以前部署的gitlab是在单机的ECS上,来回升级比较麻烦,而且目前的工作环境已经全部使用了kubernetes,所以就想着把gitlab也迁移到kubernetes中,在网上找了很多资料,还有看了一下官网的安装方法,始终在数据持久化和ldap以及email的配置问题上遇到问题,这里记录一下,方便以后使用:
数据持久化
我需要在nfs共享目录创建三个目录,redis、data、postgresql分别给redis,gitlab,postgresql做持久化
[wolf@wulaoer.org🔥🔥🔥🔥 ~]# cd /apps/work/server/k8s/devops
[wolf@wulaoer.org🔥🔥🔥🔥 ~]# mkdir {data,postgresql,redis}
创建redis服务
这里创建redis服务,后面的挂载点挂载到nfs的redis目录里,给文件命名gitlab-redis.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: wulaoer-devops-system
labels:
name: redis
spec:
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
name: redis
labels:
name: redis
spec:
containers:
- name: redis
image: sameersbn/redis:latest
imagePullPolicy: IfNotPresent
ports:
- name: redis
containerPort: 6379
volumeMounts:
- mountPath: /var/lib/redis
name: data
livenessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
nfs:
server: 10.18.248.154
path: /apps/work/server/k8s/devops/redis
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: wulaoer-devops-system
labels:
name: redis
spec:
ports:
- name: redis
port: 6379
targetPort: redis
selector:
name: redis
创建postgresql
同样在postgresql的yaml文件中配置postgresql的数据挂载点,方便数据持久化。
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
namespace: wulaoer-devops-system
labels:
name: postgresql
spec:
replicas: 1
selector:
matchLabels:
name: postgresql
template:
metadata:
name: postgresql
labels:
name: postgresql
spec:
containers:
- name: postgresql
image: sameersbn/postgresql:12-20200524
imagePullPolicy: IfNotPresent
env:
- name: DB_USER
value: gitlab
- name: DB_PASS
value: passw0rd
- name: DB_NAME
value: gitlab_production
- name: DB_EXTENSION
value: pg_trgm,btree_gist
ports:
- name: postgres
containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql
name: data
livenessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- postgres
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- postgres
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
nfs:
server: 10.18.248.154
path: /apps/work/server/k8s/devops/postgresql
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
namespace: wulaoer-devops-system
labels:
name: postgresql
spec:
ports:
- name: postgres
port: 5432
targetPort: postgres
selector:
name: postgresql
创建gitlab
因为创建gitlab和其他的不一样,我们不但要创建,而且需要修改配置文件,所以如果在创建之后修改配置文件重启就会失效,所以需要在yaml文件中定义变量的方式,把配置信息植入到服务中。
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: wulaoer-devops-system
labels:
name: gitlab
spec:
replicas: 1
selector:
matchLabels:
name: gitlab
template:
metadata:
name: gitlab
labels:
name: gitlab
spec:
containers:
- name: gitlab
image: sameersbn/gitlab:14.0.1
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_TIMEZONE
value: Beijing
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_ROOT_PASSWORD
value: wulaoer
- name: GITLAB_ROOT_EMAIL
value: wulaoer@wulaoer.org
- name: GITLAB_HOST
value: 0.0.0.0:30004
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "22"
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: DB_TYPE
value: postgres
- name: DB_HOST
value: postgresql
- name: DB_PORT
value: "5432"
- name: DB_USER
value: gitlab
- name: DB_PASS
value: passw0rd
- name: DB_NAME
value: gitlab_production
- name: REDIS_HOST
value: redis
- name: REDIS_PORT
value: "6379"
- name: LDAP_ENABLED
value: "true"
- name: LDAP_LABEL
value: "LDAP"
- name: LDAP_HOST
value: "10.123.6.237"
- name: LDAP_PORT
value: "389"
- name: LDAP_UID
value: "uid"
- name: LDAP_BIND_DN
value: "cn=admin,dc=wulaoer,dc=org"
- name: LDAP_PASS
value: "**********"
- name: LDAP_ACTIVE_DIRECTORY
value: "false"
- name: LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN
value: "true"
- name: LDAP_BASE
value: "ou=Users,dc=wulaoer,dc=org"
# - name: LDAP_USER_FILTER
# value: ''
- name: LDAP_USER_ATTRIBUTE_USERNAME
value: "['uid', 'userid', 'sAMAccountName']"
- name: LDAP_USER_ATTRIBUTE_MAIL
value: "['mail', 'email', 'userPrincipalName']"
- name: LDAP_USER_ATTRIBUTE_NAME
value: 'cn'
- name: LDAP_USER_ATTRIBUTE_FIRSTNAME
value: 'givenName'
- name: LDAP_USER_ATTRIBUTE_LASTNAME
value: 'sn'
- name: GITLAB_TIMEZONE
value: 'Asia/Shanghai'
- name: SMTP_ENABLED
value: "true"
- name: SMTP_DOMAIN
value: "www.wulaoer.org"
- name: SMTP_PORT
value: "80"
- name: SMTP_HOST
value: "smtp.mxhichina.com"
- name: SMTP_USER
value: "git@wulaoer.org"
- name: SMTP_PASS
value: "*******"
- name: SMTP_AUTHENTICATION
value: "login"
ports:
- name: http
containerPort: 80
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /home/git/data
name: data
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 180
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
nfs:
server: 10.18.248.154
path: /apps/work/server/k8s/devops/data
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: wulaoer-devops-system
labels:
name: gitlab
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: http
nodePort: 30004
- name: ssh
port: 22
targetPort: ssh
selector:
name: gitlab
这里注意,redis和postgresql的变量信息如果修改,要和原配置信息一致,否则会无法连接的问题。更多配置信息可以参考:https://github.com/sameersbn/docker-gitlab#monitoring 服务已经配置好了,给服务配置一个ingress,方便通过域名访问。
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: ops-gitlab-ingress
namespace: wulaoer-devops-system
annotations:
kubesphere.io/creator: admin
spec:
tls:
- hosts:
- ops-git.wulaoer.org
secretName: wulaoer-ssl
rules:
- host: ops-git.wulaoer.org
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: gitlab
port:
number: 80
所有服务已经启动成功了,访问一下。如果想通过域名实现22端口的通信,需要在slb上增加一个22端口,然后把端口指向gitlab服务即可。
ldap已经配置好了,我这里是因为上次实现的时候把注册关闭了,如果不关闭注册功能应该现实三栏。而且针对gitlab的升级也写的挺好的,如果备份可以参考:https://www.wulaoer.org/?p=2370
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏