k8s部署gitlab
创建命名空间
cat >>0-namespace.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: gitlab
labels:
name: gitlab
EOF
kubectl create -f 0-namespace.yaml部署redis
cat >>1-redis.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-redis-pvc
namespace: gitlab
labels:
app: redis
spec:
storageClassName: nfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: gitlab
labels:
name: redis
spec:
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
name: redis
labels:
name: redis
spec:
containers:
- name: redis
image: redis:6.0.2
imagePullPolicy: IfNotPresent
ports:
- name: redis
containerPort: 6379
volumeMounts:
- mountPath: /data
name: data
livenessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: gitlab-redis-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: gitlab
labels:
name: redis
spec:
ports:
- name: redis
port: 6379
targetPort: redis
selector:
name: redis
EOF
kubectl create -f 1-redis.yaml部署postgresql
cat >>2-postgresql.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-postgresql-pv-claim
namespace: gitlab
labels:
app: postgresql
spec:
storageClassName: nfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
namespace: gitlab
labels:
app: postgres
data:
POSTGRES_DB: gitlab_production
POSTGRES_USER: gitlab
POSTGRES_PASSWORD: Daqsoft@123
PGDATA: /var/lib/postgresql/data/pgdata
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgresql
namespace: gitlab
labels:
name: postgresql
spec:
serviceName: postgresql
replicas: 1
selector:
matchLabels:
name: postgresql
template:
metadata:
name: postgresql
labels:
name: postgresql
spec:
containers:
- name: postgresql
image: postgres:12.10
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: postgres-config
ports:
- name: postgres
containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql/data
# subPath: postgresql
name: postgres-data
livenessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- gitlab
- -d
- gitlab_production
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
exec:
command:
- pg_isready
- -h
- localhost
- -U
- gitlab
- -d
- gitlab_production
initialDelaySeconds: 5
timeoutSeconds: 1
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: gitlab-postgresql-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
namespace: gitlab
labels:
name: postgresql
spec:
ports:
- name: postgres
port: 5432
targetPort: postgres
selector:
name: postgresql
EOF
kubectl create -f 2-postgresql.yaml部署gitlab
cat >>3-gitlab-deploy.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab
labels:
app: gitlab
tier: frontend
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
tier: frontend
spec:
nodeName: k8snode2
serviceAccountName: gitlab
containers:
- image: gitlab/gitlab-ce:14.9.2-ce.0
name: gitlab
# resources:
# requests:
# cpu: 800m
# memory: 2Gi
# limits:
# cpu: "800m"
# memory: 2Gi
securityContext:
privileged: true
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_OMNIBUS_CONFIG
value: |
postgresql['enable'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "Daqsoft@123"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab_production"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
redis['enable'] = false
gitlab_rails['redis_host'] = 'redis'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['gitlab_shell_ssh_port'] = 30022
external_url 'http://gitlab.daqsoft.com:30080'
nginx['listen_port'] = 80
nginx['listen_https'] = false
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'admin@boge.com'
gitlab_rails['gitlab_email_display_name'] = 'boge'
gitlab_rails['gitlab_email_reply_to'] = 'gitlab@boge.com'
gitlab_rails['gitlab_default_can_create_group'] = true
gitlab_rails['gitlab_username_changing_enabled'] = true
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab@boge.com"
gitlab_rails['smtp_password'] = "bogesendmail"
gitlab_rails['smtp_domain'] = "exmail.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['initial_root_password'] = "Daqsoft@123"
prometheus['enable'] = false
grafana['enable'] = false
gitlab_rails['backup_keep_time'] = 259200
ports:
- containerPort: 80
name: web
protocol: TCP
- containerPort: 22
name: agent
protocol: TCP
# livenessProbe:
# exec:
# command:
# - sh
# - -c
# - "curl -s http://127.0.0.1/-/health|grep -w 'GitLab OK'"
# initialDelaySeconds: 120
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 3
# readinessProbe:
# exec:
# command:
# - sh
# - -c
# - "curl -s http://127.0.0.1/-/health|grep -w 'GitLab OK'"
# initialDelaySeconds: 120
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 3
volumeMounts:
- mountPath: /var/opt/gitlab
name: gitlab-data
subPath: gitlab-data
- mountPath: /etc/localtime
name: tz-config
volumes:
- name: gitlab-data
persistentVolumeClaim:
claimName: gitlab-data-pvc-claim
- name: tz-config
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
securityContext:
runAsUser: 0
fsGroup: 0
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-data-pvc-claim
namespace: gitlab
labels:
app: gitlab
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: gitlab
name: gitlab
namespace: gitlab
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab
namespace: gitlab
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitlab
namespace: gitlab
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitlab
subjects:
- kind: ServiceAccount
name: gitlab
namespace: devops
EOF
kubectl create -f 3-gitlab-deploy.yaml创建svc
cat >>4-gitlab-svc.yaml <<EOF
kind: Service
apiVersion: v1
metadata:
labels:
app: gitlab
name: gitlab
namespace: gitlab
spec:
type: NodePort
ports:
- name: web
port: 80
targetPort: 80
nodePort: 30080
- name: agent
port: 22
targetPort: 22
nodePort: 30022
selector:
app: gitlab
EOF
kubectl create -f 4-gitlab-svc.yaml创建备份configmap(可选)
kubectl create configmap kubeconfig --from-file=/root/.kube/config 创建备份定时任务(可选)
cat >>5-gitlab-backup.yaml <<EOF
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitlab-backup-schedule
namespace: gitlab
spec:
schedule: "31 6 * * *"
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 2
jobTemplate:
spec:
template:
spec:
containers:
- name: gitlab-backup
image: lachlanevenson/k8s-kubectl:v1.22.7
volumeMounts:
- name: config
mountPath: /etc/kubeconfig
- name: tz-config
mountPath: /etc/localtime
command:
- /bin/sh
- -c
- "echo '192.168.80.200 k8smaster01' >> /etc/hosts;pod_name=$(kubectl get pods -l app=gitlab -n gitlab -o jsonpath='{.items[*].metadata.name}' --kubeconfig=/etc/kubeconfig/config); kubectl get po/$pod_name -n gitlab --kubeconfig=/etc/kubeconfig/config;kubectl --kubeconfig=/etc/kubeconfig/config exec $pod_name -n gitlab -- gitlab-rake gitlab:backup:create"
volumes:
- name: config
configMap:
name: kubeconfig
- name: tz-config
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
restartPolicy: OnFailure
EOF
kubectl create -f 5-gitlab-backup.yaml- 感谢你赐予我前进的力量
-
微信 
支付宝
赞赏者名单
因为你们的支持让我意识到写文章的价值🙏
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 运维小白
阅读建议
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
