k8s部署gitlab
【代码】k8s部署gitlab。
·
下载gitlab镜像
docker pull gitlab/gitlab-ce:latest
docker tag gitlab/gitlab-ce:latest harbor.uat.wuxingge.com.cn/uat/gitlab-ce:latest
docker push harbor.uat.wuxingge.com.cn/uat/gitlab-ce:latest
nfs中创建gitlab数据目录
mkdir -p /devops/gitlab/data
mkdir -p /devops/gitlab/logs
mkdir -p /devops/gitlab/config
部署gitlab
gitlab_deploy_service.yaml
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: devops
spec:
ports:
- port: 443
targetPort: 443
name: gitlab443
- port: 80
targetPort: 80
name: gitlab80
- port: 22
targetPort: 22
name: gitlab22
selector:
app: gitlab
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: devops
spec:
selector:
matchLabels:
app: gitlab
revisionHistoryLimit: 2
template:
metadata:
labels:
app: gitlab
spec:
containers:
- image: harbor.uat.wuxingge.com.cn/uat/gitlab-ce:latest
name: gitlab
imagePullPolicy: IfNotPresent
ports:
- containerPort: 443
name: gitlab443
- containerPort: 80
name: gitlab80
- containerPort: 22
name: gitlab22
volumeMounts:
- name: gitlab-persistent-config
mountPath: /etc/gitlab
- name: gitlab-persistent-logs
mountPath: /var/log/gitlab
- name: gitlab-persistent-data
mountPath: /var/opt/gitlab
# imagePullSecrets:
# - name: devops-repo
volumes:
- name: gitlab-persistent-config
nfs:
server: 10.10.98.32
path: /devops/gitlab/config
- name: gitlab-persistent-logs
nfs:
server: 10.10.98.32
path: /devops/gitlab/logs
- name: gitlab-persistent-data
nfs:
server: 10.10.98.32
path: /devops/gitlab/data
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gitlab
annotations:
kubernetes.io/ingress.class: "nginx"
namespace: devops
spec:
rules:
- host: gitlab.uat.wuxingge.com.cn
http:
paths:
- path:
backend:
serviceName: gitlab
servicePort: 80
gitlab初始密码
cat /devops/gitlab/config/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: oRxpKUKYB3nhAMBH2etmJL8J+05qNoKeuusa8cfkloA=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours
gitlab重置密码
gitlab-rake "gitlab:password:reset[root]"
Enter password:
Confirm password:
Password successfully updated for user with username root.
ldap认证
vim /devops/gitlab/config/gitlab.rb
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '192.168.44.20'
port: 389
uid: 'uid'
bind_dn: 'cn=writeuser,cn=manager,dc=wuxingge,dc=com,dc=cn'
password: 'password123'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
smartcard_auth: false
active_directory: false
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'dc=wuxingge,dc=com,dc=cn'
user_filter: (memberof=cn=gitlab,ou=application,dc=wuxingge,dc=com,dc=cn)
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'displayName'
first_name: 'cn'
last_name: 'sn'
EOS
关闭监控
vim /devops/gitlab/config/gitlab.rb
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
node_exporter['enable'] = false
postgres_exporter['enable'] = false
redis_exporter['enable'] = false
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献33条内容
所有评论(0)