Kubernetes基于helm部署gitlab
gitlab支持多种安装方式,有二进制安装、helm cahrt安装、operator安装、docker安装以及基于源码构建等。本文主要介绍在k8s环境下基于helm包进行安装。
参考文档:
gitlab包括通用版本和中文版本(极狐),极狐为中外合资公司发布的版本。
准备工作
-
Kubernetes 集群
-
helm已经安装
-
负载均衡器,为ingress-nginx控制器提供EXTERNAL-IP,本文使用metallb,部署参考https://metallb.io/installation/
-
默认存储类
以下是具体的环境信息:
shell
# k8s环境信息
root@master1:~# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master1 Ready control-plane 11d v1.28.2 192.168.0.51 <none> Ubuntu 24.04 LTS 6.8.0-35-generic containerd://1.7.12
master2 Ready control-plane 11d v1.28.2 192.168.0.52 <none> Ubuntu 24.04 LTS 6.8.0-35-generic containerd://1.7.12
master3 Ready control-plane 11d v1.28.2 192.168.0.53 <none> Ubuntu 24.04 LTS 6.8.0-35-generic containerd://1.7.12
worker1 Ready <none> 11d v1.27.1 192.168.0.54 <none> Ubuntu 24.04 LTS 6.8.0-35-generic containerd://1.7.12
# helm版本
root@master1:~# helm version
version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}
# 操作系统版本
root@master1:~# cat /etc/issue
Ubuntu 24.04 LTS \n \l
root@master1:~# uname -a
Linux master1 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
# 存储类
root@master1:~# kubectl get sc -n openebs
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
mayastor-etcd-localpv openebs.io/local Delete WaitForFirstConsumer false 24h
mayastor-loki-localpv openebs.io/local Delete WaitForFirstConsumer false 24h
openebs-hostpath openebs.io/local Delete WaitForFirstConsumer false 24h
openebs-single-replica io.openebs.csi-mayastor Delete Immediate true 24h
# 设置openebs-hostpath为默认的存储类
root@master1:~# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched
版本说明
gitlab chart版本和gitlab版本号不是一一对应的,有映射关系,可以通过如下命令查看:
shell
# 添加gitlab helm 仓库
# gitlab
helm repo add gitlab https://charts.gitlab.io/
# 极狐gitlab
helm repo add gitlab-jh https://charts.gitlab.cn
helm repo update
# 根据需要查询gitlab或极狐gitlab
helm search repo -l gitlab/gitlab
helm search repo -l gitlab-jh/gitlab
以下是部分映射关系:
Chart version | GitLab version |
---|---|
8.1.1 | 17.1.1 |
8.1.0 | 17.1.0 |
8.0.3 | 17.0.3 |
8.0.2 | 17.0.2 |
8.0.0 | 17.0.0 |
更多信息请参考:GitLab chart versions | GitLab
部署极狐gitlab
使用helm部署极狐gitlab:
shell
# 查看版本列表
helm search repo -l gitlab-jh/gitlab
# 查看values
helm show values gitlab-jh/gitlab --version 8.0.0
# 安装chart
helm upgrade --install gitlab gitlab-jh/gitlab \
--version 8.0.0 \
--namespace=gitlab \
--create-namespace \
--timeout 600s \
--set global.hosts.domain=test.com \
--set certmanager-issuer.email=me@test.com
# 查看部署状态
root@master1:~# helm status gitlab -n gitlab
NAME: gitlab
LAST DEPLOYED: Wed Jul 3 22:37:16 2024
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO
=== NOTICE
The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.
=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-0
检查部署的组件状态:
shell
root@master1:~# kubectl get all -n gitlab
NAME READY STATUS RESTARTS AGE
pod/gitlab-certmanager-6b4c5698fc-fx94m 1/1 Running 0 7m31s
pod/gitlab-certmanager-cainjector-6bb45c8d86-hn8lf 1/1 Running 0 7m31s
pod/gitlab-certmanager-webhook-f456f7466-qsjbz 1/1 Running 0 7m31s
pod/gitlab-gitaly-0 1/1 Running 0 7m31s
pod/gitlab-gitlab-exporter-c6fdd5659-rzhf2 1/1 Running 0 7m31s
pod/gitlab-gitlab-runner-68989dc878-sl5z5 1/1 Running 0 7m31s
pod/gitlab-gitlab-shell-7b59445b8c-lpfkv 1/1 Running 0 7m16s
pod/gitlab-gitlab-shell-7b59445b8c-qvx8q 1/1 Running 0 7m31s
pod/gitlab-issuer-1ef7983-8bpnc 0/1 Completed 0 7m31s
pod/gitlab-kas-787d469bfd-ccnbr 1/1 Running 6 (4m7s ago) 7m31s
pod/gitlab-kas-787d469bfd-wqrpx 1/1 Running 6 (3m52s ago) 7m16s
pod/gitlab-migrations-88baebf-27kxq 0/1 Completed 4 7m31s
pod/gitlab-minio-797df99799-l2hhl 1/1 Running 0 7m30s
pod/gitlab-minio-create-buckets-df79603-qnjbg 0/1 Completed 0 7m31s
pod/gitlab-nginx-ingress-controller-547b55cf55-6blxb 1/1 Running 0 7m30s
pod/gitlab-nginx-ingress-controller-547b55cf55-djtjk 1/1 Running 0 7m30s
pod/gitlab-postgresql-0 2/2 Running 0 7m31s
pod/gitlab-prometheus-server-fd545b6b-vstwb 2/2 Running 0 7m31s
pod/gitlab-redis-master-0 2/2 Running 0 7m31s
pod/gitlab-registry-7c68bdc9b6-hr696 1/1 Running 0 7m16s
pod/gitlab-registry-7c68bdc9b6-r69v5 1/1 Running 0 7m30s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-6lqpj 1/1 Running 0 60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-hvtbv 1/1 Running 0 60s
pod/gitlab-sidekiq-all-in-1-v2-74c6ccbdfb-jbx4b 1/1 Running 0 7m31s
pod/gitlab-toolbox-86b7d94469-mzd7n 1/1 Running 0 7m31s
pod/gitlab-webservice-default-5c86b55c44-kzxxn 2/2 Running 1 (106s ago) 7m16s
pod/gitlab-webservice-default-5c86b55c44-zk8jm 2/2 Running 1 (102s ago) 7m30s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gitlab-certmanager ClusterIP 10.103.79.247 <none> 9402/TCP 7m31s
service/gitlab-certmanager-webhook ClusterIP 10.110.89.100 <none> 443/TCP 7m31s
service/gitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 7m31s
service/gitlab-gitlab-exporter ClusterIP 10.103.13.57 <none> 9168/TCP 7m31s
service/gitlab-gitlab-shell ClusterIP 10.110.243.157 <none> 22/TCP 7m31s
service/gitlab-kas ClusterIP 10.99.234.244 <none> 8150/TCP,8153/TCP,8154/TCP,8151/TCP 7m31s
service/gitlab-minio-svc ClusterIP 10.96.216.150 <none> 9000/TCP 7m31s
service/gitlab-nginx-ingress-controller LoadBalancer 10.104.192.117 192.168.0.240 80:32575/TCP,443:30923/TCP,22:30281/TCP 7m31s
service/gitlab-nginx-ingress-controller-metrics ClusterIP 10.104.28.161 <none> 10254/TCP 7m31s
service/gitlab-postgresql ClusterIP 10.104.12.20 <none> 5432/TCP 7m31s
service/gitlab-postgresql-hl ClusterIP None <none> 5432/TCP 7m31s
service/gitlab-postgresql-metrics ClusterIP 10.103.223.62 <none> 9187/TCP 7m31s
service/gitlab-prometheus-server ClusterIP 10.101.246.129 <none> 80/TCP 7m31s
service/gitlab-redis-headless ClusterIP None <none> 6379/TCP 7m31s
service/gitlab-redis-master ClusterIP 10.97.134.226 <none> 6379/TCP 7m31s
service/gitlab-redis-metrics ClusterIP 10.109.85.235 <none> 9121/TCP 7m31s
service/gitlab-registry ClusterIP 10.110.74.189 <none> 5000/TCP 7m31s
service/gitlab-webservice-default ClusterIP 10.101.101.108 <none> 8080/TCP,8181/TCP,8083/TCP 7m31s
# 修改service/gitlab-nginx-ingress-controller为NodePort类型
root@master1:~# kubectl edit service/gitlab-nginx-ingress-controller -n gitlab
service/gitlab-nginx-ingress-controller edited
访问gitlab
获取root密码:
shell
root@master1:~# kubectl get secret -n gitlab
NAME TYPE DATA AGE
gitlab-acme-key Opaque 1 24h
gitlab-certmanager-webhook-ca Opaque 3 24h
gitlab-gitaly-secret Opaque 1 24h
gitlab-gitlab-initial-root-password Opaque 1 24h
gitlab-gitlab-kas-secret Opaque 1 24h
gitlab-gitlab-runner-secret Opaque 2 24h
gitlab-gitlab-shell-host-keys Opaque 6 24h
gitlab-gitlab-shell-secret Opaque 1 24h
gitlab-gitlab-suggested-reviewers Opaque 1 24h
gitlab-gitlab-tls kubernetes.io/tls 2 24h
gitlab-gitlab-workhorse-secret Opaque 1 24h
gitlab-kas-private-api Opaque 1 24h
gitlab-kas-tls kubernetes.io/tls 2 24h
gitlab-minio-secret Opaque 2 24h
gitlab-minio-tls kubernetes.io/tls 2 24h
gitlab-postgresql-password Opaque 2 24h
gitlab-rails-secret Opaque 1 24h
gitlab-redis-secret Opaque 1 24h
gitlab-registry-httpsecret Opaque 1 24h
gitlab-registry-notification Opaque 1 24h
gitlab-registry-secret Opaque 2 24h
gitlab-registry-tls kubernetes.io/tls 2 24h
gitlab-zoekt-basicauth Opaque 2 24h
sh.helm.release.v1.gitlab.v1 helm.sh/release.v1 1 23m
root@master1:~# kubectl get secret gitlab-gitlab-initial-root-password -ojsonpath='{.data.password}' -n gitlab | base64 --decode ; echo
SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd
查看ingress:
shell
root@master1:~# kubectl get ingress -n gitlab
NAME CLASS HOSTS ADDRESS PORTS AGE
gitlab-kas gitlab-nginx kas.test.com 192.168.0.240 80, 443 5m36s
gitlab-minio gitlab-nginx minio.test.com 192.168.0.240 80, 443 5m36s
gitlab-registry gitlab-nginx registry.test.com 192.168.0.240 80, 443 5m36s
gitlab-webservice-default gitlab-nginx gitlab.test.com 192.168.0.240 80, 443 5m36s
终端配置解析,将域名gitlab.test.com
解析到 LB 分配的IP地址: 192.168.0.240,使用浏览器访问https://gitlab.test.com
,用户名root
,密码:SB2APLcOu7C0XnRvZHVqUKVWDOqCo1vC5Luy4mYyzaNZnkO5NKaDfofFphocQTmd