GitLab Agent Server (KAS)

木木10个月前技术文章527

安装KAS

参考资料

独立部署的gitlab

开启KAS

独立部署的gitlab安装kas比较简单,首先编辑gitlab的配置文件/etc/gitlab/gitlab.rb

# 取消相关注释
##! Enable GitLab KAS
gitlab_kas['enable'] = true

重新部署gitlab

sudo gitlab-ctl reconfigure

执行该命令后系统会重新部署gitlab开启KAS的功能,原本的数据等信息不会丢失。

启用KAS

参考资料

配置存储库(项目)

找到我们需要使用kAS的项目,在项目根目录下添加文件

# config.yaml 的内容可以为空
.gitlab/agents/<agent-name>/config.yaml

注册KAS

项目-基础设置-kubernetes集群

找到右上角的Actions,选择我们刚刚创建的KAS配置文件,进行注册

选择完成后系统会提示如何进行注册安装

docker run --pull=always --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

由于我们的集群使用的是containerd,并没有docker命令,所以这个命令无法直接使用

安装nerdctl

参考资料

安装nerdctl

下载相关文件并且解压到指定目录即可

sudo tar -zxvf nerdctl-0.15.0-linux-amd64.tar.gz -C /usr/local/bin

使用nerdctl 注册KAS

修改下命令并且执行

sudo ctr images pull registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable
sudo nerdctl run --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

查看下k8s相关资源

问题处理

connection closed before server preface received

首先我们可能会遇到这样的报错

{"level":"error","time":"2021-12-30T03:52:35.060Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection closed before server preface received"}

这是由于我们的gitlab域名无法解析到导致的,所以我们要添加hosts文件进行解析。

正确的添加方法如下

在pods或者deployment的配置文件中进行添加(根据情况判断)

这里我们需要在deployment的配置文件中添加相关配置

    spec:     
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束

完整的配置如下

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg

Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301

另外一个报错

{"level":"error","time":"2021-12-30T06:15:23.631Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301\""}

这个错误的原因是由于我们的链接地址结尾没有一个/

再次修改deployment的配置文件

    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        # 这里结尾加一个斜杠
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent/

完成的配置文件

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg


返回列表

上一篇:.gitlab-ci.yml 语法

下一篇:Ansible部署和使用(sshpass)

相关文章

MySQL运维实战之ProxySQL(9.3)使用ProxySQL实现读写分离

proxysql读写分离主要通过mysql_query_rules表中的规则来实现。下面是具体的配置步骤:hostgroup配置insert into mysql_servers&...

Redis 持久化机制 AOF

Redis 持久化机制 AOF

前言Redis 有两种持久化机制,分别是 RDB 与 AOF 本篇文章将介绍 AOF 的执行过程与应用。1. AOF 简介AOF (Append only file) 持久化是以独立日志的方式记录每次...

CDH实操--集成 freeipa

CDH实操--集成 freeipa

1 概述环境准备: 1)安装cdh6.2.1 2)安装FreeIPA,server和client(在所有cdh节点)2 集成2.1 krb5.conf修改注释:default_ccache_nam...

CDP实操--集群配置Auto-TLS

CDP实操--集群配置Auto-TLS

1.1手动创建CA证书# mkdir -p /tls/ca # ls /tls # cd /tls/ca # openssl genrsa -out ca.key 2048 # cat ca....

MySQL 函数触发隐式转换应对策略

前言MySQL 中,当 SQL 索引字段使用了函数的话,会出现隐式转换的问题,导致索引失效,从而导致 SQL 执行效率变慢。本篇文章介绍 MySQL 不同版本此类问题的应对策略。1. 环境介绍以下是本...

trino容器设置nodeselector(七)

trino容器设置nodeselector(七)

查看node labelkubectl get nodes --show-labels2、在容器中设置nodeselector属性  nodeSelector:     dps: "1"查看k8s...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号