环境信息
- Kubernetes:v1.20.6
- StorageClass:UFS
- Helm:v3.5.2
GitLib 14.x版本安装前检查工作
- 推荐至少预留 8vCPU 和 30GB Mem的资源
- 推荐 Redis 6.0 或者更高版本
- 依赖 PostgreSQL 13.x 或者更高版本
GitLib 14.x版本安装前准备工作
1. 申请通证书,
可以使用 https://keymanager.org/ 来申请 Let’s Encrypt 提供的免费泛域名证书
2. 创建域名证书 secret
kubectl create ns gitlab
kubectl create secret tls gitlib-secret \
--cert=gitlab.crt \
--key=gitlab.key \
-n gitlab
3. 准备一个 Redis 实例
K8S集群内部署参考链接 Helm部署Redis
4. 准备一个 PostgreSQL 实例
K8S集群内署参考链接 Helm部署postgresql
5. 创建Gitlab使用的secret
定义一个Gitlab root账户管理密码,记录 Redis 认证密码,PostgreSQL DB 密码,将这些密码保存在名为gitlab-components-secret 的 secret 中
kubectl create secret generic gitlab-components-secret \
--from-literal=gitlab="gitlabrootpwxxx" \
--from-literal=redispw="redispwxxxxx" \
--from-literal=pgpw="pgpwxxxx" \
-n gitlab
其中以上命令注释说明如下:
- Gitlab root 密码: key:
gitlabvalue:gitlabrootpwxxx - Redis 认证密码: key:
redispwvalue:redispwxxxxx - PostgreSQL密码: key:
pgpwvalue:pgpwxxxx
6. 同步海外源镜像
在国内环境部署应用,经常因为获取国外源站容器镜像超时,导致部署失败,可以提前将容器镜像同步到本地镜像仓库中,以自有镜像仓库uhub.service.ucloud.cn/ucloud_pts 为例,login仓库,执行命令: docker login uhub.service.ucloud.cn/ucloud_pts
需要同步镜像列表如下:
busybox:latest
gitlab/gitlab-runner:alpine-v14.0.0
minio/mc:RELEASE.2018-07-13T00-53-22Z
minio/minio:RELEASE.2017-12-28T01-21-00Z
registry.gitlab.com/gitlab-org/build/cng/gitaly:v14.0.5
registry.gitlab.com/gitlab-org/build/cng/kubectl:1.16.15
registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.19.0
registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:10.3.0
registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2
registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v14.0.6
关于docker pull tag push 操作可以参考:
- https://docs.docker.com/engine/reference/commandline/pull/
- https://docs.docker.com/engine/reference/commandline/tag/
- https://docs.docker.com/engine/reference/commandline/push/
7. 创建 imagePullSecrets
创建容器集群访问仓库地址 uhub.service.ucloud.cn/ucloud_pts,拉取镜像需要的 secret
kubectl create namespace gitlab
kubectl create secret docker-registry registry-secret-name \
--namespace=db \
--docker-server=uhub.service.ucloud.cn/ucloud_pts \
--docker-username='xxxxxx' \
--docker-password='xxxxxx'
8. 添加 Helm仓库
这里选用BitNami提供的chart仓库
helm repo add gitlab https://charts.gitlab.io/
helm repo update
9. 定义gitlab 配置,完成gitlab部署
cat > gitlab-values.yaml << EOF
global:
edition: ce
hosts:
domain: onwalk.net
https: true
externalIP: 106.75.117.4
ingress:
enabled: true
class: nginx
tls:
enabled: true
secretName: gitlib-secret
configureCertmanager: false
initialRootPassword:
secret: gitlab-components-secret
key: gitlab
minio:
enabled: true
image: uhub.service.ucloud.cn/ucloud_pts/minio
imageTag: 'RELEASE.2017-12-28T01-21-00Z'
communityImages:
migrations:
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-task-runner-ce
sidekiq:
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-sidekiq-ce
task-runner:
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-task-runner-ce
webservice:
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-webservice-ce
workhorse:
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-workhorse-ce
psql:
password:
secret: gitlab-components-secret
key: pgpw
host: gitlab-db-postgresql
port: 5432
username: postgres
database: gitlab-db
redis:
password:
enabled: true
secret: gitlab-components-secret
key: redispw
host: gitlab-cache-redis-master
port: 6379
kubectl:
image:
repository: uhub.service.ucloud.cn/ucloud_pts/kubectl
tag: 1.16.15
pullSecrets:
- name: registry-secret-name
busybox:
image:
repository: uhub.service.ucloud.cn/ucloud_pts/busybox
tag: latest
pullSecrets:
- name: registry-secret-name
certificates:
image:
repository: uhub.service.ucloud.cn/ucloud_pts/alpine-certificates
tag: 20191127-r2
pullSecrets:
- name: registry-secret-name
registry:
enabled: false
nginx-ingress:
enabled: false
tcpExternalConfig: "true"
controller:
image:
repository: uhub.service.ucloud.cn/ucloud_pts/controller
tag: v0.41.2
digest: sha256:8aa4fda472ec83ae59fe0ce9720684d769ed277ff9bdcbb0169178dc9d1f8e85
defaultBackend:
image:
repository: uhub.service.ucloud.cn/ucloud_pts/defaultbackend-amd64
tag: 1.5
imagePullSecrets:
- name: registry-secret-name
prometheus:
install: false
certmanager:
install: false
redis:
install: false
postgresql:
install: false
gitlab-runner:
enabled: true
imagePullSecrets:
- name: registry-secret-name
image: uhub.service.ucloud.cn/ucloud_pts/gitlab-runner:alpine-v14.0.0
gitlabUrl: https://gitlab.onwalk.net
runnerRegistrationToken: vuAg5bjxKYp2bbzk26JU
runners:
privileged: true
minio:
pullSecrets:
- name: registry-secret-name
image: uhub.service.ucloud.cn/ucloud_pts/minio
imageTag: 'RELEASE.2017-12-28T01-21-00Z'
minioMc:
image: uhub.service.ucloud.cn/ucloud_pts/mc
tag: RELEASE.2018-07-13T00-53-22Z
gitlab:
ingress: nginx
gitlab-exporter:
image:
pullSecrets:
- name: registry-secret-name
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-exporter
tag: '10.3.0'
gitaly:
image:
pullSecrets:
- name: registry-secret-name
repository: uhub.service.ucloud.cn/ucloud_pts/gitaly
tag: v14.0.5
gitlab-shell:
image:
pullSecrets:
- name: registry-secret-name
repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-shell
tag: v13.19.0
EOF
helm upgrade --install gitlab gitlab/gitlab -f gitlab-values.yaml -n gitlab
单独部署gitlab-runner
cat > gitlab-runner-value.yaml << EOF
enabled: true
imagePullSecrets:
- name: registry-secret-name
image: uhub.service.ucloud.cn/ucloud_pts/gitlab-runner:alpine-v14.0.0
gitlabUrl: https://gitlab.onwalk.net
runnerRegistrationToken: vuAg5bjxKYp2bbzk26JU
runners:
privileged: true
EOF
helm upgrade --install ci-runner gitlab/gitlab-runner -f gitlab-runner-value.yaml -n gitlab
使用公共的 ingress-nginx 网关服务
需要开启 22 端口映射,可以在 ingress-value.yaml 文件追加如下配置:
tcp:
22: "gitlab/gitlab-gitlab-shell:22"
然后执行更新即可:
helm upgrade --install ingress-nginx ingress/ingress-nginx \
-n ingress-nginx --values=ingress-value.yaml
参考
https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/index.md#installation
https://docs.gitlab.com/runner/install/kubernetes.html
https://docs.gitlab.com/charts/advanced/external-nginx/
