GitLab Agent Server (KAS)

木木2年前技术文章1460

安装KAS

参考资料

独立部署的gitlab

开启KAS

独立部署的gitlab安装kas比较简单,首先编辑gitlab的配置文件/etc/gitlab/gitlab.rb

# 取消相关注释
##! Enable GitLab KAS
gitlab_kas['enable'] = true

重新部署gitlab

sudo gitlab-ctl reconfigure

执行该命令后系统会重新部署gitlab开启KAS的功能,原本的数据等信息不会丢失。

启用KAS

参考资料

配置存储库(项目)

找到我们需要使用kAS的项目,在项目根目录下添加文件

# config.yaml 的内容可以为空
.gitlab/agents/<agent-name>/config.yaml

注册KAS

项目-基础设置-kubernetes集群

找到右上角的Actions,选择我们刚刚创建的KAS配置文件,进行注册

选择完成后系统会提示如何进行注册安装

docker run --pull=always --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

由于我们的集群使用的是containerd,并没有docker命令,所以这个命令无法直接使用

安装nerdctl

参考资料

安装nerdctl

下载相关文件并且解压到指定目录即可

sudo tar -zxvf nerdctl-0.15.0-linux-amd64.tar.gz -C /usr/local/bin

使用nerdctl 注册KAS

修改下命令并且执行

sudo ctr images pull registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable
sudo nerdctl run --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

查看下k8s相关资源

问题处理

connection closed before server preface received

首先我们可能会遇到这样的报错

{"level":"error","time":"2021-12-30T03:52:35.060Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection closed before server preface received"}

这是由于我们的gitlab域名无法解析到导致的,所以我们要添加hosts文件进行解析。

正确的添加方法如下

在pods或者deployment的配置文件中进行添加(根据情况判断)

这里我们需要在deployment的配置文件中添加相关配置

    spec:     
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束

完整的配置如下

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg

Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301

另外一个报错

{"level":"error","time":"2021-12-30T06:15:23.631Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301\""}

这个错误的原因是由于我们的链接地址结尾没有一个/

再次修改deployment的配置文件

    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        # 这里结尾加一个斜杠
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent/

完成的配置文件

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg


返回列表

上一篇:.gitlab-ci.yml 语法

下一篇:Ansible部署和使用(sshpass)

相关文章

Hbase rowkey设计原则

HBase 中的 rowkey 设计需要遵循以下原则:1 rowkey 唯一原则若在 HBase 中向同一张表插入相同 rowkey 的记录,如没有设置版本数量,则此 rowkey 原先的数据会被覆盖...

Hive与HBase整合文档

Hive与HBase整合文档

1.Hive整合HBase配置1.拷贝hbase 相关jar包将hbase 相关jar包拷贝到hive lib目录下hbase-client-0.98.13-hadoop2.jar hbase-co...

MySQL运维实战(5.4) MySQL元数据乱码

表结构Comment乱码如果DDL实际编码和character_set_client设置不一致,也会引起乱码。$ cat test_comment_utf8.sql create...

PG常用命令

1、连库相关#连库 $ psql -h <hostname or ip> -p <端口> [数据库名称] [用户名称] #连库并执行命令 $ psql -h <ho...

CDH实操--集群关闭Kerberos

CDH实操--集群关闭Kerberos

1、关掉整个集群2、zookeeper配置搜索kerberos,将enable Kerberos配置关掉3、hdfs配置在输入框中填入[hadoop.security.auth] 进行搜索将安全身份认...

trino容器对接alluxio(四)

trino容器对接alluxio(四)

前提:本文是基于已经部署了trino容器和 集群中部署了alluxio组件的基础上,进行的trino与alluxio的组件对接,alluxio已经开启了高可用模式。本文的冒烟测试是在trino对接ld...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号