- 博客/
在 Kubernetes 中使用 localPv 部署 Gitlab
作者
Johny
熟练的 云原生搬砖师
Table of Contents
环境说明#
- Kubernetes Version:
v1.20.4 - Postgres Version:
12.7 - Redis Version:
5.0.9
因在官方提供的
gitlab-ce镜像中,内置了 Postgres & Redis 的安装,在实际生产使用过程中,想让其连接使用外部统一的服务进行使用,来合理统一的管理,并有效降低对应资源使用率,这里使用 dokcer 非官方镜像:sameersbn/gitlab:13.12.1进行使用
Postgres & Redis 的安装#
postgres & redis 的安装,使用了
oneinstack一键工具,进行编译安装的管理
wget http://mirrors.linuxeye.com/oneinstack-full.tar.gz
tar xzf oneinstack-full.tar.gz
cd oneinstack
./install.sh # 交互式选择安装 redis & postgres 数据即可
由于 gitlab 中使用了 postgres 中的 扩展组件,这里还需要进行编译安装一下,步骤如下:
cd /data/scripts/oneinstack/src/postgresql-12.7/contrib/ && make -j8 && make install # 对应目录,按实际境况更改一下
未编译安装,创建扩展时报错提示:
postgres 数据库初始化准备#
su - postgres
psql
CREATE USER gitlab WITH PASSWORD '123456';
CREATE DATABASE gitlab_production OWNER gitlab; # 创建 registry 数据库
ALTER USER gitlab with createdb;
\c gitlab_production # 进入刚才创建的数据库
CREATE EXTENSION pg_trgm;
CREATE EXTENSION btree_gist;
GRANT ALL PRIVILEGES ON DATABASE gitlab_production to gitlab;
GRANT ALL PRIVILEGES ON all tables in schema public TO gitlab;
\l ;
postgres=# \q # 退出;
如在安装过程中,想清理重置一下 数据库配置,可执行以下命令:
su - postgres psql drop database gitlab_production; drop owned by gitlab; drop role gitlab;
redis 监听地址优化#
默认 redis 安装后,且监听在
127.0.0.1之上,即且本地可使用,这里需要进行更改一下监听地址。
sed -i "s#bind 127.0.0.1#bind 0.0.0.0#g" # 更改为监听所有,非推荐做法。
Gitlab Kubernetes 中的安装#
准备好 postgres & redis 并做好了,对应的初始化步骤后,就可以进行在 k8s 中进行安装部署了。下面示例的 部署文件中,包涵了 关联集成
smtp&openLdap,并创建使用 traefik 进行对应页面的暴露使用。
创建部署 namespace#
kubectl create ns gitlab
部署 gitlab.yaml 部署文件如下所示#
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-pv
spec:
storageClassName: local # Local PV
capacity:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
local:
path: /data/gitlab/data/
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-pvc
namespace: gitlab
spec:
storageClassName: local
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab
labels:
name: gitlab
spec:
selector:
matchLabels:
name: gitlab
template:
metadata:
name: gitlab
labels:
name: gitlab
spec:
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /home/git/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /home/git/data
containers:
- name: gitlab
image: sameersbn/gitlab:13.12.1
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_TIMEZONE
value: Beijing
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_ROOT_PASSWORD
value: treesir123
- name: GITLAB_ROOT_EMAIL
value: amoaloas@gmail.com
- name: GITLAB_HOST
value: gitlab.treesir.pub
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "22"
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: DB_TYPE
value: postgres
- name: DB_HOST
value: 192.168.8.88
- name: DB_PORT
value: '5432'
- name: DB_USER
value: gitlab
- name: DB_PASS
value: "123456"
- name: DB_NAME
value: gitlab_production
- name: REDIS_HOST
value: 192.168.8.88
- name: REDIS_PORT
value: "6379"
- name: SMTP_ENABLED # 配置开启 smtp
value: 'true'
- name: SMTP_DOMAIN
value: mail.163.com
- name: SMTP_HOST
value: smtp.163.com
- name: SMTP_PORT
value: '465'
- name: SMTP_USER
value: xxx@163.com
- name: SMTP_PASS
value: xxx
- name: SMTP_TLS
value: 'true'
- name: LDAP_ENABLED
value: 'true'
- name: LDAP_HOST
value: 192.168.8.1
- name: LDAP_UID
value: uid
- name: LDAP_BIND_DN
value: cn=admin,dc=treesir,dc=pub
- name: LDAP_PASS
value: '123456'
- name: LDAP_ACTIVE_DIRECTORY
value: 'false'
- name: LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN
value: 'false'
- name: LDAP_BASE
value: ou=users,dc=treesir,dc=pub
ports:
- name: http
containerPort: 80
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /home/git/data
name: data
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 60
timeoutSeconds: 1
resources:
limits:
cpu: 4000m
memory: 6144Mi
requests:
cpu: 1000m
memory: 2048Mi
volumes:
- name: data
persistentVolumeClaim:
claimName: gitlab-pvc
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab
labels:
name: gitlab
spec:
ports:
- name: http
port: 80
targetPort: http
- name: ssh
port: 22
targetPort: ssh
selector:
name: gitlab
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitlab
namespace: gitlab
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`gitlab.treesir.pub`)
services:
- name: gitlab
port: 80
更加高级扩展功能,请查看此
容器的环境变量 配置表,注意使用localPv进行关联部署的话,请注意一下,在对应的节点中是否有对应的目录存在。
等待初始化完成#
watch kubectl get po -n gitlab
测试使用 ldap 进行使用#
参考文档#
https://www.treesir.pub/post/ingress-traefik/
https://www.treesir.pub/post/docker-deploy-ldap/
相关文章
使用 Helm 部署 Spinnaker 持续部署(CD)平台
·2781 字·6 分钟·
devops
k8s
helm
spinnaker
ci-cd
使用 helm 在 Kubernetes 中部署 Nexus 私服
·2270 字·5 分钟·
k8s
devops
helm
nexus3
Rancher 开启监控后的,阈值告警配置说明 (三)
·1032 字·3 分钟·
devops
k8s
prometheus
alertmanage
rancher
prometheus
operator
k8s
kubekey
exporter
Rancher 开启监控后,exporter/metrics 的添加说明 (二)
·2662 字·6 分钟·
devops
k8s
prometheus
rancher
prometheus
operator
k8s
kubekey
exporter
metrics
Rancher 开启监控,及生产应用的优化配置工作说明 (一)
·2785 字·6 分钟·
devops
k8s
prometheus
rancher
prometheus
operator
k8s
kubekey
exporter
Maven ReleasePlugin 的使用记录
·306 字·1 分钟·
devops
maven
ci-cd