目录
[3.K8S 1.29版本 部署Redis](#3.K8S 1.29版本 部署Redis)
[4.K8S 1.29版本 部署Postgresql](#4.K8S 1.29版本 部署Postgresql)
[5.K8S 1.29版本 部署GitLab](#5.K8S 1.29版本 部署GitLab)
[6.K8S 部署istio微服务](#6.K8S 部署istio微服务)
[7.K8S 部署ingress应用路由](#7.K8S 部署ingress应用路由)
[4.安装istio 报错](#4.安装istio 报错)
[5.istio-ingressgateway 一直处于pending状态](#5.istio-ingressgateway 一直处于pending状态)
[6.istio如何实现自动注入 sidecar](#6.istio如何实现自动注入 sidecar)
7.K8S容器从公钥接收失败
一、实验
1.环境
(1)主机
表1 主机
|--------|--------------|--------|----------------|------------|
| 主机 | 架构 | 版本 | IP | 备注 |
| master | K8S master节点 | 1.29.0 | 192.168.204.8 | |
| node1 | K8S node节点 | 1.29.0 | 192.168.204.9 | |
| node2 | K8S node节点 | 1.29.0 | 192.168.204.10 | 已部署Kuboard |
(2)master节点查看集群
bash
1)查看node
kubectl get node
2)查看node详细信息
kubectl get node -o wide
(3)查看pod
bash
[root@master ~]# kubectl get pod -A
![](https://file.jishuzhan.net/article/1783360161847447554/8c1315372e66f9b46d4fad85857b45f4.webp)
(4) 访问Kuboard
bash
http://192.168.204.10:30080/kuboard/cluster
![](https://file.jishuzhan.net/article/1783360161847447554/d96a81430750025583df8cbd07eb31e9.webp)
查看节点
![](https://file.jishuzhan.net/article/1783360161847447554/0294b49787ffa63b1826b16139d93075.webp)
2.搭建NFS
(1)检查并安装rpcbind和nfs-utils软件包
bash
[root@master ~]# rpm -q rpcbind nfs-utils
![](https://file.jishuzhan.net/article/1783360161847447554/1d1b6ca085c5f8405c941f4906ad5181.webp)
(2)创建目录并授权
bash
[root@master ~]# mkdir -p /opt/k8s
![](https://file.jishuzhan.net/article/1783360161847447554/34dc95040745505a9d371014257db507.webp)
bash
[root@master ~]# chmod 777 k8s/
![](https://file.jishuzhan.net/article/1783360161847447554/0ac4965f4bbfe0344b60647eee1ffad1.webp)
(3)打开nfs的配置文件
bash
[root@master opt]# vim /etc/exports
![](https://file.jishuzhan.net/article/1783360161847447554/8859c0df92cc231deb0c68293023f179.webp)
(4)配置文件
给所有网段用户赋予读写权限、同步内容、不压缩共享对象root用户权限
bash
/opt/k8s *(rw,sync,no_root_squash)
![](https://file.jishuzhan.net/article/1783360161847447554/e529729fc3f2c4bfdd3ad65e809f597b.webp)
(5)先后开启rpcbind、nfs服务并热加载配置文件内容,查看本机发布的nfs共享目录
bash
[root@master opt]# systemctl start rpcbind
[root@master opt]# systemctl start nfs
![](https://file.jishuzhan.net/article/1783360161847447554/64807e387eaaa45ff6fe2ee44ac22c8c.webp)
![](https://file.jishuzhan.net/article/1783360161847447554/2861502f2d69a64fb33bd2a1c125a295.webp)
(6)监听端口
bash
[root@master opt]# ss -antp | grep rpcbind
![](https://file.jishuzhan.net/article/1783360161847447554/fb751e37d0d85251a79206c869bb4016.webp)
(7)查看共享
bash
[root@master opt]# showmount -e
![](https://file.jishuzhan.net/article/1783360161847447554/291c5f51b4cada7328f381d068465a28.webp)
其他节点查看
bash
[root@node1 ~]# showmount -e master
![](https://file.jishuzhan.net/article/1783360161847447554/a6886bd7165aec7edcdf3387c81ebea9.webp)
3.K8S 1.29版本 部署Redis
(1)查阅
第三方镜像仓库
bash
https://hub.docker.com/u/sameersbn
镜像(Gitlab
主要涉及到3个应用:Redis、Postgresql、Gitlab 核心程序,实际上只要将这3个应用分别启动起来,然后加上对应的配置就可以方便快速的安装 Gitlab )
bash
1)redis
sameersbn/redis
2)postgresql
sameersbn/postgresql
3)gitlab
sameersbn/gitlab
(2)创建redis的pv
bash
[root@master ~]# vim pv-redis.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/d714e51546caeda38f8ce90e9bb60718.webp)
bash
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-redis
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: "pv-redis"
nfs:
path: /opt/k8s
server: 192.168.204.8
![](https://file.jishuzhan.net/article/1783360161847447554/7f50b5544303a313489c853dca41b70b.webp)
(3)生成资源
bash
[root@master ~]# kubectl apply -f pv-redis.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/8e6179d43fda57e2b6a34c8623388c79.webp)
(4)查看pv
bash
[root@master ~]# kubectl get pv
![](https://file.jishuzhan.net/article/1783360161847447554/4018274bb657ef59913b82b4c5b128fd.webp)
(5)拉取镜像
node1
bash
[root@node1 ~]# docker pull sameersbn/redis:latest
![](https://file.jishuzhan.net/article/1783360161847447554/ec6c475c7ed667657109cb2a236d6b1e.webp)
(6) 导出镜像
bash
[root@node1 ~]# docker save -o redis.tar sameersbn/redis:latest
![](https://file.jishuzhan.net/article/1783360161847447554/d2721914b6e21bcceb7ce546b5062c04.webp)
(7)复制Docker镜像到node2节点
bash
[root@node1 ~]# scp redis.tar root@node2:~
![](https://file.jishuzhan.net/article/1783360161847447554/7cbad08f221d43793641d2d6449d220f.webp)
(8)node2节点导入Docker镜像
bash
[root@node2 ~]# docker load -i redis.tar
![](https://file.jishuzhan.net/article/1783360161847447554/fe29567cddf4253dc43bd953ce9f5ff3.webp)
(9)创建名称空间
bash
[root@master ~]# kubectl create ns devops
![](https://file.jishuzhan.net/article/1783360161847447554/bb1158499b3dd10437c72ac160096d65.webp)
(10)部署redis
bash
[root@master ~]# vim redis.yaml
bash
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-pvc
namespace: devops
spec:
accessModes:
- ReadWriteMany
storageClassName: "pv-redis"
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: devops
labels:
name: redis
spec:
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
name: redis
labels:
name: redis
spec:
containers:
- name: redis
image: sameersbn/redis:latest
imagePullPolicy: IfNotPresent
ports:
- name: redis
containerPort: 6379
volumeMounts:
- mountPath: /var/lib/redis
name: data
subPath: redis
livenessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: redis-pvc
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: devops
labels:
name: redis
spec:
ports:
- name: redis
port: 6379
targetPort: redis
selector:
name: redis
![](https://file.jishuzhan.net/article/1783360161847447554/0e7d4f38e2c16599bd0e57accf77a915.webp)
(11)生成资源
bash
[root@master ~]# kubectl apply -f redis.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/4bc8fd229da1c31924f9be37dc890e4c.webp)
(12)查看pv,pvc
bash
[root@master ~]# kubectl get pv
![](https://file.jishuzhan.net/article/1783360161847447554/f9efb3940c42385c01dfec2c5878cd8b.webp)
bash
[root@master ~]# kubectl get pvc -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/496bbf69aef6ac871bc6b515ff58a8bf.webp)
4.K8S 1.29版本 部署Postgresql
(1)创建postgresql的pv
bash
[root@master ~]# vim pv-postgresql.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/e9bd9eabe118ce1cf8aedb9801c555b5.webp)
bash
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-postgresql
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: "pv-postgresql"
nfs:
path: /opt/k8s
server: 192.168.204.8
![](https://file.jishuzhan.net/article/1783360161847447554/0d2b5b94690e9d91d092cfaef4114515.webp)
(2)生成资源
bash
[root@master ~]# kubectl apply -f pv-postgresql.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/608a49b7e539e6f84a46dedbfba8cef3.webp)
(3)拉取镜像
node1
bash
[root@node1 ~]# docker pull sameersbn/postgresql:12-20200524
![](https://file.jishuzhan.net/article/1783360161847447554/e54afc48d9718741fc42bb554a08bedf.webp)
(4) 导出镜像
bash
[root@node1 ~]# docker save -o postgresql.tar sameersbn/postgresql:12-20200524
![](https://file.jishuzhan.net/article/1783360161847447554/6b99085f7c2b4b676002ca67b3b294c4.webp)
(7)复制Docker镜像到node2节点
bash
[root@node1 ~]# scp postgresql.tar root@node2:~
![](https://file.jishuzhan.net/article/1783360161847447554/11316e05b2257b08f17377075737a859.webp)
(8)node2节点导入Docker镜像
bash
[root@node2 ~]# docker load -i postgresql.tar
![](https://file.jishuzhan.net/article/1783360161847447554/4b8b11ce29a3d09a635545b4b4d6fe7a.webp)
(9)部署postgresql
bash
[root@master ~]# vim postgresql.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/516acb70d9383b302ec40fc6a5321dc0.webp)
bash
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgresql-pvc
namespace: devops
spec:
accessModes:
- ReadWriteMany
storageClassName: "pv-postgresql"
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
namespace: devops
labels:
name: postgresql
spec:
replicas: 1
selector:
matchLabels:
name: postgresql
template:
metadata:
name: postgresql
labels:
name: postgresql
spec:
containers:
- name: postgresql
image: sameersbn/postgresql:12-20200524
imagePullPolicy: IfNotPresent
env:
- name: DB_USER
value: gitlab
- name: DB_PASS
value: passw0rd
- name: DB_NAME
value: gitlab_production
- name: DB_EXTENSION
value: pg_trgm,btree_gist
ports:
- name: postgres
containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql
name: data
subPath: postgresql
livenessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- postgres
initialDelaySeconds: 5
timeoutSeconds: 1
readinessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- postgres
initialDelaySeconds: 5
timeoutSeconds: 1
startupProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- postgres
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 100
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: postgresql-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
namespace: devops
labels:
name: postgresql
spec:
ports:
- name: postgres
port: 5432
targetPort: 5432
selector:
name: postgresql
(10) 生成资源
bash
[root@master ~]# kubectl apply -f postgresql.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/b08ba7b4ef3a087cd28da67ec21be5a5.webp)
(11)查看pv,pvc
bash
[root@master ~]# kubectl get pv -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/bf29d769b78b140a6b801a628806099d.webp)
bash
[root@master ~]# kubectl get pvc -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/9bc7b9f6fa34e2daa9b7fcef51dff3c7.webp)
5.K8S 1.29版本 部署GitLab
(1)创建gitlab的pv
bash
[root@master ~]# vim pv-gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/8ef2a870c064520b8c9e18367c999ff5.webp)
bash
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-gitlab
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: "pv-gitlab"
nfs:
path: /opt/k8s
server: 192.168.204.8
![](https://file.jishuzhan.net/article/1783360161847447554/c242f3f676956069fd2f55ac58b76bb0.webp)
(2)生成资源
bash
[root@master ~]# kubectl apply -f pv-gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/28bee1c45583241d5dad49a3025699b3.webp)
(3)拉取镜像
node2
bash
[root@node1 ~]# docker pull sameersbn/gitlab:15.6.0
![](https://file.jishuzhan.net/article/1783360161847447554/de954f2f7b61b6cfd6ef5db20f1a14bc.webp)
(4) 导出镜像
bash
[root@node2 ~]# docker save -o gitlab.tar sameersbn/gitlab:15.6.0
![](https://file.jishuzhan.net/article/1783360161847447554/645cd3862f23787f83f596386d2fa229.webp)
(7)复制Docker镜像到node1节点
bash
[root@node2 ~]# scp gitlab.tar root@node1:~
![](https://file.jishuzhan.net/article/1783360161847447554/8f19725af690ff4df0d9680466bd11a4.webp)
(8)node1节点导入Docker镜像
bash
[root@node1 ~]# docker load -i gitlab.tar
![](https://file.jishuzhan.net/article/1783360161847447554/6bdb1caeb969452ba69b4e2b7387c206.webp)
(9) 部署gitlab
bash
[root@master ~]# vim gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/8915d495eb84e94251dfe4190dd00f1c.webp)
bash
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-pvc
namespace: devops
spec:
accessModes:
- ReadWriteMany
storageClassName: "pv-gitlab"
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: devops
name: gitlab-sa
labels:
account: gitlab
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: devops
labels:
app: gitlab
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
version: v1
template:
metadata:
labels:
app: gitlab
version: v1
spec:
serviceAccountName: gitlab-sa
containers:
- name: gitlab
image: sameersbn/gitlab:15.6.0
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_TIMEZONE
value: Beijing
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_ROOT_PASSWORD
value: admin123
- name: GITLAB_ROOT_EMAIL
value: 7jjw@163.com
- name: GITLAB_HOST
value: gitlab.site
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "31022"
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: DB_TYPE
value: postgres
- name: DB_HOST
value: postgresql
- name: DB_PORT
value: "5432"
- name: DB_USER
value: gitlab
- name: DB_PASS
value: passw0rd
- name: DB_NAME
value: gitlab_production
- name: REDIS_HOST
value: redis
- name: REDIS_PORT
value: "6379"
ports:
- name: http
containerPort: 80
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /home/git/data
name: data
subPath: gitlab
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 180
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 1
startupProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 100
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: gitlab-pvc
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: devops
labels:
app: gitlab
service: gitlab
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: http
- name: ssh
port: 22
targetPort: ssh
selector:
app: gitlab
(10) 生成资源
bash
[root@master ~]# kubectl apply -f gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/33df65c53f235d414cbb6ece81b3db71.webp)
(11)查看pv,pvc
bash
[root@master ~]# kubectl get pv -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/2710c007f112b56d69d4d379a90023cd.webp)
bash
[root@master ~]# kubectl get pvc -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/ec6796897da47f60ef55e4957617b3c7.webp)
(12) 查看pod,svc
bash
[root@master ~]# kubectl get pod,svc -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/2af03d75069aa347d1cc08a3fcfb2a9d.webp)
(13)Kuboard查看
工作负载
![](https://file.jishuzhan.net/article/1783360161847447554/dc067247230cb38a5de35c04430321c0.webp)
容器组
![](https://file.jishuzhan.net/article/1783360161847447554/6b73cca03bb57646f9a06cb7172270df.webp)
服务
![](https://file.jishuzhan.net/article/1783360161847447554/eceed1ea481038d140458569cc07c341.webp)
存储
![](https://file.jishuzhan.net/article/1783360161847447554/bfea44b4049fbc8ae6710d02ff294b63.webp)
6.K8S 部署istio微服务
(1)查阅
bash
https://github.com/istio/istio/releases
(2)选择版本
bash
https://github.com/istio/istio/releases/tag/1.18.2
![](https://file.jishuzhan.net/article/1783360161847447554/08944e6974a5500fad5aa47849494dbd.webp)
(3)master节点解压
bash
[root@master ~]# tar zxvf istio-1.18.2-linux-amd64.tar.gz
![](https://file.jishuzhan.net/article/1783360161847447554/270af648b4713bf3fe17ffb5b7d26081.webp)
(4)切换到istio包所在目录
bash
[root@master ~]# cd istio-1.18.2/
[root@master istio-1.18.2]# ls
samples/目录下,有示例应用程序;
bin/目录下,有istioctl客户端文件。istioctl工具用于手动注入Envoy sidecar代理。
![](https://file.jishuzhan.net/article/1783360161847447554/ca00fbbf1e0b546203abde6d5e33b87f.webp)
(5)把istioctl这个可执行文件拷贝到/bin目录
bash
[root@master istio-1.18.2]# cp /root/istio-1.18.2/bin/istioctl /bin/
![](https://file.jishuzhan.net/article/1783360161847447554/3b692806bf4c1bb7902fb0850938f51e.webp)
(6)node节点导入镜像
node1
bash
[root@node1 ~]# docker load -i istio1.18.tar.gz
![](https://file.jishuzhan.net/article/1783360161847447554/8630e2112536aabfb88cecd30175166a.webp)
node2
bash
[root@node2 ~]# docker load -i istio1.18.tar.gz
![](https://file.jishuzhan.net/article/1783360161847447554/fdd4e5eddca5bc3aa774035e121d88ee.webp)
(7) 安装istio
bash
[root@master istio-1.18.2]# istioctl install --set profile=demo -y
? Istio core installed
? Istiod installed
? Ingress gateways installed
? Egress gateways installed
? Installation complete Making this installation the default for injection and validation.
![](https://file.jishuzhan.net/article/1783360161847447554/b4a20623a5c6cc53d90cbb156393833e.webp)
(8)验证
bash
[root@master istio-1.18.2]# kubectl get pods -n istio-system
![](https://file.jishuzhan.net/article/1783360161847447554/d39d42706118799116531c0cf57c7eb9.webp)
(9)Kuboard查看
![](https://file.jishuzhan.net/article/1783360161847447554/df41666f411304bfd48aa5c6af8ba8e9.webp)
(10)创建网关
bash
[root@master ~]# vim gitlab-gateway.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/f580c0d26886d71fcced799acb9d1948.webp)
bash
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gitlab-gateway
namespace: devops
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "gitlab.site"
![](https://file.jishuzhan.net/article/1783360161847447554/c1933122298a5c1cab9e7a4c072f463f.webp)
bash
[root@master ~]# kubectl apply -f gitlab-gateway.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/96629a45b55f27669d38a046c7573d31.webp)
(11)创建虚拟服务
bash
[root@master ~]# vim gitlab-vs.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/90b8c03ee8a844a4f9537a3d4d9df698.webp)
bash
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: gitlab-vs
namespace: devops
spec:
hosts:
- "gitlab.site"
gateways:
- gitlab-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: gitlab
port:
number: 80
![](https://file.jishuzhan.net/article/1783360161847447554/2a80aa0337eb62dd64cdde3596aad4ec.webp)
bash
[root@master ~]# kubectl apply -f gitlab-vs.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/a1707beda3031b3de45aa868d6334bad.webp)
(12)查看网关
bash
[root@master ~]# kubectl get gateway -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/fd0eebb5d50190635c91204e33f27335.webp)
(13)查看虚拟服务
bash
[root@master ~]# kubectl get virtualservice -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/abb33cd6c52b86e3f6e9d27538d06ed9.webp)
(14)通过istio提供的入口网关访问pod
bash
[root@master ~]# kubectl get svc -n istio-system
![](https://file.jishuzhan.net/article/1783360161847447554/f45b42a1f7a3b56168521492a6fc1400.webp)
(15)查看关联
bash
[root@master ~]# kubectl get pods -n istio-system -owide
istio-ingressgateway是service资源,关联的pod是istio-system名称空间叫做iistio-ingressgateway-6d9f6c64cb-nldhf的pod
![](https://file.jishuzhan.net/article/1783360161847447554/4f7d67f3ed5259af6ec95be0e90f027a.webp)
(16)查看istio-ingressgateway这个service的详细信息
bash
[root@master ~]# kubectl describe svc istio-ingressgateway -n istio-system
Name: istio-ingressgateway
Namespace: istio-system
Labels: app=istio-ingressgateway
install.operator.istio.io/owning-resource=unknown
install.operator.istio.io/owning-resource-namespace=istio-system
istio=ingressgateway
istio.io/rev=default
operator.istio.io/component=IngressGateways
operator.istio.io/managed=Reconcile
operator.istio.io/version=1.18.2
release=istio
Annotations: <none>
Selector: app=istio-ingressgateway,istio=ingressgateway
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.97.137.224
IPs: 10.97.137.224
Port: status-port 15021/TCP
TargetPort: 15021/TCP
NodePort: status-port 30820/TCP
Endpoints: 10.244.166.162:15021
Port: http2 80/TCP
TargetPort: 8080/TCP
NodePort: http2 31447/TCP
Endpoints: 10.244.166.162:8080
Port: https 443/TCP
TargetPort: 8443/TCP
NodePort: https 31205/TCP
Endpoints: 10.244.166.162:8443
Port: tcp 31400/TCP
TargetPort: 31400/TCP
NodePort: tcp 30086/TCP
Endpoints: 10.244.166.162:31400
Port: tls 15443/TCP
TargetPort: 15443/TCP
NodePort: tls 32071/TCP
Endpoints: 10.244.166.162:15443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
![](https://file.jishuzhan.net/article/1783360161847447554/23455984b66f23cc9774ec4b42b3bbeb.webp)
(17)Kuboard查看
工作负载
![](https://file.jishuzhan.net/article/1783360161847447554/d03a1cc95fb88e4c740a6265586b3877.webp)
容器组
![](https://file.jishuzhan.net/article/1783360161847447554/deff90741dcd1cce80c429b276929df8.webp)
服务
![](https://file.jishuzhan.net/article/1783360161847447554/cc1ec64886c44e3f05e8fe23668cb4bf.webp)
7.K8S 部署ingress应用路由
(1)K8S进入容器查看
bash
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash
![](https://file.jishuzhan.net/article/1783360161847447554/a32800dccb345a746123adb190b3a7c6.webp)
安装net-tools
bash
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# apt-get install net-tools
![](https://file.jishuzhan.net/article/1783360161847447554/91d30ee382f9d38bf3857dfe236c9752.webp)
安装lsof
bash
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# apt-get install lsof
![](https://file.jishuzhan.net/article/1783360161847447554/fc7b647dfb1d19b53c311684e89728bf.webp)
(2)监听端口
bash
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# netstat -antlp
![](https://file.jishuzhan.net/article/1783360161847447554/b11979a44bea7bc09a27acde7f6d8ebf.webp)
curl测试
bash
curl 127.0.0.1
![](https://file.jishuzhan.net/article/1783360161847447554/3c8674e43f052de0904729f0a271f6e8.webp)
lsof
bash
lsof -i
![](https://file.jishuzhan.net/article/1783360161847447554/31a526bcbf5f17ca18456e8ec2e804d5.webp)
bash
lsof -i:80
![](https://file.jishuzhan.net/article/1783360161847447554/5d819cf9c72a244db4313c8267a22ab2.webp)
(3)master节点查看svc
ingress-nginx-controller 默认是LoadBalancer,一直为pending状态
bash
[root@master ~]# kubectl get svc -n ingress-nginx
![](https://file.jishuzhan.net/article/1783360161847447554/b6a7bf34ac70683791c85195240d5bd1.webp)
(4)修改svc
bash
[root@master ~]# kubectl edit svc ingress-nginx-controller -n ingress-nginx
![](https://file.jishuzhan.net/article/1783360161847447554/919bb9da993c6e5fa203f60366b3a2be.webp)
修改前:
![](https://file.jishuzhan.net/article/1783360161847447554/4202940444f27199e230c409d5279d3f.webp)
修改后:
![](https://file.jishuzhan.net/article/1783360161847447554/7b1d72fdbef70177a2bf3a4673c996cc.webp)
(5)Kuboard查看
![](https://file.jishuzhan.net/article/1783360161847447554/42fdae995f11da688402b65bb0e2c6a4.webp)
(6)部署ingress
bash
[root@master ~]# vim ingress-gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/8e64832029bc1878bf74442c912f6ca0.webp)
bash
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-gitlab
namespace: devops
spec:
ingressClassName: "nginx"
rules:
- host: gitlab.site
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitlab
port:
number: 80
(7)生成资源
bash
[root@master ~]# kubectl apply -f ingress-gitlab.yaml
![](https://file.jishuzhan.net/article/1783360161847447554/003908486a37ffa7ed027eb37d228a00.webp)
(8)查看ingress
bash
[root@master ~]# kubectl get ingress -n devops
![](https://file.jishuzhan.net/article/1783360161847447554/04e235c82587c0a7b31e9ecf63371a95.webp)
(9)详细查看
bash
[root@master ~]# kubectl describe ingress ingress-gitlab -n devops
Name: ingress-gitlab
Labels: <none>
Namespace: devops
Address: 10.101.23.182
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
gitlab.site
/ gitlab:80 (10.244.166.159:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 17m (x2 over 17m) nginx-ingress-controller Scheduled for sync
Normal Sync 17m (x2 over 17m) nginx-ingress-controller Scheduled for sync
![](https://file.jishuzhan.net/article/1783360161847447554/6c9ca0444b553c6c2a5e6800aa28ca8e.webp)
(10)Kuboard查看
应用路由
![](https://file.jishuzhan.net/article/1783360161847447554/b25341185d5ed3170ea1c665d9dbaf7a.webp)
详细信息
![](https://file.jishuzhan.net/article/1783360161847447554/0ca14d068d4fe531d44e70f6e2a2140b.webp)
(11)master节点修改hosts
bash
[root@master ~]# vim /etc/hosts
![](https://file.jishuzhan.net/article/1783360161847447554/79268f8ef27fbd127fa152252150e49c.webp)
![](https://file.jishuzhan.net/article/1783360161847447554/9e60b5f9b4801d22b269545ab3bb02cd.webp)
(11)curl测试
bash
[root@master ~]# curl gitlab.site:31820
![](https://file.jishuzhan.net/article/1783360161847447554/5b9b37566f9d01a6694d9775279c3f69.webp)
(12)物理机修改hosts
![](https://file.jishuzhan.net/article/1783360161847447554/1a7c0d6a58e32e1b401d47f3b7929ff7.webp)
![](https://file.jishuzhan.net/article/1783360161847447554/78ce156534fef92201db476ac05e4b00.webp)
(13)访问系统
bash
http://gitlab.site:31820
![](https://file.jishuzhan.net/article/1783360161847447554/8b229ae0e4adff8c3b3d714edd979805.webp)
(14)输入用户名和密码
bash
账号:root
密码:admin123
![](https://file.jishuzhan.net/article/1783360161847447554/f5f7d3ce6faa4f3375030a4bf3155dce.webp)
(15)成功进入系统
![](https://file.jishuzhan.net/article/1783360161847447554/82480e2fe1e8f863641f8d50d364dee1.webp)
二、问题
1.K8S部署gitlab报错
(1)报错
bash
Warning Unhealthy 2m43s (x15 over 3m53s) kubelet Startup probe failed: Get "http://10.244.166.144:80/": dial tcp 10.244.166.144:80: connect: connection refused
Warning Unhealthy 23s (x28 over 2m38s) kubelet Startup probe failed: HTTP probe failed with statuscode: 502
![](https://file.jishuzhan.net/article/1783360161847447554/7b4d5837f19b5306b53da7b33b2299e1.webp)
(2)原因分析
gitlab镜像版本的问题,使用的版本有问题导致启动失败。
bash
1)修改sameersbn仓库镜像:
sameersbn/gitlab:15.6.0
2)其他支持的gitlab仓库镜像:
gitlab/gitlab-ce:14.0.0-ce.0或者gitlab/gitlab-ce:15.6.0-ce.0
(3)解决方法
删除资源
![](https://file.jishuzhan.net/article/1783360161847447554/87dc72017ffe417c651b606866dad6c5.webp)
修改部署文件的gitlab镜像版本:
![](https://file.jishuzhan.net/article/1783360161847447554/5984c35f3cc0a4d7af9b4e2f979f1314.webp)
换了镜像后,启动pod成功,但用describe命令查看描述日志,仍然出现了开始的警告内容
此时可尝试修改readinessProbe参数中的initialDelaySeconds和timeoutSeconds
分别修改为180和5。
修改前:
![](https://file.jishuzhan.net/article/1783360161847447554/d388db82376fca9cf89f4a6ad17fa6d4.webp)
修改后:(此举用意在于增加初始化延迟时间和超时时间来避免时间过短导致步骤未成功走完就报错。)
![](https://file.jishuzhan.net/article/1783360161847447554/516c87ee5f37a3fcc7f0d896104938e1.webp)
2.gitlab创建失败
(1)报错
gitlab的pod启动失败
![](https://file.jishuzhan.net/article/1783360161847447554/61ed5f309fc50f3576ab4d52b7d15372.webp)
(2)原因分析
查看日志
![](https://file.jishuzhan.net/article/1783360161847447554/ce9078fca29a897812fac8745d8b0c3d.webp)
bash
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Generating OpenSSH host keys... RSA DSA ECDSA ED25519
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database....
Configuring gitlab::redis..
Configuring gitlab::actioncable
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
2024-04-23 21:25:23,390 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:25:23,397 INFO RPC interface 'supervisor' initialized
2024-04-23 21:25:23,398 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:25:23,398 INFO supervisord started with pid 753
2024-04-23 21:25:24,402 INFO spawned: 'gitaly' with pid 763
2024-04-23 21:25:24,405 INFO spawned: 'puma' with pid 764
2024-04-23 21:25:24,409 INFO spawned: 'gitlab-workhorse' with pid 765
2024-04-23 21:25:24,412 INFO spawned: 'sidekiq' with pid 766
2024-04-23 21:25:24,415 INFO spawned: 'sshd' with pid 772
2024-04-23 21:25:24,418 INFO spawned: 'nginx' with pid 773
2024-04-23 21:25:24,421 INFO spawned: 'cron' with pid 778
2024-04-23 21:25:25,911 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:25:25,911 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:25:25,911 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,912 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
psql: error: could not translate host name "postgresql" to address: Temporary failure in name resolution
重点是最后一行:
bash
psql: error: could not translate host name "postgresql" to address: Temporary failure in name resolution
![](https://file.jishuzhan.net/article/1783360161847447554/2da9ca33848b420cae67d00391f28228.webp)
(3)解决方法
查看容器地址
bash
[root@master ~]# kubectl get pod -o wide -n devops
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
gitlab-84d7ff8cc6-k2kh9 0/1 Running 4 (66s ago) 14m 10.244.166.159 node1 <none> <none>
postgresql-6d7dfcf685-nhmw5 1/1 Running 0 26m 10.244.166.157 node1 <none> <none>
redis-6948bd4c7f-gp2ml 1/1 Running 0 49m 10.244.166.151 node1 <none> <none>
![](https://file.jishuzhan.net/article/1783360161847447554/0eac474a0a8dbbd3b035ca008f4713f3.webp)
K8S 进入容器添加hosts
bash
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.244.166.159 gitlab-84d7ff8cc6-k2kh9
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# echo "10.244.166.157 postgresql" >> /etc/hosts
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# echo "10.244.166.151 redis" >> /etc/hosts
![](https://file.jishuzhan.net/article/1783360161847447554/63dc904618712a00a5c7f0dee3116885.webp)
查看
bash
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.244.166.159 gitlab-84d7ff8cc6-k2kh9
10.244.166.157 postgresql
10.244.166.151 redis
![](https://file.jishuzhan.net/article/1783360161847447554/a17d96ab175a1cfbe6d6072fb22415cb.webp)
再次查看日志
![](https://file.jishuzhan.net/article/1783360161847447554/0c55daa8642261e3d7335d1509f1255f.webp)
bash
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database..
Configuring gitlab::redis...
Configuring gitlab::actioncable
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
Setting up GitLab for firstrun. Please be patient, this could take a while...
2024-04-23 21:39:06,958 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:39:06,966 INFO RPC interface 'supervisor' initialized
2024-04-23 21:39:06,966 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:39:06,966 INFO supervisord started with pid 755
2024-04-23 21:39:07,970 INFO spawned: 'gitaly' with pid 768
2024-04-23 21:39:07,974 INFO spawned: 'puma' with pid 769
2024-04-23 21:39:07,977 INFO spawned: 'gitlab-workhorse' with pid 770
2024-04-23 21:39:07,980 INFO spawned: 'sidekiq' with pid 771
2024-04-23 21:39:07,983 INFO spawned: 'sshd' with pid 777
2024-04-23 21:39:07,986 INFO spawned: 'nginx' with pid 778
2024-04-23 21:39:07,989 INFO spawned: 'cron' with pid 782
2024-04-23 21:39:09,462 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:39:09,463 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:39:09,463 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:40,078 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:39:40,081 INFO spawned: 'puma' with pid 886
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: already initialized constant Gitlab::Instrumentation::Red
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: previous definition of ActionCable was here
2024-04-23 21:39:41,387 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:41,388 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:39:41,620 INFO spawned: 'sidekiq' with pid 887
2024-04-23 21:39:43,017 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
Database 'gitlab_production' already exists
psql:/home/git/gitlab/db/structure.sql:9: NOTICE: extension "btree_gist" already exists, skipping
psql:/home/git/gitlab/db/structure.sql:11: NOTICE: extension "pg_trgm" already exists, skipping
2024-04-23 21:40:10,686 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:40:10,689 INFO spawned: 'puma' with pid 919
2024-04-23 21:40:11,692 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:40:12,042 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:40:12,213 INFO spawned: 'sidekiq' with pid 920
2024-04-23 21:40:13,217 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:40:40,234 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:40:41,236 INFO spawned: 'puma' with pid 929
2024-04-23 21:40:42,140 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:40:42,832 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:40:42,835 INFO spawned: 'sidekiq' with pid 930
2024-04-23 21:40:43,837 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:41:33,889 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:41:34,767 INFO spawned: 'puma' with pid 942
2024-04-23 21:41:34,854 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:41:34,857 INFO spawned: 'sidekiq' with pid 943
2024-04-23 21:41:35,859 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:41:35,859 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
Migrating database...
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: already initialized constant Gitlab::Instrumentation::Red
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: previous definition of ActionCable was here
Clearing cache...
2024-04-23 21:43:41,207 WARN received SIGTERM indicating exit request
2024-04-23 21:43:41,208 INFO waiting for gitaly, puma, gitlab-workhorse, sidekiq, sshd, nginx, cron to die
2024-04-23 21:43:41,209 INFO stopped: cron (terminated by SIGTERM)
2024-04-23 21:43:41,209 INFO stopped: sshd (exit status 0)
2024-04-23 21:43:41,214 INFO stopped: nginx (exit status 0)
2024-04-23 21:43:44,231 INFO stopped: sidekiq (exit status 0)
2024-04-23 21:43:44,232 INFO waiting for gitaly, puma, gitlab-workhorse to die
2024-04-23 21:43:44,234 INFO stopped: gitlab-workhorse (exit status 1)
2024-04-23 21:43:47,238 INFO stopped: puma (terminated by SIGQUIT (core dumped))
2024-04-23 21:43:47,238 INFO waiting for gitaly to die
2024-04-23 21:43:47,274 INFO stopped: gitaly (exit status 1)
2024-04-23 21:43:47,533 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:43:47,541 INFO RPC interface 'supervisor' initialized
2024-04-23 21:43:47,541 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:43:47,542 INFO supervisord started with pid 1
2024-04-23 21:43:48,545 INFO spawned: 'gitaly' with pid 1093
2024-04-23 21:43:48,548 INFO spawned: 'puma' with pid 1094
2024-04-23 21:43:48,551 INFO spawned: 'gitlab-workhorse' with pid 1095
2024-04-23 21:43:48,555 INFO spawned: 'sidekiq' with pid 1096
2024-04-23 21:43:48,557 INFO spawned: 'sshd' with pid 1099
2024-04-23 21:43:48,560 INFO spawned: 'nginx' with pid 1103
2024-04-23 21:43:48,563 INFO spawned: 'cron' with pid 1108
2024-04-23 21:43:50,020 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,020 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,020 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:43:50,020 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:43:50,020 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,021 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,021 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:44:08,020 WARN received SIGTERM indicating exit request
2024-04-23 21:44:08,020 INFO waiting for gitaly, puma, gitlab-workhorse, sidekiq, sshd, nginx, cron to die
2024-04-23 21:44:08,021 INFO stopped: cron (terminated by SIGTERM)
2024-04-23 21:44:08,022 INFO stopped: sshd (exit status 0)
2024-04-23 21:44:08,024 INFO stopped: nginx (exit status 0)
2024-04-23 21:44:08,066 INFO stopped: sidekiq (terminated by SIGTERM)
2024-04-23 21:44:08,068 INFO stopped: gitlab-workhorse (exit status 1)
2024-04-23 21:44:08,718 INFO stopped: puma (terminated by SIGQUIT (core dumped))
2024-04-23 21:44:08,752 INFO stopped: gitaly (exit status 1)
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database...
Configuring gitlab::redis...
Configuring gitlab::actioncable...
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
2024-04-23 21:48:22,675 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:48:22,683 INFO RPC interface 'supervisor' initialized
2024-04-23 21:48:22,683 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:48:22,683 INFO supervisord started with pid 1
2024-04-23 21:48:23,688 INFO spawned: 'gitaly' with pid 772
2024-04-23 21:48:23,691 INFO spawned: 'puma' with pid 773
2024-04-23 21:48:23,695 INFO spawned: 'gitlab-workhorse' with pid 774
2024-04-23 21:48:23,698 INFO spawned: 'sidekiq' with pid 775
2024-04-23 21:48:23,701 INFO spawned: 'sshd' with pid 781
2024-04-23 21:48:23,704 INFO spawned: 'nginx' with pid 782
2024-04-23 21:48:23,707 INFO spawned: 'cron' with pid 785
2024-04-23 21:48:25,192 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:48:25,192 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:48:25,192 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:51:20,541 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:51:21,546 INFO spawned: 'sidekiq' with pid 911
2024-04-23 21:51:23,016 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
^C
成功:
![](https://file.jishuzhan.net/article/1783360161847447554/4c824849a9a8434c5823729a0253edd4.webp)
![](https://file.jishuzhan.net/article/1783360161847447554/d049708402bb28af46f278932f38d581.webp)
3.生成网关资源报错
(1)报错
bash
error: resource mapping not found for name: "gitlab-gateway" namespace: "devops" from "gitlab-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
ensure CRDs are installed first
(2)原因分析
未安装istio。
(3)解决方法
安装istio:
![](https://file.jishuzhan.net/article/1783360161847447554/f92c7b3e91b715242703fbddb4aa0867.webp)
成功:
![](https://file.jishuzhan.net/article/1783360161847447554/a6dfa7f63a76fc27b4348e8ba5294afe.webp)
4.安装istio 报错
(1)报错
bash
? Egress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: context deadline exce
Deployment/istio-system/istio-egressgateway (containers with unready status: [istio-proxy])
- Pruning removed resources
![](https://file.jishuzhan.net/article/1783360161847447554/63a441fa13e6c0e24f06ca88baeaf71e.webp)
(2)原因分析
Egress的pod还未完全启动。
(3)解决方法
重新安装,等待egress加载完成。
![](https://file.jishuzhan.net/article/1783360161847447554/1963f9bfde72d1f76d543ca3be55fafa.webp)
5.istio-ingressgateway 一直处于pending状态
(1)报错
![](https://file.jishuzhan.net/article/1783360161847447554/42ad02ae59dcecc13d3424b1a56b7197.webp)
(2)原因分析
因为istio-ingressgateway的默认类型为LoadBalancer,没有公有云的话,可以修改为NodePort.
(3)解决方法
istio-ingressgateway的类型修改为NodePort:
bash
[root@master ~]# kubectl edit svc istio-ingressgateway -n istio-system
![](https://file.jishuzhan.net/article/1783360161847447554/5a315b1add55ac357fca2fded269f338.webp)
修改前:
![](https://file.jishuzhan.net/article/1783360161847447554/dac3af8b967bf16e775f12a0ba0cae45.webp)
修改后:
![](https://file.jishuzhan.net/article/1783360161847447554/d7108f29effde9b1797b67e835c59aff.webp)
成功:
bash
[root@master ~]# kubectl get pods -n istio-system -owide
![](https://file.jishuzhan.net/article/1783360161847447554/dd0505e538468c80da4bc2c9d72e2164.webp)
查看:
bash
[root@master ~]# kubectl describe svc istio-ingressgateway -n istio-system
Name: istio-ingressgateway
Namespace: istio-system
Labels: app=istio-ingressgateway
install.operator.istio.io/owning-resource=unknown
install.operator.istio.io/owning-resource-namespace=istio-system
istio=ingressgateway
istio.io/rev=default
operator.istio.io/component=IngressGateways
operator.istio.io/managed=Reconcile
operator.istio.io/version=1.18.2
release=istio
Annotations: <none>
Selector: app=istio-ingressgateway,istio=ingressgateway
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.97.137.224
IPs: 10.97.137.224
Port: status-port 15021/TCP
TargetPort: 15021/TCP
NodePort: status-port 30820/TCP
Endpoints: 10.244.166.162:15021
Port: http2 80/TCP
TargetPort: 8080/TCP
NodePort: http2 31447/TCP
Endpoints: 10.244.166.162:8080
Port: https 443/TCP
TargetPort: 8443/TCP
NodePort: https 31205/TCP
Endpoints: 10.244.166.162:8443
Port: tcp 31400/TCP
TargetPort: 31400/TCP
NodePort: tcp 30086/TCP
Endpoints: 10.244.166.162:31400
Port: tls 15443/TCP
TargetPort: 15443/TCP
NodePort: tls 32071/TCP
Endpoints: 10.244.166.162:15443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
![](https://file.jishuzhan.net/article/1783360161847447554/5f495759e3cf80dd8707dbb6cc0d3119.webp)
6.istio如何实现自动注入 sidecar
(1)命令
需要为default命名空间打上标签istio-injection=enabled
bash
[root@master ~]# kubectl label namespace default istio-injection=enabled
![](https://file.jishuzhan.net/article/1783360161847447554/561808221e93ae4aed6a4605fa6e19bd.webp)
7.K8S容器从公钥接收失败
(1)报错
进入容器
bash
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash
![](https://file.jishuzhan.net/article/1783360161847447554/03e6c7e45a1634cc02cf7e7e0a89f951.webp)
更新源报错
bash
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
![](https://file.jishuzhan.net/article/1783360161847447554/60203d3d98b57e134a2503e52edc59de.webp)
(2)原因分析
无法检查签名:找不到公钥
(3)解决方法
备份更换源
bash
cp sources.list source.list.bak
sudo sed -i 's/cn.archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
![](https://file.jishuzhan.net/article/1783360161847447554/40faa2ae0d69076682997f7d9ef7cf71.webp)
更新还是报错
![](https://file.jishuzhan.net/article/1783360161847447554/9aec95f2f96c6cfd34927d743a47fb06.webp)
清空源
bash
echo > /etc/apt/source.list
![](https://file.jishuzhan.net/article/1783360161847447554/562b4fbe4db5356ea8bf54c45103c46e.webp)
更新源
bash
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic universe" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security main restricted" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security universe" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list
![](https://file.jishuzhan.net/article/1783360161847447554/3e04dd417d7862c34c2c1a94d7686aae.webp)
修改DNS服务器
bash
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
![](https://file.jishuzhan.net/article/1783360161847447554/db9df5ac1eef3235c970f867650d635a.webp)
![](https://file.jishuzhan.net/article/1783360161847447554/faa84ba4c519e7b9074bdc6dcb322a52.webp)
导入
bash
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 23E7166788B63E1E
![](https://file.jishuzhan.net/article/1783360161847447554/e39cc5449d119b82ba430bdc989ba333.webp)
加入
bash
sudo gpg --armor --export 23E7166788B63E1E | sudo apt-key add -
![](https://file.jishuzhan.net/article/1783360161847447554/1f9a8c587368c9241fc01dbfc40643e1.webp)
软件源更新成功:
bash
apt-get update
![](https://file.jishuzhan.net/article/1783360161847447554/2cb14bd65973eba25f4514700c6e3439.webp)
软件更新(输入Y)
bash
apt-get upgrade
![](https://file.jishuzhan.net/article/1783360161847447554/a5d2c4cc4ed3e9151d3cbb3052ab67f7.webp)