写点什么

极狐 GitLab 与 Flux 集成实现 GitOps

作者:极狐GitLab
  • 2023-12-11
    北京
  • 本文字数:5449 字

    阅读完需:约 18 分钟

极狐GitLab 与 Flux 集成实现 GitOps

flux 和 GitOps


众所周知,weaveworks 公司在 2017 年提出了 GitOps 这个概念,而 flux 是 weaveworks 开源的一款对 Kubernetes 上的应用实现持续交付的工具,2019 年 7 月 15 日 被 CNCF 接受,现在处于孵化阶段


关于 GitOps 的更多详细内容可以查看本公众号过往的文章:



简而言之:flux 是实现 GitOps 的一款开源工具。


极狐 GitLab 与 flux 的集成


flux 的使用是通过 flux 命令行来实现的。先进行 flux 命令行的安装。


flux 命令行安装


flux CLI 的安装可以参考官方文档。本文以 macOS 为例,使用下面的命令即可安装成功:


$ brew install fluxcd/tap/flux
复制代码


查看 flux 的版本,确认安装是否成功:


$ flux -vflux version 0.17.2
复制代码


极狐 GitLab + flux = GitOps


极狐 GitLab 与 flux 能够很好的集成,从而实现 GitOps workflow。其核心原理是:极狐 GitLab 作为单一可信源,当 极狐 GitLab 仓库有变更时,变更会自动同步至 Kubernetes 集群侧。示意图如下。



可以用 flux bootstrap 命令来创建一个 GitOps workflow。flux bootstrap 命令有很多参数,详细的使用可以用 flux bootstrap -h 来查看。在执行 bootstrap 命令之前,可以先用 flux check --pre 来做一个安装前的检查,确保目标 Kubernetes 集群的版本能够满足 flux 的要求。


$ flux check --pre► checking prerequisites✔ kubectl 1.21.2 >=1.18.0-0✔ Kubernetes 1.20.6-tke.3 >=1.16.0-0✔ prerequisites checks passed
复制代码


可以看到目标集群以及 kubectl 符合要求。


下面用 flux bootstrap 来创建一个基于极狐 GitLab 的 GitOps workflow。使用命令如下:


$ flux bootstrap gitlab \   --hostname gitlab.cn \   --interval 30s \   --owner xiaomage \   --private \   --repository flux-gitops \   --path jihu
复制代码


其中参数的具体含义为:


  • bootstrap gitlab:表明是基于 GitLab 仓库来进行 bootstrap 操作

  • hostname:指定 GitLab 的 hostname,默认是 gitlab.com,对于极狐 GitLab Saas 服务来讲是 gitlab.cn

  • interval:仓库的同步时间,默认是 1min

  • owner:极狐 GitLab 的用户名或者某个 Group

  • private:如果设置为 true 则 bootstrap 过程中创建的仓库是私有仓库(默认是 true)

  • repository:极狐 GitLab 的仓库名称

  • path:相对于极狐 GitLab 仓库根路径的相对路径


然后将获取的 token 注入为环境变量:


$ export GITLAB_TOKEN=YOUR-JiHu-GitLab-Token
复制代码


然后执行上述的 flux bootstrap 命令。可以看到整个 bootstrap 过程:


► connecting to https://gitlab.cn► cloning branch "main" from Git repository "https://gitlab.cn/xiaomage/flux-gitops.git"✔ cloned repository► generating component manifests✔ generated component manifests✔ committed sync manifests to "main" ("53f2232c92ad8769dc796d2e38995ee156fcf33b")► pushing component manifests to "https://gitlab.cn/xiaomage/flux-gitops.git"► installing components in "flux-system" namespace✔ installed components✔ reconciled components► determining if source secret "flux-system/flux-system" exists► generating source secret✔ public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDKHJ3QDk+UVJS8zYe0cFIqz3KNUDAFlKXf0NaGH/gwYW1L2XxFKfzJAQydc+DGBGnrEGFB3d21mUpaXkxrFsCEYOxPuh277jvVZsgBOCsWwXkbUCAAsogUJyNfUWvEdUZYYrZ//84o0QbPylnnoUw9Y5lvC8BcArZ13kGeRvxwDbcweGho3nBPa1JP+nq0+X+/2QT+5gor9uQsa8x4c8eOYApOlefGQ9nbhZdM/kfzLVU9yCTjkKPcu6iaAzWIE1JXt+90lMmL4CzqwNjN231hu6H1ZOpdW/mtTYY8Zp9Qx/0duSjtfTQsJUqDNS5CA/nQ2Y9VfaLeTI06cI44kb✔ configured deploy key "flux-system-main-flux-system-./jihu" for "https://gitlab.cn/xiaomage/flux-gitops"► applying source secret "flux-system/flux-system"✔ reconciled source secret► generating sync manifests✔ generated sync manifests✔ committed sync manifests to "main" ("28df0fae5bc6327cbcaf2884a775110cb937f78b")► pushing sync manifests to "https://gitlab.cn/xiaomage/flux-gitops.git"► applying sync manifests✔ reconciled sync configuration◎ waiting for Kustomization "flux-system/flux-system" to be reconciled✗ context deadline exceeded► confirming components are healthy✔ helm-controller: deployment ready✔ kustomize-controller: deployment ready✔ notification-controller: deployment ready✔ source-controller: deployment ready✔ all components are healthy
复制代码


整个过程,大概有如下几个操作:


  • 在极狐 GitLab 上创建名为 flux-gitops 的仓库(由 bootstrap 时的 repository 参数指定);

  • 自动创建包含 GitOps toolkit components 的 manifest 文件(gotk-components.yaml);

  • 根据上述生成的 manifest 文件创建 GitOps toolkit components;

  • 生成并添加 Deploy key;

  • 自动创建包含 GitOps toolkit sync 信息的 manifest 文件(gotk-sync.yaml);

  • 检查 GitOps toolkit 相关 components 的健康状态


可以在极狐 GitLab 上面查看 bootstrap 过程中创建的仓库,其目录结构为:


.└── jihu    └── flux-system        ├── gotk-components.yaml        ├── gotk-sync.yaml        └── kustomization.yaml
2 directories, 3 files
复制代码


jihu 为 bootstrap 时由 path 指定的参数。


添加的 Deploy key 可以在 flux-gitops 仓库的 Settings --> Repository --> Deploy keys 查看:



查看 GitOps toolkit components 的状态:


$ kubectl -n flux-system get podsNAME                                       READY   STATUS    RESTARTS   AGEhelm-controller-5dfb499dfb-fpjgh           1/1     Running   0          7h45mkustomize-controller-5458d94d5c-x4cjs      1/1     Running   0          7h45mnotification-controller-5b5dd6d7d9-z96xc   1/1     Running   0          7h45msource-controller-cbcbbc677-r2ptp          1/1     Running   0          7h45m
复制代码


而且可以查看 source-controller 组件的 log:


$ kubectl -n flux-system logs -f source-controller-cbcbbc677-r2ptp{"level":"info","ts":"2021-09-26T13:37:59.418Z","logger":"controller.gitrepository","msg":"Reconciliation finished in 730.754068ms, next run in 30s","reconciler group":"source.toolkit.fluxcd.io","reconciler kind":"GitRepository","name":"flux-system","namespace":"flux-system"}
复制代码


可以看到通过 Reconciliation 进行 sync 的同步间隔为 bootstrap 时指定的 30s。此时,说明 GitOps workflow 机制已经运行起来了:flux 已经在监听 flux-gitops 仓库的状态了,一旦有变更就会自动进行同步。


接下来做一个 GitOps workflow 的 Demo。


GitOps Demo


此时 flux 的组件已经在监听极狐 GitLab 仓库 flux-gitops 了,一旦这个仓库下面有任何变更,就会把变更自动同步至 Kubernetes 集群侧。为了触发 GitOps workflow 并进行验证,在 flux-gitops 仓库中添加一个 manifest 文件,此时仓库的目录结构变为:


.├── flux-system│   ├── gotk-components.yaml│   ├── gotk-sync.yaml│   └── kustomization.yaml└── jihu-gitlab    └── manifest.yaml
2 directories, 4 files
复制代码


manifest.yaml 文件中包含创建 namespace、deployment、service、secret 等资源所需的内容。


然后提交代码至极狐 GitLab 仓库。然后可以看到多了一个名为 flux-gitops 的 namespace:


$ kubectl get nsflux-gitops        Active   1s
复制代码


查看此 namespace 下面的 pod:


$ kubectl -n flux-gitops get podsNAME                      READY   STATUS    RESTARTS   AGEdeploy-796886df9b-62jmd   1/1     Running   0          13s
复制代码


再进一步,将 manifest.yaml 中 deployment 的 replicas 设置为 2,观察 flux-gitops namespace 下面的 pod 变化:


$ kubectl -n flux-gitops get pods -wNAME                      READY   STATUS    RESTARTS   AGEdeploy-796886df9b-62jmd   1/1     Running   0          11hdeploy-796886df9b-s9v87   0/1     Pending   0          0sdeploy-796886df9b-s9v87   0/1     Pending   0          0sdeploy-796886df9b-s9v87   0/1     Pending   0          0sdeploy-796886df9b-s9v87   0/1     Pending   0          0sdeploy-796886df9b-s9v87   0/1     ContainerCreating   0          0sdeploy-796886df9b-s9v87   0/1     ContainerCreating   0          1sdeploy-796886df9b-s9v87   1/1     Running             0          3s
$ kubectl -n flux-gitops get podsNAME READY STATUS RESTARTS AGEdeploy-796886df9b-62jmd 1/1 Running 0 11hdeploy-796886df9b-s9v87 1/1 Running 0 7s
复制代码


可以看到 pod 的副本数变成了两个。整个过程可以查看 kustomize-controller 的 log,能够看到如下关于 sync 的内容:


$ kubectl -n flux-system logs -f kustomize-controller-5458d94d5c-x4cjs{"level":"info","ts":"2021-09-27T01:11:08.155Z","logger":"controller.kustomization","msg":"Kustomization applied in 1.829340287s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"flux-system","namespace":"flux-system","output":{"clusterrole.rbac.authorization.k8s.io/crd-controller-flux-system":"configured","clusterrolebinding.rbac.authorization.k8s.io/cluster-reconciler-flux-system":"configured","clusterrolebinding.rbac.authorization.k8s.io/crd-controller-flux-system":"configured","customresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/buckets.source.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/gitrepositories.source.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/helmcharts.source.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/helmreleases.helm.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/helmrepositories.source.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/kustomizations.kustomize.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/providers.notification.toolkit.fluxcd.io":"configured","customresourcedefinition.apiextensions.k8s.io/receivers.notification.toolkit.fluxcd.io":"configured","deployment.apps/deploy":"configured","deployment.apps/helm-controller":"configured","deployment.apps/kustomize-controller":"configured","deployment.apps/notification-controller":"configured","deployment.apps/source-controller":"configured","gitrepository.source.toolkit.fluxcd.io/flux-system":"configured","kustomization.kustomize.toolkit.fluxcd.io/flux-system":"configured","namespace/flux-gitops":"configured","namespace/flux-system":"configured","networkpolicy.networking.k8s.io/allow-egress":"configured","networkpolicy.networking.k8s.io/allow-scraping":"configured","networkpolicy.networking.k8s.io/allow-webhooks":"configured","secret/jihu-gitlab-cr":"configured","secret/secret-env":"configured","service/notification-controller":"configured","service/source-controller":"configured","service/svc":"configured","service/webhook-receiver":"configured","serviceaccount/helm-controller":"configured","serviceaccount/kustomize-controller":"configured","serviceaccount/notification-controller":"configured","serviceaccount/source-controller":"configured"}}{"level":"info","ts":"2021-09-27T01:11:08.436Z","logger":"controller.kustomization","msg":"Reconciliation finished in 3.900295254s, next run in 10m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"flux-system","namespace":"flux-system","revision":"main/9f09f2a078c7f13287df1ed694df7deb45cfb5ed"}
复制代码


可以看到变更被捕获且进行了同步。也即意味着实现了 GitOps workflow。


写在最后


GitOps 被认为是云原生应用程序和基础设施部署与管理的新模式。极狐 GitLab 在 13.x 版本中陆续引入了 Kubernetes Agent 来支持 GitOps workflow。而且每个版本都在不断的迭代和完善。不同于使用 ArgoCD 和 Flux 的是:极狐 GitLab 的 GitOps 能力是原生的,不需要额外去安装和管理类似 ArgoCD 和 Flux 这样的第三方软件,减少了维护成本。


关于极狐 GitLab 对于 GitOps workflow 的支持,可以查看公众号文章让 KAS 给 GitOps 插上腾飞的翅膀

发布于: 刚刚阅读数: 3
用户头像

极狐GitLab

关注

开源开放,人人贡献 2021-05-19 加入

开放式一体化DevOps平台,助力行业高速协同增长!

评论

发布
暂无评论
极狐GitLab 与 Flux 集成实现 GitOps_开源_极狐GitLab_InfoQ写作社区