Trouble with Kubernetes Agent cannot connect to KAS server
Hello! I am trying to integrate gitlab with kubernetes. Used this documentation: https://docs.gitlab.com/ee/user/clusters/agent/install/
I got the following errors :
{"level":"warn","time":"2021-12-28T18:43:08.015Z","msg":"GetConfiguration failed","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab.domainname.com/-/kubernetes-agent/\\\": dial tcp: i/o timeout\""}
{"level":"error","time":"2021-12-28T18:43:08.015Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab.domainname.com/-/kubernetes-agent/\\\": dial tcp: i/o timeout\""}
Network access from nodes to gitlab is available(checked via telnet/curl)
Steps:
- I added to /etc/gitlab/gitlab.rb
gitlab_kas['enable'] = true
after executed: gitlab-ctl reconfigure
- In my project created: .gitlab/agents/agentk/config.yaml
gitops:
manifest_projects:
- id: "kubernetes/monitoring"
paths:
- glob: '/manifests/*.{yaml,yml,json}'
-
Registered a new agent with GitLab(Infrastructure > Kubernetes clusters > Actions > Select an agent > Register an agent) and got the token
-
In K8s executed the below commands:
kubectl create namespace gitlab-kubernetes-agent kubectl create secret generic -n gitlab-kubernetes-agent gitlab-kubernetes-agent-token --from-literal=token='token_from_register_agent'
Created file the resources.yml:
---
apiVersion: v1
kind: Namespace
metadata:
name: gitlab-kubernetes-agent
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-kubernetes-agent
namespace: gitlab-kubernetes-agent
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-kubernetes-agent
namespace: gitlab-kubernetes-agent
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-kubernetes-agent
template:
metadata:
labels:
app: gitlab-kubernetes-agent
spec:
serviceAccountName: gitlab-kubernetes-agent
containers:
- name: agent
# Make sure to specify a matching version for production
image: "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:v14.5.0"
args:
- --token-file=/config/token
- --kas-address
- wss://gitlab.domainname.com/-/kubernetes-agent/
volumeMounts:
- name: token-volume
mountPath: /config
volumes:
- name: token-volume
secret:
secretName: gitlab-kubernetes-agent-token
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gitlab-kubernetes-agent-write
namespace: gitlab-kubernetes-agent
rules:
- resources:
- '*'
apiGroups:
- '*'
verbs:
- create
- update
- delete
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitlab-kubernetes-agent-write-binding
namespace: gitlab-kubernetes-agent
roleRef:
name: gitlab-kubernetes-agent-write
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: gitlab-kubernetes-agent
kind: ServiceAccount
namespace: gitlab-kubernetes-agent
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gitlab-kubernetes-agent-read
namespace: gitlab-kubernetes-agent
rules:
- resources:
- '*'
apiGroups:
- '*'
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitlab-kubernetes-agent-read-binding
namespace: gitlab-kubernetes-agent
roleRef:
name: gitlab-kubernetes-agent-read
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: gitlab-kubernetes-agent
kind: ServiceAccount
namespace: gitlab-kubernetes-agent
executed:
kubectl apply -f ./resources.yml -n gitlab-kubernetes-agent
gitlab version: gitlab-ce-14.5.2-ce.0(Omnibus) k8s version: 1.22.2
I didn't find any errors in the troubleshooting section. What else is worth seeing?
Edited by Ildar Muslimov