Kubernetes基于helm部署gitlab

Kubernetes基于helm部署gitlab

gitlab支持多种安装方式,有二进制安装、helm cahrt安装、operator安装、docker安装以及基于源码构建等。本文主要介绍在k8s环境下基于helm包进行安装。

参考文档:

  1. https://docs.gitlab.com/charts/installation/index.html
  2. https://docs.gitlab.cn/charts/installation/

gitlab包括通用版本和中文版本(极狐),极狐为中外合资公司发布的版本。

准备工作

  1. Kubernetes 集群

  2. helm已经安装

  3. 负载均衡器,为ingress-nginx控制器提供EXTERNAL-IP,本文使用metallb,部署参考https://metallb.io/installation/

  4. 默认存储类

以下是具体的环境信息:

shell 复制代码
# k8s环境信息
root@master1:~# kubectl get node -o wide
NAME      STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
master1   Ready    control-plane   11d   v1.28.2   192.168.0.51   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master2   Ready    control-plane   11d   v1.28.2   192.168.0.52   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master3   Ready    control-plane   11d   v1.28.2   192.168.0.53   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
worker1   Ready    <none>          11d   v1.27.1   192.168.0.54   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12

# helm版本
root@master1:~# helm version
version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}

# 操作系统版本
root@master1:~# cat /etc/issue
Ubuntu 24.04 LTS \n \l

root@master1:~# uname -a
Linux master1 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

# 存储类
root@master1:~# kubectl get sc -n openebs
NAME                     PROVISIONER               RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
mayastor-etcd-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
mayastor-loki-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-hostpath         openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-single-replica   io.openebs.csi-mayastor   Delete          Immediate              true                   24h

# 设置openebs-hostpath为默认的存储类
root@master1:~# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched

版本说明

gitlab chart版本和gitlab版本号不是一一对应的,有映射关系,可以通过如下命令查看:

shell 复制代码
# 添加gitlab helm 仓库
# gitlab
helm repo add gitlab https://charts.gitlab.io/
# 极狐gitlab
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update

# 根据需要查询gitlab或极狐gitlab
helm search repo -l gitlab/gitlab
helm search repo -l gitlab-jh/gitlab

以下是部分映射关系:

Chart version GitLab version
8.1.1 17.1.1
8.1.0 17.1.0
8.0.3 17.0.3
8.0.2 17.0.2
8.0.0 17.0.0

更多信息请参考:GitLab chart versions | GitLab

部署极狐gitlab

使用helm部署极狐gitlab:

shell 复制代码
# 查看版本列表
helm search repo -l gitlab-jh/gitlab

# 查看values
helm show values gitlab-jh/gitlab --version 8.0.0

# 安装chart
helm upgrade --install gitlab gitlab-jh/gitlab \
  --version 8.0.0 \
  --namespace=gitlab \
  --create-namespace \
  --timeout 600s \
  --set global.hosts.domain=test.com \
  --set certmanager-issuer.email=me@test.com 
  
# 查看部署状态
root@master1:~# helm status gitlab -n gitlab
NAME: gitlab
LAST DEPLOYED: Wed Jul  3 22:37:16 2024
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO

=== NOTICE
The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.

=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-0

检查部署的组件状态:

shell 复制代码
root@master1:~# kubectl get all -n gitlab
NAME                                                   READY   STATUS      RESTARTS        AGE
pod/gitlab-certmanager-6b4c5698fc-fx94m                1/1     Running     0               7m31s
pod/gitlab-certmanager-cainjector-6bb45c8d86-hn8lf     1/1     Running     0               7m31s
pod/gitlab-certmanager-webhook-f456f7466-qsjbz         1/1     Running     0               7m31s
pod/gitlab-gitaly-0                                    1/1     Running     0               7m31s
pod/gitlab-gitlab-exporter-c6fdd5659-rzhf2             1/1     Running     0               7m31s
pod/gitlab-gitlab-runner-68989dc878-sl5z5              1/1     Running     0               7m31s
pod/gitlab-gitlab-shell-7b59445b8c-lpfkv               1/1     Running     0               7m16s
pod/gitlab-gitlab-shell-7b59445b8c-qvx8q               1/1     Running     0               7m31s
pod/gitlab-issuer-1ef7983-8bpnc                        0/1     Completed   0               7m31s
pod/gitlab-kas-787d469bfd-ccnbr                        1/1     Running     6 (4m7s ago)    7m31s
pod/gitlab-kas-787d469bfd-wqrpx                        1/1     Running     6 (3m52s ago)   7m16s
pod/gitlab-migrations-88baebf-27kxq                    0/1     Completed   4               7m31s
pod/gitlab-minio-797df99799-l2hhl                      1/1     Running     0               7m30s
pod/gitlab-minio-create-buckets-df79603-qnjbg          0/1     Completed   0               7m31s
pod/gitlab-nginx-ingress-controller-547b55cf55-6blxb   1/1     Running     0               7m30s
pod/gitlab-nginx-ingress-controller-547b55cf55-djtjk   1/1     Running     0               7m30s
pod/gitlab-postgresql-0                                2/2     Running     0               7m31s
pod/gitlab-prometheus-server-fd545b6b-vstwb            2/2     Running     0               7m31s
pod/gitlab-redis-master-0                              2/2     Running     0               7m31s
pod/gitlab-registry-7c68bdc9b6-hr696                   1/1     Running     0               7m16s
pod/gitlab-registry-7c68bdc9b6-r69v5                   1/1     Running     0               7m30s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-6lqpj        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-hvtbv        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-jbx4b        1/1     Running     0               7m31s
pod/gitlab-toolbox-86b7d94469-mzd7n                    1/1     Running     0               7m31s
pod/gitlab-webservice-default-5c86b55c44-kzxxn         2/2     Running     1 (106s ago)    7m16s
pod/gitlab-webservice-default-5c86b55c44-zk8jm         2/2     Running     1 (102s ago)    7m30s

NAME                                              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                   AGE
service/gitlab-certmanager                        ClusterIP      10.103.79.247    <none>        9402/TCP                                  7m31s
service/gitlab-certmanager-webhook                ClusterIP      10.110.89.100    <none>        443/TCP                                   7m31s
service/gitlab-gitaly                             ClusterIP      None             <none>        8075/TCP,9236/TCP                         7m31s
service/gitlab-gitlab-exporter                    ClusterIP      10.103.13.57     <none>        9168/TCP                                  7m31s
service/gitlab-gitlab-shell                       ClusterIP      10.110.243.157   <none>        22/TCP                                    7m31s
service/gitlab-kas                                ClusterIP      10.99.234.244    <none>        8150/TCP,8153/TCP,8154/TCP,8151/TCP       7m31s
service/gitlab-minio-svc                          ClusterIP      10.96.216.150    <none>        9000/TCP                                  7m31s
service/gitlab-nginx-ingress-controller           LoadBalancer   10.104.192.117   192.168.0.240 80:32575/TCP,443:30923/TCP,22:30281/TCP   7m31s
service/gitlab-nginx-ingress-controller-metrics   ClusterIP      10.104.28.161    <none>        10254/TCP                                 7m31s
service/gitlab-postgresql                         ClusterIP      10.104.12.20     <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-hl                      ClusterIP      None             <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-metrics                 ClusterIP      10.103.223.62    <none>        9187/TCP                                  7m31s
service/gitlab-prometheus-server                  ClusterIP      10.101.246.129   <none>        80/TCP                                    7m31s
service/gitlab-redis-headless                     ClusterIP      None             <none>        6379/TCP                                  7m31s
service/gitlab-redis-master                       ClusterIP      10.97.134.226    <none>        6379/TCP                                  7m31s
service/gitlab-redis-metrics                      ClusterIP      10.109.85.235    <none>        9121/TCP                                  7m31s
service/gitlab-registry                           ClusterIP      10.110.74.189    <none>        5000/TCP                                  7m31s
service/gitlab-webservice-default                 ClusterIP      10.101.101.108   <none>        8080/TCP,8181/TCP,8083/TCP                7m31s

# 修改service/gitlab-nginx-ingress-controller为NodePort类型
root@master1:~# kubectl edit service/gitlab-nginx-ingress-controller -n gitlab

service/gitlab-nginx-ingress-controller edited

访问gitlab

获取root密码:

shell 复制代码
root@master1:~# kubectl get secret -n gitlab
NAME                                  TYPE                 DATA   AGE
gitlab-acme-key                       Opaque               1      24h
gitlab-certmanager-webhook-ca         Opaque               3      24h
gitlab-gitaly-secret                  Opaque               1      24h
gitlab-gitlab-initial-root-password   Opaque               1      24h
gitlab-gitlab-kas-secret              Opaque               1      24h
gitlab-gitlab-runner-secret           Opaque               2      24h
gitlab-gitlab-shell-host-keys         Opaque               6      24h
gitlab-gitlab-shell-secret            Opaque               1      24h
gitlab-gitlab-suggested-reviewers     Opaque               1      24h
gitlab-gitlab-tls                     kubernetes.io/tls    2      24h
gitlab-gitlab-workhorse-secret        Opaque               1      24h
gitlab-kas-private-api                Opaque               1      24h
gitlab-kas-tls                        kubernetes.io/tls    2      24h
gitlab-minio-secret                   Opaque               2      24h
gitlab-minio-tls                      kubernetes.io/tls    2      24h
gitlab-postgresql-password            Opaque               2      24h
gitlab-rails-secret                   Opaque               1      24h
gitlab-redis-secret                   Opaque               1      24h
gitlab-registry-httpsecret            Opaque               1      24h
gitlab-registry-notification          Opaque               1      24h
gitlab-registry-secret                Opaque               2      24h
gitlab-registry-tls                   kubernetes.io/tls    2      24h
gitlab-zoekt-basicauth                Opaque               2      24h
sh.helm.release.v1.gitlab.v1          helm.sh/release.v1   1      23m
root@master1:~# kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' -n gitlab | base64 --decode ; echo
SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

查看ingress:

shell 复制代码
root@master1:~# kubectl get ingress -n gitlab
NAME                        CLASS          HOSTS               ADDRESS         PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.test.com        192.168.0.240   80, 443   5m36s
gitlab-minio                gitlab-nginx   minio.test.com      192.168.0.240   80, 443   5m36s
gitlab-registry             gitlab-nginx   registry.test.com   192.168.0.240   80, 443   5m36s
gitlab-webservice-default   gitlab-nginx   gitlab.test.com     192.168.0.240   80, 443   5m36s

终端配置解析,将域名gitlab.test.com解析到 LB 分配的IP地址: 192.168.0.240,使用浏览器访问https://gitlab.test.com,用户名root,密码:SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

相关推荐
Linux运维老纪4 小时前
DNS缓存详解(DNS Cache Detailed Explanation)
计算机网络·缓存·云原生·容器·kubernetes·云计算·运维开发
画船听雨眠aa12 小时前
gitlab云服务器配置
服务器·git·elasticsearch·gitlab
元气满满的热码式12 小时前
K8S部署DevOps自动化运维平台
运维·kubernetes·devops
IT艺术家-rookie17 小时前
k8s--部署k8s集群--控制平面节点
容器·kubernetes
Linux运维老纪1 天前
windows部署deepseek之方法(The Method of Deploying DeepSeek on Windows)
linux·人工智能·分布式·云原生·运维开发·devops
超级阿飞2 天前
在K8s中部署动态nfs存储provisioner
云原生·容器·kubernetes·nfs
赵渝强老师2 天前
【赵渝强老师】K8s中Pod探针的TCPSocketAction
云原生·容器·kubernetes
努力的小T2 天前
Linux二进制部署K8s集群的平滑升级教程
linux·运维·服务器·云原生·容器·kubernetes·云计算
赵渝强老师3 天前
【赵渝强老师】K8s中Pod探针的ExecAction
云原生·容器·kubernetes
vibag3 天前
Kubernetes(一)
java·云原生·容器·kubernetes