debian-mirror-gitlab/doc/topics/autodevops/requirements.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

189 lines
10 KiB
Markdown
Raw Normal View History

2021-01-29 00:20:46 +05:30
---
stage: Configure
group: Configure
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2021-03-11 19:13:27 +05:30
# Requirements for Auto DevOps **(FREE)**
2020-06-23 00:09:42 +05:30
2021-10-27 15:23:28 +05:30
Before enabling [Auto DevOps](index.md), we recommend you to prepare it for
deployment. If you don't, you can use it to build and test your apps, and
then configure the deployment later.
To prepare the deployment:
1. Define the [deployment strategy](#auto-devops-deployment-strategy).
1. Prepare the [base domain](#auto-devops-base-domain).
2022-07-23 23:45:48 +05:30
1. Define where you want to deploy it:
2021-10-27 15:23:28 +05:30
1. [Kubernetes](#auto-devops-requirements-for-kubernetes).
2022-07-23 23:45:48 +05:30
1. [Amazon Elastic Container Service (ECS)](cloud_deployments/auto_devops_with_ecs.md).
1. [Amazon Elastic Kubernetes Service (EKS)](https://about.gitlab.com/blog/2020/05/05/deploying-application-eks/).
1. [Amazon EC2](cloud_deployments/auto_devops_with_ec2.md).
1. [Google Kubernetes Engine](cloud_deployments/auto_devops_with_gke.md).
2021-10-27 15:23:28 +05:30
1. [Bare metal](#auto-devops-requirements-for-bare-metal).
1. [Enable Auto DevOps](index.md#enable-or-disable-auto-devops).
## Auto DevOps deployment strategy
2022-08-13 15:12:31 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/38542) in GitLab 11.0.
2021-10-27 15:23:28 +05:30
When using Auto DevOps to deploy your applications, choose the
[continuous deployment strategy](../../ci/introduction/index.md)
that works best for your needs:
| Deployment strategy | Setup | Methodology |
|--|--|--|
| **Continuous deployment to production** | Enables [Auto Deploy](stages.md#auto-deploy) with the default branch continuously deployed to production. | Continuous deployment to production.|
| **Continuous deployment to production using timed incremental rollout** | Sets the [`INCREMENTAL_ROLLOUT_MODE`](customize.md#timed-incremental-rollout-to-production) variable to `timed`. | Continuously deploy to production with a 5 minutes delay between rollouts. |
| **Automatic deployment to staging, manual deployment to production** | Sets [`STAGING_ENABLED`](customize.md#deploy-policy-for-staging-and-production-environments) to `1` and [`INCREMENTAL_ROLLOUT_MODE`](customize.md#incremental-rollout-to-production) to `manual`. | The default branch is continuously deployed to staging and continuously delivered to production. |
You can choose the deployment method when enabling Auto DevOps or later:
2021-11-11 11:23:49 +05:30
1. In GitLab, on the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Settings > CI/CD**.
1. Expand **Auto DevOps**.
2021-10-27 15:23:28 +05:30
1. Choose the deployment strategy.
1. Select **Save changes**.
NOTE:
Use the [blue-green deployment](../../ci/environments/incremental_rollouts.md#blue-green-deployment) technique
to minimize downtime and risk.
## Auto DevOps base domain
The Auto DevOps base domain is required to use
[Auto Review Apps](stages.md#auto-review-apps), [Auto Deploy](stages.md#auto-deploy), and
[Auto Monitoring](stages.md#auto-monitoring).
To define the base domain, either:
- In the project, group, or instance level: go to your cluster settings and add it there.
- In the project or group level: add it as an environment variable: `KUBE_INGRESS_BASE_DOMAIN`.
2021-11-11 11:23:49 +05:30
- In the instance level: go to **Menu > Admin > Settings > CI/CD > Continuous Integration and Delivery** and add it there.
2021-10-27 15:23:28 +05:30
The base domain variable `KUBE_INGRESS_BASE_DOMAIN` follows the same order of precedence
as other environment [variables](../../ci/variables/index.md#cicd-variable-precedence).
If you don't specify the base domain in your projects and groups, Auto DevOps uses the instance-wide **Auto DevOps domain**.
2022-07-16 23:28:13 +05:30
Auto DevOps requires a wildcard DNS `A` record that matches the base domains. For
2021-10-27 15:23:28 +05:30
a base domain of `example.com`, you'd need a DNS entry like:
```plaintext
*.example.com 3600 A 1.2.3.4
```
In this case, the deployed applications are served from `example.com`, and `1.2.3.4`
is the IP address of your load balancer, generally NGINX ([see requirements](requirements.md)).
Setting up the DNS record is beyond the scope of this document; check with your
DNS provider for information.
Alternatively, you can use free public services like [nip.io](https://nip.io)
which provide automatic wildcard DNS without any configuration. For [nip.io](https://nip.io),
set the Auto DevOps base domain to `1.2.3.4.nip.io`.
After completing setup, all requests hit the load balancer, which routes requests
to the Kubernetes pods running your application.
2020-06-23 00:09:42 +05:30
## Auto DevOps requirements for Kubernetes
To make full use of Auto DevOps with Kubernetes, you need:
- **Kubernetes** (for [Auto Review Apps](stages.md#auto-review-apps),
[Auto Deploy](stages.md#auto-deploy), and [Auto Monitoring](stages.md#auto-monitoring))
To enable deployments, you need:
2021-11-18 22:05:49 +05:30
1. A [Kubernetes 1.12+ cluster](../../user/infrastructure/clusters/index.md) for your
project.
2020-06-23 00:09:42 +05:30
For Kubernetes 1.16+ clusters, you must perform additional configuration for
[Auto Deploy for Kubernetes 1.16+](stages.md#kubernetes-116).
2021-09-04 01:27:46 +05:30
1. For external HTTP traffic, an Ingress controller is required. For regular
deployments, any Ingress controller should work, but as of GitLab 14.0,
[canary deployments](../../user/project/canary_deployments.md) require
NGINX Ingress. You can deploy the NGINX Ingress controller to your
Kubernetes cluster either through the GitLab [Cluster management project template](../../user/clusters/management_project_template.md)
or manually by using the [`ingress-nginx`](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx)
Helm chart.
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
NOTE:
2021-09-04 01:27:46 +05:30
For metrics to appear when using the [Prometheus cluster integration](../../user/clusters/integrations.md#prometheus-cluster-integration), you must [enable Prometheus metrics](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx#prometheus-metrics).
When deploying [using custom charts](customize.md#custom-helm-chart), you must also
2020-06-23 00:09:42 +05:30
[annotate](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
2021-09-04 01:27:46 +05:30
the Ingress manifest to be scraped by Prometheus using
2020-06-23 00:09:42 +05:30
`prometheus.io/scrape: "true"` and `prometheus.io/port: "10254"`.
2021-09-04 01:27:46 +05:30
NOTE:
If your cluster is installed on bare metal, see
[Auto DevOps Requirements for bare metal](#auto-devops-requirements-for-bare-metal).
2020-06-23 00:09:42 +05:30
- **Base domain** (for [Auto Review Apps](stages.md#auto-review-apps),
[Auto Deploy](stages.md#auto-deploy), and [Auto Monitoring](stages.md#auto-monitoring))
2021-10-27 15:23:28 +05:30
You must [specify the Auto DevOps base domain](#auto-devops-base-domain),
2021-03-11 19:13:27 +05:30
which all of your Auto DevOps applications use. This domain must be configured
with wildcard DNS.
2020-06-23 00:09:42 +05:30
- **GitLab Runner** (for all stages)
2020-11-24 15:15:51 +05:30
Your runner must be configured to run Docker, usually with either the
2020-06-23 00:09:42 +05:30
[Docker](https://docs.gitlab.com/runner/executors/docker.html)
or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html) executors, with
[privileged mode enabled](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode).
2020-11-24 15:15:51 +05:30
The runners don't need to be installed in the Kubernetes cluster, but the
2020-06-23 00:09:42 +05:30
Kubernetes executor is easy to use and automatically autoscales.
2020-11-24 15:15:51 +05:30
You can configure Docker-based runners to autoscale as well, using
2021-09-30 23:02:18 +05:30
[Docker Machine](https://docs.gitlab.com/runner/executors/docker_machine.html).
2020-06-23 00:09:42 +05:30
2021-09-04 01:27:46 +05:30
Runners should be registered as [shared runners](../../ci/runners/runners_scope.md#shared-runners)
for the entire GitLab instance, or [specific runners](../../ci/runners/runners_scope.md#specific-runners)
that are assigned to specific projects.
2020-06-23 00:09:42 +05:30
- **Prometheus** (for [Auto Monitoring](stages.md#auto-monitoring))
To enable Auto Monitoring, you need Prometheus installed either inside or
outside your cluster, and configured to scrape your Kubernetes cluster.
2021-09-04 01:27:46 +05:30
If you've configured the GitLab integration with Kubernetes, you can
instruct GitLab to query an in-cluster Prometheus by enabling
the [Prometheus cluster integration](../../user/clusters/integrations.md#prometheus-cluster-integration).
2020-06-23 00:09:42 +05:30
2021-09-04 01:27:46 +05:30
The [Prometheus integration](../../user/project/integrations/prometheus.md)
integration must be activated for the project, or activated at the group or instance level.
Learn more about [Project integration management](../../user/admin_area/settings/project_integration_management.md).
2020-06-23 00:09:42 +05:30
To get response metrics (in addition to system metrics), you must
[configure Prometheus to monitor NGINX](../../user/project/integrations/prometheus_library/nginx_ingress.md#configuring-nginx-ingress-monitoring).
- **cert-manager** (optional, for TLS/HTTPS)
2021-11-18 22:05:49 +05:30
To enable HTTPS endpoints for your application, you can [install cert-manager](https://cert-manager.io/docs/installation/supported-releases/),
2020-06-23 00:09:42 +05:30
a native Kubernetes certificate management controller that helps with issuing
certificates. Installing cert-manager on your cluster issues a
2021-04-29 21:17:54 +05:30
[Let's Encrypt](https://letsencrypt.org/) certificate and ensures the
2021-09-04 01:27:46 +05:30
certificates are valid and up-to-date.
2020-06-23 00:09:42 +05:30
2021-09-04 01:27:46 +05:30
If you don't have Kubernetes or Prometheus configured, then
2020-06-23 00:09:42 +05:30
[Auto Review Apps](stages.md#auto-review-apps),
[Auto Deploy](stages.md#auto-deploy), and [Auto Monitoring](stages.md#auto-monitoring)
are skipped.
2021-04-17 20:07:23 +05:30
After all requirements are met, you can [enable Auto DevOps](index.md#enable-or-disable-auto-devops).
2020-06-23 00:09:42 +05:30
2021-09-04 01:27:46 +05:30
## Auto DevOps requirements for bare metal
According to the [Kubernetes Ingress-NGINX docs](https://kubernetes.github.io/ingress-nginx/deploy/baremetal/):
> In traditional cloud environments, where network load balancers are available on-demand,
a single Kubernetes manifest suffices to provide a single point of contact to the NGINX Ingress
controller to external clients and, indirectly, to any application running inside the cluster.
Bare-metal environments lack this commodity, requiring a slightly different setup to offer the
same kind of access to external consumers.
The docs linked above explain the issue and present possible solutions, for example:
- Through [MetalLB](https://github.com/metallb/metallb).
- Through [PorterLB](https://github.com/kubesphere/porterlb).