GitLab 启用 依赖代理功能
用于加速构建过程,用于代理 Docker Hub 仓库
文档
说明
该功能只能在群组下的项目中使用
配置
默认依赖代理是关闭的
不同版本的 gitlab 菜单可能存在差异
开启依赖代理
导出 helm gitlab 配置
shell# 将已配置的值导出到文件中 helm -n gitlab-test get values my-gitlab > my-gitlab.yaml更新配置
shellhelm upgrade -n gitlab-test --install my-gitlab gitlab/gitlab --timeout 600s -f my-gitlab.yaml --set global.appConfig.dependencyProxy.enabled=true --version 7.7.0查看开启结果
不同版本的 gitlab 菜单可能存在差异
使用
原始配置
yamldocker-build: image: docker:20.10.16 stage: build variables: DOCKER_HOST: tcp://docker:2375 DOCKER_TLS_CERTDIR: "" services: - docker:20.10.16-dind使用群组依赖代理
yaml# 项目地址:https://gitlab.test.helm.xuxiaowei.cn/xuxiaowei/docker # CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX:代表群组环境变量,也可直接使用 gitlab.test.helm.xuxiaowei.cn/xuxiaowei/dependency_proxy/containers docker-build: image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:20.10.16 stage: build variables: DOCKER_HOST: tcp://docker:2375 DOCKER_TLS_CERTDIR: "" services: - ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:20.10.16-dind
无法解析域名
问题
原因
k8s 工作节点无法解析 gitlab 域名,需要在 k8s 所有工作节点 的 宿主机 增加本机 hosts 解析
解决()
增加 gitlab 域名 host
shell[root@anolis-7-7 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.25.31 anolis-7-7 172.25.25.32 gitlab.test.helm.xuxiaowei.cn [root@anolis-7-7 ~]#shell[root@anolis-7-9 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.25.32 anolis-7-9 172.25.25.32 gitlab.test.helm.xuxiaowei.cn [root@anolis-7-9 ~]#
域名证书信任
问题
原因
- 域名证书无法验证
解决
新建群组项目,在群组中的项目测试
查看 webservice 端口
shellkubectl -n gitlab-test get svc | grep webservice记录下方的 IP 10.110.211.99,端口 8080
shell[root@anolis-7-9 ~]# kubectl -n gitlab-test get svc | grep webservice my-gitlab-webservice-default ClusterIP 10.110.211.99 <none> 8080/TCP,8181/TCP,8083/TCP 6d3h [root@anolis-7-9 ~]#创建配置文件夹()
shellmkdir -p /etc/containerd/certs.d/_default创建配置文件,使用上方 webservice 的 IP、端口()
shellcat > /etc/containerd/certs.d/_default/hosts.toml << EOF [host."https://gitlab.test.helm.xuxiaowei.cn"] capabilities = ["pull", "resolve", "push"] skip_verify = true EOF cat /etc/containerd/certs.d/_default/hosts.toml修改 containerd 配置文件 /etc/containerd/config.toml,结果如下()
shell[plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d"重启 containerd()
shellsystemctl restart containerd
查看结果
shell# 节选 [root@anolis-7-9 ~]# kubectl -n gitlab-test describe pod runner-wxpkss5w-project-7-concurrent-0-n5ovuw2o ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 3s default-scheduler Successfully assigned gitlab-test/runner-wxpkss5w-project-7-concurrent-0-n5ovuw2o to anolis-7-7 Normal Pulled 3s kubelet Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-f5da3c5a" already present on machine Normal Created 3s kubelet Created container init-permissions Normal Started 2s kubelet Started container init-permissions Normal Pulled 1s kubelet Container image "gitlab.test.helm.xuxiaowei.cn:443/xuxiaowei-com-cn/dependency_proxy/containers/docker:20.10.16" already present on machine Normal Created 1s kubelet Created container build Normal Started 1s kubelet Started container build Normal Pulled 1s kubelet Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-f5da3c5a" already present on machine Normal Created 1s kubelet Created container helper Normal Started 1s kubelet Started container helper Normal Pulled 1s kubelet Container image "gitlab.test.helm.xuxiaowei.cn:443/xuxiaowei-com-cn/dependency_proxy/containers/docker:20.10.16-dind" already present on machine Normal Created 1s kubelet Created container svc-0 Normal Started 1s kubelet Started container svc-0 [root@anolis-7-9 ~]#