GitLab Agent Server (KAS)

木木2年前技术文章2231

安装KAS

参考资料

独立部署的gitlab

开启KAS

独立部署的gitlab安装kas比较简单,首先编辑gitlab的配置文件/etc/gitlab/gitlab.rb

# 取消相关注释
##! Enable GitLab KAS
gitlab_kas['enable'] = true

重新部署gitlab

sudo gitlab-ctl reconfigure

执行该命令后系统会重新部署gitlab开启KAS的功能,原本的数据等信息不会丢失。

启用KAS

参考资料

配置存储库(项目)

找到我们需要使用kAS的项目,在项目根目录下添加文件

# config.yaml 的内容可以为空
.gitlab/agents/<agent-name>/config.yaml

注册KAS

项目-基础设置-kubernetes集群

找到右上角的Actions,选择我们刚刚创建的KAS配置文件,进行注册

选择完成后系统会提示如何进行注册安装

docker run --pull=always --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

由于我们的集群使用的是containerd,并没有docker命令,所以这个命令无法直接使用

安装nerdctl

参考资料

安装nerdctl

下载相关文件并且解压到指定目录即可

sudo tar -zxvf nerdctl-0.15.0-linux-amd64.tar.gz -C /usr/local/bin

使用nerdctl 注册KAS

修改下命令并且执行

sudo ctr images pull registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable
sudo nerdctl run --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=P7k_4zbn4QuEcVKUGLBvEozZZscHShFyhFAMBUQzyQHDw2px1A \
    --kas-address=ws://gitlab.ilomumu.xyz/-/kubernetes-agent \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

查看下k8s相关资源

问题处理

connection closed before server preface received

首先我们可能会遇到这样的报错

{"level":"error","time":"2021-12-30T03:52:35.060Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection closed before server preface received"}

这是由于我们的gitlab域名无法解析到导致的,所以我们要添加hosts文件进行解析。

正确的添加方法如下

在pods或者deployment的配置文件中进行添加(根据情况判断)

这里我们需要在deployment的配置文件中添加相关配置

    spec:     
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束

完整的配置如下

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg

Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301

另外一个报错

{"level":"error","time":"2021-12-30T06:15:23.631Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: expected handshake response status code 101 but got 301\""}

这个错误的原因是由于我们的链接地址结尾没有一个/

再次修改deployment的配置文件

    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        # 这里结尾加一个斜杠
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent/

完成的配置文件

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"gitlab-agent","namespace":"gitlab-kubernetes-agent"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"gitlab-agent"}},"strategy":{"rollingUpdate":{"maxSurge":0,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/path":"/metrics","prometheus.io/port":"8080","prometheus.io/scrape":"true"},"labels":{"app":"gitlab-agent"}},"spec":{"containers":[{"args":["--token-file=/config/token","--kas-address","ws://gitlab.ilomumu.xyz/-/kubernetes-agent"],"env":[{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}],"image":"registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable","livenessProbe":{"httpGet":{"path":"/liveness","port":8080},"initialDelaySeconds":15,"periodSeconds":20},"name":"agent","readinessProbe":{"httpGet":{"path":"/readiness","port":8080},"initialDelaySeconds":5,"periodSeconds":10},"volumeMounts":[{"mountPath":"/config","name":"token-volume"}]}],"serviceAccountName":"gitlab-agent","volumes":[{"name":"token-volume","secret":{"secretName":"gitlab-agent-token-69t456m2dg"}}]}}}}
  creationTimestamp: "2021-12-30T03:52:12Z"
  generation: 4
  name: gitlab-agent
  namespace: gitlab-kubernetes-agent
  resourceVersion: "7967661"
  uid: dbd46470-0b4d-4dae-aa29-2587eec13bfb
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: gitlab-agent
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/restartedAt: "2021-12-30T06:14:23Z"
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app: gitlab-agent
    spec:
      containers:
      - args:
        - --token-file=/config/token
        - --kas-address
        - ws://gitlab.ilomumu.xyz/-/kubernetes-agent
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:stable
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: agent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /config
          name: token-volume
      dnsPolicy: ClusterFirst
      # 添加这部分内容
      hostAliases:
      - hostnames:
        - gitlab.ilomumu.xyz
        ip: 172.16.0.12
      # 到这里结束
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: gitlab-agent
      serviceAccountName: gitlab-agent
      terminationGracePeriodSeconds: 30
      volumes:
      - name: token-volume
        secret:
          defaultMode: 420
          secretName: gitlab-agent-token-69t456m2dg


返回列表

上一篇:.gitlab-ci.yml 语法

下一篇:Ansible部署和使用(sshpass)

相关文章

Spark on yarn 动态资源配置

Spark on yarn 动态资源配置

1、背景spark on yarn 的环境下,开源的spark 默认是关闭动态分配申请资源的。每次提交时,需要手动定义--num-executors 的数量。为了提交任务方便,需要开启动态分配资源sp...

CDH实操--impala增加ldap认证

CDH实操--impala增加ldap认证

本文基于cdh安装ldap主主模式,并且配置haproxy+keepalived基础上进行配置。一、impala配置ldap1、impala配置中增加ldap相关验证2、重启过时配置。3、ldap验证...

Docker Engine - Containerd

Docker Engine - Containerd

1、背景Docker 崛起很久以前,Docker 强势崛起,以 “镜像” 这个大招席卷全球,对其他技术进行致命的降维打击,使其毫无招架之力,就连 Google 也不例外。Google 为了不被拍死在沙...

PG的多版本并发控制(二)

PG的多版本并发控制(二)

二、 PG数据库DML操作的相关概念xmin、xmax、cmin、cmax是每个数据行tuple上的隐藏字段,主要用于区别不同事务以及相同事务内tuple的行版本。在了解这四个参数概念前,我们首先需要...

python-日志分析

1、概述生产中会生成大量的系统日志、应用程序日志、安全日志等等日志,通过对日志的分析可以了解服务器的负载、健康状况,可以分析客户的分布情况、客户的行为,甚至基于这些分析可以做出预测。一般采集流程:日志...

磁盘分区与挂载

磁盘分区与挂载

背景当我们新建一个服务器时,需要对磁盘进行分区、格式化、挂载等操作。那么我们应该如何进行呢?一、LVM技术1、安装所需的lvm工具yum install -y lvm22、创建物理卷PVpvcreat...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号