参照https://www.yuque.com/duiniwukenaihe/ehb02i内https://www.yuque.com/duiniwukenaihe/ehb02i/qz49ev之前文章。要完成kubernetes devops工作流的完成。前面已经搭建了jenkins。gitlab代码仓库也是必不可缺少的。现在搞一下gitlab,关于helm前面也做了详细的讲述,这里略过了。另外之前gitlab版本没有中文版本可参照https://hub.docker.com/r/twang2218/gitlab-ce-zh/ twang2218的汉化版本。现在的gitlab已经支持多语言了,可以略过。下面就开始安装gitlab。看了一眼helm的安装方式…文章较少。还是决定老老实实yaml方式安装了
1. 创建gitlab搭建过程中所需要的pvc初步规划:存储storageclass是用的腾讯云开源的cbs-csi插件,由于最小值只能是10G,redis postgresql就设置为10G了。特意强调下 pvc指定namespace。昨天手贱安装kubesphere玩下了,结果发现他自带的Prometheus把我的pv,pvc抢占了…不知道这是cbs的坑还是自己搭建方式有问题。最后用户名密码一直错误。卸载了,不玩了…
cat gitlab-pvc.yaml
apiVersion: v1kind: PersistentVolumeClaimmetadata: name: gitlab-pvc namespace: kube-opsspec: accessModes: - ReadWriteOnce resources: requests: storage: 100Gi storageClassName
cat gitlab-redis-pvc.yaml
apiVersion: v1kind: PersistentVolumeClaimmetadata: name: gitlab-redis-pvc namespace: kube-ops spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: cbs-csi
cat gitlab-pg-pvc.yaml
apiVersion: v1kind: PersistentVolumeClaimmetadata: name: gitlab-pg-pvc namespace: kube-ops spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: cbs-csi
在当前目录下执行
kubectl apply -f .
注: 特意指定了namespace,否则执行kubectl apply -f yaml文件的时候经常会忘掉指定namespace
,claimName 修改为自己创建的pvc。
cat redis.yaml
## Servicekind: ServiceapiVersion: v1metadata: name: gitlab-redis namespace: kube-ops labels: name: gitlab-redisspec: type: ClusterIP ports: - name: redis protocol: TCP port: 6379 targetPort: redis selector: name: gitlab-redis---## Deploymentkind: DeploymentapiVersion: apps/v1metadata: name: gitlab-redis namespace: kube-ops labels: name: gitlab-redisspec: replicas: 1 selector: matchLabels: name: gitlab-redis template: metadata: name: gitlab-redis labels: name: gitlab-redis spec: containers: - name: gitlab-redis image: 'sameersbn/redis:4.0.9-3' ports: - name: redis containerPort: 6379 protocol: TCP resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 1000m memory: 2Gi volumeMounts: - name: data mountPath: /var/lib/redis livenessProbe: exec: command: - redis-cli - ping initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: exec: command: - redis-cli - ping initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 volumes: - name: data persistentVolumeClaim: claimName: gitlab-redis-pvc
kubectl apply -f redis.yaml
等待创建完成running。
同redis 配置一样修改pg配置
cat pg.yaml
## Servicekind: ServiceapiVersion: v1metadata: name: gitlab-postgresql namespace: kube-ops labels: name: gitlab-postgresqlspec: ports: - name: postgres protocol: TCP port: 5432 targetPort: postgres selector: name: postgresql type: ClusterIP---## Deploymentkind: DeploymentapiVersion: apps/v1metadata: name: postgresql namespace: kube-ops labels: name: postgresqlspec: replicas: 1 selector: matchLabels: name: postgresql template: metadata: name: postgresql labels: name: postgresql spec: containers: - name: postgresql image: sameersbn/postgresql:12-20200524 ports: - name: postgres containerPort: 5432 env: - name: DB_USER value: gitlab - name: DB_PASS value: admin@mydlq - name: DB_NAME value: gitlabhq_production - name: DB_EXTENSION value: 'pg_trgm,btree_gist' resources: requests: cpu: 2 memory: 2Gi limits: cpu: 2 memory: 2Gi livenessProbe: exec: command: ["pg_isready","-h","localhost","-U","postgres"] initialDelaySeconds: 30 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: exec: command: ["pg_isready","-h","localhost","-U","postgres"] initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: data mountPath: /var/lib/postgresql volumes: - name: data persistentVolumeClaim: claimName: gitlab-pg-pvc
kubectl apply -f pg.yaml
cat gitlab.yaml
## Servicekind: ServiceapiVersion: v1metadata: name: gitlab namespace: kube-ops labels: name: gitlabspec: ports: - name: http protocol: TCP port: 80 - name: ssh protocol: TCP port: 22 selector: name: gitlab type: ClusterIP---## Deploymentkind: DeploymentapiVersion: apps/v1metadata: name: gitlab namespace: kube-ops labels: name: gitlabspec: replicas: 1 selector: matchLabels: name: gitlab template: metadata: name: gitlab labels: name: gitlab spec: containers: - name: gitlab image: 'sameersbn/gitlab:13.6.2' ports: - name: ssh containerPort: 22 - name: http containerPort: 80 - name: https containerPort: 443 env: - name: TZ value: Asia/Shanghai - name: GITLAB_TIMEZONE value: Beijing - name: GITLAB_SECRETS_DB_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_SECRETS_SECRET_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_SECRETS_OTP_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_ROOT_PASSWORD value: admin@mydlq - name: GITLAB_ROOT_EMAIL value: 820042728@qq.com - name: GITLAB_HOST value: 'gitlab.saynaihe.com' - name: GITLAB_PORT value: '80' - name: GITLAB_SSH_PORT value: '22' - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS value: 'true' - name: GITLAB_NOTIFY_PUSHER value: 'false' - name: DB_TYPE value: postgres - name: DB_HOST value: gitlab-postgresql - name: DB_PORT value: '5432' - name: DB_USER value: gitlab - name: DB_PASS value: admin@mydlq - name: DB_NAME value: gitlabhq_production - name: REDIS_HOST value: gitlab-redis - name: REDIS_PORT value: '6379' resources: requests: cpu: 2 memory: 4Gi limits: cpu: 2 memory: 4Gi livenessProbe: httpGet: path: / port: 80 scheme: HTTP initialDelaySeconds: 300 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: / port: 80 scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: data mountPath: /home/git/data - name: localtime mountPath: /etc/localtime volumes: - name: data persistentVolumeClaim: claimName: gitlab-pvc - name: localtime hostPath: path: /etc/localtime
基本抄的豆丁大佬的文档。但是删掉了NodePort的方式。还是喜欢用ingress的代理方式。密码 用户名配置的可以安装自己的需求更改了。
等待running…
cat ingress.yaml
apiVersion: traefik.containo.us/v1alpha1kind: Ingre***outemetadata: namespace: kube-ops name: gitlab-httpspec: entryPoints: - web routes: - match: Host(`gitlab.saynaine.com`) kind: Rule services: - name: gitlab port: 80
kubectl apply -f ingress.yaml
访问 gitlab.saynaihe.com(域名仍然为虚构.)。都做了强制跳转了。故访问的伟http页面默认用户名root,密码是自己gitlab.yaml文件中设置的。(至于显示中文,是因为我的谷歌浏览器安装了中文翻译插件)
OK,登陆成功
基本安装完成。其他的用法以后慢慢研究… 现在就是先把工具链安装整合起来。对了gitlab 登陆后记得更改用户名密码…增加个人安全意识是很有必要的。