Skip to content

Latest commit

 

History

History
100 lines (70 loc) · 3.57 KB

configure_elastic_profile.md

File metadata and controls

100 lines (70 loc) · 3.57 KB
Raw

Kubernetes Elastic Agent plugin for GoCD

Create an Elastic Agent Profile

  1. Login to GoCD server as admin and navigate to Admin > Elastic Agent Configurations.

    Elastic Profiles

  2. Click on + Elastic Agent Profile to create new elastic agent profile for a cluster.

    1. Specify a name for the elastic agent profile.

    2. Configure Kubernetes GoCD elastic agent pod configuration using one of three ways below:

      • Option 1: Config Properties

        1. Specify GoCD elastic agent docker image name.
        2. Specify Maximum Memory limit. Container memory will be limited to the value specified here.
        3. Specify Maximum CPU limit. Container memory will be limited to the value specified here.
        4. Optionally specify Environment Variables. These variables are passed to the container for use.

        Create elastic profile using config properties

      • Option 2: Pod Configuration

        1. Specify GoCD elastic agent Pod Yaml configuration. Don't forget to use {{ POD_POSTFIX }} and {{ CONTAINER_POSTFIX }} placeholders, so that pod and container names are unique.

        Create elastic profile using pod configuration

      • Option 3: Remote File

        1. Load the pod configuration from a remote file location and choose the type (json or yaml).

        Create elastic profile using remote file configuration

    3. Save your profile.

Configuring SSH keys for Kubernetes Elastic Agents

For accessing repositories over SSH, you need to add SSH keys to the elastic agent pod spec. Generate a new keypair, fetch the host key for the [host] you want to connect to and create the secret. The secret is structured to hold the entire contents of the .ssh folder on the GoCD agent.

Note: The steps provided below are for the official GoCD agent images listed on DockerHub.

Create a Kubernetes secret
$ ssh-keygen -t rsa -b 4096 -C "user@example.com" -f gocd-agent-ssh -P ''
$ ssh-keyscan [host] > gocd_known_hosts
$ kubectl create secret generic gocd-agent-ssh \
    --from-file=id_rsa=gocd-agent-ssh \
    --from-file=id_rsa.pub=gocd-agent-ssh.pub \
    --from-file=known_hosts=gocd_known_hosts

Be sure to add the contents of gocd-agent-ssh.pub to your [host].

In the pod spec, specify the volumes section if not present and include the contents specified below:

volumes:
  - name: ssh-secrets
    secret:
      defaultMode: 420
      secretName: gocd-agent-ssh

In the container spec, specify the volumeMounts section if not present and include the contents specified below:

volumeMounts:
  - name: ssh-secrets
    readOnly: true
    mountPath: /home/go/.ssh

Pull image from private registry

To pull images from a private registry, you usually need some secrets set up.

Create a Kubernetes secret
kubectl create secret docker-registry \
	my-docker-registry \
	--namespace gocd \
	--docker-server=<docker_server_url> \
	--docker-username=<username> \
	--docker-password=<password> \
	--docker-email=<email>
Configure pod yaml

In the pod spec, specify the imagePullSecrets section:

imagePullSecrets:
  - name: my-docker-registry