如何为私有 GKE 集群启用 Gitlab CI/CD? [英] How to enable Gitlab CI/CD for Private GKE cluster?
问题描述
我想设置 Gitlab CI/CD 的 AutoDevops 功能,为此我正在尝试将现有的 kubernetes 集群设置为我的环境.
I would like to setup the AutoDevops functionality of Gitlab CI/CD, and for that I am trying to setup the existing kubernetes cluster as my environment.
但是,Gitlab 需要用于访问 Kubernetes API 的 Kubernetes Master API URL.Kubernetes公开几个 API,我们想要所有这些 API 通用的基本"URL,例如,https://kubernetes.example.com 而不是 https://kubernetes.example.com/api/v1.我们将通过运行以下命令获取 API URL:
However, the Gitlab requires Kubernetes Master API URL that uses to access the Kubernetes API. Kubernetes exposes several APIs, we want the "base" URL that is common to all of them, e.g., https://kubernetes.example.com rather than https://kubernetes.example.com/api/v1. we will get the API URL by running this command:
kubectl 集群信息 |grep 'Kubernetes 大师' |awk '/http/{print $NF}
返回 https://
which returns a https://
在我的情况下,我有一个私人 IP,即 https://172.10.1.x
in my case, I have a private Ip which is https://172.10.1.x
没有任何文档可以帮助为私有 GKE 集群设置 gitlab CI.
There aren't any documentations to help setup the gitlab CI for a Private GKE cluster.
如何设置 gitlab 以借助正在运行的 VM 实例或 pod 的服务 IP 访问我的 kubernetes master?或者如果有任何解决方案/变通方法的建议可以实现这一点,请提供帮助.
How can I set the gitlab to access my kubernetes master with the help of a running VM instance or a pod's service IP ? or if there are any solutions/workarounds suggestions to achieve this, please help.
推荐答案
现在(2020 年 9 月)有替代方案,但它不是免费的(仅限 GitLab.com Premium/Ultimate),在 14.5+(11 月)免费. 2021).
There is now (Sept. 2020) an alternative, but it is not free (GitLab.com Premium/Ultimate only), is free in 14.5+ (Nov. 2021).
参见 GitLab 13.4
GitLab 的 Kubernetes 集成长期以来无需手动设置即可部署到 Kubernetes 集群.许多用户都喜欢这种易用性,而另一些用户则遇到了一些挑战.
Introducing the GitLab Kubernetes Agent
GitLab’s Kubernetes integration has long enabled deployment to Kubernetes clusters without manual setup. Many users have enjoyed the ease-of-use, while others have run into some challenges.
当前的集成要求您的集群对 Internet 开放,以便 GitLab 访问它.对于许多组织而言,这是不可能的,因为出于安全、合规或监管目的,他们必须锁定其集群访问.为了解决这些限制,用户需要在 GitLab 之上创建自定义工具,否则他们无法使用该功能.
The current integration requires your cluster to be open to the Internet for GitLab to access it. For many organizations, this isn’t possible, because they must lock down their cluster access for security, compliance, or regulatory purposes. To work around these restrictions, users needed to create custom tooling on top of GitLab, or they couldn’t use the feature.
今天,我们发布了 GitLab Kubernetes 代理:一种部署到 Kubernetes 集群的新方法.代理在您的集群内部运行,因此您无需将其打开到 Internet.代理通过从 GitLab 中提取新更改来编排部署,而不是 GitLab 将更新推送到集群.无论您使用哪种 GitOps 方法,GitLab 都能满足您的需求.
Today, we’re announcing the GitLab Kubernetes Agent: a new way to deploy to Kubernetes clusters. The Agent runs inside of your cluster, so you don’t need to open it to the internet. The Agent orchestrates deployments by pulling new changes from GitLab, rather than GitLab pushing updates to the cluster. No matter what method of GitOps you use, GitLab has you covered.
请注意,这是代理的第一个版本.目前,GitLab Kubernetes Agent 具有配置驱动的设置,并支持通过代码进行部署管理.一些现有的 Kubernetes 集成功能,例如 Deploy Boards 和 GitLab Managed Apps,尚不受支持.我们的愿景是最终实现这些功能,并提供新的安全性和合规性-与代理的重点集成.
Note this is the first release of the Agent. Currently, the GitLab Kubernetes Agent has a configuration-driven setup, and enables deployment management by code. Some existing Kubernetes integration features, such as Deploy Boards and GitLab Managed Apps, are not yet supported. Our vision is to eventually implement these capabilities, and provide new security- and compliance-focused integrations with the Agent.
https://about.gitlab.com/images/13_4/gitops-header.png -- 介绍 GitLab Kubernetes 代理
https://about.gitlab.com/images/13_4/gitops-header.png -- Introducing the GitLab Kubernetes Agent
另见 GitLab 13.5(2020 年 10 月)
See also GitLab 13.5 (October 2020)
上个月我们为与 Helm 一起安装的自我管理 GitLab 实例.
Install the GitLab Kubernetes Agent with Omnibus GitLab
Last month we introduced the GitLab Kubernetes Agent for self-managed GitLab instances installed with Helm.
此版本增加了对官方 Linux 软件包的支持.
This release adds support for the official Linux package.
在这个新的 Kubernetes 集成中,代理通过从 GitLab 中提取新更改来编排部署,而不是 GitLab 将更新推送到您的集群.
In this new Kubernetes integration, the Agent orchestrates deployments by pulling new changes from GitLab, rather than GitLab pushing updates to your cluster.
您可以详细了解 Kubernetes 代理现在的工作原理和查看我们的愿景,看看我们有什么.
You can learn more about how the Kubernetes Agent works now and check out our vision to see what’s in store.
这已通过 GitLab 13.11(2021 年 4 月):
This is confirmed with GitLab 13.11 (April 2021):
GitLab Kubernetes 代理终于在 GitLab.com 上可用.通过使用代理,您可以从快速、基于拉取的集群部署中受益,同时 GitLab.com 管理代理的必要服务器端组件.
GitLab Kubernetes Agent available on GitLab.com
The GitLab Kubernetes Agent is finally available on GitLab.com. By using the Agent, you can benefit from fast, pull-based deployments to your cluster, while GitLab.com manages the necessary server-side components of the Agent.
GitLab Kubernetes 代理是 GitLab 的 Kubernetes 集成的核心构建块.
目前基于代理的集成支持基于拉的部署和网络安全策略集成和警报,并且很快也将获得对基于推送的部署的支持.
The GitLab Kubernetes Agent is the core building block of GitLab’s Kubernetes integrations.
The Agent-based integration today supports pull-based deployments and Network Security policy integration and alerts, and will soon receive support for push-based deployments too.
与传统的基于证书的 Kubernetes 集成不同,GitLab Kubernetes 代理不需要向 GitLab 开放您的集群,并允许在集群中围绕 GitLab 的功能进行微调的 RBAC 控制.
Unlike the legacy, certificate-based Kubernetes integration, the GitLab Kubernetes Agent does not require opening up your cluster towards GitLab and allows fine-tuned RBAC controls around GitLab’s capabilities within your clusters.
参见 GitLab 14.5(2021 年 11 月)
See GitLab 14.5 (November 2021)
将 Kubernetes 集群与 GitLab Kubernetes 代理连接可简化集群应用程序的设置,并支持将 GitOps 安全部署到集群.
GitLab Kubernetes Agent available in GitLab Free
Connecting a Kubernetes cluster with the GitLab Kubernetes Agent simplifies the setup for cluster applications and enables secure GitOps deployments to the cluster.
最初,GitLab Kubernetes Agent 仅适用于高级用户.
Initially, the GitLab Kubernetes Agent was available only for Premium users.
在我们对开源精神的承诺中,我们将 GitLab Kubernetes 代理和 CI/CD 隧道的核心功能移至 GitLab Free.
我们希望这些开源功能能够吸引许多没有专门的基础架构团队和对集群管理有严格要求的用户.
作为 GitLab Premium 产品的一部分,高级功能仍然可用.
In our commitment to the open source ethos, we moved the core features of the GitLab Kubernetes Agent and the CI/CD Tunnel to GitLab Free.
We expect that the open-sourced features are compelling to many users without dedicated infrastructure teams and strong requirements around cluster management.
Advanced features remain available as part of the GitLab Premium offering.
这篇关于如何为私有 GKE 集群启用 Gitlab CI/CD?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
