Gitlab主要涉及到3个应用:Redis、Postgresql、Gitlab 核心程序,实际上我们只要将这3个应用分别启动起来,然后加上对应的配置就可以很方便的安装 Gitlab 了,我们这里选择使用的镜像不是官方的,而是 Gitlab 容器化中使用非常多的一个第三方镜像:sameersbn/gitlab,基本上和官方保持同步更新,地址:http://www.damagehead.com/docker-gitlab/

如果我们已经有可使用的 Redis 或 Postgresql 服务的话,那么直接配置在 Gitlab 环境变量中即可,如果没有的话就单独部署。 创建一个用于存储密码的secret文件:

1、redis

创建PVC和storageclass做持久化

  2. apiVersion: v1
  3. kind: PersistentVolumeClaim
  4. metadata:
  5.   name: gitlab-redis-pvc
  6.   namespace: kube-ops
  7.   annotations:
  8.     volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
  9. spec:
  10.   accessModes:
  11.   - ReadWriteMany
  12.   resources:
  13.     requests:
  14.       storage: 1Gi

redis

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: redis
  5.   namespace: kube-ops
  6.   labels:
  7.     name: redis
  8. spec:
  9.   replicas: 1
  10.   selector:
  11.     matchLabels:
  12.       app: redis
  13.   template:
  14.     metadata:
  15.       name: redis
  16.       labels:
  17.         app: redis
  18.     spec:
  19.       containers:
  20.       - name: redis
  21.         image: redis # sameersbn/redis
  22.         imagePullPolicy: IfNotPresent
  23.         ports:
  24.         - name: redis
  25.           containerPort: 6379
  26.         volumeMounts:
  27.         - mountPath: /var/lib/redis
  28.           name: data
  29.         livenessProbe:
  30.           exec:
  31.             command:
  32.             - redis-cli
  33.             - ping
  34.           initialDelaySeconds: 30
  35.           timeoutSeconds: 5
  36.         readinessProbe:
  37.           exec:
  38.             command:
  39.             - redis-cli
  40.             - ping
  41.           initialDelaySeconds: 5
  42.           timeoutSeconds: 1
  43.       volumes:
  44.       - name: data
  45.         persistentVolumeClaim:
  46.           claimName: gitlab-redis-pvc
  47. ---
  48. apiVersion: v1
  49. kind: Service
  50. metadata:
  51.   name: redis
  52.   namespace: kube-ops
  53.   labels:
  54.     name: redis
  55. spec:
  56.   ports:
  57.     - name: redis
  58.       port: 6379
  59.       targetPort: redis
  60.   selector:
  61.     name: redis

2、PG

secret

  1. apiVersion: v1
  2. data:
  3.   PG_USER: cG9zdGdyZXM= # postgres
  4.   PG_PASSWORD: cGdfcGFzcw== # pg_pass
  5. kind: Secret
  6. metadata:
  7.   name: postgres-secret
  8.   namespace: kube-ops
  9. type: Opaque

加密

  1. echo -n "postgres" | base64
  2. echo -n "pg_pass" | base64

PVC

  1. apiVersion: v1
  2. kind: PersistentVolumeClaim
  3. metadata:
  4.   name: gitlab-postgresql-pvc
  5.   namespace: kube-ops
  6.   annotations:
  7.     volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
  8. spec:
  9.   accessModes:
  10.   - ReadWriteMany
  11.   resources:
  12.     requests:
  13.       storage: 1Gi

创建用户并指定id(或者查看用户ID,根据具体的id屁【配置安全上下文】)

PG需要使用普通用户进行启动

-u 指定用户id

-g 指定所属组id

  1. # 需要在挂载的节点上创建,并授权挂载路径
  2. useradd postgres -u 1000 -g 1000
  4. # 修改用户和组的id
  5. groupmod -g 5000 foo # 修改foo组
  6. usermod -u 5000 foo  # 修改foo用户
  8. # chown -R postgres:postgres kube-ops-gitlab-postgresql-pvc-pvc-efe927e9-c4ea-4581-9826-c727196a281b/

PVC挂载路径的命名格式:<名称空间>--

  1. kubectl get pvc -n kube-ops
  2. NAME                    STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE
  3. gitlab-postgresql-pvc   Bound    pvc-efe927e9-c4ea-4581-9826-c727196a281b   1Gi        RWX            managed-nfs-storage   4h33m
  4. gitlab-redis-pvc        Bound    pvc-c863945e-2726-43c5-9f6c-7737ea0bbb2a   1Gi        RWX            managed-nfs-storage   4h43m

否则会报如下错误无法启动:

Gitlab - 图1

Postgresql

  1. apiVersion: apps/v1
  2. kind: StatefulSet
  3. metadata:
  4.   name: postgres
  5.   namespace: kube-ops
  6. spec:
  7.   serviceName: "postgres"    # 声明它属于哪个Headless Service.
  8.   replicas: 1
  9.   selector:
  10.     matchLabels:
  11.       app: postgres
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: postgres
  16.     spec:
  17.       securityContext:
  18.         runAsUser: 1000
  19.         runAsGroup: 1000
  20.         fsGroup: 1000
  21.       containers:
  22.         - name: postgres
  23.           image: postgres:9.5
  24.           env:
  25.             - name: POSTGRES_USER
  26.               valueFrom:
  27.                 secretKeyRef:
  28.                   name: postgres-secret
  29.                   key: PG_USER
  30.                   optional: false
  31.             - name: POSTGRES_PASSWORD
  32.               valueFrom:
  33.                 secretKeyRef:
  34.                   name: postgres-secret
  35.                   key: PG_PASSWORD
  36.                   optional: false
  37.           ports:
  38.             - containerPort: 5432
  39.               name: postgredb
  40.           volumeMounts:
  41.             - name: postgres-data
  42.               mountPath: /var/lib/postgresql/data
  43.               subPath: postgres
  44.       volumes:
  45.       - name: postgres-data
  46.         persistentVolumeClaim:
  47.           claimName: gitlab-postgresql-pvc
  48. ---       
  49. apiVersion: v1
  50. kind: Service
  51. metadata:
  52.   name: postgresql
  53.   namespace: kube-ops
  54.   labels:
  55.     app: postgresql
  56. spec:
  57.   ports:
  58.     - name: postgres
  59.       port: 5432
  60.       targetPort: postgres
  61.   selector:
  62.     app: postgresql

3、Gitlab

PVC

  1. apiVersion: v1
  2. kind: PersistentVolumeClaim
  3. metadata:
  4.   name: gitlab-data-pvc
  5.   namespace: kube-ops
  6.   annotations:
  7.     volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
  8. spec:
  9.   accessModes:
  10.   - ReadWriteMany
  11.   resources:
  12.     requests:
  13.       storage: 1Gi
  15. ---
  16. apiVersion: v1
  17. kind: PersistentVolumeClaim
  18. metadata:
  19.   name: gitlab-log-pvc
  20.   namespace: kube-ops
  21.   annotations:
  22.     volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
  23. spec:
  24.   accessModes:
  25.   - ReadWriteMany
  26.   resources:
  27.     requests:
  28.       storage: 1Gi
  29. ---
  30. apiVersion: v1
  31. kind: PersistentVolumeClaim
  32. metadata:
  33.   name: gitlab-etc-pvc
  34.   namespace: kube-ops
  35.   annotations:
  36.     volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
  37. spec:
  38.   accessModes:
  39.   - ReadWriteMany
  40.   resources:
  41.     requests:
  42.       storage: 1Gi

Gitlab

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: gitlab
  5.   namespace: kube-ops
  6.   labels:
  7.     name: gitlab
  8. spec:
  9.   replicas: 1
  10.   selector:
  11.     matchLabels:
  12.       name: gitlab
  13.   template:
  14.     metadata:
  15.       name: gitlab
  16.       labels:
  17.         name: gitlab
  18.     spec:
  19.       containers:
  20.       - name: gitlab
  21.         image: gitlab/gitlab-ce:13.7.4-ce.0
  22.         imagePullPolicy: IfNotPresent
  23.         env:
  24.         - name: TZ
  25.           value: Asia/Shanghai
  26.         - name: GITLAB_TIMEZONE
  27.           value: Beijing
  28.         - name: GITLAB_SECRETS_DB_KEY_BASE
  29.           value: long-and-random-alpha-numeric-string
  30.         - name: GITLAB_SECRETS_SECRET_KEY_BASE
  31.           value: long-and-random-alpha-numeric-string
  32.         - name: GITLAB_SECRETS_OTP_KEY_BASE
  33.           value: long-and-random-alpha-numeric-string
  34.         - name: GITLAB_ROOT_PASSWORD
  35.           value: admin321
  36.         - name: GITLAB_ROOT_EMAIL
  37.           value: 1690014753@qq.com
  38.         - name: GITLAB_HOST
  39.           value: 0.0.0.0:30004
  40.         - name: GITLAB_PORT
  41.           value: "80"
  42.         - name: GITLAB_SSH_PORT
  43.           value: "22"
  44.         - name: DB_TYPE
  45.           value: postgres
  46.         - name: DB_HOST
  47.           value: postgresql
  48.         - name: DB_PORT
  49.           value: "5432"
  50.         - name: DB_USER
  51.           value: postgres
  52.         - name: DB_PASS
  53.           value: pg_pass
  54.         - name: DB_NAME
  55.           value: gitlab_production
  56.         - name: REDIS_HOST
  57.           value: redis
  58.         - name: REDIS_PORT
  59.           value: "6379"
  60.         ports:
  61.         - name: http
  62.           containerPort: 80
  63.         - name: ssh
  64.           containerPort: 22
  65.         volumeMounts:
  66.         - mountPath: /var/opt/gitlab
  67.           name: data
  68.         - mountPath: /var/log/gitlab
  69.           name: logs
  70.         - mountPath: /etc/gitlab
  71.           name: etc
  72.         livenessProbe:
  73.           httpGet:
  74.             path: /
  75.             port: 80
  76.           initialDelaySeconds: 180
  77.           timeoutSeconds: 5
  78.         readinessProbe:
  79.           httpGet:
  80.             path: /
  81.             port: 80
  82.           initialDelaySeconds: 5
  83.           timeoutSeconds: 1
  84.       volumes:
  85.       - name: data
  86.         persistentVolumeClaim:
  87.           claimName: gitlab-data-pvc
  88.       - name: logs
  89.         persistentVolumeClaim:
  90.           claimName: gitlab-log-pvc
  91.       - name: etc
  92.         persistentVolumeClaim:
  93.           claimName: gitlab-etc-pvc
  95. ---
  96. apiVersion: v1
  97. kind: Service
  98. metadata:
  99.   name: gitlab
  100.   namespace: kube-ops
  101.   labels:
  102.     name: gitlab
  103. spec:
  104.   type: NodePort
  105.   ports:
  106.     - name: http
  107.       port: 80
  108.       targetPort: http
  109.       nodePort: 30004
  110.     - name: ssh
  111.       port: 22
  112.       targetPort: ssh
  113.   selector:
  114.     name: gitlab