Hello!
I am trying to setup integration of an on-premise gitlab-ce omnibus deployment with a microk8s cluster but appear to have hit a small roadblock. Would appreciate any help at all!
Heres some context about my environment:
The GitLab service is running behind a reverse proxy that handles HTTPS.
[external traffic] - https -> [reverse proxy] - http -> [GitLab] <- ? -> [microk8s]
My initial gitlab-rb
included the gitlab-kas section that looked like the following (actual hostname changed to “company.com”)
##! Settings used by the GitLab application
gitlab_rails['gitlab_kas_enabled'] = true
gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.company.com/-/kubernetes-agent/'
gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.company.com/-/kubernetes-agent/k8s-proxy/'
##! Define to enable GitLab KAS
gitlab_kas_external_url "ws://gitlab.company.com/-/kubernetes-agent/"
gitlab_kas['enable'] = true
Next I attempted to register an agent on my microk8s cluster by running the following commands
microk8s helm repo add gitlab https://charts.gitlab.io
microk8s helm repo update
microk8s helm upgrade --install k8s-integration-agent gitlab/gitlab-agent --namespace gitlab-agent-k8s-integration-agent --create-namespace --set image.tag=v16.3.0 --set config.token=<redacted> --set config.kasAddress=ws://gitlab.company.com/-/kubernetes-agent/
Things weren’t working right and I tried to look at some logs from the gitlab-agent pod.
{
"level": "error",
"time": "2023-09-11T06:29:51.035Z",
"msg": "Error handling a connection",
"mod_name": "reverse_tunnel",
"error": "Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: failed to WebSocket dial: expected handshake response status code 101 but got 301\""
}
After reading the troubleshooting guide at https://docs.gitlab.com/ee/user/clusters/agent/troubleshooting.html#transport-error-while-dialing-failed-to-websocket-dial, I double checked the addresses and found no problems with trailing slashes in my gitlab.rb
file.
At this point I suspected that the issue was because I was running GitLab behind a proxy which helpfully redirects non-https to https.
I then tried to follow the instructions at https://docs.gitlab.com/ee/administration/clusters/kas.html#configure-kas-to-listen-on-a-unix-socket to use a unix socket but got errors on the cluster registration page.
I think its because I botched the gitlab.rb
file which now looks like the following:
##! Settings used by the GitLab application
gitlab_rails['gitlab_kas_enabled'] = true
gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.company.com/-/kubernetes-agent/'
#gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
gitlab_rails['gitlab_kas_internal_url'] = 'unix:///var/opt/gitlab/gitlab-kas/sockets/internal-api.socket'
gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.company.com/-/kubernetes-agent/k8s-proxy/'
##! Define to enable GitLab KAS
gitlab_kas_external_url "ws://gitlab.company.com/-/kubernetes-agent/"
gitlab_kas['enable'] = true
gitlab_kas['internal_api_listen_network'] = 'unix'
gitlab_kas['internal_api_listen_address'] = '/var/opt/gitlab/gitlab-kas/sockets/internal-api.socket'
gitlab_kas['private_api_listen_network'] = 'unix'
gitlab_kas['private_api_listen_address'] = '/var/opt/gitlab/gitlab-kas/sockets/private-api.socket'
##! Environment variables for GitLab KAS
gitlab_kas['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
'OWN_PRIVATE_API_URL' => 'unix:///var/opt/gitlab/gitlab-kas/sockets/private-api.socket'
}
Did I mess up the gitlab_rails['gitlab_kas_internal_url']
setting somehow?
When attempting to register a new agent I get an Failed to register an agent GRPC::Unavailable
error