Dra-M Dra-M
首页
技术
冥思
哲学
收藏
  • 分类
  • 标签
  • 归档
GitHub (opens new window)

莫小龙

保持理智,相信未来。
首页
技术
冥思
哲学
收藏
  • 分类
  • 标签
  • 归档
GitHub (opens new window)
  • Java

  • Golang

  • 编程思想

  • 微服务

  • 中间件

  • Python

  • 运维

    • Linux

    • Bash

    • DevOps

      • 前言:搭建一套自有的围绕K8S的DevOps工具
      • 部署K8S -- kubeasz
      • 部署NFS服务器
      • 为K8S添加StorageClass
      • 学习用NodePort暴露K8S服务
      • 外部nginx代理到nodeport
      • 使用Docker安装LDAP
      • 使用K8S部署LDAP管理面板
      • 使用Docker部署第三方K8S面板Kuboard,并连接LDAP
      • 使用K8S部署GitLab,并连接LDAP
      • 使用K8S部署Jenkins,并连接LDAP
      • 使用K8S部署Nexus,并连接LDAP
      • Nexus Maven私服配置
      • Nexus Docker私服配置+K8S拉取私服镜像
      • Jenkins Pipeline 从 K8s Agent 启动构建
      • Jenkins Pipeline 拉取Git代码 获取提交信息
      • Jenkins Pipeline Maven打包
      • Jenkins Pipeline BuildDockerImage 推送到私服
      • Jenkins Pipeline 部署程序到K8S
      • Jenkins Pipeline 共享库
      • Loki日志收集+K8S
      • SkyWalking链路追踪+K8S、
      • SpringCloud+K8S联调说明
      • DevOps WebHook汇总 (Gitlab,Jenkins,K8S Event)
  • 技术
  • 运维
  • DevOps
莫小龙
2022-04-11

使用K8S部署GitLab,并连接LDAP

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  namespace: devops
  name: gitlab-data
  annotations:
    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  accessModes: [ "ReadWriteMany" ]
  resources:
    requests:
      storage: 128Gi
---
apiVersion: v1
kind: Service
metadata:
  namespace: devops
  name: gitlab
spec:
  type: NodePort
  ports:
  # Port上的映射端口
  - port: 443
    targetPort: 443
    nodePort: 30103
    name: gitlab443
  - port: 80
    targetPort: 80
    nodePort: 30101
    name: gitlab80
  - port: 22
    targetPort: 22
    nodePort: 30386
    name: gitlab22
  selector:
    app: gitlab
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: StatefulSet
metadata:
  namespace: devops
  name: gitlab
spec:
  selector:
    matchLabels:
      app: gitlab
  revisionHistoryLimit: 2
  template:
    metadata:
      labels:
        app: gitlab
    spec:
      containers:
      # 应用的镜像
      - image: gitlab/gitlab-ce 
        name: gitlab
        imagePullPolicy: IfNotPresent
        # 应用的内部端口
        ports:
        - containerPort: 443
          name: gitlab443
        - containerPort: 80
          name: gitlab80
        - containerPort: 22
          name: gitlab22
        volumeMounts:
        # gitlab持久化
        - name: gitlab-persistent
          mountPath: /etc/gitlab
          subPath: etc
        - name: gitlab-persistent
          mountPath: /var/log/gitlab
          subPath: log
        - name: gitlab-persistent
          mountPath: /var/opt/gitlab
          subPath: opt
      imagePullSecrets:
      - name: devops-repo
      volumes:
      # 使用pvc
      - name: gitlab-persistent
        persistentVolumeClaim:
          claimName: gitlab-data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

gitlab配置文件:pv内 etc/gitlab.rb

external_url 'http://git.dev.dra-m.com'
gitlab_rails['gitlab_ssh_host'] = 'git.dev.dra-m.com'
# Nginx 授信地址 外部Nginx的IP
gitlab_rails['trusted_proxies'] = ['192.168.1.177','127.0.0.1']
# SSH 端口
gitlab_rails['gitlab_shell_ssh_port'] = 30386
# 服务监听方式
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8021"
puma['enable'] = true
puma['worker_timeout'] = 60
puma['worker_processes'] = 2
puma['min_threads'] = 1
puma['max_threads'] = 2
puma['ha']= false
puma['per_worker_max_memory_mb']= 2048
sidekiq['max_concurrency'] = 5
postgresql['shared_buffers'] = "50MB"
postgresql['max_worker_processes'] = 2
nginx['worker_processes'] = 2
gitaly['ruby_num_workers'] = 2
prometheus_monitoring['enable'] = false
#LDAP
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = {
'main' => {
  'label' => 'LDAP',
  'host' =>  '192.168.1.177',
  'port' => 389,
  'uid' => 'uid',
  'verify_certificates' => false,
  'bind_dn' => 'cn=admin,dc=dra-m,dc=com',
  'password' => '*******',
  'timeout' => 10,
  'active_directory' => true,
  'allow_username_or_email_login' => true,
  'block_auto_created_users' => false,
  'base' => 'dc=dra-m,dc=com',
  'user_filter' => '',
  'attributes' => {
    'username' => ['uid', 'userid', 'sAMAccountName'],
    'email' => ['mail', 'email', 'userPrincipalName'],
    'name' => 'cn',
    'first_name' => 'givenName',
    'last_name' => 'sn'
  }
  }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

Gitlab可以直接用LDAP登录,默认权限为注册用户。


#DevOps#K8S#运维#LDAP#GitLab
上次更新: 10/23/2024
使用Docker部署第三方K8S面板Kuboard,并连接LDAP
使用K8S部署Jenkins,并连接LDAP

← 使用Docker部署第三方K8S面板Kuboard,并连接LDAP 使用K8S部署Jenkins,并连接LDAP→

最近更新
01
mosquito配置ws协议
10-23
02
Pip包的离线下载和安装
10-23
03
stable diffusion 相关收藏
02-24
更多文章>
Theme by Vdoing | Copyright © 2019-2024 Dra-M
  • 跟随系统
  • 浅色模式
  • 深色模式
  • 阅读模式