gitlab组件图
gitlab在k8s上占用资源
# kubectl top pods -n default | grep git* gitlab-gitaly-0 9m 444Mi gitlab-gitlab-exporter-59c6bdb69c-gz9nf 5m 36Mi gitlab-gitlab-shell-547cc48d99-kmrbp 10m 21Mi gitlab-gitlab-shell-547cc48d99-szg74 8m 25Mi gitlab-minio-5746f7f7c7-tdff5 0m 47Mi gitlab-prometheus-server-7d8bcf896d-vm5kq 14m 650Mi gitlab-redis-cd6b45457-2s4cg 9m 17Mi gitlab-registry-6c5df4646f-mbdkr 0m 15Mi gitlab-registry-6c5df4646f-mqkxl 0m 31Mi gitlab-sidekiq-all-in-1-576d89544d-8swmw 28m 967Mi gitlab-unicorn-68f8f8d8d9-6clpv 8m 1510Mi gitlab-unicorn-68f8f8d8d9-xbt8j 10m 1522Mi gitlab组件简介
对比kubectl top pods -n default | grep git* 输出
- gitlab-gitaly:Gitaly是一项由GitLab设计的服务,旨在消除在GitLab的分布式部署(请考虑GitLab.com或高可用性部署)中对Git存储使用NFS的需求。从11.3.0开始,此服务处理GitLab中的所有Git级别访问。
- gitlab-gitlab-exporter:GitLab Exporter是一个内部设计的流程,允许我们将有关GitLab应用程序内部的度量导出到Prometheus。可以在项目的README中阅读更多内容。
- gitlab-gitlab-shell:GitLab Shell是GitLab设计的程序,用于处理基于SSH的
git会话,并修改授权密钥的列表。GitLab Shell不是Unix Shell,也不是Bash或Zsh的替代品。 - gitlab-minio:MinIO是根据Apache License v2.0发布的对象存储服务器。它与Amazon S3云存储服务兼容。它最适合存储非结构化数据,例如照片,视频,日志文件,备份和容器/ VM映像。一个对象的大小范围可以从几个KB到最大5TB。
- gitlab-prometheus-server:Prometheus是一个时序工具,可帮助GitLab管理员公开有关用于向GitLab提供服务的各个流程的指标。
- gitlab-redis:键值存储/非持久数据库。
- gitlab-registry:gitlab自带镜像仓库
- gitlab-sidekiq:Sidekiq是Ruby后台作业处理器,可从Redis队列中提取作业并进行处理。后台作业使GitLab通过将工作移至后台来提供更快的请求/响应周期。
- gitlab-unicorn:Unicorn是一个Ruby应用程序服务器,用于运行核心的Rails应用程序,该应用程序在GitLab中提供面向用户的功能。通常,过程输出,你会认为这
bundle还是config.ru取决于GitLab版本。
疑问点
目的
对在k8s上部署的gitlab进行内存优化
思路:
\1. 寻找限制内存的方法((1)gitlab自身的资源限制策略【最好】,k8s做资源限制【最差】)
2.删除非必要的应用程序(如删除prometheus【后期会把gitlab迁移到裸机并且对这个集群系统做监控】)。
策略
尝试关闭prometheus组件,看是否对gitlab有影响
查看与gitlab-prometheus有关的资源清单
# kubectl get svc,pod,ingress,deployment | grep prom发现没有prometheus的ingress,这说明没有走ingress-nginx代理,也能说明没有人曾访问过!!!
导出gitlab_prometheus_deployment.yaml
# kubectl get deployment gitlab-prometheus-server -o yaml > gitlab_prometheus_deployment.yaml# cat gitlab_prometheus_deployment.yaml apiVersion: extensions/v1beta1kind: Deploymentmetadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2019-10-21T04:14:50Z" generation: 1 labels: app: prometheus chart: prometheus-5.5.3 component: server heritage: Tiller release: gitlab name: gitlab-prometheus-server namespace: default resourceVersion: "1438304832" selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/gitlab-prometheus-server uid: 5360e3bf-f3b9-11e9-800a-8ad2fc7e2fa8spec: progressDeadlineSeconds: 2147483647 replicas: 1 revisionHistoryLimit: 2147483647 selector: matchLabels: app: prometheus component: server release: gitlab strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: creationTimestamp: null labels: app: prometheus component: server release: gitlab spec: containers: - args: - --volume-dir=/etc/config - --webhook-url=http://localhost:9090/-/reload image: jimmidyson/configmap-reload:v0.1 imagePullPolicy: IfNotPresent name: prometheus-server-configmap-reload resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/config name: config-volume readOnly: true - args: - --storage.tsdb.retention=15d - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data - --web.console.libraries=/etc/prometheus/console_libraries - --web.console.templates=/etc/prometheus/consoles - --web.enable-lifecycle image: prom/prometheus:v2.2.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /-/healthy port: 9090 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 30 name: prometheus-server ports: - containerPort: 9090 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/ready port: 9090 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 30 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/config name: config-volume - mountPath: /data name: storage-volume dnsPolicy: ClusterFirst initContainers: - command: - chown - -R - 65534:65534 - /data image: busybox:latest imagePullPolicy: IfNotPresent name: init-chown-data resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /data name: storage-volume restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: gitlab-prometheus-server serviceAccountName: gitlab-prometheus-server terminationGracePeriodSeconds: 300 volumes: - configMap: defaultMode: 420 name: gitlab-prometheus-server name: config-volume - name: storage-volume persistentVolumeClaim: claimName: gitlab-prometheus-server导出gitlab_prometheus_svc.yaml
# kubectl get svc gitlab-prometheus-server -o yaml > gitlab_prometheus_svc.yaml# cat gitlab_prometheus_svc.yaml apiVersion: v1kind: Servicemetadata: creationTimestamp: "2019-10-21T04:14:50Z" labels: app: prometheus chart: prometheus-5.5.3 component: server heritage: Tiller release: gitlab name: gitlab-prometheus-server namespace: default resourceVersion: "144804734" selfLink: /api/v1/namespaces/default/services/gitlab-prometheus-server uid: 535378f3-f3b9-11e9-800a-8ad2fc7e2fa8spec: clusterIP: 192.168.247.105 ports: - name: http port: 80 protocol: TCP targetPort: 9090 selector: app: prometheus component: server release: gitlab sessionAffinity: None type: ClusterIP大胆删除deployment和svc,能有啥事?
# kubectl delete -f手动测试,似乎没得啥问题。
导出gitlab_exporter_deployment.yaml
# kubectl get deployment gitlab-gitlab-exporter -o yaml > gitlab_exporter_deployment.yaml# cat gitlab_exporter_deployment.yaml apiVersion: extensions/v1beta1kind: Deploymentmetadata: annotations: deployment.kubernetes.io/revision: "2" creationTimestamp: "2019-10-21T04:14:50Z" generation: 2 labels: app: gitlab-exporter chart: gitlab-exporter-2.4.6 heritage: Tiller release: gitlab name: gitlab-gitlab-exporter namespace: default resourceVersion: "1399100783" selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/gitlab-gitlab-exporter uid: 5358e5e4-f3b9-11e9-800a-8ad2fc7e2fa8spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: gitlab-exporter release: gitlab strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/config: 158ed2dba0a2fbaa0d3fda906d70cf0eb7a80650e8f01d3046aa9a6fa0bba59a prometheus.io/path: /metrics prometheus.io/port: "9168" prometheus.io/scrape: "true" creationTimestamp: null labels: app: gitlab-exporter release: gitlab spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app: gitlab-exporter release: gitlab topologyKey: kubernetes.io/hostname weight: 1 containers: - env: - name: CONFIG_TEMPLATE_DIRECTORY value: /var/opt/gitlab-exporter/templates - name: CONFIG_DIRECTORY value: /etc/gitlab-exporter image: registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:5.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /bin/bash - -c - pkill -f 'gitlab-exporter' livenessProbe: exec: command: - pgrep - -f - gitlab-exporter failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: gitlab-exporter ports: - containerPort: 9168 name: gitlab-exporter protocol: TCP readinessProbe: exec: command: - pgrep - -f - gitlab-exporter failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 50m memory: 100M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/opt/gitlab-exporter/templates/gitlab-exporter.yml.erb name: gitlab-exporter-config subPath: gitlab-exporter.yml.erb - mountPath: /etc/gitlab name: gitlab-exporter-secrets readOnly: true - mountPath: /etc/ssl/certs/ name: etc-ssl-certs readOnly: true dnsPolicy: ClusterFirst initContainers: - image: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20171114-r3 imagePullPolicy: IfNotPresent name: certificates resources: requests: cpu: 50m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs name: etc-ssl-certs - command: - sh - /config/configure image: busybox:latest imagePullPolicy: Always name: configure resources: requests: cpu: 50m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config name: gitlab-exporter-config readOnly: true - mountPath: /init-config name: init-gitlab-exporter-secrets readOnly: true - mountPath: /init-secrets name: gitlab-exporter-secrets restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000 runAsUser: 1000 terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: gitlab-gitlab-exporter name: gitlab-exporter-config - name: init-gitlab-exporter-secrets projected: defaultMode: 256 sources: - secret: items: - key: postgres-password path: postgres/psql-password name: gitlab-postgresql-password - secret: items: - key: secret path: redis/password name: gitlab-redis-secret - emptyDir: medium: Memory name: gitlab-exporter-secrets - emptyDir: medium: Memory name: etc-ssl-certs资源清单好长,有点不想看 emmmmm 还是分析一波吧
看过后,删除exporter的资源清单
# kubectl delete -f gitlab_exporter_deployment.yaml deployment.extensions "gitlab-gitlab-exporter" deleted导出gitlab-exporter的svc资源清单
# kubectl get svc gitlab-gitlab-exporter -o yaml > gitlab_exporter_svc.yaml[root@mobanji gitlab]# cat gitlab_exporter_svc.yaml apiVersion: v1kind: Servicemetadata: creationTimestamp: "2019-10-21T04:14:50Z" labels: app: gitlab-exporter chart: gitlab-exporter-2.4.6 heritage: Tiller release: gitlab name: gitlab-gitlab-exporter namespace: default resourceVersion: "219393250" selfLink: /api/v1/namespaces/default/services/gitlab-gitlab-exporter uid: 534c0460-f3b9-11e9-800a-8ad2fc7e2fa8spec: clusterIP: 192.168.180.175 ports: - name: gitlab-exporter port: 9168 protocol: TCP targetPort: 9168 selector: app: gitlab-exporter release: gitlab sessionAffinity: None type: ClusterIP分析一下,没发现重要信息,也删了吧
# kubectl delete -f gitlab_exporter_svc.yaml service "gitlab-gitlab-exporter" deleted至此,与prometheus有关的资源被从kubernetes上删除。
测试验证。1. 手动刷新gitlab界面看有问题没 2. 使用gitlab发布一个临时项目看有问题没。
经过验证暂时没的问题
限制gitlab unicorn内存使用
目前gitlab在k8s上的资源占用情况
# kubectl top pods | grep gitlabgitlab-gitaly-0 9m 366Mi gitlab-gitlab-shell-547cc48d99-kmrbp 18m 19Mi gitlab-gitlab-shell-547cc48d99-szg74 15m 17Mi gitlab-minio-5746f7f7c7-tdff5 0m 41Mi gitlab-redis-cd6b45457-2s4cg 9m 14Mi gitlab-registry-6c5df4646f-mbdkr 0m 31Mi gitlab-registry-6c5df4646f-mqkxl 0m 40Mi gitlab-sidekiq-all-in-1-576d89544d-8swmw 28m 967Mi gitlab-unicorn-68f8f8d8d9-6clpv 7m 1514Mi gitlab-unicorn-68f8f8d8d9-xbt8j 8m 1526Mi可以看出 目前占用资源最高的是unicorn组件。Unicorn]是一个Ruby应用程序服务器,用于运行核心的Rails应用程序,该应用程序在GitLab中提供面向用户的功能。通常,过程输出,你会认为这bundle还是config.ru取决于GitLab版本。
通过官网可以看出,这组件属于核心组件。貌似还不能动。还是先导出deployment,然后根据资源清单进行判断吧
# kubectl get deployment gitlab-unicorn -o yaml > gitlab_unicorn_deployment.yaml# cat gitlab_unicorn_deployment.yaml apiVersion: extensions/v1beta1kind: Deploymentmetadata: annotations: deployment.kubernetes.io/revision: "2" creationTimestamp: "2019-10-21T04:14:50Z" generation: 16 labels: app: unicorn chart: unicorn-2.4.6 heritage: Tiller release: gitlab name: gitlab-unicorn namespace: default resourceVersion: "1359934803" selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/gitlab-unicorn uid: 535e0ed5-f3b9-11e9-800a-8ad2fc7e2fa8spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app: unicorn release: gitlab strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/config: 2d845854ae56029b9ee0a30ca793e5c0f74c3d708329ba605bbdc36000023517 cluster-autoscaler.kubernetes.io/safe-to-evict: "true" prometheus.io/path: /-/metrics prometheus.io/port: "8080" prometheus.io/scrape: "true" creationTimestamp: null labels: app: unicorn release: gitlab spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app: unicorn release: gitlab topologyKey: kubernetes.io/hostname weight: 1 containers: - env: - name: TMPDIR value: /tmp/gitlab - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: /var/opt/gitlab/templates - name: CONFIG_DIRECTORY value: /srv/gitlab/config - name: prometheus_multiproc_dir value: /metrics image: registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ee:v12.4.2 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /bin/bash - -c - pkill -SIGQUIT -f 'unicorn master' livenessProbe: exec: command: - /scripts/healthcheck failureThreshold: 3 initialDelaySeconds: 20 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 30 name: unicorn ports: - containerPort: 8080 name: unicorn protocol: TCP readinessProbe: exec: command: - /scripts/healthcheck failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 resources: requests: cpu: 300m memory: 1200M #有requests,没有limits。只做最低保障,不做硬限制。还不能贸然做limits限制 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /metrics name: unicorn-metrics - mountPath: /var/opt/gitlab/templates name: unicorn-config - mountPath: /etc/gitlab name: unicorn-secrets readOnly: true - mountPath: /srv/gitlab/config/secrets.yml name: unicorn-secrets subPath: rails-secrets/secrets.yml - mountPath: /srv/gitlab/config/initializers/smtp_settings.rb name: unicorn-config subPath: smtp_settings.rb - mountPath: /srv/gitlab/INSTALLATION_TYPE name: unicorn-config subPath: installation_type - mountPath: /srv/gitlab/public/uploads/tmp name: shared-upload-directory - mountPath: /srv/gitlab/shared name: shared-artifact-directory - mountPath: /tmp name: shared-tmp - mountPath: /etc/ssl/certs/ name: etc-ssl-certs readOnly: true - env: - name: TMPDIR value: /tmp/gitlab - name: GITLAB_WORKHORSE_EXTRA_ARGS - name: GITLAB_WORKHORSE_LISTEN_PORT value: "8181" - name: CONFIG_TEMPLATE_DIRECTORY value: /var/opt/gitlab/templates - name: CONFIG_DIRECTORY value: /srv/gitlab/config image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v12.4.2 imagePullPolicy: IfNotPresent livenessProbe: exec: command: - /scripts/healthcheck failureThreshold: 3 initialDelaySeconds: 20 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 30 name: gitlab-workhorse ports: - containerPort: 8181 name: workhorse protocol: TCP readinessProbe: exec: command: - /scripts/healthcheck failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 resources: requests: cpu: 100m memory: 100M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/opt/gitlab/templates name: workhorse-config - mountPath: /etc/gitlab name: workhorse-secrets readOnly: true - mountPath: /srv/gitlab/public/uploads/tmp name: shared-upload-directory - mountPath: /srv/gitlab/shared name: shared-artifact-directory - mountPath: /tmp name: shared-tmp - mountPath: /etc/ssl/certs/ name: etc-ssl-certs readOnly: true dnsPolicy: ClusterFirst initContainers: - image: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20171114-r3 imagePullPolicy: IfNotPresent name: certificates resources: requests: cpu: 50m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs name: etc-ssl-certs - args: - -c - sh -x /config-unicorn/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab command: - sh image: busybox:latest imagePullPolicy: Always name: configure resources: requests: cpu: 50m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config-unicorn name: unicorn-config readOnly: true - mountPath: /config-workhorse name: workhorse-config readOnly: true - mountPath: /init-config name: init-unicorn-secrets readOnly: true - mountPath: /init-secrets name: unicorn-secrets - mountPath: /init-secrets-workhorse name: workhorse-secrets - mountPath: /tmp name: shared-tmp - args: - /scripts/wait-for-deps env: - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: /var/opt/gitlab/templates - name: CONFIG_DIRECTORY value: /srv/gitlab/config - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "1" image: registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ee:v12.4.2 imagePullPolicy: IfNotPresent name: dependencies resources: requests: cpu: 50m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/opt/gitlab/templates name: unicorn-config - mountPath: /etc/gitlab name: unicorn-secrets readOnly: true restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000 runAsUser: 1000 terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: shared-tmp - emptyDir: medium: Memory name: unicorn-metrics - configMap: defaultMode: 420 name: gitlab-unicorn name: unicorn-config - configMap: defaultMode: 420 name: gitlab-workhorse-config name: workhorse-config - name: init-unicorn-secrets projected: defaultMode: 256 sources: - secret: items: - key: secrets.yml path: rails-secrets/secrets.yml name: gitlab-rails-secret - secret: items: - key: secret path: shell/.gitlab_shell_secret name: gitlab-gitlab-shell-secret - secret: items: - key: token path: gitaly/gitaly_token name: gitlab-gitaly-secret - secret: items: - key: secret path: redis/password name: gitlab-redis-secret - secret: items: - key: postgres-password path: postgres/psql-password name: gitlab-postgresql-password - secret: items: - key: registry-auth.key path: registry/gitlab-registry.key name: gitlab-registry-secret - secret: items: - key: shared_secret path: gitlab-workhorse/secret name: gitlab-gitlab-workhorse-secret - secret: items: - key: accesskey path: minio/accesskey - key: secretkey path: minio/secretkey name: gitlab-minio-secret - secret: items: - key: password path: smtp/smtp-password name: smtp-password - emptyDir: medium: Memory name: unicorn-secrets - emptyDir: medium: Memory name: workhorse-secrets - emptyDir: {} name: shared-upload-directory - emptyDir: {} name: shared-artifact-directory - emptyDir: medium: Memory name: etc-ssl-certs得了,分析了一波还是决定不动了,优化1G也算优化吧
优化:在k8s上部署的gitlab亿恩、 兰亭集势、 prime day、 Lazada双12半天销售额超去年300% !、 疫情"黑天鹅"下的跨境卖家如何生存,带您剖析"危"与"机"、 速卖通标题怎么写,97%的卖家都做错了、 珠海拓展训练培训基地、 珠海拓展训练培训基地、 珠海拓展训练培训基地、
没有评论:
发表评论