使用 helm 安装 agent for Kubernetes
使用 helm 安装 agent for Kubernetes
极狐gitlab v14.10.0 之前,安装 agent 时是生成的 k8s yaml 资源文件,极狐gitlab v14.10.0 开始生成 helm 安装命令,不过底层原理都差不多。
1. 前提
- 极狐gitlab v14.10.0,开启 https,并且为有效证书,已开启 KAS,已注册可用 runner
- 可用 k8s 集群,参考:k8s 测试环境搭建(k3s) - leffss - 博客园 (cnblogs.com)
2. 安装 agent
2.1 创建仓库
gitops/agentk
2.2 创建配置文件
gitops/agentk 库中创建:.gitlab/agents/agent1/config.yaml
gitops:
manifest_projects:
- id: "gitops/agentk"
paths:
- glob: '/**/*.{yaml,json}'
- 上面配置的含义是 agent 名称为 agent1,指定项目为 gitops/agentk,指定资源清单文件为项目根目录下任何目录下的 yaml 和 json 为后缀的文件
- 项目配置为列表,可以指定多个项目
- 配置文件编写参考:Using a GitOps workflow for Kubernetes | GitLab
2.3 注册 agent 到极狐gitlab
操作步骤:
- 进入项目菜单”基础架构 > Kubernetes 集群”;
- 点击 Connect a cluster (agent);
- 点击 Select an Agent 下拉框,选择在配置文件里定义的 Agent 名称;
- 复制弹出屏幕上的 Agent helm 安装命令
2.4 安装 helm v3
安装 helm v3(v3.3.1 或者更新),参考官方安装文档:Helm | Installing Helm
这里使用手动下载安装方式:
# 发布地址:https://github.com/helm/helm/releases
curl -O https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
tar zxvf helm-v3.8.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
chmod +x /usr/local/bin/helm
helm version
version.BuildInfo{Version:"v3.8.0", GitCommit:"d14138609b01886f544b2025f5000351c9eb092e", GitTreeState:"clean", GoVersion:"go1.17.5"}
2.5 安装 agent 到 k8s 集群
安装命令前面已自动生成:
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
helm repo add gitlab https://charts.gitlab.io
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--create-namespace \
--set config.token=LEcr5nggfLqFeMgSJy166MVyQpMMqMQkkYGdK8PBM21c6zyEng \
--set config.kasAddress=ws://10.10.10.60/-/kubernetes-agent/
安装完成后,正常连接:
3. Gitops 演示
在项目中定义 k8s 资源描述文件,例如:deploy/nginx.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test-agent
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: test-agent
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
创建完成后,正常的话就会在 k8s 集群中创建 nginx 相关资源:
$ kubectl -n test-agent get all
NAME READY STATUS RESTARTS AGE
pod/nginx-deployment-66b6c48dd5-xgppg 0/1 ContainerCreating 0 21s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-deployment 0/1 1 0 21s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-deployment-66b6c48dd5 1 1 0 21s
修改 Deployment 的 replicas 为 2,则会新增一个 pod:
$ kubectl -n test-agent get po
NAME READY STATUS RESTARTS AGE
nginx-deployment-66b6c48dd5-xgppg 1/1 Running 0 2m19s
nginx-deployment-66b6c48dd5-xn5gj 1/1 Running 0 21s
删除 deploy/nginx.yaml 文件,资源也会从集群中删除:
$ kubectl -n test-agent get po
No resources found in test-agent namespace.
4. ci/cd 中调用 agent 演示
还是在 gitops/agentk (已安装 agent )基础上进行
4.1 添加仓库
gitops/p1
4.2 添加 agent 认证
如果就是当前项目下(gitops/agentk)使用 agent,则不需要添加认证
编辑 gitops/agentk 项目 .gitlab/agents/agent1/config.yaml 添加
ci_access:
projects:
- id: gitops/p1
- 必须是同组下的项目,最多 100 个
也可以添加组
ci_access:
projects:
- id: gitops/g1
- id: gitops/g2
- 必须是同组下面的子组,最多 100 个
4.3 添加 .gitlab-ci.yml
gitops/p1 下添加
stages:
- build
build:
stage: build
image:
name: bitnami/kubectl:1.22.5
entrypoint: [""]
script:
- kubectl config get-contexts
- kubectl config use-context gitops/agentk:agent1
- kubectl get pod -A
- 镜像 bitnami/kubectl:1.22.5 经常 pull 不下来,可能会导致 job 失败,可以尝试使用:cloudctl/kubectl:1.22.5
如果不添加前面的认证会报错:
$ kubectl config use-context gitops/agentk:agent1
error: no context exists with the name: "gitops/agentk:agent1"
ERROR: Job failed: command terminated with exit code 1
job 成功运行日志:
Running with gitlab-runner 14.10.0 (bd40e3da)
on docker runner xdfVPzdy
Resolving secrets
00:00
Preparing the "docker" executor
00:36
Using Docker executor with image bitnami/kubectl:1.22.5 ...
Pulling docker image bitnami/kubectl:1.22.5 ...
Using docker image sha256:3a768fa5900e0ae98818b56e294a27dff2b77a3b5287ef37b31678bab39b11d6 for bitnami/kubectl:1.22.5 with digest bitnami/kubectl@sha256:9c11dfca2108cbc58748e5df146cb283aae937f317a3f370bad0b2cd656da326 ...
Preparing environment
00:00
Running on runner-xdfvpzdy-project-6-concurrent-0 via 97c0259b18a8...
Getting source from Git repository
00:01
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/gitops/p1/.git/
Created fresh repository.
Checking out 73204915 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:01
Using docker image sha256:3a768fa5900e0ae98818b56e294a27dff2b77a3b5287ef37b31678bab39b11d6 for bitnami/kubectl:1.22.5 with digest bitnami/kubectl@sha256:9c11dfca2108cbc58748e5df146cb283aae937f317a3f370bad0b2cd656da326 ...
$ kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
gitops/agentk:agent1 gitlab agent:2
$ kubectl config use-context gitops/agentk:agent1
Switched to context "gitops/agentk:agent1".
$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system metrics-server-7cd5fcb6b7-nmzg8 1/1 Running 0 9d
kube-system helm-install-traefik-crd-qsvhw 0/1 Completed 0 9d
kube-system local-path-provisioner-6c79684f77-gp4pt 1/1 Running 0 9d
kube-system helm-install-traefik-4mn4g 0/1 Completed 0 9d
kube-system svclb-traefik-t2whc 2/2 Running 0 9d
kube-system traefik-58b759688b-rsmsb 1/1 Running 0 9d
kube-system nfs-client-provisioner-5cb9bbdcbf-fhchm 1/1 Running 0 9d
kube-system coredns-d76bd69b-fhkl8 1/1 Running 0 7m20s
gitlab-agent gitlab-agent-7d669fb4f5-f55hd 1/1 Running 0 2m55s
Cleaning up project directory and file based variables
00:00
Job succeeded
注意:根据官方文档:Using GitLab CI/CD with a Kubernetes cluster | GitLab 的说法,如果 gitlab 未启用 https 或者 ssl 证书为自签时会以下错误:
error: You must be logged in to the server (the server has asked for the client to provide credentials)
5. 其他操作
5.1 删除 agent
首先删除 k8s 集群 agent
helm uninstall gitlab-agent \
--namespace gitlab-agent
然后再 web 页面删除注册的 agent 即可
5.2 升级 agent
升级到最新
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--reuse-values
升级 imag
helm upgrade gitlab-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--reuse-values \
--set image.tag=v14.10.0
5.3 安装多个 agent 到同一 k8s 集群
方法一,使用不同 chart 示例名称
helm upgrade --install second-gitlab-agent gitlab/gitlab-agent ...
方法二,使用不同 namespace
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--namespace different-namespace \
...