如何将Kubernetes与Gitlab集成 [英] How to integrate Kubernetes with Gitlab
问题描述
我正在尝试将Kubernetes集群与Gitlab集成在一起,以使用Gitlab Review Apps功能.
I'm trying to integrate Kubernetes cluster with Gitlab for using the Gitlab Review Apps feature.
- Kubernetes集群是通过Rancher 1.6创建的
- 从kubernetes shell运行
kubectl get all
给出
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/my-service LoadBalancer x.x.144.67 x.x.13.89 80:32701/TCP 30d
svc/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 30d
- 在Gitlab
CI / CD
>Kubernetes
页面上,我们主要需要输入3个字段:- On the Gitlab
CI / CD
>Kubernetes
page, we need to enter mainly 3 fields:- API URL
- CA证书
- 令牌
- 如果我没记错的话,我们可以从
Rancher Dashboard
>Kubernetes
>CLI
>Generate Config
获取Kubernetes API URL,然后将server
URL复制到cluster
下.
- If I'm not wrong, we can get the Kubernetes API URL from
Rancher Dashboard
>Kubernetes
>CLI
>Generate Config
and copy theserver
url undercluster
apiVersion: v1 kind: Config clusters: - cluster: api-version: v1 insecure-skip-tls-verify: true server: "https://x.x.122.197:8080/r/projects/1a7/kubernetes:6443"
CA证书和令牌?
- 现在,问题是,从哪里获得CA证书(pem格式)和令牌?
我从Kubernetes仪表板尝试了所有命名空间中的所有
ca.crt
和token
值,但是在尝试安装Helm Tiller
应用程序时,我在Gitlab上遇到此错误:I tried all the
ca.crt
andtoken
values from all the namespaces from the Kubernetes dashboard, but I'm getting this error on the Gitlab when trying to installHelm Tiller
application:Something went wrong while installing Helm Tiller Can't start installation process
这是我的机密页面的样子
Here is how my secrets page look like
推荐答案
我也正在消磨kubernetes和GitLab.我创建了几个用于测试的单节点集群",其中一个使用
minikube
和另一个通过kubeadm
.I'm also dying out with kubernetes and GitLab. I've created a couple single-node "clusters" for testing, one with
minikube
and another viakubeadm
.我在 GitLab论坛,但我在下面发布了我的解决方案:
I answered this question on the GitLab forum but I'm posting my solution below:
根据官方文档,API URL仅
https://hostname:port
不带斜杠According to the official documentation, the API URL is only
https://hostname:port
without trailing slash首先,我像往常一样列出了机密:
First, I listed the secrets as usual:
$ kubectl get secrets NAME TYPE DATA AGE default-token-tpvsd kubernetes.io/service-account-token 3 2d k8s-dashboard-sa-token-XXXXX kubernetes.io/service-account-token 3 1d
获取服务令牌
$ kubectl -o json get secret k8s-dashboard-sa-token-XXXXX | jq -r '.data.token' | base64 -d eyJhbGci ... sjcuNA8w
获取CA证书
然后我使用自定义选择器通过jq直接从JSON输出中获取了CA证书:
Get the CA certificate
Then I got the CA certificate directly from the JSON output via jq with a custom selector:
$ kubectl -o json get secret k8s-dashboard-sa-token-XXXXX | jq -r '.data."ca.crt"' | base64 -d - | tee ca.crt -----BEGIN CERTIFICATE----- MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl ... ... ... ... ... ... FT55iMtPtFqAOnoYBCiLH6oT6Z1ACxduxPZA/EeQmTUoRJG8joczI0V1cnY= -----END CERTIFICATE-----
验证CA证书
有了CA证书,您可以照常
verify
:$ openssl x509 -in ca.crt -noout -subject -issuer subject= /CN=kubernetes issuer= /CN=kubernetes $ openssl s_client -showcerts -connect 192.168.100.20:6443 < /dev/null &> apiserver.crt $ openssl verify -verbose -CAfile ca.crt apiserver.crt apiserver.crt: OK
这篇关于如何将Kubernetes与Gitlab集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- On the Gitlab