开始认真地将GitLab云原生化不是时候了吗?
你在做什么?
大家都是云原生吗?
GitLab 11.6发布了可以将Serverless应用部署到Kubernetes集群上的功能。
GitLab正在快速发展中,而安装方法也在不断变化。不仅提供了传统的Omnibus GitLab package(Docker镜像),还推出了适用于使用Helm在Kubernetes集群上部署GitLab的云原生镜像(Helm Chart)(而且比stable/gitlab的Chart版本更新!)。
我想使用云原生的方法将GitLab部署到kubernetes集群中,我也想尝试一下Serverless的功能。
由于对CPU/内存资源有一定的需求(稍后会提到),所以这次我想在不需要花费金钱的minikube上部署,而不是像GKE这样的公共云。
由于minikube特有的限制,存在一个问题(LoadBalancer不分配EXTERNAL-IP),我将介绍解决方法。
实现云原生部署时,使用Helm作为部署工具,请参考Helm的推荐使用方法。
环境
我在家使用的是一台实体机器(核心i7 8700K,64GB内存)。操作系统是Ubuntu 17.10。
我已经安装了以下软件。
minikube v0.28.2
クラスタバージョンはv1.10.0
CPUコア割り当てを12コアにしています
メモリ割り当てを20GBにしています
kuberctl v1.9.2
helm v2.11.0
$ uname -a
Linux hoge 4.13.0-46-generic #51-Ubuntu SMP Tue Jun 12 12:36:29 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=17.10
DISTRIB_CODENAME=artful
DISTRIB_DESCRIPTION="Ubuntu 17.10"
$ cat /proc/cpuinfo | grep "model name"
model name : Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
( 略。12コア )
$ free -h
total used free shared buff/cache available
Mem: 62G 18G 34G 42M 10G 43G
Swap: 2.0G 0B 2.0G
$ minikube version
minikube version: v0.28.2
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
$ helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
$
所需资源 (Suo3 Xu1 Zi1 Yuan2)
以下是 “CPU和RAM资源要求” 记载的内容。
默认配置为8个核心和30GB内存,最小配置为2个核心和4GB内存。
(事后发现,minikube的内存分配应该是30GB而不是20GB,目前没有影响。)
by default to be adequate for a small production
at least 8vCPU and 30gb of RAM
non-production
minimal GKE example values file は 3vCPU 12gb
minimal minikube example values file は2vCPU, 4gb
參考文件
我所描述的步骤参考了以下文件。
gitlab.com
Installing GitLab using Helm
Deployment Guide
Installation command line options
Releases
docs.gitlab.com
GitLab Helm Chart
部署
我们立即进行部署尝试。
添加Helm存储库
在此之前增加
$ helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
incubator https://kubernetes-charts-incubator.storage.googleapis.com/
$
增添
$ helm repo add gitlab https://charts.gitlab.io/
"gitlab" has been added to your repositories
$
追加后,可以使用gitlab作为名称添加。
$ helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
incubator https://kubernetes-charts-incubator.storage.googleapis.com/
gitlab https://charts.gitlab.io/
$
更新
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "incubator" chart repository
...Successfully got an update from the "stable" chart repository
...Successfully got an update from the "gitlab" chart repository
Update Complete. ⎈ Happy Helming!⎈
$
搜索
在这里使用的是gitlab/gitlab。
我们可以看到stable/gitlab的chart版本很旧。
是的,如果要使用的话,应该使用Cloud native images!
$ helm search gitlab
NAME CHART VERSION APP VERSION DESCRIPTION
gitlab/gitlab 1.4.2 11.6.3 Web-based Git-repository manager with wiki and issue-trac...
gitlab/gitlab-omnibus 0.1.37 GitLab Omnibus all-in-one bundle
gitlab/gitlab-runner 0.1.44 GitLab Runner
gitlab/kubernetes-gitlab-demo 0.1.29 GitLab running on Kubernetes suitable for demos
stable/gitlab-ce 0.2.2 9.4.1 GitLab Community Edition
stable/gitlab-ee 0.2.2 9.4.1 GitLab Enterprise Edition
gitlab/auto-deploy-app 0.2.6 GitLab's Auto-deploy Helm Chart
$
部署
请使用Helm命令进行部署。
您需要根据环境指定相应的参数。
-
- Chart名はgitlab/gitlabです。
global.hosts.externalIP
GKEならばstatic-ipを取得しておいてここに指定したいところですね。
今回はminikubeです。後の作業でexternalIPが決定してからでないと指定できないため指定していません。
global.hosts.domain
static-ipにひもづくドメイン名を取得しておいてここに指定したいところですね。
今回はminikubです。仮にtest.comとしています。
後ほどhostsの設定などを行いこのドメイン名でアクセスできるようにします。
namespaceはgitlabとしました。
CE(Community Edition)を指定しています。
helm install gitlab/gitlab \
--name gitlab \
--namespace gitlab \
--set global.hosts.domain=test.com \
--set global.edition=ce \
--set gitlab.migrations.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ce \
--set gitlab.sidekiq.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce \
--set gitlab.unicorn.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ce \
--set gitlab.unicorn.workhorse.image=registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce \
--set gitlab.task-runner.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce \
--set certmanager-issuer.email=あなたのメールアドレス
实施记录
有关Chart的使用方法等常见的NOTES条目为空,期待在未来的维护中补充。
$ helm install gitlab/gitlab \
> --name gitlab \
> --namespace gitlab \
> --set global.hosts.domain=test.com \
> --set global.edition=ce \
> --set gitlab.migrations.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ce \
> --set gitlab.sidekiq.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce \
> --set gitlab.unicorn.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ce \
> --set gitlab.unicorn.workhorse.image=registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce \
> --set gitlab.task-runner.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce \
> --set certmanager-issuer.email=あなたのメールアドレス
NAME: gitlab
LAST DEPLOYED: Mon Jan 14 22:03:15 2019
NAMESPACE: gitlab
STATUS: DEPLOYED
RESOURCES:
==> v1/RoleBinding
NAME AGE
gitlab-certmanager-issuer 1s
gitlab-nginx-ingress 1s
==> v1beta1/Ingress
gitlab-unicorn 1s
gitlab-minio 1s
gitlab-registry 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
gitlab-certmanager-684998874-prjkk 0/1 ContainerCreating 0 1s
gitlab-gitlab-runner-544fd9dcb5-92lxf 0/1 Init:0/1 0 1s
gitlab-gitlab-shell-77499546cb-ztw4g 0/1 Init:0/2 0 1s
gitlab-sidekiq-all-in-1-7bb9d95f9d-cp2l7 0/1 Init:0/3 0 1s
gitlab-task-runner-db8556848-l5gkc 0/1 Init:0/2 0 1s
gitlab-unicorn-67f6d9d66b-jhlkw 0/2 Pending 0 1s
gitlab-minio-7d5dbcccb6-9b49d 0/1 Pending 0 1s
gitlab-nginx-ingress-controller-7565f874b9-t9qht 0/1 Pending 0 0s
gitlab-nginx-ingress-default-backend-fd5bb5468-j9f8p 0/1 Pending 0 0s
gitlab-gitaly-0 0/1 Pending 0 1s
gitlab-issuer.1-kjb4b 0/1 Pending 0 1s
gitlab-migrations.1-298sx 0/1 Pending 0 1s
gitlab-minio-create-buckets.1-bxpbl 0/1 Pending 0 1s
==> v1beta1/CustomResourceDefinition
NAME AGE
certificates.certmanager.k8s.io 1s
clusterissuers.certmanager.k8s.io 1s
issuers.certmanager.k8s.io 1s
==> v1beta1/ClusterRoleBinding
gitlab-certmanager 1s
gitlab-prometheus-alertmanager 1s
gitlab-prometheus-kube-state-metrics 1s
gitlab-prometheus-node-exporter 1s
gitlab-prometheus-server 1s
==> v1beta1/RoleBinding
gitlab-gitlab-runner 1s
==> v1/Job
gitlab-issuer.1 1s
gitlab-migrations.1 1s
gitlab-minio-create-buckets.1 1s
==> v1/ConfigMap
gitlab-certmanager-issuer-certmanager 1s
gitlab-gitlab-runner 1s
gitlab-gitaly 1s
gitlab-gitlab-shell 1s
gitlab-nginx-ingress-tcp 1s
gitlab-migrations 1s
gitlab-sidekiq-all-in-1 1s
gitlab-sidekiq 1s
gitlab-task-runner 1s
gitlab-unicorn 1s
gitlab-workhorse-config 1s
gitlab-unicorn-tests 1s
gitlab-minio-config-cm 1s
gitlab-nginx-ingress-controller 1s
gitlab-postgresql 1s
gitlab-prometheus-server 1s
gitlab-redis 1s
gitlab-registry 1s
==> v1/PersistentVolumeClaim
gitlab-minio 1s
gitlab-postgresql 1s
gitlab-prometheus-server 1s
gitlab-redis 1s
==> v1/ServiceAccount
gitlab-certmanager-issuer 1s
gitlab-certmanager 1s
gitlab-gitlab-runner 1s
gitlab-nginx-ingress 1s
gitlab-prometheus-alertmanager 1s
gitlab-prometheus-kube-state-metrics 1s
gitlab-prometheus-node-exporter 1s
gitlab-prometheus-server 1s
==> v1beta1/Role
gitlab-gitlab-runner 1s
==> v1beta2/StatefulSet
gitlab-gitaly 1s
==> v1beta1/PodDisruptionBudget
gitlab-gitaly 0s
gitlab-gitlab-shell 0s
gitlab-sidekiq 0s
gitlab-unicorn 0s
gitlab-minio-v1 0s
gitlab-nginx-ingress-controller 0s
gitlab-nginx-ingress-default-backend 0s
gitlab-redis-v1 0s
gitlab-registry-v1 0s
==> v1beta1/ClusterRole
gitlab-certmanager 1s
gitlab-prometheus-kube-state-metrics 1s
gitlab-prometheus-server 1s
==> v1/Role
gitlab-certmanager-issuer 1s
gitlab-nginx-ingress 1s
==> v1/Service
gitlab-gitaly 1s
gitlab-gitlab-shell 1s
gitlab-unicorn 1s
gitlab-minio-svc 1s
gitlab-nginx-ingress-controller-metrics 1s
gitlab-nginx-ingress-controller 1s
gitlab-nginx-ingress-controller-stats 1s
gitlab-nginx-ingress-default-backend 1s
gitlab-postgresql 1s
gitlab-prometheus-server 1s
gitlab-redis 1s
gitlab-registry 1s
==> v1beta1/Deployment
gitlab-certmanager 1s
gitlab-gitlab-runner 1s
gitlab-postgresql 1s
gitlab-prometheus-server 1s
==> v1beta2/Deployment
gitlab-gitlab-shell 1s
gitlab-sidekiq-all-in-1 1s
gitlab-task-runner 1s
gitlab-unicorn 1s
gitlab-minio 1s
gitlab-nginx-ingress-controller 1s
gitlab-nginx-ingress-default-backend 1s
gitlab-redis 1s
gitlab-registry 1s
==> v2beta1/HorizontalPodAutoscaler
gitlab-gitlab-shell 0s
gitlab-sidekiq-all-in-1 0s
gitlab-unicorn 0s
gitlab-registry 0s
NOTES:
$
部署结果
让我们来看一下Pod、Service和Ingress的配置。
豆荚
gitlab-runner发生了CrashLoopBackOff错误。接下来将进行解释。
$ kubectl get po --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
gitlab cm-acme-http-solver-bg79m 1/1 Running 0 8m
gitlab cm-acme-http-solver-hns5v 1/1 Running 0 8m
gitlab cm-acme-http-solver-srbq2 1/1 Running 0 8m
gitlab gitlab-certmanager-684998874-prjkk 1/1 Running 0 8m
gitlab gitlab-gitaly-0 1/1 Running 0 8m
gitlab gitlab-gitlab-runner-544fd9dcb5-92lxf 0/1 CrashLoopBackOff 5 8m
gitlab gitlab-gitlab-shell-77499546cb-pmmkr 1/1 Running 0 8m
gitlab gitlab-gitlab-shell-77499546cb-ztw4g 1/1 Running 0 8m
gitlab gitlab-minio-7d5dbcccb6-9b49d 1/1 Running 0 8m
gitlab gitlab-nginx-ingress-controller-7565f874b9-t9qht 1/1 Running 0 8m
gitlab gitlab-nginx-ingress-controller-7565f874b9-xz2k8 1/1 Running 0 8m
gitlab gitlab-nginx-ingress-controller-7565f874b9-zxcjg 1/1 Running 0 8m
gitlab gitlab-nginx-ingress-default-backend-fd5bb5468-fmsh4 1/1 Running 0 8m
gitlab gitlab-nginx-ingress-default-backend-fd5bb5468-j9f8p 1/1 Running 0 8m
gitlab gitlab-postgresql-5578b89f58-rswv2 2/2 Running 0 8m
gitlab gitlab-prometheus-server-847c8bb76-8s7nm 2/2 Running 0 8m
gitlab gitlab-redis-7855c75bc9-ns8bc 2/2 Running 0 8m
gitlab gitlab-registry-f5cc79958-pg5j5 1/1 Running 0 8m
gitlab gitlab-registry-f5cc79958-zb5vj 1/1 Running 0 8m
gitlab gitlab-sidekiq-all-in-1-7bb9d95f9d-cp2l7 1/1 Running 0 8m
gitlab gitlab-task-runner-db8556848-l5gkc 1/1 Running 0 8m
gitlab gitlab-unicorn-67f6d9d66b-4k4dl 2/2 Running 0 8m
gitlab gitlab-unicorn-67f6d9d66b-jhlkw 2/2 Running 0 8m
kube-system etcd-minikube 1/1 Running 0 9m
kube-system heapster-fwjds 1/1 Running 0 10m
kube-system influxdb-grafana-fqnvd 2/2 Running 0 10m
kube-system kube-addon-manager-minikube 1/1 Running 0 9m
kube-system kube-apiserver-minikube 1/1 Running 0 9m
kube-system kube-controller-manager-minikube 1/1 Running 0 9m
kube-system kube-dns-86f4d74b45-nlzjv 3/3 Running 0 10m
kube-system kube-proxy-9pzlq 1/1 Running 0 10m
kube-system kube-scheduler-minikube 1/1 Running 0 9m
kube-system kubernetes-dashboard-5498ccf677-j4clg 1/1 Running 0 10m
kube-system storage-provisioner 1/1 Running 0 10m
kube-system tiller-deploy-6fd8d857bc-m6zsf 1/1 Running 0 9m
服务
因为使用了minikube,所以LoadBalancer的EXTERNAL-IP状态为。
需要按照下述步骤将EXTERNAL-IP从集群外部访问,详细说明如下。
$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10m
gitlab cm-acme-http-solver-5jnrt NodePort 10.99.22.181 <none> 8089:31912/TCP 8m
gitlab cm-acme-http-solver-rlgx9 NodePort 10.98.39.181 <none> 8089:32089/TCP 8m
gitlab cm-acme-http-solver-t5wlx NodePort 10.104.21.86 <none> 8089:32554/TCP 8m
gitlab gitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 8m
gitlab gitlab-gitlab-shell ClusterIP 10.105.108.223 <none> 22/TCP 8m
gitlab gitlab-minio-svc ClusterIP 10.96.20.212 <none> 9000/TCP 8m
gitlab gitlab-nginx-ingress-controller LoadBalancer 10.106.203.63 <pending> 80:32693/TCP,443:31602/TCP,22:32479/TCP 8m
gitlab gitlab-nginx-ingress-controller-metrics ClusterIP 10.100.78.127 <none> 9913/TCP 8m
gitlab gitlab-nginx-ingress-controller-stats ClusterIP 10.102.76.134 <none> 18080/TCP 8m
gitlab gitlab-nginx-ingress-default-backend ClusterIP 10.106.104.56 <none> 80/TCP 8m
gitlab gitlab-postgresql ClusterIP 10.106.171.116 <none> 5432/TCP 8m
gitlab gitlab-prometheus-server ClusterIP 10.101.56.39 <none> 80/TCP 8m
gitlab gitlab-redis ClusterIP 10.104.57.149 <none> 6379/TCP,9121/TCP 8m
gitlab gitlab-registry ClusterIP 10.102.70.88 <none> 5000/TCP 8m
gitlab gitlab-unicorn ClusterIP 10.103.23.54 <none> 8080/TCP,8181/TCP 8m
kube-system heapster ClusterIP 10.110.17.167 <none> 80/TCP 10m
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10m
kube-system kubernetes-dashboard NodePort 10.110.36.209 <none> 80:30000/TCP 10m
kube-system monitoring-grafana NodePort 10.96.206.158 <none> 80:30002/TCP 10m
kube-system monitoring-influxdb ClusterIP 10.100.26.192 <none> 8083/TCP,8086/TCP 10m
kube-system tiller-deploy ClusterIP 10.98.2.151 <none> 44134/TCP 9m
$
入口
我了解到你想从集群外部通过主机名gitlab.test.com进行访问和使用。以下是相应的步骤。
$ kubectl get ing --all-namespaces
NAMESPACE NAME HOSTS ADDRESS PORTS AGE
gitlab cm-acme-http-solver-khlqr gitlab.test.com 80 10m
gitlab cm-acme-http-solver-mvq5r minio.test.com 80 10m
gitlab cm-acme-http-solver-vjft9 registry.test.com 80 10m
gitlab gitlab-minio minio.test.com 80, 443 11m
gitlab gitlab-registry registry.test.com 80, 443 11m
gitlab gitlab-unicorn gitlab.test.com 80, 443 11m
$
先将gitlab-runner的pod暂时挂起。
查看日志后发现正在尝试访问GitLab本体(gitlab.test.com)。
为了能够从gitlab-runner的pod中解析gitlab.test.com,最好将runner的副本数设置为0,将pod数设置为0,因为我们目前不使用runner。
$ kubectl logs -f gitlab-gitlab-runner-544fd9dcb5-92lxf -n gitlab
Runtime platform arch=amd64 os=linux pid=15 revision=3afdaba6 version=11.5.0
WARNING: Running in user-mode.
WARNING: The user-mode requires you to manually start builds processing:
WARNING: $ gitlab-runner run
WARNING: Use sudo for system-mode:
WARNING: $ sudo gitlab-runner...
ERROR: Registering runner... failed runner=Ixy5TRFT status=couldn't execute POST against https://gitlab.test.com/api/v4/runners: Post https://gitlab.test.com/api/v4/runners: dial tcp 10.107.221.8:443: i/o timeout
PANIC: Failed to register this runner. Perhaps you are having network problems
$
$ kubectl get deployment gitlab-gitlab-runner -n gitlab
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
gitlab-gitlab-runner 1 1 1 0 2h
$
$ kubectl edit deployment gitlab-gitlab-runner -n gitlab
deployment "gitlab-gitlab-runner" edited
$ kubectl get deployment gitlab-gitlab-runner -n gitlab
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
gitlab-gitlab-runner 0 0 0 0 2h
$
给LoadBalancer分配一个EXTERNAL-IP。
在minikube中无法获得分配,只有在GKE等进行部署时才会被分配。
$ kubectl get svc gitlab-nginx-ingress-controller -n gitlab
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab-nginx-ingress-controller LoadBalancer 10.106.203.63 <pending> 80:32693/TCP,443:31602/TCP,22:32479/TCP 44m
$
这里给所有的minikube用户带来一个好消息。
有一个可以将CLUSTER-IP设置为LoadBalancer的EXTERNAL-IP的pod image已经发布了。
让我们尝试部署一下这个。
elsonrodriguez/minikube-lb-patch。
在部署之前,负载均衡器的状态/负载均衡器/下没有任何内容。
$ kubectl get svc gitlab-nginx-ingress-controller -n gitlab -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2019-01-14T13:03:34Z
labels:
app: nginx-ingress
chart: nginx-ingress-0.30.0-1
component: controller
heritage: Tiller
release: gitlab
name: gitlab-nginx-ingress-controller
namespace: gitlab
resourceVersion: "756"
selfLink: /api/v1/namespaces/gitlab/services/gitlab-nginx-ingress-controller
uid: ccd6c290-17fc-11e9-8bab-080027a0645f
spec:
clusterIP: 10.106.203.63
externalTrafficPolicy: Local
healthCheckNodePort: 30556
ports:
- name: http
nodePort: 32693
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31602
port: 443
protocol: TCP
targetPort: https
- name: gitlab-shell
nodePort: 32479
port: 22
protocol: TCP
targetPort: gitlab-shell
selector:
app: nginx-ingress
component: controller
release: gitlab
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
$
部署
$ kubectl run minikube-lb-patch --replicas=1 --image=elsonrodriguez/minikube-lb-patch:0.1 --namespace=kube-system
deployment "minikube-lb-patch" created
$
部署完成后,
在LoadBalancer的status/loadBalancer/下,ingress的ip被设置为clusterIP。
$ kubectl get svc gitlab-nginx-ingress-controller -n gitlab -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2019-01-14T13:03:34Z
labels:
app: nginx-ingress
chart: nginx-ingress-0.30.0-1
component: controller
heritage: Tiller
release: gitlab
name: gitlab-nginx-ingress-controller
namespace: gitlab
resourceVersion: "3591"
selfLink: /api/v1/namespaces/gitlab/services/gitlab-nginx-ingress-controller
uid: ccd6c290-17fc-11e9-8bab-080027a0645f
spec:
clusterIP: 10.106.203.63
externalTrafficPolicy: Local
healthCheckNodePort: 30556
ports:
- name: http
nodePort: 32693
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31602
port: 443
protocol: TCP
targetPort: https
- name: gitlab-shell
nodePort: 32479
port: 22
protocol: TCP
targetPort: gitlab-shell
selector:
app: nginx-ingress
component: controller
release: gitlab
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 10.106.203.63
$
我們可以看到,對於EXTERNAL-IP,分配了CLUSTER-IP的值。
$ kubectl get svc gitlab-nginx-ingress-controller -n gitlab
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab-nginx-ingress-controller LoadBalancer 10.106.203.63 10.106.203.63 80:32693/TCP,443:31602/TCP,22:32479/TCP 17m
$
Ingress也添加了地址信息。
$ kubectl get ing -n gitlab
NAME HOSTS ADDRESS PORTS AGE
cm-acme-http-solver-khlqr gitlab.test.com 10.106.203.63 80 16m
cm-acme-http-solver-mvq5r minio.test.com 10.106.203.63 80 16m
cm-acme-http-solver-vjft9 registry.test.com 10.106.203.63 80 16m
gitlab-minio minio.test.com 10.106.203.63 80, 443 17m
gitlab-registry registry.test.com 10.106.203.63 80, 443 17m
gitlab-unicorn gitlab.test.com 10.106.203.63 80, 443 17m
$
创建到EXTERNAL-IP的路径
尽管分配了EXTERNAL-IP,但其值仍为CLUSTER-IP,因此需要创建从集群外到集群内EXTERNAL-IP的路径。另外,还需确保可以通过主机名gitlab.test.com进行访问。
添加到hosts文件
请编辑/etc/hosts文件,并将EXTERNAL-IP设置为以下主机的IP地址。
-
- gitlab.test.com
-
- minio.test.com
- registry.test.com
$ sudo vim /etc/hosts
$ cat /etc/hosts
( 略 )
10.106.203.63 gitlab.test.com
10.106.203.63 minio.test.com
10.106.203.63 registry.test.com
( 略 )
$
将信息添加到路由表中
将路由表中添加到EXTERNAL-IP的路由路径。
追前
$ sudo route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 20100 0 0 enp0s31f6
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s31f6
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-dd3ae712d9ae
192.168.3.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s31f6
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 vboxnet0
参考自elsonrodriguez/minikube-lb-patch的追加命令。
$ ServiceCIDR=$(cat ~/.minikube/profiles/minikube/config.json | jq -r ".KubernetesConfig.ServiceCIDR")
$ echo ${ServiceCIDR}
10.96.0.0/12
$ sudo route -n add -net ${ServiceCIDR} gw $(minikube ip)
追加之后
成功地添加了以minikube为网关的路径。
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 20100 0 0 enp0s31f6
10.96.0.0 minikube 255.240.0.0 UG 0 0 0 vboxnet0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s31f6
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-dd3ae712d9ae
192.168.3.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s31f6
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 vboxnet0
$
在浏览器中访问负载均衡器
我要在Ubuntu机器上启动Google Chrome。
$ google-chrome
我将在下面附上从以Ubuntu为启动系统的Google Chrome访问minikube集群的屏幕截图。(由于使用X11转发,将Google Chrome屏幕从Ubuntu(minikube正在运行的机器)转发到Windows(仅用于工作的机器),所以屏幕截图的外观看起来像是在Windows上的应用,请谅解。)
这是登录界面。用户名设为root。密码可以通过以下命令获取。
(如果您指定的Helm命令的部署名称不是gitlab,则秘钥名称也不同,请注意。)
$ kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath={.data.password} -n gitlab | base64 --decode ; echo
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
$
确认行动
请确认能够克隆仓库、添加文件(README.md)、提交并推送(commit & push)。
$ # 怒られる
$ git clone https://gitlab.test.com/root/test.git
Cloning into 'test'...
fatal: unable to access 'https://gitlab.test.com/root/test.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
$ # 非推奨
$ git config --global http.sslverify false
$ # clone できる
$ git clone https://gitlab.test.com/root/test.git
Cloning into 'test'...
Username for 'https://gitlab.test.com': root
Password for 'https://root@gitlab.test.com':
warning: You appear to have cloned an empty repository.
$ cd ./test/
$ vim README.md
$ cat README.md
# test
GitLab test
$ git add README.md
$ git commit -m "add"
[master (root-commit) ca0f2bd] add
1 file changed, 3 insertions(+)
create mode 100644 README.md
$ git push
Username for 'https://gitlab.test.com': root
Password for 'https://root@gitlab.test.com':
Counting objects: 3, done.
Writing objects: 100% (3/3), 217 bytes | 217.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://gitlab.test.com/root/test.git
* [new branch] master -> master
$
总结
希望能够通过体验云原生潮流的方式,尝试部署GitLab。
如果这份最新的GitLab部署方法对您有帮助,我将感到非常欣慰。
虽然Minikube不容易分配外部IP,但无需担心费用,这是一个很好的地方。
由于可以自由更改配置,我认为它特别适合学习和实验目的。
我也希望能继续尝试Serverless的功能。
