Kubernetes 部署 gitlab
敏捷開發和devops潮流下,gitlab的使用率直線上升,自身所帶有的CI/CD工具也很齊全,深受開發人群的喜愛,我們將在kubernetes 集群環境中部署一套gitlab環境,作為代碼管理和使用自動化構建部署功能,准備在生產環境中使用
環境准備
k8s集群(阿里雲專業版)
postgres 數據庫redis 緩存服務
gitlab 應用
關於postgres、redis的部署請查看之前相關部署文章
gitlab 部署
版本 gitlab 中文版 11.1.4
gitlab 本身是無狀態服務,但是其中的repository倉庫,配置等文件需要進行持久化存儲,容器目錄為:
/home/git/data
/etc/gitlab/
/var/opt/gitlab
/var/log/gitlab 可選
編寫deployment 部署文件,gitlab.yaml,提前創建好pv 資源datadir-gitlab,這里使用的是阿里雲的nas服務,配置gitlab時,請修改example.com 為自身域名,郵箱配置參數按實際情況進行修改,ssh端口這里暴露為nodeport類型32222,使用SLB的22端口代理進來。
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: datadir-gitlab
namespace: gitlab-cicd
spec:
accessModes:
- ReadWriteMany
storageClassName: nas
resources:
requests:
storage: 50Gi
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab-cicd
labels:
name: gitlab
spec:
replicas: 1
template:
metadata:
name: gitlab
labels:
name: gitlab
spec:
containers:
- name: gitlab
image: twang2218/gitlab-ce-zh:11.1.4
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_TIMEZONE
value: Beijing
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_ROOT_PASSWORD
value: admin123456
- name: GITLAB_ROOT_EMAIL
value: xxx@xx.com
- name: GITLAB_HOST
value: xxx.example.com
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "22"
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: GITLAB_OMNIBUS_CONFIG
value: |
## time_zone
gitlab_rails['time_zone'] = 'Asia/Shanghai'
## postgres
postgresql['enable'] = false
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf-8"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_username'] = "postgres"
gitlab_rails['db_password'] = "xxx"
gitlab_rails['db_host'] = "postgres-svc"
gitlab_rails['db_port'] = 5432
## redis
redis['enable'] = false
gitlab_rails['redis_host'] = "redis"
gitlab_rails['redis_port'] = 6379
#gitlab_rails['redis_password'] = "redis_password"
gitlab_rails['redis_database'] = 0
## pages
pages_external_url "http://page.example.com/"
gitlab_pages['enable'] = true
gitlab_rails['pages_path'] = "/var/opt/gitlab/pages"
gitlab_pages['external_http'] = ['1.1.1.2:80']
#gitlab_pages['access_control'] = true
## gitlab ssh,http克隆地址,默認為hostname
external_url "http://gitlab.example.com/"
## email setting
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxx@xx.com"
gitlab_rails['smtp_password'] = "xxx"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'xx@xx.com'
gitlab_rails['smtp_domain'] = "smtp.qq.com"
postgresql['enable'] = false
postgres_exporter['enable'] = false
redis['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
prometheus_monitoring['enable'] = false
ports:
- name: http
containerPort: 80
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /home/git/data
name: data
- mountPath: /etc/gitlab
name: etc-gitlab
- mountPath: /var/opt/gitlab
name: opt-gitlab
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 900
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: datadir-gitlab
- name: etc-gitlab
persistentVolumeClaim:
claimName: etc-gitlab
- name: opt-gitlab
persistentVolumeClaim:
claimName: opt-gitlab
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab-cicd
labels:
name: gitlab
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: http
- name: ssh
port: 22
targetPort: ssh
nodePort: 32222
selector:
name: gitlab
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gitlab
namespace: gitlab-cicd
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
spec:
rules:
- host: gitlab.example.com
http:
paths:
- backend:
serviceName: gitlab
servicePort: http
path: /
注意:本次部署使用的數據服務應提前部署好,若沒有部署請查看>>上一篇 <<文章部署 , 連接地址可以直接使用svc-name.namespace.svc 的方式,修改自定義的賬號密碼
執行gitlab.yaml部署文件
$ kubectl apply -f gitlab.yaml
persistentvolumeclaim/datadir-gitlab configured
deployment.apps/gitlab configured
service/gitlab configured
ingress.extensions/gitlab configured
查看pod 運行狀態:
$ kubectl get pod -n gitlab-cicd
NAME READY STATUS RESTARTS AGE
gitlab-54548c6969-ghvff 1/1 Running 0 2h
gitlab-ci-runner-0 1/1 Running 0 2h
gitlab-ci-runner-1 1/1 Running 0 2h
redis-8477595b9c-qh6th 1/1 Running 0 77d
stolon-keeper-0 1/1 Running 0 1d
stolon-keeper-1 1/1 Running 0 1d
stolon-keeper-2 1/1 Running 0 1d
stolon-proxy-db976479d-5r6qs 1/1 Running 0 1d
stolon-proxy-db976479d-8x46s 1/1 Running 0 1d
stolon-sentinel-54579c7dd-bk76h 1/1 Running 0 1d
stolon-sentinel-54579c7dd-cwtm2 1/1 Running 0 1d
運行成功后,瀏覽器訪問 http://gitlab.example.com 輸入上面配置初始root 用戶密碼 admin123456,登錄成功后測試gitlab運行穩定性,進行相關配置,gitlab默認是公開注冊,需要配置使用郵箱驗證;創建新項目,克隆倉庫和上傳文件,最后不要忘記進行忘記密碼操作,測試郵件服務是否配置成功
注意:
gitlab.yaml 部署文件中,注意GITLAB_OMNIBUS_CONFIG 配置項的參數,這里我關閉了鏡像默認啟動的grafana、altermanager、prometheus 等服務,並開啟了pages服務,配置pages服務時注意不要使用gitlab.example.com 子域名,可以配置page.example.com
如要需要開啟自定義域名,需要配置gitlab_pages['external_http'] 參數
其他相關配置參數請查閱gitlab官網 相關文檔