kubernetes实战(十四):k8s持久化部署gitlab集成openLDAP登录

1、基本概念

  使用k8s安装gitlab-ce,采用GlusterFS实现持久化,并集成了openLDAP。

  注意:我公司使用的gitlab是独立于k8s集群之外的。

2、安装部署

  最一开始使用的是helm安装gitlab,网上的文档应该全部都是使用的这个chart:https://github.com/helm/charts/tree/master/stable/gitlab-ce

  但是这个chart已经被弃用,并推荐我们使用官方的chart

  官方chart:https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html

  我在使用官方chart部署完成以后,发现启动的容器太多,就放弃了这个方式,使用yaml文件部署。

  下载yaml文件:

git clone https://github.com/dotbalo/k8s.git
[[email protected] gitlab]# pwd
/root/k8s/gitlab
[[email protected]-master01 gitlab]# ls
gitlab-rc.yml  gitlab-svc.yml  postgresql-rc.yml  postgresql-svc.yml  redis-rc.yml  redis-svc.yml...

  修改对应的配置:

  主要修改每个rc的namespace,使用的持久化存储方式(当前yaml使用的GFS动态存储)

  修改gitlab-rc.yml里面的env,对应的LDAP信息和SMTP信息等

  修改traefik的域名

  创建gitlab

[[email protected] gitlab]# kubectl apply -f .
[[email protected] gitlab]# kubectl get po,svc,pvc -n public-service
NAME                   READY     STATUS    RESTARTS   AGE
pod/gitlab-cctr6       1/1       Running   2          37m
pod/postgresql-c6trh   1/1       Running   1          37m
pod/redis-b6vfk        1/1       Running   0          3h

NAME                                      TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                     AGE
service/gitlab                            ClusterIP   10.109.163.143   <none>        80/TCP,22/TCP               24m
service/gitlab-balancer                   NodePort    10.108.77.162    <none>        80:30049/TCP,22:30347/TCP   14m
service/glusterfs-dynamic-gitlab-gitlab   ClusterIP   10.102.192.68    <none>        1/TCP                       59m
service/glusterfs-dynamic-gitlab-pg       ClusterIP   10.96.14.147     <none>        1/TCP                       37m
service/glusterfs-dynamic-gitlab-redis    ClusterIP   10.106.253.41    <none>        1/TCP                       1h
service/postgresql                        ClusterIP   10.104.102.20    <none>        5432/TCP                    3h
service/redis                             ClusterIP   10.97.174.50     <none>        6379/TCP                    3h

NAME                                  STATUS    VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS     AGE
persistentvolumeclaim/gitlab-gitlab   Bound     pvc-b8249829-f6bf-11e8-9640-000c298bf023   5Gi        RWX            gluster-heketi   59m
persistentvolumeclaim/gitlab-pg       Bound     pvc-b40b6227-f6c2-11e8-9640-000c298bf023   5Gi        RWX            gluster-heketi   37m
persistentvolumeclaim/gitlab-redis    Bound     pvc-28d0276d-f6af-11e8-8d2c-000c293bfe27   3Gi        RWX            gluster-heketi   2h

  等待全部pods启动成功后,访问gitlab,报错解决

3、访问

  默认账号密码:root/gitlab

  语言更改,注意:此时翻译是实验性的,更改后需要重新登录

  使用LDAP登录,均使用邮箱登录

  参考文档:https://github.com/sameersbn/docker-gitlab

4、创建项目

  我公司一个项目下有很多子项目,所以首先创建一个群组:

  创建项目

  添加README

  添加用户权限

  登录至该用户可查看到此项目

  添加SSH Key

  如果没有Key需要使用ssh-keygen -t rsa -C "[email protected]"生成对应的Key。

 5、拉取项目

  创建分支

  克隆代码,注意此时需要更改git的地址,因为ssh端口并非22,可以通过service查看nodeport的端口

λ git clone ssh://[email protected]:32455/platform/app1.git
Cloning into ‘app1‘...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
Checking connectivity... done.

D:\code
λ cd app1
D:\code\app1 (master)
λ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/app1-develop
  remotes/origin/master

D:\code\app1 (master)
λ git checkout app1-develop
Branch app1-develop set up to track remote branch app1-develop from origin.
Switched to a new branch ‘app1-develop‘

D:\code\app1 (app1-develop)
λ touch.exe testfile

D:\code\app1 (app1-develop)
λ git add .

D:\code\app1 (app1-develop)
λ git commit -am "create a test file"
[app1-develop 9050e35] create a test file
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 testfile

D:\code\app1 (app1-develop)
λ git push origin app1-develop
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 278 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for app1-develop, visit:
remote:   http://gitlab.xxx.net/platform/app1/merge_requests/new?merge_request%5Bsource_branch%5D=app1-develop remote:
To ssh://[email protected]:32455/platform/app1.git
   0a63d86..9050e35  app1-develop -> app1-develop

  查看文件

  协同开发,同样方式将其他用户加入此项目

  克隆代码,并修改文件

[[email protected] ~]# git clone ssh://[email protected]:32455/platform/app1.git
Cloning into ‘app1‘...
The authenticity of host ‘[gitlab.xxx.net]:32455 ([192.168.20.10]:32455)‘ can‘t be established.
ECDSA key fingerprint is SHA256:l6BYlMWpAWyXx/f5oTG8lK4JQvG9C2ZZ9opqdQZfIuc.
ECDSA key fingerprint is MD5:5b:b4:04:68:26:53:2e:ba:fe:f8:99:6c:8f:d3:fa:51.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[gitlab.xxx.net]:32455,[192.168.20.10]:32455‘ (ECDSA) to the list of known hosts.
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
[[email protected]-node02 ~]# cd app1/
[[email protected]-node02 app1]# ls
README.md
[[email protected]-node02 app1]# git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/app1-develop
  remotes/origin/master
[[email protected]-node02 app1]# git checkout app1-develop
Branch app1-develop set up to track remote branch app1-develop from origin.
Switched to a new branch ‘app1-develop‘
[[email protected]-node02 app1]# ls
README.md  testfile
[[email protected]-node02 app1]# echo "add something" >> testfile
[[email protected]-node02 app1]# git add .
[[email protected]-node02 app1]# git commit -am "add someting to testfile"
[app1-develop 69d693c] add someting to testfile
 1 file changed, 1 insertion(+)
[[email protected]-node02 app1]# git push origin app1-develop
Counting objects: 5, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 305 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for app1-develop, visit:
remote:   http://gitlab.xxx.net/platform/app1/merge_requests/new?merge_request%5Bsource_branch%5D=app1-develop
remote:
To ssh://[email protected]:32455/platform/app1.git
   9050e35..69d693c  app1-develop -> app1-develop

原文地址:https://www.cnblogs.com/dukuan/p/10036489.html

时间: 2024-10-03 10:22:46

kubernetes实战(十四):k8s持久化部署gitlab集成openLDAP登录的相关文章

Kubernetes(十四)部署K8S内部DNS服务

官网链接   https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns 用途:为service提供dns解析,部署后可以通过service名称访问该service,service会转发到pod,如果不部署dns,可以通过service的IP访问,但是耦合性较高: 查看service kubectl get svc 输出以下内容: NAME TYPE CLUSTER-IP EXTERNAL-IP

二进制安装kubernetes v1.11.2 (第十四章 kube-proxy部署)

继续前一章的部署. 部署 kube-proxy 组件 14.1 下载和分发二进制文件,参考 第三章 分发到各节点 source /opt/k8s/bin/environment.sh for node_name in ${NODE_NAMES[@]} do echo ">>> ${node_name}" scp k8s/v1.11.2/server/kubernetes/server/bin/{kube-proxy,kubelet} [email protected]

kubernetes实战(十六):k8s高可用集群平滑升级 v1.11.x 到v1.12.x

1.基本概念 升级之后所有的containers会重启,因为hash值会变. 不可跨版本升级. 2.升级Master节点 当前版本 [[email protected] ~]# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.1", GitCommit:"b1b29978270dc22fecc592ac

kubernetes实战(十一):k8s使用openLDAP统一认证

1.基本概念 为了方便管理和集成jenkins,k8s.harbor.jenkins均使用openLDAP统一认证. 2.部署openLDAP 根据之前的文档,openLDAP使用GFS进行数据持久化. 下载对应的openLDAP文件 git clone https://github.com/dotbalo/k8s.git cd k8s/openldap 创建openLDAP [[email protected] openldap]# kubectl apply -f . deployment.

kubernetes实战(九):k8s集群动态存储管理GlusterFS及容器化GlusterFS扩容

1.准备工作 所有节点安装GFS客户端 yum install glusterfs glusterfs-fuse -y 如果不是所有节点要部署GFS管理服务,就在需要部署的节点上打上标签 [[email protected] ~]# kubectl label node k8s-node01 storagenode=glusterfs node/k8s-node01 labeled [[email protected]-master01 ~]# kubectl label node k8s-no

四 k8s里面部署java项目

一 创建nfs(maste节点操作,两个node节点也需要安装) 1 首先安装一个nfs服务器,配置共享目录, [[email protected] ~]$ cat /etc/exports /home/yx/hnf *(rw,no_root_squash) 然后启动nfs 2 然后在master上面创建一个nfs pv的动态供给,需要三个文件class.yaml deployment.yaml rbac.yaml 这三个文件去网上下载 https://github.com/kubernetes

十四. k8s资源需求和限制, 以及pod驱逐策略

目录 容器的资源需求和资源限制 QoS Classes分类 Guaranteed Burstable Best-Effort kubernetes之node资源紧缺时pod驱逐机制 Qos Class优先级排名 可压缩资源与不可压缩资源 存储资源不足 举例 内存资源不足 举例 Node OOM (Out Of Memory) 总结 参考链接 容器的资源需求和资源限制 requests:需求,最低保障, 保证被调度的节点上至少有的资源配额 limits:限制,硬限制, 容器可以分配到的最大资源配额

Node.js 切近实战(十二) 之Linux部署

之前的话我们的项目都是跑在windows上,今天我们要将我们的程序跑到linxu机器上.在看linux部署之前,我们先看一下node.js类似于asp.net mvc的过滤器或者叫拦截器.在app.js中我们加入如下代码 var beforeRequest = function (req, res, next) {     if (req.originalUrl == '/'          || req.originalUrl == '/login'          || req.orig

从Exchange 通往Office 365系列(十四)配置部署边缘传输服务器

    接下来我们完成边缘传输服务器的部署和配置,边缘传输服务器的作用一般是反垃圾邮件,虽然一般企业的反垃圾邮件都是用的第三方的产品,微软也一度在Exchange 2013推出时去掉了边缘传输这个角色,不过在之后的更新中边缘传输的角色又回来了,我们来看一下边缘传输角色在Exchange 2013中部署和配置,其实这和Exchange 2010的边缘传输并没有太大区别 PS:部署边缘传输服务器需要注意的是 1.边缘服务器不要加域 2.放在DMZ区 3.添加域名DNS后缀 4.添加边缘传输服务器的A