我试图在已经有入口(由RKE创建的集群)的kubernetes集群上安装带有helm的gitlab . 使用gitlab,我想将它部署到单独的命名空间中 . 为此,我运行了以下命令:
$ gitlab-config helm upgrade --install gitlab gitlab/gitlab \
--timeout 600 \
--set global.hosts.domain=asdsa.asdasd.net \
--set certmanager-issuer.email=sd@cloudssky.com \
--set global.edition=ce \
--namespace gitlab-ci \
--set gitlab.migrations.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ce \
--set gitlab.sidekiq.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce \
--set gitlab.unicorn.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ce \
--set gitlab.unicorn.workhorse.image=registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce \
--set gitlab.task-runner.image.repository=registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce
但是使用cert-manager通过http01测试验证域时安装失败 . 为此,在运行上述命令之前,我已将基本域指向群集中的现有Load Balancer .
对于成功的http01验证,是否需要做一些不同的事情?
错误:
Conditions:
Last Transition Time: 2018-11-18T15:22:00Z
Message: http-01 self check failed for domain "asdsa.asdasd.net"
Reason: ValidateError
Status: False
Type: Ready
更多信息:
Load Balancer的运行状况检查也会一直失败 . 因此,即使使用自签名证书,安装也会失败 .
当试图ssh到其中一个节点并检查返回状态时,这是我看到的:
$ curl -v localhost:32030/healthz
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 32030 (#0)
> GET /healthz HTTP/1.1
> Host: localhost:32030
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< Content-Type: application/json
< Date: Mon, 19 Nov 2018 13:38:49 GMT
< Content-Length: 114
<
{
"service": {
"namespace": "gitlab-ci",
"name": "gitlab-nginx-ingress-controller"
},
"localEndpoints": 0
* Connection #0 to host localhost left intact
}
并且,当我检查入口控制器服务时,它已启动并运行:
gitlab-nginx-ingress-controller LoadBalancer 10.43.168.81 XXXXXXXXXXXXXX.us-east-2.elb.amazonaws.com 80:32006/TCP,443:31402/TCP,22:31858/TCP
2 回答
看起来它正在尝试验证一个空域
"". 我会尝试安装指定负载均衡器的ExternalIP:如docs中所述 .
这个问题在这里解决了 - https://gitlab.com/charts/gitlab/issues/939
基本上,线程中提到的解决方案没有正式记录,因为它需要确认 .