GitLab Agent Server (KAS)

木木2年前技术文章1430

安装KAS

参考资料

独立部署的gitlab

开启KAS

独立部署的gitlab安装kas比较简单,首先编辑gitlab的配置文件/etc/gitlab/gitlab.rb

# 取消相关注释
##! Enable GitLab KAS
gitlab_kas['enable'] = true

重新部署gitlab

sudo gitlab-ctl reconfigure

执行该命令后系统会重新部署gitlab开启KAS的功能,原本的数据等信息不会丢失。

启用KAS

参考资料

配置存储库(项目)

找到我们需要使用kAS的项目,在项目根目录下添加文件

# config.yaml 的内容可以为空
.gitlab/agents/<agent-name>/config.yaml

注册KAS

项目-基础设置-kubernetes集群

找到右上角的Actions,选择我们刚刚创建的KAS配置文件,进行注册

选择完成后系统会提示如何进行注册安装

docker run --pull=always --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

由于我们的集群使用的是containerd,并没有docker命令,所以这个命令无法直接使用

安装nerdctl

参考资料

安装nerdctl

下载相关文件并且解压到指定目录即可

sudo tar -zxvf nerdctl-0.15.0-linux-amd64.tar.gz -C /usr/local/bin

使用nerdctl 注册KAS

修改下命令并且执行

sudo ctr images pull registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable
sudo nerdctl run --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

查看下k8s相关资源

问题处理

connection closed before server preface received

首先我们可能会遇到这样的报错

{"level":"error","time":"2021-12-30T03:52:35.060Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection closed before server preface received"}

这是由于我们的gitlab域名无法解析到导致的,所以我们要添加hosts文件进行解析。

正确的添加方法如下

在pods或者deployment的配置文件中进行添加(根据情况判断)

这里我们需要在deployment的配置文件中添加相关配置

    spec:     
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束

完整的配置如下

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg

Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301

另外一个报错

{"level":"error","time":"2021-12-30T06:15:23.631Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301\""}

这个错误的原因是由于我们的链接地址结尾没有一个/

再次修改deployment的配置文件

    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        # 这里结尾加一个斜杠
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent/

完成的配置文件

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg


相关文章

MySQL运维实战(2.2)忘记密码如何处理

如果忘记了一个普通用户的密码,可以使用管理员账号登录,修改其他用户的密码。但是如果所有管理员账号的密码都忘记了,应该怎么处理呢?如果忘记root密码,可以使用skip-grant-tables参数启动...

Redis 内存使用情况查看

内存情况查看1、MEMORY STATS--连接 redisredis-cli--执行 MEMORY STATS命令查询内存使用详情 MEMORY STATSRedis实例的内存开销主要由两部分组成:...

使用CoreDNS搭建DNS服务器

使用CoreDNS搭建DNS服务器

简介CoreDNS是一个DNS服务器/转发器,用Go编写,可以链接插件。每个插件执行一个 (DNS) 功能。CoreDNS是云原生计算基金会毕业的项目。CoreDNS是一个快速灵活的DNS服务器。这里...

oracle v$archive_log视图过期信息清理

      在使用RMAN命令删除归档后,查询v$archived_log视图会发现name列为空了,但其他列的信息还保留,时间长了会留下很多过期的信息,影响维护工作,需要将过期的信息删除。 出现这样...

ES运维(七)添加sql插件

ES运维(七)添加sql插件

一、概述ElasticSearch安装SQL插件下载地址(中国大佬开发)二、集成sql插件1、下载es-sql插件下载地址: https://github.com/NLPchina/elastics...

开源大数据集群部署(七)Freeipa卸载

开源大数据集群部署(七)Freeipa卸载

1、命令卸载如果命令还卸载不赶紧,就在FreeIPA界面删除ipa-server-install -U --uninstall #服务端卸ipa-client-install -U --uninsta...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。