环境说明
- Kubernetes Version:
v1.20.4
- Postgres Version:
12.7
- Redis Version:
5.0.9
因在官方提供的 gitlab-ce 镜像中,内置了 Postgres & Redis 的安装,在实际生产使用过程中,想让其连接使用外部统一的服务进行使用,来合理统一的管理,并有效降低对应资源使用率,这里使用 dokcer 非官方镜像: sameersbn/gitlab:13.12.1 进行使用
Postgres & Redis 的安装
postgres & redis 的安装,使用了 oneinstack 一键工具,进行编译安装的管理
1
2
3
4
5
6
7
|
wget http://mirrors.linuxeye.com/oneinstack-full.tar.gz
tar xzf oneinstack-full.tar.gz
cd oneinstack
./install.sh # 交互式选择安装 redis & postgres 数据即可
|
由于 gitlab 中使用了 postgres 中的 扩展组件,这里还需要进行编译安装一下,步骤如下:
1
|
cd /data/scripts/oneinstack/src/postgresql-12.7/contrib/ && make -j8 && make install # 对应目录,按实际境况更改一下
|
未编译安装,创建扩展时报错提示:
postgres 数据库初始化准备
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
su - postgres
psql
CREATE USER gitlab WITH PASSWORD '123456';
CREATE DATABASE gitlab_production OWNER gitlab; # 创建 registry 数据库
ALTER USER gitlab with createdb;
\c gitlab_production # 进入刚才创建的数据库
CREATE EXTENSION pg_trgm;
CREATE EXTENSION btree_gist;
GRANT ALL PRIVILEGES ON DATABASE gitlab_production to gitlab;
GRANT ALL PRIVILEGES ON all tables in schema public TO gitlab;
\l ;
postgres=# \q # 退出;
|
如在安装过程中,想清理重置一下 数据库配置,可执行以下命令:
1
2
3
4
5
6
|
su - postgres
psql
drop database gitlab_production;
drop owned by gitlab;
drop role gitlab;
|
redis 监听地址优化
默认 redis 安装后,且监听在 127.0.0.1 之上,即且本地可使用,这里需要进行更改一下监听地址。
1
|
sed -i "s#bind 127.0.0.1#bind 0.0.0.0#g" # 更改为监听所有,非推荐做法。
|
Gitlab Kubernetes 中的安装
准备好 postgres & redis 并做好了,对应的初始化步骤后,就可以进行在 k8s 中进行安装部署了。下面示例的 部署文件中,包涵了 关联集成 smtp & openLdap,并创建使用 traefik 进行对应页面的暴露使用。
创建部署 namespace
1
|
kubectl create ns gitlab
|
部署 gitlab.yaml 部署文件如下所示
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-pv
spec:
storageClassName: local # Local PV
capacity:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
local:
path: /data/gitlab/data/
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-pvc
namespace: gitlab
spec:
storageClassName: local
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab
labels:
name: gitlab
spec:
selector:
matchLabels:
name: gitlab
template:
metadata:
name: gitlab
labels:
name: gitlab
spec:
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /home/git/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /home/git/data
containers:
- name: gitlab
image: sameersbn/gitlab:13.12.1
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_TIMEZONE
value: Beijing
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_ROOT_PASSWORD
value: treesir123
- name: GITLAB_ROOT_EMAIL
value: amoaloas@gmail.com
- name: GITLAB_HOST
value: gitlab.treesir.pub
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "22"
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: DB_TYPE
value: postgres
- name: DB_HOST
value: 192.168.8.88
- name: DB_PORT
value: '5432'
- name: DB_USER
value: gitlab
- name: DB_PASS
value: "123456"
- name: DB_NAME
value: gitlab_production
- name: REDIS_HOST
value: 192.168.8.88
- name: REDIS_PORT
value: "6379"
- name: SMTP_ENABLED # 配置开启 smtp
value: 'true'
- name: SMTP_DOMAIN
value: mail.163.com
- name: SMTP_HOST
value: smtp.163.com
- name: SMTP_PORT
value: '465'
- name: SMTP_USER
value: xxx@163.com
- name: SMTP_PASS
value: xxx
- name: SMTP_TLS
value: 'true'
- name: LDAP_ENABLED
value: 'true'
- name: LDAP_HOST
value: 192.168.8.1
- name: LDAP_UID
value: uid
- name: LDAP_BIND_DN
value: cn=admin,dc=treesir,dc=pub
- name: LDAP_PASS
value: '123456'
- name: LDAP_ACTIVE_DIRECTORY
value: 'false'
- name: LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN
value: 'false'
- name: LDAP_BASE
value: ou=users,dc=treesir,dc=pub
ports:
- name: http
containerPort: 80
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /home/git/data
name: data
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 60
timeoutSeconds: 1
resources:
limits:
cpu: 4000m
memory: 6144Mi
requests:
cpu: 1000m
memory: 2048Mi
volumes:
- name: data
persistentVolumeClaim:
claimName: gitlab-pvc
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab
labels:
name: gitlab
spec:
ports:
- name: http
port: 80
targetPort: http
- name: ssh
port: 22
targetPort: ssh
selector:
name: gitlab
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitlab
namespace: gitlab
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`gitlab.treesir.pub`)
services:
- name: gitlab
port: 80
|
更加高级扩展功能,请查看此 容器 的环境变量 配置表,注意使用 localPv 进行关联部署的话,请注意一下,在对应的节点中是否有对应的 目录存在。
等待初始化完成
1
|
watch kubectl get po -n gitlab
|
测试使用 ldap 进行使用
参考文档
https://www.treesir.pub/post/ingress-traefik/
https://www.treesir.pub/post/docker-deploy-ldap/
https://www.treesir.pub/post/gitlab-deploy/
https://github.com/sameersbn/docker-gitlab