我在Azure上尝试了云原生的GitLab Helm Chart
最新消息:自GitLab v11.0起,GitLab Chart已进入Beta版本,因此我们已更新了安装步骤的另一篇文章:https://qiita.com/jb-vasseur/items/22518a32d28244d906bd。
在GitLab v10.6版本的发布中,Cloud Native GitLab Helm Chart终于以Alpha版的形式公开,现在可以进行各种验证,我想简单介绍一下安装步骤。
在开始之前
-
- GitLabについて
-
- Cloud Native GitLab Helm Chartについて
-
- Kubernetesについて
- Helmについて
Cloud Native GitLab Helm Chart是什么?
请提供以下句子的中文本地化释义:
https://gitlab.com/charts/gitlab/blob/master/README.md
背景是什么?您希望解决的问题是什么?
由于GitLab产品的进化,类似“all-in-one”的omnibus容器在配置管理和可扩展性方面变得更加困难。
优点
-
- 各サービスのスケーリングがより容易になる
-
- 小さくて最適化された複数コンテナイメージ
- 1サービス内に個別アップグレードやカナリアリリースが可能になる
限制(截至 GitLab v10.7.x)
目前,GitLab只支持EEP及以上的版本,对EES和Core版的支持将来将通过Object Storage的核心支持来实现。
Cloud Native GitLab Helm Chart并不适用于生产环境,仅用于验证目的。
准备工作(Mac OS)
- kubectl CLI v1.8.2以上
> kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-05-12T04:12:12Z", GoVersion:"go1.9.6", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-11T23:16:41Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
- Helm
> helm version
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.8.0", GitCommit:"14af25f1de6832228539259b821949d20069a222", GitTreeState:"clean"}
- Azure CLI 2.0
> az --version
azure-cli (2.0.26)
acr (2.0.20)
acs (2.0.25)
advisor (0.1.1)
appservice (0.1.25)
backup (1.0.6)
batch (3.1.9)
batchai (0.1.5)
billing (0.1.7)
cdn (0.0.12)
cloud (2.0.12)
cognitiveservices (0.1.10)
command-modules-nspkg (2.0.1)
configure (2.0.13)
consumption (0.2.1)
container (0.1.16)
core (2.0.26)
cosmosdb (0.1.17)
dla (0.0.18)
dls (0.0.19)
eventgrid (0.1.9)
extension (0.0.8)
feedback (2.0.8)
find (0.2.8)
interactive (0.3.15)
iot (0.1.16)
keyvault (2.0.17)
lab (0.0.16)
monitor (0.1.1)
network (2.0.22)
nspkg (3.0.1)
profile (2.0.18)
rdbms (0.0.11)
redis (0.2.11)
reservations (0.1.1)
resource (2.0.22)
role (2.0.17)
servicefabric (0.0.9)
sql (2.0.20)
storage (2.0.24)
vm (2.0.25)
Python location '/usr/local/opt/python/bin/python3.6'
Extensions directory '/Users/jb/.azure/cliextensions'
Python (Darwin) 3.6.4 (default, Mar 28 2018, 12:43:57)
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
Legal docs and information: aka.ms/AzureCliLegal
在Azure云上准备一个Kubernetes集群。
本次將使用Azure Web Console進行操作。
创建Kubernetes服务(AKS)。
-
- サービスメニューより Kubernetes servicesを選択し、Createを選択
-
- クラスタ名に情報を記入(gitlab-kube-native)
-
- DNS prefixに記入(cluster)
-
- Create a new Resource groupを選択し、新規グループ名を記入(gitlab-kube-native-group)
-
- Locationを選択(East US)
- Review and Createボタンを選択
建设时间大约需要15分钟。
使用CLI连接到集群。
今后,我们将在终端的命令行界面上继续进行操作。
- クラスタへの接続を行う
> az aks get-credentials --resource-group gitlab-kube-native-group --name gitlab-kube-native
Merged "gitlab-kube-native" as current context in /Users/jb/.kube/config
- クラスタ接続後の稼働状況を確認する
> kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-agentpool-11243670-0 Ready agent 10m v1.9.6
aks-agentpool-11243670-1 Ready agent 10m v1.9.6
aks-agentpool-11243670-2 Ready agent 10m v1.9.6
aks-agentpool-11243670-3 Ready agent 10m v1.9.6
> kubectl get deployments --all-namespaces
NAMESPACE NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-system heapster 1 1 1 1 34m
kube-system kube-dns-v20 2 2 2 2 34m
kube-system kubernetes-dashboard 1 1 1 1 34m
kube-system tunnelfront 1 1 1 1 34m
部署GitLab
下载Cloud Native GitLab Helm Chart的存储库
> git clone git@gitlab.com:charts/gitlab.git
Cloning into 'gitlab'...
remote: Counting objects: 6467, done.
remote: Compressing objects: 100% (2554/2554), done.
remote: Total 6467 (delta 4322), reused 5624 (delta 3703)
Receiving objects: 100% (6467/6467), 1.07 MiB | 269.00 KiB/s, done.
Resolving deltas: 100% (4322/4322), done.
> cd gitlab
> ls
CHANGELOG.md Dockerfile bin ci requirements.yaml values.yaml
CONTRIBUTING.md LICENSE.md changelogs dependencies scripts
Chart.yaml README.md charts doc templates
添加 RBAC 管理员角色
由于 Azure Kubernetes Service 中没有创建 cluster-admin 的角色,因此需要手动创建。
创建一个名为cluster-admin-role.yaml的新文件。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: cluster-admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
然后在集群内创建。
> kubectl --namespace kube-system apply -f cluster-admin-role.yaml
clusterrole.rbac.authorization.k8s.io "cluster-admin" created
创建RBAC配置
> curl -L -w '%{http_code}' -o rbac-config.yaml -s "https://gitlab.com/charts/gitlab/raw/master/doc/helm/examples/rbac-config.yaml"
> kubectl create -f rbac-config.yaml
serviceaccount "tiller" created
clusterrolebinding.rbac.authorization.k8s.io "tiller" created
安装Helm的依赖包
> helm dependencies update
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: connect: connection refused
...Successfully got an update from the "gitlab" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 3 charts
Downloading cert-manager from repo https://kubernetes-charts.storage.googleapis.com/
Downloading prometheus from repo https://kubernetes-charts.storage.googleapis.com/
Deleting outdated charts
安装Helm的Tiller组件
> helm init --wait --service-account tiller
$HELM_HOME has been configured at /Users/jb/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
部署Chart
在以下页面中详细解释了配置的细节。这次我们将采用简单的架构,所以会在集群内建立PostgreSQL和Redis的服务(默认)。
请将以下内容用中文进行本地化重述,只需要一个版本:
https://gitlab.com/charts/gitlab/blob/master/doc/installation/deployment.md
请提供以下链接,其中包含有关安装和部署GitLab的文档:https://gitlab.com/charts/gitlab/blob/master/doc/installation/deployment.md
> helm upgrade --install gitlab . \
--timeout 600 \
--set global.hosts.domain=yourdomain.io \
--set gitlab.migrations.initialRootPassword="xxx" \
--set certmanager-issuer.email=xxx@mail.com
Release "gitlab" does not exist. Installing it now.
NAME: gitlab
LAST DEPLOYED: Wed May 16 09:13:06 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Job
NAME DESIRED SUCCESSFUL AGE
gitlab-issuer.1 1 0 3s
gitlab-migrations.1 1 0 3s
gitlab-minio-create-buckets.1 1 0 3s
==> v1/Secret
NAME TYPE DATA AGE
gitlab-postgresql Opaque 0 4s
==> v1/ConfigMap
NAME DATA AGE
gitlab-certmanager-issuer-certmanager 2 4s
gitlab-gitaly 3 4s
gitlab-gitlab-runner 3 4s
gitlab-gitlab-shell 2 4s
gitlab-migrations 4 4s
gitlab-sidekiq-all-in-1 1 4s
gitlab-sidekiq 5 4s
gitlab-unicorn 7 4s
gitlab-minio-config-cm 3 4s
gitlab-nginx-tcp 1 4s
gitlab-nginx 7 4s
gitlab-prometheus-server 3 4s
gitlab-redis 2 4s
gitlab-registry 2 4s
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
gitlab-minio Pending default 4s
gitlab-postgresql Pending default 4s
gitlab-prometheus-server Pending default 4s
gitlab-redis Pending default 4s
==> v1beta1/RoleBinding
NAME AGE
gitlab-gitlab-runner 3s
gitlab-nginx 3s
==> v1beta2/StatefulSet
NAME DESIRED CURRENT AGE
gitlab-gitaly 1 1 3s
==> v1beta1/CustomResourceDefinition
NAME AGE
certificates.certmanager.k8s.io 4s
clusterissuers.certmanager.k8s.io 4s
issuers.certmanager.k8s.io 4s
==> v1beta1/ClusterRole
certmanager-gitlab 4s
gitlab-nginx 4s
gitlab-prometheus-kube-state-metrics 4s
gitlab-prometheus-server 4s
==> v1beta1/ClusterRoleBinding
NAME AGE
gitlab-certmanager-issuer-admin 4s
certmanager-gitlab 4s
gitlab-nginx 4s
gitlab-prometheus-alertmanager 3s
gitlab-prometheus-kube-state-metrics 3s
gitlab-prometheus-node-exporter 3s
gitlab-prometheus-server 3s
==> v1beta1/DaemonSet
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
gitlab-nginx 4 4 0 4 0 <none> 3s
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
gitlab-unicorn gitlab.yourdomain.io 80, 443 3s
gitlab-minio minio.yourdomain.io 80, 443 3s
gitlab-registry registry.yourdomain.io 80, 443 3s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
gitlab-nginx-5t29l 0/1 ContainerCreating 0 3s
gitlab-nginx-c7zkn 0/1 ContainerCreating 0 3s
gitlab-nginx-fkbgb 0/1 ContainerCreating 0 3s
gitlab-nginx-q77wc 0/1 ContainerCreating 0 3s
certmanager-gitlab-56f5486fdb-xzk94 0/2 ContainerCreating 0 3s
gitlab-gitlab-runner-5b64646b46-mrqh8 0/1 Init:0/1 0 3s
gitlab-gitlab-shell-7c9df464c6-bxbkt 0/1 Init:0/1 0 3s
gitlab-sidekiq-all-in-1-6584797cc-pjsdn 0/1 Init:0/2 0 3s
gitlab-unicorn-5c6d69f5c5-fp25l 0/1 Init:0/2 0 3s
gitlab-minio-5bd95c8786-nvlmp 0/1 Pending 0 3s
gitlab-minio-create-buckets.1-rgqpz 0/1 ContainerCreating 0 3s
gitlab-nginx-default-backend-566d88d447-rxfz6 0/1 ContainerCreating 0 3s
gitlab-postgresql-5b8ff4b678-c29mw 0/2 Pending 0 3s
gitlab-prometheus-server-8cf4fdd8-bj4vd 0/2 Pending 0 3s
gitlab-redis-798d568cf8-z5zvl 0/2 Pending 0 3s
gitlab-registry-866f58cd65-wqj7f 0/1 Init:0/1 0 2s
gitlab-gitaly-0 0/1 Pending 0 3s
gitlab-issuer.1-hdtpg 0/1 ContainerCreating 0 3s
gitlab-migrations.1-tlfr7 0/1 Init:0/1 0 3s
==> v1/ServiceAccount
NAME SECRETS AGE
gitlab-certmanager-issuer-admin 1 4s
certmanager-gitlab 1 4s
gitlab-gitlab-runner 1 4s
gitlab-nginx 1 4s
gitlab-prometheus-alertmanager 1 4s
gitlab-prometheus-kube-state-metrics 1 4s
gitlab-prometheus-node-exporter 1 4s
gitlab-prometheus-server 1 4s
==> v1beta1/Role
NAME AGE
gitlab-gitlab-runner 3s
gitlab-nginx 3s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 3s
gitlab-gitlab-shell ClusterIP 10.0.197.156 <none> 22/TCP 3s
gitlab-unicorn ClusterIP 10.0.6.10 <none> 8080/TCP,8181/TCP 3s
gitlab-minio-svc ClusterIP 10.0.79.49 <none> 9000/TCP 3s
gitlab-nginx-default-backend ClusterIP 10.0.220.0 <none> 80/TCP 3s
gitlab-nginx LoadBalancer 10.0.244.49 <pending> 80:30227/TCP,443:31016/TCP,22:32043/TCP 3s
gitlab-postgresql ClusterIP 10.0.237.92 <none> 5432/TCP 3s
gitlab-prometheus-server ClusterIP 10.0.35.130 <none> 80/TCP 3s
gitlab-redis ClusterIP 10.0.6.80 <none> 6379/TCP,9121/TCP 3s
gitlab-registry ClusterIP 10.0.181.165 <none> 5000/TCP 3s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
certmanager-gitlab 1 1 1 0 3s
gitlab-gitlab-runner 1 1 1 0 3s
gitlab-gitlab-shell 1 1 1 0 3s
gitlab-sidekiq-all-in-1 1 1 1 0 3s
gitlab-unicorn 1 1 1 0 3s
gitlab-minio 1 1 1 0 3s
gitlab-nginx-default-backend 1 1 1 0 3s
gitlab-postgresql 1 1 1 0 3s
gitlab-prometheus-server 1 1 1 0 3s
gitlab-redis 1 1 1 0 3s
gitlab-registry 1 1 1 0 3s
以下是用于确认每个服务是否正常启动的命令。
> helm status gitlab
LAST DEPLOYED: Wed May 16 09:13:06 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 35m
gitlab-gitlab-shell ClusterIP 10.0.197.156 <none> 22/TCP 35m
gitlab-unicorn ClusterIP 10.0.6.10 <none> 8080/TCP,8181/TCP 35m
gitlab-minio-svc ClusterIP 10.0.79.49 <none> 9000/TCP 35m
gitlab-nginx-default-backend ClusterIP 10.0.220.0 <none> 80/TCP 35m
gitlab-nginx LoadBalancer 10.0.244.49 168.62.167.215 80:30227/TCP,443:31016/TCP,22:32043/TCP 35m
gitlab-postgresql ClusterIP 10.0.237.92 <none> 5432/TCP 35m
gitlab-prometheus-server ClusterIP 10.0.35.130 <none> 80/TCP 35m
gitlab-redis ClusterIP 10.0.6.80 <none> 6379/TCP,9121/TCP 35m
gitlab-registry ClusterIP 10.0.181.165 <none> 5000/TCP 35m
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
certmanager-gitlab 1 1 1 1 35m
gitlab-gitlab-runner 1 1 1 1 35m
gitlab-gitlab-shell 1 1 1 1 35m
gitlab-sidekiq-all-in-1 1 1 1 1 35m
gitlab-unicorn 1 1 1 1 35m
gitlab-minio 1 1 1 1 35m
gitlab-nginx-default-backend 1 1 1 1 35m
gitlab-postgresql 1 1 1 1 35m
gitlab-prometheus-server 1 1 1 1 35m
gitlab-redis 1 1 1 1 35m
gitlab-registry 1 1 1 1 35m
==> v1beta2/StatefulSet
NAME DESIRED CURRENT AGE
gitlab-gitaly 1 1 35m
==> v1/Job
NAME DESIRED SUCCESSFUL AGE
gitlab-issuer.1 1 1 35m
gitlab-migrations.1 1 1 35m
gitlab-minio-create-buckets.1 1 1 35m
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
gitlab-minio Bound pvc-ef05d77b-589d-11e8-b29c-ae5881fe4758 10Gi RWO default 35m
gitlab-postgresql Bound pvc-ef06736f-589d-11e8-b29c-ae5881fe4758 8Gi RWO default 35m
gitlab-prometheus-server Bound pvc-ef06ffbe-589d-11e8-b29c-ae5881fe4758 8Gi RWO default 35m
gitlab-redis Bound pvc-ef07d798-589d-11e8-b29c-ae5881fe4758 5Gi RWO default 35m
==> v1beta1/ClusterRole
NAME AGE
certmanager-gitlab 35m
gitlab-nginx 35m
gitlab-prometheus-kube-state-metrics 35m
gitlab-prometheus-server 35m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
gitlab-nginx-5t29l 1/1 Running 2 35m
gitlab-nginx-c7zkn 1/1 Running 2 35m
gitlab-nginx-fkbgb 1/1 Running 2 35m
gitlab-nginx-q77wc 1/1 Running 2 35m
certmanager-gitlab-56f5486fdb-xzk94 2/2 Running 0 35m
gitlab-gitlab-runner-5b64646b46-mrqh8 1/1 Running 11 35m
gitlab-gitlab-shell-7c9df464c6-bxbkt 1/1 Running 0 35m
gitlab-sidekiq-all-in-1-6584797cc-pjsdn 1/1 Running 0 35m
gitlab-unicorn-5c6d69f5c5-fp25l 1/1 Running 0 35m
gitlab-minio-5bd95c8786-nvlmp 1/1 Running 0 35m
gitlab-minio-create-buckets.1-rgqpz 0/1 Completed 1 35m
gitlab-nginx-default-backend-566d88d447-rxfz6 1/1 Running 0 35m
gitlab-postgresql-5b8ff4b678-c29mw 2/2 Running 0 35m
gitlab-prometheus-server-8cf4fdd8-bj4vd 2/2 Running 0 35m
gitlab-redis-798d568cf8-z5zvl 2/2 Running 0 35m
gitlab-registry-866f58cd65-wqj7f 1/1 Running 0 35m
gitlab-gitaly-0 1/1 Running 0 35m
gitlab-issuer.1-hdtpg 0/1 Completed 0 35m
gitlab-migrations.1-tlfr7 0/1 Completed 0 35m
==> v1/ConfigMap
NAME DATA AGE
gitlab-certmanager-issuer-certmanager 2 35m
gitlab-gitaly 3 35m
gitlab-gitlab-runner 3 35m
gitlab-gitlab-shell 2 35m
gitlab-migrations 4 35m
gitlab-sidekiq-all-in-1 1 35m
gitlab-sidekiq 5 35m
gitlab-unicorn 7 35m
gitlab-minio-config-cm 3 35m
gitlab-nginx-tcp 1 35m
gitlab-nginx 7 35m
gitlab-prometheus-server 3 35m
gitlab-redis 2 35m
gitlab-registry 2 35m
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
gitlab-unicorn gitlab.yourdomain.io 168.62.167.215 80, 443 35m
gitlab-minio minio.yourdomain.io 168.62.167.215 80, 443 35m
gitlab-registry registry.yourdomain.io 168.62.167.215 80, 443 35m
==> v1beta1/RoleBinding
NAME AGE
gitlab-gitlab-runner 35m
gitlab-nginx 35m
==> v1beta1/DaemonSet
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
gitlab-nginx 4 4 4 4 4 <none> 35m
==> v1beta1/CustomResourceDefinition
NAME AGE
certificates.certmanager.k8s.io 35m
clusterissuers.certmanager.k8s.io 35m
issuers.certmanager.k8s.io 35m
==> v1beta1/ClusterRoleBinding
NAME AGE
gitlab-certmanager-issuer-admin 35m
certmanager-gitlab 35m
gitlab-nginx 35m
gitlab-prometheus-alertmanager 35m
gitlab-prometheus-kube-state-metrics 35m
gitlab-prometheus-node-exporter 35m
gitlab-prometheus-server 35m
==> v1beta1/Role
NAME AGE
gitlab-gitlab-runner 35m
gitlab-nginx 35m
==> v1/Secret
NAME TYPE DATA AGE
gitlab-postgresql Opaque 0 35m
==> v1/ServiceAccount
NAME SECRETS AGE
gitlab-certmanager-issuer-admin 1 35m
certmanager-gitlab 1 35m
gitlab-gitlab-runner 1 35m
gitlab-nginx 1 35m
gitlab-prometheus-alertmanager 1 35m
gitlab-prometheus-kube-state-metrics 1 35m
gitlab-prometheus-node-exporter 1 35m
gitlab-prometheus-server 1 35m
别忘记将公共IP地址注册到您的域名DNS记录中!
过了一段时间,所有的Pod都会变成Running状态,你就可以登录到GitLab了。
当我到达这个阶段时,我感到非常激动。虽然在RBAC方面遇到了一些困难,但现在比起当前推荐的GitLab Omnibus Chart,部署变得更加简单了(例如,它可以自动为我们实现HTTPS化)。
接下来,我想进一步探索以下内容。
-
- Azure Consoleなしで上記の作業を自動化
-
- GitLabの細かい設定と連携サービスの有効化
-
- Backup/Restore/Migrate
- Version Upgrade
