热门标签
热门文章
- 1python可视化——热力图heatmap seaborn库_python sns.heatmap
- 2图像识别经典模型的发展_图片识别模型
- 32024美赛数学建模赛题解读常用模型算法
- 4前沿科技速递——YOLOv9
- 5【MySQL】在云服务器上安装配置mysql,并使用IDEA连接_mysql server.cnf client.cnf
- 6YoloV8的安装和训练_yelov5和v8能同时安装吗
- 7.Net Core AutoFac 使用方法讲解大全,具体详细使用知识总结
- 8lua modue、 require、 package 区别_package.preload
- 9java springboot 微信小程序开发框架源码_java转微信小程序原生代码开发
- 10LINUX笔记
当前位置: article > 正文
helm部署gitlab_helm gitlab
作者:我家小花儿 | 2024-02-27 10:50:29
赞
踩
helm gitlab
helm部署gitlab。chart最新版本:4.4.3
- namespace:
public-service-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: public-service
- 1
- 2
- 3
- 4
kubectl apply -f public-service-ns.yaml
- 1
- nfs存储:
yum install -y nfs-utils rpcbind
mkdir -p /data/gitlab/{gitaly,minio,postgresql,redis}
vim /etc/exports
- 1
- 2
- 3
- 4
- 5
/data/gitlab 192.168.30.0/24(rw,sync,no_root_squash)
- 1
chmod -R 755 /data/gitlab
exportfs -arv
systemctl enable rpcbind && systemctl start rpcbind
systemctl enable nfs && systemctl start nfs
- 1
- 2
- 3
- 4
- 5
- 6
- 7
nfs部署完毕。对于需要使用nfs的node节点,都要安装nfs:
yum install -y nfs-utils
- 1
gitlab-pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-gitaly labels: app: gitlab component: gitaly spec: capacity: storage: 50Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle nfs: server: 192.168.30.129 path: /data/gitlab/gitaly --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-minio labels: app: gitlab component: minio spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle nfs: server: 192.168.30.129 path: /data/gitlab/minio --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-postgresql labels: app: gitlab component: postgresql spec: capacity: storage: 8Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle nfs: server: 192.168.30.129 path: /data/gitlab/postgresql --- apiVersion: v1 kind: PersistentVolume metadata: name: gitlab-redis labels: app: gitlab component: redis spec: capacity: storage: 8Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle nfs: server: 192.168.30.129 path: /data/gitlab/redis
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
kubectl apply -f gitlab-pv.yaml
kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
gitlab-gitaly 50Gi RWO Recycle Available 5s
gitlab-minio 10Gi RWO Recycle Available 5s
gitlab-postgresql 8Gi RWO Recycle Available 5s
gitlab-redis 8Gi RWO Recycle Available 5s
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 配置:
helm repo add gitlab https://charts.gitlab.io/
helm repo update
helm pull gitlab/gitlab
tar xf gitlab-4.4.3.tgz
vim gitlab/values.yaml #更改
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
global: hosts: domain: lzxlinux.com https: false ingress: configureCertmanager: false enabled: true tls: enabled: false certmanager: createCustomResource: false nameOverride: cert-manager install: false rbac: create: false nginx-ingress: enabled: false rbac: create: false serviceAccount: create: false prometheus: install: false rbac: create: false gitlab-runner: install: false rbac: create: false grafana: sidecar: dashboards: enabled: false label: gitlab_grafana_dashboard datasources: enabled: false label: gitlab_grafana_datasource
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
vim gitlab/charts/certmanager-issuer/values.yaml
- 1
email: admin@admin.com
- 1
vim gitlab/charts/gitlab/charts/gitlab-exporter/values.yaml
- 1
enabled: false
- 1
vim gitlab/charts/gitlab/charts/gitaly/values.yaml
- 1
securityContext:
runAsUser: 0
fsGroup: 0
- 1
- 2
- 3
vim gitlab/charts/minio/values.yaml
- 1
securityContext:
runAsUser: 0
fsGroup: 0
- 1
- 2
- 3
vim gitlab/charts/postgresql/values.yaml
- 1
securityContext:
enabled: true
fsGroup: 0
runAsUser: 0
- 1
- 2
- 3
- 4
vim gitlab/charts/redis/values.yaml
- 1
securityContext:
enabled: true
fsGroup: 0
runAsUser: 0
- 1
- 2
- 3
- 4
vim gitlab/charts/gitlab/charts/gitaly/templates/statefulset.yml
- 1
{{- if .Values.global.gitaly.enabled -}} apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "fullname" . }} namespace: {{ $.Release.Namespace }} labels: {{- include "gitlab.immutableLabels" . | nindent 4 }} spec: selector: matchLabels: app: {{ template "name" . }} release: {{ .Release.Name }} serviceName: {{ template "gitlab.gitaly.serviceName" . }} replicas: {{template "gitlab.gitaly.replicas" . }} podManagementPolicy: Parallel {{- if .Values.global.operator.enabled }} updateStrategy: rollingUpdate: partition: {{template "gitlab.gitaly.replicas" . }} {{- end }} template: metadata: labels: app: {{ template "name" . }} release: {{ .Release.Name }} {{- include "gitlab.podLabels" . | nindent 8 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yml") . | sha256sum }} {{- range $key, $value := .Values.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: {{- if .Values.tolerations }} tolerations: {{- toYaml .Values.tolerations | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} terminationGracePeriodSeconds: 30 initContainers: {{- include "gitlab.extraInitContainers" . | nindent 8 }} {{- include "gitlab.certificates.initContainer" . | nindent 8 }} - name: configure command: ['sh', '/config/configure'] image: {{ include "gitlab.busybox.image" (dict "local" .Values.init "global" $.Values.global.busybox) | quote }} env: {{- include "gitlab.extraEnv" . | nindent 10 }} volumeMounts: {{- include "gitlab.extraVolumeMounts" . | nindent 10 }} - name: gitaly-config mountPath: /config readOnly: true - name: init-gitaly-secrets mountPath: /init-config readOnly: true - name: gitaly-secrets mountPath: /init-secrets readOnly: false resources: {{- toYaml .Values.init.resources | nindent 12 }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} fsGroup: {{ .Values.securityContext.fsGroup }} {{- include "pullsecrets" .Values.image | indent 6 }} {{- if eq (default .Values.global.antiAffinity .Values.antiAffinity) "hard" }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: "kubernetes.io/hostname" labelSelector: matchLabels: app: {{ template "name" . }} release: {{ .Release.Name }} {{- else if eq (default .Values.global.antiAffinity .Values.antiAffinity) "soft" }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: {{ template "name" . }} release: {{ .Release.Name }} {{- end }} {{- if or .Values.serviceAccount.enabled .Values.global.serviceAccount.enabled }} serviceAccountName: {{ include "gitlab.serviceAccount.name" . }} {{- end }} containers: {{- include "gitlab.extraContainers" . | nindent 8 }} - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.parseAppVersion" (dict "appVersion" .Chart.AppVersion "prepend" "true")) }}" {{ template "gitlab.imagePullPolicy" . }} ports: - containerPort: {{ coalesce .Values.service.internalPort .Values.global.gitaly.service.internalPort }} {{- if .Values.metrics.enabled }} - containerPort: {{ .Values.metrics.metricsPort }} {{- end }} env: - name: CONFIG_TEMPLATE_DIRECTORY value: '/etc/gitaly/templates' - name: CONFIG_DIRECTORY value: '/etc/gitaly' - name: GITALY_CONFIG_FILE value: '/etc/gitaly/config.toml' - name: SSL_CERT_DIR value: '/etc/ssl/certs' {{- if .Values.metrics.enabled }} - name: GITALY_PROMETHEUS_LISTEN_ADDR value: ':{{ .Values.metrics.metricsPort }}' {{- end }} {{- include "gitlab.tracing.env" . | nindent 12 }} {{- include "gitlab.extraEnv" . | nindent 12 }} volumeMounts: {{- include "gitlab.extraVolumeMounts" . | nindent 12 }} {{- include "gitlab.certificates.volumeMount" . | nindent 12 }} - name: gitaly-config mountPath: '/etc/gitaly/templates' - name: gitaly-secrets mountPath: '/etc/gitlab-secrets' readOnly: true - name: repo-data mountPath: '/home/git/repositories' {{- if and .Values.persistence.enabled .Values.persistence.subPath }} subPath: "{{ .Values.persistence.subPath }}" {{- end }} livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 10 readinessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} volumes: {{- include "gitlab.extraVolumes" . | nindent 6 }} - name: gitaly-config configMap: name: {{ template "fullname" . }} {{- if not .Values.persistence.enabled }} - name: repo-data emptyDir: {} {{- end }} - name: gitaly-secrets emptyDir: medium: "Memory" - name: init-gitaly-secrets projected: defaultMode: 0440 sources: - secret: name: {{ template "gitlab.gitaly.authToken.secret" . }} items: - key: {{ template "gitlab.gitaly.authToken.key" . }} path: "gitaly_token" - secret: name: {{ template "gitlab.gitlab-shell.authToken.secret" . }} items: - key: {{ template "gitlab.gitlab-shell.authToken.key" . }} path: ".gitlab_shell_secret" {{- if .Values.global.gitaly.tls.enabled }} - secret: name: {{ template "gitlab.gitaly.tls.secret" . }} items: - key: "tls.crt" path: "gitaly.crt" - key: "tls.key" path: "gitaly.key" {{- end }} {{- include "gitlab.certificates.volumes" . | nindent 6 }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: name: repo-data labels: app: gitlab component: {{ template "name" . }} annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- if .Values.persistence.storageClass }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end -}} {{- end }} selector: matchLabels: app: gitlab component: {{ template "name" . }} {{- if .Values.persistence.matchExpressions }} matchExpressions: {{- toYaml .Values.persistence.matchExpressions | nindent 12 }} {{- end -}} {{- end }} {{- end }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
vim gitlab/charts/minio/templates/minio_pvc.yaml
- 1
{{- if and .Values.global.minio.enabled .Values.persistence.enabled }} kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "minio.fullname" . }} namespace: {{ $.Release.Namespace }} labels: app: gitlab component: {{ template "name" . }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- if .Values.persistence.volumeName }} volumeName: {{ .Values.persistence.volumeName }} {{- end }} {{- if .Values.persistence.storageClass }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end -}} {{- end }} selector: matchLabels: app: gitlab component: {{ template "name" . }} {{- if .Values.persistence.matchExpressions }} matchExpressions: {{ toYaml .Values.persistence.matchExpressions | indent 6 }} {{- end -}} {{- end }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
vim gitlab/charts/postgresql/templates/statefulset.yaml
- 1
apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ template "postgresql.master.fullname" . }} labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} {{- with .Values.master.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: {{- if .Values.commonAnnotations }} {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} {{- with .Values.slave.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: serviceName: {{ template "postgresql.fullname" . }}-headless replicas: 1 updateStrategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "Recreate" .Values.updateStrategy.type) }} rollingUpdate: null {{- end }} selector: matchLabels: app: {{ template "postgresql.name" . }} release: {{ .Release.Name | quote }} role: master template: metadata: name: {{ template "postgresql.fullname" . }} labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} role: master {{- with .Values.master.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.master.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} {{- include "postgresql.imagePullSecrets" . | indent 6 }} {{- if .Values.master.nodeSelector }} nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.master.affinity }} affinity: {{- toYaml .Values.master.affinity | nindent 8 }} {{- end }} {{- if .Values.master.tolerations }} tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} {{- end }} {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} {{- end }} {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} {{- end }} {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} initContainers: {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} command: - /bin/sh - -cx - | {{- if .Values.persistence.enabled }} mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} xargs chown -R `id -u`:`id -G | cut -d " " -f2` {{- else }} xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{- end }} {{- end }} {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} chmod -R 777 /dev/shm {{- end }} {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} securityContext: {{- else }} securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} {{- end }} volumeMounts: {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm {{- end }} {{- end }} {{- if .Values.master.extraInitContainers }} {{- tpl .Values.master.extraInitContainers . | nindent 8 }} {{- end }} {{- end }} {{- if .Values.master.priorityClassName }} priorityClassName: {{ .Values.master.priorityClassName }} {{- end }} containers: - name: {{ template "postgresql.fullname" . }} image: {{ template "postgresql.image" . }} imagePullPolicy: "{{ .Values.image.pullPolicy }}" {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} {{- if .Values.securityContext.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.image.debug | quote }} - name: POSTGRESQL_PORT_NUMBER value: "{{ template "postgresql.port" . }}" - name: POSTGRESQL_VOLUME_DIR value: "{{ .Values.persistence.mountPath }}" {{- if .Values.postgresqlInitdbArgs }} - name: POSTGRES_INITDB_ARGS value: {{ .Values.postgresqlInitdbArgs | quote }} {{- end }} {{- if .Values.postgresqlInitdbWalDir }} - name: POSTGRES_INITDB_WALDIR value: {{ .Values.postgresqlInitdbWalDir | quote }} {{- end }} {{- if .Values.initdbUser }} - name: POSTGRESQL_INITSCRIPTS_USERNAME value: {{ .Values.initdbUser }} {{- end }} {{- if .Values.initdbPassword }} - name: POSTGRESQL_INITSCRIPTS_PASSWORD value: {{ .Values.initdbPassword }} {{- end }} {{- if .Values.persistence.mountPath }} - name: PGDATA value: {{ .Values.postgresqlDataDir | quote }} {{- end }} {{- if .Values.replication.enabled }} - name: POSTGRES_REPLICATION_MODE value: "master" - name: POSTGRES_REPLICATION_USER value: {{ include "postgresql.replication.username" . | quote }} {{- if .Values.usePasswordFile }} - name: POSTGRES_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" {{- else }} - name: POSTGRES_REPLICATION_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} {{- if not (eq .Values.replication.synchronousCommit "off")}} - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE value: {{ .Values.replication.synchronousCommit | quote }} - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS value: {{ .Values.replication.numSynchronousReplicas | quote }} {{- end }} - name: POSTGRES_CLUSTER_APP_NAME value: {{ .Values.replication.applicationName }} {{- end }} {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} {{- if .Values.usePasswordFile }} - name: POSTGRES_POSTGRES_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" {{- else }} - name: POSTGRES_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-postgres-password {{- end }} {{- end }} - name: POSTGRES_USER value: {{ include "postgresql.username" . | quote }} {{- if .Values.usePasswordFile }} - name: POSTGRES_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" {{- else }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password {{- end }} {{- if (include "postgresql.database" .) }} - name: POSTGRES_DB value: {{ (include "postgresql.database" .) | quote }} {{- end }} {{- if .Values.extraEnv }} {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} {{- end }} - name: POSTGRESQL_ENABLE_LDAP value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} {{- if .Values.ldap.enabled }} - name: POSTGRESQL_LDAP_SERVER value: {{ .Values.ldap.server }} - name: POSTGRESQL_LDAP_PORT value: {{ .Values.ldap.port | quote }} - name: POSTGRESQL_LDAP_SCHEME value: {{ .Values.ldap.scheme }} {{- if .Values.ldap.tls }} - name: POSTGRESQL_LDAP_TLS value: "1" {{- end}} - name: POSTGRESQL_LDAP_PREFIX value: {{ .Values.ldap.prefix | quote }} - name: POSTGRESQL_LDAP_SUFFIX value: {{ .Values.ldap.suffix | quote}} - name: POSTGRESQL_LDAP_BASE_DN value: {{ .Values.ldap.baseDN }} - name: POSTGRESQL_LDAP_BIND_DN value: {{ .Values.ldap.bindDN }} {{- if (not (empty .Values.ldap.bind_password)) }} - name: POSTGRESQL_LDAP_BIND_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-ldap-password {{- end}} - name: POSTGRESQL_LDAP_SEARCH_ATTR value: {{ .Values.ldap.search_attr }} - name: POSTGRESQL_LDAP_SEARCH_FILTER value: {{ .Values.ldap.search_filter }} - name: POSTGRESQL_LDAP_URL value: {{ .Values.ldap.url }} {{- end}} {{- if .Values.extraEnvVarsCM }} envFrom: - configMapRef: name: {{ tpl .Values.extraEnvVarsCM . }} {{- end }} ports: - name: tcp-postgresql containerPort: {{ template "postgresql.port" . }} {{- if .Values.livenessProbe.enabled }} livenessProbe: exec: command: - /bin/sh - -c {{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} {{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: exec: command: - /bin/sh - -c - -e {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ {{- end }} {{- if .Values.initdbScriptsSecret }} - name: custom-init-scripts-secret mountPath: /docker-entrypoint-initdb.d/secret {{- end }} {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config mountPath: /bitnami/postgresql/conf/conf.d/ {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm {{- end }} {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - name: postgresql-config mountPath: /bitnami/postgresql/conf {{- end }} {{- if .Values.master.extraVolumeMounts }} {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} {{- end }} {{- if .Values.master.sidecars }} {{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: {{ template "postgresql.metrics.image" . }} imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} {{- if .Values.metrics.securityContext.enabled }} securityContext: runAsUser: {{ .Values.metrics.securityContext.runAsUser }} {{- end }} env: {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - name: DATA_SOURCE_URI value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} {{- if .Values.usePasswordFile }} - name: DATA_SOURCE_PASS_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" {{- else }} - name: DATA_SOURCE_PASS valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password {{- end }} - name: DATA_SOURCE_USER value: {{ template "postgresql.username" . }} {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: path: / port: http-metrics initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: / port: http-metrics initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} {{- end }} volumeMounts: {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ {{- end }} {{- if .Values.metrics.customMetrics }} - name: custom-metrics mountPath: /conf readOnly: true args: ["--extend.query-path", "/conf/custom-metrics.yaml"] {{- end }} ports: - name: http-metrics containerPort: 9187 {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} volumes: {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - name: postgresql-config configMap: name: {{ template "postgresql.configurationCM" . }} {{- end }} {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config configMap: name: {{ template "postgresql.extendedConfigurationCM" . }} {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password secret: secretName: {{ template "postgresql.secretName" . }} {{- end }} {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts configMap: name: {{ template "postgresql.initdbScriptsCM" . }} {{- end }} {{- if .Values.initdbScriptsSecret }} - name: custom-init-scripts-secret secret: secretName: {{ template "postgresql.initdbScriptsSecret" . }} {{- end }} {{- if .Values.master.extraVolumes }} {{- toYaml .Values.master.extraVolumes | nindent 8 }} {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - name: custom-metrics configMap: name: {{ template "postgresql.metricsCM" . }} {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm emptyDir: medium: Memory sizeLimit: 1Gi {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: {{- with .Values.persistence.existingClaim }} claimName: {{ tpl . $ }} {{- end }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - metadata: name: data labels: app: gitlab component: {{ template "postgresql.name" . }} {{- with .Values.persistence.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value }} {{- end }} {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{ include "postgresql.storageClass" . }} selector: matchLabels: app: gitlab component: {{ template "postgresql.name" . }} {{- end }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
vim gitlab/charts/redis/templates/redis-master-statefulset.yaml
- 1
apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "redis.fullname" . }}-master labels: app: {{ template "redis.name" . }} chart: {{ template "redis.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: matchLabels: app: {{ template "redis.name" . }} release: {{ .Release.Name }} role: master serviceName: {{ template "redis.fullname" . }}-headless template: metadata: labels: app: {{ template "redis.name" . }} chart: {{ template "redis.chart" . }} release: {{ .Release.Name }} role: master {{- if .Values.master.podLabels }} {{ toYaml .Values.master.podLabels | indent 8 }} {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} {{ toYaml .Values.metrics.podLabels | indent 8 }} {{- end }} annotations: checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.master.podAnnotations }} {{ toYaml .Values.master.podAnnotations | indent 8 }} {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} {{ toYaml .Values.metrics.podAnnotations | indent 8 }} {{- end }} spec: {{- include "redis.imagePullSecrets" . | indent 6 }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} {{- if .Values.securityContext.sysctls }} sysctls: {{ toYaml .Values.securityContext.sysctls | indent 8 }} {{- end }} {{- end }} serviceAccountName: "{{ template "redis.serviceAccountName" . }}" {{- if .Values.master.priorityClassName }} priorityClassName: "{{ .Values.master.priorityClassName }}" {{- end }} {{- with .Values.master.affinity }} affinity: {{ tpl (toYaml .) $ | indent 8 }} {{- end }} {{- if .Values.master.nodeSelector }} nodeSelector: {{ toYaml .Values.master.nodeSelector | indent 8 }} {{- end }} {{- if .Values.master.tolerations }} tolerations: {{ toYaml .Values.master.tolerations | indent 8 }} {{- end }} {{- if .Values.master.schedulerName }} schedulerName: "{{ .Values.master.schedulerName }}" {{- end }} containers: - name: {{ template "redis.fullname" . }} image: "{{ template "redis.image" . }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.securityContext.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} command: - /bin/bash - -c - | {{- if (eq (.Values.securityContext.runAsUser | int) 0) }} useradd redis chown -R redis {{ .Values.master.persistence.path }} {{- end }} if [[ -n $REDIS_PASSWORD_FILE ]]; then password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux fi if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf fi if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi ARGS=("--port" "${REDIS_PORT}") {{- if .Values.usePassword }} ARGS+=("--requirepass" "${REDIS_PASSWORD}") ARGS+=("--masterauth" "${REDIS_PASSWORD}") {{- else }} ARGS+=("--protected-mode" "no") {{- end }} ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") {{- if .Values.master.extraFlags }} {{- range .Values.master.extraFlags }} ARGS+=({{ . | quote }}) {{- end }} {{- end }} {{- if .Values.master.command }} {{ .Values.master.command }} ${ARGS[@]} {{- else }} redis-server "${ARGS[@]}" {{- end }} env: - name: REDIS_REPLICATION_MODE value: master {{- if .Values.usePassword }} {{- if .Values.usePasswordFile }} - name: REDIS_PASSWORD_FILE value: "/opt/bitnami/redis/secrets/redis-password" {{- else }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ template "redis.secretName" . }} key: {{ template "redis.secretPasswordKey" . }} {{- end }} {{- else }} - name: ALLOW_EMPTY_PASSWORD value: "yes" {{- end }} - name: REDIS_PORT value: {{ .Values.redisPort | quote }} ports: - name: redis containerPort: {{ .Values.redisPort }} {{- if .Values.master.livenessProbe.enabled }} livenessProbe: initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.master.livenessProbe.successThreshold }} failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} exec: command: - sh - -c - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} {{- end }} {{- if .Values.master.readinessProbe.enabled}} readinessProbe: initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.master.readinessProbe.successThreshold }} failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} exec: command: - sh - -c - /health/ping_readiness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} {{- end }} resources: {{ toYaml .Values.master.resources | indent 10 }} volumeMounts: - name: health mountPath: /health {{- if .Values.usePasswordFile }} - name: redis-password mountPath: /opt/bitnami/redis/secrets/ {{- end }} - name: redis-data mountPath: {{ .Values.master.persistence.path }} subPath: {{ .Values.master.persistence.subPath }} - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc/ {{- if and .Values.cluster.enabled .Values.sentinel.enabled }} - name: sentinel image: "{{ template "sentinel.image" . }}" imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} {{- if .Values.securityContext.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} command: - /bin/bash - -c - | if [[ -n $REDIS_PASSWORD_FILE ]]; then password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux fi if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]];then cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf {{- if .Values.usePassword }} printf "\nsentinel auth-pass {{ .Values.sentinel.masterSet }} $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf {{- if .Values.sentinel.usePassword }} printf "\nrequirepass $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf {{- end }} {{- end }} {{- if .Values.sentinel.staticID }} printf "\nsentinel myid $(echo $HOSTNAME | openssl sha1 | awk '{ print $2 }')" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf {{- end }} fi echo "Getting information about current running sentinels" existing_sentinels=$(timeout -s 9 {{ .Values.sentinel.initialCheckTimeout }} redis-cli --raw -h {{ template "redis.fullname" . }} -a "$REDIS_PASSWORD" -p {{ .Values.sentinel.service.sentinelPort }} SENTINEL sentinels {{ .Values.sentinel.masterSet }}) echo "$existing_sentinels" | awk -f /health/parse_sentinels.awk | tee -a /opt/bitnami/redis-sentinel/etc/sentinel.conf redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel env: {{- if .Values.usePassword }} {{- if .Values.usePasswordFile }} - name: REDIS_PASSWORD_FILE value: "/opt/bitnami/redis/secrets/redis-password" {{- else }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ template "redis.secretName" . }} key: {{ template "redis.secretPasswordKey" . }} {{- end }} {{- else }} - name: ALLOW_EMPTY_PASSWORD value: "yes" {{- end }} - name: REDIS_SENTINEL_PORT value: {{ .Values.sentinel.port | quote }} ports: - name: redis-sentinel containerPort: {{ .Values.sentinel.port }} {{- if .Values.sentinel.livenessProbe.enabled }} livenessProbe: initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} exec: command: - sh - -c - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} {{- end }} {{- if .Values.sentinel.readinessProbe.enabled}} readinessProbe: initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} exec: command: - sh - -c - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} {{- end }} resources: {{ toYaml .Values.sentinel.resources | indent 10 }} volumeMounts: - name: health mountPath: /health {{- if .Values.usePasswordFile }} - name: redis-password mountPath: /opt/bitnami/redis/secrets/ {{- end }} - name: redis-data mountPath: {{ .Values.master.persistence.path }} subPath: {{ .Values.master.persistence.subPath }} - name: config mountPath: /opt/bitnami/redis-sentinel/mounted-etc - name: sentinel-tmp-conf mountPath: /opt/bitnami/redis-sentinel/etc/ {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: {{ template "redis.metrics.image" . }} imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} command: - /bin/bash - -c - | if [[ -f '/secrets/redis-password' ]]; then export REDIS_PASSWORD=$(cat /secrets/redis-password) fi redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} env: - name: REDIS_ALIAS value: {{ template "redis.fullname" . }} {{- if and .Values.usePassword (not .Values.usePasswordFile) }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ template "redis.secretName" . }} key: {{ template "redis.secretPasswordKey" . }} {{- end }} volumeMounts: {{- if .Values.usePasswordFile }} - name: redis-password mountPath: /secrets/ {{- end }} ports: - name: metrics containerPort: 9121 resources: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (and ( and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) ) .Values.securityContext.enabled) }} {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }} initContainers: {{- if $needsVolumePermissions }} - name: volume-permissions image: "{{ template "redis.volumePermissions.image" . }}" imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.master.persistence.path }}"] securityContext: runAsUser: 0 resources: {{ toYaml .Values.volumePermissions.resources | indent 10 }} volumeMounts: - name: redis-data mountPath: {{ .Values.master.persistence.path }} subPath: {{ .Values.master.persistence.subPath }} {{- end }} {{- if .Values.sysctlImage.enabled }} - name: init-sysctl image: {{ template "redis.sysctl.image" . }} imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }} resources: {{ toYaml .Values.sysctlImage.resources | indent 10 }} {{- if .Values.sysctlImage.mountHostSys }} volumeMounts: - name: host-sys mountPath: /host-sys {{- end }} command: {{ toYaml .Values.sysctlImage.command | indent 10 }} securityContext: privileged: true runAsUser: 0 {{- end }} {{- end }} volumes: - name: health configMap: name: {{ template "redis.fullname" . }}-health defaultMode: 0755 {{- if .Values.usePasswordFile }} - name: redis-password secret: secretName: {{ template "redis.secretName" . }} items: - key: {{ template "redis.secretPasswordKey" . }} path: redis-password {{- end }} - name: config configMap: name: {{ template "redis.fullname" . }} {{- if not .Values.master.persistence.enabled }} - name: "redis-data" emptyDir: {} {{- else }} {{- if .Values.persistence.existingClaim }} - name: "redis-data" persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim }} {{- end }} {{- end }} {{- if .Values.sysctlImage.mountHostSys }} - name: host-sys hostPath: path: /sys {{- end }} - name: redis-tmp-conf emptyDir: {} {{- if and .Values.cluster.enabled .Values.sentinel.enabled }} - name: sentinel-tmp-conf emptyDir: {} {{- end }} {{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - metadata: name: redis-data labels: app: gitlab component: {{ template "redis.name" . }} spec: accessModes: {{- range .Values.master.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.master.persistence.size | quote }} {{ include "redis.master.storageClass" . }} selector: matchLabels: app: gitlab component: {{ template "redis.name" . }} {{- end }} updateStrategy: type: {{ .Values.master.statefulset.updateStrategy }} {{- if .Values.master.statefulset.rollingUpdatePartition }} {{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }} rollingUpdate: null {{- else }} rollingUpdate: partition: {{ .Values.master.statefulset.rollingUpdatePartition }} {{- end }} {{- end }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
渲染模板,查看上面修改是否存在问题:
helm template --dry-run mygitlab gitlab/ -n public-service > gitlab.yaml
- 1
渲染之后经过修改,最终得到 gitlab.yaml。
gitlab.yaml
apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-gitaly namespace: public-service labels: app: gitaly chart: gitaly-4.4.3 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: gitaly release: mygitlab --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-gitlab-shell namespace: public-service labels: app: gitlab-shell chart: gitlab-shell-4.4.3 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: gitlab-shell release: mygitlab --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-sidekiq-all-in-1-v1 namespace: public-service labels: app: sidekiq chart: sidekiq-4.4.3 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: sidekiq release: mygitlab queue-pod-name: all-in-1 --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-webservice namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: webservice release: mygitlab --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-minio-v1 namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: minio release: mygitlab component: app --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: mygitlab-registry-v1 namespace: public-service labels: app: registry chart: registry-0.5.0 release: mygitlab heritage: Helm spec: maxUnavailable: 1 selector: matchLabels: app: registry release: mygitlab --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-gitaly namespace: public-service labels: app: gitaly chart: gitaly-4.4.3 release: mygitlab heritage: Helm data: configure: | set -e mkdir -p /init-secrets/gitaly /init-secrets/shell cp -v -r -L /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret cp -v -r -L /init-config/gitaly_token /init-secrets/gitaly/gitaly_token config.toml.erb: | bin_dir = "/usr/local/bin" listen_addr = "0.0.0.0:8075" internal_socket_dir = "/home/git" prometheus_listen_addr = "localhost:9236" <% @storages = [ "default", ] %> <% @index=`echo ${HOSTNAME##*-}`.to_i %> <% if @storages.length > @index %> [[storage]] name = "<%= @storages[@index] %>" path = "/home/git/repositories" <% else %> <% raise Exception, "Storage for node #{@index} is not present in the storageNames array. Did you use kubectl to scale up ? You need to solely use helm for this purpose" %> <% end %> [logging] format = "json" dir = "/var/log/gitaly" [auth] token = "<%= File.read('/etc/gitlab-secrets/gitaly/gitaly_token').strip.dump[1..-2] %>" [git] [gitaly-ruby] dir = "/srv/gitaly-ruby" rugged_git_config_search_path = "/usr/local/etc" [gitlab-shell] dir = "/srv/gitlab-shell" [gitlab] secret_file = "/etc/gitlab-secrets/shell/.gitlab_shell_secret" url = "http://mygitlab-webservice:8181/" [gitlab.http-settings] self_signed_cert = false [hooks] custom_hooks_dir = "/home/git/custom_hooks" --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-gitlab-shell-sshd namespace: public-service labels: app: gitlab-shell chart: gitlab-shell-4.4.3 release: mygitlab heritage: Helm data: sshd_config: | Port 2222 PermitRootLogin no UsePrivilegeSeparation no PidFile /srv/sshd/sshd.pid AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysCommand /authorized_keys %u %k AuthorizedKeysCommandUser git PasswordAuthentication no AllowUsers git AcceptEnv GIT_PROTOCOL DisableForwarding yes MaxStartups 10:30:100 LoginGraceTime 120 --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-gitlab-shell namespace: public-service labels: app: gitlab-shell chart: gitlab-shell-4.4.3 release: mygitlab heritage: Helm data: configure: | set -e config_dir="/init-config" secret_dir="/init-secrets" for secret in shell ; do mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done mkdir -p /${secret_dir}/ssh cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/ chmod 0400 /${secret_dir}/ssh/ssh_host_* config.yml.erb: | user: git gitlab_url: "http://mygitlab-webservice:8181/" secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret http_settings: self_signed_cert: false auth_file: "/home/git/.ssh/authorized_keys" log_level: INFO audit_usernames: false --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-migrations namespace: public-service labels: app: migrations chart: migrations-4.4.3 release: mygitlab heritage: Helm data: installation_type: | gitlab-helm-chart database.yml.erb: | production: adapter: postgresql encoding: unicode database: gitlabhq_production username: gitlab password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>" host: "mygitlab-postgresql" port: 5432 pool: 1 connect_timeout: prepared_statements: false resque.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: cable.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: adapter: redis gitlab.yml.erb: | production: &base gitlab: host: gitlab.lzxlinux.com gitaly: client_path: /home/git/gitaly/bin token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>" repositories: storages: # You must have at least a `default` storage path. default: path: /var/opt/gitlab/repo gitaly_address: tcp://mygitlab-gitaly-0.mygitlab-gitaly.public-service:8075 configure: | set -e config_dir="/init-config" secret_dir="/init-secrets" for secret in rails-secrets migrations gitaly ; do mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-sidekiq-all-in-1 namespace: public-service labels: app: sidekiq chart: sidekiq-4.4.3 release: mygitlab heritage: Helm queue_pod_name: all-in-1 data: sidekiq_queues.yml.erb: | <%= sq = YAML.load_file('/srv/gitlab/config/sidekiq_queues.yml') sq.to_yaml %> --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-sidekiq namespace: public-service labels: app: sidekiq chart: sidekiq-4.4.3 release: mygitlab heritage: Helm data: installation_type: | gitlab-helm-chart database.yml.erb: | production: adapter: postgresql encoding: unicode database: gitlabhq_production username: gitlab password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>" host: "mygitlab-postgresql" port: 5432 pool: 1 connect_timeout: prepared_statements: false smtp_settings.rb: | resque.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: cable.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: adapter: redis gitlab.yml.erb: | production: &base gitlab: host: gitlab.lzxlinux.com https: false max_request_duration_seconds: 57 impersonation_enabled: usage_ping_enabled: true seat_link_enabled: true default_can_create_group: true username_changing_enabled: true issue_closing_pattern: default_theme: default_projects_features: issues: true merge_requests: true wiki: true snippets: true builds: true container_registry: true webhook_timeout: trusted_proxies: time_zone: "UTC" email_from: "gitlab@lzxlinux.com" email_display_name: "GitLab" email_reply_to: "noreply@lzxlinux.com" email_subject_suffix: "" gravatar: plain_url: ssl_url: extra: object_store: enabled: true direct_upload: true background_upload: false proxy_download: true connection: provider: AWS region: us-east-1 host: minio.lzxlinux.com endpoint: http://mygitlab-minio-svc:9000 path_style: true aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" objects: artifacts: bucket: gitlab-artifacts lfs: bucket: git-lfs uploads: bucket: gitlab-uploads packages: bucket: gitlab-packages external_diffs: bucket: gitlab-mr-diffs terraform_state: bucket: gitlab-terraform-state dependency_proxy: bucket: gitlab-dependency-proxy artifacts: enabled: true lfs: enabled: true uploads: enabled: true packages: enabled: true external_diffs: enabled: when: terraform_state: enabled: false dependency_proxy: enabled: false pseudonymizer: manifest: config/pseudonymizer.yml upload: remote_directory: gitlab-pseudo connection: provider: AWS region: us-east-1 aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" host: minio.lzxlinux.com endpoint: http://mygitlab-minio-svc:9000 path_style: true sentry: enabled: false dsn: clientside_dsn: environment: pages: enabled: false mattermost: enabled: false registry: enabled: true host: registry.lzxlinux.com api_url: http://mygitlab-registry:5000 key: /etc/gitlab/registry/gitlab-registry.key issuer: gitlab-issuer gitlab_ci: ldap: enabled: false omniauth: enabled: false sync_profile_from_provider: [] sync_profile_attributes: ["email"] allow_single_sign_on: ["saml"] block_auto_created_users: true auto_link_ldap_user: false auto_link_saml_user: false external_providers: [] kerberos: enabled: false shared: gitaly: client_path: /home/git/gitaly/bin token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>" repositories: storages: # You must have at least a `default` storage path. default: path: /var/opt/gitlab/repo gitaly_address: tcp://mygitlab-gitaly-0.mygitlab-gitaly.public-service:8075 backup: path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) gitlab_shell: path: /home/git/gitlab-shell/ hooks_path: /home/git/gitlab-shell/hooks/ upload_pack: true receive_pack: true workhorse: git: bin_path: /usr/bin/git webpack: monitoring: ip_whitelist: - 127.0.0.0/8 sidekiq_exporter: enabled: true address: 0.0.0.0 port: 3807 sidekiq: log_format: default configure: | set -e config_dir="/init-config" secret_dir="/init-secrets" for secret in gitaly registry rails-secrets ; do mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-task-runner namespace: public-service labels: app: task-runner chart: task-runner-4.4.3 release: mygitlab heritage: Helm data: database.yml.erb: | production: adapter: postgresql encoding: unicode database: gitlabhq_production username: gitlab password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>" host: "mygitlab-postgresql" port: 5432 pool: 1 connect_timeout: prepared_statements: false smtp_settings.rb: | resque.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: cable.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: adapter: redis gitlab.yml.erb: | production: &base gitlab: host: gitlab.lzxlinux.com https: false max_request_duration_seconds: 57 impersonation_enabled: usage_ping_enabled: true seat_link_enabled: true default_can_create_group: true username_changing_enabled: true issue_closing_pattern: default_theme: default_projects_features: issues: true merge_requests: true wiki: true snippets: true builds: true container_registry: true webhook_timeout: trusted_proxies: time_zone: "UTC" email_from: "gitlab@lzxlinux.com" email_display_name: "GitLab" email_reply_to: "noreply@lzxlinux.com" email_subject_suffix: "" object_store: enabled: true direct_upload: true background_upload: false proxy_download: true connection: provider: AWS region: us-east-1 host: minio.lzxlinux.com endpoint: http://mygitlab-minio-svc:9000 path_style: true aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" objects: artifacts: bucket: gitlab-artifacts lfs: bucket: git-lfs uploads: bucket: gitlab-uploads packages: bucket: gitlab-packages external_diffs: bucket: gitlab-mr-diffs terraform_state: bucket: gitlab-terraform-state dependency_proxy: bucket: gitlab-dependency-proxy artifacts: enabled: true lfs: enabled: true uploads: enabled: true packages: enabled: true external_diffs: enabled: when: terraform_state: enabled: false dependency_proxy: enabled: false pseudonymizer: manifest: config/pseudonymizer.yml upload: remote_directory: gitlab-pseudo connection: provider: AWS region: us-east-1 aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" host: minio.lzxlinux.com endpoint: http://mygitlab-minio-svc:9000 path_style: true pages: enabled: false mattermost: enabled: false registry: enabled: true host: registry.lzxlinux.com api_url: http://mygitlab-registry:5000 key: /etc/gitlab/registry/gitlab-registry.key issuer: gitlab-issuer gitlab_ci: ldap: enabled: false omniauth: enabled: false sync_profile_from_provider: [] sync_profile_attributes: ["email"] allow_single_sign_on: ["saml"] block_auto_created_users: true auto_link_ldap_user: false auto_link_saml_user: false external_providers: [] kerberos: enabled: false shared: gitaly: client_path: /home/git/gitaly/bin token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>" repositories: storages: # You must have at least a `default` storage path. default: path: /var/opt/gitlab/repo gitaly_address: tcp://mygitlab-gitaly-0.mygitlab-gitaly.public-service:8075 backup: path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) gitlab_shell: path: /home/git/gitlab-shell/ hooks_path: /home/git/gitlab-shell/hooks/ upload_pack: true receive_pack: true secret_file: /etc/gitlab/shell/.gitlab_shell_secret workhorse: git: bin_path: /usr/bin/git webpack: monitoring: ip_whitelist: - 127.0.0.0/8 sidekiq_exporter: extra: configure: | set -e config_dir="/init-config" secret_dir="/init-secrets" for secret in shell gitaly registry rails-secrets ; do mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done if [ ! -f "/${secret_dir}/objectstorage/.s3cfg" ]; then cat <<EOF > "/${secret_dir}/.s3cfg" [default] access_key = $(cat /init-secrets/minio/accesskey) secret_key = $(cat /init-secrets/minio/secretkey) bucket_location = us-east-1 host_base = minio.lzxlinux.com host_bucket = minio.lzxlinux.com/%(bucket) default_mime_type = binary/octet-stream enable_multipart = True multipart_max_chunks = 10000 multipart_chunk_size_mb = 128 recursive = True recv_chunk = 65536 send_chunk = 65536 server_side_encryption = False signature_v2 = True socket_timeout = 300 use_mime_magic = False verbosity = WARNING website_endpoint = http://minio.lzxlinux.com EOF else mv "/${secret_dir}/objectstorage/.s3cfg" "/${secret_dir}/.s3cfg" fi configure-gsutil: | printf "$GOOGLE_APPLICATION_CREDENTIALS\nN\n\nN\n" | gsutil config -e --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-webservice namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm data: installation_type: | gitlab-helm-chart database.yml.erb: | production: adapter: postgresql encoding: unicode database: gitlabhq_production username: gitlab password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>" host: "mygitlab-postgresql" port: 5432 pool: 1 connect_timeout: prepared_statements: false smtp_settings.rb: | resque.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: cable.yml.erb: | production: url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@mygitlab-redis-master:6379 id: adapter: redis gitlab.yml.erb: | production: &base gitlab: host: gitlab.lzxlinux.com https: false max_request_duration_seconds: 57 impersonation_enabled: usage_ping_enabled: true seat_link_enabled: true default_can_create_group: true username_changing_enabled: true issue_closing_pattern: default_theme: default_projects_features: issues: true merge_requests: true wiki: true snippets: true builds: true container_registry: true webhook_timeout: trusted_proxies: time_zone: "UTC" email_from: "gitlab@lzxlinux.com" email_display_name: "GitLab" email_reply_to: "noreply@lzxlinux.com" email_subject_suffix: "" gravatar: plain_url: ssl_url: extra: object_store: enabled: true direct_upload: true background_upload: false proxy_download: true connection: provider: AWS region: us-east-1 host: minio.lzxlinux.com endpoint: http://mygitlab-minio-svc:9000 path_style: true aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" objects: artifacts: bucket: gitlab-artifacts lfs: bucket: git-lfs uploads: bucket: gitlab-uploads packages: bucket: gitlab-packages external_diffs: bucket: gitlab-mr-diffs terraform_state: bucket: gitlab-terraform-state dependency_proxy: bucket: gitlab-dependency-proxy artifacts: enabled: true lfs: enabled: true uploads: enabled: true packages: enabled: true external_diffs: enabled: when: terraform_state: enabled: false dependency_proxy: enabled: false sentry: enabled: false dsn: clientside_dsn: environment: pages: enabled: false mattermost: enabled: false gitlab_ci: ldap: enabled: false omniauth: enabled: false sync_profile_from_provider: [] sync_profile_attributes: ["email"] allow_single_sign_on: ["saml"] block_auto_created_users: true auto_link_ldap_user: false auto_link_saml_user: false external_providers: [] kerberos: enabled: false shared: gitaly: client_path: /home/git/gitaly/bin token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>" repositories: storages: # You must have at least a `default` storage path. default: path: /var/opt/gitlab/repo gitaly_address: tcp://mygitlab-gitaly-0.mygitlab-gitaly.public-service:8075 backup: path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) gitlab_shell: path: /home/git/gitlab-shell/ hooks_path: /home/git/gitlab-shell/hooks/ upload_pack: true receive_pack: true ssh_port: 22 secret_file: /etc/gitlab/shell/.gitlab_shell_secret workhorse: secret_file: /etc/gitlab/gitlab-workhorse/secret git: bin_path: /usr/bin/git webpack: monitoring: ip_whitelist: - 0.0.0.0/0 web_exporter: enabled: false address: 0.0.0.0 port: 8083 sidekiq_exporter: shutdown: blackout_seconds: 10 rack_attack: git_basic_auth: registry: enabled: true host: registry.lzxlinux.com api_url: http://mygitlab-registry:5000 key: /etc/gitlab/registry/gitlab-registry.key issuer: gitlab-issuer smartcard: enabled: false ca_file: '/etc/gitlab/rails-secrets/smartcard-ca.crt' client_certificate_required_host: smartcard.lzxlinux.com client_certificate_required_port: 443 san_extensions: false required_for_git_access: false configure: | set -e config_dir="/init-config" secret_dir="/init-secrets" for secret in shell gitaly registry rails-secrets gitlab-workhorse ; do mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-workhorse-config namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm data: installation_type: | gitlab-helm-chart workhorse-config.toml.erb: | [redis] URL = "redis://mygitlab-redis-master:6379" Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>" <% require 'yaml' supported_providers = %w(AWS AzureRM) provider = '' aws_access_key_id = '' aws_secret_access_key = '' azure_storage_account_name = '' azure_storage_access_key = '' if File.exists? '/etc/gitlab/minio/accesskey' provider = 'AWS' aws_access_key_id = File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] aws_secret_access_key = File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] end if File.exists? '/etc/gitlab/objectstorage/object_store' connection = YAML.safe_load(File.read('/etc/gitlab/objectstorage/object_store')) provider = connection['provider'] if connection.has_key? 'aws_access_key_id' aws_access_key_id = connection['aws_access_key_id'] aws_secret_access_key = connection['aws_secret_access_key'] elsif connection.has_key? 'azure_storage_account_name' azure_storage_account_name = connection['azure_storage_account_name'] azure_storage_access_key = connection['azure_storage_access_key'] end end if supported_providers.include? provider %> [object_storage] provider = "<%= provider %>" <% if provider.eql? 'AWS' %> [object_storage.s3] aws_access_key_id = "<%= aws_access_key_id %>" aws_secret_access_key = "<%= aws_secret_access_key %>" <% elsif provider.eql? 'AzureRM' %> [object_storage.azurerm] azure_storage_account_name = "<%= azure_storage_account_name %>" azure_storage_access_key = "<%= azure_storage_access_key %>" <% end end %> configure: | set -e mkdir -p /init-secrets-workhorse/gitlab-workhorse cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret mkdir -p /init-secrets-workhorse/redis cp -v -r -L /init-config/redis/redis-password /init-secrets-workhorse/redis/ if [ -d /init-config/minio ]; then mkdir -p /init-secrets-workhorse/minio cp -v -r -L /init-config/minio/* /init-secrets-workhorse/minio/ fi --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-minio-config-cm namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm data: initialize: |- set -e ; # Have script exit in the event of a failed command. connectToMinio() { set -e ; # fail if we can't read the keys. ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; set +e ; # The connections to minio are allowed to fail. echo "Connecting to Minio server: http://$MINIO_ENDPOINT:$MINIO_PORT" ; MC_COMMAND="mc config host add myminio http://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; $MC_COMMAND ; STATUS=$? ; until [ $STATUS -eq 0 ] ; do sleep 1 ; # 1 second intervals between attempts $MC_COMMAND ; STATUS=$? ; done ; set -e ; # reset `e` as active return 0 } checkBucketExists() { BUCKET=$1 CMD=$(/usr/bin/mc ls myminio/$BUCKET > /dev/null 2>&1) return $? } createBucket() { BUCKET=$1 POLICY=$2 PURGE=$3 if [ $PURGE = true ]; then if checkBucketExists $BUCKET ; then echo "Purging bucket '$BUCKET'." set +e ; # don't exit if this fails /usr/bin/mc rm -r --force myminio/$BUCKET set -e ; # reset `e` as active else echo "Bucket '$BUCKET' does not exist, skipping purge." fi fi if ! checkBucketExists $BUCKET ; then echo "Creating bucket '$BUCKET'" /usr/bin/mc mb myminio/$BUCKET else echo "Bucket '$BUCKET' already exists." fi echo "Setting policy of bucket '$BUCKET' to '$POLICY'." /usr/bin/mc policy $POLICY myminio/$BUCKET } connectToMinio createBucket registry none false createBucket git-lfs none false createBucket runner-cache none false createBucket gitlab-uploads none false createBucket gitlab-artifacts none false createBucket gitlab-backups none false createBucket gitlab-packages none false createBucket tmp none false createBucket gitlab-pseudo none false createBucket gitlab-mr-diffs none false createBucket gitlab-terraform-state none false createBucket gitlab-dependency-proxy none false configure: |- sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.json > /minio/config.json config.json: |- { "version": "20", "credential": { "accessKey": "ACCESS_KEY", "secretKey": "SECRET_KEY" }, "region": "us-east-1", "browser": "on", "domain": "", "logger": { "console": { "enable": true }, "file": { "enable": false, "fileName": "" } }, "notify": { "amqp": { "1": { "enable": false, "url": "", "exchange": "", "routingKey": "", "exchangeType": "", "deliveryMode": 0, "mandatory": false, "immediate": false, "durable": false, "internal": false, "noWait": false, "autoDeleted": false } }, "nats": { "1": { "enable": false, "address": "", "subject": "", "username": "", "password": "", "token": "", "secure": false, "pingInterval": 0, "streaming": { "enable": false, "clusterID": "", "clientID": "", "async": false, "maxPubAcksInflight": 0 } } }, "elasticsearch": { "1": { "enable": false, "format": "namespace", "url": "", "index": "" } }, "redis": { "1": { "enable": false, "format": "namespace", "address": "", "password": "", "key": "" } }, "postgresql": { "1": { "enable": false, "format": "namespace", "connectionString": "", "table": "", "host": "", "port": "", "user": "", "password": "", "database": "" } }, "kafka": { "1": { "enable": false, "brokers": null, "topic": "" } }, "webhook": { "1": { "enable": false, "endpoint": "" } }, "mysql": { "1": { "enable": false, "format": "namespace", "dsnString": "", "table": "", "host": "", "port": "", "user": "", "password": "", "database": "" } }, "mqtt": { "1": { "enable": false, "broker": "", "topic": "", "qos": 0, "clientId": "", "username": "", "password": "" } } } } --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-redis namespace: public-service labels: app: redis chart: redis-10.3.4 heritage: Helm release: mygitlab data: redis.conf: |- appendonly yes save "" master.conf: |- dir /data rename-command FLUSHDB "" rename-command FLUSHALL "" replica.conf: |- dir /data slave-read-only yes rename-command FLUSHDB "" rename-command FLUSHALL "" --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-redis-health namespace: public-service labels: app: redis chart: redis-10.3.4 heritage: Helm release: mygitlab data: ping_readiness_local.sh: |- password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux response=$( timeout -s 9 $1 \ redis-cli \ -a $REDIS_PASSWORD --no-auth-warning \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_local.sh: |- password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux response=$( timeout -s 9 $1 \ redis-cli \ -a $REDIS_PASSWORD --no-auth-warning \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then echo "$response" exit 1 fi ping_readiness_master.sh: |- password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}` export REDIS_MASTER_PASSWORD=$password_aux response=$( timeout -s 9 $1 \ redis-cli \ -a $REDIS_MASTER_PASSWORD --no-auth-warning \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_master.sh: |- password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}` export REDIS_MASTER_PASSWORD=$password_aux response=$( timeout -s 9 $1 \ redis-cli \ -a $REDIS_MASTER_PASSWORD --no-auth-warning \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then echo "$response" exit 1 fi ping_readiness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? exit $exit_status ping_liveness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? exit $exit_status --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-registry namespace: public-service labels: app: registry chart: registry-0.5.0 release: mygitlab heritage: Helm data: configure: |- if [ -e /config/accesskey ] ; then sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml else cp -v -r -L /config/config.yml /registry/config.yml fi sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml if [ -d /config/notifications ]; then for i in /config/notifications/*; do filename=$(basename $i); sed -i -e 's@'"${filename}"'@'"$(cat $i)"'@' /registry/config.yml; done fi if [ -d /config/storage ]; then mkdir -p /registry/storage cp -v -r -L /config/storage/* /registry/storage/ echo '' >> /registry/storage/config if ! $(egrep -A1 '^delete:\s*$' /registry/storage/config | egrep -q '\s{2,4}enabled:') ; then echo 'delete:' >> /registry/storage/config echo ' enabled: true' >> /registry/storage/config fi sed -i 's/^/ /' /registry/storage/config sed -i '/storage:/ r /registry/storage/config' /registry/config.yml rm /registry/storage/config fi cat /config/certificate.crt > /registry/certificate.crt if [ -f /config/profiling-key.json ]; then cp /config/profiling-key.json /registry/profiling-key.json fi config.yml: | version: 0.1 log: fields: service: registry level: warn http: debug: addr: ':5001' prometheus: enabled: false path: /metrics draintimeout: 0 headers: X-Content-Type-Options: [nosniff] addr: :5000 secret: "HTTP_SECRET" relativeurls: false health: storagedriver: enabled: false interval: 10s threshold: 3 auth: token: realm: http://gitlab.lzxlinux.com/jwt/auth service: container_registry issuer: "gitlab-issuer" rootcertbundle: /etc/docker/registry/certificate.crt autoredirect: false compatibility: schema1: enabled: false validation: disabled: true profiling: storage: maintenance: readonly: enabled: false s3: accesskey: "ACCESS_KEY" secretkey: "SECRET_KEY" region: us-east-1 regionendpoint: http://mygitlab-minio-svc:9000 bucket: registry secure: true v4auth: true rootdirectory: / cache: blobdescriptor: 'inmemory' delete: enabled: true redirect: disable: true --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-gitlab-chart-info namespace: public-service labels: app: gitlab chart: gitlab-4.4.3 release: mygitlab heritage: Helm data: gitlabVersion: "13.4.3" gitlabChartVersion: "4.4.3" --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-postgresql-init-db namespace: public-service labels: app: gitlab chart: gitlab-4.4.3 release: mygitlab heritage: Helm data: init_revision.sh: | if [[ ! -f "$POSTGRESQL_VOLUME_DIR/.gitlab_1_scripts_initialized" ]] ; then rm -f "$POSTGRESQL_VOLUME_DIR/.user_scripts_initialized" touch "$POSTGRESQL_VOLUME_DIR/.gitlab_1_scripts_initialized" fi enable_extensions.sh: | PGPASSWORD=$(cat ${POSTGRES_POSTGRES_PASSWORD_FILE}) psql -d gitlabhq_production -U postgres -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm; CREATE EXTENSION IF NOT EXISTS btree_gist;' --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-shared-secrets namespace: public-service labels: app: shared-secrets chart: shared-secrets-0.1.0 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-3" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation data: generate-secrets: | namespace=public-service release=mygitlab env=production pushd $(mktemp -d) function gen_random(){ head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2 } function fetch_rails_value(){ local value=$(yq read $1 "${2}") if [ "${value}" != "null" ]; then echo "${value}"; fi } function label_secret(){ local secret_name=$1 kubectl --namespace=$namespace label \ secret $secret_name $(echo 'app.kubernetes.io/name=mygitlab' | sed -E 's/=[^ ]*/-/g') kubectl --namespace=$namespace label \ --overwrite \ secret $secret_name app=shared-secrets chart=shared-secrets-0.1.0 release=mygitlab heritage=Helm } function generate_secret_if_needed(){ local secret_args=( "${@:2}") local secret_name=$1 if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]} else echo "secret \"$secret_name\" already exists" fi; label_secret $secret_name } generate_secret_if_needed "mygitlab-gitlab-initial-root-password" --from-literal="password"=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-redis-secret" --from-literal="secret"=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-postgresql-password" --from-literal=postgresql-password=$(gen_random 'a-zA-Z0-9' 64) --from-literal=postgresql-postgres-password=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-gitlab-shell-secret" --from-literal="secret"=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-gitaly-secret" --from-literal="token"=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-minio-secret" --from-literal=accesskey=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secretkey=$(gen_random 'a-zA-Z0-9' 64) generate_secret_if_needed "mygitlab-gitlab-runner-secret" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token="" mkdir -p certs openssl req -new -newkey rsa:4096 -subj "/CN=gitlab-issuer" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650 generate_secret_if_needed "mygitlab-registry-secret" --from-file=registry-auth.key=certs/registry-example-com.key --from-file=registry-auth.crt=certs/registry-example-com.crt if [ -n "$env" ]; then rails_secret="mygitlab-rails-secret" if $(kubectl --namespace=$namespace get secret $rails_secret > /dev/null 2>&1); then kubectl --namespace=$namespace get secret $rails_secret -o jsonpath="{.data.secrets\.yml}" | base64 --decode > secrets.yml secret_key_base=$(fetch_rails_value secrets.yml "${env}.secret_key_base") otp_key_base=$(fetch_rails_value secrets.yml "${env}.otp_key_base") db_key_base=$(fetch_rails_value secrets.yml "${env}.db_key_base") openid_connect_signing_key=$(fetch_rails_value secrets.yml "${env}.openid_connect_signing_key") ci_jwt_signing_key=$(fetch_rails_value secrets.yml "${env}.ci_jwt_signing_key") fi; secret_key_base="${secret_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64) otp_key_base="${otp_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64) db_key_base="${db_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64) openid_connect_signing_key="${openid_connect_signing_key:-$(openssl genrsa 2048)}" ci_jwt_signing_key="${ci_jwt_signing_key:-$(openssl genrsa 2048)}" cat << EOF > rails-secrets.yml apiVersion: v1 kind: Secret metadata: name: $rails_secret type: Opaque stringData: secrets.yml: |- $env: secret_key_base: $secret_key_base otp_key_base: $otp_key_base db_key_base: $db_key_base openid_connect_signing_key: | $(echo "${openid_connect_signing_key}" | awk '{print " " $0}') ci_jwt_signing_key: | $(echo "${ci_jwt_signing_key}" | awk '{print " " $0}') EOF kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml label_secret $rails_secret fi ssh-keygen -A mkdir -p host_keys cp /etc/ssh/ssh_host_* host_keys/ generate_secret_if_needed "mygitlab-gitlab-shell-host-keys" --from-file host_keys generate_secret_if_needed "mygitlab-gitlab-workhorse-secret" --from-literal="shared_secret"=$(gen_random 'a-zA-Z0-9' 32 | base64) generate_secret_if_needed "mygitlab-registry-httpsecret" --from-literal="secret"=$(gen_random 'a-z0-9' 128 | base64 -w 0) --- apiVersion: v1 kind: ConfigMap metadata: name: mygitlab-gitlab-upgrade-check namespace: public-service labels: app: gitlab chart: gitlab-4.4.3 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-11" "helm.sh/hook-delete-policy": before-hook-creation data: runcheck: | set -e notify() { echo "$1" echo -n "$1 " >> /dev/termination-log } greater_version() { test "$(printf '%s\n' "$@" | sort -V | tail -n 1)" = "$1"; } secrets_dir="/etc/secrets/postgresql" if [ -d "${secrets_dir}" ]; then if [ ! "$(ls -A ${secrets_dir}/..data/)" = "" ]; then if [ ! -f "${secrets_dir}/postgresql-postgres-password" ] || [ ! -f "${secrets_dir}/postgresql-password" ]; then notify "You seem to be upgrading from a previous version of GitLab using the bundled PostgreSQL chart" notify "There are some manual steps which need to be performed in order to upgrade the database" notify "Please see the upgrade documentation for instructions on how to proceed:" notify "https://docs.gitlab.com/charts/installation/upgrade.html" exit 1 fi fi fi MIN_VERSION=13.0 CHART_MIN_VERSION=4.0 if ! awk 'BEGIN{exit(!(ARGV[1] ~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/))}' "$GITLAB_VERSION"; then exit 0 fi NEW_MAJOR_VERSION=$(echo $GITLAB_VERSION | awk -F "." '{print $1}') NEW_MINOR_VERSION=$(echo $GITLAB_VERSION | awk -F "." '{print $1"."$2}') NEW_CHART_MAJOR_VERSION=$(echo $CHART_VERSION | awk -F "." '{print $1}') NEW_CHART_MINOR_VERSION=$(echo $CHART_VERSION | awk -F "." '{print $1"."$2}') if [ ! -f /chart-info/gitlabVersion ]; then notify "It seems you are attempting an unsupported upgrade path." notify "Please follow the upgrade documentation at https://docs.gitlab.com/ee/policy/maintenance.html#upgrade-recommendations" exit 1 fi OLD_VERSION_STRING=$(cat /chart-info/gitlabVersion) OLD_CHART_VERSION_STRING=$(cat /chart-info/gitlabChartVersion) if ! awk 'BEGIN{exit(!(ARGV[1] ~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/))}' "$OLD_VERSION_STRING"; then exit 0 fi OLD_MAJOR_VERSION=$(echo $OLD_VERSION_STRING | awk -F "." '{print $1}') OLD_MINOR_VERSION=$(echo $OLD_VERSION_STRING | awk -F "." '{print $1"."$2}') OLD_CHART_MAJOR_VERSION=$(echo $OLD_CHART_VERSION_STRING | awk -F "." '{print $1}') OLD_CHART_MINOR_VERSION=$(echo $OLD_CHART_VERSION_STRING | awk -F "." '{print $1"."$2}') if [ ${OLD_MAJOR_VERSION} -lt ${NEW_MAJOR_VERSION} ] || [ ${OLD_CHART_MAJOR_VERSION} -lt ${NEW_CHART_MAJOR_VERSION} ]; then if ( ! greater_version $OLD_MINOR_VERSION $MIN_VERSION ) || ( ! greater_version $OLD_CHART_MINOR_VERSION $CHART_MIN_VERSION ); then notify "It seems you are upgrading the GitLab Helm Chart from ${OLD_CHART_VERSION_STRING} (GitLab ${OLD_VERSION_STRING}) to ${CHART_VERSION} (GitLab ${GITLAB_VERSION})." notify "It is required to upgrade to the latest ${CHART_MIN_VERSION}.x version first before proceeding." notify "Please follow the upgrade documentation at https://docs.gitlab.com/charts/releases/4_0.html" notify "and upgrade to GitLab Helm Chart version ${CHART_MIN_VERSION}.x before upgrading to ${CHART_VERSION}." exit 1 fi fi --- apiVersion: v1 kind: ServiceAccount metadata: name: mygitlab-shared-secrets namespace: public-service labels: app: shared-secrets chart: shared-secrets-0.1.0 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: mygitlab-shared-secrets namespace: public-service labels: app: shared-secrets chart: shared-secrets-0.1.0 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: mygitlab-shared-secrets namespace: public-service labels: app: shared-secrets chart: shared-secrets-0.1.0 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: mygitlab-shared-secrets subjects: - kind: ServiceAccount name: mygitlab-shared-secrets namespace: public-service --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mygitlab-minio namespace: public-service labels: app: gitlab component: minio spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "10Gi" selector: matchLabels: app: gitlab component: minio --- apiVersion: v1 kind: Service metadata: name: mygitlab-gitaly namespace: public-service labels: app: gitaly chart: gitaly-4.4.3 release: mygitlab heritage: Helm spec: type: ClusterIP clusterIP: None ports: - port: 8075 name: gitaly targetPort: 8075 - port: 9236 name: gitaly-metrics selector: app: gitaly release: mygitlab --- apiVersion: v1 kind: Service metadata: name: mygitlab-gitlab-shell namespace: public-service labels: app: gitlab-shell chart: gitlab-shell-4.4.3 release: mygitlab heritage: Helm spec: type: ClusterIP ports: - port: 22 targetPort: 2222 protocol: TCP name: ssh selector: app: gitlab-shell release: mygitlab --- apiVersion: v1 kind: Service metadata: name: mygitlab-webservice namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm spec: type: ClusterIP ports: - port: 8080 targetPort: 8080 protocol: TCP name: http-webservice - port: 8181 targetPort: 8181 protocol: TCP name: http-workhorse selector: app: webservice release: mygitlab --- apiVersion: v1 kind: Service metadata: name: mygitlab-minio-svc namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm spec: type: ClusterIP selector: app: minio release: mygitlab component: app ports: - name: service port: 9000 targetPort: 9000 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: mygitlab-postgresql-headless namespace: public-service labels: app: postgresql chart: postgresql-8.9.4 release: mygitlab heritage: Helm spec: type: ClusterIP clusterIP: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql selector: app: postgresql release: mygitlab --- apiVersion: v1 kind: Service metadata: name: mygitlab-postgresql namespace: public-service labels: app: postgresql chart: postgresql-8.9.4 release: mygitlab heritage: Helm spec: type: ClusterIP ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql selector: app: postgresql release: mygitlab role: master --- apiVersion: v1 kind: Service metadata: name: mygitlab-redis-headless namespace: public-service labels: app: redis chart: redis-10.3.4 release: mygitlab heritage: Helm spec: type: ClusterIP clusterIP: None ports: - name: redis port: 6379 targetPort: redis selector: app: redis release: mygitlab --- apiVersion: v1 kind: Service metadata: name: mygitlab-redis-master namespace: public-service labels: app: redis chart: redis-10.3.4 release: mygitlab heritage: Helm spec: type: ClusterIP ports: - name: redis port: 6379 targetPort: redis selector: app: redis release: mygitlab role: master --- apiVersion: v1 kind: Service metadata: name: mygitlab-registry namespace: public-service labels: app: registry chart: registry-0.5.0 release: mygitlab heritage: Helm spec: type: ClusterIP ports: - port: 5000 targetPort: 5000 protocol: TCP name: registry selector: app: registry release: mygitlab --- apiVersion: batch/v1 kind: Job metadata: name: mygitlab-migrations-1 namespace: public-service labels: app: migrations chart: migrations-4.4.3 release: mygitlab heritage: Helm spec: activeDeadlineSeconds: 3600 backoffLimit: 6 template: metadata: labels: app: migrations release: mygitlab spec: initContainers: - name: configure image: busybox:latest command: ['sh', '/config/configure'] resources: requests: cpu: 50m volumeMounts: - name: migrations-config mountPath: /config readOnly: true - name: init-migrations-secrets mountPath: /init-config readOnly: true - name: migrations-secrets mountPath: /init-secrets readOnly: false containers: - name: migrations image: registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:v13.4.3 imagePullPolicy: IfNotPresent args: - /scripts/wait-for-deps - /scripts/db-migrate env: - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: "mygitlab-gitlab-runner-secret" key: runner-registration-token - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' - name: BYPASS_SCHEMA_VERSION value: 'true' - name: ENABLE_BOOTSNAP value: '1' resources: requests: cpu: 250m memory: 200Mi volumeMounts: - name: migrations-config mountPath: '/var/opt/gitlab/templates' - name: migrations-secrets mountPath: '/etc/gitlab' readOnly: true - name: migrations-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - name: migrations-secrets mountPath: /srv/gitlab/config/initial_root_password subPath: migrations/initial_root_password - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 restartPolicy: OnFailure volumes: - name: migrations-config configMap: name: mygitlab-migrations - name: init-migrations-secrets projected: defaultMode: 0400 sources: - secret: name: "mygitlab-rails-secret" items: - key: secrets.yml path: rails-secrets/secrets.yml - secret: name: "mygitlab-gitaly-secret" items: - key: "token" path: gitaly/gitaly_token - secret: name: "mygitlab-redis-secret" items: - key: "secret" path: redis/redis-password - secret: name: "mygitlab-postgresql-password" items: - key: "postgresql-password" path: postgres/psql-password - secret: name: "mygitlab-gitlab-initial-root-password" items: - key: "password" path: migrations/initial_root_password - name: migrations-secrets emptyDir: medium: "Memory" - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: batch/v1 kind: Job metadata: name: mygitlab-minio-create-buckets-1 namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm spec: activeDeadlineSeconds: 600 template: metadata: labels: app: minio release: mygitlab component: create-buckets spec: restartPolicy: OnFailure volumes: - name: minio-configuration projected: sources: - configMap: name: mygitlab-minio-config-cm - secret: name: "mygitlab-minio-secret" containers: - name: minio-mc image: minio/mc:RELEASE.2018-07-13T00-53-22Z imagePullPolicy: IfNotPresent command: ["/bin/sh", "/config/initialize"] env: - name: MINIO_ENDPOINT value: mygitlab-minio-svc - name: MINIO_PORT value: "9000" resources: requests: cpu: 50m volumeMounts: - name: minio-configuration mountPath: /config --- apiVersion: batch/v1 kind: Job metadata: name: mygitlab-shared-secrets-1-7d3 namespace: public-service labels: app: shared-secrets chart: shared-secrets-0.1.0 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation spec: template: metadata: labels: app: shared-secrets release: mygitlab spec: containers: - name: shared-secrets image: registry.gitlab.com/gitlab-org/build/cng/kubectl:1.13.12 imagePullPolicy: IfNotPresent command: ['/bin/bash', '/scripts/generate-secrets'] resources: requests: cpu: 50m volumeMounts: - name: scripts mountPath: /scripts - name: ssh mountPath: /etc/ssh securityContext: runAsUser: 65534 fsGroup: 65534 serviceAccountName: mygitlab-shared-secrets restartPolicy: Never volumes: - name: scripts configMap: name: mygitlab-shared-secrets - name: ssh emptyDir: {} --- apiVersion: batch/v1 kind: Job metadata: name: mygitlab-gitlab-upgrade-check namespace: public-service labels: app: gitlab chart: gitlab-4.4.3 release: mygitlab heritage: Helm annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-10" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation spec: backoffLimit: 2 template: metadata: labels: app: gitlab release: mygitlab spec: containers: - name: run-check image: busybox:latest imagePullPolicy: IfNotPresent command: ['/bin/sh', '/scripts/runcheck'] env: - name: GITLAB_VERSION value: '13.4.3' - name: CHART_VERSION value: '4.4.3' resources: requests: cpu: 50m volumeMounts: - name: chart-info mountPath: /chart-info - name: scripts mountPath: /scripts - name: postgresql-secret mountPath: /etc/secrets/postgresql securityContext: runAsUser: 65534 fsGroup: 65534 restartPolicy: Never volumes: - name: chart-info configMap: name: mygitlab-gitlab-chart-info optional: true - name: scripts configMap: name: mygitlab-gitlab-upgrade-check - name: postgresql-secret secret: secretName: "mygitlab-postgresql-password" optional: true --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-gitlab-shell namespace: public-service labels: app: gitlab-shell chart: gitlab-shell-4.4.3 release: mygitlab heritage: Helm spec: selector: matchLabels: app: gitlab-shell release: mygitlab template: metadata: labels: app: gitlab-shell release: mygitlab annotations: checksum/config: 46ab9b5d3fe8a8f0cc1e5ea72cf845665194a324cefeba0a20f0e8fc5d6fd5a6 checksum/config-sshd: 21b394f58ef0726c064cf79d081badea49333e086db091e7b997c7fb1bd3244a cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh', '/config/configure'] env: resources: requests: cpu: 50m volumeMounts: - name: shell-config mountPath: /config readOnly: true - name: shell-init-secrets mountPath: /init-config readOnly: true - name: shell-secrets mountPath: /init-secrets readOnly: false containers: - name: gitlab-shell image: registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.7.0 imagePullPolicy: IfNotPresent ports: - containerPort: 2222 name: ssh env: - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/etc/gitlab-shell' - name: CONFIG_DIRECTORY value: '/srv/gitlab-shell' - name: KEYS_DIRECTORY value: '/etc/gitlab-secrets/ssh' resources: requests: cpu: 0 memory: 6M livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: shell-config mountPath: '/etc/gitlab-shell' - name: shell-secrets mountPath: '/etc/gitlab-secrets' readOnly: true - name: sshd-config mountPath: /etc/ssh/sshd_config subPath: sshd_config readOnly: true - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: gitlab-shell release: mygitlab volumes: - name: shell-config configMap: name: mygitlab-gitlab-shell - name: sshd-config configMap: name: mygitlab-gitlab-shell-sshd - name: shell-init-secrets projected: defaultMode: 0440 sources: - secret: name: "mygitlab-gitlab-shell-host-keys" - secret: name: "mygitlab-gitlab-shell-secret" items: - key: "secret" path: shell/.gitlab_shell_secret - name: shell-secrets emptyDir: medium: "Memory" - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-sidekiq-all-in-1-v1 namespace: public-service labels: app: sidekiq chart: sidekiq-4.4.3 release: mygitlab heritage: Helm queue-pod-name: all-in-1 annotations: spec: selector: matchLabels: app: sidekiq release: mygitlab queue-pod-name: all-in-1 template: metadata: labels: app: sidekiq release: mygitlab queue-pod-name: all-in-1 annotations: checksum/configmap: 921fb38b031a078a15f3f3fb1cfde53f57505932286ece4c659eddf6ac605eaa cluster-autoscaler.kubernetes.io/safe-to-evict: "true" checksum/configmap-pod: 011e0bfb9573e059c114bcaf0f841300a4b3c63bad09b1fe76b4192e7801a320 spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh', '/config/configure'] env: resources: requests: cpu: 50m volumeMounts: - name: sidekiq-config mountPath: /config readOnly: true - name: init-sidekiq-secrets mountPath: /init-config readOnly: true - name: sidekiq-secrets mountPath: /init-secrets readOnly: false - name: dependencies image: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v13.4.3 imagePullPolicy: IfNotPresent args: - /scripts/wait-for-deps env: - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' - name: SIDEKIQ_CONCURRENCY value: "25" - name: SIDEKIQ_TIMEOUT value: "5" - name: ENABLE_BOOTSNAP value: "1" resources: requests: cpu: 50m volumeMounts: - name: sidekiq-config mountPath: '/var/opt/gitlab/templates' readOnly: true - name: sidekiq-secrets mountPath: '/etc/gitlab' readOnly: true - name: sidekiq-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml readOnly: true containers: - name: sidekiq image: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v13.4.3 imagePullPolicy: IfNotPresent ports: - containerPort: 3807 name: metrics env: - name: prometheus_multiproc_dir value: /metrics - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' - name: SIDEKIQ_CLUSTER value: "true" - name: SIDEKIQ_EXPERIMENTAL_QUEUE_SELECTOR value: "" - name: SIDEKIQ_CONCURRENCY value: "25" - name: SIDEKIQ_TIMEOUT value: "5" - name: SIDEKIQ_QUEUES value: - name: SIDEKIQ_NEGATE_QUEUES value: - name: SIDEKIQ_DAEMON_MEMORY_KILLER value: "1" - name: SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL value: "3" - name: SIDEKIQ_MEMORY_KILLER_MAX_RSS value: "2000000" - name: SIDEKIQ_MEMORY_KILLER_GRACE_TIME value: "900" - name: SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT value: "30" - name: ENABLE_BOOTSNAP value: "1" resources: requests: cpu: 50m memory: 650M livenessProbe: httpGet: path: /liveness port: 3807 initialDelaySeconds: 20 periodSeconds: 60 timeoutSeconds: 30 successThreshold: 1 failureThreshold: 3 lifecycle: preStop: exec: command: ["/bin/bash", "-c", "pkill -f 'sidekiq'"] volumeMounts: - name: sidekiq-metrics mountPath: '/metrics' - name: sidekiq-config mountPath: '/var/opt/gitlab/templates' readOnly: true - name: sidekiq-secrets mountPath: '/etc/gitlab' readOnly: true - name: sidekiq-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - name: sidekiq-config mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb' subPath: smtp_settings.rb - name: sidekiq-config mountPath: '/srv/gitlab/INSTALLATION_TYPE' subPath: installation_type - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: sidekiq release: mygitlab volumes: - name: sidekiq-metrics emptyDir: medium: "Memory" - name: sidekiq-config projected: sources: - configMap: name: mygitlab-sidekiq - configMap: name: mygitlab-sidekiq-all-in-1 - name: init-sidekiq-secrets projected: defaultMode: 0400 sources: - secret: name: "mygitlab-rails-secret" items: - key: secrets.yml path: rails-secrets/secrets.yml - secret: name: "mygitlab-gitaly-secret" items: - key: "token" path: gitaly/gitaly_token - secret: name: "mygitlab-redis-secret" items: - key: "secret" path: redis/redis-password - secret: name: "mygitlab-postgresql-password" items: - key: "postgresql-password" path: postgres/psql-password - secret: name: "mygitlab-registry-secret" items: - key: registry-auth.key path: registry/gitlab-registry.key - secret: name: "mygitlab-minio-secret" items: - key: accesskey path: minio/accesskey - key: secretkey path: minio/secretkey - name: sidekiq-secrets emptyDir: medium: "Memory" - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-task-runner namespace: public-service labels: app: task-runner chart: task-runner-4.4.3 release: mygitlab heritage: Helm spec: replicas: 1 strategy: rollingUpdate: null type: Recreate selector: matchLabels: app: task-runner release: mygitlab template: metadata: labels: app: task-runner release: mygitlab annotations: checksum/config: c41ae826b096c5687245010fb995ab86ed87009d6288081a114073ae755e8d0b cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh', '/config/configure'] resources: requests: cpu: 50m volumeMounts: - name: task-runner-config mountPath: /config readOnly: true - name: init-task-runner-secrets mountPath: /init-config readOnly: true - name: task-runner-secrets mountPath: /init-secrets readOnly: false containers: - name: task-runner image: registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:v13.4.3 imagePullPolicy: IfNotPresent args: - /bin/bash - -c - cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity env: - name: ARTIFACTS_BUCKET_NAME value: gitlab-artifacts - name: REGISTRY_BUCKET_NAME value: registry - name: LFS_BUCKET_NAME value: git-lfs - name: UPLOADS_BUCKET_NAME value: gitlab-uploads - name: PACKAGES_BUCKET_NAME value: gitlab-packages - name: EXTERNAL_DIFFS_BUCKET_NAME value: gitlab-mr-diffs - name: TERRAFORM_STATE_BUCKET_NAME value: gitlab-terraform-state - name: BACKUP_BUCKET_NAME value: gitlab-backups - name: BACKUP_BACKEND value: s3 - name: TMP_BUCKET_NAME value: tmp - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: ENABLE_BOOTSNAP value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' resources: requests: cpu: 50m memory: 350M volumeMounts: - name: task-runner-config mountPath: '/var/opt/gitlab/templates' - name: task-runner-config mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb' subPath: smtp_settings.rb - name: task-runner-secrets mountPath: '/etc/gitlab' readOnly: true - name: task-runner-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - name: task-runner-tmp mountPath: '/srv/gitlab/tmp' readOnly: false - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: gitaly release: mygitlab volumes: - name: task-runner-config projected: sources: - configMap: name: mygitlab-task-runner - name: task-runner-tmp emptyDir: {} - name: init-task-runner-secrets projected: defaultMode: 0400 sources: - secret: name: "mygitlab-rails-secret" items: - key: secrets.yml path: rails-secrets/secrets.yml - secret: name: "mygitlab-gitlab-shell-secret" items: - key: "secret" path: shell/.gitlab_shell_secret - secret: name: "mygitlab-gitaly-secret" items: - key: "token" path: gitaly/gitaly_token - secret: name: "mygitlab-redis-secret" items: - key: "secret" path: redis/redis-password - secret: name: "mygitlab-postgresql-password" items: - key: "postgresql-password" path: postgres/psql-password - secret: name: "mygitlab-registry-secret" items: - key: registry-auth.key path: registry/gitlab-registry.key - secret: name: "mygitlab-minio-secret" items: - key: accesskey path: minio/accesskey - key: secretkey path: minio/secretkey - name: task-runner-secrets emptyDir: medium: "Memory" - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-webservice namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm spec: replicas: 1 selector: matchLabels: app: webservice release: mygitlab template: metadata: labels: app: webservice release: mygitlab annotations: checksum/config: 802a297cd7611bf25bf5c44318a5859659dc86fe3ec578ec4605fbb8a408aa81 cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh'] args: [ '-c', 'sh -x /config-webservice/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab'] resources: requests: cpu: 50m volumeMounts: - name: webservice-config mountPath: /config-webservice readOnly: true - name: workhorse-config mountPath: /config-workhorse readOnly: true - name: init-webservice-secrets mountPath: /init-config readOnly: true - name: webservice-secrets mountPath: /init-secrets readOnly: false - name: workhorse-secrets mountPath: /init-secrets-workhorse readOnly: false - name: shared-tmp mountPath: /tmp readOnly: false - name: dependencies image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v13.4.3 imagePullPolicy: IfNotPresent args: - /scripts/wait-for-deps env: - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "1" - name: ENABLE_BOOTSNAP value: "1" resources: requests: cpu: 50m volumeMounts: - name: webservice-config mountPath: '/var/opt/gitlab/templates' - name: webservice-secrets mountPath: '/etc/gitlab' readOnly: true - name: webservice-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml readOnly: true containers: - name: webservice image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v13.4.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: webservice env: - name: GITLAB_WEBSERVER value: puma - name: TMPDIR value: "/tmp/gitlab" - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' - name: prometheus_multiproc_dir value: /metrics - name: ENABLE_BOOTSNAP value: "1" - name: WORKER_PROCESSES value: "2" - name: WORKER_TIMEOUT value: "60" - name: INTERNAL_PORT value: "8080" - name: PUMA_THREADS_MIN value: "4" - name: PUMA_THREADS_MAX value: "4" - name: PUMA_WORKER_MAX_MEMORY value: "1024" - name: DISABLE_PUMA_WORKER_KILLER value: "false" - name: GITLAB_TRACING_URL value: "" - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "true" resources: limits: cpu: 300m memory: 2.0G requests: cpu: 300m memory: 1.5G lifecycle: preStop: exec: command: ["/bin/bash", "-c", "pkill -SIGINT -o ruby"] volumeMounts: - name: webservice-metrics mountPath: '/metrics' - name: webservice-config mountPath: '/var/opt/gitlab/templates' - name: webservice-secrets mountPath: '/etc/gitlab' readOnly: true - name: webservice-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - name: webservice-config mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb' subPath: smtp_settings.rb - name: webservice-config mountPath: '/srv/gitlab/INSTALLATION_TYPE' subPath: installation_type - name: shared-upload-directory mountPath: /srv/gitlab/public/uploads/tmp readOnly: false - name: shared-tmp mountPath: '/tmp' readOnly: false - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true - name: gitlab-workhorse image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v13.4.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8181 name: workhorse env: - name: TMPDIR value: "/tmp/gitlab" - name: GITLAB_WORKHORSE_EXTRA_ARGS value: "" - name: GITLAB_WORKHORSE_LISTEN_PORT value: "8181" - name: GITLAB_WORKHORSE_LOG_FORMAT value: "json" - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' resources: requests: cpu: 100m memory: 100M livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 20 periodSeconds: 60 timeoutSeconds: 30 successThreshold: 1 failureThreshold: 3 readinessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: workhorse-config mountPath: '/var/opt/gitlab/templates' - name: workhorse-secrets mountPath: '/etc/gitlab' readOnly: true - name: shared-upload-directory mountPath: /srv/gitlab/public/uploads/tmp readOnly: false - name: shared-tmp mountPath: '/tmp' readOnly: false - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: webservice release: mygitlab volumes: - name: shared-tmp emptyDir: {} - name: webservice-metrics emptyDir: medium: "Memory" - name: webservice-config configMap: name: mygitlab-webservice - name: workhorse-config configMap: name: mygitlab-workhorse-config - name: init-webservice-secrets projected: defaultMode: 0400 sources: - secret: name: "mygitlab-rails-secret" items: - key: secrets.yml path: rails-secrets/secrets.yml - secret: name: "mygitlab-gitlab-shell-secret" items: - key: "secret" path: shell/.gitlab_shell_secret - secret: name: "mygitlab-gitaly-secret" items: - key: "token" path: gitaly/gitaly_token - secret: name: "mygitlab-redis-secret" items: - key: "secret" path: redis/redis-password - secret: name: "mygitlab-postgresql-password" items: - key: "postgresql-password" path: postgres/psql-password - secret: name: "mygitlab-registry-secret" items: - key: registry-auth.key path: registry/gitlab-registry.key - secret: name: "mygitlab-gitlab-workhorse-secret" items: - key: "shared_secret" path: gitlab-workhorse/secret - secret: name: "mygitlab-minio-secret" items: - key: accesskey path: minio/accesskey - key: secretkey path: minio/secretkey - name: webservice-secrets emptyDir: medium: "Memory" - name: workhorse-secrets emptyDir: medium: "Memory" - name: shared-upload-directory emptyDir: {} - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-minio namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm spec: strategy: type: Recreate rollingUpdate: null selector: matchLabels: app: minio release: mygitlab component: app template: metadata: name: mygitlab-minio labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm component: app spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ["sh", "/config/configure"] resources: requests: cpu: 50m volumeMounts: - name: minio-configuration mountPath: /config - name: minio-server-config mountPath: /minio containers: - name: minio image: minio/minio:RELEASE.2017-12-28T01-21-00Z imagePullPolicy: IfNotPresent args: ["-C", "/tmp/.minio", "--quiet", "server", "/export"] ports: - name: service containerPort: 9000 resources: requests: cpu: 100m memory: 128Mi livenessProbe: tcpSocket: port: 9000 timeoutSeconds: 1 volumeMounts: - name: export mountPath: /export - name: minio-server-config mountPath: "/tmp/.minio" - name: podinfo mountPath: /podinfo readOnly: false securityContext: runAsUser: 0 fsGroup: 0 volumes: - name: podinfo downwardAPI: items: - path: "labels" fieldRef: fieldPath: metadata.labels - name: export persistentVolumeClaim: claimName: mygitlab-minio - name: minio-configuration projected: sources: - configMap: name: mygitlab-minio-config-cm - secret: name: "mygitlab-minio-secret" - name: minio-server-config emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: Deployment metadata: name: mygitlab-registry namespace: public-service labels: app: registry chart: registry-0.5.0 release: mygitlab heritage: Helm spec: replicas: 2 selector: matchLabels: app: registry release: mygitlab template: metadata: labels: app: registry release: mygitlab annotations: checksum/configmap: 69bd8469e87e8e40463ee1f66fe73900ad3d77f5017f79a4277e6afe23d47814 cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ["sh", "/config/configure"] resources: requests: cpu: 50m volumeMounts: - name: registry-secrets mountPath: /config - name: registry-server-config mountPath: /registry containers: - name: registry image: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.11.0-gitlab imagePullPolicy: IfNotPresent resources: requests: cpu: 50m memory: 32Mi livenessProbe: httpGet: path: /debug/health port: 5001 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /debug/health port: 5001 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: registry-server-config mountPath: /etc/docker/registry/ readOnly: true - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: registry release: mygitlab terminationGracePeriodSeconds: 30 volumes: - name: registry-server-config emptyDir: medium: "Memory" - name: registry-secrets projected: sources: - configMap: name: mygitlab-registry - secret: name: "mygitlab-registry-secret" items: - key: registry-auth.crt path: certificate.crt - secret: name: "mygitlab-registry-httpsecret" items: - key: "secret" path: httpSecret - secret: name: "mygitlab-minio-secret" - name: etc-ssl-certs emptyDir: medium: "Memory" --- apiVersion: apps/v1 kind: StatefulSet metadata: name: mygitlab-gitaly namespace: public-service labels: app: gitaly chart: gitaly release: mygitlab heritage: Helm spec: serviceName: mygitlab-gitaly replicas: 1 podManagementPolicy: Parallel selector: matchLabels: app: gitaly release: mygitlab template: metadata: labels: app: gitaly release: mygitlab annotations: checksum/config: 5931700e79c4a679dcdf02f2de56911130da8ff68385fc51f9f00bfc4004dc26 spec: terminationGracePeriodSeconds: 30 initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh', '/config/configure'] resources: requests: cpu: 50m volumeMounts: - name: gitaly-config mountPath: /config readOnly: true - name: init-gitaly-secrets mountPath: /init-config readOnly: true - name: gitaly-secrets mountPath: /init-secrets readOnly: false containers: - name: gitaly image: registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.4.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8075 - containerPort: 9236 env: - name: CONFIG_TEMPLATE_DIRECTORY value: '/etc/gitaly/templates' - name: CONFIG_DIRECTORY value: '/etc/gitaly' - name: GITALY_CONFIG_FILE value: '/etc/gitaly/config.toml' - name: SSL_CERT_DIR value: '/etc/ssl/certs' - name: GITALY_PROMETHEUS_LISTEN_ADDR value: ':9236' resources: requests: cpu: 100m memory: 200Mi livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 10 readinessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 10 volumeMounts: - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true - name: gitaly-config mountPath: '/etc/gitaly/templates' - name: gitaly-secrets mountPath: '/etc/gitlab-secrets' readOnly: true - name: repo-data mountPath: '/home/git/repositories' securityContext: runAsUser: 0 fsGroup: 0 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: gitaly release: mygitlab volumes: - name: gitaly-config configMap: name: mygitlab-gitaly - name: gitaly-secrets emptyDir: medium: "Memory" - name: init-gitaly-secrets projected: defaultMode: 0440 sources: - secret: name: "mygitlab-gitaly-secret" items: - key: "token" path: "gitaly_token" - secret: name: "mygitlab-gitlab-shell-secret" items: - key: "secret" path: ".gitlab_shell_secret" - name: etc-ssl-certs emptyDir: medium: "Memory" volumeClaimTemplates: - metadata: name: repo-data labels: app: gitlab component: gitaly spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "50Gi" selector: matchLabels: app: gitlab component: gitaly --- apiVersion: apps/v1 kind: StatefulSet metadata: name: mygitlab-postgresql namespace: public-service labels: app: postgresql chart: postgresql-8.9.4 release: mygitlab heritage: Helm spec: serviceName: mygitlab-postgresql-headless replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app: postgresql release: mygitlab role: master template: metadata: name: mygitlab-postgresql labels: app: postgresql chart: postgresql-8.9.4 release: mygitlab heritage: Helm role: master annotations: postgresql.gitlab/init-revision: "1" spec: containers: - name: mygitlab-postgresql image: docker.io/bitnami/postgresql:11.9.0 imagePullPolicy: IfNotPresent ports: - name: tcp-postgresql containerPort: 5432 env: - name: BITNAMI_DEBUG value: "false" - name: POSTGRESQL_PORT_NUMBER value: "5432" - name: POSTGRESQL_VOLUME_DIR value: "/bitnami/postgresql" - name: PGDATA value: "/bitnami/postgresql/data" - name: POSTGRES_POSTGRES_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - name: POSTGRES_USER value: "gitlab" - name: POSTGRES_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" - name: POSTGRES_DB value: "gitlabhq_production" - name: POSTGRESQL_ENABLE_LDAP value: "no" resources: requests: cpu: 250m memory: 256Mi livenessProbe: exec: command: - /bin/sh - -c - exec pg_isready -U "gitlab" -d "gitlabhq_production" -h 127.0.0.1 -p 5432 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 readinessProbe: exec: command: - /bin/sh - -c - -e - | exec pg_isready -U "gitlab" -d "gitlabhq_production" -h 127.0.0.1 -p 5432 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 securityContext: runAsUser: 0 volumeMounts: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ - name: dshm mountPath: /dev/shm - name: data mountPath: /bitnami/postgresql subPath: - mountPath: /docker-entrypoint-preinitdb.d/init_revision.sh name: custom-init-scripts subPath: init_revision.sh securityContext: fsGroup: 0 volumes: - name: postgresql-password secret: secretName: "mygitlab-postgresql-password" - name: custom-init-scripts configMap: name: mygitlab-postgresql-init-db - name: dshm emptyDir: medium: Memory sizeLimit: 1Gi volumeClaimTemplates: - metadata: name: data labels: app: gitlab component: postgresql spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" selector: matchLabels: app: gitlab component: postgresql --- apiVersion: apps/v1 kind: StatefulSet metadata: name: mygitlab-redis-master namespace: public-service labels: app: redis chart: redis-10.3.4 release: mygitlab heritage: Helm spec: updateStrategy: type: RollingUpdate selector: matchLabels: app: redis release: mygitlab role: master serviceName: mygitlab-redis-headless template: metadata: labels: app: redis chart: redis-10.3.4 release: mygitlab role: master annotations: checksum/health: 5365a9d25a22feb97b472b68f1d573c712def2a8b62488808f8ab2da882775d6 checksum/configmap: d27cfcc9b5348bb41605aaee762aa5d7f177f8ef50ea1e3e219ac5c227ec3222 checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 spec: containers: - name: mygitlab-redis image: docker.io/bitnami/redis:5.0.7-debian-9-r50 imagePullPolicy: IfNotPresent ports: - name: redis containerPort: 6379 command: - /bin/bash - -c - | useradd redis chown -R redis /data if [[ -n $REDIS_PASSWORD_FILE ]]; then password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux fi if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf fi if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi ARGS=("--port" "${REDIS_PORT}") ARGS+=("--requirepass" "${REDIS_PASSWORD}") ARGS+=("--masterauth" "${REDIS_PASSWORD}") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") /run.sh ${ARGS[@]} env: - name: REDIS_REPLICATION_MODE value: master - name: REDIS_PASSWORD_FILE value: "/opt/bitnami/redis/secrets/redis-password" - name: REDIS_PORT value: "6379" livenessProbe: initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local.sh 5 readinessProbe: initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local.sh 5 securityContext: runAsUser: 0 volumeMounts: - name: health mountPath: /health - name: redis-password mountPath: /opt/bitnami/redis/secrets/ - name: redis-data mountPath: /data subPath: - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc/ securityContext: fsGroup: 0 serviceAccountName: "default" volumes: - name: health configMap: name: mygitlab-redis-health defaultMode: 0755 - name: redis-password secret: secretName: "mygitlab-redis-secret" items: - key: "secret" path: redis-password - name: config configMap: name: mygitlab-redis - name: redis-tmp-conf emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app: gitlab component: redis spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" selector: matchLabels: app: gitlab component: redis --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: mygitlab-webservice namespace: public-service labels: app: webservice chart: webservice-4.4.3 release: mygitlab heritage: Helm spec: rules: - host: gitlab.lzxlinux.com http: paths: - path: / backend: serviceName: mygitlab-webservice servicePort: 8181 - path: /admin/sidekiq backend: serviceName: mygitlab-webservice servicePort: 8080 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: mygitlab-minio namespace: public-service labels: app: minio chart: minio-0.4.3 release: mygitlab heritage: Helm spec: rules: - host: minio.lzxlinux.com http: paths: - path: / backend: serviceName: mygitlab-minio-svc servicePort: 9000 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: mygitlab-registry namespace: public-service labels: app: registry chart: registry-0.5.0 release: mygitlab heritage: Helm spec: rules: - host: registry.lzxlinux.com http: paths: - path: / backend: serviceName: mygitlab-registry servicePort: 5000
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
- 586
- 587
- 588
- 589
- 590
- 591
- 592
- 593
- 594
- 595
- 596
- 597
- 598
- 599
- 600
- 601
- 602
- 603
- 604
- 605
- 606
- 607
- 608
- 609
- 610
- 611
- 612
- 613
- 614
- 615
- 616
- 617
- 618
- 619
- 620
- 621
- 622
- 623
- 624
- 625
- 626
- 627
- 628
- 629
- 630
- 631
- 632
- 633
- 634
- 635
- 636
- 637
- 638
- 639
- 640
- 641
- 642
- 643
- 644
- 645
- 646
- 647
- 648
- 649
- 650
- 651
- 652
- 653
- 654
- 655
- 656
- 657
- 658
- 659
- 660
- 661
- 662
- 663
- 664
- 665
- 666
- 667
- 668
- 669
- 670
- 671
- 672
- 673
- 674
- 675
- 676
- 677
- 678
- 679
- 680
- 681
- 682
- 683
- 684
- 685
- 686
- 687
- 688
- 689
- 690
- 691
- 692
- 693
- 694
- 695
- 696
- 697
- 698
- 699
- 700
- 701
- 702
- 703
- 704
- 705
- 706
- 707
- 708
- 709
- 710
- 711
- 712
- 713
- 714
- 715
- 716
- 717
- 718
- 719
- 720
- 721
- 722
- 723
- 724
- 725
- 726
- 727
- 728
- 729
- 730
- 731
- 732
- 733
- 734
- 735
- 736
- 737
- 738
- 739
- 740
- 741
- 742
- 743
- 744
- 745
- 746
- 747
- 748
- 749
- 750
- 751
- 752
- 753
- 754
- 755
- 756
- 757
- 758
- 759
- 760
- 761
- 762
- 763
- 764
- 765
- 766
- 767
- 768
- 769
- 770
- 771
- 772
- 773
- 774
- 775
- 776
- 777
- 778
- 779
- 780
- 781
- 782
- 783
- 784
- 785
- 786
- 787
- 788
- 789
- 790
- 791
- 792
- 793
- 794
- 795
- 796
- 797
- 798
- 799
- 800
- 801
- 802
- 803
- 804
- 805
- 806
- 807
- 808
- 809
- 810
- 811
- 812
- 813
- 814
- 815
- 816
- 817
- 818
- 819
- 820
- 821
- 822
- 823
- 824
- 825
- 826
- 827
- 828
- 829
- 830
- 831
- 832
- 833
- 834
- 835
- 836
- 837
- 838
- 839
- 840
- 841
- 842
- 843
- 844
- 845
- 846
- 847
- 848
- 849
- 850
- 851
- 852
- 853
- 854
- 855
- 856
- 857
- 858
- 859
- 860
- 861
- 862
- 863
- 864
- 865
- 866
- 867
- 868
- 869
- 870
- 871
- 872
- 873
- 874
- 875
- 876
- 877
- 878
- 879
- 880
- 881
- 882
- 883
- 884
- 885
- 886
- 887
- 888
- 889
- 890
- 891
- 892
- 893
- 894
- 895
- 896
- 897
- 898
- 899
- 900
- 901
- 902
- 903
- 904
- 905
- 906
- 907
- 908
- 909
- 910
- 911
- 912
- 913
- 914
- 915
- 916
- 917
- 918
- 919
- 920
- 921
- 922
- 923
- 924
- 925
- 926
- 927
- 928
- 929
- 930
- 931
- 932
- 933
- 934
- 935
- 936
- 937
- 938
- 939
- 940
- 941
- 942
- 943
- 944
- 945
- 946
- 947
- 948
- 949
- 950
- 951
- 952
- 953
- 954
- 955
- 956
- 957
- 958
- 959
- 960
- 961
- 962
- 963
- 964
- 965
- 966
- 967
- 968
- 969
- 970
- 971
- 972
- 973
- 974
- 975
- 976
- 977
- 978
- 979
- 980
- 981
- 982
- 983
- 984
- 985
- 986
- 987
- 988
- 989
- 990
- 991
- 992
- 993
- 994
- 995
- 996
- 997
- 998
- 999
- 1000
- 1001
- 1002
- 1003
- 1004
- 1005
- 1006
- 1007
- 1008
- 1009
- 1010
- 1011
- 1012
- 1013
- 1014
- 1015
- 1016
- 1017
- 1018
- 1019
- 1020
- 1021
- 1022
- 1023
- 1024
- 1025
- 1026
- 1027
- 1028
- 1029
- 1030
- 1031
- 1032
- 1033
- 1034
- 1035
- 1036
- 1037
- 1038
- 1039
- 1040
- 1041
- 1042
- 1043
- 1044
- 1045
- 1046
- 1047
- 1048
- 1049
- 1050
- 1051
- 1052
- 1053
- 1054
- 1055
- 1056
- 1057
- 1058
- 1059
- 1060
- 1061
- 1062
- 1063
- 1064
- 1065
- 1066
- 1067
- 1068
- 1069
- 1070
- 1071
- 1072
- 1073
- 1074
- 1075
- 1076
- 1077
- 1078
- 1079
- 1080
- 1081
- 1082
- 1083
- 1084
- 1085
- 1086
- 1087
- 1088
- 1089
- 1090
- 1091
- 1092
- 1093
- 1094
- 1095
- 1096
- 1097
- 1098
- 1099
- 1100
- 1101
- 1102
- 1103
- 1104
- 1105
- 1106
- 1107
- 1108
- 1109
- 1110
- 1111
- 1112
- 1113
- 1114
- 1115
- 1116
- 1117
- 1118
- 1119
- 1120
- 1121
- 1122
- 1123
- 1124
- 1125
- 1126
- 1127
- 1128
- 1129
- 1130
- 1131
- 1132
- 1133
- 1134
- 1135
- 1136
- 1137
- 1138
- 1139
- 1140
- 1141
- 1142
- 1143
- 1144
- 1145
- 1146
- 1147
- 1148
- 1149
- 1150
- 1151
- 1152
- 1153
- 1154
- 1155
- 1156
- 1157
- 1158
- 1159
- 1160
- 1161
- 1162
- 1163
- 1164
- 1165
- 1166
- 1167
- 1168
- 1169
- 1170
- 1171
- 1172
- 1173
- 1174
- 1175
- 1176
- 1177
- 1178
- 1179
- 1180
- 1181
- 1182
- 1183
- 1184
- 1185
- 1186
- 1187
- 1188
- 1189
- 1190
- 1191
- 1192
- 1193
- 1194
- 1195
- 1196
- 1197
- 1198
- 1199
- 1200
- 1201
- 1202
- 1203
- 1204
- 1205
- 1206
- 1207
- 1208
- 1209
- 1210
- 1211
- 1212
- 1213
- 1214
- 1215
- 1216
- 1217
- 1218
- 1219
- 1220
- 1221
- 1222
- 1223
- 1224
- 1225
- 1226
- 1227
- 1228
- 1229
- 1230
- 1231
- 1232
- 1233
- 1234
- 1235
- 1236
- 1237
- 1238
- 1239
- 1240
- 1241
- 1242
- 1243
- 1244
- 1245
- 1246
- 1247
- 1248
- 1249
- 1250
- 1251
- 1252
- 1253
- 1254
- 1255
- 1256
- 1257
- 1258
- 1259
- 1260
- 1261
- 1262
- 1263
- 1264
- 1265
- 1266
- 1267
- 1268
- 1269
- 1270
- 1271
- 1272
- 1273
- 1274
- 1275
- 1276
- 1277
- 1278
- 1279
- 1280
- 1281
- 1282
- 1283
- 1284
- 1285
- 1286
- 1287
- 1288
- 1289
- 1290
- 1291
- 1292
- 1293
- 1294
- 1295
- 1296
- 1297
- 1298
- 1299
- 1300
- 1301
- 1302
- 1303
- 1304
- 1305
- 1306
- 1307
- 1308
- 1309
- 1310
- 1311
- 1312
- 1313
- 1314
- 1315
- 1316
- 1317
- 1318
- 1319
- 1320
- 1321
- 1322
- 1323
- 1324
- 1325
- 1326
- 1327
- 1328
- 1329
- 1330
- 1331
- 1332
- 1333
- 1334
- 1335
- 1336
- 1337
- 1338
- 1339
- 1340
- 1341
- 1342
- 1343
- 1344
- 1345
- 1346
- 1347
- 1348
- 1349
- 1350
- 1351
- 1352
- 1353
- 1354
- 1355
- 1356
- 1357
- 1358
- 1359
- 1360
- 1361
- 1362
- 1363
- 1364
- 1365
- 1366
- 1367
- 1368
- 1369
- 1370
- 1371
- 1372
- 1373
- 1374
- 1375
- 1376
- 1377
- 1378
- 1379
- 1380
- 1381
- 1382
- 1383
- 1384
- 1385
- 1386
- 1387
- 1388
- 1389
- 1390
- 1391
- 1392
- 1393
- 1394
- 1395
- 1396
- 1397
- 1398
- 1399
- 1400
- 1401
- 1402
- 1403
- 1404
- 1405
- 1406
- 1407
- 1408
- 1409
- 1410
- 1411
- 1412
- 1413
- 1414
- 1415
- 1416
- 1417
- 1418
- 1419
- 1420
- 1421
- 1422
- 1423
- 1424
- 1425
- 1426
- 1427
- 1428
- 1429
- 1430
- 1431
- 1432
- 1433
- 1434
- 1435
- 1436
- 1437
- 1438
- 1439
- 1440
- 1441
- 1442
- 1443
- 1444
- 1445
- 1446
- 1447
- 1448
- 1449
- 1450
- 1451
- 1452
- 1453
- 1454
- 1455
- 1456
- 1457
- 1458
- 1459
- 1460
- 1461
- 1462
- 1463
- 1464
- 1465
- 1466
- 1467
- 1468
- 1469
- 1470
- 1471
- 1472
- 1473
- 1474
- 1475
- 1476
- 1477
- 1478
- 1479
- 1480
- 1481
- 1482
- 1483
- 1484
- 1485
- 1486
- 1487
- 1488
- 1489
- 1490
- 1491
- 1492
- 1493
- 1494
- 1495
- 1496
- 1497
- 1498
- 1499
- 1500
- 1501
- 1502
- 1503
- 1504
- 1505
- 1506
- 1507
- 1508
- 1509
- 1510
- 1511
- 1512
- 1513
- 1514
- 1515
- 1516
- 1517
- 1518
- 1519
- 1520
- 1521
- 1522
- 1523
- 1524
- 1525
- 1526
- 1527
- 1528
- 1529
- 1530
- 1531
- 1532
- 1533
- 1534
- 1535
- 1536
- 1537
- 1538
- 1539
- 1540
- 1541
- 1542
- 1543
- 1544
- 1545
- 1546
- 1547
- 1548
- 1549
- 1550
- 1551
- 1552
- 1553
- 1554
- 1555
- 1556
- 1557
- 1558
- 1559
- 1560
- 1561
- 1562
- 1563
- 1564
- 1565
- 1566
- 1567
- 1568
- 1569
- 1570
- 1571
- 1572
- 1573
- 1574
- 1575
- 1576
- 1577
- 1578
- 1579
- 1580
- 1581
- 1582
- 1583
- 1584
- 1585
- 1586
- 1587
- 1588
- 1589
- 1590
- 1591
- 1592
- 1593
- 1594
- 1595
- 1596
- 1597
- 1598
- 1599
- 1600
- 1601
- 1602
- 1603
- 1604
- 1605
- 1606
- 1607
- 1608
- 1609
- 1610
- 1611
- 1612
- 1613
- 1614
- 1615
- 1616
- 1617
- 1618
- 1619
- 1620
- 1621
- 1622
- 1623
- 1624
- 1625
- 1626
- 1627
- 1628
- 1629
- 1630
- 1631
- 1632
- 1633
- 1634
- 1635
- 1636
- 1637
- 1638
- 1639
- 1640
- 1641
- 1642
- 1643
- 1644
- 1645
- 1646
- 1647
- 1648
- 1649
- 1650
- 1651
- 1652
- 1653
- 1654
- 1655
- 1656
- 1657
- 1658
- 1659
- 1660
- 1661
- 1662
- 1663
- 1664
- 1665
- 1666
- 1667
- 1668
- 1669
- 1670
- 1671
- 1672
- 1673
- 1674
- 1675
- 1676
- 1677
- 1678
- 1679
- 1680
- 1681
- 1682
- 1683
- 1684
- 1685
- 1686
- 1687
- 1688
- 1689
- 1690
- 1691
- 1692
- 1693
- 1694
- 1695
- 1696
- 1697
- 1698
- 1699
- 1700
- 1701
- 1702
- 1703
- 1704
- 1705
- 1706
- 1707
- 1708
- 1709
- 1710
- 1711
- 1712
- 1713
- 1714
- 1715
- 1716
- 1717
- 1718
- 1719
- 1720
- 1721
- 1722
- 1723
- 1724
- 1725
- 1726
- 1727
- 1728
- 1729
- 1730
- 1731
- 1732
- 1733
- 1734
- 1735
- 1736
- 1737
- 1738
- 1739
- 1740
- 1741
- 1742
- 1743
- 1744
- 1745
- 1746
- 1747
- 1748
- 1749
- 1750
- 1751
- 1752
- 1753
- 1754
- 1755
- 1756
- 1757
- 1758
- 1759
- 1760
- 1761
- 1762
- 1763
- 1764
- 1765
- 1766
- 1767
- 1768
- 1769
- 1770
- 1771
- 1772
- 1773
- 1774
- 1775
- 1776
- 1777
- 1778
- 1779
- 1780
- 1781
- 1782
- 1783
- 1784
- 1785
- 1786
- 1787
- 1788
- 1789
- 1790
- 1791
- 1792
- 1793
- 1794
- 1795
- 1796
- 1797
- 1798
- 1799
- 1800
- 1801
- 1802
- 1803
- 1804
- 1805
- 1806
- 1807
- 1808
- 1809
- 1810
- 1811
- 1812
- 1813
- 1814
- 1815
- 1816
- 1817
- 1818
- 1819
- 1820
- 1821
- 1822
- 1823
- 1824
- 1825
- 1826
- 1827
- 1828
- 1829
- 1830
- 1831
- 1832
- 1833
- 1834
- 1835
- 1836
- 1837
- 1838
- 1839
- 1840
- 1841
- 1842
- 1843
- 1844
- 1845
- 1846
- 1847
- 1848
- 1849
- 1850
- 1851
- 1852
- 1853
- 1854
- 1855
- 1856
- 1857
- 1858
- 1859
- 1860
- 1861
- 1862
- 1863
- 1864
- 1865
- 1866
- 1867
- 1868
- 1869
- 1870
- 1871
- 1872
- 1873
- 1874
- 1875
- 1876
- 1877
- 1878
- 1879
- 1880
- 1881
- 1882
- 1883
- 1884
- 1885
- 1886
- 1887
- 1888
- 1889
- 1890
- 1891
- 1892
- 1893
- 1894
- 1895
- 1896
- 1897
- 1898
- 1899
- 1900
- 1901
- 1902
- 1903
- 1904
- 1905
- 1906
- 1907
- 1908
- 1909
- 1910
- 1911
- 1912
- 1913
- 1914
- 1915
- 1916
- 1917
- 1918
- 1919
- 1920
- 1921
- 1922
- 1923
- 1924
- 1925
- 1926
- 1927
- 1928
- 1929
- 1930
- 1931
- 1932
- 1933
- 1934
- 1935
- 1936
- 1937
- 1938
- 1939
- 1940
- 1941
- 1942
- 1943
- 1944
- 1945
- 1946
- 1947
- 1948
- 1949
- 1950
- 1951
- 1952
- 1953
- 1954
- 1955
- 1956
- 1957
- 1958
- 1959
- 1960
- 1961
- 1962
- 1963
- 1964
- 1965
- 1966
- 1967
- 1968
- 1969
- 1970
- 1971
- 1972
- 1973
- 1974
- 1975
- 1976
- 1977
- 1978
- 1979
- 1980
- 1981
- 1982
- 1983
- 1984
- 1985
- 1986
- 1987
- 1988
- 1989
- 1990
- 1991
- 1992
- 1993
- 1994
- 1995
- 1996
- 1997
- 1998
- 1999
- 2000
- 2001
- 2002
- 2003
- 2004
- 2005
- 2006
- 2007
- 2008
- 2009
- 2010
- 2011
- 2012
- 2013
- 2014
- 2015
- 2016
- 2017
- 2018
- 2019
- 2020
- 2021
- 2022
- 2023
- 2024
- 2025
- 2026
- 2027
- 2028
- 2029
- 2030
- 2031
- 2032
- 2033
- 2034
- 2035
- 2036
- 2037
- 2038
- 2039
- 2040
- 2041
- 2042
- 2043
- 2044
- 2045
- 2046
- 2047
- 2048
- 2049
- 2050
- 2051
- 2052
- 2053
- 2054
- 2055
- 2056
- 2057
- 2058
- 2059
- 2060
- 2061
- 2062
- 2063
- 2064
- 2065
- 2066
- 2067
- 2068
- 2069
- 2070
- 2071
- 2072
- 2073
- 2074
- 2075
- 2076
- 2077
- 2078
- 2079
- 2080
- 2081
- 2082
- 2083
- 2084
- 2085
- 2086
- 2087
- 2088
- 2089
- 2090
- 2091
- 2092
- 2093
- 2094
- 2095
- 2096
- 2097
- 2098
- 2099
- 2100
- 2101
- 2102
- 2103
- 2104
- 2105
- 2106
- 2107
- 2108
- 2109
- 2110
- 2111
- 2112
- 2113
- 2114
- 2115
- 2116
- 2117
- 2118
- 2119
- 2120
- 2121
- 2122
- 2123
- 2124
- 2125
- 2126
- 2127
- 2128
- 2129
- 2130
- 2131
- 2132
- 2133
- 2134
- 2135
- 2136
- 2137
- 2138
- 2139
- 2140
- 2141
- 2142
- 2143
- 2144
- 2145
- 2146
- 2147
- 2148
- 2149
- 2150
- 2151
- 2152
- 2153
- 2154
- 2155
- 2156
- 2157
- 2158
- 2159
- 2160
- 2161
- 2162
- 2163
- 2164
- 2165
- 2166
- 2167
- 2168
- 2169
- 2170
- 2171
- 2172
- 2173
- 2174
- 2175
- 2176
- 2177
- 2178
- 2179
- 2180
- 2181
- 2182
- 2183
- 2184
- 2185
- 2186
- 2187
- 2188
- 2189
- 2190
- 2191
- 2192
- 2193
- 2194
- 2195
- 2196
- 2197
- 2198
- 2199
- 2200
- 2201
- 2202
- 2203
- 2204
- 2205
- 2206
- 2207
- 2208
- 2209
- 2210
- 2211
- 2212
- 2213
- 2214
- 2215
- 2216
- 2217
- 2218
- 2219
- 2220
- 2221
- 2222
- 2223
- 2224
- 2225
- 2226
- 2227
- 2228
- 2229
- 2230
- 2231
- 2232
- 2233
- 2234
- 2235
- 2236
- 2237
- 2238
- 2239
- 2240
- 2241
- 2242
- 2243
- 2244
- 2245
- 2246
- 2247
- 2248
- 2249
- 2250
- 2251
- 2252
- 2253
- 2254
- 2255
- 2256
- 2257
- 2258
- 2259
- 2260
- 2261
- 2262
- 2263
- 2264
- 2265
- 2266
- 2267
- 2268
- 2269
- 2270
- 2271
- 2272
- 2273
- 2274
- 2275
- 2276
- 2277
- 2278
- 2279
- 2280
- 2281
- 2282
- 2283
- 2284
- 2285
- 2286
- 2287
- 2288
- 2289
- 2290
- 2291
- 2292
- 2293
- 2294
- 2295
- 2296
- 2297
- 2298
- 2299
- 2300
- 2301
- 2302
- 2303
- 2304
- 2305
- 2306
- 2307
- 2308
- 2309
- 2310
- 2311
- 2312
- 2313
- 2314
- 2315
- 2316
- 2317
- 2318
- 2319
- 2320
- 2321
- 2322
- 2323
- 2324
- 2325
- 2326
- 2327
- 2328
- 2329
- 2330
- 2331
- 2332
- 2333
- 2334
- 2335
- 2336
- 2337
- 2338
- 2339
- 2340
- 2341
- 2342
- 2343
- 2344
- 2345
- 2346
- 2347
- 2348
- 2349
- 2350
- 2351
- 2352
- 2353
- 2354
- 2355
- 2356
- 2357
- 2358
- 2359
- 2360
- 2361
- 2362
- 2363
- 2364
- 2365
- 2366
- 2367
- 2368
- 2369
- 2370
- 2371
- 2372
- 2373
- 2374
- 2375
- 2376
- 2377
- 2378
- 2379
- 2380
- 2381
- 2382
- 2383
- 2384
- 2385
- 2386
- 2387
- 2388
- 2389
- 2390
- 2391
- 2392
- 2393
- 2394
- 2395
- 2396
- 2397
- 2398
- 2399
- 2400
- 2401
- 2402
- 2403
- 2404
- 2405
- 2406
- 2407
- 2408
- 2409
- 2410
- 2411
- 2412
- 2413
- 2414
- 2415
- 2416
- 2417
- 2418
- 2419
- 2420
- 2421
- 2422
- 2423
- 2424
- 2425
- 2426
- 2427
- 2428
- 2429
- 2430
- 2431
- 2432
- 2433
- 2434
- 2435
- 2436
- 2437
- 2438
- 2439
- 2440
- 2441
- 2442
- 2443
- 2444
- 2445
- 2446
- 2447
- 2448
- 2449
- 2450
- 2451
- 2452
- 2453
- 2454
- 2455
- 2456
- 2457
- 2458
- 2459
- 2460
- 2461
- 2462
- 2463
- 2464
- 2465
- 2466
- 2467
- 2468
- 2469
- 2470
- 2471
- 2472
- 2473
- 2474
- 2475
- 2476
- 2477
- 2478
- 2479
- 2480
- 2481
- 2482
- 2483
- 2484
- 2485
- 2486
- 2487
- 2488
- 2489
- 2490
- 2491
- 2492
- 2493
- 2494
- 2495
- 2496
- 2497
- 2498
- 2499
- 2500
- 2501
- 2502
- 2503
- 2504
- 2505
- 2506
- 2507
- 2508
- 2509
- 2510
- 2511
- 2512
- 2513
- 2514
- 2515
- 2516
- 2517
- 2518
- 2519
- 2520
- 2521
- 2522
- 2523
- 2524
- 2525
- 2526
- 2527
- 2528
- 2529
- 2530
- 2531
- 2532
- 2533
- 2534
- 2535
- 2536
- 2537
- 2538
- 2539
- 2540
- 2541
- 2542
- 2543
- 2544
- 2545
- 2546
- 2547
- 2548
- 2549
- 2550
- 2551
- 2552
- 2553
- 2554
- 2555
- 2556
- 2557
- 2558
- 2559
- 2560
- 2561
- 2562
- 2563
- 2564
- 2565
- 2566
- 2567
- 2568
- 2569
- 2570
- 2571
- 2572
- 2573
- 2574
- 2575
- 2576
- 2577
- 2578
- 2579
- 2580
- 2581
- 2582
- 2583
- 2584
- 2585
- 2586
- 2587
- 2588
- 2589
- 2590
- 2591
- 2592
- 2593
- 2594
- 2595
- 2596
- 2597
- 2598
- 2599
- 2600
- 2601
- 2602
- 2603
- 2604
- 2605
- 2606
- 2607
- 2608
- 2609
- 2610
- 2611
- 2612
- 2613
- 2614
- 2615
- 2616
- 2617
- 2618
- 2619
- 2620
- 2621
- 2622
- 2623
- 2624
- 2625
- 2626
- 2627
- 2628
- 2629
- 2630
- 2631
- 2632
- 2633
- 2634
- 2635
- 2636
- 2637
- 2638
- 2639
- 2640
- 2641
- 2642
- 2643
- 2644
- 2645
- 2646
- 2647
- 2648
- 2649
- 2650
- 2651
- 2652
- 2653
- 2654
- 2655
- 2656
- 2657
- 2658
- 2659
- 2660
- 2661
- 2662
- 2663
- 2664
- 2665
- 2666
- 2667
- 2668
- 2669
- 2670
- 2671
- 2672
- 2673
- 2674
- 2675
- 2676
- 2677
- 2678
- 2679
- 2680
- 2681
- 2682
- 2683
- 2684
- 2685
- 2686
- 2687
- 2688
- 2689
- 2690
- 2691
- 2692
- 2693
- 2694
- 2695
- 2696
- 2697
- 2698
- 2699
- 2700
- 2701
- 2702
- 2703
- 2704
- 2705
- 2706
- 2707
- 2708
- 2709
- 2710
- 2711
- 2712
- 2713
- 2714
- 2715
- 2716
- 2717
- 2718
- 2719
- 2720
- 2721
- 2722
- 2723
- 2724
- 2725
- 2726
- 2727
- 2728
- 2729
- 2730
- 2731
- 2732
- 2733
- 2734
- 2735
- 2736
- 2737
- 2738
- 2739
- 2740
- 2741
- 2742
- 2743
- 2744
- 2745
- 2746
- 2747
- 2748
- 2749
- 2750
- 2751
- 2752
- 2753
- 2754
- 2755
- 2756
- 2757
- 2758
- 2759
- 2760
- 2761
- 2762
- 2763
- 2764
- 2765
- 2766
- 2767
- 2768
- 2769
- 2770
- 2771
- 2772
- 2773
- 2774
- 2775
- 2776
- 2777
- 2778
- 2779
- 2780
- 2781
- 2782
- 2783
- 2784
- 2785
- 2786
- 2787
- 2788
- 2789
- 2790
- 2791
- 2792
- 2793
- 2794
- 2795
- 2796
- 2797
- 2798
- 2799
- 2800
- 2801
- 2802
- 2803
- 2804
- 2805
- 2806
- 2807
- 2808
- 2809
- 2810
- 2811
- 2812
- 2813
- 2814
- 2815
- 2816
- 2817
- 2818
- 2819
- 2820
- 2821
- 2822
- 2823
- 2824
- 2825
- 2826
- 2827
- 2828
- 2829
- 2830
- 2831
- 2832
- 2833
- 2834
- 2835
- 2836
- 2837
- 2838
- 2839
- 2840
- 2841
- 2842
- 2843
- 2844
- 2845
- 2846
- 2847
- 2848
- 2849
- 2850
- 2851
- 2852
- 2853
- 2854
- 2855
- 2856
- 2857
- 2858
- 2859
- 2860
- 2861
- 2862
- 2863
- 2864
- 2865
- 2866
- 2867
- 2868
- 2869
- 2870
- 2871
- 2872
- 2873
- 2874
- 2875
- 2876
- 2877
- 2878
- 2879
- 2880
- 2881
- 2882
- 2883
- 2884
- 2885
- 2886
- 2887
- 2888
- 2889
- 2890
- 2891
- 2892
- 2893
- 2894
- 2895
- 2896
- 2897
- 2898
- 2899
- 2900
- 2901
- 2902
- 2903
- 2904
- 2905
- 2906
- 2907
- 2908
- 2909
- 2910
- 2911
- 2912
- 2913
- 2914
- 2915
- 2916
- 2917
- 2918
- 2919
- 2920
- 2921
- 2922
- 2923
- 2924
- 2925
- 2926
- 2927
- 2928
- 2929
- 2930
- 2931
- 2932
- 2933
- 2934
- 2935
- 2936
- 2937
- 2938
- 2939
- 2940
- 2941
- 2942
- 2943
- 2944
- 2945
- 2946
- 2947
- 2948
- 2949
- 2950
- 2951
- 2952
- 2953
- 2954
- 2955
- 2956
- 2957
- 2958
- 2959
- 2960
- 2961
- 2962
- 2963
- 2964
- 2965
- 2966
- 2967
- 2968
- 2969
- 2970
- 2971
- 2972
- 2973
- 2974
- 2975
- 2976
- 2977
- 2978
- 2979
- 2980
- 2981
- 2982
- 2983
- 2984
- 2985
- 2986
- 2987
- 2988
- 2989
- 2990
- 2991
- 2992
- 2993
- 2994
- 2995
- 2996
- 2997
- 2998
- 2999
- 3000
- 3001
- 3002
- 3003
- 3004
- 3005
- 3006
- 3007
- 3008
- 3009
- 3010
- 3011
- 3012
- 3013
- 3014
- 3015
- 3016
- 3017
- 3018
- 3019
- 3020
- 3021
- 3022
- 3023
- 3024
- 3025
- 3026
- 3027
- 3028
- 3029
- 3030
- 3031
- 3032
- 3033
- 3034
- 3035
- 3036
- 3037
- 3038
- 3039
- 3040
- 3041
- 3042
- 3043
- 3044
- 3045
- 3046
- 3047
- 3048
- 3049
- 3050
- 3051
- 3052
- 3053
- 3054
- 3055
- 3056
- 3057
- 3058
- 3059
- 3060
- 3061
- 3062
- 3063
- 3064
- 3065
- 3066
- 3067
- 3068
- 3069
- 3070
- 3071
- 3072
- 3073
- 3074
- 3075
- 3076
- 3077
- 3078
- 3079
- 3080
- 3081
- 3082
- 3083
- 3084
- 3085
- 3086
- 3087
- 3088
- 3089
- 3090
- 3091
- 3092
- 3093
- 3094
- 3095
- 3096
- 3097
- 3098
- 3099
- 3100
- 3101
- 3102
- 3103
- 3104
- 3105
- 3106
- 3107
- 3108
- 3109
- 3110
- 3111
- 3112
- 3113
- 3114
- 3115
- 3116
- 3117
- 3118
- 3119
- 3120
- 3121
- 3122
- 3123
- 3124
- 3125
- 3126
- 3127
- 3128
- 3129
- 3130
- 3131
- 3132
- 3133
- 3134
- 3135
- 3136
- 3137
- 3138
- 3139
- 3140
- 3141
- 3142
- 3143
- 3144
- 3145
- 3146
- 3147
- 3148
- 3149
- 3150
- 3151
- 3152
- 3153
- 3154
- 3155
- 3156
- 3157
- 3158
- 3159
- 3160
- 3161
- 3162
- 3163
- 3164
- 3165
- 3166
- 3167
- 3168
- 3169
- 3170
- 3171
- 3172
- 3173
- 3174
- 3175
- 3176
- 3177
- 3178
- 3179
- 3180
- 3181
- 3182
- 3183
- 3184
- 3185
- 3186
- 3187
- 3188
- 3189
- 3190
- 3191
- 3192
- 3193
- 3194
- 3195
- 3196
- 3197
- 3198
- 3199
- 3200
- 3201
- 3202
- 3203
- 3204
- 3205
- 3206
- 3207
- 3208
- 3209
- 3210
- 3211
- 3212
- 3213
- 3214
- 3215
- 3216
- 3217
- 3218
- 3219
- 3220
- 3221
- 3222
- 3223
- 3224
- 3225
- 3226
- 3227
- 3228
- 3229
- 3230
- 3231
- 3232
- 3233
- 3234
- 3235
- 3236
- 3237
- 3238
- 3239
- 3240
- 3241
- 3242
- 3243
- 3244
- 3245
- 3246
- 3247
- 3248
- 3249
- 3250
- 3251
- 3252
- 3253
- 3254
- 3255
- 3256
- 3257
- 3258
- 3259
- 3260
- 3261
- 3262
- 3263
- 3264
- 3265
- 3266
- 3267
- 3268
- 3269
- 3270
- 3271
- 3272
- 3273
- 3274
- 3275
- 3276
- 3277
- 3278
- 3279
- 3280
- 3281
- 3282
- 3283
- 3284
- 3285
- 3286
- 3287
- 3288
- 3289
- 3290
- 3291
- 3292
- 3293
- 3294
- 3295
- 3296
- 3297
- 3298
- 3299
- 3300
- 3301
- 3302
- 3303
- 3304
- 3305
- 3306
- 3307
- 3308
- 3309
- 3310
- 3311
- 3312
- 3313
- 3314
- 3315
- 3316
- 3317
- 3318
- 3319
- 3320
- 3321
- 3322
- 3323
- 3324
- 3325
- 3326
- 3327
- 3328
- 3329
- 3330
- 3331
- 3332
- 3333
- 3334
- 3335
- 3336
- 3337
- 3338
- 3339
- 3340
- 3341
- 3342
- 3343
- 3344
- 3345
- 3346
- 3347
- 3348
- 3349
- 3350
- 3351
- 3352
- 3353
- 3354
- 3355
- 3356
- 3357
- 3358
- 3359
- 3360
- 3361
- 3362
- 3363
- 3364
- 3365
- 3366
- 3367
- 3368
- 3369
- 3370
- 3371
- 3372
- 3373
- 3374
- 3375
- 3376
- 3377
- 3378
- 3379
- 3380
- 3381
- 3382
- 3383
- 3384
- 3385
- 3386
- 3387
- 3388
- 3389
- 3390
- 3391
- 3392
- 3393
- 3394
- 3395
- 3396
- 3397
- 3398
- 3399
- 3400
- 3401
- 3402
- 3403
- 3404
- 3405
- 3406
- 3407
- 3408
- 3409
- 3410
- 3411
- 3412
- 3413
- 3414
- 3415
- 3416
- 3417
- 3418
- 3419
- 3420
- 3421
- 3422
- 3423
- 3424
- 3425
- 3426
- 3427
- 3428
- 3429
- 3430
- 3431
- 3432
- 3433
- 3434
- 3435
- 3436
- 3437
- 3438
- 3439
- 3440
- 3441
- 3442
- 3443
- 3444
- 3445
- 3446
- 3447
- 3448
- 3449
- 3450
- 3451
- 3452
- 3453
- 3454
- 3455
- 3456
- 3457
- 3458
- 3459
- 3460
- 3461
- 3462
- 3463
- 3464
- 3465
- 3466
- 3467
- 3468
- 3469
- 3470
- 3471
- 3472
- 3473
- 3474
- 3475
- 3476
- 3477
- 3478
- 3479
- 3480
- 3481
- 3482
- 3483
- 3484
- 3485
- 3486
- 3487
- 3488
- 3489
- 3490
- 3491
- 3492
- 3493
- 3494
- 3495
- 3496
- 3497
- 3498
- 3499
- 3500
- 3501
- 3502
- 3503
- 3504
- 3505
- 3506
- 3507
- 3508
- 3509
- 3510
- 3511
- 3512
- 3513
- 3514
- 3515
- 3516
- 3517
- 3518
- 3519
- 3520
- 3521
- 3522
- 3523
- 3524
- 3525
- 3526
- 3527
- 3528
- 3529
- 3530
- 3531
- 3532
- 3533
- 3534
- 3535
- 3536
- 3537
- 3538
- 3539
- 3540
- 3541
- 3542
- 3543
- 3544
- 3545
- 3546
- 3547
- 3548
- 3549
- 3550
- 3551
- 3552
- 3553
- 3554
- 3555
- 3556
- 3557
- 3558
- 3559
- 3560
- 3561
- 3562
- 3563
- 3564
- 3565
- 3566
- 3567
- 3568
- 3569
- 3570
- 3571
- 3572
- 3573
- 3574
- 3575
- 3576
- 3577
- 3578
- 3579
- 3580
- 3581
- 3582
- 3583
- 3584
- 3585
- 3586
- 3587
- 3588
- 3589
- 3590
- 3591
- 3592
- 3593
- 3594
- 3595
- 3596
- 3597
- 3598
- 3599
- 3600
- 3601
- 3602
- 3603
- 3604
- 3605
- 3606
- 3607
- 3608
- 3609
- 3610
- 3611
- 3612
- 3613
- 3614
- 3615
- 3616
- 3617
- 3618
- 3619
- 3620
- 3621
- 3622
- 3623
- 3624
- 3625
- 3626
- 3627
- 3628
- 3629
- 3630
- 3631
- 3632
- 3633
- 3634
- 3635
- 3636
- 3637
- 3638
- 3639
- 3640
- 3641
- 3642
- 3643
- 3644
- 3645
- 3646
- 3647
- 3648
- 3649
- 3650
- 3651
- 3652
- 3653
- 3654
- 3655
- 3656
- 3657
- 3658
- 3659
- 3660
- 3661
- 3662
- 3663
- 3664
- 3665
- 3666
- 3667
- 3668
- 3669
- 3670
- 3671
- 3672
- 3673
- 3674
- 3675
- 3676
- 3677
- 3678
- 3679
- 3680
- 3681
- 3682
- 3683
- 3684
- 3685
- 3686
- 3687
- 3688
- 3689
- 3690
- 3691
- 3692
- 3693
- 3694
- 3695
- 3696
- 3697
- 3698
- 3699
- 3700
- 3701
- 3702
- 3703
- 3704
- 3705
- 3706
- 3707
- 3708
- 3709
- 3710
- 3711
- 3712
- 3713
- 3714
- 3715
- 3716
- 3717
- 3718
- 3719
- 3720
- 3721
- 3722
- 3723
- 3724
- 3725
- 3726
- 3727
- 3728
- 3729
- 3730
- 3731
- 3732
- 3733
- 3734
- 3735
- 3736
- 3737
- 3738
- 3739
- 3740
- 3741
- 3742
- 3743
- 3744
- 3745
- 3746
- 3747
- 3748
- 3749
- 3750
- 3751
- 3752
- 3753
- 3754
- 3755
- 3756
- 3757
- 3758
- 3759
- 3760
- 3761
- 3762
- 3763
- 3764
- 3765
- 3766
- 3767
- 3768
- 3769
- 3770
- 3771
- 3772
- 3773
- 3774
- 3775
- 3776
- 3777
- 3778
- 3779
- 3780
- 3781
- 3782
- 3783
- 3784
- 3785
- 3786
- 3787
- 3788
- 3789
- 3790
- 3791
- 3792
- 3793
- 3794
- 3795
- 3796
- 部署:
kubectl apply -f gitlab.yaml
kubectl get pvc -n public-service
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-mygitlab-postgresql-0 Bound gitlab-postgresql 8Gi RWO 20s
mygitlab-minio Bound gitlab-minio 10Gi RWO 25s
redis-data-mygitlab-redis-master-0 Bound gitlab-redis 8Gi RWO 20s
repo-data-mygitlab-gitaly-0 Bound gitlab-gitaly 50Gi RWO 21s
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
kubectl get svc -n public-service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE mygitlab-gitaly ClusterIP None <none> 8075/TCP,9236/TCP 57s mygitlab-gitlab-shell ClusterIP 10.111.199.214 <none> 22/TCP 57s mygitlab-minio-svc ClusterIP 10.109.13.155 <none> 9000/TCP 57s mygitlab-postgresql ClusterIP 10.98.45.20 <none> 5432/TCP 57s mygitlab-postgresql-headless ClusterIP None <none> 5432/TCP 57s mygitlab-redis-headless ClusterIP None <none> 6379/TCP 57s mygitlab-redis-master ClusterIP 10.97.147.208 <none> 6379/TCP 56s mygitlab-registry ClusterIP 10.98.35.216 <none> 5000/TCP 56s mygitlab-webservice ClusterIP 10.105.65.185 <none> 8080/TCP,8181/TCP 57s kubectl get pod -n public-service NAME READY STATUS RESTARTS AGE mygitlab-gitaly-0 1/1 Running 0 3m28s mygitlab-gitlab-shell-75d9f5bbcb-w6r8v 1/1 Running 0 3m30s mygitlab-gitlab-upgrade-check-4v69n 0/1 Completed 0 3m31s mygitlab-migrations-1-sgcw6 1/1 Running 0 3m31s mygitlab-minio-5d6769976b-9sgxb 1/1 Running 0 3m29s mygitlab-minio-create-buckets-1-bgpzc 0/1 Completed 0 3m31s mygitlab-postgresql-0 1/1 Running 0 3m27s mygitlab-redis-master-0 1/1 Running 0 3m27s mygitlab-registry-79bc9b5449-996z7 1/1 Running 0 3m28s mygitlab-registry-79bc9b5449-whjxz 1/1 Running 0 3m28s mygitlab-shared-secrets-1-7d3-n48pg 0/1 Completed 0 3m31s mygitlab-sidekiq-all-in-1-v1-6c9f9977b6-2xdrt 1/1 Running 0 3m30s mygitlab-task-runner-795fc84cd5-rmnm2 1/1 Running 0 3m29s mygitlab-webservice-64f7dd6968-8t7bd 2/2 Running 0 3m29s
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 访问:
kubectl get secrets -n public-service mygitlab-gitlab-initial-root-password -o yaml apiVersion: v1 data: password: WXh4VjhScmt1M0FRb3hRd2I5WjFteHVmZlVIV0V3clU0QWY5Y0FXTXFnMUx3Tk9ITm1NUEc4WlJ6YTdkMjhRNQ== kind: Secret metadata: creationTimestamp: "2020-10-14T10:39:28Z" labels: app: shared-secrets chart: shared-secrets-0.1.0 heritage: Helm release: mygitlab managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:password: {} f:metadata: f:labels: .: {} f:app: {} f:chart: {} f:heritage: {} f:release: {} f:type: {} manager: kubectl operation: Update time: "2020-10-14T10:39:29Z" name: mygitlab-gitlab-initial-root-password namespace: public-service resourceVersion: "333718" selfLink: /api/v1/namespaces/public-service/secrets/mygitlab-gitlab-initial-root-password uid: 578e667a-eeda-458f-809f-b4bf52f5f50c type: Opaque
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
echo 'WXh4VjhScmt1M0FRb3hRd2I5WjFteHVmZlVIV0V3clU0QWY5Y0FXTXFnMUx3Tk9ITm1NUEc4WlJ6YTdkMjhRNQ==' | base64 -d
YxxV8Rrku3AQoxQwb9Z1mxuffUHWEwrU4Af9cAWMqg1LwNOHNmMPG8ZRza7d28Q5
- 1
- 2
- 3
添加hosts:gitlab.lzxlinux.com,默认账号:root,密码:YxxV8Rrku3AQoxQwb9Z1mxuffUHWEwrU4Af9cAWMqg1LwNOHNmMPG8ZRza7d28Q5。
默认生成的密码比较难记,可以修改:
helm部署gitlab完成。已存放至个人github:kubernetes
声明:本文内容由网友自发贡献,转载请注明出处:【wpsshop博客】
推荐阅读
相关标签
