基于helm的方式在k8s集群中部署gitlab - 备份恢复(二)

接上一篇 基于helm的方式在k8s集群中部署gitlab - 部署(一),本篇重点介绍在k8s集群中备份gitlab的数据,并在虚拟机上部署相同版本的gitlab,然后将备份的数据进行还原恢复

文章目录

    • [1. 备份](#1. 备份)
    • [2. 恢复到虚拟机上的gitlab](#2. 恢复到虚拟机上的gitlab)
      • [2.1 将minio上的备份文件(gitlab-backups)下载下来](#2.1 将minio上的备份文件(gitlab-backups)下载下来)
      • [2.2 将文件放在相同版本gitlab实例的backup目录下,然后执行restore命令](#2.2 将文件放在相同版本gitlab实例的backup目录下,然后执行restore命令)
      • [2.3 配置gitlab实例的对象存储](#2.3 配置gitlab实例的对象存储)
      • [2.4 gitlab 界面查看并测试](#2.4 gitlab 界面查看并测试)
    • [3. 最终形态的values文件](#3. 最终形态的values文件)

1. 备份

由于使用的是minio对象存储,然后gitlab的ingress 使用的是nodeport的方式,而默认的minio的配置是域名配置,由于gitlab在14.9以后使用的tootlbox来进行备份的,因此需要更改toolbox引入minio的configmap配置文件。

但是每次upgrade后会覆盖cm文件,因为后面依然需要修改cm,或者使用外置minio。

# 查看tootbox的cm
kubectl get cm -n jihulab
# 编辑tootbox的cm
kubectl edit cm -n jihulab gitlab-toolbox

 ...
 ...
    if [ ! -f "/${secret_dir}/objectstorage/.s3cfg" ]; then
    cat <<EOF > "/${secret_dir}/.s3cfg"
    [default]
    access_key = $(cat /init-secrets/minio/accesskey)
    secret_key = $(cat /init-secrets/minio/secretkey)
    bucket_location = us-east-1
    host_base = minio.bdeet.top:31501  #修改为nodeport的端口
    host_bucket = minio.bdeet.top:31501/%(bucket)   #修改为nodeport的端口
    default_mime_type = binary/octet-stream
    enable_multipart = True
    multipart_max_chunks = 10000
    multipart_chunk_size_mb = 128
    recursive = True
    recv_chunk = 65536
    send_chunk = 65536
    server_side_encryption = False
    signature_v2 = True
    socket_timeout = 300
    use_mime_magic = False
    verbosity = WARNING
    website_endpoint = https://minio.bdeet.top:31501  #修改为nodeport的端口
    EOF
...
...

然后delete掉toolbox的pod,执行备份

# 删除pod
kubectl delete pod -n jihulab gitlab-toolbox-7b796575d8-gplhc
# 备份
kubectl exec -it gitlab-toolbox-7b796575d8-7q8mh -n jihulab -- backup-utility

minio上备份的gitlab数据

2. 恢复到虚拟机上的gitlab

此处跳过安装gitlab到虚拟机上的操作,默认已经安装相同版本的gitlab服务

2.1 将minio上的备份文件(gitlab-backups)下载下来

2.2 将文件放在相同版本gitlab实例的backup目录下,然后执行restore命令

参考gitlab恢复

cd /var/opt/gitlab/backups
sudo gitlab-backup restore

2.3 配置gitlab实例的对象存储

编辑gitlab.rb文件

...
...
gitlab_rails['object_store']['enabled'] = true
gitlab_rails['object_store']['proxy_download'] = true
gitlab_rails['object_store']['connection'] = {
  'provider' => 'AWS',
  'region' => 'us-east-1',
  'path_style' => 'true',
  'host' => 'minio.bdeet.top:30476',
  'endpoint' => 'https://minio.bdeet.top:30476',
  'aws_access_key_id' => 'NHsiBL6v589G4h1JTn2Kj2sFAV5SxyVLslmoDSWdepqzRs6yYMic3QuKQvTPIXvW',
  'aws_secret_access_key' => 'ye3ySpmaaxCVADAhGz1MbhyBwWnGXW8iJEelVidvq1PZS1fYv6SoQjuTIvZHgHIj'
}

gitlab_rails['object_store']['objects']['artifacts']['bucket'] = 'gitlab-artifacts'
gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = 'gitlab-mr-diffs'
gitlab_rails['object_store']['objects']['lfs']['bucket'] = 'gitlab-lfs'
gitlab_rails['object_store']['objects']['uploads']['bucket'] = 'gitlab-uploads'
gitlab_rails['object_store']['objects']['packages']['bucket'] = 'gitlab-packages'
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = 'gitlab-dependency-proxy'
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = 'gitlab-terraform-state'
gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = 'gitlab-ci-secure-files'
gitlab_rails['object_store']['objects']['pages']['bucket'] = 'gitlab-pages'
gitlab_rails['object_store']['objects']['backups']['bucket'] = 'gitlab-backups'
gitlab_rails['object_store']['objects']['backups']['tmpBucket'] = 'tmp'

gitlab-ctl reconfigure

2.4 gitlab 界面查看并测试

k8s上的项目

之前的文件可以看见,后面上传的文件也可以上传成功。

3. 最终形态的values文件

...
...
## 域名配置
  hosts:	
    domain: bdeet.top	
    hostSuffix:	
    externalIP:	
    ssh:	
    gitlab:	
      name: kube.bdeet.top	
      https: true	
    minio:	
      name: minio.bdeet.top	
      https: true	
    registry:	
      name: registry.bdeet.top	
      https: true
...
...
## ldap集成
	    ldap:	
      preventSignin: false	
      servers:	
        main:	
         label: 'LDAP'	
         host: '129.226.208.223'	
         port: 389	
         uid: 'uid'	
         bind_dn: 'cn=ldap,dc=wkx,dc=cn'	
         base: 'dc=wkx,dc=cn'	
         password:	
           secret: ldap-admin	
           key: password	
         encryption: 'plain'
...
...
## 配置邮箱       
	smtp:	
    enabled: true	
    address: smtp.gmail.com	
    port: 587	
    user_name: "kxw12108@gmail.com"	
    ## https://docs.gitlab.com/charts/installation/secrets#smtp-password	
    password:	
      secret: "smtp-gitlab"	
      key: password	
    # domain:	
    authentication: "login"	
    starttls_auto: true	
    openssl_verify_mode: "peer"	
    pool: false	
  ## https://docs.gitlab.com/charts/charts/globals#outgoing-email	
  ## Email persona used in email sent by GitLab	
  email:	
    from: "kxw12108@gmail.com"	
    display_name: "GitLab Administrator"	
    reply_to: "kxw12108@gmail.com"	
    subject_suffix: "GitLab"	
    smime:	
      enabled: false	
      secretName: ""	
      keyName: "tls.key"	
      certName: "tls.crt"
...
...
...
...
nginx-ingress:
  enabled: true
  ...
  ...
    service:
      externalTrafficPolicy: "Local"
      type: "NodePort" #ingress的svc修改为nodeport
    ...
    ...
...
...
  runner:
    registrationToken:
      secret: gitlab-gitlab-runner-secret  # gitlab-runner的secret
...
...
gitlab-runner:
  install: true
  gitlabUrl: https://kube.bdeet.top  #修改gitlab的域名
  rbac:
    create: true
  runners:
    privileged: true #开启特权
    locked: false
    config: |
      [[runners]]
        [runners.kubernetes]
        image = "ubuntu:18.04"
        {{- if .Values.global.minio.enabled }}
        [runners.cache]
          Type = "s3"
          Path = "gitlab-runner"
          Shared = true
          [runners.cache.s3]
            #ServerAddress = {{ include "gitlab-runner.cache-tpl.s3ServerAddress" . }}
            ServerAddress = "https://minio.bdeet.top:31501" #接入对象存储
            BucketName = "runner-cache"
            BucketLocation = "us-east-1"
            Insecure = false
...
...
相关推荐
墨理学AI1 小时前
GitHub 桌面版配置 |可视化界面进行上传到远程仓库 | gitLab 配置【把密码存在本地服务器】
gitlab·github·github 桌面版
月如琉璃3 小时前
1.gitlab 服务器搭建流程
服务器·gitlab
刘大辉在路上3 小时前
突发!!!GitLab停止为中国大陆、港澳地区提供服务,60天内需迁移账号否则将被删除
git·后端·gitlab·版本管理·源代码管理
花晓木9 小时前
k8s etcd 数据损坏处理方式
容器·kubernetes·etcd
运维&陈同学9 小时前
【模块一】kubernetes容器编排进阶实战之基于velero及minio实现etcd数据备份与恢复
数据库·后端·云原生·容器·kubernetes·etcd·minio·velero
花晓木9 小时前
k8s备份 ETCD , 使用velero工具进行备份
容器·kubernetes·etcd
liuxuzxx12 小时前
Istio-2:流量治理之简单负载均衡
云原生·kubernetes·istio
上海运维Q先生12 小时前
面试题整理14----kube-proxy有什么作用
运维·面试·kubernetes
怡雪~12 小时前
Kubernetes使用Ceph存储
ceph·容器·kubernetes
aherhuo1 天前
kubevirt网络
linux·云原生·容器·kubernetes