Ijọpọ ti Dasibodu Kubernetes ati Awọn olumulo GitLab

Dasibodu Kubernetes jẹ ohun elo irọrun-lati-lo fun gbigba alaye imudojuiwọn nipa iṣupọ nṣiṣẹ ati iṣakoso ti o kere ju. O bẹrẹ lati ni riri paapaa diẹ sii nigbati iraye si awọn agbara wọnyi nilo kii ṣe nipasẹ awọn alabojuto / awọn onimọ-ẹrọ DevOps, ṣugbọn tun nipasẹ awọn ti ko faramọ console ati / tabi ko pinnu lati wo pẹlu gbogbo awọn intricacies ti ibaraenisepo pẹlu kubectl ati miiran igbesi. Eyi ṣẹlẹ pẹlu wa: awọn olupilẹṣẹ fẹ iraye si iyara si wiwo wẹẹbu Kubernetes, ati pe niwọn igba ti a lo GitLab, ojutu naa wa nipa ti ara.

Kini idi eyi?

Awọn olupilẹṣẹ taara le nifẹ si ohun elo bii K8s Dashboard fun awọn iṣẹ ṣiṣe n ṣatunṣe aṣiṣe. Nigba miiran o fẹ lati wo awọn akọọlẹ ati awọn orisun, ati nigbakan pa awọn adarọ-ese, iwọn Awọn imuṣiṣẹ / StatefulSets, ati paapaa lọ si console eiyan (awọn ibeere tun wa fun eyiti, sibẹsibẹ, ọna miiran wa - fun apẹẹrẹ, nipasẹ kubectl-yokokoro).

Ni afikun, akoko ọpọlọ wa fun awọn alakoso nigba ti wọn fẹ lati wo iṣupọ - lati rii pe “ohun gbogbo jẹ alawọ ewe”, ati nitorinaa ṣe idaniloju ara wọn pe “ohun gbogbo n ṣiṣẹ” (eyiti, nitorinaa, jẹ ibatan pupọ… ṣugbọn eyi kọja aaye ti nkan naa).

Bi awọn kan boṣewa CI eto ti a ni loo GitLab: gbogbo awọn olupilẹṣẹ lo paapaa. Nitorinaa, lati pese iwọle si wọn, o jẹ ọgbọn lati ṣepọ Dashboard pẹlu awọn akọọlẹ GitLab.

Emi yoo tun ṣe akiyesi pe a lo NGINX Ingress. Ti o ba ṣiṣẹ pẹlu awọn miiran ingress solusan, iwọ yoo nilo lati wa awọn afọwọṣe ti awọn asọye fun aṣẹ ni ominira.

Ngbiyanju iṣọpọ

Dasibodu fifi sori

Išọra: Ti o ba fẹ tun awọn igbesẹ ti o wa ni isalẹ ṣe, lẹhinna - lati yago fun awọn iṣẹ ti ko wulo - kọkọ ka si akọle atẹle.

Niwọn igba ti a ti lo iṣọpọ yii ni ọpọlọpọ awọn fifi sori ẹrọ, a ti fi sori ẹrọ adaṣe adaṣe. Awọn orisun ti o nilo fun eyi ni a gbejade ni pataki GitHub ibi ipamọ. Wọn da lori awọn atunto YAML ti a yipada diẹ lati ibi ipamọ Dasibodu osise, bakanna bi iwe afọwọkọ Bash fun imuṣiṣẹ ni kiakia.

Iwe afọwọkọ naa fi Dasibodu sinu iṣupọ ati tunto rẹ fun isọpọ pẹlu GitLab:

$ ./ctl.sh  
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
 -i, --install                install into 'kube-system' namespace
 -u, --upgrade                upgrade existing installation, will reuse password and host names
 -d, --delete                 remove everything, including the namespace
     --gitlab-url             set gitlab url with schema (https://gitlab.example.com)
     --oauth2-id              set OAUTH2_PROXY_CLIENT_ID from gitlab
     --oauth2-secret          set OAUTH2_PROXY_CLIENT_SECRET from gitlab
     --dashboard-url          set dashboard url without schema (dashboard.example.com)
Optional arguments:
 -h, --help                   output this message

Sibẹsibẹ, ṣaaju lilo rẹ, o nilo lati lọ si GitLab: Abojuto agbegbe → Awọn ohun elo - ati ṣafikun ohun elo tuntun fun igbimọ iwaju. Jẹ ki a pe ni “kubernetes dashboard”:

Bi abajade ti fifi kun, GitLab yoo pese awọn hashes:

Wọn jẹ awọn ti a lo bi awọn ariyanjiyan si iwe afọwọkọ naa. Bi abajade, fifi sori ẹrọ dabi eyi:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Lẹhin iyẹn, jẹ ki a ṣayẹwo pe ohun gbogbo bẹrẹ:

$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp   1/1       Running   0          14s
oauth2-proxy-5586ccf95c-czp2v           1/1       Running   0          14s

Laipẹ tabi nigbamii ohun gbogbo yoo bẹrẹ, sibẹsibẹ aṣẹ kii yoo ṣiṣẹ lẹsẹkẹsẹ! Otitọ ni pe ninu aworan ti a lo (ipo ti o wa ninu awọn aworan miiran jẹ iru) ilana ti mimu àtúnjúwe kan ninu ipe pada jẹ imuse ti ko tọ. Ipo yii yori si otitọ pe ibura pa kuki ti o bura funrarẹ n pese fun wa…

Iṣoro naa jẹ ipinnu nipasẹ kikọ aworan ibura tirẹ pẹlu alemo kan.

Patch bura ki o tun fi sii

Lati ṣe eyi, a yoo lo Dockerfile atẹle:

FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy

RUN apk --update add make git build-base curl bash ca-certificates wget 
&& update-ca-certificates 
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm 
&& chmod +x gpm 
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git . 
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842  
ADD rd.patch .
RUN patch -p1 < rd.patch 
&& ./dist.sh

FROM alpine:3.7
RUN apk --update add curl bash  ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/

EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]

Ati pe eyi ni ohun ti patch rd.patch funrararẹ dabi

diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
 
echo "... running tests"
-./test.sh
+#./test.sh
 
-for os in windows linux darwin; do
-    echo "... building v$version for $os/$arch"
-    EXT=
-    if [ $os = windows ]; then
-        EXT=".exe"
-    fi
-    BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
-    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
-    FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 
-        go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
-    pushd $BUILD/$TARGET
-    sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
-    cd .. && tar czvf $TARGET.tar.gz $TARGET
-    mv $TARGET.tar.gz $DIR/dist
-    popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0 
+    go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
  
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
       if redirect_url == p.SignInPath {
               redirect_url = "/"
       }
-
+       if req.FormValue("rd") != "" {
+               redirect_url = req.FormValue("rd")
+       }
       t := struct {
               ProviderName  string
               SignInMessage string

Bayi o le kọ aworan naa ki o Titari si GitLab wa. Next ni manifests/kube-dashboard-oauth2-proxy.yaml tọkasi lilo aworan ti o fẹ (rọpo rẹ pẹlu tirẹ):

 image: docker.io/colemickens/oauth2_proxy:latest

Ti o ba ni iforukọsilẹ ti o wa ni pipade nipasẹ aṣẹ, maṣe gbagbe lati ṣafikun lilo aṣiri fun awọn aworan fa:

      imagePullSecrets:
     - name: gitlab-registry

ati ṣafikun aṣiri funrararẹ fun iforukọsilẹ:

---
apiVersion: v1
data:
 .dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
 annotations:
 name: gitlab-registry
 namespace: kube-system
type: kubernetes.io/dockercfg

Oluka akiyesi yoo rii pe okun gigun ti o wa loke jẹ base64 lati atunto:

{"registry.company.com": {
 "username": "oauth2",
 "password": "PASSWORD",
 "auth": "AUTH_TOKEN",
 "email": "[email protected]"
}
}

Eyi ni data olumulo ni GitLab, koodu Kubernetes yoo fa aworan naa lati iforukọsilẹ.

Lẹhin ti ohun gbogbo ti ṣe, o le yọkuro lọwọlọwọ (ko ṣiṣẹ ni deede) fifi sori Dashboard pẹlu aṣẹ:

$ ./ctl.sh -d

ati fi ohun gbogbo sori ẹrọ lẹẹkansi:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

O to akoko lati lọ si Dasibodu ki o wa bọtini iwọle archaic kan:

Lẹhin titẹ lori rẹ, GitLab yoo kí wa, nfunni lati wọle si oju-iwe igbagbogbo rẹ (dajudaju, ti a ko ba ti wọle tẹlẹ nibẹ):

A wọle pẹlu awọn iwe-ẹri GitLab - ati pe ohun gbogbo ti ṣe:

Nipa Dasibodu awọn ẹya ara ẹrọ

Ti o ba jẹ olupilẹṣẹ ti ko ṣiṣẹ pẹlu Kubernetes tẹlẹ, tabi nirọrun fun idi kan ko ti pade Dashboard tẹlẹ, Emi yoo ṣe apejuwe diẹ ninu awọn agbara rẹ.

Ni akọkọ, o le rii pe “ohun gbogbo jẹ alawọ ewe”:

Awọn alaye alaye diẹ sii tun wa fun awọn adarọ-ese, gẹgẹbi awọn oniyipada ayika, aworan ti a ṣe igbasilẹ, awọn ariyanjiyan ifilọlẹ, ati ipo wọn:

Awọn imuṣiṣẹ ni awọn ipo ti o han:

... ati awọn alaye miiran:

ati pe agbara tun wa lati ṣe iwọn imuṣiṣẹ naa:

Abajade ti isẹ yii:

Lara awọn ẹya miiran ti o wulo ti a mẹnuba tẹlẹ ni ibẹrẹ nkan naa ni wiwo awọn akọọlẹ:

ati iṣẹ naa lati wọle sinu console eiyan ti adarọ-ese ti o yan:

Fun apẹẹrẹ, o tun le wo awọn opin/awọn ibeere lori awọn apa:

Nitoribẹẹ, iwọnyi kii ṣe gbogbo awọn agbara ti nronu, ṣugbọn Mo nireti pe o gba imọran gbogbogbo.

Awọn alailanfani ti iṣọpọ ati Dasibodu

Ninu iṣọpọ ti a ṣalaye ko si wiwọle Iṣakoso. Pẹlu rẹ, gbogbo awọn olumulo pẹlu eyikeyi iraye si GitLab ni iraye si Dasibodu naa. Wọn ni iwọle kanna ni Dasibodu funrararẹ, ni ibamu si awọn ẹtọ ti Dasibodu funrararẹ, eyiti ti wa ni asọye ni RBAC. O han ni, eyi ko dara fun gbogbo eniyan, ṣugbọn fun ọran wa o wa ni to.

Lara awọn aila-nfani ti o ṣe akiyesi ni Dasibodu funrararẹ, Mo ṣe akiyesi atẹle naa:

• ko ṣee ṣe lati wọle sinu console ti eiyan init;
• ko ṣee ṣe lati ṣatunkọ Awọn imuṣiṣẹ ati StatefulSets, botilẹjẹpe eyi le ṣe atunṣe ni ClusterRole;
• Ibamu Dasibodu pẹlu awọn ẹya tuntun ti Kubernetes ati ọjọ iwaju ti ise agbese na gbe awọn ibeere dide.

Isoro ti o kẹhin yẹ akiyesi pataki.

Dasibodu ipo ati yiyan

Tabili ibamu Dasibodu pẹlu awọn idasilẹ Kubernetes, ti a gbekalẹ ni ẹya tuntun ti iṣẹ akanṣe (v1.10.1), ko dun pupọ:

Bi o ti lẹ jẹ pe eyi, o wa (ti a gba ni January) PR # 3476, eyiti o kede atilẹyin fun K8s 1.13. Ni afikun, laarin awọn ọran iṣẹ akanṣe o le wa awọn itọkasi si awọn olumulo ti n ṣiṣẹ pẹlu nronu ni K8s 1.14. Níkẹyìn, ṣe sinu ipilẹ koodu ise agbese ko duro. Nitorinaa (o kere ju!) Ipo gangan ti iṣẹ akanṣe ko buru bi o ti le dabi akọkọ lati tabili ibamu osise.

Nikẹhin, awọn ọna miiran wa si Dasibodu. Lára wọn:

1. K8 Daṣi - wiwo ọdọ (akọkọ ṣe ọjọ pada si Oṣu Kẹta ti ọdun yii), eyiti o ti pese awọn ẹya ti o dara tẹlẹ, gẹgẹ bi aṣoju wiwo ti ipo lọwọlọwọ ti iṣupọ ati iṣakoso awọn nkan rẹ. Ti o wa ni ipo bi “ni wiwo akoko gidi”, nitori ṣe imudojuiwọn data ti o han laifọwọyi laisi nilo ki o sọ oju-iwe naa ni ẹrọ aṣawakiri.
2. OpenShift Console - wiwo wẹẹbu kan lati Red Hat OpenShift, eyiti, sibẹsibẹ, yoo mu awọn idagbasoke miiran ti iṣẹ akanṣe wa si iṣupọ rẹ, eyiti ko dara fun gbogbo eniyan.
3. Kubernator jẹ iṣẹ akanṣe ti o nifẹ, ti a ṣẹda bi wiwo ipele-kekere (ju Dashboard) pẹlu agbara lati wo gbogbo awọn nkan iṣupọ. Sibẹsibẹ, o dabi pe idagbasoke rẹ ti duro.
4. Polaris - o kan awọn miiran ọjọ kede ise agbese kan ti o daapọ awọn iṣẹ ti nronu kan (ṣe afihan ipo ti o wa lọwọlọwọ ti iṣupọ, ṣugbọn ko ṣakoso awọn nkan rẹ) ati aifọwọyi "ifọwọsi awọn iṣẹ ti o dara julọ" (ṣayẹwo iṣupọ fun atunṣe ti awọn atunto ti Awọn imuṣiṣẹ ti nṣiṣẹ ninu rẹ).

Dipo awọn ipinnu

Dasibodu jẹ ọpa boṣewa fun awọn iṣupọ Kubernetes ti a nṣe. Isopọpọ rẹ pẹlu GitLab tun ti di apakan ti fifi sori ẹrọ aiyipada wa, bi ọpọlọpọ awọn olupilẹṣẹ ṣe ni itara nipa awọn agbara ti wọn ni pẹlu igbimọ yii.

Dasibodu Kubernetes lorekore ni awọn omiiran lati agbegbe Open Source (ati pe a ni idunnu lati gbero wọn), ṣugbọn ni ipele yii a wa pẹlu ojutu yii.

PS

Ka tun lori bulọọgi wa:

• «kubebox ati awọn nlanla miiran fun Kubernetes»;
• «Awọn iṣe CI/CD ti o dara julọ pẹlu Kubernetes ati GitLab (ayẹwo ati ijabọ fidio)»;
• «Kọ ati ran awọn ohun elo ṣiṣẹ ni Kubernetes ni lilo dapp ati GitLab CI»;
• «GitLab CI fun isọpọ igbagbogbo ati ifijiṣẹ ni iṣelọpọ. Apakan 1: opo gigun ti epo wa».

orisun: www.habr.com