Kubernetes基于helm部署gitlab

Kubernetes基于helm部署gitlab

gitlab支持多种安装方式,有二进制安装、helm cahrt安装、operator安装、docker安装以及基于源码构建等。本文主要介绍在k8s环境下基于helm包进行安装。

参考文档:

  1. https://docs.gitlab.com/charts/installation/index.html
  2. https://docs.gitlab.cn/charts/installation/

gitlab包括通用版本和中文版本(极狐),极狐为中外合资公司发布的版本。

准备工作

  1. Kubernetes 集群

  2. helm已经安装

  3. 负载均衡器,为ingress-nginx控制器提供EXTERNAL-IP,本文使用metallb,部署参考https://metallb.io/installation/

  4. 默认存储类

以下是具体的环境信息:

shell 复制代码
# k8s环境信息
root@master1:~# kubectl get node -o wide
NAME      STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
master1   Ready    control-plane   11d   v1.28.2   192.168.0.51   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master2   Ready    control-plane   11d   v1.28.2   192.168.0.52   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master3   Ready    control-plane   11d   v1.28.2   192.168.0.53   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
worker1   Ready    <none>          11d   v1.27.1   192.168.0.54   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12

# helm版本
root@master1:~# helm version
version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}

# 操作系统版本
root@master1:~# cat /etc/issue
Ubuntu 24.04 LTS \n \l

root@master1:~# uname -a
Linux master1 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

# 存储类
root@master1:~# kubectl get sc -n openebs
NAME                     PROVISIONER               RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
mayastor-etcd-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
mayastor-loki-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-hostpath         openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-single-replica   io.openebs.csi-mayastor   Delete          Immediate              true                   24h

# 设置openebs-hostpath为默认的存储类
root@master1:~# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched

版本说明

gitlab chart版本和gitlab版本号不是一一对应的,有映射关系,可以通过如下命令查看:

shell 复制代码
# 添加gitlab helm 仓库
# gitlab
helm repo add gitlab https://charts.gitlab.io/
# 极狐gitlab
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update

# 根据需要查询gitlab或极狐gitlab
helm search repo -l gitlab/gitlab
helm search repo -l gitlab-jh/gitlab

以下是部分映射关系:

Chart version GitLab version
8.1.1 17.1.1
8.1.0 17.1.0
8.0.3 17.0.3
8.0.2 17.0.2
8.0.0 17.0.0

更多信息请参考:GitLab chart versions | GitLab

部署极狐gitlab

使用helm部署极狐gitlab:

shell 复制代码
# 查看版本列表
helm search repo -l gitlab-jh/gitlab

# 查看values
helm show values gitlab-jh/gitlab --version 8.0.0

# 安装chart
helm upgrade --install gitlab gitlab-jh/gitlab \
  --version 8.0.0 \
  --namespace=gitlab \
  --create-namespace \
  --timeout 600s \
  --set global.hosts.domain=test.com \
  --set certmanager-issuer.email=me@test.com 
  
# 查看部署状态
root@master1:~# helm status gitlab -n gitlab
NAME: gitlab
LAST DEPLOYED: Wed Jul  3 22:37:16 2024
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO

=== NOTICE
The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.

=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-0

检查部署的组件状态:

shell 复制代码
root@master1:~# kubectl get all -n gitlab
NAME                                                   READY   STATUS      RESTARTS        AGE
pod/gitlab-certmanager-6b4c5698fc-fx94m                1/1     Running     0               7m31s
pod/gitlab-certmanager-cainjector-6bb45c8d86-hn8lf     1/1     Running     0               7m31s
pod/gitlab-certmanager-webhook-f456f7466-qsjbz         1/1     Running     0               7m31s
pod/gitlab-gitaly-0                                    1/1     Running     0               7m31s
pod/gitlab-gitlab-exporter-c6fdd5659-rzhf2             1/1     Running     0               7m31s
pod/gitlab-gitlab-runner-68989dc878-sl5z5              1/1     Running     0               7m31s
pod/gitlab-gitlab-shell-7b59445b8c-lpfkv               1/1     Running     0               7m16s
pod/gitlab-gitlab-shell-7b59445b8c-qvx8q               1/1     Running     0               7m31s
pod/gitlab-issuer-1ef7983-8bpnc                        0/1     Completed   0               7m31s
pod/gitlab-kas-787d469bfd-ccnbr                        1/1     Running     6 (4m7s ago)    7m31s
pod/gitlab-kas-787d469bfd-wqrpx                        1/1     Running     6 (3m52s ago)   7m16s
pod/gitlab-migrations-88baebf-27kxq                    0/1     Completed   4               7m31s
pod/gitlab-minio-797df99799-l2hhl                      1/1     Running     0               7m30s
pod/gitlab-minio-create-buckets-df79603-qnjbg          0/1     Completed   0               7m31s
pod/gitlab-nginx-ingress-controller-547b55cf55-6blxb   1/1     Running     0               7m30s
pod/gitlab-nginx-ingress-controller-547b55cf55-djtjk   1/1     Running     0               7m30s
pod/gitlab-postgresql-0                                2/2     Running     0               7m31s
pod/gitlab-prometheus-server-fd545b6b-vstwb            2/2     Running     0               7m31s
pod/gitlab-redis-master-0                              2/2     Running     0               7m31s
pod/gitlab-registry-7c68bdc9b6-hr696                   1/1     Running     0               7m16s
pod/gitlab-registry-7c68bdc9b6-r69v5                   1/1     Running     0               7m30s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-6lqpj        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-hvtbv        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-jbx4b        1/1     Running     0               7m31s
pod/gitlab-toolbox-86b7d94469-mzd7n                    1/1     Running     0               7m31s
pod/gitlab-webservice-default-5c86b55c44-kzxxn         2/2     Running     1 (106s ago)    7m16s
pod/gitlab-webservice-default-5c86b55c44-zk8jm         2/2     Running     1 (102s ago)    7m30s

NAME                                              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                   AGE
service/gitlab-certmanager                        ClusterIP      10.103.79.247    <none>        9402/TCP                                  7m31s
service/gitlab-certmanager-webhook                ClusterIP      10.110.89.100    <none>        443/TCP                                   7m31s
service/gitlab-gitaly                             ClusterIP      None             <none>        8075/TCP,9236/TCP                         7m31s
service/gitlab-gitlab-exporter                    ClusterIP      10.103.13.57     <none>        9168/TCP                                  7m31s
service/gitlab-gitlab-shell                       ClusterIP      10.110.243.157   <none>        22/TCP                                    7m31s
service/gitlab-kas                                ClusterIP      10.99.234.244    <none>        8150/TCP,8153/TCP,8154/TCP,8151/TCP       7m31s
service/gitlab-minio-svc                          ClusterIP      10.96.216.150    <none>        9000/TCP                                  7m31s
service/gitlab-nginx-ingress-controller           LoadBalancer   10.104.192.117   192.168.0.240 80:32575/TCP,443:30923/TCP,22:30281/TCP   7m31s
service/gitlab-nginx-ingress-controller-metrics   ClusterIP      10.104.28.161    <none>        10254/TCP                                 7m31s
service/gitlab-postgresql                         ClusterIP      10.104.12.20     <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-hl                      ClusterIP      None             <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-metrics                 ClusterIP      10.103.223.62    <none>        9187/TCP                                  7m31s
service/gitlab-prometheus-server                  ClusterIP      10.101.246.129   <none>        80/TCP                                    7m31s
service/gitlab-redis-headless                     ClusterIP      None             <none>        6379/TCP                                  7m31s
service/gitlab-redis-master                       ClusterIP      10.97.134.226    <none>        6379/TCP                                  7m31s
service/gitlab-redis-metrics                      ClusterIP      10.109.85.235    <none>        9121/TCP                                  7m31s
service/gitlab-registry                           ClusterIP      10.110.74.189    <none>        5000/TCP                                  7m31s
service/gitlab-webservice-default                 ClusterIP      10.101.101.108   <none>        8080/TCP,8181/TCP,8083/TCP                7m31s

# 修改service/gitlab-nginx-ingress-controller为NodePort类型
root@master1:~# kubectl edit service/gitlab-nginx-ingress-controller -n gitlab

service/gitlab-nginx-ingress-controller edited

访问gitlab

获取root密码:

shell 复制代码
root@master1:~# kubectl get secret -n gitlab
NAME                                  TYPE                 DATA   AGE
gitlab-acme-key                       Opaque               1      24h
gitlab-certmanager-webhook-ca         Opaque               3      24h
gitlab-gitaly-secret                  Opaque               1      24h
gitlab-gitlab-initial-root-password   Opaque               1      24h
gitlab-gitlab-kas-secret              Opaque               1      24h
gitlab-gitlab-runner-secret           Opaque               2      24h
gitlab-gitlab-shell-host-keys         Opaque               6      24h
gitlab-gitlab-shell-secret            Opaque               1      24h
gitlab-gitlab-suggested-reviewers     Opaque               1      24h
gitlab-gitlab-tls                     kubernetes.io/tls    2      24h
gitlab-gitlab-workhorse-secret        Opaque               1      24h
gitlab-kas-private-api                Opaque               1      24h
gitlab-kas-tls                        kubernetes.io/tls    2      24h
gitlab-minio-secret                   Opaque               2      24h
gitlab-minio-tls                      kubernetes.io/tls    2      24h
gitlab-postgresql-password            Opaque               2      24h
gitlab-rails-secret                   Opaque               1      24h
gitlab-redis-secret                   Opaque               1      24h
gitlab-registry-httpsecret            Opaque               1      24h
gitlab-registry-notification          Opaque               1      24h
gitlab-registry-secret                Opaque               2      24h
gitlab-registry-tls                   kubernetes.io/tls    2      24h
gitlab-zoekt-basicauth                Opaque               2      24h
sh.helm.release.v1.gitlab.v1          helm.sh/release.v1   1      23m
root@master1:~# kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' -n gitlab | base64 --decode ; echo
SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

查看ingress:

shell 复制代码
root@master1:~# kubectl get ingress -n gitlab
NAME                        CLASS          HOSTS               ADDRESS         PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.test.com        192.168.0.240   80, 443   5m36s
gitlab-minio                gitlab-nginx   minio.test.com      192.168.0.240   80, 443   5m36s
gitlab-registry             gitlab-nginx   registry.test.com   192.168.0.240   80, 443   5m36s
gitlab-webservice-default   gitlab-nginx   gitlab.test.com     192.168.0.240   80, 443   5m36s

终端配置解析,将域名gitlab.test.com解析到 LB 分配的IP地址: 192.168.0.240,使用浏览器访问https://gitlab.test.com,用户名root,密码:SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

相关推荐
灼烧的疯狂2 小时前
K8S + Jenkins 做CICD
容器·kubernetes·jenkins
wenyue11213 小时前
Revolutionize Your Kubernetes Experience with Easegress: Kubernetes Gateway API
容器·kubernetes·gateway
Python私教5 小时前
ubuntu搭建k8s环境详细教程
linux·ubuntu·kubernetes
O&REO7 小时前
单机部署kubernetes环境下Overleaf-基于MicroK8s的Overleaf应用部署指南
云原生·容器·kubernetes
politeboy7 小时前
k8s启动springboot容器的时候,显示找不到application.yml文件
java·spring boot·kubernetes
运维小文8 小时前
K8S资源限制之LimitRange
云原生·容器·kubernetes·k8s资源限制
登云时刻8 小时前
Kubernetes集群外连接redis集群和使用redis-shake工具迁移数据(二)
redis·容器·kubernetes
wuxingge17 小时前
k8s1.30.0高可用集群部署
云原生·容器·kubernetes
志凌海纳SmartX18 小时前
趋势洞察|AI 能否带动裸金属 K8s 强势崛起?
云原生·容器·kubernetes
锅总18 小时前
nacos与k8s service健康检查详解
云原生·容器·kubernetes