Helm部署GitLab 14.0

環(huán)境信息

  1. Kubernetes:v1.20.6
  2. StorageClass:UFS
  3. Helm:v3.5.2

GitLib 14.x版本安裝前檢查工作

  1. 推薦至少預(yù)留 8vCPU 和 30GB Mem的資源
  2. 推薦 Redis 6.0 或者更高版本
  3. 依賴(lài) PostgreSQL 13.x 或者更高版本

GitLib 14.x版本安裝前準(zhǔn)備工作

1. 申請(qǐng)通證書(shū),

可以使用 https://keymanager.org/ 來(lái)申請(qǐng) Let’s Encrypt 提供的免費(fèi)泛域名證書(shū)

2. 創(chuàng)建域名證書(shū) secret

kubectl create ns gitlab
kubectl create secret tls gitlib-secret \
    --cert=gitlab.crt \
    --key=gitlab.key \
    -n gitlab

3. 準(zhǔn)備一個(gè) Redis 實(shí)例

K8S集群內(nèi)部署參考鏈接 Helm部署Redis

4. 準(zhǔn)備一個(gè) PostgreSQL 實(shí)例

K8S集群內(nèi)署參考鏈接 Helm部署postgresql

5. 創(chuàng)建Gitlab使用的secret

定義一個(gè)Gitlab root賬戶(hù)管理密碼,記錄 Redis 認(rèn)證密碼,PostgreSQL DB 密碼,將這些密碼保存在名為gitlab-components-secret 的 secret 中

kubectl create secret generic gitlab-components-secret  \
--from-literal=gitlab="gitlabrootpwxxx" \
--from-literal=redispw="redispwxxxxx" \
--from-literal=pgpw="pgpwxxxx" \
-n gitlab

其中以上命令注釋說(shuō)明如下:

  • Gitlab root 密碼: key: gitlab value: gitlabrootpwxxx
  • Redis 認(rèn)證密碼: key: redispw value: redispwxxxxx
  • PostgreSQL密碼: key: pgpw value: pgpwxxxx

6. 同步海外源鏡像

在國(guó)內(nèi)環(huán)境部署應(yīng)用,經(jīng)常因?yàn)楂@取國(guó)外源站容器鏡像超時(shí),導(dǎo)致部署失敗,可以提前將容器鏡像同步到本地鏡像倉(cāng)庫(kù)中,以自有鏡像倉(cāng)庫(kù)uhub.service.ucloud.cn/ucloud_pts 為例,login倉(cāng)庫(kù),執(zhí)行命令: docker login uhub.service.ucloud.cn/ucloud_pts
需要同步鏡像列表如下:

busybox:latest
gitlab/gitlab-runner:alpine-v14.0.0
minio/mc:RELEASE.2018-07-13T00-53-22Z
minio/minio:RELEASE.2017-12-28T01-21-00Z
registry.gitlab.com/gitlab-org/build/cng/gitaly:v14.0.5
registry.gitlab.com/gitlab-org/build/cng/kubectl:1.16.15
registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.19.0
registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:10.3.0
registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2
registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v14.0.6
registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v14.0.6

關(guān)于docker pull tag push 操作可以參考:

7. 創(chuàng)建 imagePullSecrets

創(chuàng)建容器集群訪問(wèn)倉(cāng)庫(kù)地址 uhub.service.ucloud.cn/ucloud_pts,拉取鏡像需要的 secret

kubectl create namespace gitlab
kubectl create secret docker-registry registry-secret-name \
        --namespace=db \
        --docker-server=uhub.service.ucloud.cn/ucloud_pts \
        --docker-username='xxxxxx' \
        --docker-password='xxxxxx'

8. 添加 Helm倉(cāng)庫(kù)

這里選用BitNami提供的chart倉(cāng)庫(kù)

helm repo add gitlab https://charts.gitlab.io/
helm repo update

9. 定義gitlab 配置,完成gitlab部署

cat > gitlab-values.yaml << EOF
global:
  edition: ce
  hosts:
    domain: onwalk.net
    https: true
    externalIP: 106.75.117.4 
  ingress:
    enabled: true
    class: nginx
    tls:
      enabled: true
      secretName: gitlib-secret
    configureCertmanager: false
  initialRootPassword:
    secret: gitlab-components-secret 
    key: gitlab
  minio:
    enabled: true
    image: uhub.service.ucloud.cn/ucloud_pts/minio
    imageTag: 'RELEASE.2017-12-28T01-21-00Z'
  communityImages:
    migrations:
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-task-runner-ce
    sidekiq:
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-sidekiq-ce
    task-runner:
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-task-runner-ce
    webservice:
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-webservice-ce
    workhorse:
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-workhorse-ce
  psql:
    password:
      secret: gitlab-components-secret
      key: pgpw
    host: gitlab-db-postgresql 
    port: 5432
    username: postgres
    database: gitlab-db
  redis:
    password:
      enabled: true
      secret: gitlab-components-secret
      key: redispw 
    host: gitlab-cache-redis-master 
    port: 6379
  kubectl:
    image:
      repository: uhub.service.ucloud.cn/ucloud_pts/kubectl 
      tag: 1.16.15
      pullSecrets: 
       - name: registry-secret-name
  busybox:
    image:
      repository: uhub.service.ucloud.cn/ucloud_pts/busybox
      tag: latest
      pullSecrets: 
       - name: registry-secret-name
  certificates:
    image:
      repository: uhub.service.ucloud.cn/ucloud_pts/alpine-certificates 
      tag: 20191127-r2
      pullSecrets: 
       - name: registry-secret-name
registry:
  enabled: false
nginx-ingress:
  enabled: false
  tcpExternalConfig: "true"
  controller:
    image:
      repository: uhub.service.ucloud.cn/ucloud_pts/controller
      tag: v0.41.2
      digest: sha256:8aa4fda472ec83ae59fe0ce9720684d769ed277ff9bdcbb0169178dc9d1f8e85 
  defaultBackend:
    image:
      repository: uhub.service.ucloud.cn/ucloud_pts/defaultbackend-amd64 
      tag: 1.5
  imagePullSecrets:
    - name: registry-secret-name
prometheus:
  install: false
certmanager:
  install: false
redis:
  install: false
postgresql:
  install: false
gitlab-runner:
  enabled: true
  imagePullSecrets:
    - name: registry-secret-name
  image: uhub.service.ucloud.cn/ucloud_pts/gitlab-runner:alpine-v14.0.0
  gitlabUrl: https://gitlab.onwalk.net
  runnerRegistrationToken: vuAg5bjxKYp2bbzk26JU 
  runners:
    privileged: true
minio:
  pullSecrets: 
    - name: registry-secret-name
  image: uhub.service.ucloud.cn/ucloud_pts/minio
  imageTag: 'RELEASE.2017-12-28T01-21-00Z'
  minioMc:
    image: uhub.service.ucloud.cn/ucloud_pts/mc
    tag: RELEASE.2018-07-13T00-53-22Z 
gitlab:
  ingress: nginx
  gitlab-exporter:
    image:
      pullSecrets: 
        - name: registry-secret-name
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-exporter
      tag: '10.3.0'
  gitaly:
    image:
      pullSecrets: 
        - name: registry-secret-name
      repository: uhub.service.ucloud.cn/ucloud_pts/gitaly
      tag: v14.0.5 
  gitlab-shell:
    image:
      pullSecrets: 
        - name: registry-secret-name
      repository: uhub.service.ucloud.cn/ucloud_pts/gitlab-shell
      tag: v13.19.0
EOF

helm upgrade --install  gitlab gitlab/gitlab -f gitlab-values.yaml -n gitlab

單獨(dú)部署gitlab-runner

cat > gitlab-runner-value.yaml << EOF
enabled: true
imagePullSecrets:
  - name: registry-secret-name
image: uhub.service.ucloud.cn/ucloud_pts/gitlab-runner:alpine-v14.0.0
gitlabUrl: https://gitlab.onwalk.net
runnerRegistrationToken: vuAg5bjxKYp2bbzk26JU
runners:
  privileged: true
EOF
 helm upgrade --install ci-runner gitlab/gitlab-runner -f gitlab-runner-value.yaml -n gitlab

使用公共的 ingress-nginx 網(wǎng)關(guān)服務(wù)

需要開(kāi)啟 22 端口映射,可以在 ingress-value.yaml 文件追加如下配置:

tcp:
  22: "gitlab/gitlab-gitlab-shell:22"

然后執(zhí)行更新即可:

helm upgrade --install ingress-nginx ingress/ingress-nginx \
-n ingress-nginx --values=ingress-value.yaml

參考

https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/index.md#installation
https://docs.gitlab.com/runner/install/kubernetes.html
https://docs.gitlab.com/charts/advanced/external-nginx/

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容