部署postgres
# postgres.yaml
kind: Namespace
apiVersion: v1
metadata:
name: gitlab
labels:
type: gitlab
---
kind: PersistentVolumeClaim # 声明一个pvc存储
apiVersion: v1
metadata:
name: gitlab-postgresql-data-pvc
labels:
type: gitlab-postgresql-data
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: rook-ceph-block
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
labels:
app: gitlab
tier: postgreSQL
namespace: gitlab
spec:
ports:
- port: 5432
selector:
app: gitlab
tier: postgreSQL
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
labels:
app: gitlab
tier: postgreSQL
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
tier: postgreSQL
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
tier: postgreSQL
spec:
containers:
- name: postgresql
image: postgres
env:
- name: POSTGRES_USER # 用户名
value: gitlab
- name: POSTGRES_DB # 数据库
value: gitlabhq_production
- name: POSTGRES_PASSWORD # 密码
value: gitlab_password
- name: TZ
value: Asia/Shanghai
ports:
- containerPort: 5432
name: postgresql
livenessProbe: # 健康检查
exec:
command:
- sh
- -c
- exec pg_isready -U gitlab -h 127.0.0.1 -p 5432 -d gitlabhq_production
initialDelaySeconds: 110
timeoutSeconds: 5
failureThreshold: 6
volumeMounts:
- mountPath: /var/lib/postgresql
name: postgresql
subPath: data
volumes:
- name: postgresql
persistentVolumeClaim:
claimName: gitlab-postgresql-data-pvc
执行yaml,查看运行结果
[root@node1 gitlab]# kubectl apply -f postgresql.yaml
[root@node1 gitlab]# kubectl get pods -n gitlab
NAME READY STATUS RESTARTS AGE
postgresql-f4b5bff48-28npt 1/1 Running 0 68s
部署Redis
# redis.yaml
---
apiVersion: v1
kind: Service
metadata:
name: redis
labels:
app: gitlab
tier: backend
namespace: gitlab
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: gitlab
tier: backend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
app: gitlab
tier: backend
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
tier: backend
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
tier: backend
spec:
containers:
- name: redis
image: redis
command:
- "redis-server"
args:
- "--requirepass" # 设置密码
- "redis_password"
ports:
- containerPort: 6379
name: redis
livenessProbe:
exec:
command:
- sh
- -c
- "redis-cli ping"
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
initContainers:
- name: init-redis
image: busybox
resources: {}
securityContext: # 做操作时候需要权限,分配权限
privileged: true
procMount: Default
command: # 进行一些参数优化,以提高性能
- /bin/sh
- -c
- |
ulimit -n 65536
mount -o remount rw /sys
echo never > /sys/kernel/mm/transparent_hugepage/enabled
mount -o remount rw /proc/sys
echo 2000 > /proc/sys/net/core/somaxconn
echo 1 > /proc/sys/vm/overcommit_memory
运行yaml并查看结果
[root@node1 gitlab]# kubectl apply -f redis.yaml
[root@node1 gitlab]# kubectl get pods -n gitlab
NAME READY STATUS RESTARTS AGE
postgresql-f4b5bff48-28npt 1/1 Running 0 25m
redis-744b74cd84-4lgj8 1/1 Running 0 33s
[root@node1 gitlab]# kubectl get service -n gitlab
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
postgresql ClusterIP 10.96.159.149 <none> 5432/TCP 27m
redis ClusterIP 10.108.236.150 <none> 6379/TCP 2m6s
部署GitLab
# gitlab.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitlab-etc-data-pvc
labels:
type: gitlab-etc-data
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitlab-log-data-pvc
labels:
type: gitlab-log-data
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: rook-ceph-block
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitlab-opt-data-pvc
labels:
type: gitlab-opt-data
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: rook-ceph-block
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
labels:
app: gitlab
tier: frontend
namespace: gitlab
spec:
ports:
- port: 80
name: gitlab-ui
protocol: TCP
targetPort: 80
nodePort: 31000 # 外部访问的端口
- port: 22
name: gitlab-ssh
protocol: TCP
targetPort: 22
nodePort: 32000 # 外部访问的端口
selector:
app: gitlab
tier: frontend
type: NodePort
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: gitlab
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitlab-cb-ver
namespace: gitlab
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin # 因为gitlab是一个pod,gitlab-runner也是pod,使用一个pod管理其他pod需要权限。这里赋为最高权限
subjects:
- kind: ServiceAccount
name: gitlab
namespace: gitlab
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
labels:
app: gitlab
tier: frontend
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
tier: frontend
spec:
serviceAccountName: gitlab
containers:
- image: gitlab/gitlab-ce
name: gitlab
securityContext:
privileged: true
env:
- name: TZ
value: Asia/Shanghai
- name: GITLAB_OMNIBUS_CONFIG
value: |
postgresql['enable'] = false
gitlab_rails['db_username'] = 'gitlab'
gitlab_rails['db_password'] = 'gitlab_password'
gitlab_rails['db_host'] = 'postgresql.gitlab'
gitlab_rails['db_port'] = '5432'
gitlab_rails['db_database'] = 'gitlabhq_production'
gitlab_rails['db_adapter'] = 'postgresql'
redis['enable'] = false
gitlab_rails['redis_host'] = 'redis.gitlab'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'redis_password'
gitlab_rails['gitlab_shell_ssh_port'] = 32000
external_url 'http://192.168.0.101:31000'
nginx['listen_port'] = 80
nginx['listen_https'] = false
gitlab_rails['db_encoding'] = 'utf8'
# 关闭prometheus
prometheus['enable'] = false
# 关闭grafana
grafana['enable'] = false
# # 减少内存占用
# unicorn['worker_memory_limit_min'] = "200 * 1 << 20"
# unicorn['worker_memory_limit_max'] = "300 * 1 << 20"
# # 减少sidekiq的并发数
# sidekiq['concurrency'] = 16
# # 减少postgresql数据库的缓存
# postgresql['shared_buffers'] = "256MB"
# # 减少postgresql数据库并发数量
# postgresql['max_connections'] = 8
# # 减少进程数 worker = CPU核心数 + 1
# unicorn['worker_processes'] = 2
# nginx['worker_processes'] = 2
# puma['worker_processes'] = 2
# # 保留3天备份的数据文件
# gitlab['backup_keep_time'] = 259200
ports:
- containerPort: 80
name: gitlab
# livenessProbe:
# exec:
# command:
# - sh
# - -c
# - "curl -s http://127.0.0.1/-/health/grep -w 'GitLab OK'"
# initialDelaySeconds: 120
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 3
# readinessProbe:
# exec:
# command:
# - sh
# - -c
# - "curl -s http://127.0.0.1/-/health/grep -w 'GitLab OK'"
# initialDelaySeconds: 120
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 3
volumeMounts:
- mountPath: /etc/gitlab
name: gitlab-etc-data
- mountPath: /var/log/gitlab
name: gitlab-log-data
- mountPath: /var/opt/gitlab
name: gitlab-opt-data
volumes:
- name: gitlab-etc-data
persistentVolumeClaim:
claimName: gitlab-etc-data-pvc
- name: gitlab-log-data
persistentVolumeClaim:
claimName: gitlab-log-data-pvc
- name: gitlab-opt-data
persistentVolumeClaim:
claimName: gitlab-opt-data-pvc
securityContext: # pod的用户角色为root
runAsUser: 0
fsGroup: 0
应用yaml文件,并查看pod运行情况
[root@node1 gitlab]# kubectl apply -f gitlab.yaml
[root@node1 gitlab]# kubectl get pods -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-77d7496d86-k4gfc 1/1 Running 0 23s
postgresql-f4b5bff48-28npt 1/1 Running 0 11h
redis-744b74cd84-4lgj8 1/1 Running 0 11h
查看gitlab暴露的端口
[root@node1 gitlab]# kubectl get service -n gitlab
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab NodePort 10.96.58.250 <none> 80:31000/TCP,22:32000/TCP 64s
postgresql ClusterIP 10.96.159.149 <none> 5432/TCP 11h
redis ClusterIP 10.108.236.150 <none> 6379/TCP 11h
查看默认密码
[root@node1 gitlab]# kubectl exec -it gitlab-77d7496d86-k4gfc -n gitlab -- bash
root@gitlab-77d7496d86-k4gfc:/# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: kRwVdqDzYuKUPEvWnGI4FY3x9UHTWCZGEbljSp3PnGw=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
访问gitlab
遇到的问题
问题一
部署postgres的时候出现如下错误
[root@node1 gitlab]# kubectl logs postgresql-6677cb56d-c74tj
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
initdb: error: directory "/var/lib/postgresql/data" exists but is not empty
initdb: detail: It contains a lost+found directory, perhaps due to it being a mount point.
initdb: hint: Using a mount point directly as the data directory is not recommended.
Create a subdirectory under the mount point.
解决办法:
# volumeMounts 中新增 subPath 参数
volumeMounts:
- mountPath: /var/lib/postgresql
name: postgresql
subPath: data
subPath 所定义的路径,指的是 卷(Volume)内的子路径,用于将卷内 subPath 所对应的目录或文件,挂载到容器的挂载点。不指定此参数时,默认是将卷的根路径中内容进行挂载。
