使用K8S部署GitLab,并连接LDAP
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: devops
name: gitlab-data
annotations:
volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
accessModes: [ "ReadWriteMany" ]
resources:
requests:
storage: 128Gi
---
apiVersion: v1
kind: Service
metadata:
namespace: devops
name: gitlab
spec:
type: NodePort
ports:
# Port上的映射端口
- port: 443
targetPort: 443
nodePort: 30103
name: gitlab443
- port: 80
targetPort: 80
nodePort: 30101
name: gitlab80
- port: 22
targetPort: 22
nodePort: 30386
name: gitlab22
selector:
app: gitlab
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: StatefulSet
metadata:
namespace: devops
name: gitlab
spec:
selector:
matchLabels:
app: gitlab
revisionHistoryLimit: 2
template:
metadata:
labels:
app: gitlab
spec:
containers:
# 应用的镜像
- image: gitlab/gitlab-ce
name: gitlab
imagePullPolicy: IfNotPresent
# 应用的内部端口
ports:
- containerPort: 443
name: gitlab443
- containerPort: 80
name: gitlab80
- containerPort: 22
name: gitlab22
volumeMounts:
# gitlab持久化
- name: gitlab-persistent
mountPath: /etc/gitlab
subPath: etc
- name: gitlab-persistent
mountPath: /var/log/gitlab
subPath: log
- name: gitlab-persistent
mountPath: /var/opt/gitlab
subPath: opt
imagePullSecrets:
- name: devops-repo
volumes:
# 使用pvc
- name: gitlab-persistent
persistentVolumeClaim:
claimName: gitlab-data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
gitlab配置文件:pv内 etc/gitlab.rb
external_url 'http://git.dev.dra-m.com'
gitlab_rails['gitlab_ssh_host'] = 'git.dev.dra-m.com'
# Nginx 授信地址 外部Nginx的IP
gitlab_rails['trusted_proxies'] = ['192.168.1.177','127.0.0.1']
# SSH 端口
gitlab_rails['gitlab_shell_ssh_port'] = 30386
# 服务监听方式
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8021"
puma['enable'] = true
puma['worker_timeout'] = 60
puma['worker_processes'] = 2
puma['min_threads'] = 1
puma['max_threads'] = 2
puma['ha']= false
puma['per_worker_max_memory_mb']= 2048
sidekiq['max_concurrency'] = 5
postgresql['shared_buffers'] = "50MB"
postgresql['max_worker_processes'] = 2
nginx['worker_processes'] = 2
gitaly['ruby_num_workers'] = 2
prometheus_monitoring['enable'] = false
#LDAP
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'LDAP',
'host' => '192.168.1.177',
'port' => 389,
'uid' => 'uid',
'verify_certificates' => false,
'bind_dn' => 'cn=admin,dc=dra-m,dc=com',
'password' => '*******',
'timeout' => 10,
'active_directory' => true,
'allow_username_or_email_login' => true,
'block_auto_created_users' => false,
'base' => 'dc=dra-m,dc=com',
'user_filter' => '',
'attributes' => {
'username' => ['uid', 'userid', 'sAMAccountName'],
'email' => ['mail', 'email', 'userPrincipalName'],
'name' => 'cn',
'first_name' => 'givenName',
'last_name' => 'sn'
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Gitlab可以直接用LDAP登录,默认权限为注册用户。
上次更新: 10/23/2024