合规国际互联网加速 OSASE为企业客户提供高速稳定SD-WAN国际加速解决方案。 广告
1、这里安装gitlab服务,安装前需要安装postgresql和redis。 ### 部署postgresql ``` # ------------------------------------------------ # mkdir -p /nfs_dir/{gitlab_etc_ver130806,gitlab_log_ver130806,gitlab_opt_ver130806,gitlab_postgresql_data_ver130806} # kubectl create namespace gitlab-ver130806 # kubectl -n gitlab-ver130806 apply -f 3postgres.yaml # kubectl -n gitlab-ver130806 apply -f 4redis.yaml # kubectl -n gitlab-ver130806 apply -f 5gitlab.yaml # kubectl -n gitlab-ver130806 apply -f 6gitlab-tls.yaml # ------------------------------------------------ # pv --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-postgresql-data-ver130806 labels:   type: gitlab-postgresql-data-ver130806 spec: capacity:   storage: 10Gi accessModes:   - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs:   path: /nfs_dir/gitlab_postgresql_data_ver130806   server: 10.4.7.111 # pvc --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gitlab-postgresql-data-ver130806-pvc spec: accessModes:   - ReadWriteOnce resources:   requests:     storage: 10Gi storageClassName: nfs selector:   matchLabels:     type: gitlab-postgresql-data-ver130806 --- apiVersion: v1 kind: Service metadata: name: postgresql labels:   app: gitlab   tier: postgreSQL spec: ports:   - port: 5432 selector:   app: gitlab   tier: postgreSQL --- apiVersion: apps/v1 kind: Deployment metadata: name: postgresql labels:   app: gitlab   tier: postgreSQL spec: replicas: 1 selector:   matchLabels:     app: gitlab     tier: postgreSQL strategy:   type: Recreate template:   metadata:     labels:       app: gitlab       tier: postgreSQL   spec:      #nodeSelector:      # gee/disk: "500g"     containers:        - image: postgres:12.6-alpine       #- image: harbor.boge.com/library/postgres:12.6-alpine         name: postgresql         env:           - name: POSTGRES_USER             value: gitlab           - name: POSTGRES_DB             value: gitlabhq_production           - name: POSTGRES_PASSWORD             value: bogeusepg           - name: TZ             value: Asia/Shanghai         ports:           - containerPort: 5432             name: postgresql         livenessProbe:           exec:             command:             - sh             - -c             - exec pg_isready -U gitlab -h 127.0.0.1 -p 5432 -d gitlabhq_production           initialDelaySeconds: 110           timeoutSeconds: 5           failureThreshold: 6         readinessProbe:           exec:             command:             - sh             - -c             - exec pg_isready -U gitlab -h 127.0.0.1 -p 5432 -d gitlabhq_production           initialDelaySeconds: 20           timeoutSeconds: 3           periodSeconds: 5 #         resources: #           requests: #             cpu: 100m #             memory: 512Mi #           limits: #             cpu: "1" #             memory: 1Gi         volumeMounts:           - name: postgresql             mountPath: /var/lib/postgresql/data     volumes:       - name: postgresql         persistentVolumeClaim:           claimName: gitlab-postgresql-data-ver130806-pvc ~~~ ``` ### 部署redis ``` --- apiVersion: v1 kind: Service metadata: name: redis labels:   app: gitlab   tier: backend spec: ports:   - port: 6379     targetPort: 6379 selector:   app: gitlab   tier: backend --- apiVersion: apps/v1 kind: Deployment metadata: name: redis labels:   app: gitlab   tier: backend spec: replicas: 1 selector:   matchLabels:     app: gitlab     tier: backend strategy:   type: Recreate template:   metadata:     labels:       app: gitlab       tier: backend   spec:      #nodeSelector:      # gee/disk: "500g"     containers:        - image: redis:6.2.0-alpine3.13       #- image: harbor.boge.com/library/redis:6.2.0-alpine3.13         name: redis         command:           - "redis-server"         args:           - "--requirepass"           - "bogeuseredis" #         resources: #           requests: #             cpu: "1" #             memory: 2Gi #           limits: #             cpu: "1" #             memory: 2Gi         ports:           - containerPort: 6379             name: redis         livenessProbe:           exec:             command:             - sh             - -c             - "redis-cli ping"           initialDelaySeconds: 30           periodSeconds: 10           timeoutSeconds: 5           successThreshold: 1           failureThreshold: 3         readinessProbe:           exec:             command:             - sh             - -c             - "redis-cli ping"           initialDelaySeconds: 5           periodSeconds: 10           timeoutSeconds: 1           successThreshold: 1           failureThreshold: 3     initContainers:     - command:       - /bin/sh       - -c       - |         ulimit -n 65536         mount -o remount rw /sys         echo never > /sys/kernel/mm/transparent_hugepage/enabled         mount -o remount rw /proc/sys         echo 2000 > /proc/sys/net/core/somaxconn         echo 1 > /proc/sys/vm/overcommit_memory       image: registry.cn-beijing.aliyuncs.com/acs/busybox:v1.29.2       imagePullPolicy: IfNotPresent       name: init-redis       resources: {}       securityContext:         privileged: true         procMount: Default ``` ### 部署gitlab 部署前宣制作一个gitlab-ce镜像 #### sources.list ``` deb http://mirrors.aliyun.com/ubuntu/ xenial main deb-src http://mirrors.aliyun.com/ubuntu/ xenial main deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main deb http://mirrors.aliyun.com/ubuntu/ xenial universe deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb http://mirrors.aliyun.com/ubuntu xenial-security main deb-src http://mirrors.aliyun.com/ubuntu xenial-security main deb http://mirrors.aliyun.com/ubuntu xenial-security universe deb-src http://mirrors.aliyun.com/ubuntu xenial-security universe ``` #### Dockerfile ``` FROM gitlab/gitlab-ce:13.8.6-ce.0 RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ && curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-archive-keyring.gpg RUN apt-get update -yq && \ apt-get install -y vim iproute2 net-tools iputils-ping curl wget software-properties-common unzip postgresql-client-12 && \ rm -rf /var/cache/apt/archives/* RUN ln -svf /usr/bin/pg_dump /opt/gitlab/embedded/bin/pg_dump ``` #### 开始部署 ``` # pv --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-etc-ver130806 labels:   type: gitlab-etc-ver130806 spec: capacity:   storage: 1Gi accessModes:   - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs:   path: /nfs_dir/gitlab_etc_ver130806   server: 10.4.7.111 # pvc --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gitlab-etc-ver130806-pvc spec: accessModes:   - ReadWriteOnce resources:   requests:     storage: 1Gi storageClassName: nfs selector:   matchLabels:     type: gitlab-etc-ver130806 # pv --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-log-ver130806 labels:   type: gitlab-log-ver130806 spec: capacity:   storage: 1Gi accessModes:   - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs:   path: /nfs_dir/gitlab_log_ver130806   server: 10.4.7.111 # pvc --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gitlab-log-ver130806-pvc spec: accessModes:   - ReadWriteOnce resources:   requests:     storage: 1Gi storageClassName: nfs selector:   matchLabels:     type: gitlab-log-ver130806       # pv --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-opt-ver130806 labels:   type: gitlab-opt-ver130806 spec: capacity:   storage: 1Gi accessModes:   - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs:   path: /nfs_dir/gitlab_opt_ver130806   server: 10.4.7.111 # pvc --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gitlab-opt-ver130806-pvc spec: accessModes:   - ReadWriteOnce resources:   requests:     storage: 1Gi storageClassName: nfs selector:   matchLabels:     type: gitlab-opt-ver130806 --- apiVersion: v1 kind: Service metadata: name: gitlab labels:   app: gitlab   tier: frontend spec: ports:   - name: gitlab-ui     port: 80     protocol: TCP     targetPort: 80   - name: gitlab-ssh     port: 22     protocol: TCP     targetPort: 22 selector:   app: gitlab   tier: frontend type: NodePort --- apiVersion: v1 kind: ServiceAccount metadata: name: gitlab --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: gitlab-cb-ver130806 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount   name: gitlab   namespace: gitlab-ver130806 --- apiVersion: apps/v1 kind: Deployment metadata: name: gitlab labels:   app: gitlab   tier: frontend spec: replicas: 1 selector:   matchLabels:     app: gitlab     tier: frontend strategy:   type: Recreate template:   metadata:     labels:       app: gitlab       tier: frontend   spec:     serviceAccountName: gitlab     containers:       - image: harbor.boge.com/library/gitlab-ce:13.8.6-ce.1         name: gitlab #         resources: #           requests: #             cpu: 400m #             memory: 4Gi #           limits: #             cpu: "800m" #             memory: 8Gi         securityContext:           privileged: true         env:           - name: TZ             value: Asia/Shanghai           - name: GITLAB_OMNIBUS_CONFIG             value: |               postgresql['enable'] = false               gitlab_rails['db_username'] = "gitlab"               gitlab_rails['db_password'] = "bogeusepg"               gitlab_rails['db_host'] = "postgresql"               gitlab_rails['db_port'] = "5432"               gitlab_rails['db_database'] = "gitlabhq_production"               gitlab_rails['db_adapter'] = 'postgresql'               gitlab_rails['db_encoding'] = 'utf8'               redis['enable'] = false               gitlab_rails['redis_host'] = 'redis'               gitlab_rails['redis_port'] = '6379'               gitlab_rails['redis_password'] = 'bogeuseredis'               gitlab_rails['gitlab_shell_ssh_port'] = 22               external_url 'http://git.boge.com/'               nginx['listen_port'] = 80               nginx['listen_https'] = false               #-------------------------------------------               gitlab_rails['gitlab_email_enabled'] = true               gitlab_rails['gitlab_email_from'] = 'admin@boge.com'               gitlab_rails['gitlab_email_display_name'] = 'boge'               gitlab_rails['gitlab_email_reply_to'] = 'gitlab@boge.com'               gitlab_rails['gitlab_default_can_create_group'] = true               gitlab_rails['gitlab_username_changing_enabled'] = true               gitlab_rails['smtp_enable'] = true               gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"               gitlab_rails['smtp_port'] = 465               gitlab_rails['smtp_user_name'] = "gitlab@boge.com"               gitlab_rails['smtp_password'] = "bogesendmail"               gitlab_rails['smtp_domain'] = "exmail.qq.com"               gitlab_rails['smtp_authentication'] = "login"               gitlab_rails['smtp_enable_starttls_auto'] = true               gitlab_rails['smtp_tls'] = true               #-------------------------------------------               # 关闭 promethues               prometheus['enable'] = false               # 关闭 grafana               grafana['enable'] = false               # 减少内存占用               unicorn['worker_memory_limit_min'] = "200 * 1 << 20"               unicorn['worker_memory_limit_max'] = "300 * 1 << 20"               # 减少 sidekiq 的并发数               sidekiq['concurrency'] = 16               # 减少 postgresql 数据库缓存               postgresql['shared_buffers'] = "256MB"               # 减少 postgresql 数据库并发数量               postgresql['max_connections'] = 8               # 减少进程数   worker=CPU核数+1               unicorn['worker_processes'] = 2               nginx['worker_processes'] = 2               puma['worker_processes'] = 2               # puma['per_worker_max_memory_mb'] = 850               # 保留3天备份的数据文件               gitlab_rails['backup_keep_time'] = 259200               #-------------------------------------------         ports:           - containerPort: 80             name: gitlab         livenessProbe:           exec:             command:             - sh             - -c             - "curl -s http://127.0.0.1/-/health|grep -w 'GitLab OK'"           initialDelaySeconds: 120           periodSeconds: 10           timeoutSeconds: 5           successThreshold: 1           failureThreshold: 3         readinessProbe:           exec:             command:             - sh             - -c             - "curl -s http://127.0.0.1/-/health|grep -w 'GitLab OK'"           initialDelaySeconds: 120           periodSeconds: 10           timeoutSeconds: 5           successThreshold: 1           failureThreshold: 3         volumeMounts:           - mountPath: /etc/gitlab             name: gitlab1           - mountPath: /var/log/gitlab             name: gitlab2           - mountPath: /var/opt/gitlab             name: gitlab3           - mountPath: /etc/localtime             name: tz-config     volumes:       - name: gitlab1         persistentVolumeClaim:           claimName: gitlab-etc-ver130806-pvc       - name: gitlab2         persistentVolumeClaim:           claimName: gitlab-log-ver130806-pvc       - name: gitlab3         persistentVolumeClaim:           claimName: gitlab-opt-ver130806-pvc       - name: tz-config         hostPath:           path: /usr/share/zoneinfo/Asia/Shanghai     securityContext:       runAsUser: 0       fsGroup: 0 ``` ### 部署gitlab-tls ``` # old version #apiVersion: extensions/v1beta1 #kind: Ingress #metadata: # name: gitlab # annotations: #   nginx.ingress.kubernetes.io/force-ssl-redirect: "true" #   nginx.ingress.kubernetes.io/proxy-body-size: "20m" #spec: # tls: # - hosts: #   - git.boge.com #   secretName: mytls # rules: # - host: git.boge.com #   http: #     paths: #     - path: / #       backend: #         serviceName: gitlab #         servicePort: 80 # Add tls # openssl genrsa -out tls.key 2048 # openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=*.boge.com # kubectl -n gitlab-ver130806 create secret tls mytls --cert=tls.cert --key=tls.key # new version ## https://kubernetes.io/docs/concepts/services-networking/ingress/ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitlab annotations:   nginx.ingress.kubernetes.io/force-ssl-redirect: "false"   nginx.ingress.kubernetes.io/proxy-body-size: "20m" spec: tls: - hosts:   - git.boge.com   secretName: mytls rules: - host: git.boge.com   http:     paths:     - path: /       pathType: Prefix       backend:         service:           name: gitlab           port:             number: 80 ``` 部署完成以后会有这3个服务 ![](https://img.kancloud.cn/1b/3f/1b3f66db2596746ece7051164a0f67eb_1120x194.png) 本地hosts文件添加解析,如果正常范围部署完成: 10.4.7.111 git.boge.com ![](https://img.kancloud.cn/03/91/0391c79785dbd90828a373d6c96d6b94_1303x588.png)