如何配置供所有GitLab repo使用的暂存命名空间?
在组级别上,我在GitLab中配置了一个Kubernetes集群,我希望能够为如何配置供所有GitLab repo使用的暂存命名空间?,git,docker,kubernetes,gitlab,Git,Docker,Kubernetes,Gitlab,在组级别上,我在GitLab中配置了一个Kubernetes集群,我希望能够为staging配置一个专用的名称空间,用于我的所有repo,以便在微服务之间轻松通信 在我的.gitlab ci.yml文件中: staging: stage: staging variables: APP_NAME: staging-website-frontend APP_LABEL: staging DEPLOY_HOST: lanorr.eu environment:
staging
配置一个专用的名称空间,用于我的所有repo,以便在微服务之间轻松通信
在我的.gitlab ci.yml
文件中:
staging:
stage: staging
variables:
APP_NAME: staging-website-frontend
APP_LABEL: staging
DEPLOY_HOST: lanorr.eu
environment:
name: staging
url: http://lanorr.eu/
image: roffe/kubectl:v1.13.0
script:
- kubectl delete --ignore-not-found=true secret gitlab-auth
- kubectl create secret docker-registry gitlab-auth --docker-server=$CI_REGISTRY --docker-username=$KUBE_PULL_USER --docker-password=$KUBE_PULL_PASS
- cat k8s/deployment.yml | envsubst | kubectl apply -f -
only:
- master
kind: Service
apiVersion: v1
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "5000"
name: ${APP_NAME}
spec:
selector:
app: ${APP_LABEL}
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 5000
---
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: ${APP_NAME}
labels:
app: ${APP_LABEL}
spec:
replicas: 3
selector:
matchLabels:
app: ${APP_LABEL}
template:
metadata:
labels:
app: ${APP_LABEL}
spec:
imagePullSecrets:
- name: gitlab-auth
containers:
- name: ${APP_NAME}
image: "${DOCKER_IMAGE_TAG}"
ports:
- containerPort: 5000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ${APP_NAME}-ingress
spec:
rules:
- host: ${DEPLOY_HOST}
http:
paths:
- backend:
serviceName: ${APP_NAME}
servicePort: 80
我曾尝试将-export KUBE_NAMESPACE=staging
添加到脚本部分,但没有如预期那样成功
和我的k8s/deployment.yml
文件:
staging:
stage: staging
variables:
APP_NAME: staging-website-frontend
APP_LABEL: staging
DEPLOY_HOST: lanorr.eu
environment:
name: staging
url: http://lanorr.eu/
image: roffe/kubectl:v1.13.0
script:
- kubectl delete --ignore-not-found=true secret gitlab-auth
- kubectl create secret docker-registry gitlab-auth --docker-server=$CI_REGISTRY --docker-username=$KUBE_PULL_USER --docker-password=$KUBE_PULL_PASS
- cat k8s/deployment.yml | envsubst | kubectl apply -f -
only:
- master
kind: Service
apiVersion: v1
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "5000"
name: ${APP_NAME}
spec:
selector:
app: ${APP_LABEL}
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 5000
---
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: ${APP_NAME}
labels:
app: ${APP_LABEL}
spec:
replicas: 3
selector:
matchLabels:
app: ${APP_LABEL}
template:
metadata:
labels:
app: ${APP_LABEL}
spec:
imagePullSecrets:
- name: gitlab-auth
containers:
- name: ${APP_NAME}
image: "${DOCKER_IMAGE_TAG}"
ports:
- containerPort: 5000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ${APP_NAME}-ingress
spec:
rules:
- host: ${DEPLOY_HOST}
http:
paths:
- backend:
serviceName: ${APP_NAME}
servicePort: 80
在这里,我还尝试手动并通过一个ENV_变量添加名称空间
,但运气不佳。。我一直收到相同的错误,即GitLab Repo的ServiceAccount没有在此命名空间中查找服务和部署的权限
错误:
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"
...
from server for: "STDIN": ingresses.extensions "review-ci-testing-updqhr-la-danesa-web-ingress" is forbidden: User "system:serviceaccount:la-danesa-website-5:la-danesa-website-5-service-account" cannot get resource "ingresses" in API group "extensions" in the namespace "review-ci-testing"
它是一个自托管的gitlab服务器和一个自托管和自管理的kubernetes集群。除了我尝试为我的登台部署使用自定义名称空间外,一切都正常工作
你们有没有关于如何进行这项工作的建议
更新日期:2019年9月9日
我刚刚更新到12.2,我注意到我可以添加环境范围内的变量,尽管为环境staging
添加KUBE\u NAMESPACE='staging'
似乎不起作用。现在GitLab有了自动创建特定于环境的名称空间的功能,但我自己找不到一种方法来定制它,尽管文档中说应该可以覆盖:
在我更新到12.2之后,我还删除了集群并在GitLab中重新创建了它,因此所有内容都可以根据更改日志使用,但我仍然不知道如何为我的所有暂存微服务创建专用的暂存命名空间