Gitlab企业实战（一）

1、介绍

GitLab 是一个基于 Web 的 Git 代码库管理工具，提供源代码管理、持续集成和部署等功能。它是一个管理代码库和与他人协作的绝佳工具。

2、组件

组件名称	功能说明
PostgreSQL	持久化 GitLab 数据库数据
Redis	持久化 GitLab 作业数据
Gitlab Shell	处理通过SSH方式的操作
Nginx	Web服务器
GitLab Workhorse	轻量级的反向代理服务器
Gitaly	保留 Git 存储库
Sidekiq	用于执行异步的后台队列任务的功能组件
GitLab Pages	GitLab所提供的一项功能，允许用户发布从仓库发布静态的web站点
Logrotate	日志文件管理组件，用于进行日志的轮转操作
gitlab-kas	Kas 用来将部署信息从gitlab同步到k8s集群
minio	持久化对象存储数据

3、安装部署

说明：默认的安装的方式，不适合生产环境使用，尽量将组件拆开，使用外部组件，提供高可用能力

添加Helm仓库

helm repo add gitlab https://charts.gitlab.io/
helm search repo -l gitlab/gitlab

创建 values-gitlab.yaml 文件，如果想自己初始化各个组件的账号密码，请参考这个：
Gitlab配置秘钥

global:
  edition: ce  # 使用社区版
  
  hosts:
    domain: bgxwz.com  # 定义访问域名

  ingress:
    configureCertmanager: false

nginx-ingress:
  enabled: false
certmanager:
  install: false
prometheus:
  install: false
gitlab-runner:
  install: false
  
certmanager-issuer:
  email: email@example.com

自定义外部 Redis：

global:
  redis:
    host: redis.example.com
    serviceName: redis
    port: 6379
    password:
      enabled: true
      secret: gitlab-redis
      key: redis-password
    scheme:

自定义 Redis Cluster 集群：

redis:
  install: false
global:
  redis:
    host: redis.example
    port: 6379
    password:
      enabled: true
      secret: redis-secret
      key: redis-password
    cache:
      host: cache.redis.example
      port: 6379
      password:
        enabled: true
        secret: cache-secret
        key: cache-password
    sharedState:
      host: shared.redis.example
      port: 6379
      password:
        enabled: true
        secret: shared-secret
        key: shared-password
    queues:
      host: queues.redis.example
      port: 6379
      password:
        enabled: true
        secret: queues-secret
        key: queues-password
    actioncable:
      host: cable.redis.example
      port: 6379
      password:
        enabled: true
        secret: cable-secret
        key: cable-password
    traceChunks:
      host: traceChunks.redis.example
      port: 6379
      password:
        enabled: true
        secret: traceChunks-secret
        key: traceChunks-password
    rateLimiting:
      host: rateLimiting.redis.example
      port: 6379
      password:
        enabled: true
        secret: rateLimiting-secret
        key: rateLimiting-password
    sessions:
      host: sessions.redis.example
      port: 6379
      password:
        enabled: true
        secret: sessions-secret
        key: sessions-password
    repositoryCache:
      host: repositoryCache.redis.example
      port: 6379
      password:
        enabled: true
        secret: repositoryCache-secret
        key: repositoryCache-password

自定义外部 PostgreSQL：

global:
  psql:
    host: psql.example.com
    # serviceName: pgbouncer
    port: 5432
    database: gitlabhq_production
    username: gitlab
    applicationName:
    preparedStatements: false
    databaseTasks: true
    connectTimeout:
    keepalives:
    keepalivesIdle:
    keepalivesInterval:
    keepalivesCount:
    tcpUserTimeout:
    password:
      useSecret: true
      secret: gitlab-postgres
      key: psql-password
      file:

自定义外部存储：minio

global:
  minio:
    enabled: false
  registry:
    bucket: gitlab-registry-storage
  appConfig:
    lfs:
      bucket: gitlab-lfs-storage
      connection: # https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/charts/globals.md#connection
        secret: objectstore-lfs
        key: connection
    artifacts:
      bucket: gitlab-artifacts-storage
      connection:
        secret: objectstore-artifacts
        key: connection
    uploads:
      bucket: gitlab-uploads-storage
      connection:
        secret: objectstore-uploads
        key: connection
    packages:
      bucket: gitlab-packages-storage
      connection:
        secret: objectstore-packages
        key: connection
    backups:
      bucket: gitlab-backup-storage
      tmpBucket: gitlab-tmp-storage
gitlab:
  toolbox:
    backups:
      objectStorage:
        config:
          secret: s3cmd-config
          key: config
registry:
  storage:
    secret: registry-storage
    key: config

安装部署

kubectl create ns gitlab
helm install gitlab gitlab/gitlab -n gitlab -f values-gitlab.yaml

查看服务

kubectl get po -n gitlab

NAME                                          READY   STATUS      RESTARTS   AGE
gitlab-gitaly-0                               1/1     Running     0          3h30m
gitlab-gitlab-exporter-66b748c475-dr575       1/1     Running     0          3h30m
gitlab-gitlab-shell-558f7b7bf5-4tx4s          1/1     Running     0          3h30m
gitlab-gitlab-shell-558f7b7bf5-6wkcc          1/1     Running     0          3h26m
gitlab-kas-66876cc79-6hcmt                    1/1     Running     0          3h30m
gitlab-kas-66876cc79-zhq4z                    1/1     Running     0          3h26m
gitlab-minio-864888b9fb-x2dcc                 1/1     Running     0          3h30m
gitlab-postgresql-0                           2/2     Running     0          3h30m
gitlab-redis-master-0                         2/2     Running     0          3h30m
gitlab-registry-599dc94f77-h8jcx              1/1     Running     0          3h30m
gitlab-registry-599dc94f77-vjtj6              1/1     Running     0          3h30m
gitlab-sidekiq-all-in-1-v2-6b8ff4c78b-9dzqg   1/1     Running     0          3h30m
gitlab-toolbox-bc4f78d58-gzmbz                1/1     Running     0          3h30m
gitlab-webservice-default-7986fc9cd8-sx2c7    2/2     Running     0          3h26m
gitlab-webservice-default-7986fc9cd8-zjnk5    2/2     Running     0          3h5m

4、登录

通过 Higress 来创建一个 ingress 转发：https://gitlab.bgxwz.com/

登录 Gitlab 控制台

默认登录
账号：root
密码：使用命令获取

kubectl -n gitlab get secret gitlab-gitlab-initial-root-password -o jsonpath="{.data.password}" | base64 -d; echo

登录后的界面如下：