Kubernetes基于helm部署gitlab

Kubernetes基于helm部署gitlab

gitlab支持多种安装方式,有二进制安装、helm cahrt安装、operator安装、docker安装以及基于源码构建等。本文主要介绍在k8s环境下基于helm包进行安装。

参考文档:

  1. https://docs.gitlab.com/charts/installation/index.html
  2. https://docs.gitlab.cn/charts/installation/

gitlab包括通用版本和中文版本(极狐),极狐为中外合资公司发布的版本。

准备工作

  1. Kubernetes 集群

  2. helm已经安装

  3. 负载均衡器,为ingress-nginx控制器提供EXTERNAL-IP,本文使用metallb,部署参考https://metallb.io/installation/

  4. 默认存储类

以下是具体的环境信息:

shell 复制代码
# k8s环境信息
root@master1:~# kubectl get node -o wide
NAME      STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
master1   Ready    control-plane   11d   v1.28.2   192.168.0.51   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master2   Ready    control-plane   11d   v1.28.2   192.168.0.52   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
master3   Ready    control-plane   11d   v1.28.2   192.168.0.53   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12
worker1   Ready    <none>          11d   v1.27.1   192.168.0.54   <none>    Ubuntu 24.04 LTS   6.8.0-35-generic   containerd://1.7.12

# helm版本
root@master1:~# helm version
version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}

# 操作系统版本
root@master1:~# cat /etc/issue
Ubuntu 24.04 LTS \n \l

root@master1:~# uname -a
Linux master1 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

# 存储类
root@master1:~# kubectl get sc -n openebs
NAME                     PROVISIONER               RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
mayastor-etcd-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
mayastor-loki-localpv    openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-hostpath         openebs.io/local          Delete          WaitForFirstConsumer   false                  24h
openebs-single-replica   io.openebs.csi-mayastor   Delete          Immediate              true                   24h

# 设置openebs-hostpath为默认的存储类
root@master1:~# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched

版本说明

gitlab chart版本和gitlab版本号不是一一对应的,有映射关系,可以通过如下命令查看:

shell 复制代码
# 添加gitlab helm 仓库
# gitlab
helm repo add gitlab https://charts.gitlab.io/
# 极狐gitlab
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update

# 根据需要查询gitlab或极狐gitlab
helm search repo -l gitlab/gitlab
helm search repo -l gitlab-jh/gitlab

以下是部分映射关系:

Chart version GitLab version
8.1.1 17.1.1
8.1.0 17.1.0
8.0.3 17.0.3
8.0.2 17.0.2
8.0.0 17.0.0

更多信息请参考:GitLab chart versions | GitLab

部署极狐gitlab

使用helm部署极狐gitlab:

shell 复制代码
# 查看版本列表
helm search repo -l gitlab-jh/gitlab

# 查看values
helm show values gitlab-jh/gitlab --version 8.0.0

# 安装chart
helm upgrade --install gitlab gitlab-jh/gitlab \
  --version 8.0.0 \
  --namespace=gitlab \
  --create-namespace \
  --timeout 600s \
  --set global.hosts.domain=test.com \
  --set certmanager-issuer.email=me@test.com 
  
# 查看部署状态
root@master1:~# helm status gitlab -n gitlab
NAME: gitlab
LAST DEPLOYED: Wed Jul  3 22:37:16 2024
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO

=== NOTICE
The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.

=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-0

检查部署的组件状态:

shell 复制代码
root@master1:~# kubectl get all -n gitlab
NAME                                                   READY   STATUS      RESTARTS        AGE
pod/gitlab-certmanager-6b4c5698fc-fx94m                1/1     Running     0               7m31s
pod/gitlab-certmanager-cainjector-6bb45c8d86-hn8lf     1/1     Running     0               7m31s
pod/gitlab-certmanager-webhook-f456f7466-qsjbz         1/1     Running     0               7m31s
pod/gitlab-gitaly-0                                    1/1     Running     0               7m31s
pod/gitlab-gitlab-exporter-c6fdd5659-rzhf2             1/1     Running     0               7m31s
pod/gitlab-gitlab-runner-68989dc878-sl5z5              1/1     Running     0               7m31s
pod/gitlab-gitlab-shell-7b59445b8c-lpfkv               1/1     Running     0               7m16s
pod/gitlab-gitlab-shell-7b59445b8c-qvx8q               1/1     Running     0               7m31s
pod/gitlab-issuer-1ef7983-8bpnc                        0/1     Completed   0               7m31s
pod/gitlab-kas-787d469bfd-ccnbr                        1/1     Running     6 (4m7s ago)    7m31s
pod/gitlab-kas-787d469bfd-wqrpx                        1/1     Running     6 (3m52s ago)   7m16s
pod/gitlab-migrations-88baebf-27kxq                    0/1     Completed   4               7m31s
pod/gitlab-minio-797df99799-l2hhl                      1/1     Running     0               7m30s
pod/gitlab-minio-create-buckets-df79603-qnjbg          0/1     Completed   0               7m31s
pod/gitlab-nginx-ingress-controller-547b55cf55-6blxb   1/1     Running     0               7m30s
pod/gitlab-nginx-ingress-controller-547b55cf55-djtjk   1/1     Running     0               7m30s
pod/gitlab-postgresql-0                                2/2     Running     0               7m31s
pod/gitlab-prometheus-server-fd545b6b-vstwb            2/2     Running     0               7m31s
pod/gitlab-redis-master-0                              2/2     Running     0               7m31s
pod/gitlab-registry-7c68bdc9b6-hr696                   1/1     Running     0               7m16s
pod/gitlab-registry-7c68bdc9b6-r69v5                   1/1     Running     0               7m30s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-6lqpj        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-hvtbv        1/1     Running     0               60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-jbx4b        1/1     Running     0               7m31s
pod/gitlab-toolbox-86b7d94469-mzd7n                    1/1     Running     0               7m31s
pod/gitlab-webservice-default-5c86b55c44-kzxxn         2/2     Running     1 (106s ago)    7m16s
pod/gitlab-webservice-default-5c86b55c44-zk8jm         2/2     Running     1 (102s ago)    7m30s

NAME                                              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                   AGE
service/gitlab-certmanager                        ClusterIP      10.103.79.247    <none>        9402/TCP                                  7m31s
service/gitlab-certmanager-webhook                ClusterIP      10.110.89.100    <none>        443/TCP                                   7m31s
service/gitlab-gitaly                             ClusterIP      None             <none>        8075/TCP,9236/TCP                         7m31s
service/gitlab-gitlab-exporter                    ClusterIP      10.103.13.57     <none>        9168/TCP                                  7m31s
service/gitlab-gitlab-shell                       ClusterIP      10.110.243.157   <none>        22/TCP                                    7m31s
service/gitlab-kas                                ClusterIP      10.99.234.244    <none>        8150/TCP,8153/TCP,8154/TCP,8151/TCP       7m31s
service/gitlab-minio-svc                          ClusterIP      10.96.216.150    <none>        9000/TCP                                  7m31s
service/gitlab-nginx-ingress-controller           LoadBalancer   10.104.192.117   192.168.0.240 80:32575/TCP,443:30923/TCP,22:30281/TCP   7m31s
service/gitlab-nginx-ingress-controller-metrics   ClusterIP      10.104.28.161    <none>        10254/TCP                                 7m31s
service/gitlab-postgresql                         ClusterIP      10.104.12.20     <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-hl                      ClusterIP      None             <none>        5432/TCP                                  7m31s
service/gitlab-postgresql-metrics                 ClusterIP      10.103.223.62    <none>        9187/TCP                                  7m31s
service/gitlab-prometheus-server                  ClusterIP      10.101.246.129   <none>        80/TCP                                    7m31s
service/gitlab-redis-headless                     ClusterIP      None             <none>        6379/TCP                                  7m31s
service/gitlab-redis-master                       ClusterIP      10.97.134.226    <none>        6379/TCP                                  7m31s
service/gitlab-redis-metrics                      ClusterIP      10.109.85.235    <none>        9121/TCP                                  7m31s
service/gitlab-registry                           ClusterIP      10.110.74.189    <none>        5000/TCP                                  7m31s
service/gitlab-webservice-default                 ClusterIP      10.101.101.108   <none>        8080/TCP,8181/TCP,8083/TCP                7m31s

# 修改service/gitlab-nginx-ingress-controller为NodePort类型
root@master1:~# kubectl edit service/gitlab-nginx-ingress-controller -n gitlab

service/gitlab-nginx-ingress-controller edited

访问gitlab

获取root密码:

shell 复制代码
root@master1:~# kubectl get secret -n gitlab
NAME                                  TYPE                 DATA   AGE
gitlab-acme-key                       Opaque               1      24h
gitlab-certmanager-webhook-ca         Opaque               3      24h
gitlab-gitaly-secret                  Opaque               1      24h
gitlab-gitlab-initial-root-password   Opaque               1      24h
gitlab-gitlab-kas-secret              Opaque               1      24h
gitlab-gitlab-runner-secret           Opaque               2      24h
gitlab-gitlab-shell-host-keys         Opaque               6      24h
gitlab-gitlab-shell-secret            Opaque               1      24h
gitlab-gitlab-suggested-reviewers     Opaque               1      24h
gitlab-gitlab-tls                     kubernetes.io/tls    2      24h
gitlab-gitlab-workhorse-secret        Opaque               1      24h
gitlab-kas-private-api                Opaque               1      24h
gitlab-kas-tls                        kubernetes.io/tls    2      24h
gitlab-minio-secret                   Opaque               2      24h
gitlab-minio-tls                      kubernetes.io/tls    2      24h
gitlab-postgresql-password            Opaque               2      24h
gitlab-rails-secret                   Opaque               1      24h
gitlab-redis-secret                   Opaque               1      24h
gitlab-registry-httpsecret            Opaque               1      24h
gitlab-registry-notification          Opaque               1      24h
gitlab-registry-secret                Opaque               2      24h
gitlab-registry-tls                   kubernetes.io/tls    2      24h
gitlab-zoekt-basicauth                Opaque               2      24h
sh.helm.release.v1.gitlab.v1          helm.sh/release.v1   1      23m
root@master1:~# kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' -n gitlab | base64 --decode ; echo
SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

查看ingress:

shell 复制代码
root@master1:~# kubectl get ingress -n gitlab
NAME                        CLASS          HOSTS               ADDRESS         PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.test.com        192.168.0.240   80, 443   5m36s
gitlab-minio                gitlab-nginx   minio.test.com      192.168.0.240   80, 443   5m36s
gitlab-registry             gitlab-nginx   registry.test.com   192.168.0.240   80, 443   5m36s
gitlab-webservice-default   gitlab-nginx   gitlab.test.com     192.168.0.240   80, 443   5m36s

终端配置解析,将域名gitlab.test.com解析到 LB 分配的IP地址: 192.168.0.240,使用浏览器访问https://gitlab.test.com,用户名root,密码:SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd

相关推荐
liulanba14 小时前
八股取士--docker&k8s
docker·容器·kubernetes
桂月二二15 小时前
基于eBPF的云原生网络加速引擎:突破Kubernetes Service转发性能瓶颈
网络·云原生·kubernetes
m0_6845985318 小时前
优化DevOps环境中的容器化交付流程:实践指南
运维·devops
格桑阿sir20 小时前
Kubernetes控制平面组件:Kubernetes如何使用etcd
kubernetes·k8s·etcd·高可用集群·故障分析·etcd集群调优
格桑阿sir20 小时前
Kubernetes控制平面组件:etcd常用配置参数
kubernetes·etcd·配置参数·etcd容量·磁盘耗尽·碎片整理·灾备与安全
Rocky00000020 小时前
【云原生】最新版Kubernetes集群基于Containerd部署
云原生·容器·kubernetes
全栈工程师修炼指南1 天前
云原生 | Kubernetes 原生 Dashboard 已升级至 7.10.x 界面更简洁、功能更强大
云原生·容器·kubernetes
2301_793069821 天前
微服务架构,Spring Cloud、Kubernetes 以及云厂商(AWS、Azure)的管理方式
spring cloud·微服务·云原生·架构·kubernetes
慢一点会很快2 天前
K8s学习总结
学习·容器·kubernetes
周周的奇妙编程2 天前
红队视角出发的k8s敏感信息收集——日志与监控系统
云原生·容器·kubernetes