Kuernetes安装极狐Gitlab-runner
一、前期说明
由于安装gitlab-runner,启用自签证书,尝试各种方法,参考各种官方文档,均遭失败,很尴尬,以下文档使用http注册,gitlab还是用https访问,详细改造方式,请看下文
以后有时间继续研究
二、前期准备
-
Kubernetes集群安装
- 1-Kubernetes基于Centos7构建基础环境(一)
- 2-Kubernetes基于Centos7构建基础环境(二)
- 3-Kubernetes基于Centos7构建基础环境(三)
- 1-Kuernetes安装极狐github
-
修改 service/gitlab-webservice-default 将ClusterIP,改成NodePort,同时将端口号改为32000
- 为下文,runner 注册提供ip和端口号
[root@master140 jihu-15.9.3]# kubectl -n gitlab get pod,svc
NAME READY STATUS RESTARTS AGE
pod/gitlab-gitaly-0 1/1 Running 0 149m
pod/gitlab-gitlab-exporter-84dc494465-pnkpg 1/1 Running 0 149m
pod/gitlab-gitlab-shell-68df76c86c-bbf2p 1/1 Running 0 149m
pod/gitlab-gitlab-shell-68df76c86c-z44w4 1/1 Running 0 149m
pod/gitlab-kas-796dcfddf6-9dxlz 1/1 Running 0 149m
pod/gitlab-kas-796dcfddf6-dk7ms 1/1 Running 0 149m
pod/gitlab-migrations-1-v9zgh 0/1 Completed 0 149m
pod/gitlab-minio-67ccd59c56-nzhtq 1/1 Running 0 149m
pod/gitlab-minio-create-buckets-1-2h4jj 0/1 Completed 0 149m
pod/gitlab-postgresql-0 2/2 Running 0 149m
pod/gitlab-redis-master-0 2/2 Running 0 149m
pod/gitlab-registry-6c69c7b68f-rwnnx 1/1 Running 0 149m
pod/gitlab-registry-6c69c7b68f-rzhjg 1/1 Running 0 149m
pod/gitlab-runner-6794799cb7-vrtwt 1/1 Running 0 34m
pod/gitlab-sidekiq-all-in-1-v2-769f56758-b8rwn 1/1 Running 0 149m
pod/gitlab-toolbox-5fd59d8bf9-zf7wx 1/1 Running 0 149m
pod/gitlab-webservice-default-5fcc77db88-rbzxf 2/2 Running 0 149m
pod/gitlab-webservice-default-5fcc77db88-vrsgl 2/2 Running 0 149m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 149m
service/gitlab-gitlab-exporter ClusterIP 10.96.1.193 <none> 9168/TCP 149m
service/gitlab-gitlab-shell ClusterIP 10.96.2.115 <none> 22/TCP 149m
service/gitlab-kas ClusterIP 10.96.0.12 <none> 8150/TCP,8153/TCP,8154/TCP,8151/TCP 149m
service/gitlab-minio-svc ClusterIP 10.96.3.247 <none> 9000/TCP 149m
service/gitlab-postgresql ClusterIP 10.96.0.47 <none> 5432/TCP 149m
service/gitlab-postgresql-headless ClusterIP None <none> 5432/TCP 149m
service/gitlab-postgresql-metrics ClusterIP 10.96.2.237 <none> 9187/TCP 149m
service/gitlab-redis-headless ClusterIP None <none> 6379/TCP 149m
service/gitlab-redis-master ClusterIP 10.96.0.23 <none> 6379/TCP 149m
service/gitlab-redis-metrics ClusterIP 10.96.0.140 <none> 9121/TCP 149m
service/gitlab-registry ClusterIP 10.96.0.183 <none> 5000/TCP 149m
service/gitlab-webservice-default NodePort 10.96.1.222 <none> 8080:32491/TCP,8181:32000/TCP,8083:32483/TCP 149m
[root@master140 jihu-15.9.3]#
- 上一章节介绍安装gitlab-runner 0.50.1 版本
[root@master140 jihu-15.9.3]# helm search repo gitlab -l
NAME CHART VERSION APP VERSION DESCRIPTION
gitlab/gitlab 6.9.3 15.9.3 The One DevOps Platform
gitlab/gitlab-runner 0.50.1 15.9.1 GitLab Runner
[root@master140 jihu-15.9.3]#
- 获取注册地址和注册token
- 创建项目,在项目导航栏找到设置里面的CICD
- 此处只获取注册token,为自定义yaml文件准备
- 自定义 yaml文件
[root@master140 jihu-15.9.3]# cat gitlab-runner-values.yaml
imagePullPolicy: IfNotPresent # 镜像拉取规则
gitlabUrl: http://10.1.90.140:32000/ # runner 注册到 gitlab 的地址
runnerRegistrationToken: GR1348941f_Lo9QbfaybesVoeq3Hz # gitlab token 地址
image: dev-bj.hatech.com.cn/library/jihulab-gitlab-runner:alpine-v15.9.1 # 提前准备好镜像,上传到私仓
#certsSecretName: gitlab-runner-secret # 尴尬加1,设置ca证书不生效,此处不采用
concurrent: 10 # 并行运行 Job 的最大值
checkInterval: 30 # 极狐GitLab 实例检查新构建的时间间隔
logLevel: "debug" # 设置日志级别
rbac:
create: true
clusterWideAccess: true
# serviceAccountName: xincan-rbac # 可以指定自己集群中的sa,也可以采用runner自建,此处采用后者
#podSecurityContext: # 设置runner容器权限
# runAsUser: 100
# runAsGroup: 65533
# fsGroup: 65533
# runAsNonRoot: false
imagePullSecrets: # 设置 镜像下载权限(针对自己的harbor)
- name: xincan-rbac-secret
runners:
name: "sonar-runner" # 设置runner名称
executor: "kubernetes" # 执行器选择 kubernetes
privileged: "true"
tags: "kubernetes,sonar" # 设置 runner 标签,ci编排时匹配指定的应用,才能用此 runner
config: |
[[runners]]
clone_url = "http://10.1.90.140:32000" # 设置runner克隆代码地址
#tls-ca-file = "/home/gitlab-runner/.gitlab-runner/certs/ca.crt" # 尴尬加2,设置ca证书不生效,此处不采用
#tls-cert-file = "/home/gitlab-runner/.gitlab-runner/certs/gitlab.xincan.com.crt" # 尴尬加3,设置ca证书不生效,此处不采用
#tls-key-file = "/home/gitlab-runner/.gitlab-runner/certs/gitlab.xincan.com.key" # 尴尬加4,设置ca证书不生效,此处不采用
extra_hosts = ["gitlab.xincan.com:10.1.90.140"]
[runners.kubernetes]
namespace = "{{.Release.Namespace}}"
image = "dev-bj.hatech.com.cn/library/ubuntu:20.04"
[[runners.kubernetes.volumes.host_path]]
name = "docker"
host_path = "/var/run/docker.sock"
mount_path = "/var/run/docker.sock"
#[[runners.kubernetes.host_aliases]]
# ip = "10.1.90.140"
# hostnames = ["gitlab.xincan.com"]
#[[runners.kubernetes.volumes.secret]]
# name = "gitlab-runner-secret"
# mount_path = "/home/gitlab-runner/.gitlab-runner/certs"
helpers:
image: "dev-bj.hatech.com.cn/library/gitlab-runner-helper:x86_64-beb1c007"
resources:
limits:
memory: 2Gi
cpu: 1
requests:
memory: 1Gi
cpu: 0.5
#envVars:
# - name: CI_SERVER_TLS_CA_FILE
# value: /home/gitlab-runner/.gitlab-runner/certs/ca.crt
# 设置容器内部时间
volumeMounts:
- name: host-time
mountPath: /etc/localtime
readOnly: true
volumes:
- name: host-time
hostPath:
path: /etc/localtime
[root@master140 jihu-15.9.3]#
- runner 安装
[root@master140 jihu-15.9.3]# helm install -n gitlab gitlab-runner gitlab/gitlab-runner --version 0.50.1 -f gitlab-runner-values.yaml
# 或
[root@master140 jihu-15.9.3]# helm upgrade --install -n gitlab gitlab-runner gitlab/gitlab-runner --version 0.50.1 -f gitlab-runner-values.yaml
- 查看安装结果
- runner安装成功
[root@master140 ~]# kubectl -n gitlab get pod
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 1/1 Running 0 3h36m
gitlab-gitlab-exporter-84dc494465-pnkpg 1/1 Running 0 3h36m
gitlab-gitlab-shell-68df76c86c-bbf2p 1/1 Running 0 3h36m
gitlab-gitlab-shell-68df76c86c-z44w4 1/1 Running 0 3h36m
gitlab-kas-796dcfddf6-9dxlz 1/1 Running 0 3h36m
gitlab-kas-796dcfddf6-dk7ms 1/1 Running 0 3h36m
gitlab-migrations-1-v9zgh 0/1 Completed 0 3h36m
gitlab-minio-67ccd59c56-nzhtq 1/1 Running 0 3h36m
gitlab-minio-create-buckets-1-2h4jj 0/1 Completed 0 3h36m
gitlab-postgresql-0 2/2 Running 0 3h36m
gitlab-redis-master-0 2/2 Running 0 3h36m
gitlab-registry-6c69c7b68f-rwnnx 1/1 Running 0 3h36m
gitlab-registry-6c69c7b68f-rzhjg 1/1 Running 0 3h36m
gitlab-runner-6794799cb7-vrtwt 1/1 Running 0 100m
gitlab-sidekiq-all-in-1-v2-769f56758-b8rwn 1/1 Running 0 3h36m
gitlab-toolbox-5fd59d8bf9-zf7wx 1/1 Running 0 3h36m
gitlab-webservice-default-5fcc77db88-rbzxf 2/2 Running 0 3h36m
gitlab-webservice-default-5fcc77db88-vrsgl 2/2 Running 0 3h36m
发现,注册成功,runner名称,与yaml中的名称一致,初步部署完成,后续章节,介绍使用方式及过程