k8s安装gitlab-ce

docker镜像打包

根据官方说明：gitlaby docker镜像中已经不包含邮件代理传输，需要重新打包镜像

FROM gitlab/gitlab-ce
RUN apt-get update && apt-get install postf

官方说明：https://docs.gitlab.cn/jh/install/docker.html 官方说明

创建pvc 采用的是阿里云的nas 可以更换其他的

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    k8s.kuboard.cn/pvcType: Dynamic
    pv.kubernetes.io/bind-completed: 'yes'
    pv.kubernetes.io/bound-by-controller: 'yes'
    volume.beta.kubernetes.io/storage-provisioner: nasplugin.csi.alibabacloud.com
  finalizers:
    - kubernetes.io/pvc-protection
  name: gitlab-ce
  namespace: gitlab
  resourceVersion: '1233054'
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 100Gi
  storageClassName: alibabacloud-cnfs-nas
  volumeMode: Filesystem
  volumeName: nas-xxxxxxxxx
status:
  accessModes:
    - ReadWriteMany
  capacity:
    storage: 100Gi
  phase: Bound

部署pgsql

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: postgresql
  name: postgresql
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgresql
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
  template:
    metadata:
      labels:
        app: postgresql
    spec:
      containers:
        - env:
            - name: POSTGRES_DB
              value: gitlab
            - name: POSTGRES_USER
              value: gitlabuser
            - name: POSTGRES_PASSWORD
              value: '123456'
            - name: POSTGRES_HOST_AUTH_METHOD
              value: trust
          image: 'postgres:10'
          imagePullPolicy: IfNotPresent
          name: postgresql
          ports:
            - containerPort: 5432
              protocol: TCP
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: pgdata
              subPath: postgresql
      volumes:
        - name: pgdata
          persistentVolumeClaim:
            claimName: gitlab-ce
---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    app: postgresql
  name: postgresql
  namespace: gitlab
spec:

  ports:
    - name: pg
      port: 5432
      protocol: TCP
      targetPort: 5432
  selector:
    app: postgresql
  type: ClusterIP

部署redis

apiVersion: apps/v1
kind: StatefulSet
metadata:
  annotations: {}
  labels:
    app: redis
    k8s.kuboard.cn/name: redis
  name: redis
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  serviceName: redis
  template:
    metadata:
      labels:
        app: redis
    spec:
      containers:
        - env:
            - name: REDIS_PASSWORD
              value: '123456'
          image: 'bitnami/redis:5.0'
          imagePullPolicy: IfNotPresent
          name: redis
          ports:
            - containerPort: 6379
              protocol: TCP
          volumeMounts:
            - mountPath: /bitnami/redis/data
              name: redis-data
              subPath: redis
      volumes:
        - name: redis-data
          persistentVolumeClaim:
            claimName: gitlab-ce
---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    app: redis
  name: redis
  namespace: gitlab
spec:
- port: 6379
      protocol: TCP
      targetPort: 6379
  selector:
    app: redis
  type: ClusterIP

部署gitlab

---
apiVersion: v1
data:
  gitlab.rb: |+
    external_url 'https://gitsm.com'
    gitlab_rails['gitlab_email_from'] = 'xxxxx@xxxxx-inc.com'
    gitlab_rails['ldap_enabled'] = true
    gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
         label: 'LDAP'
         host: 'ldap://xxxxx:389'
         port: 399
         uid: 'uid'
         bind_dn: 'cn=root,dc=xxxxxx,dc=com'
         verify_certificates: true
         active_directory: true
         allow_username_or_email_login: false
         block_auto_created_users: false
         base: 'dc=xxxxx,dc=com'
         user_filter: ''
         group_base: ''
         admin_group: ''
         sync_ssh_keys: false
     EOS
    gitlab_rails['db_adapter'] = "postgresql"
    gitlab_rails['db_encoding'] = "utf8"
    gitlab_rails['db_username'] = "gitlabuser"
    gitlab_rails['db_password'] = "123456"
    gitlab_rails['db_host'] = "postgresql"
    gitlab_rails['db_port'] = "5432"
    gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "xxxxx.xxxxx-inc.com"
    gitlab_rails['smtp_port'] = 465
    gitlab_rails['smtp_user_name'] = "xxxxx@xxxxx-inc.com"
    gitlab_rails['smtp_password'] = "xxxxx"
    gitlab_rails['smtp_domain'] = "xxxxx-inc.com"
    gitlab_rails['smtp_authentication'] = "login"
    gitlab_rails['smtp_enable_starttls_auto'] = true
    gitlab_rails['smtp_tls'] = true
    user['git_user_email'] = "xxxxx@xxxxx-inc.com"
    postgresql['enable'] = false
    redis['enable'] = true
    gitlab_rails['redis_host'] = 'redis'
    gitlab_rails['redis_port'] = 6379
    gitlab_rails['redis_password'] = '123456'

kind: ConfigMap
metadata:
  name: gitlab-config
  namespace: gitlab
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  annotations: {}
  labels:
    app: gitlab-ce
  name: gitlab-ce
  namespace: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab-ce
  serviceName: gitlab-ce
  template:
    metadata:
      labels:
        app: gitlab-ce
    spec:
      containers:
        - env:
            - name: GITLAB_ROOT_PASSWORD
              value: gitlab123456
            - name: GITLAB_ROOT_EMAIL
              value: gitlab@xianlai-inc.com
          envFrom:
            - configMapRef:
                name: gitlab-config
              prefix: GITLAB_OMNIBUS_CONFIG
          image: 'xxxxxxxxx/gitlab-ce:latest'
          imagePullPolicy: IfNotPresent
          name: gitlab-ce
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
            - containerPort: 22
              name: ssh
              protocol: TCP
          volumeMounts:
            - mountPath: /etc/gitlab
              name: data
              subPath: gitlab/conf
            - mountPath: /var/opt/gitlab
              name: data
              subPath: gitlab/data
      restartPolicy: Always
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: gitlab-ce

---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    app: gitlab-ce
  name: gitlab-ce
  namespace: gitlab
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
    - name: https
      port: 443
      protocol: TCP
      targetPort: 443
  selector:
    app: gitlab-ce
  type: ClusterIP

邮箱验证

QQ邮箱

需要先登录qq邮箱开启smtp，会生成一个 smtp_password

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxx@qq.com"
gitlab_rails['smtp_password'] = "xxxxxx"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = "xxx@qq.com"
user["git_user_email"] = "xxx@qq.com"

阿里云企业邮箱

可以先在阿里云域名解析中查看smtp配置，一般情况和下面一样的。

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mxhichina.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab@xxx.com"
gitlab_rails['smtp_password'] = "xxx"
gitlab_rails['smtp_domain'] = "smtp.mxhichina.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = "gitlab@xxx.com"
user["git_user_email"] = "gitlab@xxx.com"

邮箱测试

# 重启配置
gitlab-ctl reconfigure
gitlab-ctl restart 
# 进入控制台（等待进入控制台）
gitlab-rails console
# 执行测试
Notify.test_email("接收邮箱","标题","内容").deliver_now