2023-03-25

pkos) cd flow 구성 (harbor-gitlab-argocd) 1/2

aws에서 kops로 올린 클러스터 위에 harbor, gitlab, argocd server를 설치 후 간단하게 사용해봤다. 모두 helm을 이용하여 설치하였고 ingress의 설정들만 변경하였다. 설치하는 부분이 길어서 2개로 나누어 작성하였다. 해당 포스팅에서는 aws alb를 설정하여 설치하는 내용만 있고 사용하는 것은 다음 포스팅에서 시작된다. 🔗

install

harbor

(nyoung:default) [root@kops-ec2 ~]# kubectl create ns harbor
namespace/harbor created
(nyoung:default) [root@kops-ec2 ~]# helm repo add harbor https://helm.goharbor.io
"harbor" has been added to your repositories
(nyoung:default) [root@kops-ec2 ~]# helm fetch harbor/harbor --untar --version 1.11.0


###  vi ~/harbor/values.yaml ###
		 # aws에서 인증서 처리를 해줄 것이기 때문에 none으로 설정
		 19     certSource: none
     ..
		 34   ingress:
		 35     hosts:
		 36       core: harbor.nyoung.xyz
		 37       notary: notary.nyoung.xyz
		 ..
		 45     controller: alb
		 ..
		 48     className: alb
		 49     annotations:
		 50       alb.ingress.kubernetes.io/scheme: internet-facing
		 51       alb.ingress.kubernetes.io/target-type: ip
		 52       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
		 53       alb.ingress.kubernetes.io/certificate-arn: CERT_ARN
		 ..
		132 externalURL: https://harbor.nyoung.xyz
###############################

# 위에서 수정한 values.yaml 적용하여 설치
(nyoung:default) [root@kops-ec2 ~]# helm install harbor harbor/harbor -f ~/harbor/values.yaml --namespace harbor --version 1.11.0
NAME: harbor
LAST DEPLOYED: Mon Mar 20 22:01:28 2023
NAMESPACE: harbor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://harbor.nyoung.xyz
For more details, please visit https://github.com/goharbor/harbor

# 설치 확인
(nyoung:default) [root@kops-ec2 ~]#  helm list -n harbor
NAME  	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART        APP VERSION
harbor	harbor   	1       	2023-03-24 01:37:52.488063506 +0900 KST	deployed	harbor-1.11.02.7.0

# harbor 콘솔 주소
(nyoung:default) [root@kops-ec2 ~]# echo -e "harbor URL = https://harbor.nyoung.xyz"
harbor URL = https://harbor.nyoung.xyz

# 배포되는데 시간이 조금 걸린다. watch를 걸어서 생성되는 리소스들을 확인해보자
watch kubectl get pod,pvc,ingress -n harbor

harbor 접속 화면 1-0

gitlab

(nyoung:default) [root@kops-ec2 ~]# kubectl create ns gitlab
namespace/gitlab created
(nyoung:default) [root@kops-ec2 ~]# helm repo add gitlab https://charts.gitlab.io/
"gitlab" has been added to your repositories
(nyoung:default) [root@kops-ec2 ~]# helm repo update
Update Complete. ⎈Happy Helming!⎈
(nyoung:default) [root@kops-ec2 ~]# helm fetch gitlab/gitlab --untar --version 6.8.1


### vi ~/gitlab/values.yaml ###
		  51   hosts:
		  52     domain: nyoung.xyz
		  54     https: true
      ..
	 	  66   ingress:
		  67     apiVersion: ""
		  68     configureCertmanager: false
		  69     provider: aws
		  70     class: alb
		  71     annotations:
		  72       alb.ingress.kubernetes.io/scheme: internet-facing
		  73       alb.ingress.kubernetes.io/target-type: ip
		  74       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
		  75       alb.ingress.kubernetes.io/certificate-arn: CERT_ARN
		  76       alb.ingress.kubernetes.io/success-codes: 200-399
      # 하나의 alb에 여러 host가 등록됨
		  77       alb.ingress.kubernetes.io/group.name: "gitlab"
		  78     enabled: true
		  79     tls:
		  80        enabled: false
###############################
		

(nyoung:default) [root@kops-ec2 ~]# helm install gitlab gitlab/gitlab -f ~/gitlab/values.yaml --set certmanager.install=false --set nginx-ingress.enabled=false --set prometheus.install=false --set gitlab-runner.install=false --namespace gitlab --version 6.8.4

#77번줄의 alb.ingress.kubernetes.io/group.name: "gitlab" 에 따라 하나의 alb에 4가지 호스트로 분기처리 되었음을 확인 가능
(nyoung:default) [root@kops-ec2 ~]# kubectl get ingress -n gitlab
NAME                        CLASS   HOSTS                 ADDRESS                                                             PORTS   AGE
gitlab-kas                  alb     kas.nyoung.xyz        k8s-gitlab-3f31e16dc6-1024607030.ap-northeast-2.elb.amazonaws.com   80      3m39s
gitlab-minio                alb     minio.nyoung.xyz      k8s-gitlab-3f31e16dc6-1024607030.ap-northeast-2.elb.amazonaws.com   80      3m39s
gitlab-registry             alb     registry.nyoung.xyz   k8s-gitlab-3f31e16dc6-1024607030.ap-northeast-2.elb.amazonaws.com   80      3m39s
gitlab-webservice-default   alb     gitlab.nyoung.xyz     k8s-gitlab-3f31e16dc6-1024607030.ap-northeast-2.elb.amazonaws.com   80      3m39s

(nyoung:default) [root@kops-ec2 ~]# kubectl get secrets -n gitlab gitlab-gitlab-initial-root-password --template= | base64 -d ;echo
# 디코딩된 비밀번호 확인 가능
(nyoung:default) [root@kops-ec2 ~]# echo -e "gitlab URL = https://gitlab.nyoung.xyz"
gitlab URL = https://gitlab.nyoung1.xyz

gitlab 콘솔 화면 1-1

argocd

(nyoung:default) [root@kops-ec2 ~]# kubectl create ns argocd
namespace/argocd created
(nyoung:default) [root@kops-ec2 ~]# helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
(nyoung:default) [root@kops-ec2 ~]# helm repo update
Update Complete. ⎈Happy Helming!⎈
(nyoung:default) [root@kops-ec2 ~]# helm install argocd argo/argo-cd --set server.service.type=LoadBalancer --namespace argocd --version 5.19.14

# 위와 같이 생성시 lb type이 classic lb로 생성되어 차트를 받아 수정해주었다.
(nyoung:default) [root@kops-ec2 ~]# helm fetch argo/argo-cd --untar  

### vi ~/argo-cd/values.yaml ###
		 # configs.params.server.insecure: true
     # argocd server에서 tls 처리하지 않음       
		 225     server.insecure: true
		  ..
		1794   ingress:
		1796     enabled: true
		1798     annotations:
		1799       alb.ingress.kubernetes.io/scheme: internet-facing
		1800       alb.ingress.kubernetes.io/target-type: ip
		1801       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
		1802       alb.ingress.kubernetes.io/certificate-arn: CERT_ARN
		1809     ingressClassName: alb
      ..
		1815     hosts:
		1816        - argocd.nyoung.xyz
		  ..
		1840     https: true
	    ..
		1844   ingressGrpc:
		1846     enabled: true
		1849     isAWSALB: true
		1851     annotations:
		1852       alb.ingress.kubernetes.io/scheme: internet-facing
		1853       alb.ingress.kubernetes.io/target-type: ip
		1854       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
		1855       alb.ingress.kubernetes.io/certificate-arn: CERT_ARN
		1860     ingressClassName: alb
		1861
		1862     awsALB:
    # IP mode 사용하기 위해 변경
		1869       serviceType: ClusterIP
      ..
		1880     hosts:
		1881       - argocd.nyoung.xyz
		1905     https: true
###############################

(nyoung:default) [root@kops-ec2 ~]# helm upgrade argocd argo/argo-cd -f ~/argo-cd/values.yaml -n argocd --version 5.19.14

(nyoung:default) [root@kops-ec2 ~]# helm list -n argocd
NAME  	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART          	APP VERSION
argocd	argocd   	4       	2023-03-24 03:25:08.277324442 +0900 KST	deployed	argo-cd-5.19.14	v2.5.10

(nyoung:default) [root@kops-ec2 ~]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
# 디코딩된 비밀번호 확인 가능
(nyoung:default) [root@kops-ec2 ~]# echo -e "Argocd Web URL = https://argocd.nyoung.xyz"
Argocd Web URL = https://argocd.nyoung.xyz

1-2

참고