openshift-gitlab

部署Gitlab

  1. 创建gitlab项目
1
oc new-project gitlab
  1. 创建cicd serviceaccount
1
$ oc create serviceaccount cicd -n gitlab
  1. 导入Gitlab模板
1
2
wget https://gitee.com/xhua/OpenshiftOneClick/raw/3.11/openshift-templates/gitlab-template.yaml
oc create -f openshift-template.json -n openshift
  1. 创建持久化存储(如果没有pv的情况下)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
$ cat gitlab-pv.yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: PersistentVolume
  metadata:
    creationTimestamp: null
    name: gitlabdata-volume
  spec:
    accessModes:
    - ReadWriteMany
    capacity:
      storage: 50Gi
    claimRef:
      apiVersion: v1
      kind: PersistentVolumeClaim
      name: gitlab-data
      namespace: gitlab
    nfs:
      path: /mnt/gitlabdata
      server: 192.168.0.13
    persistentVolumeReclaimPolicy: Retain
  status: {}
- apiVersion: v1
  kind: PersistentVolume
  metadata:
    creationTimestamp: null
    name: gitlabpostgresql-volume
  spec:
    accessModes:
    - ReadWriteMany
    capacity:
      storage: 10Gi
    claimRef:
      apiVersion: v1
      kind: PersistentVolumeClaim
      name: gitlab-postgresql
      namespace: gitlab
    nfs:
      path: /mnt/gitlabpostgresql
      server: 192.168.0.13
    persistentVolumeReclaimPolicy: Retain
  status: {}
- apiVersion: v1
  kind: PersistentVolume
  metadata:
    creationTimestamp: null
    name: gitlabredisdata-volume
  spec:
    accessModes:
    - ReadWriteMany
    capacity:
      storage: 50Gi
    claimRef:
      apiVersion: v1
      kind: PersistentVolumeClaim
      name: gitlab-redis-data
      namespace: gitlab
    nfs:
      path: /mnt/gitlabredisdata
      server: 192.168.0.13
    persistentVolumeReclaimPolicy: Retain
  status: {}
- apiVersion: v1
  kind: PersistentVolume
  metadata:
    creationTimestamp: null
    name: gitlabetc-volume
  spec:
    accessModes:
    - ReadWriteMany
    capacity:
      storage: 50Gi
    claimRef:
      apiVersion: v1
      kind: PersistentVolumeClaim
      name: gitlab-etc
      namespace: gitlab
    nfs:
      path: /mnt/gitlabetc
      server: 192.168.0.13
    persistentVolumeReclaimPolicy: Retain
  status: {}
$ oc create gitlab-pv.yaml
  1. 给gitlab 容器使用root用户的权限
1
$  oc adm  policy add-scc-to-user anyuid -z cicd -n gitlab
  1. 在Openshift上创建gitlab应用

部署应用

设置gitlab安装配置(自定义)

自定义配置1

自定义配置2

  1. 通过访问Route访问gitlab
    在访问的机器上hosts文件中配置Router Host与Ip的对应
    用户名(root) 密码(根据自定义配置中设定)

GitLab访问

使用Nodeport让gitlab服务支持ssh访问

  • Openshift上的服务最常使用的是Route来对外提供服务。但是Route只支持Http协议,而对于Gitlab通过ssh访问的方式,得通过TCP协议。所以可以使用NodePort向外提供服务。
  1. 创建NodePort (30022->gitlab 22)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$ cat gitlab-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
  name: gitlab-nodeport
  namespace: gitlab
  labels:
    name: gitlab-nodeport
spec:
  type: NodePort
  ports:
    - port: 22
      nodePort: 30022
      name: ssh
  selector:
    app: gitlab-ce
    deploymentconfig: gitlab-ce
$ oc create -f gitlab-nodeport.yaml
  1. 将本机的公钥拷贝到gitlab网站的ssh key管理

导入客户端的公钥

3.客户端clone代码

1
2
3
git clone ssh://git@gitlab.apps.it.example.com:30022/root/test.git
# 或者
git clone ssh://git@192.168.1.x:30022/root/test.git ##192.168.1.x为集群中任意Node的ip

注意:因为Nodeport使用的不是ssh默认的22端口,在clone时必须在前缀使用ssh://,同时在git服务后添加:NodePort端口号
4. 结果展示

1
2
3
4
5
6
7
[root@gitlab ~]# git clone ssh://git@gitlab.apps.it.example.com:30022/root/test.git
Cloning into 'test'...
Warning: Permanently added '[gitlab.apps.it.example.com]:30022,[192.168.1.3]:30022' (ECDSA) to the list of known hosts.
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 12 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (12/12), done.

参考资源

https://docs.gitlab.com/ee/install/openshift_and_gitlab/index.html