debian-mirror-gitlab/doc/user/clusters/agent/install/index.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

226 lines
12 KiB
Markdown
Raw Normal View History

2021-12-11 22:18:48 +05:30
---
stage: Configure
group: Configure
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
2022-05-07 20:08:51 +05:30
# Installing the agent for Kubernetes **(FREE)**
2021-12-11 22:18:48 +05:30
2022-04-04 11:22:00 +05:30
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/6290) from GitLab Premium to GitLab Free in 14.5.
> - [Introduced](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/594) multi-arch images in GitLab 14.8. The first multi-arch release is `v14.8.1`. It supports AMD64 and ARM64 architectures.
2022-05-07 20:08:51 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/603) ARM architecture support in GitLab 14.9.
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
To connect a Kubernetes cluster to GitLab, you must install an agent in your cluster.
2021-12-11 22:18:48 +05:30
2022-04-04 11:22:00 +05:30
## Prerequisites
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
Before you can install the agent in your cluster, you need:
- An existing Kubernetes cluster. If you don't have a cluster, you can create one on a cloud provider, like:
2022-04-04 11:22:00 +05:30
- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/docs/quickstart)
- [Amazon Elastic Kubernetes Service (EKS)](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html)
- [Digital Ocean](https://docs.digitalocean.com/products/kubernetes/quickstart/)
2022-07-23 23:45:48 +05:30
- On self-managed GitLab instances, a GitLab administrator must set up the
[agent server](../../../../administration/clusters/kas.md).
Then it will be available by default at `wss://gitlab.example.com/-/kubernetes-agent/`.
2022-05-07 20:08:51 +05:30
On GitLab.com, the agent server is available at `wss://kas.gitlab.com`.
2021-12-11 22:18:48 +05:30
## Installation steps
2022-05-07 20:08:51 +05:30
To install the agent in your cluster:
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
1. Optional. [Create an agent configuration file](#create-an-agent-configuration-file).
2022-05-07 20:08:51 +05:30
1. [Register the agent with GitLab](#register-the-agent-with-gitlab).
1. [Install the agent in your cluster](#install-the-agent-in-the-cluster).
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> Watch a GitLab 14.2 [walk-through of this process](https://www.youtube.com/watch?v=XuBpKtsgGkE).
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
### Create an agent configuration file
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7, the agent configuration file can be added to multiple directories (or subdirectories) of the repository.
> - Group authorization was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
The agent uses a YAML file for configuration settings. You must create this file if:
- You use [a GitOps workflow](../gitops.md#gitops-workflow-steps).
- You use [a GitLab CI/CD workflow](../ci_cd_workflow.md#gitlab-cicd-workflow-steps) and want to authorize a different project to use the agent.
To create an agent configuration file:
1. Choose a name for your agent. The agent name follows the
[DNS label standard from RFC 1123](https://tools.ietf.org/html/rfc1123). The name must:
- Be unique in the project.
- Contain at most 63 characters.
- Contain only lowercase alphanumeric characters or `-`.
- Start with an alphanumeric character.
- End with an alphanumeric character.
1. In the repository, create a directory in this location:
2022-07-16 23:28:13 +05:30
2022-07-23 23:45:48 +05:30
```plaintext
.gitlab/agents/<agent-name>
```
2022-07-16 23:28:13 +05:30
2022-07-23 23:45:48 +05:30
1. In the directory, create a `config.yaml` file. Ensure the filename ends in `.yaml`, not `.yml`.
You can leave the file blank for now, and [configure it](#configure-your-agent) later.
2022-07-16 23:28:13 +05:30
2022-05-07 20:08:51 +05:30
### Register the agent with GitLab
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5786) in GitLab 14.1, you can create a new agent record directly from the GitLab UI.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/347240) in GitLab 14.9, the agent can be registered without creating an agent configuration file.
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
FLAG:
In GitLab 14.10, a [flag](../../../../administration/feature_flags.md) named `certificate_based_clusters` changed the **Actions** menu to focus on the agent rather than certificates. The flag is [enabled on GitLab.com and self-managed](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
2022-05-07 20:08:51 +05:30
Prerequisites:
2021-12-11 22:18:48 +05:30
2022-07-16 23:28:13 +05:30
- For a [GitLab CI/CD workflow](../ci_cd_workflow.md), ensure that
2022-05-07 20:08:51 +05:30
[GitLab CI/CD is enabled](../../../../ci/enable_or_disable_ci.md#enable-cicd-in-a-project).
2021-12-11 22:18:48 +05:30
2022-07-16 23:28:13 +05:30
You must register an agent before you can install the agent in your cluster. To register an agent:
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
1. On the top bar, select **Menu > Projects** and find your project.
2022-07-16 23:28:13 +05:30
If you have an [agent configuration file](#create-an-agent-configuration-file),
it must be in this project. Your cluster manifest files should also be in this project.
2022-05-07 20:08:51 +05:30
1. From the left sidebar, select **Infrastructure > Kubernetes clusters**.
2022-06-21 17:19:12 +05:30
1. Select **Connect a cluster (agent)**.
2022-07-23 23:45:48 +05:30
- If you want to create a configuration with CI/CD defaults, type a name.
2022-05-07 20:08:51 +05:30
- If you already have an [agent configuration file](#create-an-agent-configuration-file), select it from the list.
1. Select **Register an agent**.
2022-08-13 15:12:31 +05:30
1. GitLab generates an access token for the agent. You need this token to install the agent
2022-07-23 23:45:48 +05:30
in your cluster and to [update the agent](#update-the-agent-version) to another version.
2022-08-13 15:12:31 +05:30
WARNING:
Securely store the agent access token. A bad actor can use this token to access source code in the agent's configuration project, access source code in any public project on the GitLab instance, or even, under very specific conditions, obtain a Kubernetes manifest.
2022-07-23 23:45:48 +05:30
1. Copy the command under **Recommended installation method**. You need it when you use
the one-liner installation method to install the agent in your cluster.
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
### Install the agent in the cluster
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
> Introduced in GitLab 14.10, GitLab recommends using Helm to install the agent.
2022-03-02 08:16:31 +05:30
2022-06-21 17:19:12 +05:30
To connect your cluster to GitLab, install the registered agent
in your cluster. You can either:
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
- [Install the agent with Helm](#install-the-agent-with-helm).
- Or, follow the [advanced installation method](#advanced-installation-method).
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
If you do not know which one to choose, we recommend starting with Helm.
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
#### Install the agent with Helm
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
To install the agent on your cluster using Helm:
2022-04-04 11:22:00 +05:30
2022-07-16 23:28:13 +05:30
1. [Install Helm](https://helm.sh/docs/intro/install/).
2022-05-07 20:08:51 +05:30
1. In your computer, open a terminal and [connect to your cluster](https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/).
2022-07-16 23:28:13 +05:30
1. Run the command you copied when you [registered your agent with GitLab](#register-the-agent-with-gitlab).
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
Optionally, you can [customize the Helm installation](#customize-the-helm-installation).
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
##### Customize the Helm installation
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
By default, the Helm installation command generated by GitLab:
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
- Creates a namespace `gitlab-agent` for the deployment (`--namespace gitlab-agent`). You can skip creating the namespace by omitting the `--create-namespace` flag.
- Sets up a service account for the agent with `cluster-admin` rights. You can:
- Skip creating the service account by adding `--set serviceAccount.create=false` to the `helm install` command. In this case, you must set `serviceAccount.name` to a pre-existing service account.
- Skip creating the RBAC permissions by adding `--set rbac.create=false` to the `helm install` command. In this case, you must bring your own RBAC permissions for the agent. Otherwise, it has no permissions at all.
- Creates a `Secret` resource for the agent's access token. To instead bring your own secret with a token, omit the token (`--set token=...`) and instead use `--set config.secretName=<your secret name>`.
2022-03-02 08:16:31 +05:30
- Creates a `Deployment` resource for the `agentk` pod.
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
To see the full list of customizations available, see the Helm chart's [default values file](https://gitlab.com/gitlab-org/charts/gitlab-agent/-/blob/main/values.yaml).
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
##### Use the agent behind an HTTP proxy
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351867) in GitLab 15.0, the GitLab agent Helm chart supports setting environment variables.
To configure an HTTP proxy when using the Helm chart, you can use the environment variables `HTTP_PROXY`, `HTTPS_PROXY`,
and `NO_PROXY`. Upper and lowercase are both acceptable.
You can set these variables by using the `extraEnv` value, as a list of objects with keys `name` and `value`.
For example, to set only the environment variable `HTTPS_PROXY` to the value `https://example.com/proxy`, you can run:
```shell
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--set extraEnv[0].name=HTTPS_PROXY \
--set extraEnv[0].value=https://example.com/proxy \
...
```
2022-06-21 17:19:12 +05:30
#### Advanced installation method
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
GitLab also provides a [KPT package for the agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/build/deployment/gitlab-agent). This method provides greater flexibility, but is only recommended for advanced users.
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
### Configure your agent
To configure your agent, add content to the `config.yaml` file:
2022-08-13 15:12:31 +05:30
- For a GitOps workflow, [view the configuration reference](../gitops.md#gitops-configuration-reference).
- For a GitLab CI/CD workflow, [authorize the agent to access your projects](../ci_cd_workflow.md#authorize-the-agent). Then
[add `kubectl` commands to your `.gitlab-ci.yml` file](../ci_cd_workflow.md#update-your-gitlab-ciyml-file-to-run-kubectl-commands).
2022-07-23 23:45:48 +05:30
2022-05-07 20:08:51 +05:30
## Install multiple agents in your cluster
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
To install a second agent in your cluster, you can follow the [previous steps](#register-the-agent-with-gitlab) a second time. To avoid resource name collisions within the cluster, you must either:
2022-07-23 23:45:48 +05:30
- Use a different release name for the agent, for example, `second-gitlab-agent`:
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
```shell
helm upgrade --install second-gitlab-agent gitlab/gitlab-agent ...
```
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
- Or, install the agent in a different namespace, for example, `different-namespace`:
2021-12-11 22:18:48 +05:30
2022-06-21 17:19:12 +05:30
```shell
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--namespace different-namespace \
...
```
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
## Example projects
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
The following example projects can help you get started with the agent.
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
- [Configuration repository with minimal manifests](https://gitlab.com/gitlab-examples/ops/gitops-demo/k8s-agents)
- [Distinct application and manifest repository example](https://gitlab.com/gitlab-examples/ops/gitops-demo/hello-world-service-gitops)
- [Auto DevOps setup that uses the CI/CD workflow](https://gitlab.com/gitlab-examples/ops/gitops-demo/hello-world-service)
- [Cluster management project template example that uses the CI/CD workflow](https://gitlab.com/gitlab-examples/ops/gitops-demo/cluster-management)
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
## Updates and version compatibility
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340882) in GitLab 14.8, GitLab warns you on the agent's list page to update the agent version installed on your cluster.
2022-04-04 11:22:00 +05:30
2022-07-23 23:45:48 +05:30
For the best experience, the version of the agent installed in your cluster should match the GitLab major and minor version. The previous minor version is also supported. For example, if your GitLab version is v14.9.4 (major version 14, minor version 9), then versions v14.9.0 and v14.9.1 of the agent are ideal, but any v14.8.x version of the agent is also supported. See [the release page](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/releases) of the GitLab agent.
2022-04-04 11:22:00 +05:30
2022-05-07 20:08:51 +05:30
### Update the agent version
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
To update the agent to the latest version, you can run:
2022-01-26 12:08:38 +05:30
2022-06-21 17:19:12 +05:30
```shell
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--reuse-values
```
2022-01-26 12:08:38 +05:30
2022-06-21 17:19:12 +05:30
To set a specific version, you can override the `image.tag` value. For example, to install version `v14.9.1`, run:
2022-01-26 12:08:38 +05:30
2022-06-21 17:19:12 +05:30
```shell
helm upgrade gitlab-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--reuse-values \
--set image.tag=v14.9.1
```
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
## Uninstall the agent
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
If you [installed the agent with Helm](#install-the-agent-with-helm), then you can also uninstall with Helm. For example, if the release and namespace are both called `gitlab-agent`, then you can uninstall the agent using the following command:
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
```shell
helm uninstall gitlab-agent \
--namespace gitlab-agent
```