docker-gitlab icon indicating copy to clipboard operation
docker-gitlab copied to clipboard

Published 20 hours ago verified publisher icon sameersbn

Include builtin-kas in docker image provided by @kkimurak

Open yougotborked opened this issue 1 year ago • 16 comments

I would like to request builtin-kas be added to the image. See the fork provided by @kkimurak

As already reported above (https://github.com/sameersbn/docker-gitlab/pull/2598#issuecomment-1172864976), this image currently does not provides built-in KAS. This PR requires external KAS is exists.

If you have time to do that, could you please try to build and test my support-builtin-kas branch ?
In addition to the work done by @antt1995, I've made sure to build gitlab-kas when building the image and add setting for supervisord to launch kas if enabled. Also I have added configuration file for KAS and minimal configuration parameters.

I have never used Kubernetes so never tested if the registration success, but made sure the gitlab-kas service starts without exiting.
Here are new entries for env of docker-compose.yml on test:

services:
  gitlab:
    environment:
      GITLAB_KAS_ENABLED: 'true'
      # If we don't set this, built-in gitlab-kas will exit with an error
      # See https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/8069d9b79763859b5bcead437a28f4dc73b66ae8/cmd/kas/kasapp/configured_app.go#L96-98
      OWN_PRIVATE_API_URL: grpc://127.0.0.1:8155

Originally posted by @kkimurak in https://github.com/sameersbn/docker-gitlab/issues/2598#issuecomment-1225428725

yougotborked avatar Mar 24 '23 18:03 yougotborked

Hi @yougotborked , thanks for your request. Since you quoted me, I will write my stance on it. Sorry, but I am not going to create a pull request about it, at least not right now.

I was hoping that someone who needed it would test it, but there was no response. Unfortunately, I am a very selfish contributor and I am not going to spend my time testing a feature that I have no intention of using.

So, as we are not customer but community, if anyone is interested in this feature, I would appreciate it if you could confirm that it works (and possibly fix the problem) and open a pull request. I'll help if needed.

kkimurak avatar Mar 25 '23 09:03 kkimurak

Sorry for the delay in responding, I finally had some time to try to get it working today.

yougotborked avatar Apr 07 '23 00:04 yougotborked

Sorry didn't mean to close, I'll add more detail in a bit

yougotborked avatar Apr 07 '23 00:04 yougotborked

So far these are the changes I've had to make to even get things to start running, @kkimurak is the latest version of your changes pushed to your fork/branch?

  • there was no kas supervisord conf file, I created a dummy one that does nothing.
  • some of the env vars were not working unless i provided "some" default
  • read about needing to add some proxy url locations into the nginx config diff.txt

When I attempt to register an agent with a repository, I get this eror

image

I have the following in my docker-compose

    - GITLAB_KAS_ENABLED=true
    - OWN_PRIVATE_API_URL=grpc://127.0.0.1:8150
    - GITLAB_KAS_EXTERNAL=wws://git.myurl.com/-/kubernetes-agent/
    - GITLAB_KAS_PROXY=https://git.myurl.com/-/kubernetes-agent/k8s-proxy/

yougotborked avatar Apr 07 '23 02:04 yougotborked

First of all, I am thankful for taking the time to verify this code. And sorry but I have noticed that there is no change to assets/build/install.sh to build built-in KAS. It seems that I have dropped some commit during git-rebase by mistake.

I will restore the work and update my branch tonight (at least 7~8 hours later), so could you be so kind to wait for the work?

kkimurak avatar Apr 07 '23 03:04 kkimurak

Sure, no problem. thanks for taking a look

yougotborked avatar Apr 07 '23 03:04 yougotborked

@yougotborked Sorry for late, I have pushed support-builtin-kas_wip branch (kkimurak@08310de3). I have confirmed that built-in kas (v15.10.0) launches successfully, but got "GRPC::Unauthenticated" on registering agent and not sure what configuration am I missing.

image

I'll try to solve it, but if you have time, I'd appreciate it if you could build it yourself and see if it works.

Also, please note that there are some changes to configuration parameters

  • add GITLAB_AGENT_KAS_ENABLED to control built-in kas startup behavior: default to GITLAB_KAS_ENABLED
  • tweak name of some parameters thta only used for built-in kas (prefix GITLAB_AGENT_KAS_)
    • rename GITLAB_KAS_API_AUTHENTICATION_SECRET_FILE to GITLAB_AGENT_KAS_API_AUTHENCICATION_SECRET_FILE
    • rename GITLAB_KAS_PRIVATE_API_AUTHENTICATION_SECRET_FILE to GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE
    • rename GITLAB_KAS_REDIS_PASSWORD_FILE to GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE
  • and more

changelog

  • 2023.04.17 rebased onto 15.10.3, squash some commits : kkimurak@65059077 -> kkimurak@5dbe4964
  • 2023.04.21 reorder and squash commits : kkimurak@5dbe4964 -> kkimurak@08310de3

kkimurak avatar Apr 14 '23 11:04 kkimurak

Hi there, i'm interesting to have this feature, there is some news?

cristianorevil avatar May 18 '23 14:05 cristianorevil

Hi there, i'm interesting to have this feature, there is some news?

I have not had a chance to test the changes yet, but its on my to do list at some point.

Just so everyone knows my use case here, I'm self-hosting gitlab on a truenas scale VM running docker at the moment, and want to move it into the Truenas scale kubernetes feature. the only way to connect gitlab to their kubernetes implementation is via the kas agent running in the cluster node. They lock down manual manipulation of many features since they try to treat it more like an appliance rather than debian with a truenas GUI on top.

I also have gitlab runners deploying to docker running on vms now, but want them to be able to deploy directly to the truenas cluster.

yougotborked avatar May 18 '23 14:05 yougotborked

I tried to set it up (using https://github.com/kkimurak/docker-gitlab/tree/support-builtin-kas). I'm getting Error: not a valid boolean value: '' in section 'program:gitlab_kas' (file: '/etc/supervisor/conf.d/gitlab-kas.conf')

Am I missing something?

These are my settings: (gitlab runs within kubernetes cluster) - name: GITLAB_KAS_ENABLED value: true - name: GITLAB_AGENT_KAS_ENABLED value: true - name: OWN_PRIVATE_API_URL value: grpc://127.0.0.1:8155

th-2021 avatar Mar 22 '24 17:03 th-2021

Looks like /home/git/gitlab-agent/gitlab-kas_config.yaml is missing.

th-2021 avatar Mar 22 '24 18:03 th-2021

Another setting is required: - name: GITLAB_AGENT_BUILTIN_KAS_ENABLED value: "true"

Now I get:

Failed to register an agent GRPC::Unimplemented

What else could be missing?

th-2021 avatar Mar 22 '24 19:03 th-2021

@th-2021 Thank you for trying my patch. I rebased all the working branches on hand and it may cause problems (I did a build with gitlab 16.0.1 combined against gitlab-agent (KAS) 16.0.1, which is now gitlab 16.9.2 combined).

I just (mostly) finished my work #2917 so I'll work on it - or should I submit a draft pull request to have stable discussion?

kkimurak avatar Mar 24 '24 12:03 kkimurak

I'm following the branch on your site. That's ok for me. A draft PR might attract addional testers.I have another issue: my gitlab instance runs at a relative path and KAS doesn't support this (at least not in the UI). So I cannot register the agent. Any idea how I can register the agent from rails console?Am 24.03.2024 13:26 schrieb Kazunori Kimura @.***>: @th-2021 Thank you for trying my patch. I rebased all the working branches on hand and it may cause problems (I did a build with gitlab 16.0.1 combined against gitlab-agent (KAS) 16.0.1, which is now gitlab 16.9.2 combined). I just (mostly) finished my work #2917 so I'll work on it - or should I submit a draft pull request to have stable discussion?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

th-2021 avatar Mar 24 '24 12:03 th-2021