kubernetes集群:gitlab搭建(ssh和http都能访问)
1、说明
在k8s集群中搭建gitlab比较简单,只需将Redis、Postgresql、Gitlab分别启动,进行配置就行。镜像是:sameersbn/gitlab
,地址:http://www.damagehead.com/docker-gitlab/。如果我们已经有可使用的 Redis 或 Postgresql 服务的话,那么直接配置在 Gitlab 环境变量中即可。我这边没有,就一起部署了。
Ingress采用的Nginx,参考:https://www.cnblogs.com/zoujiaojiao/p/12515917.html 。存储采用nfs。
2、注意
gitlab 的ssh端口是22。我们宿主机一般是会启动ssh的22端口。所以gitlab的22端口映射到宿主机的时候,我们采用nodeport方式,固定给30022端口。这样我们就能使用git 的ssh方式访问。
3、配置
3.1 启动redis
创建pv 和 pvc
# cat gitlab-redis-pv.yaml --- # pv apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-redis-pv spec: capacity: storage: 5Gi accessModes: - ReadWriteMany nfs: server: nfs的ip path: "/data/gitlab-redis" 挂载在nfs上/data/gitlab-redis路径下 --- # pvc apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitlab-redis-pvc namespace: kube-ops spec: accessModes: - ReadWriteMany storageClassName: "" resources: requests: storage: 5Gi 分配大小
创建deployment 和service
# cat gitlab-redis.yaml apiVersion: apps/v1 kind: Deployment metadata: name: redis namespace: kube-ops labels: name: redis spec: selector: matchLabels: name: redis template: metadata: name: redis labels: name: redis spec: containers: - name: redis image: redis:latest 建议先提前下载好镜像 imagePullPolicy: IfNotPresent ports: - name: redis containerPort: 6379 volumeMounts: - mountPath: /var/lib/redis name: data livenessProbe: exec: command: - redis-cli - ping initialDelaySeconds: 30 timeoutSeconds: 5 readinessProbe: exec: command: - redis-cli - ping initialDelaySeconds: 5 timeoutSeconds: 1 volumes: - name: data persistentVolumeClaim: claimName: gitlab-redis-pvc --- apiVersion: v1 kind: Service metadata: name: redis namespace: kube-ops labels: name: redis spec: ports: - name: redis port: 6379 targetPort: redis selector: name: redis
启动:
#kubectl create -f gitlab-redis-pv.yaml
#kubectl create -f gitlab-redis.yaml
3.2 启动pgsql
创建pv 和pvc
# cat gitlab-postgresql-pv.yaml --- # pv apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-postgresql-pv spec: capacity: storage: 5Gi accessModes: - ReadWriteMany nfs: server: nfs服务器ip path: "/data/gitlab-postgresql" --- # pvc apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitlab-postgresql-pvc namespace: kube-ops spec: accessModes: - ReadWriteMany storageClassName: "" resources: requests: storage: 5Gi
创建deployment和service
# cat gitlab-postgresql.yaml apiVersion: apps/v1 kind: Deployment metadata: name: postgresql namespace: kube-ops labels: name: postgresql spec: selector: matchLabels: name: postgresql template: metadata: name: postgresql labels: name: postgresql spec: containers: - name: postgresql image: postgresql:10 imagePullPolicy: IfNotPresent env:- name: DB_USER value: gitlab - name: DB_PASS value: gitlab数据库密码 - name: DB_NAME value: gitlab_production - name: DB_EXTENSION value: pg_trgm ports: - name: postgres containerPort: 5432 volumeMounts: - mountPath: /var/lib/postgresql name: data livenessProbe: exec: command: - pg_isready - -h - localhost - -U - postgres initialDelaySeconds: 30 timeoutSeconds: 5 readinessProbe: exec: command: - pg_isready - -h - localhost - -U - postgres initialDelaySeconds: 5 timeoutSeconds: 1 volumes: - name: data persistentVolumeClaim: claimName: gitlab-postgresql-pvc --- apiVersion: v1 kind: Service metadata: name: postgresql namespace: kube-ops labels: name: postgresql spec: ports: - name: postgres port: 5432 targetPort: postgres selector: name: postgresql
启动:
# kubectl create -f gitlab-postgresql-pv.yaml
# kubectl create -f gitlab-postgresql.yaml
3.3 启动gitlab
创建pv和pvc
# cat gitlab-gitlab-pv.yaml --- # pv apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-gitlab-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteMany nfs: server: nfs的ip path: "/data/gitlab-gitlab" --- # pvc apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitlab-gitlab-pvc namespace: kube-ops spec: accessModes: - ReadWriteMany storageClassName: "" resources: requests: storage: 10Gi
创建git的deployment和service,Ingress
# cat gitlab-gitlab.yaml apiVersion: apps/v1 kind: Deployment metadata: name: gitlab namespace: kube-ops labels: name: gitlab spec: selector: matchLabels: name: gitlab template: metadata: name: gitlab labels: name: gitlab spec: containers: - name: gitlab image: docker.vonedao.com/bases/gitlab:11.8.1 imagePullPolicy: IfNotPresent env: - name: TZ value: Asia/Shanghai - name: GITLAB_TIMEZONE value: Beijing - name: GITLAB_SECRETS_DB_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_SECRETS_SECRET_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_SECRETS_OTP_KEY_BASE value: long-and-random-alpha-numeric-string - name: GITLAB_ROOT_PASSWORD value: gitlab界面上root账户登录密码 - name: GITLAB_ROOT_EMAIL value: jiaojiao.zou@vonechain.com - name: GITLAB_HOST value: gitlab.vonedao.com - name: GITLAB_PORT value: "80" - name: GITLAB_SSH_PORT value: "22" - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS value: "true" - name: GITLAB_NOTIFY_PUSHER value: "false" - name: GITLAB_BACKUP_SCHEDULE value: daily - name: GITLAB_BACKUP_TIME value: 01:00 - name: DB_TYPE value: postgres - name: DB_HOST value: postgresql - name: DB_PORT value: "5432" - name: DB_USER value: gitlab - name: DB_PASS value: git数据库密码 - name: DB_NAME value: gitlab_production - name: REDIS_HOST value: redis - name: REDIS_PORT value: "6379" ports: - name: http containerPort: 80 - name: ssh containerPort: 22 volumeMounts: - mountPath: /home/git/data name: data livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 180 timeoutSeconds: 5 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 timeoutSeconds: 1 volumes: - name: data persistentVolumeClaim: claimName: gitlab-gitlab-pvc --- apiVersion: v1 kind: Service metadata: name: gitlab namespace: kube-ops labels: name: gitlab spec: ports: - name: http port: 80 targetPort: http - name: ssh port: 22 targetPort: ssh nodePort: 30022 注意添加映射端口 type: NodePort 注意端口类型是nodeport selector: name: gitlab --- apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/proxy-body-size: "1024m" git界面需要上传下载文件,默认不够,改大点 nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" name: gitlab namespace: kube-ops annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: gitlab.vonedao.com http: paths: - backend: serviceName: gitlab servicePort: http
启动
#kubectl create -f gitlab-gitlab-pv.yaml
#kubectl create -f gitlab-gitlab.yaml
4. gitlab注册和客户端ssh方式克隆仓库
域名是gitlab.vonedao.com。由于是内网练习。需要在本地hosts添加ingress宿主机的ip。
root登录使用:root ,以及yaml文件中设置的密码。
注册账户:
添加ssh key:
在git客户端执行(我是在linux服务器上):
# ssh-keygen -t ed25519 -C "jiao.zou@vonechain.com" 一直回车
# cd ~/.ssh/
# cat id_ed25519.pub
将这一段复制粘贴后保存:
创建项目:
在git客户端克隆,注意端口号。不需要输入密码:
#git clone ssh://git@gitlab.vonedao.com:30022/zoujiaojiao/it.git