get pods -n power-ranger-prodExpected Output (if connected):
NAME READY STATUS RESTARTS AGE
posts-api-xxxxxxxxx-xxxxx 1/1 Running 0 5d
posts-db-0 1/1 Running 0 5d
If you see: error: You must be logged in to the server - Connection expired, proceed to Step 2.
You need the Kubernetes service account token that was stored in GitLab CI variables.
From your GitLab project:
- Go to: Settings → CI/CD → Variables
- Find:
KUBE_TOKEN(for staging) orKUBE_TOKEN_PROD(for production) - Copy the token value
# Set variables
$KUBE_SERVER = "https://kubernetes.devops.cs.ut.ee"
$KUBE_NAMESPACE = "power-ranger-staging" # or "power-ranger-prod"
$KUBE_TOKEN = "your-token-here" # Replace with actual token
# Create kubeconfig
kubectl config set-cluster devops-cluster `
--server=$KUBE_SERVER `
--insecure-skip-tls-verify=true
kubectl config set-credentials gitlab-ci `
--token=$KUBE_TOKEN
kubectl config set-context devops `
--cluster=devops-cluster `
--user=gitlab-ci `
--namespace=$KUBE_NAMESPACE
kubectl config use-context devops# Check connection
kubectl get pods -n $KUBE_NAMESPACE
# Check deployments
kubectl get deployments -n $KUBE_NAMESPACE
# Check services
kubectl get services -n $KUBE_NAMESPACE
# Check ingress
kubectl get ingress -n $KUBE_NAMESPACE# Get all resources in namespace
kubectl get all -n power-ranger-staging
# Check API pods
kubectl get pods -n power-ranger-staging -l app=posts-api
# Check pod logs
kubectl logs -n power-ranger-staging -l app=posts-api --tail=50
# Check deployment details
kubectl describe deployment posts-api -n power-ranger-staging
# Check service
kubectl get service posts-api -n power-ranger-staging# Check frontend pods
kubectl get pods -n power-ranger-staging -l app=frontend
# Check frontend logs
kubectl logs -n power-ranger-staging -l app=frontend --tail=50
# Check frontend service
kubectl get service frontend -n power-ranger-staging# Check database cluster
kubectl get cluster -n power-ranger-staging
# Check database pods
kubectl get pods -n power-ranger-staging -l cnpg.io/cluster
# Check database status
kubectl describe cluster posts-db -n power-ranger-staging# Get ingress URL
kubectl get ingress -n power-ranger-staging
# Test with curl
curl https://power-ranger-staging.kubernetes.devops.cs.ut.ee/livezOr open in browser:
- Staging: https://power-ranger-staging.kubernetes.devops.cs.ut.ee/
- Production: https://power-ranger-prod.kubernetes.devops.cs.ut.ee/
Solution: Your token expired or is invalid.
- Get a new token from GitLab CI variables
- Reconfigure kubectl (see Step 2)
Solution: Your service account doesn't have proper permissions.
- Check RBAC configuration in
k8s-staging/cicd-rbac.yaml - Verify service account exists:
kubectl get serviceaccount gitlab-ci -n power-ranger-staging
# Check pod status
kubectl get pods -n power-ranger-staging
# Check pod events
kubectl describe pod <pod-name> -n power-ranger-staging
# Check pod logs
kubectl logs <pod-name> -n power-ranger-staging# Check ingress configuration
kubectl describe ingress -n power-ranger-staging
# Check if NGINX ingress is installed
kubectl get pods -n ingress-nginx
# Check backend service endpoint
kubectl get endpoints posts-api -n power-ranger-staging# List all releases in namespace
helm list -n power-ranger-staging
# Get release status
helm status posts -n power-ranger-staging
# Get release values
helm get values posts -n power-ranger-staging# Upgrade/install backend
helm upgrade --install posts ./helm/posts `
-f ./helm/posts/values-staging.yaml `
--namespace power-ranger-staging
# Upgrade/install frontend
helm upgrade --install frontend ./frontend-main/helm/frontend `
-f ./frontend-main/helm/frontend/values.yaml `
--namespace power-ranger-stagingSave this as check-k8s.ps1:
param(
[string]$Namespace = "power-ranger-staging"
)
Write-Host "Checking Kubernetes resources in $Namespace..." -ForegroundColor Cyan
Write-Host "`n=== PODS ===" -ForegroundColor Yellow
kubectl get pods -n $Namespace
Write-Host "`n=== DEPLOYMENTS ===" -ForegroundColor Yellow
kubectl get deployments -n $Namespace
Write-Host "`n=== SERVICES ===" -ForegroundColor Yellow
kubectl get services -n $Namespace
Write-Host "`n=== INGRESS ===" -ForegroundColor Yellow
kubectl get ingress -n $Namespace
Write-Host "`n=== HPA ===" -ForegroundColor Yellow
kubectl get hpa -n $Namespace
Write-Host "`n=== DATABASE ===" -ForegroundColor Yellow
kubectl get cluster -n $Namespace
Write-Host "`n=== POD HEALTH ===" -ForegroundColor Yellow
$unhealthyPods = kubectl get pods -n $Namespace -o json | ConvertFrom-Json |
Select-Object -ExpandProperty items |
Where-Object { $_.status.phase -ne "Running" }
if ($unhealthyPods) {
Write-Host "WARNING: Found unhealthy pods!" -ForegroundColor Red
$unhealthyPods | ForEach-Object {
Write-Host " - $($_.metadata.name): $($_.status.phase)"
}
} else {
Write-Host "All pods are healthy!" -ForegroundColor Green
}Run with: .\check-k8s.ps1 -Namespace power-ranger-staging
If you don't have the tokens or access anymore:
- Contact your cluster administrator to get a new service account
- Use the RBAC files in this repo:
- Backend:
k8s-staging/cicd-rbac.yaml - Frontend:
frontend-main/k8s-staging/cicd-serviceaccount.yaml
- Backend:
- Apply them to create service account:
kubectl apply -f k8s-staging/cicd-rbac.yaml kubectl apply -f frontend-main/k8s-staging/cicd-serviceaccount.yaml
- Get the token:
kubectl get secret -n power-ranger-staging | findstr gitlab-ci kubectl describe secret <secret-name> -n power-ranger-staging
- kubectl installed and working
- Can list pods:
kubectl get pods -n power-ranger-staging - Backend pods are running
- Frontend pods are running
- Database cluster is healthy
- Ingress is configured correctly
- Website accessible at staging/production URL
If all checks pass, your Kubernetes deployment is still active! ✅