云原生Kubernetes: K8S 1.29版本 部署GitLab

cronaldo912024-04-25 12:59

目录

一、实验

1.环境

2.搭建NFS

[3.K8S 1.29版本 部署Redis](#3.K8S 1.29版本 部署Redis)

[4.K8S 1.29版本 部署Postgresql](#4.K8S 1.29版本 部署Postgresql)

[5.K8S 1.29版本 部署GitLab](#5.K8S 1.29版本 部署GitLab)

[6.K8S 部署istio微服务](#6.K8S 部署istio微服务)

[7.K8S 部署ingress应用路由](#7.K8S 部署ingress应用路由)

二、问题

1.K8S部署gitlab报错

2.gitlab创建失败

3.生成网关资源报错

[4.安装istio 报错](#4.安装istio 报错)

[5.istio-ingressgateway 一直处于pending状态](#5.istio-ingressgateway 一直处于pending状态)

[6.istio如何实现自动注入 sidecar](#6.istio如何实现自动注入 sidecar)

7.K8S容器从公钥接收失败​​​​​​​

一、实验

1.环境

(1)主机

表1 主机

|--------|--------------|--------|----------------|------------|
| 主机 | 架构 | 版本 | IP | 备注 |
| master | K8S master节点 | 1.29.0 | 192.168.204.8 | |
| node1 | K8S node节点 | 1.29.0 | 192.168.204.9 | |
| node2 | K8S node节点 | 1.29.0 | 192.168.204.10 | 已部署Kuboard |

(2)master节点查看集群

bash 复制代码 
1)查看node
kubectl get node
 
2)查看node详细信息
kubectl get node -o wide

(3)查看pod

bash 复制代码 
[root@master ~]# kubectl get pod -A

(4) 访问Kuboard

bash 复制代码 
http://192.168.204.10:30080/kuboard/cluster

查看节点

2.搭建NFS

(1)检查并安装rpcbind和nfs-utils软件包

bash 复制代码 
[root@master ~]# rpm -q rpcbind nfs-utils

(2)创建目录并授权

bash 复制代码 
[root@master ~]# mkdir -p /opt/k8s
bash 复制代码 
[root@master ~]# chmod 777 k8s/

(3)打开nfs的配置文件

bash 复制代码 
[root@master opt]# vim /etc/exports

(4)配置文件

给所有网段用户赋予读写权限、同步内容、不压缩共享对象root用户权限

bash 复制代码 
/opt/k8s *(rw,sync,no_root_squash)

(5)先后开启rpcbind、nfs服务并热加载配置文件内容,查看本机发布的nfs共享目录

bash 复制代码 
[root@master opt]# systemctl start rpcbind
[root@master opt]# systemctl start nfs

(6)监听端口

bash 复制代码 
[root@master opt]# ss -antp | grep rpcbind

(7)查看共享

bash 复制代码 
[root@master opt]# showmount -e

其他节点查看

bash 复制代码 
[root@node1 ~]# showmount -e master

3.K8S 1.29版本 部署Redis

(1)查阅

第三方镜像仓库

bash 复制代码 
https://hub.docker.com/u/sameersbn

镜像(Gitlab主要涉及到3个应用:Redis、Postgresql、Gitlab 核心程序,实际上只要将这3个应用分别启动起来,然后加上对应的配置就可以方便快速的安装 Gitlab )

bash 复制代码 
1)redis
sameersbn/redis

2)postgresql
sameersbn/postgresql

3)gitlab
sameersbn/gitlab

(2)创建redis的pv

bash 复制代码 
[root@master ~]# vim pv-redis.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-redis
spec:
  capacity:
    storage: 2Gi 
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "pv-redis"
  nfs:
    path: /opt/k8s
    server: 192.168.204.8

(3)生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f pv-redis.yaml

(4)查看pv

bash 复制代码 
[root@master ~]# kubectl get pv

(5)拉取镜像

node1

bash 复制代码 
[root@node1 ~]# docker pull sameersbn/redis:latest

(6) 导出镜像

bash 复制代码 
[root@node1 ~]# docker save -o redis.tar sameersbn/redis:latest

(7)复制Docker镜像到node2节点

bash 复制代码 
[root@node1 ~]# scp redis.tar  root@node2:~

(8)node2节点导入Docker镜像

bash 复制代码 
[root@node2 ~]# docker load -i redis.tar

(9)创建名称空间

bash 复制代码 
[root@master ~]# kubectl create ns devops

(10)部署redis

bash 复制代码 
[root@master ~]# vim redis.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: redis-pvc
  namespace: devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "pv-redis"
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  namespace: devops
  labels:
    name: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      name: redis
  template:
    metadata:
      name: redis
      labels:
        name: redis
    spec:
      containers:
        - name: redis
          image: sameersbn/redis:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: redis
              containerPort: 6379
          volumeMounts:
            - mountPath: /var/lib/redis
              name: data
              subPath: redis
          livenessProbe:
            exec:
              command:
                - redis-cli
                - ping
            initialDelaySeconds: 30
            timeoutSeconds: 5
          readinessProbe:
            exec:
              command:
                - redis-cli
                - ping
            initialDelaySeconds: 5
            timeoutSeconds: 1
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: redis-pvc

---
apiVersion: v1
kind: Service
metadata:
  name: redis
  namespace: devops
  labels:
    name: redis
spec:
  ports:
    - name: redis
      port: 6379
      targetPort: redis
  selector:
    name: redis

(11)生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f redis.yaml

(12)查看pv,pvc

bash 复制代码 
[root@master ~]# kubectl get pv
bash 复制代码 
[root@master ~]# kubectl get pvc -n devops

4.K8S 1.29版本 部署Postgresql

(1)创建postgresql的pv

bash 复制代码 
[root@master ~]# vim pv-postgresql.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-postgresql
spec:
  capacity:
    storage: 2Gi 
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "pv-postgresql"
  nfs:
    path: /opt/k8s
    server: 192.168.204.8

(2)生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f pv-postgresql.yaml

(3)拉取镜像

node1

bash 复制代码 
[root@node1 ~]# docker pull sameersbn/postgresql:12-20200524

(4) 导出镜像

bash 复制代码 
[root@node1 ~]# docker save -o postgresql.tar sameersbn/postgresql:12-20200524

(7)复制Docker镜像到node2节点

bash 复制代码 
[root@node1 ~]# scp postgresql.tar  root@node2:~

(8)node2节点导入Docker镜像

bash 复制代码 
[root@node2 ~]# docker load -i postgresql.tar

(9)部署postgresql

bash 复制代码 
[root@master ~]# vim postgresql.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgresql-pvc
  namespace: devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "pv-postgresql"
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgresql
  namespace: devops
  labels:
    name: postgresql
spec:
  replicas: 1
  selector:
    matchLabels:
      name: postgresql
  template:
    metadata:
      name: postgresql
      labels:
        name: postgresql
    spec:
      containers:
        - name: postgresql
          image: sameersbn/postgresql:12-20200524
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_USER
              value: gitlab
            - name: DB_PASS
              value: passw0rd
            - name: DB_NAME
              value: gitlab_production
            - name: DB_EXTENSION
              value: pg_trgm,btree_gist
          ports:
            - name: postgres
              containerPort: 5432
          volumeMounts:
            - mountPath: /var/lib/postgresql
              name: data
              subPath: postgresql
          livenessProbe:
            exec:
              command:
                - pg_isready
                - -h
                - localhost
                - -U
                - postgres
            initialDelaySeconds: 5
            timeoutSeconds: 1
          readinessProbe:
            exec:
              command:
                - pg_isready
                - -h
                - localhost
                - -U
                - postgres
            initialDelaySeconds: 5
            timeoutSeconds: 1
          startupProbe:
            exec:
              command:
                - pg_isready
                - -h
                - localhost
                - -U
                - postgres
            initialDelaySeconds: 90
            periodSeconds: 5
            failureThreshold: 100
            timeoutSeconds: 1
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: postgresql-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: postgresql
  namespace: devops
  labels:
    name: postgresql
spec:
  ports:
    - name: postgres
      port: 5432
      targetPort: 5432
  selector:
    name: postgresql

(10) 生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f postgresql.yaml

(11)查看pv,pvc

bash 复制代码 
[root@master ~]# kubectl get pv -n devops
bash 复制代码 
[root@master ~]# kubectl get pvc -n devops

5.K8S 1.29版本 部署GitLab

(1)创建gitlab的pv

bash 复制代码 
[root@master ~]# vim pv-gitlab.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-gitlab
spec:
  capacity:
    storage: 2Gi 
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "pv-gitlab"
  nfs:
    path: /opt/k8s
    server: 192.168.204.8

(2)生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f pv-gitlab.yaml

(3)拉取镜像

node2

bash 复制代码 
[root@node1 ~]# docker pull sameersbn/gitlab:15.6.0

(4) 导出镜像

bash 复制代码 
[root@node2 ~]# docker save -o gitlab.tar sameersbn/gitlab:15.6.0

(7)复制Docker镜像到node1节点

bash 复制代码 
[root@node2 ~]# scp gitlab.tar  root@node1:~

(8)node1节点导入Docker镜像

bash 复制代码 
[root@node1 ~]# docker load -i gitlab.tar

(9) 部署gitlab

bash 复制代码 
[root@master ~]# vim gitlab.yaml
bash 复制代码 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitlab-pvc
  namespace: devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "pv-gitlab"
  resources:
    requests:
      storage: 2Gi
---

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: devops
  name: gitlab-sa
  labels:
    account: gitlab

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab
  namespace: devops
  labels:
    app: gitlab
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab
      version: v1
  template:
    metadata:
      labels:
        app: gitlab
        version: v1
    spec:
      serviceAccountName: gitlab-sa
      containers:
        - name: gitlab
          image: sameersbn/gitlab:15.6.0
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
              value: Asia/Shanghai
            - name: GITLAB_TIMEZONE
              value: Beijing
            - name: GITLAB_SECRETS_DB_KEY_BASE
              value: long-and-random-alpha-numeric-string
            - name: GITLAB_SECRETS_SECRET_KEY_BASE
              value: long-and-random-alpha-numeric-string
            - name: GITLAB_SECRETS_OTP_KEY_BASE
              value: long-and-random-alpha-numeric-string
            - name: GITLAB_ROOT_PASSWORD
              value: admin123
            - name: GITLAB_ROOT_EMAIL
              value: 7jjw@163.com
            - name: GITLAB_HOST
              value: gitlab.site
            - name: GITLAB_PORT
              value: "80"
            - name: GITLAB_SSH_PORT
              value: "31022"
            - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
              value: "true"
            - name: GITLAB_NOTIFY_PUSHER
              value: "false"
            - name: GITLAB_BACKUP_SCHEDULE
              value: daily
            - name: GITLAB_BACKUP_TIME
              value: 01:00
            - name: DB_TYPE
              value: postgres
            - name: DB_HOST
              value: postgresql
            - name: DB_PORT
              value: "5432"
            - name: DB_USER
              value: gitlab
            - name: DB_PASS
              value: passw0rd
            - name: DB_NAME
              value: gitlab_production
            - name: REDIS_HOST
              value: redis
            - name: REDIS_PORT
              value: "6379"
          ports:
            - name: http
              containerPort: 80
            - name: ssh
              containerPort: 22
          volumeMounts:
            - mountPath: /home/git/data
              name: data
              subPath: gitlab
          livenessProbe:
            httpGet:
              path: /
              port: 80
            initialDelaySeconds: 180
            timeoutSeconds: 5
          readinessProbe:
            httpGet:
              path: /
              port: 80
            initialDelaySeconds: 5
            timeoutSeconds: 1
          startupProbe:
            httpGet:
              path: /
              port: 80
            initialDelaySeconds: 90
            periodSeconds: 5
            failureThreshold: 100
            timeoutSeconds: 1
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: gitlab-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: gitlab
  namespace: devops
  labels:
    app: gitlab
    service: gitlab
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: ssh
      port: 22
      targetPort: ssh
  selector:
    app: gitlab

(10) 生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f gitlab.yaml

(11)查看pv,pvc

bash 复制代码 
[root@master ~]# kubectl get pv -n devops
bash 复制代码 
[root@master ~]# kubectl get pvc -n devops

(12) 查看pod,svc

bash 复制代码 
[root@master ~]# kubectl get pod,svc -n devops

(13)Kuboard查看

工作负载

容器组

服务

存储

6.K8S 部署istio微服务

(1)查阅

bash 复制代码 
https://github.com/istio/istio/releases

(2)选择版本

bash 复制代码 
https://github.com/istio/istio/releases/tag/1.18.2

(3)master节点解压

bash 复制代码 
[root@master ~]# tar zxvf istio-1.18.2-linux-amd64.tar.gz

(4)切换到istio包所在目录

bash 复制代码 
[root@master ~]# cd istio-1.18.2/
[root@master istio-1.18.2]# ls

samples/目录下,有示例应用程序;

bin/目录下,有istioctl客户端文件。istioctl工具用于手动注入Envoy sidecar代理。

(5)把istioctl这个可执行文件拷贝到/bin目录

bash 复制代码 
[root@master istio-1.18.2]# cp /root/istio-1.18.2/bin/istioctl /bin/

(6)node节点导入镜像

node1

bash 复制代码 
[root@node1 ~]# docker load -i istio1.18.tar.gz

node2

bash 复制代码 
[root@node2 ~]# docker load -i istio1.18.tar.gz

(7) 安装istio

bash 复制代码 
[root@master istio-1.18.2]# istioctl install --set profile=demo -y
? Istio core installed                                                                                                    
? Istiod installed                                                                                                        
? Ingress gateways installed                                                                                              
? Egress gateways installed                                                                                               
? Installation complete                                                                                                   Making this installation the default for injection and validation.

(8)验证

bash 复制代码 
[root@master istio-1.18.2]# kubectl get pods -n istio-system

(9)Kuboard查看

(10)创建网关

bash 复制代码 
[root@master ~]# vim gitlab-gateway.yaml
bash 复制代码 
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gitlab-gateway
  namespace: devops
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "gitlab.site"
bash 复制代码 
[root@master ~]#  kubectl apply -f gitlab-gateway.yaml

(11)创建虚拟服务

bash 复制代码 
[root@master ~]# vim gitlab-vs.yaml
bash 复制代码 
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gitlab-vs
  namespace: devops
spec:
  hosts:
  - "gitlab.site"
  gateways:
  - gitlab-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: gitlab
        port:
          number: 80
bash 复制代码 
[root@master ~]# kubectl apply -f gitlab-vs.yaml

(12)查看网关

bash 复制代码 
[root@master ~]# kubectl get gateway -n devops

(13)查看虚拟服务

bash 复制代码 
[root@master ~]# kubectl get virtualservice -n devops

(14)通过istio提供的入口网关访问pod

bash 复制代码 
[root@master ~]# kubectl get svc -n istio-system

(15)查看关联

bash 复制代码 
[root@master ~]# kubectl get pods -n istio-system -owide

istio-ingressgateway是service资源,关联的pod是istio-system名称空间叫做iistio-ingressgateway-6d9f6c64cb-nldhf的pod

(16)查看istio-ingressgateway这个service的详细信息

bash 复制代码 
[root@master ~]# kubectl describe svc istio-ingressgateway -n istio-system
Name:                     istio-ingressgateway
Namespace:                istio-system
Labels:                   app=istio-ingressgateway
                          install.operator.istio.io/owning-resource=unknown
                          install.operator.istio.io/owning-resource-namespace=istio-system
                          istio=ingressgateway
                          istio.io/rev=default
                          operator.istio.io/component=IngressGateways
                          operator.istio.io/managed=Reconcile
                          operator.istio.io/version=1.18.2
                          release=istio
Annotations:              <none>
Selector:                 app=istio-ingressgateway,istio=ingressgateway
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.97.137.224
IPs:                      10.97.137.224
Port:                     status-port  15021/TCP
TargetPort:               15021/TCP
NodePort:                 status-port  30820/TCP
Endpoints:                10.244.166.162:15021
Port:                     http2  80/TCP
TargetPort:               8080/TCP
NodePort:                 http2  31447/TCP
Endpoints:                10.244.166.162:8080
Port:                     https  443/TCP
TargetPort:               8443/TCP
NodePort:                 https  31205/TCP
Endpoints:                10.244.166.162:8443
Port:                     tcp  31400/TCP
TargetPort:               31400/TCP
NodePort:                 tcp  30086/TCP
Endpoints:                10.244.166.162:31400
Port:                     tls  15443/TCP
TargetPort:               15443/TCP
NodePort:                 tls  32071/TCP
Endpoints:                10.244.166.162:15443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

(17)Kuboard查看

工作负载

容器组

服务

7.K8S 部署ingress应用路由

(1)K8S进入容器查看

bash 复制代码 
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash

安装net-tools

bash 复制代码 
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# apt-get install net-tools

安装lsof

bash 复制代码 
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# apt-get install lsof

(2)监听端口

bash 复制代码 
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# netstat -antlp

curl测试

bash 复制代码 
curl 127.0.0.1

lsof

bash 复制代码 
lsof -i
bash 复制代码 
 lsof -i:80

(3)master节点查看svc

ingress-nginx-controller 默认是LoadBalancer,一直为pending状态

bash 复制代码 
[root@master ~]# kubectl get svc -n ingress-nginx

(4)修改svc

bash 复制代码 
[root@master ~]# kubectl edit svc ingress-nginx-controller -n ingress-nginx

修改前:

修改后:

(5)Kuboard查看

(6)部署ingress

bash 复制代码 
[root@master ~]# vim ingress-gitlab.yaml
bash 复制代码 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-gitlab
  namespace: devops
spec:
  ingressClassName: "nginx"
  rules:
  - host: gitlab.site
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gitlab
            port:
              number: 80

​​​​​​​

(7)生成资源

bash 复制代码 
[root@master ~]# kubectl apply -f ingress-gitlab.yaml

(8)查看ingress

bash 复制代码 
[root@master ~]# kubectl get ingress -n devops

(9)详细查看

bash 复制代码 
[root@master ~]# kubectl describe ingress ingress-gitlab -n devops
Name:             ingress-gitlab
Labels:           <none>
Namespace:        devops
Address:          10.101.23.182
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host         Path  Backends
  ----         ----  --------
  gitlab.site  
               /   gitlab:80 (10.244.166.159:80)
Annotations:   <none>
Events:
  Type    Reason  Age                From                      Message
  ----    ------  ----               ----                      -------
  Normal  Sync    17m (x2 over 17m)  nginx-ingress-controller  Scheduled for sync
  Normal  Sync    17m (x2 over 17m)  nginx-ingress-controller  Scheduled for sync

(10)Kuboard查看

应用路由

详细信息

(11)master节点修改hosts

bash 复制代码 
[root@master ~]# vim /etc/hosts

(11)curl测试

bash 复制代码 
[root@master ~]# curl gitlab.site:31820

(12)物理机修改hosts

(13)访问系统

bash 复制代码 
http://gitlab.site:31820

(14)输入用户名和密码

bash 复制代码 
账号:root
密码:admin123

(15)成功进入系统

二、问题

1.K8S部署gitlab报错

(1)报错

bash 复制代码 
Warning  Unhealthy  2m43s (x15 over 3m53s)  kubelet            Startup probe failed: Get "http://10.244.166.144:80/": dial tcp 10.244.166.144:80: connect: connection refused
  Warning  Unhealthy  23s (x28 over 2m38s)    kubelet            Startup probe failed: HTTP probe failed with statuscode: 502

(2)原因分析

gitlab镜像版本的问题,使用的版本有问题导致启动失败。

bash 复制代码 
1)修改sameersbn仓库镜像:
sameersbn/gitlab:15.6.0

2)其他支持的gitlab仓库镜像:
gitlab/gitlab-ce:14.0.0-ce.0或者gitlab/gitlab-ce:15.6.0-ce.0

(3)解决方法

删除资源

修改部署文件的gitlab镜像版本:

换了镜像后,启动pod成功,但用describe命令查看描述日志,仍然出现了开始的警告内容

此时可尝试修改readinessProbe参数中的initialDelaySeconds和timeoutSeconds

分别修改为180和5。

修改前:

修改后:(此举用意在于增加初始化延迟时间和超时时间来避免时间过短导致步骤未成功走完就报错。)

2.gitlab创建失败

(1)报错

gitlab的pod启动失败

(2)原因分析

查看日志

bash 复制代码 
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Generating OpenSSH host keys... RSA DSA ECDSA ED25519 
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database....
Configuring gitlab::redis..
Configuring gitlab::actioncable
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
2024-04-23 21:25:23,390 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:25:23,390 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:25:23,397 INFO RPC interface 'supervisor' initialized
2024-04-23 21:25:23,398 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:25:23,398 INFO supervisord started with pid 753
2024-04-23 21:25:24,402 INFO spawned: 'gitaly' with pid 763
2024-04-23 21:25:24,405 INFO spawned: 'puma' with pid 764
2024-04-23 21:25:24,409 INFO spawned: 'gitlab-workhorse' with pid 765
2024-04-23 21:25:24,412 INFO spawned: 'sidekiq' with pid 766
2024-04-23 21:25:24,415 INFO spawned: 'sshd' with pid 772
2024-04-23 21:25:24,418 INFO spawned: 'nginx' with pid 773
2024-04-23 21:25:24,421 INFO spawned: 'cron' with pid 778
2024-04-23 21:25:25,911 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:25:25,911 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:25:25,911 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,911 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:25:25,912 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
psql: error: could not translate host name "postgresql" to address: Temporary failure in name resolution

重点是最后一行:

bash 复制代码 
psql: error: could not translate host name "postgresql" to address: Temporary failure in name resolution

(3)解决方法

查看容器地址

bash 复制代码 
[root@master ~]# kubectl get pod -o wide -n devops
NAME                          READY   STATUS    RESTARTS      AGE   IP               NODE    NOMINATED NODE   READINESS GATES
gitlab-84d7ff8cc6-k2kh9       0/1     Running   4 (66s ago)   14m   10.244.166.159   node1   <none>           <none>
postgresql-6d7dfcf685-nhmw5   1/1     Running   0             26m   10.244.166.157   node1   <none>           <none>
redis-6948bd4c7f-gp2ml        1/1     Running   0             49m   10.244.166.151   node1   <none>           <none>

K8S 进入容器添加hosts

bash 复制代码 
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.244.166.159	gitlab-84d7ff8cc6-k2kh9
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# echo "10.244.166.157 postgresql" >> /etc/hosts
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# echo "10.244.166.151 redis" >> /etc/hosts

查看

bash 复制代码 
root@gitlab-84d7ff8cc6-k2kh9:/home/git/gitlab# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.244.166.159	gitlab-84d7ff8cc6-k2kh9
10.244.166.157 postgresql
10.244.166.151 redis

再次查看日志

bash 复制代码 
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database..
Configuring gitlab::redis...
Configuring gitlab::actioncable
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
Setting up GitLab for firstrun. Please be patient, this could take a while...
2024-04-23 21:39:06,958 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:39:06,958 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:39:06,959 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:39:06,966 INFO RPC interface 'supervisor' initialized
2024-04-23 21:39:06,966 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:39:06,966 INFO supervisord started with pid 755
2024-04-23 21:39:07,970 INFO spawned: 'gitaly' with pid 768
2024-04-23 21:39:07,974 INFO spawned: 'puma' with pid 769
2024-04-23 21:39:07,977 INFO spawned: 'gitlab-workhorse' with pid 770
2024-04-23 21:39:07,980 INFO spawned: 'sidekiq' with pid 771
2024-04-23 21:39:07,983 INFO spawned: 'sshd' with pid 777
2024-04-23 21:39:07,986 INFO spawned: 'nginx' with pid 778
2024-04-23 21:39:07,989 INFO spawned: 'cron' with pid 782
2024-04-23 21:39:09,462 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:39:09,463 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:39:09,463 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:09,463 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:40,078 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:39:40,081 INFO spawned: 'puma' with pid 886
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: already initialized constant Gitlab::Instrumentation::Red
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: previous definition of ActionCable was here
2024-04-23 21:39:41,387 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:39:41,388 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:39:41,620 INFO spawned: 'sidekiq' with pid 887
2024-04-23 21:39:43,017 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
Database 'gitlab_production' already exists
psql:/home/git/gitlab/db/structure.sql:9: NOTICE:  extension "btree_gist" already exists, skipping
psql:/home/git/gitlab/db/structure.sql:11: NOTICE:  extension "pg_trgm" already exists, skipping
2024-04-23 21:40:10,686 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:40:10,689 INFO spawned: 'puma' with pid 919
2024-04-23 21:40:11,692 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:40:12,042 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:40:12,213 INFO spawned: 'sidekiq' with pid 920
2024-04-23 21:40:13,217 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:40:40,234 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:40:41,236 INFO spawned: 'puma' with pid 929
2024-04-23 21:40:42,140 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:40:42,832 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:40:42,835 INFO spawned: 'sidekiq' with pid 930
2024-04-23 21:40:43,837 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:41:33,889 INFO exited: puma (exit status 1; not expected)
2024-04-23 21:41:34,767 INFO spawned: 'puma' with pid 942
2024-04-23 21:41:34,854 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:41:34,857 INFO spawned: 'sidekiq' with pid 943
2024-04-23 21:41:35,859 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:41:35,859 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
Migrating database...
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: already initialized constant Gitlab::Instrumentation::Red
/home/git/gitlab/lib/gitlab/instrumentation/redis.rb:9: warning: previous definition of ActionCable was here
Clearing cache...
2024-04-23 21:43:41,207 WARN received SIGTERM indicating exit request
2024-04-23 21:43:41,208 INFO waiting for gitaly, puma, gitlab-workhorse, sidekiq, sshd, nginx, cron to die
2024-04-23 21:43:41,209 INFO stopped: cron (terminated by SIGTERM)
2024-04-23 21:43:41,209 INFO stopped: sshd (exit status 0)
2024-04-23 21:43:41,214 INFO stopped: nginx (exit status 0)
2024-04-23 21:43:44,231 INFO stopped: sidekiq (exit status 0)
2024-04-23 21:43:44,232 INFO waiting for gitaly, puma, gitlab-workhorse to die
2024-04-23 21:43:44,234 INFO stopped: gitlab-workhorse (exit status 1)
2024-04-23 21:43:47,238 INFO stopped: puma (terminated by SIGQUIT (core dumped))
2024-04-23 21:43:47,238 INFO waiting for gitaly to die
2024-04-23 21:43:47,274 INFO stopped: gitaly (exit status 1)
2024-04-23 21:43:47,533 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:43:47,534 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:43:47,541 INFO RPC interface 'supervisor' initialized
2024-04-23 21:43:47,541 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:43:47,542 INFO supervisord started with pid 1
2024-04-23 21:43:48,545 INFO spawned: 'gitaly' with pid 1093
2024-04-23 21:43:48,548 INFO spawned: 'puma' with pid 1094
2024-04-23 21:43:48,551 INFO spawned: 'gitlab-workhorse' with pid 1095
2024-04-23 21:43:48,555 INFO spawned: 'sidekiq' with pid 1096
2024-04-23 21:43:48,557 INFO spawned: 'sshd' with pid 1099
2024-04-23 21:43:48,560 INFO spawned: 'nginx' with pid 1103
2024-04-23 21:43:48,563 INFO spawned: 'cron' with pid 1108
2024-04-23 21:43:50,020 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,020 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,020 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:43:50,020 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:43:50,020 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,021 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:43:50,021 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:44:08,020 WARN received SIGTERM indicating exit request
2024-04-23 21:44:08,020 INFO waiting for gitaly, puma, gitlab-workhorse, sidekiq, sshd, nginx, cron to die
2024-04-23 21:44:08,021 INFO stopped: cron (terminated by SIGTERM)
2024-04-23 21:44:08,022 INFO stopped: sshd (exit status 0)
2024-04-23 21:44:08,024 INFO stopped: nginx (exit status 0)
2024-04-23 21:44:08,066 INFO stopped: sidekiq (terminated by SIGTERM)
2024-04-23 21:44:08,068 INFO stopped: gitlab-workhorse (exit status 1)
2024-04-23 21:44:08,718 INFO stopped: puma (terminated by SIGQUIT (core dumped))
2024-04-23 21:44:08,752 INFO stopped: gitaly (exit status 1)
[root@master ~]# kubectl logs -f gitlab-84d7ff8cc6-k2kh9 -n devops
Loading /etc/docker-gitlab/runtime/env-defaults
Initializing logdir...
Initializing datadir...
Container TimeZone -> Asia/Shanghai
Installing configuration templates...
Configuring gitlab...
Configuring gitlab::database...
Configuring gitlab::redis...
Configuring gitlab::actioncable...
Configuring gitlab::secrets...
Configuring gitlab::sidekiq...
Configuring gitlab::gitaly...
Configuring gitlab::monitoring...
Configuring gitlab::gitlab-workhorse...
Configuring gitlab::puma...
Configuring gitlab::timezone...
Configuring gitlab::rack_attack...
Configuring gitlab::ci...
Configuring gitlab::artifacts...
Configuring gitlab::packages...
Configuring gitlab::terraform_state...
Configuring gitlab::lfs...
Configuring gitlab::uploads...
Configuring gitlab::mattermost...
Configuring gitlab::project_features...
Configuring gitlab::oauth...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
Configuring gitlab::sentry...
Configuring gitlab::content_security_policy...
Configuring gitlab-shell...
Configuring nginx...
Configuring nginx::gitlab...
2024-04-23 21:48:22,675 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in tu intend to run as root, you can set user=root in the config file to avoid this message.
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
2024-04-23 21:48:22,675 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
2024-04-23 21:48:22,683 INFO RPC interface 'supervisor' initialized
2024-04-23 21:48:22,683 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-04-23 21:48:22,683 INFO supervisord started with pid 1
2024-04-23 21:48:23,688 INFO spawned: 'gitaly' with pid 772
2024-04-23 21:48:23,691 INFO spawned: 'puma' with pid 773
2024-04-23 21:48:23,695 INFO spawned: 'gitlab-workhorse' with pid 774
2024-04-23 21:48:23,698 INFO spawned: 'sidekiq' with pid 775
2024-04-23 21:48:23,701 INFO spawned: 'sshd' with pid 781
2024-04-23 21:48:23,704 INFO spawned: 'nginx' with pid 782
2024-04-23 21:48:23,707 INFO spawned: 'cron' with pid 785
2024-04-23 21:48:25,192 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (
2024-04-23 21:48:25,192 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
2024-04-23 21:48:25,192 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:48:25,192 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-04-23 21:51:20,541 INFO exited: sidekiq (exit status 1; not expected)
2024-04-23 21:51:21,546 INFO spawned: 'sidekiq' with pid 911
2024-04-23 21:51:23,016 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs
^C

成功:

3.生成网关资源报错

(1)报错

bash 复制代码 
error: resource mapping not found for name: "gitlab-gateway" namespace: "devops" from "gitlab-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
ensure CRDs are installed first

(2)原因分析

未安装istio。

(3)解决方法

安装istio:

成功:

4.安装istio 报错

(1)报错

bash 复制代码 
? Egress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: context deadline exce
  Deployment/istio-system/istio-egressgateway (containers with unready status: [istio-proxy])
- Pruning removed resources

(2)原因分析

Egress的pod还未完全启动。

(3)解决方法

重新安装,等待egress加载完成。

5.istio-ingressgateway 一直处于pending状态

(1)报错

(2)原因分析

因为istio-ingressgateway的默认类型为LoadBalancer,没有公有云的话,可以修改为NodePort.

(3)解决方法

istio-ingressgateway的类型修改为NodePort:

bash 复制代码 
[root@master ~]# kubectl edit svc istio-ingressgateway -n istio-system

修改前:

修改后:

成功:

bash 复制代码 
[root@master ~]# kubectl get pods -n istio-system -owide

查看:

bash 复制代码 
[root@master ~]# kubectl describe svc istio-ingressgateway -n istio-system
Name:                     istio-ingressgateway
Namespace:                istio-system
Labels:                   app=istio-ingressgateway
                          install.operator.istio.io/owning-resource=unknown
                          install.operator.istio.io/owning-resource-namespace=istio-system
                          istio=ingressgateway
                          istio.io/rev=default
                          operator.istio.io/component=IngressGateways
                          operator.istio.io/managed=Reconcile
                          operator.istio.io/version=1.18.2
                          release=istio
Annotations:              <none>
Selector:                 app=istio-ingressgateway,istio=ingressgateway
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.97.137.224
IPs:                      10.97.137.224
Port:                     status-port  15021/TCP
TargetPort:               15021/TCP
NodePort:                 status-port  30820/TCP
Endpoints:                10.244.166.162:15021
Port:                     http2  80/TCP
TargetPort:               8080/TCP
NodePort:                 http2  31447/TCP
Endpoints:                10.244.166.162:8080
Port:                     https  443/TCP
TargetPort:               8443/TCP
NodePort:                 https  31205/TCP
Endpoints:                10.244.166.162:8443
Port:                     tcp  31400/TCP
TargetPort:               31400/TCP
NodePort:                 tcp  30086/TCP
Endpoints:                10.244.166.162:31400
Port:                     tls  15443/TCP
TargetPort:               15443/TCP
NodePort:                 tls  32071/TCP
Endpoints:                10.244.166.162:15443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

6.istio如何实现自动注入 sidecar

(1)命令

需要­­为default命名空间打上标签istio-injection=enabled

bash 复制代码 
[root@master ~]# kubectl label namespace default istio-injection=enabled

7.K8S容器从公钥接收失败

(1)报错

进入容器

bash 复制代码 
[root@master ~]# kubectl exec -it gitlab-84d7ff8cc6-k2kh9 -n devops /bin/bash

更新源报错

bash 复制代码 
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>

(2)原因分析

无法检查签名:找不到公钥

(3)解决方法

备份更换源

bash 复制代码 
cp sources.list source.list.bak

sudo sed -i 's/cn.archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

sudo sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

更新还是报错

清空源

bash 复制代码 
echo > /etc/apt/source.list

更新源

bash 复制代码 
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic universe" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security main restricted" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security universe" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu bionic-security multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list

修改DNS服务器

bash 复制代码 
echo "nameserver 8.8.8.8" >> /etc/resolv.conf

echo "nameserver 8.8.4.4" >> /etc/resolv.conf

导入

bash 复制代码 
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 23E7166788B63E1E

加入

bash 复制代码 
sudo gpg --armor --export 23E7166788B63E1E | sudo apt-key add -

软件源更新成功:

bash 复制代码 
apt-get update

软件更新(输入Y)

bash 复制代码 
apt-get upgrade
相关推荐
ggaofeng3 小时前
通过命令学习k8s
云原生·容器·kubernetes
qq_道可道6 小时前
K8S升级到1.24后,切换运行时导致 dind 构建镜像慢根因定位与解决
云原生·容器·kubernetes
SONGW20186 小时前
k8s拓扑域 :topologyKey
kubernetes
weixin_438197387 小时前
K8S实现反向代理,负载均衡
linux·运维·服务器·nginx·kubernetes
郝同学的测开笔记9 小时前
云原生探索系列(十二):Go 语言接口详解
后端·云原生·go
mit6.82410 小时前
[Docker#5] 镜像仓库 | 命令 | 实验:搭建Nginx | 创建私有仓库
linux·后端·docker·云原生
数据猿11 小时前
【金猿人物展】博睿数据董事长兼CEO李凯:云原生与数据治理融合,实现全域数据协同...
云原生
华为云开发者联盟13 小时前
解读Karmada多云容器编排技术,加速分布式云原生应用升级
kubernetes·集群·karmada·多云容器
Algorithm157615 小时前
mac上使用docker搭建gitlab
macos·docker·gitlab
binqian1 天前
【CICD】GitLab Runner 和执行器(Executor
gitlab
热门推荐
01玄机平台应急响应—webshell查杀02【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04新版微信小程序获取用户手机号05全面解析:构建基于深度学习的安全帽检测系统(UI界面+YOLO代码+数据集)06Windows10安装PCL1.14.0及点云配准07【TC3xx芯片】TC3xx芯片电源管理系统PMS详解08Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO09基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测10【软件工程】UML用例图介绍和实例说明