Support KAS #3180
Support KAS #3180
Conversation
|
Should we make the builtin kas the only option? Remove GITLAB_AGENT_BUILTIN_KAS_ENABLED? |
|
One last fix on my side. Now kubernetes dashboard is working. |
|
For those who interested, I have pushed self built image |
kkimurak
force-pushed
the
support-builtin-kas
branch
from
8d3907d to
66cb842
Compare
kkimurak
force-pushed
the
support-builtin-kas
branch
from
66cb842 to
dead92d
Compare
|
Some documentation updated. I think it's ready for review. For those who interested in but cannot build themselves, I pushed |
|
@kkimurak it's not working for me. The reason seems to be that gitlab cannot be reached at port 8080. Changing the port to 8181 in gitlab kas config seems to solve it. At least for kas itself. The gitlab-agent (k8s part) still cannot connect. |
|
@th-2021 Oh sorry, I'll look into it. I made some changes based on your code (18.5.1), so I'll start by checking if the generated configuration is the same after starting the container. |
|
@kkimurak the port 8080 stuff is imho not related to the patches. Maybe a puma change in gitlab itself. |
|
|
|
@kkimurak if puma runs no longer at port 8080, maybe we should change gitlab kas config to use port 8181 (gitlab workhorse). |
Without those changes puma (and then gitlab itself) does not starts See following upstream changes: - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128619 (overwritten by gitlab-org/gitlab!132581) - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132581 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211331
Without those changes puma (and then gitlab itself) does not starts See following upstream changes: - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128619 (overwritten by gitlab-org/gitlab!132581) - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132581 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211331
Co-authored-by: Kazunori Kimura <[email protected]>
Co-authored-by: Kazunori Kimura <[email protected]>
Removed +
Co-authored-by: Kazunori Kimura <[email protected]>
Fix link fragment for gitlab-kas in TOC (markdownlint: MD-051 - must be lowercase)
also add process to generate secret files for KAS - GITLAB_KAS_SECRET - GITLAB_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE - GITLAB_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE
sync with upstream
- build KAS on build, enable via GITLAB_AGENT_KAS_ENABLED
(automatically enabled if GITLAB_KAS_ENABLED=true)
- Add built-in KAS config file
kas config: import upstream (v15.10.0 - d88f4b89)
- minimal parameterization
gitlab side:
- GITLAB_KAS_ENABLED
gitlab_rails['gitlab_kas_enabled'] for omnibus installation
- GITLAB_KAS_INTERNAL
gitlab_rails['gitlab_kas_internal_url'] for omnibus installation
- GITLAB_KAS_EXTERNAL
gitlab_rails['gitlab_kas_external_url'] for omnibus installation
- GITLAB_KAS_PROXY
gitlab_rails['gitlab_kas_external_k8s_proxy_url'] for omnibus installation
kas side:
- GITLAB_AGENT_KAS_ENABLED
gitlab_kas['enabled'] for omnibus installation
- GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE
gitlab_kas['internal_api_listen_authentication_secret_file']
- GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE
used by both:
- GITLAB_KAS_SECRET
used as a value for
- gitlabhq/gitlab.yml : production.gitlab_kas.secret_file
- gitlab-agent/gitlab-kas_config.yaml : gitlab.authentication_secret_file
Prefix for parameters that only used by gitlab-agent/kas is "GITLAB_AGENT_KAS_"
Also add process to generate secret files for KAS
Update built-in KAS to 16.10.1, sync config
Update built-in gitlab-kas to v17.0.2, sync configuration
- Bump to v17.0.0, sync configuration
GitOps module have been removed. See upstream change:
https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/1436
- Bump: gitlab-kas 17.0.1
no change in configuration file
- Bump: gitlab-kas 17.0.2
no change in configuration file
Personal note:
I am still unable to successfully connect the agent from the WebUI.
The problem is that I don't know the correct way to do it in the first place,
so I have to check it out.
Stop gitlab_kas before restoring backup
It seems that kas has DB connection and blocks restoration
- Bump: gitlab-kas 18.1.0
reference configuration file have been renamed to kascfg_defaults.yaml
and does not contain full configurations
So I have to search a way to generate full configuration from .proto
or docs
default to api.listen.authentication_secret_file, as omnibus-gitlab do
squash following commit: - update to 18.5.0 - upgrade to 18.5.1
add WEBTOKEN secret; remove GITLAB_KAS_SECRET Replace GITLAB_KAS_SECRET by GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE
Add kas location to assets/runtime/config/nginx/gitlab(-ssl) config KAS location is affected by GITLAB_RELATIVE_URL_ROOT so add update process to assets/runtime/functions
in gitlab-kas_config.yaml complete 18.5.0 upgrade
Merge GITLAB_AGENT_BUILTIN_KAS_ENABLED and GITLAB_AGENT_KAS_ENABLED
User still only required to set `GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE` as `GITLAB_KAS_SECRET` finally default to `GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE` (over `GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE`)
kkimurak
force-pushed
the
support-builtin-kas
branch
from
dead92d to
e2673eb
Compare
|
I have noticed that I removed |
|
Built successfully. pushed |
|
@kkimurak I removed my old agent entry and now I cannot register a new agent. The entry is missing. Only "create a cluster" is shown. Any idea? |
|
@kkimurak not sure, what was, the issue is gone now. k8s environment is working again. |
5 participants
This PR adds configurations for external / built-in KAS and installation process to build built-in KAS.
Close #2736
External KAS settings implemented by @antt1995 (in #2598, rebased by @kkimurak)
Built-in KAS build process implemented by @kkimurak
Built-in KAS configuration test, improvements and updates until it works by @th-2021
TODO