18-Kuernetes安装gitlab-ce
一、前期准备
helm添加charts
[root@master140 gitlab]# helm repo add stable https://charts.helm.sh/stable
[root@master140 gitlab]# helm repo add bitnami https://charts.bitnami.com/bitnami
#阿里云
[root@master140 gitlab]# helm repo add stable https://apphub.aliyuncs.com/stable #阿里云
[root@master140 gitlab]# helm repo add aliyuncs https://apphub.aliyuncs.com
复制代码
更新
[root@master140 gitlab]# helm repo update
复制代码
二、安装
安装前准备
创建命名空间
[root@master140 gitlab]# kubectl create ns gitlab
复制代码
charts下载(gitlab-ce)查看gitlab-ce版本
[root@master140 gitlab]# helm search repo gitlab-ce -l
stable/gitlab-ce 0.2.3 9.4.1 GitLab Community Edition
stable/gitlab-ce 0.2.2 9.4.1 GitLab Community Edition
stable/gitlab-ce 0.2.1 GitLab Community Edition
stable/gitlab-ce 0.2.0 GitLab Community Edition
stable/gitlab-ce 0.1.12 GitLab Community Edition
stable/gitlab-ce 0.1.11 GitLab Community Edition
复制代码
下载最新版本
[root@master140 gitlab]# helm pull stable/gitlab-ce
[root@master140 gitlab]# ll
-rw-r--r-- 1 root root 12618 Mar 17 13:59 gitlab-ce-0.2.3.tgz
复制代码
解压
[root@master140 gitlab]# tar zxvf gitlab-ce-0.2.3.tgz
[root@master140 gitlab]# ll
drwxr-xr-x 4 root root 160 Mar 16 10:27 gitlab-ce
-rw-r--r-- 1 root root 12618 Mar 15 15:30 gitlab-ce-0.2.3.tgz
复制代码
将解压后的gitlab-ce内的values.yaml复制出来,一会需要改造
[root@master140 gitlab]# cp gitlab-ce/values.yaml gitlab-ce-values.yaml
## 最终目录结构为:
drwxr-xr-x 4 root root 160 Mar 17 14:41 gitlab-ce
-rw-r--r-- 1 root root 12618 Mar 15 15:30 gitlab-ce-0.2.3.tgz
-rwxr-xr-x 1 root root 4491 Mar 17 15:12 gitlab-ce-values.yaml
复制代码
创建storageclass
之前我系统里面有,名字为:xincan-nfs-storage,此处用此SC
[root@master140 gitlab]# kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
xincan-nfs-storage xincan.cn/nfs Delete Immediate false 2d3h
[root@master140 gitlab]#
复制代码
charts改造
gitlab-ce-values.yaml 详细改造点如下中文注释
[root@master140 gitlab]# cat gitlab-ce-values.yaml
## GitLab CE image
## ref: https://hub.docker.com/r/gitlab/gitlab-ce/tags/
## image: gitlab/gitlab-ce:9.4.1-ce.0
## 升级gitlab-ce版本
image: gitlab/gitlab-ce:15.9.3-ce.0
## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
# imagePullPolicy:
## 设置镜像拉取策略
imagePullPolicy: IfNotPresent
## The URL (with protocol) that your users will use to reach the install.
## ref: https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
# externalUrl: http://your-domain.com/
## 设置访问地址, https 需要配合ingress使用
externalUrl: https://gitlab.xincan.com/
## Change the initial default admin password if set. If not set, you'll be
## able to set it when you first visit your install.
# gitlabRootPassword: ""
## 设置账号密码
gitlabRootPassword: "admin123"
## For minikube, set this to NodePort, elsewhere use LoadBalancer
## ref: http://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
## serviceType: LoadBalancer
## 设置访问方式
serviceType: NodePort
## Ingress configuration options
## 此处配置看个人喜好,如果是nodeport方式,可以不用打开,如果想用ingress,则需要提前安装好ingress
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
tls:
- secretName: xincan.com
hosts:
- gitlab.xincan.com
url: gitlab.xincan.com
## Configure external service ports
## ref: http://kubernetes.io/docs/user-guide/services/
sshPort: 22
httpPort: 80
httpsPort: 443
## livenessPort Port of liveness probe endpoint
# livenessPort: http
## readinessPort Port of readiness probe endpoint
# readinessPort: http
## 提取探针, 顺便注释掉 livenessPort, readinessPort已经没用,探针频率调整,不然一直重启
probe:
livenessProbe:
httpGet:
path: /help
port: http
initialDelaySeconds: 200
timeoutSeconds: 10
periodSeconds: 120
successThreshold: 1
failureThreshold: 10
readinessProbe:
httpGet:
path: /help
port: http
initialDelaySeconds: 300
timeoutSeconds: 10
periodSeconds: 60
successThreshold: 1
failureThreshold: 3
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
## GitLab requires a good deal of resources. We have split out Postgres and
## redis, which helps some. Refer to the guidelines for larger installs.
## ref: https://docs.gitlab.com/ce/install/requirements.html#hardware-requirements
## 放大资源,根据自己集群情况
requests:
memory: 2Gi
cpu: 1
limits:
memory: 4Gi
cpu: 2
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://docs.gitlab.com/ce/install/requirements.html#storage
persistence:
## This volume persists generated configuration files, keys, and certs.
gitlabEtc:
enabled: true
size: 5Gi
## If defined, volume.beta.kubernetes.io/storage-class:
## Default: volume.alpha.kubernetes.io/storage-class: default
##
# storageClass:
storageClass: xincan-nfs-storage
accessMode: ReadWriteOnce
## This volume is used to store git data and other project files.
## ref: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
gitlabData:
enabled: true
size: 10Gi
## If defined, volume.beta.kubernetes.io/storage-class:
## Default: volume.alpha.kubernetes.io/storage-class: default
# storageClass:
## 配置SC
storageClass: xincan-nfs-storage
accessMode: ReadWriteOnce
## Configuration values for the postgresql dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
postgresql:
# 9.6 is the newest supported version for the GitLab container
## 升级pg的版本号,调整资源
imageTag: "15.2"
cpu: 1
memory: 2Gi
postgresUser: gitlab
postgresPassword: gitlab
postgresDatabase: gitlab
persistence:
size: 10Gi
## 配置SC
storageClass: xincan-nfs-storage
## 将内部的镜像移植出来,方便修改,metrics是否安装取决于自己,此处我是true,开启安装
metrics:
enabled: true
image: wrouesnel/postgres_exporter
## imageTag: v0.1.1
## 升级版本号
imageTag: v0.8.0
## Configuration values for the redis dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/redis/README.md
## 升级redis的版本,增大资源
redis:
image: bitnami/redis:7.0.9
redisPassword: "gitlab"
resources:
requests:
memory: 2Gi
cpu: 1
persistence:
size: 10Gi
## 配置SC
storageClass: xincan-nfs-storage
## 将内部的镜像移植出来,方便修改,metrics是否安装取决于自己,此处我是true,开启安装
metrics:
enabled: true
image: oliver006/redis_exporter
## 升级版本
imageTag: v1.48.0
复制代码
gitlab-ce的deployment改造
地址如下:gitlab-ce/templates/deployment.yaml
[root@master140 gitlab]# cat gitlab-ce/templates/deployment.yaml
{{- if default "" .Values.externalUrl }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "gitlab-ce.fullname" . }}
labels:
app: {{ template "gitlab-ce.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
## 增加副本数配置
replicas: 1
## 增加标签匹配,以下三行代码
selector:
matchLabels:
app: {{ template "gitlab-ce.fullname" . }}
template:
metadata:
labels:
app: {{ template "gitlab-ce.fullname" . }}
spec:
containers:
- name: {{ template "gitlab-ce.fullname" . }}
image: {{ .Values.image }}
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
env:
## General GitLab Configs
# This is a free-form env var that GitLab Omnibus uses to configure
# everything. We're passing this in from a configmap and pulling some
# of the values from the env vars defined below. This is done to
# avoid leaving secrets visible in kubectl.
## 增加GITLAB_SECRETS_DB_KEY_BASE、GITLAB_SECRETS_SECRET_KEY_BASE、GITLAB_SECRETS_OTP_KEY_BASE变量配置
- name: GITLAB_SECRETS_DB_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_SECRET_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_SECRETS_OTP_KEY_BASE
value: long-and-random-alpha-numeric-string
- name: GITLAB_PORT
value: "80"
- name: GITLAB_SSH_PORT
value: "22"
- name: GITLAB_OMNIBUS_CONFIG
valueFrom:
configMapKeyRef:
name: {{ template "gitlab-ce.fullname" . }}
key: gitlab_omnibus_config
- name: GITLAB_ROOT_PASSWORD
{{- if default "" .Values.gitlabRootPassword }}
valueFrom:
secretKeyRef:
name: {{ template "gitlab-ce.fullname" . }}
key: gitlab-root-password
{{ end }}
- name: EXTERNAL_URL
value: {{ default "" .Values.externalUrl | quote }}
## DB configuration
##增加GITLAB_NOTIFY_ON_BROKEN_BUILDS, GITLAB_NOTIFY_PUSHER,GITLAB_BACKUP_SCHEDULE,GITLAB_BACKUP_TIME,DB_TYPE变量配置
- name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: "true"
- name: GITLAB_NOTIFY_PUSHER
value: "false"
- name: GITLAB_BACKUP_SCHEDULE
value: daily
- name: GITLAB_BACKUP_TIME
value: 01:00
- name: DB_TYPE
value: postgres
- name: DB_HOST
value: {{ template "gitlab-ce.postgresql.fullname" . }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ template "gitlab-ce.fullname" . }}
key: db-user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "gitlab-ce.fullname" . }}
key: db-password
- name: DB_DATABASE
value: {{ .Values.postgresql.postgresDatabase | quote }}
## Redis configuration
- name: REDIS_HOST
value: {{ template "gitlab-ce.redis.fullname" . }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "gitlab-ce.fullname" . }}
key: redis-password
ports:
- name: ssh
containerPort: 22
- name: http
containerPort: 80
- name: https
containerPort: 443
## 提取探针到values文件,统一配置
{{- toYaml .Values.probe | nindent 8 }}
## 优化资源
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- name: gitlab-etc
mountPath: /etc/gitlab
- name: gitlab-data
mountPath: /gitlab-data
volumes:
- name: gitlab-etc
{{- if .Values.persistence.gitlabEtc.enabled }}
persistentVolumeClaim:
claimName: {{ template "gitlab-ce.fullname" . }}-etc
{{- else }}
emptyDir: {}
{{- end }}
- name: gitlab-data
{{- if .Values.persistence.gitlabData.enabled }}
persistentVolumeClaim:
claimName: {{ template "gitlab-ce.fullname" . }}-data
{{- else }}
emptyDir: {}
{{- end }}
{{ else }
{{ end }}
[root@master140 gitlab]#
复制代码
postgressql 的 deployment 改造
[root@master140 gitlab]# cat gitlab-ce/charts/postgresql/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
## 增加副本数配置
replicas: 1
## 增加标签匹配,以下三行代码
selector:
matchLabels:
app: {{ template "postgresql.fullname" . }}
template:
metadata:
labels:
app: {{ template "postgresql.fullname" . }}
spec:
containers:
- name: {{ template "postgresql.fullname" . }}
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
env:
- name: POSTGRES_USER
value: {{ default "postgres" .Values.postgresUser | quote }}
# Required for pg_isready in the health probes.
- name: PGUSER
value: {{ default "postgres" .Values.postgresUser | quote }}
- name: POSTGRES_DB
value: {{ default "" .Values.postgresDatabase | quote }}
- name: POSTGRES_INITDB_ARGS
value: {{ default "" .Values.postgresInitdbArgs | quote }}
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.fullname" . }}
key: postgres-password
- name: POD_IP
valueFrom: { fieldRef: { fieldPath: status.podIP } }
ports:
- name: postgresql
containerPort: 5432
livenessProbe:
exec:
command:
- sh
- -c
- exec pg_isready --host $POD_IP
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
exec:
command:
- sh
- -c
- exec pg_isready --host $POD_IP
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
resources:
{{ toYaml .Values.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data/pgdata
subPath: {{ .Values.persistence.subPath }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }}
env:
- name: DATA_SOURCE_NAME
value: postgresql://[email protected]:5432?sslmode=disable
ports:
- name: metrics
containerPort: 9187
{{- if .Values.metrics.customMetrics }}
args: ["-extend.query-path", "/conf/custom-metrics.yaml"]
volumeMounts:
- name: custom-metrics
mountPath: /conf
readOnly: true
{{- end }}
resources:
{{ toYaml .Values.metrics.resources | indent 10 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "postgresql.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
- name: custom-metrics
secret:
secretName: {{ template "postgresql.fullname" . }}
items:
- key: custom-metrics.yaml
path: custom-metrics.yaml
{{- end }}
[root@master140 gitlab]#
复制代码
redis 的 deployment 改造
[root@master140 gitlab]# cat gitlab-ce/charts/redis/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "redis.fullname" . }}
labels:
app: {{ template "redis.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
matchLabels:
app: {{ template "redis.fullname" . }}
template:
metadata:
labels:
app: {{ template "redis.fullname" . }}
spec:
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
containers:
- name: {{ template "redis.fullname" . }}
image: "{{ .Values.image }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
{{- if .Values.args }}
args:
{{ toYaml .Values.args | indent 10 }}
{{- end }}
env:
{{- if .Values.usePassword }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.fullname" . }}
key: redis-password
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
{{- end }}
ports:
- name: redis
containerPort: 6379
livenessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
timeoutSeconds: 1
resources:
{{ toYaml .Values.resources | indent 10 }}
volumeMounts:
- name: redis-data
mountPath: /bitnami/redis
{{- if .Values.metrics.enabled }}
- name: metrics
image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
imagePullPolicy: {{ .Values.metrics.imagePullPolicy | quote }}
env:
- name: REDIS_ALIAS
value: {{ template "redis.fullname" . }}
{{- if .Values.usePassword }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.fullname" . }}
key: redis-password
{{- end }}
ports:
- name: metrics
containerPort: 9121
resources:
{{ toYaml .Values.metrics.resources | indent 10 }}
{{- end }}
volumes:
- name: redis-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "redis.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
[root@master140 gitlab]#
复制代码
ingress安装
整体替换,改动太多
[root@master140 gitlab]# cat gitlab-ce/templates/ingress.yaml
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- if .Values.ingress.annotations }}
annotations:
{{ toYaml .Values.ingress.annotations | indent 4 }}
{{- end }}
name: {{ template "gitlab-ce.fullname" . }}
labels:
app: {{ template "gitlab-ce.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
rules:
- host: {{ .Values.ingress.url | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ template "gitlab-ce.fullname" . }}
port:
number: {{ .Values.httpPort }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end }}
[root@master140 gitlab]#
复制代码
安装
[root@master140 gitlab]# helm install gitlab gitlab-ce -n gitlab -f gitlab-ce-values.yaml
WARNING: This chart is deprecated
NAME: gitlab
LAST DEPLOYED: Fri Mar 17 15:40:58 2023
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
##############################################################################
This chart has been deprecated in favor of the official GitLab chart:
http://docs.gitlab.com/ce/install/kubernetes/gitlab_omnibus.html
##############################################################################
1. Get your GitLab URL by running:
export NODE_IP=$(kubectl get nodes --namespace gitlab -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
2. Login as the root user:
Username: root
Password: admin123
3. Point a DNS entry at your install to ensure that your specified
external URL is reachable:
http://gitlab.xincan.com/
复制代码
查看安装情况
[root@master140 gitlab]# kubectl -n gitlab get pod,svc,pvc,pv
NAME READY STATUS RESTARTS AGE
pod/gitlab-gitlab-ce-7c58ffbb56-cm52c 1/1 Running 0 12m
pod/gitlab-postgresql-859d767bf4-lh9q8 2/2 Running 0 12m
pod/gitlab-redis-6478d7cb5d-rrslw 2/2 Running 0 12m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gitlab-gitlab-ce NodePort 10.96.2.175 22:30658/TCP,80:31392/TCP,443:31695/TCP 12m
service/gitlab-postgresql ClusterIP 10.96.2.218 5432/TCP 12m
service/gitlab-redis ClusterIP 10.96.3.118 6379/TCP 12m
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/gitlab-gitlab-ce-data Bound pvc-e5eb33ac-573f-4145-b815-afacfb45b25d 10Gi RWO xincan-nfs-storage 12m
persistentvolumeclaim/gitlab-gitlab-ce-etc Bound pvc-da939f0a-5562-4080-a4e4-15e258fc0041 5Gi RWO xincan-nfs-storage 12m
persistentvolumeclaim/gitlab-postgresql Bound pvc-3a910678-1593-4580-aec0-5ec0d73949aa 10Gi RWO xincan-nfs-storage 12m
persistentvolumeclaim/gitlab-redis Bound pvc-59084d68-9319-42af-b8ba-6466b78bd06f 10Gi RWO xincan-nfs-storage 12m
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/pvc-3a910678-1593-4580-aec0-5ec0d73949aa 10Gi RWO Delete Bound gitlab/gitlab-postgresql xincan-nfs-storage 12m
persistentvolume/pvc-59084d68-9319-42af-b8ba-6466b78bd06f 10Gi RWO Delete Bound gitlab/gitlab-redis xincan-nfs-storage 12m
persistentvolume/pvc-da939f0a-5562-4080-a4e4-15e258fc0041 5Gi RWO Delete Bound gitlab/gitlab-gitlab-ce-etc xincan-nfs-storage 12m
persistentvolume/pvc-e5eb33ac-573f-4145-b815-afacfb45b25d 10Gi RWO Delete Bound gitlab/gitlab-gitlab-ce-data xincan-nfs-storage 12m
[root@master140 gitlab]#
复制代码
访问gitlab.xincan.com:31392
提前配置好hosts
|