Skip to content

GitLab source

GitLab Source example shows how to wire GitLab events for consumption by a Knative Service.

Gitlab source deployment


You will need:

  1. An internet-accessible Kubernetes cluster with Knative Serving installed. Follow the installation instructions if you need to create one.
  2. Ensure Knative Serving is configured with a domain name
  3. You must ensure that your Knative cluster uses a static IP address refer to your provider's documentation. that allows GitLab to call into the cluster.
  4. Install Knative Eventing.

Install GitLab Event Source

GitLab Event source lives in the knative-sandbox/eventing-gitlab. Head to the releases page, find the latest release with gitlab.yaml artifact and replace the <RELEASE> with version tag:

kubectl apply -f<RELEASE>/gitlab.yaml

Check that the manager is running:

kubectl -n knative-sources get pods --selector control-plane=gitlab-controller-manager

With the controller running you can now move on to a user persona and setup a GitLab webhook as well as a function that will consume GitLab events.

Using the GitLab Event Source

You are now ready to use the Event Source and trigger functions based on GitLab projects events.

We will:

  • Create a Knative service which will receive the events. To keep things simple this service will simply dump the events to stdout, this is the so-called: event_display
  • Create a GitLab access token and a random secret token used to secure the webhooks
  • Create the event source by posting a GitLab source object manifest to Kubernetes

Create a Knative Service

The event-display.yaml file defines the basic service which will receive events from the GitLab source:

kind: Service
  name: gitlab-event-display
        - image:

Create the service:

kubectl -n default apply -f event-display.yaml

Create GitLab Tokens

  1. Create a personal access token which the GitLab source will use to register webhooks with the GitLab API. The token must have an "api" access scope in order to create repository webhooks. Also decide on a secret token that your source will use to authenticate the incoming webhooks from GitLab.

  2. Update the secret values in secret.yaml as follows:

accessToken is the personal access token created in step 1 and secretToken is any token of your choosing.

Tip: you can generate a random secretToken by running the command:

head -c 8 /dev/urandom | base64


apiVersion: v1
kind: Secret
  name: gitlabsecret
type: Opaque
  accessToken: <personal_access_token_value>
  secretToken: <random_string>
  1. Create the secret using kubectl.
kubectl -n default apply -f secret.yaml

Create Event Source for GitLab Events

  1. In order to receive GitLab events, you have to create a concrete Event Source for a specific namespace. Replace the projectUrl value in the gitlabsource.yaml file with your GitLab project URL, for example


kind: GitLabSource
  name: gitlabsource-sample
    - push_events
    - issues_events
  projectUrl: <project url>
      name: gitlabsecret
      key: accessToken
      name: gitlabsecret
      key: secretToken
      kind: Service
      name: gitlab-event-display
  1. Apply the yaml file using kubectl:
kubectl -n default apply -f gitlabsource.yaml


Verify that GitLab webhook was created by looking at the list of webhooks under Settings >> Integrations in your GitLab project. A hook should be listed that points to your Knative cluster.

Create a push event and check the logs of the Pod backing the gitlab-event-display knative service. You will see the event:

☁️  cloudevents.Event
Validation: valid
Context Attributes,
  specversion: 0.3
  type: dev.knative.sources.gitlabsource.Push Hook
  id: f83c080f-c2af-48ff-8d8b-fd5b21c5938e
  time: 2020-03-12T11:08:41.414572482Z
  datacontenttype: application/json
   <Event payload>


You can remove the GitLab webhook by deleting the GitLab source:

kubectl --namespace default delete --filename gitlabsource.yaml

Similarly, you can remove the Service and Secret via:

kubectl --namespace default delete --filename event-display.yaml
kubectl --namespace default delete --filename secret.yaml
Back to top

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK