使用 helm 安装 agent for Kubernetes

使用 helm 安装 agent for Kubernetes

极狐gitlab v14.10.0 之前,安装 agent 时是生成的 k8s yaml 资源文件,极狐gitlab v14.10.0 开始生成 helm 安装命令,不过底层原理都差不多。

1. 前提

2. 安装 agent

2.1 创建仓库

gitops/agentk

2.2 创建配置文件

gitops/agentk 库中创建:.gitlab/agents/agent1/config.yaml

gitops:
  manifest_projects:
  - id: "gitops/agentk"
    paths:
    - glob: '/**/*.{yaml,json}'
  • 上面配置的含义是 agent 名称为 agent1,指定项目为 gitops/agentk,指定资源清单文件为项目根目录下任何目录下的 yaml 和 json 为后缀的文件
  • 项目配置为列表,可以指定多个项目
  • 配置文件编写参考:Using a GitOps workflow for Kubernetes | GitLab

2.3 注册 agent 到极狐gitlab

操作步骤:

  • 进入项目菜单”基础架构 > Kubernetes 集群”;
  • 点击 Connect a cluster (agent);
  • 点击 Select an Agent 下拉框,选择在配置文件里定义的 Agent 名称;
  • 复制弹出屏幕上的 Agent helm 安装命令

agent01

agent01

2.4 安装 helm v3

安装 helm v3(v3.3.1 或者更新),参考官方安装文档:Helm | Installing Helm

这里使用手动下载安装方式:

# 发布地址:https://github.com/helm/helm/releases
curl -O https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
tar zxvf helm-v3.8.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
chmod +x /usr/local/bin/helm

helm version
version.BuildInfo{Version:"v3.8.0", GitCommit:"d14138609b01886f544b2025f5000351c9eb092e", GitTreeState:"clean", GoVersion:"go1.17.5"}

2.5 安装 agent 到 k8s 集群

安装命令前面已自动生成:

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

helm repo add gitlab https://charts.gitlab.io
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
    --namespace gitlab-agent \
    --create-namespace \
    --set config.token=LEcr5nggfLqFeMgSJy166MVyQpMMqMQkkYGdK8PBM21c6zyEng \
    --set config.kasAddress=ws://10.10.10.60/-/kubernetes-agent/

安装完成后,正常连接:

agent01

3. Gitops 演示

在项目中定义 k8s 资源描述文件,例如:deploy/nginx.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: test-agent
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: test-agent
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

创建完成后,正常的话就会在 k8s 集群中创建 nginx 相关资源:

$ kubectl -n test-agent get all
NAME                                    READY   STATUS              RESTARTS   AGE
pod/nginx-deployment-66b6c48dd5-xgppg   0/1     ContainerCreating   0          21s

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   0/1     1            0           21s

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-deployment-66b6c48dd5   1         1         0       21s

修改 Deployment 的 replicas 为 2,则会新增一个 pod:

$ kubectl -n test-agent get po
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-66b6c48dd5-xgppg   1/1     Running   0          2m19s
nginx-deployment-66b6c48dd5-xn5gj   1/1     Running   0          21s

删除 deploy/nginx.yaml 文件,资源也会从集群中删除:

$ kubectl -n test-agent get po
No resources found in test-agent namespace.

4. ci/cd 中调用 agent 演示

还是在 gitops/agentk (已安装 agent )基础上进行

4.1 添加仓库

gitops/p1

4.2 添加 agent 认证

如果就是当前项目下(gitops/agentk)使用 agent,则不需要添加认证

编辑 gitops/agentk 项目 .gitlab/agents/agent1/config.yaml 添加

ci_access:
  projects:
  - id: gitops/p1
  • 必须是同组下的项目,最多 100 个

也可以添加组

ci_access:
  projects:
  - id: gitops/g1
  - id: gitops/g2
  • 必须是同组下面的子组,最多 100 个

4.3 添加 .gitlab-ci.yml

gitops/p1 下添加

stages:
  - build

build:
  stage: build
  image:
    name: bitnami/kubectl:1.22.5
    entrypoint: [""]
  script:
  - kubectl config get-contexts
  - kubectl config use-context gitops/agentk:agent1
  - kubectl get pod -A
  • 镜像 bitnami/kubectl:1.22.5 经常 pull 不下来,可能会导致 job 失败,可以尝试使用:cloudctl/kubectl:1.22.5

如果不添加前面的认证会报错:

$ kubectl config use-context gitops/agentk:agent1
error: no context exists with the name: "gitops/agentk:agent1"
ERROR: Job failed: command terminated with exit code 1

job 成功运行日志:

Running with gitlab-runner 14.10.0 (bd40e3da)
  on docker runner xdfVPzdy
Resolving secrets
00:00
Preparing the "docker" executor
00:36
Using Docker executor with image bitnami/kubectl:1.22.5 ...
Pulling docker image bitnami/kubectl:1.22.5 ...
Using docker image sha256:3a768fa5900e0ae98818b56e294a27dff2b77a3b5287ef37b31678bab39b11d6 for bitnami/kubectl:1.22.5 with digest bitnami/kubectl@sha256:9c11dfca2108cbc58748e5df146cb283aae937f317a3f370bad0b2cd656da326 ...
Preparing environment
00:00
Running on runner-xdfvpzdy-project-6-concurrent-0 via 97c0259b18a8...
Getting source from Git repository
00:01
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/gitops/p1/.git/
Created fresh repository.
Checking out 73204915 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:01
Using docker image sha256:3a768fa5900e0ae98818b56e294a27dff2b77a3b5287ef37b31678bab39b11d6 for bitnami/kubectl:1.22.5 with digest bitnami/kubectl@sha256:9c11dfca2108cbc58748e5df146cb283aae937f317a3f370bad0b2cd656da326 ...
$ kubectl config get-contexts
CURRENT   NAME                   CLUSTER   AUTHINFO   NAMESPACE
          gitops/agentk:agent1   gitlab    agent:2    
$ kubectl config use-context gitops/agentk:agent1
Switched to context "gitops/agentk:agent1".
$ kubectl get pod -A
NAMESPACE      NAME                                      READY   STATUS      RESTARTS   AGE
kube-system    metrics-server-7cd5fcb6b7-nmzg8           1/1     Running     0          9d
kube-system    helm-install-traefik-crd-qsvhw            0/1     Completed   0          9d
kube-system    local-path-provisioner-6c79684f77-gp4pt   1/1     Running     0          9d
kube-system    helm-install-traefik-4mn4g                0/1     Completed   0          9d
kube-system    svclb-traefik-t2whc                       2/2     Running     0          9d
kube-system    traefik-58b759688b-rsmsb                  1/1     Running     0          9d
kube-system    nfs-client-provisioner-5cb9bbdcbf-fhchm   1/1     Running     0          9d
kube-system    coredns-d76bd69b-fhkl8                    1/1     Running     0          7m20s
gitlab-agent   gitlab-agent-7d669fb4f5-f55hd             1/1     Running     0          2m55s
Cleaning up project directory and file based variables
00:00
Job succeeded

注意:根据官方文档:Using GitLab CI/CD with a Kubernetes cluster | GitLab 的说法,如果 gitlab 未启用 https 或者 ssl 证书为自签时会以下错误:

error: You must be logged in to the server (the server has asked for the client to provide credentials)

5. 其他操作

5.1 删除 agent

首先删除 k8s 集群 agent

helm uninstall gitlab-agent \
    --namespace gitlab-agent

然后再 web 页面删除注册的 agent 即可

5.2 升级 agent

升级到最新

helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
  --namespace gitlab-agent \
  --reuse-values

升级 imag

helm upgrade gitlab-agent gitlab/gitlab-agent \
  --namespace gitlab-agent \
  --reuse-values \
  --set image.tag=v14.10.0

5.3 安装多个 agent 到同一 k8s 集群

方法一,使用不同 chart 示例名称

helm upgrade --install second-gitlab-agent gitlab/gitlab-agent ...

方法二,使用不同 namespace

helm upgrade --install gitlab-agent gitlab/gitlab-agent \
  --namespace different-namespace \
  ...
posted @ 2022-08-15 14:40  leffss  阅读(261)  评论(0编辑  收藏  举报