如何 kubectl 端口转发 GitLab 网络服务?
[英]how to kubectl port-forward GitLab webservice?
问题描述
I have deploy helm upgrade --install gitlab gitlab/gitlab --timeout 600s -f gitlab.yaml
我已经部署helm upgrade --install gitlab gitlab/gitlab --timeout 600s -f gitlab.yaml
gitlab.yaml is here, ip is minikube ip . gitlab.yaml在这里,ip是minikube ip
# values-minikube.yaml
# This example intended as baseline to use Minikube for the deployment of GitLab
# - Services that are not compatible with how Minikube runs are disabled
# - Configured to use 192.168.99.100, and nip.io for the domain
# Minimal settings
global:
ingress:
configureCertmanager: false
class: "nginx"
hosts:
domain: "${ip}.nip.io"
externalIP: "${ip}"
rails:
bootsnap:
enabled: false
shell:
# Configure the clone link in the UI to include the high-numbered NodePort
# value from below (gitlab.gitlab-shell.service.nodePort)
port: 32022
psql:
host: ${POSTGRES_K8S_SERVICE}
database: postgres
username: postgres
password:
secret: ${POSTGRES_K8S_SERVICE}
key: postgresql-password
# Don't use certmanager, we'll self-sign
certmanager:
install: false
# Use the "ingress" addon, not our Ingress (can't map 22/80/443)
nginx-ingress:
enabled: false
# Save resources, only 3 CPU
prometheus:
install: false
gitlab-runner:
install: false
# Reduce replica counts, reducing CPU & memory requirements
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
# Map gitlab-shell to a high-numbered NodePort to support cloning over SSH since
# Minikube takes port 22.
service:
type: NodePort
nodePort: 32022
registry:
hpa:
minReplicas: 1
maxReplicas: 1
After deploying, it will generate several ingresses, but we cannot access them by using external machine .部署后会生成多个入口,但我们无法通过外部机器访问它们。
So I try to forward them by所以我尝试通过
kubectl port-forward --namespace default svc/gitlab-webservice-default 9000:8080 --address 0.0.0.0
kubectl port-forward --namespace default svc/gitlab-webservice-default 9001:8081 --address 0.0.0.0
8080 are from ingress/gitlab-webservice-default . 8080 来自ingress/gitlab-webservice-default 。 9001 cannot be access, It means I cannot access https 9001无法访问,表示无法访问 https
rules:
- host: gitlab.192.168.49.2.nip.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: gitlab-webservice-default
servicePort: 8181
- path: /admin/sidekiq
pathType: ImplementationSpecific
backend:
serviceName: gitlab-webservice-default
servicePort: 8080
But it seems not work when I try to login.但是当我尝试登录时它似乎不起作用。
422
The change you requested was rejected.
Please contact your GitLab administrator if you think this is a mistake.
1 个解决方案
解决方案1
0 2021-07-14 20:02:40
This issue is poorly documented via gitlab itself and the below 'answer' is for any googlers (hint, it's not really an answer):这个问题通过 gitlab 本身没有得到很好的记录,下面的“答案”适用于任何谷歌员工(提示,这不是真正的答案):
The gitlab minikube setup spins up it's own ingress controllers that are bypassed, which is where TLS would normally be terminated. gitlab minikube 设置启动了它自己的被绕过的入口控制器,这是 TLS 通常会终止的地方。 The '422' error is legitimate because localhost:8080 does not provide a valid authenticity token to be processed by the host gitlab.192.168.49.2.nip.io “422”错误是合法的,因为localhost:8080没有提供要由主机gitlab.192.168.49.2.nip.io处理的有效真实性令牌
You can confirm this by tailing the logs of the webserver container (it outputs all logging to stdout).您可以通过跟踪 webserver 容器的日志来确认这一点(它将所有日志输出到标准输出)。
So you can either disable to CSRF token check in the omniauth.rb file inside config/initializers and restart the rails instance, or move away from minikube (we used KinD to get this working) since ingress appeared to be broken with the gitlab setup.因此,您可以在config/initializers中的omniauth.rb文件中禁用 CSRF 令牌检查并重新启动 rails 实例,或者远离 minikube(我们使用 KinD 来使其工作),因为 gitlab 设置似乎破坏了入口。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.