DEV Community: Aboubacar Doucoure The latest articles on DEV Community by Aboubacar Doucoure (@adoucoure). https://dev.to/adoucoure https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1439662%2Fbac8048e-b311-4edd-8cbb-391f01041244.png DEV Community: Aboubacar Doucoure https://dev.to/adoucoure en How to deploy Sentry on a Kubernetes cluster with an external custom ingress Aboubacar Doucoure Wed, 04 Sep 2024 15:07:36 +0000 https://dev.to/adoucoure/how-to-deploy-sentry-on-a-kubernetes-cluster-with-an-external-custom-ingress-3mmf https://dev.to/adoucoure/how-to-deploy-sentry-on-a-kubernetes-cluster-with-an-external-custom-ingress-3mmf <h2> Context </h2> <p>Sentry can be installed on a Kubernetes cluster with the help of the official Sentry Helm chart. Here's how.</p> <p><em>Sentry is a developer-first error tracking and performance monitoring platform that helps developers see what actually matters, solve quicker, and learn continuously about their applications.</em></p> <h3> Pre-requisites </h3> <ul> <li>A working <strong>Kubernetes</strong> installation</li> <li>A distributed block storage for <strong>Kubernetes</strong> (I am using Longhorn on Rancher)</li> <li>Cert-manager or equivalent</li> <li>Nginx or equivalent</li> <li>A working helm tooling</li> </ul> <h2> Custom ingress </h2> <p>I could not make the included ingress configuration work. Here's a custom ingress that targets the -sentry-web service to the outside world.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">.Release.Name</span><span class="nv"> </span><span class="s">}}-sentry"</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/use-regex</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">sentry.mywebsite.dev</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sentry.mywebsite.dev-tls"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">sentry.mywebsite.dev</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">.Release.Name</span><span class="nv"> </span><span class="s">}}-sentry-web"</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">9000</span> </code></pre> </div> <ul> <li>Add "nginx.ingress.kubernetes.io/use-regex: "true"" as per the official Sentry documentation:</li> </ul> <blockquote> <p>Note: if you are using NGINX Ingress, please set this annotation on your ingress : nginx.ingress.kubernetes.io/use-regex: "true". If you are using** <strong><code>additionalHostNames</code></strong> <strong>the</strong> <strong><code>nginx.ingress.kubernetes.io/upstream-vhost</code>annotation might also come in handy. It sets the</strong> <strong><code>Host</code></strong> **header to the value you provide to avoid CSRF issues.</p> </blockquote> <h2> Install sentry </h2> <p>These are the helm chart values needed to kickstart the sentry installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">kafka</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">user</span><span class="pi">:</span> <span class="na">create</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">email</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">asHook</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">sentry</span><span class="pi">:</span> <span class="na">singleOrganization</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">worker</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="s">2</span> <span class="na">auth</span><span class="pi">:</span> <span class="na">register</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">hooks</span><span class="pi">:</span> <span class="na">activeDeadlineSeconds</span><span class="pi">:</span> <span class="m">6500</span> <span class="na">ingress</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">clickhouse</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">clickhouse</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="na">postgresql</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> Bonus: use sentry in a helm chart </h2> <p>Most of the examples in this tutorial were made for a custom tooling chart that includes sentry. Here's the sentry version and the repository used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">...</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">sentry</span> <span class="s">alias</span><span class="err">:</span> <span class="s">sentry</span> <span class="s">version</span><span class="err">:</span> <span class="s">23.x</span> <span class="s">repository</span><span class="err">:</span> <span class="s">https://sentry-kubernetes.github.io/charts</span> <span class="s">condition</span><span class="err">:</span> <span class="s">sentry.enabled</span> <span class="nn">...</span> </code></pre> </div> <p>Voilà! You have a fully working Sentry installation.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqraplodg77lobupzlyqe.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqraplodg77lobupzlyqe.webp" alt="A capture of the Sentry home screen" width="800" height="752"></a></p> <h3> Consumption </h3> <p>Here's a quick Loki view at how much Sentry consumes of my cluster's resource with no app being monitored.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk8nj2gqj0ebcfyi0qe7x.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk8nj2gqj0ebcfyi0qe7x.webp" width="800" height="124"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6iymn0kax4ckwofffkhz.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6iymn0kax4ckwofffkhz.webp" width="800" height="104"></a></p> <p>I will not provide the exact details of every measurement as the cluster's name is redacted, but as you can see, Sentry taxes a heavy toll on the cluster's resources. At rest it takes up to 13Gb of RAM!</p> <h2> Inspirations and references </h2> <ul> <li><a href="https://raslasarslas.medium.com/how-to-deploy-sentry-on-a-kubernetes-cluster-using-helm-600db31d4486" rel="noopener noreferrer">https://raslasarslas.medium.com/how-to-deploy-sentry-on-a-kubernetes-cluster-using-helm-600db31d4486</a></li> </ul> Use minio as an external object storage with Gitlab Aboubacar Doucoure Wed, 04 Sep 2024 04:32:20 +0000 https://dev.to/adoucoure/use-minio-as-an-external-object-storage-with-gitlab-foi https://dev.to/adoucoure/use-minio-as-an-external-object-storage-with-gitlab-foi <h2> Context </h2> <p>Gitlab can be installed on a Kubernetes cluster with the help of the <a href="https://docs.gitlab.com/charts/" rel="noopener noreferrer">official Gitlab Helm chart</a>. Here I install it on a Rancher managed Kubernetes cluster with the usual griefs that come with the installation of such a behemoth: optimizing resources, picking the right subchart to install and how to install it. The installation is notoriously tedious given the substantial amount of subcharts and options, not counting the optimization needed to fit it in a resource-constrained cluster. Everything was working fine until we had a cluster issue with nodes crashing and I had to reinstall Gitlab from the custom chart I created. The installation only kept the gitaly, postgresql and redis PVCs, and to my devopsy sorrow, the minio storage was gone. There is no way around it, minio has to be installed seprately for a production ready self managed Gitlab. Here's how.</p> <h3> Pre-requisites </h3> <ul> <li>A working <strong>Kubernetes</strong> installation and a distributed block storage for <strong>Kubernetes</strong> (I am using Longhorn on Rancher)</li> <li>A working helm tooling</li> <li>Needles to say, a sufficiently provisioned cluster with preferably a backup and restoration routine</li> </ul> <h2> Install a minio chart </h2> <p>We'll use a Bitnami chart to install a standalone Minio instance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">minio-external</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">standalone</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">size</span><span class="pi">:</span> <span class="s">10Gi</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">helm.sh/resource-policy</span><span class="pi">:</span> <span class="s">keep</span> <span class="na">auth</span><span class="pi">:</span> <span class="na">rootUser</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">rootPassword</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">provisioning</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">users</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">username</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">disabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">readwrite</span> <span class="pi">-</span> <span class="s">consoleAdmin</span> <span class="pi">-</span> <span class="s">diagnostics</span> <span class="na">setPolicies</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">accessKey</span><span class="pi">:</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="na">secretKey</span><span class="pi">:</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;REDACTED&gt;</span> <span class="c1"># volumePermissions:</span> <span class="c1"># enabled: true</span> <span class="na">defaultBuckets</span><span class="pi">:</span> <span class="s">default,gitlab-registry-storage,gitlab-lfs,gitlab-artifacts,gitlab-uploads,gitlab-packages,gitlab-mr-diffs,gitlab-terraform-state,gitlab-ci-secure-files,gitlab-dependency-proxy,gitlab-pages</span> </code></pre> </div> <p>Use this configuration to kickstart a Minio instance with the buckets needed by Gitlab (defaultBuckets). These buckets are needed by different services of Gitlab and they will be mentionned in appConfig later.</p> <p>The default minio values for this helm chart are available [here](# <a href="https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml" rel="noopener noreferrer">charts/bitnami/minio/values.yaml at main · bitnami/charts · GitHub</a>).</p> <h2> Disable managed minio </h2> <p>Since we are using an external Minio instance we do not need the Gitlab managed one anymore. In your Gitlab values file disable minio:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="s">...</span> <span class="s">minio</span><span class="err">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <blockquote> <p>⚠️ This will delete your Gitlab Minio instance and all its data. Please proceed with caution. Consider backuping your data and migrating it afterwards using your tool of choice. I would use <a href="https://github.com/minio/mc" rel="noopener noreferrer">minio command line</a>.</p> </blockquote> <h2> Create a secret </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Secret</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gitlab-object-storage</span> <span class="na">stringData</span><span class="pi">:</span> <span class="na">connection</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">provider: AWS</span> <span class="s">region: us-east-1</span> <span class="s">aws_access_key_id: &lt;REDACTED&gt;</span> <span class="s">aws_secret_access_key: &lt;REDACTED&gt;</span> <span class="s">endpoint: "gitlab-minio-external:9000" </span> </code></pre> </div> <h2> Connect Gitlab to the new Minio instance </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">global</span><span class="pi">:</span> <span class="na">registry</span><span class="pi">:</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-registry-storage</span> <span class="na">appConfig</span><span class="pi">:</span> <span class="s">...</span> <span class="s">object_store</span><span class="err">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">storage_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="c1"># server_side_encryption:</span> <span class="c1"># server_side_encryption_kms_key_id</span> <span class="na">connection</span><span class="pi">:</span> <span class="na">secret</span><span class="pi">:</span> <span class="s">gitlab-object-storage</span> <span class="na">key</span><span class="pi">:</span> <span class="s">connection</span> <span class="na">lfs</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-lfs</span> <span class="na">artifacts</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-artifacts</span> <span class="na">uploads</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-uploads</span> <span class="na">packages</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-packages</span> <span class="na">externalDiffs</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">when</span><span class="pi">:</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-mr-diffs</span> <span class="na">terraformState</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-terraform-state</span> <span class="na">ciSecureFiles</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">        bucket</span><span class="pi">:</span> <span class="s">gitlab-ci-secure-files</span> <span class="s"># connection</span><span class="err">:</span> <span class="c1"># secret: gitlab-object-storage</span> <span class="na">dependencyProxy</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-dependency-proxy</span> <span class="na">pages</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">proxy_download</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">gitlab-pages</span> </code></pre> </div> <p>Launch your gitlab installation and it should work.</p> <p>Voilà!</p> <h2> Inspirations and references </h2> <ul> <li><a href="https://docs.gitlab.com/charts/advanced/external-object-storage/" rel="noopener noreferrer">https://docs.gitlab.com/charts/advanced/external-object-storage/</a></li> <li><a href="https://docs.gitlab.com/charts/advanced/external-object-storage/" rel="noopener noreferrer">https://docs.gitlab.com/charts/advanced/external-object-storage/</a></li> <li><a href="https://docs-bigbang.dso.mil/latest/packages/gitlab/docs/operational-production-settings/" rel="noopener noreferrer">https://docs-bigbang.dso.mil/latest/packages/gitlab/docs/operational-production-settings/</a></li> <li><a href="https://gitlab.com/gitlab-org/charts/gitlab/-/issues/1039" rel="noopener noreferrer">https://gitlab.com/gitlab-org/charts/gitlab/-/issues/1039</a></li> <li><a href="https://www.aidoos.com/kb/devops-gitlab-configure-minio-with-the/" rel="noopener noreferrer">https://www.aidoos.com/kb/devops-gitlab-configure-minio-with-the/</a></li> <li>Connection secret <a href="https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/charts/globals.md#connection" rel="noopener noreferrer">https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/charts/globals.md#connection</a> </li> <li><a href="https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/objectstorage/registry.minio.yaml" rel="noopener noreferrer">https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/objectstorage/registry.minio.yaml</a></li> <li><a href="https://gitlab.com/gitlab-org/charts/gitlab/blob/master/examples/values-external-objectstorage.yaml" rel="noopener noreferrer"><strong>https://gitlab.com/gitlab-org/charts/gitlab/blob/master/examples/values-external-objectstorage.yaml</strong></a></li> <li><a href="https://forum.gitlab.com/t/user-uploads-to-s3-buckets-are-invalid/69054/4" rel="noopener noreferrer">https://forum.gitlab.com/t/user-uploads-to-s3-buckets-are-invalid/69054/4</a></li> <li><a href="https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4003" rel="noopener noreferrer">https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4003</a></li> </ul>