kubernetes實戰(十四)：k8s持久化部署gitlab集成openLDAP登陸

一、基本概念

　　使用k8s安裝gitlab-ce，採用GlusterFS實現持久化(注意PG使用的是NFS存儲，使用動態存儲重啓postgresql的pod後沒法成功啓動pg，待解決)，並集成了openLDAP。

　　注意：我公司使用的gitlab是獨立於k8s集羣以外的。

 

二、安裝部署

　　最一開始使用的是helm安裝gitlab，網上的文檔應該所有都是使用的這個chart：https://github.com/helm/charts/tree/master/stable/gitlab-ce

　　可是這個chart已經被棄用，並推薦咱們使用官方的chart

　　官方chart：https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html

　　我在使用官方chart部署完成之後，發現啓動的容器太多，就放棄了這個方式，使用yaml文件部署。

　　下載yaml文件：

git clone https://github.com/dotbalo/k8s.git

[root@k8s-master01 gitlab]# pwd
/root/k8s/gitlab [root@k8s-master01 gitlab]# ls gitlab-rc.yml  gitlab-svc.yml  postgresql-rc.yml  postgresql-svc.yml  redis-rc.yml  redis-svc.yml
...

　　修改對應的配置：

　　主要修改每一個rc的namespace，使用的持久化存儲方式(當前yaml使用的GFS動態存儲，pg使用的是NFS，按需修改)

　　修改gitlab-rc.yml裏面的env，對應的LDAP信息和SMTP信息等

　　修改traefik的域名

　　建立gitlab

[root@k8s-master01 gitlab]# kubectl apply -f .

[root@k8s-master01 gitlab]# kubectl get po,svc,pvc -n public-service NAME READY STATUS RESTARTS AGE pod/gitlab-cctr6       1/1       Running   2 37m pod/postgresql-c6trh   1/1       Running   1 37m pod/redis-b6vfk        1/1       Running   0 3h NAME TYPE CLUSTER-IP       EXTERNAL-IP PORT(S) AGE service/gitlab                            ClusterIP   10.109.163.143   <none>        80/TCP,22/TCP 24m service/gitlab-balancer                   NodePort    10.108.77.162    <none>        80:30049/TCP,22:30347/TCP 14m service/glusterfs-dynamic-gitlab-gitlab   ClusterIP   10.102.192.68    <none>        1/TCP 59m service/glusterfs-dynamic-gitlab-pg       ClusterIP   10.96.14.147     <none>        1/TCP 37m service/glusterfs-dynamic-gitlab-redis    ClusterIP   10.106.253.41    <none>        1/TCP 1h service/postgresql                        ClusterIP   10.104.102.20    <none>        5432/TCP 3h service/redis                             ClusterIP   10.97.174.50     <none>        6379/TCP 3h NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE persistentvolumeclaim/gitlab-gitlab   Bound     pvc-b8249829-f6bf-11e8-9640-000c298bf023   5Gi        RWX            gluster-heketi 59m persistentvolumeclaim/gitlab-pg       Bound     pvc-b40b6227-f6c2-11e8-9640-000c298bf023   5Gi        RWX            gluster-heketi 37m persistentvolumeclaim/gitlab-redis    Bound     pvc-28d0276d-f6af-11e8-8d2c-000c293bfe27   3Gi        RWX            gluster-heketi   2h

　　等待所有pods啓動成功後，訪問gitlab，報錯解決

 

三、訪問

　　默認帳號密碼：root/gitlab123

　　語言更改，注意：此時翻譯是實驗性的，更改後須要從新登陸

 　　使用LDAP登陸，均使用郵箱登陸

 

 

 

四、建立項目

　　我公司一個項目下有不少子項目，因此首先建立一個羣組：

　　建立項目

　　添加README

 

　　添加用戶權限

　　登陸至該用戶可查看到此項目

　　添加SSH Key

　　若是沒有Key須要使用ssh-keygen -t rsa -C "your@email.com"生成對應的Key。

 五、拉取項目

 

 　　建立分支

 

 　　克隆代碼，注意此時須要更改git的地址，由於ssh端口並不是22，能夠經過service查看nodeport的端口

λ git clone ssh://git@gitlab.xxx.net:32455/platform/app1.git
Cloning into 'app1'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0) Receiving objects: 100% (3/3), done. Checking connectivity... done. D:\code λ cd app1\ D:\code\app1 (master) λ git branch -a * master remotes/origin/HEAD -> origin/master remotes/origin/app1-develop remotes/origin/master D:\code\app1 (master) λ git checkout app1-develop Branch app1-develop set up to track remote branch app1-develop from origin. Switched to a new branch 'app1-develop' D:\code\app1 (app1-develop) λ touch.exe testfile D:\code\app1 (app1-develop) λ git add . D:\code\app1 (app1-develop) λ git commit -am "create a test file" [app1-develop 9050e35] create a test file
 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testfile D:\code\app1 (app1-develop) λ git push origin app1-develop Counting objects: 3, done. Delta compression using up to 4 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 278 bytes | 0 bytes/s, done. Total 3 (delta 0), reused 0 (delta 0) remote: remote: To create a merge request for app1-develop, visit: remote: http://gitlab.xxx.net/platform/app1/merge_requests/new?merge_request%5Bsource_branch%5D=app1-develop remote:
To ssh://git@gitlab.xxx.net:32455/platform/app1.git
   0a63d86..9050e35  app1-develop -> app1-develop

　　查看文件

　　協同開發，一樣方式將其餘用戶加入此項目

　　克隆代碼，並修改文件

[root@k8s-node02 ~]# git clone ssh://git@gitlab.xxx.net:32455/platform/app1.git
Cloning into 'app1'... The authenticity of host '[gitlab.xxx.net]:32455 ([192.168.20.10]:32455)' can't be established.
ECDSA key fingerprint is SHA256:l6BYlMWpAWyXx/f5oTG8lK4JQvG9C2ZZ9opqdQZfIuc. ECDSA key fingerprint is MD5:5b:b4:04:68:26:53:2e:ba:fe:f8:99:6c:8f:d3:fa:51. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[gitlab.xxx.net]:32455,[192.168.20.10]:32455' (ECDSA) to the list of known hosts. remote: Enumerating objects: 6, done. remote: Counting objects: 100% (6/6), done. remote: Compressing objects: 100% (3/3), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. [root@k8s-node02 ~]# cd app1/ [root@k8s-node02 app1]# ls README.md [root@k8s-node02 app1]# git branch -a * master remotes/origin/HEAD -> origin/master remotes/origin/app1-develop remotes/origin/master [root@k8s-node02 app1]# git checkout app1-develop Branch app1-develop set up to track remote branch app1-develop from origin. Switched to a new branch 'app1-develop' [root@k8s-node02 app1]# ls README.md testfile [root@k8s-node02 app1]# echo "add something" >> testfile [root@k8s-node02 app1]# git add . [root@k8s-node02 app1]# git commit -am "add someting to testfile" [app1-develop 69d693c] add someting to testfile 1 file changed, 1 insertion(+) [root@k8s-node02 app1]# git push origin app1-develop Counting objects: 5, done. Delta compression using up to 4 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 305 bytes | 0 bytes/s, done. Total 3 (delta 0), reused 0 (delta 0) remote: remote: To create a merge request for app1-develop, visit: remote: http://gitlab.xxx.net/platform/app1/merge_requests/new?merge_request%5Bsource_branch%5D=app1-develop
remote: To ssh://git@gitlab.xxx.net:32455/platform/app1.git
   9050e35..69d693c  app1-develop -> app1-develop

 

 

贊助做者：