Kubernetes基于helm部署gitlab

Kubernetes基于helm部署gitlab

gitlab支持多种安装方式,有二进制安装、helm cahrt安装、operator安装、docker安装以及基于源码构建等。本文主要介绍在k8s环境下基于helm包进行安装。

参考文档:

  1. https://docs.gitlab.com/charts/installation/index.html
  2. https://docs.gitlab.cn/charts/installation/

gitlab包括通用版本和中文版本(极狐),极狐为中外合资公司发布的版本。

准备工作

  1. Kubernetes 集群

  2. helm已经安装

  3. 负载均衡器,为ingress-nginx控制器提供EXTERNAL-IP,本文使用metallb,部署参考https://metallb.io/installation/

  4. 默认存储类

以下是具体的环境信息:

shell 复制代码
# k8s环境信息
root@master1:~# kubectl get node -o wide
NAME      STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
master1   Ready    control-plane   11d   v1.28.2   192.168.0.51   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master2   Ready    control-plane   11d   v1.28.2   192.168.0.52   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master3   Ready    control-plane   11d   v1.28.2   192.168.0.53   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
worker1   Ready    <none>          11d   v1.27.1   192.168.0.54   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12

# helm版本
root@master1:~# helm version
version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}

# 操作系统版本
root@master1:~# cat /etc/issue
Ubuntu 24.04 LTS \n \l

root@master1:~# uname -a
Linux master1 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

# 存储类
root@master1:~# kubectl get sc -n openebs
NAME                     PROVISIONER               RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
mayastor-etcd-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
mayastor-loki-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-hostpath         openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-single-replica   io.openebs.csi-mayastor   Delete          Immediate              true                   24h

# 设置openebs-hostpath为默认的存储类
root@master1:~# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched

版本说明

gitlab chart版本和gitlab版本号不是一一对应的,有映射关系,可以通过如下命令查看:

shell 复制代码
# 添加gitlab helm 仓库
# gitlab
helm repo add gitlab https://charts.gitlab.io/
# 极狐gitlab
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update

# 根据需要查询gitlab或极狐gitlab
helm search repo -l gitlab/gitlab
helm search repo -l gitlab-jh/gitlab

以下是部分映射关系:

Chart version GitLab version
8.1.1 17.1.1
8.1.0 17.1.0
8.0.3 17.0.3
8.0.2 17.0.2
8.0.0 17.0.0

更多信息请参考:GitLab chart versions | GitLab

部署极狐gitlab

使用helm部署极狐gitlab:

shell 复制代码
# 查看版本列表
helm search repo -l gitlab-jh/gitlab

# 查看values
helm show values gitlab-jh/gitlab --version 8.0.0

# 安装chart
helm upgrade --install gitlab gitlab-jh/gitlab \
  --version 8.0.0 \
  --namespace=gitlab \
  --create-namespace \
  --timeout 600s \
  --set global.hosts.domain=test.com \
  --set certmanager-issuer.email=me@test.com 
  
# 查看部署状态
root@master1:~# helm status gitlab -n gitlab
NAME: gitlab
LAST DEPLOYED: Wed Jul  3 22:37:16 2024
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO

=== NOTICE
The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.

=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-0

检查部署的组件状态:

shell 复制代码
root@master1:~# kubectl get all -n gitlab
NAME                                                   READY   STATUS      RESTARTS        AGE
pod/gitlab-certmanager-6b4c5698fc-fx94m                1/1     Running     0               7m31s
pod/gitlab-certmanager-cainjector-6bb45c8d86-hn8lf     1/1     Running     0               7m31s
pod/gitlab-certmanager-webhook-f456f7466-qsjbz         1/1     Running     0               7m31s
pod/gitlab-gitaly-0                                    1/1     Running     0               7m31s
pod/gitlab-gitlab-exporter-c6fdd5659-rzhf2             1/1     Running     0               7m31s
pod/gitlab-gitlab-runner-68989dc878-sl5z5              1/1     Running     0               7m31s
pod/gitlab-gitlab-shell-7b59445b8c-lpfkv               1/1     Running     0               7m16s
pod/gitlab-gitlab-shell-7b59445b8c-qvx8q               1/1     Running     0               7m31s
pod/gitlab-issuer-1ef7983-8bpnc                        0/1     Completed   0               7m31s
pod/gitlab-kas-787d469bfd-ccnbr                        1/1     Running     6 (4m7s ago)    7m31s
pod/gitlab-kas-787d469bfd-wqrpx                        1/1     Running     6 (3m52s ago)   7m16s
pod/gitlab-migrations-88baebf-27kxq                    0/1     Completed   4               7m31s
pod/gitlab-minio-797df99799-l2hhl                      1/1     Running     0               7m30s
pod/gitlab-minio-create-buckets-df79603-qnjbg          0/1     Completed   0               7m31s
pod/gitlab-nginx-ingress-controller-547b55cf55-6blxb   1/1     Running     0               7m30s
pod/gitlab-nginx-ingress-controller-547b55cf55-djtjk   1/1     Running     0               7m30s
pod/gitlab-postgresql-0                                2/2     Running     0               7m31s
pod/gitlab-prometheus-server-fd545b6b-vstwb            2/2     Running     0               7m31s
pod/gitlab-redis-master-0                              2/2     Running     0               7m31s
pod/gitlab-registry-7c68bdc9b6-hr696                   1/1     Running     0               7m16s
pod/gitlab-registry-7c68bdc9b6-r69v5                   1/1     Running     0               7m30s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-6lqpj        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-hvtbv        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-jbx4b        1/1     Running     0               7m31s
pod/gitlab-toolbox-86b7d94469-mzd7n                    1/1     Running     0               7m31s
pod/gitlab-webservice-default-5c86b55c44-kzxxn         2/2     Running     1 (106s ago)    7m16s
pod/gitlab-webservice-default-5c86b55c44-zk8jm         2/2     Running     1 (102s ago)    7m30s

NAME                                              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                   AGE
service/gitlab-certmanager                        ClusterIP      10.103.79.247    <none>        9402/TCP                                  7m31s
service/gitlab-certmanager-webhook                ClusterIP      10.110.89.100    <none>        443/TCP                                   7m31s
service/gitlab-gitaly                             ClusterIP      None             <none>        8075/TCP,9236/TCP                         7m31s
service/gitlab-gitlab-exporter                    ClusterIP      10.103.13.57     <none>        9168/TCP                                  7m31s
service/gitlab-gitlab-shell                       ClusterIP      10.110.243.157   <none>        22/TCP                                    7m31s
service/gitlab-kas                                ClusterIP      10.99.234.244    <none>        8150/TCP,8153/TCP,8154/TCP,8151/TCP       7m31s
service/gitlab-minio-svc                          ClusterIP      10.96.216.150    <none>        9000/TCP                                  7m31s
service/gitlab-nginx-ingress-controller           LoadBalancer   10.104.192.117   192.168.0.240 80:32575/TCP,443:30923/TCP,22:30281/TCP   7m31s
service/gitlab-nginx-ingress-controller-metrics   ClusterIP      10.104.28.161    <none>        10254/TCP                                 7m31s
service/gitlab-postgresql                         ClusterIP      10.104.12.20     <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-hl                      ClusterIP      None             <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-metrics                 ClusterIP      10.103.223.62    <none>        9187/TCP                                  7m31s
service/gitlab-prometheus-server                  ClusterIP      10.101.246.129   <none>        80/TCP                                    7m31s
service/gitlab-redis-headless                     ClusterIP      None             <none>        6379/TCP                                  7m31s
service/gitlab-redis-master                       ClusterIP      10.97.134.226    <none>        6379/TCP                                  7m31s
service/gitlab-redis-metrics                      ClusterIP      10.109.85.235    <none>        9121/TCP                                  7m31s
service/gitlab-registry                           ClusterIP      10.110.74.189    <none>        5000/TCP                                  7m31s
service/gitlab-webservice-default                 ClusterIP      10.101.101.108   <none>        8080/TCP,8181/TCP,8083/TCP                7m31s

# 修改service/gitlab-nginx-ingress-controller为NodePort类型
root@master1:~# kubectl edit service/gitlab-nginx-ingress-controller -n gitlab

service/gitlab-nginx-ingress-controller edited

访问gitlab

获取root密码:

shell 复制代码
root@master1:~# kubectl get secret -n gitlab
NAME                                  TYPE                 DATA   AGE
gitlab-acme-key                       Opaque               1      24h
gitlab-certmanager-webhook-ca         Opaque               3      24h
gitlab-gitaly-secret                  Opaque               1      24h
gitlab-gitlab-initial-root-password   Opaque               1      24h
gitlab-gitlab-kas-secret              Opaque               1      24h
gitlab-gitlab-runner-secret           Opaque               2      24h
gitlab-gitlab-shell-host-keys         Opaque               6      24h
gitlab-gitlab-shell-secret            Opaque               1      24h
gitlab-gitlab-suggested-reviewers     Opaque               1      24h
gitlab-gitlab-tls                     kubernetes.io/tls    2      24h
gitlab-gitlab-workhorse-secret        Opaque               1      24h
gitlab-kas-private-api                Opaque               1      24h
gitlab-kas-tls                        kubernetes.io/tls    2      24h
gitlab-minio-secret                   Opaque               2      24h
gitlab-minio-tls                      kubernetes.io/tls    2      24h
gitlab-postgresql-password            Opaque               2      24h
gitlab-rails-secret                   Opaque               1      24h
gitlab-redis-secret                   Opaque               1      24h
gitlab-registry-httpsecret            Opaque               1      24h
gitlab-registry-notification          Opaque               1      24h
gitlab-registry-secret                Opaque               2      24h
gitlab-registry-tls                   kubernetes.io/tls    2      24h
gitlab-zoekt-basicauth                Opaque               2      24h
sh.helm.release.v1.gitlab.v1          helm.sh/release.v1   1      23m
root@master1:~# kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' -n gitlab | base64 --decode ; echo
SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

查看ingress:

shell 复制代码
root@master1:~# kubectl get ingress -n gitlab
NAME                        CLASS          HOSTS               ADDRESS         PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.test.com        192.168.0.240   80, 443   5m36s
gitlab-minio                gitlab-nginx   minio.test.com      192.168.0.240   80, 443   5m36s
gitlab-registry             gitlab-nginx   registry.test.com   192.168.0.240   80, 443   5m36s
gitlab-webservice-default   gitlab-nginx   gitlab.test.com     192.168.0.240   80, 443   5m36s

终端配置解析,将域名gitlab.test.com解析到 LB 分配的IP地址: 192.168.0.240,使用浏览器访问https://gitlab.test.com,用户名root,密码:SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

相关推荐
心灵彼岸-诗和远方7 小时前
Devops业务价值流:软件研发最佳实践
运维·产品经理·devops
景天科技苑8 小时前
【云原生开发】K8S多集群资源管理平台架构设计
云原生·容器·kubernetes·k8s·云原生开发·k8s管理系统
wclass-zhengge9 小时前
K8S篇(基本介绍)
云原生·容器·kubernetes
颜淡慕潇9 小时前
【K8S问题系列 |1 】Kubernetes 中 NodePort 类型的 Service 无法访问【已解决】
后端·云原生·容器·kubernetes·问题解决
昌sit!17 小时前
K8S node节点没有相应的pod镜像运行故障处理办法
云原生·容器·kubernetes
A ?Charis20 小时前
Gitlab-runner running on Kubernetes - hostAliases
容器·kubernetes·gitlab
北漂IT民工_程序员_ZG21 小时前
k8s集群安装(minikube)
云原生·容器·kubernetes
秋说1 天前
开源代码管理平台Gitlab如何本地化部署并实现公网环境远程访问私有仓库
gitlab·源代码管理
2301_806131361 天前
Kubernetes的基本构建块和最小可调度单元pod-0
云原生·容器·kubernetes
SilentCodeY1 天前
containerd配置私有仓库registry
容器·kubernetes·containerd·镜像·crictl