GitLab 설치

개요

기존에 CI 툴로 Jenkins를 주로 사용했었는데 이번에 GitLab Runner를 사용해보고 싶어 GitLab을 먼저 설치를 진행. kind에서 설치했던 Helm Chart를 가지고 VKE에 설치해야겠다.

---

GitLab 설치

GitLab Helm Chart (7.0.4)

Helm Repo 추가하기

GitLab Helm Repo를 추가 후 업데이트 진행하기.

$ helm repo add gitlab https://charts.gitlab.io/
$ helm repo update

특정 버전의 Helm Chart 받기.

$ helm pull gitlab/gitlab --version 7.0.4
$ tar xvfz gitlab-7.0.4.tgz
$ vi gitlab-7.0.4/values.yaml

gitlab-values.yaml 파일 생성 및 설치하기. (disabled - HPA, Registry)

• gitlab-values.yaml
• ## NOTICE # # Due to the scope and complexity of this chart, all possible values are # not documented in this file. Extensive documentation is available. # # Please read the docs: https://docs.gitlab.com/charts/ # # Because properties are regularly added, updated, or relocated, it is # _strongly suggest_ to not "copy and paste" this YAML. Please provide # Helm only those properties you need, and allow the defaults to be # provided by the version of this chart at the time of deployment. ## Advanced Configuration ## https://docs.gitlab.com/charts/advanced # # Documentation for advanced configuration, such as # - External PostgreSQL # - External Gitaly # - External Redis # - External NGINX # - External Object Storage providers # - PersistentVolume configuration ## The global properties are used to configure multiple charts at once. ## https://docs.gitlab.com/charts/charts/globals global: common: labels: {} image: {} # pullPolicy: IfNotPresent # pullSecrets: [] # tagSuffix: "" ## Supplemental Pod labels. Will not be used for selectors. pod: labels: {} ## https://docs.gitlab.com/charts/installation/deployment#deploy-the-community-edition edition: ce ## https://docs.gitlab.com/charts/charts/globals#gitlab-version gitlabVersion: "16.0.4" ## https://docs.gitlab.com/charts/charts/globals#application-resource application: create: false links: [] allowClusterRoles: true ## https://docs.gitlab.com/charts/charts/globals#configure-host-settings hosts: domain: journalctl-xe.com hostSuffix: https: true externalIP: ssh: ~ gitlab: name: gitlab.journalctl-xe.com minio: {} registry: {} tls: {} smartcard: {} kas: {} pages: {} ## https://docs.gitlab.com/charts/charts/globals#configure-ingress-settings ingress: apiVersion: "" configureCertmanager: false provider: nginx class: nginx annotations: cert-manager.io/acme-challenge-type: http01 cert-manager.io/cluster-issuer: letsencrypt-prod enabled: true tls: enabled: true secretName: tls-journalctl-xe-gitlab # enabled: true # secretName: path: / pathType: Prefix # Override the API version to use for HorizontalPodAutoscaler hpa: apiVersion: "" # Override the API version to use for PodDisruptionBudget pdb: apiVersion: "" # Override the API version to use for CronJob batch: cronJob: apiVersion: "" gitlab: ## Enterprise license for this GitLab installation ## Secret created according to https://docs.gitlab.com/charts/installation/secrets#initial-enterprise-license ## If allowing shared-secrets generation, this is OPTIONAL. license: {} # secret: RELEASE-gitlab-license # key: license ## Initial root password for this GitLab installation ## Secret created according to https://docs.gitlab.com/charts/installation/secrets#initial-root-password ## If allowing shared-secrets generation, this is OPTIONAL. initialRootPassword: {} # secret: RELEASE-gitlab-initial-root-password # key: password ## https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings psql: connectTimeout: keepalives: keepalivesIdle: keepalivesInterval: keepalivesCount: tcpUserTimeout: password: {} # useSecret: # secret: # key: # file: # host: postgresql.hostedsomewhere.else # port: 123 # username: gitlab # database: gitlabhq_production # applicationName: # preparedStatements: false # databaseTasks: true ## https://docs.gitlab.com/charts/charts/globals#configure-redis-settings redis: auth: enabled: true # secret: # key: # host: redis.hostedsomewhere.else # port: 6379 # user: webservice # sentinels: # - host: # port: ## https://docs.gitlab.com/charts/charts/globals#configure-gitaly-settings gitaly: enabled: true authToken: {} # secret: # key: # serviceName: internal: names: [default] external: [] service: name: gitaly type: ClusterIP externalPort: 8075 internalPort: 8075 tls: externalPort: 8076 internalPort: 8076 tls: enabled: false # secretName: praefect: enabled: false ntpHost: pool.ntp.org replaceInternalGitaly: true authToken: {} autoMigrate: true dbSecret: {} virtualStorages: - name: default gitalyReplicas: 3 maxUnavailable: 1 psql: sslMode: disable # serviceName: service: name: praefect type: ClusterIP externalPort: 8075 internalPort: 8075 tls: externalPort: 8076 internalPort: 8076 tls: enabled: false # secretName: ## https://docs.gitlab.com/charts/charts/globals#configure-minio-settings minio: persistence: size: 40Gi enabled: true credentials: {} # secret: ## https://docs.gitlab.com/charts/charts/globals#configure-appconfig-settings ## Rails based portions of this chart share many settings appConfig: ## https://docs.gitlab.com/charts/charts/globals#general-application-settings # cdnHost: enableUsagePing: true enableSeatLink: true enableImpersonation: applicationSettingsCacheSeconds: 60 usernameChangingEnabled: true issueClosingPattern: defaultTheme: defaultProjectsFeatures: issues: true mergeRequests: true wiki: true snippets: true builds: true webhookTimeout: maxRequestDurationSeconds: ## https://docs.gitlab.com/charts/charts/globals#cron-jobs-related-settings cron_jobs: {} ## Flag stuck CI builds as failed # stuck_ci_jobs_worker: # cron: "0 * * * *" ## Schedule pipelines in the near future # pipeline_schedule_worker: # cron: "19 * * * *" ## Remove expired build artifacts # expire_build_artifacts_worker: # cron: "*/7 * * * *" ## Periodically run 'git fsck' on all repositories. # repository_check_worker: # cron: "20 * * * *" ## Send admin emails once a week # admin_email_worker: # cron: "0 0 * * 0" ## Remove outdated repository archives # repository_archive_cache_worker: # cron: "0 * * * *" ## Verify custom GitLab Pages domains # pages_domain_verification_cron_worker: # cron: "*/15 * * * *" # schedule_migrate_external_diffs_worker: # cron: "15 * * * *" ## Prune stale group runners on opted-in namespaces # ci_runners_stale_group_runners_prune_worker_cron: # cron: "30 * * * *" ## Periodically update ci_runner_versions table with up-to-date versions and status # ci_runner_versions_reconciliation_worker: # cron: "@daily" ## Periodically clean up stale ci_runner_machines records # ci_runners_stale_machines_cleanup_worker: # cron: "36 4 * * *" ### GitLab Geo # Geo Primary only! # geo_prune_event_log_worker: # cron: "*/5 * * * *" ## GitLab Geo repository sync worker # geo_repository_sync_worker: # cron: "*/5 * * * *" ## GitLab Geo file download dispatch worker # geo_file_download_dispatch_worker: # cron: "*/10 * * * *" ## GitLab Geo repository verification primary batch worker # geo_repository_verification_primary_batch_worker: # cron: "*/5 * * * *" ## GitLab Geo repository verification secondary scheduler worker # geo_repository_verification_secondary_scheduler_worker: # cron: "*/5 * * * *" ## GitLab Geo migrated local files clean up worker # geo_migrated_local_files_clean_up_worker: # cron: "15 */6 * * *" ### LDAP # ldap_sync_worker: # cron: "30 1 * * *" # ldap_group_sync_worker: # cron: "0 * * * *" ### Snapshot active user statistics # historical_data_worker: # cron: "0 12 * * *" # loose_foreign_keys_cleanup_worker_cron: # cron: "*/5 * * * *" ## https://docs.gitlab.com/charts/charts/globals#content-security-policy contentSecurityPolicy: enabled: false report_only: true # directives: {} ## https://docs.gitlab.com/charts/charts/globals#gravatarlibravatar-settings gravatar: plainUrl: sslUrl: ## https://docs.gitlab.com/charts/charts/globals#hooking-analytics-services-to-the-gitlab-instance extra: googleAnalyticsId: matomoUrl: matomoSiteId: matomoDisableCookies: oneTrustId: googleTagManagerNonceId: bizible: ## https://docs.gitlab.com/charts/charts/globals#lfs-artifacts-uploads-packages-external-mr-diffs-and-dependency-proxy object_store: enabled: false proxy_download: true storage_options: {} # server_side_encryption: # server_side_encryption_kms_key_id connection: {} # secret: # key: lfs: enabled: true proxy_download: true bucket: git-lfs connection: {} # secret: # key: artifacts: enabled: true proxy_download: true bucket: gitlab-artifacts connection: {} # secret: # key: uploads: enabled: true proxy_download: true bucket: gitlab-uploads connection: {} # secret: # key: packages: enabled: true proxy_download: true bucket: gitlab-packages connection: {} externalDiffs: enabled: false when: proxy_download: true bucket: gitlab-mr-diffs connection: {} terraformState: enabled: false bucket: gitlab-terraform-state connection: {} ciSecureFiles: enabled: false bucket: gitlab-ci-secure-files connection: {} dependencyProxy: enabled: false proxy_download: true bucket: gitlab-dependency-proxy connection: {} backups: bucket: gitlab-backups tmpBucket: tmp ## https://docs.gitlab.com/charts/charts/globals#outgoing-email ## Microsoft Graph Mailer settings microsoft_graph_mailer: enabled: false user_id: "" tenant: "" client_id: "" client_secret: secret: "" key: secret azure_ad_endpoint: "https://login.microsoftonline.com" graph_endpoint: "https://graph.microsoft.com" ## https://docs.gitlab.com/charts/installation/command-line-options.html#incoming-email-configuration ## https://docs.gitlab.com/charts/charts/gitlab/mailroom/index.html#incoming-email incomingEmail: enabled: false address: "" host: "imap.gmail.com" port: 993 ssl: true startTls: false user: "" password: secret: "" key: password deleteAfterDelivery: true expungeDeleted: false logger: logPath: "/dev/stdout" mailbox: inbox idleTimeout: 60 inboxMethod: "imap" clientSecret: key: secret pollInterval: 60 deliveryMethod: webhook authToken: {} # secret: # key: ## https://docs.gitlab.com/charts/charts/gitlab/mailroom/index.html#service-desk-email serviceDeskEmail: enabled: false address: "" host: "imap.gmail.com" port: 993 ssl: true startTls: false user: "" password: secret: "" key: password deleteAfterDelivery: true expungeDeleted: false logger: logPath: "/dev/stdout" mailbox: inbox idleTimeout: 60 inboxMethod: "imap" clientSecret: key: secret pollInterval: 60 deliveryMethod: webhook authToken: {} # secret: # key: ## https://docs.gitlab.com/charts/charts/globals#ldap ldap: # prevent the use of LDAP for sign-in via web. preventSignin: false servers: {} ## See documentation for complete example of a configured LDAP server duoAuth: enabled: false # hostname: # integrationKey: # secretKey: # secret: # key: ## https://docs.gitlab.com/charts/charts/globals#kas-settings gitlab_kas: {} # secret: # key: # enabled: # externalUrl: # internalUrl: ## https://docs.gitlab.com/charts/charts/globals#suggested-reviewers-settings suggested_reviewers: {} # secret: # key: ## https://docs.gitlab.com/charts/charts/globals#omniauth omniauth: enabled: false autoSignInWithProvider: syncProfileFromProvider: [] syncProfileAttributes: [email] allowSingleSignOn: [saml] blockAutoCreatedUsers: true autoLinkLdapUser: false autoLinkSamlUser: false autoLinkUser: [] externalProviders: [] allowBypassTwoFactor: [] providers: [] # - secret: gitlab-google-oauth2 # key: provider ## https://docs.gitlab.com/charts/charts/globals#kerberos kerberos: enabled: false keytab: # secret: key: keytab servicePrincipalName: "" krb5Config: "" dedicatedPort: enabled: false port: 8443 https: true simpleLdapLinkingAllowedRealms: [] ## https://docs.gitlab.com/charts/charts/globals#configure-appconfig-settings sentry: enabled: false dsn: clientside_dsn: environment: gitlab_docs: enabled: false host: "" smartcard: enabled: false CASecret: clientCertificateRequiredHost: sanExtensions: false requiredForGitAccess: false sidekiq: routingRules: [] # Config that only applies to the defaults on initial install initialDefaults: {} # signupEnabled: ## End of global.appConfig oauth: gitlab-pages: {} # secret: # appIdKey: # appSecretKey: # redirectUri: # authScope: ## https://docs.gitlab.com/charts/advanced/geo/ geo: enabled: false # Valid values: primary, secondary role: primary ## Geo Secondary only # nodeName allows multiple instances behind a load balancer. nodeName: # defaults to `gitlab.gitlab.host` # PostgreSQL connection details only needed for `secondary` psql: password: {} # secret: # key: # host: postgresql.hostedsomewhere.else # port: 123 # username: gitlab_replicator # database: gitlabhq_geo_production # ssl: # secret: # clientKey: # clientCertificate: # serverCA: registry: replication: enabled: false primaryApiUrl: ## Consumes global.registry.notificationSecret ## https://docs.gitlab.com/charts/charts/gitlab/kas/ kas: enabled: true service: apiExternalPort: 8153 # port for connections from the GitLab backend tls: enabled: false verify: true # secretName: # caSecretName: ## https://docs.gitlab.com/charts/charts/gitlab/spamcheck/ spamcheck: enabled: false ## https://docs.gitlab.com/charts/charts/globals#configure-gitlab-shell shell: authToken: {} # secret: # key: hostKeys: {} # secret: ## https://docs.gitlab.com/charts/charts/globals#tcp-proxy-protocol tcp: proxyProtocol: false ## Rails application secrets ## Secret created according to https://docs.gitlab.com/charts/installation/secrets#gitlab-rails-secret ## If allowing shared-secrets generation, this is OPTIONAL. railsSecrets: {} # secret: ## Rails generic setting, applicable to all Rails-based containers rails: bootsnap: # Enable / disable Shopify/Bootsnap cache enabled: true ## https://docs.gitlab.com/charts/charts/globals#configure-registry-settings registry: bucket: registry certificate: {} # secret: httpSecret: {} # secret: # key: notificationSecret: {} # secret: # key: tls: enabled: false # secretName: redis: cache: password: {} # https://docs.docker.com/registry/notifications/#configuration notifications: {} # endpoints: # - name: FooListener # url: https://foolistener.com/event # timeout: 500ms # threshold: 10 # backoff: 1s # headers: # FooBar: ['1', '2'] # Authorization: # secret: gitlab-registry-authorization-header # SpecificPassword: # secret: gitlab-registry-specific-password # key: password # events: {} # Settings utilized by other services referencing registry: enabled: false host: # port: 443 api: protocol: http serviceName: registry port: 5000 tokenIssuer: gitlab-issuer pages: enabled: false accessControl: false path: host: port: https: # default true externalHttp: [] externalHttps: [] artifactsServer: true localStore: enabled: false # path: /srv/gitlab/shared/pages objectStore: enabled: true bucket: gitlab-pages # proxy_download: true connection: {} # secret: # key: apiSecret: {} # secret: # key: authSecret: {} # secret: # key: ## GitLab Runner ## Secret created according to https://docs.gitlab.com/charts/installation/secrets#gitlab-runner-secret ## If allowing shared-secrets generation, this is OPTIONAL. runner: registrationToken: {} # secret: ## https://docs.gitlab.com/charts/charts/globals#outgoing-email ## Outgoing email server settings smtp: enabled: false address: smtp.mailgun.org port: 2525 user_name: "" ## https://docs.gitlab.com/charts/installation/secrets#smtp-password password: secret: "" key: password # domain: authentication: "plain" starttls_auto: false openssl_verify_mode: "peer" open_timeout: 30 read_timeout: 60 pool: false ## https://docs.gitlab.com/charts/charts/globals#outgoing-email ## Email persona used in email sent by GitLab email: from: "" display_name: GitLab reply_to: "" subject_suffix: "" smime: enabled: false secretName: "" keyName: "tls.key" certName: "tls.crt" ## Timezone for containers. time_zone: UTC ## Global Service Annotations and Labels service: labels: {} annotations: {} ## Global Deployment Annotations deployment: annotations: {} antiAffinity: soft affinity: podAntiAffinity: topologyKey: "kubernetes.io/hostname" # Priority class assigned to pods, may be overridden for individual components # https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ priorityClassName: "" ## https://docs.gitlab.com/charts/charts/globals#configure-workhorse-settings ## Global settings related to Workhorse workhorse: serviceName: webservice-default # scheme: # host: # port: ## https://docs.gitlab.com/charts/installation/secrets#gitlab-workhorse-secret # secret: # key: tls: enabled: false ## https://docs.gitlab.com/charts/charts/globals#configure-webservice webservice: workerTimeout: 60 ## https://docs.gitlab.com/charts/charts/globals#custom-certificate-authorities # configuration of certificates container & custom CA injection certificates: image: repository: registry.gitlab.com/gitlab-org/build/cng/certificates # Default tag is `master`, overridable by `global.gitlabVersion`. # tag: master # pullPolicy: IfNotPresent # pullSecrets: [] customCAs: [] # - secret: custom-CA # - secret: more-custom-CAs # keys: # - custom-ca-1.crt # - configMap: custom-CA-cm # - configMap: more-custom-CAs-cm # keys: # - custom-ca-2.crt # - custom-ca-3.crt ## kubectl image used by hooks to carry out specific jobs kubectl: image: repository: registry.gitlab.com/gitlab-org/build/cng/kubectl # Default tag is `master`, overridable by `global.gitlabVersion`. # tag: master # pullPolicy: IfNotPresent # pullSecrets: [] securityContext: # in most base images, this is `nobody:nogroup` runAsUser: 65534 fsGroup: 65534 busybox: image: repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox # tag: latest # pullPolicy: IfNotPresent # pullSecrets: [] ## https://docs.gitlab.com/charts/charts/globals#service-accounts serviceAccount: enabled: false create: true annotations: {} ## Name to be used for serviceAccount, otherwise defaults to chart fullname # name: ## https://docs.gitlab.com/charts/charts/globals/#tracing tracing: connection: string: "" urlTemplate: "" ## https://docs.gitlab.com/charts/charts/globals extraEnv: {} # SOME_KEY: some_value # SOME_OTHER_KEY: some_other_value ## https://docs.gitlab.com/charts/charts/globals extraEnvFrom: {} # MY_NODE_NAME: # fieldRef: # fieldPath: spec.nodeName # MY_CPU_REQUEST: # resourceFieldRef: # containerName: test-container # resource: requests.cpu # SECRET_THING: # secretKeyRef: # name: special-secret # key: special_token # # optional: boolean # CONFIG_STRING: # configMapKeyRef: # name: useful-config # key: some-string # # optional: boolean ## End of global upgradeCheck: enabled: true image: {} # repository: # tag: # pullPolicy: IfNotPresent # pullSecrets: [] securityContext: # in alpine/debian/busybox based images, this is `nobody:nogroup` runAsUser: 65534 fsGroup: 65534 tolerations: [] annotations: {} configMapAnnotations: {} resources: requests: cpu: 50m priorityClassName: "" ## Settings to for the Let's Encrypt ACME Issuer certmanager-issuer: email: dltkdrnd123@gmail.com # # The email address to register certificates requested from Let's Encrypt. # # Required if using Let's Encrypt. # email: email@example.com ## Installation & configuration of jetstack/cert-manager ## See requirements.yaml for current version certmanager: installCRDs: false nameOverride: certmanager # Install cert-manager chart. Set to false if you already have cert-manager # installed or if you are not using cert-manager. install: false # Other cert-manager configurations from upstream # See https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/README#configuration rbac: create: false ## https://docs.gitlab.com/charts/charts/nginx/ ## https://docs.gitlab.com/charts/architecture/decisions#nginx-ingress ## Installation & configuration of charts/ingress-nginx: nginx-ingress: enabled: false tcpExternalConfig: "true" controller: addHeaders: Referrer-Policy: strict-origin-when-cross-origin config: annotation-value-word-blocklist: "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"" hsts: "true" hsts-include-subdomains: "false" hsts-max-age: "63072000" server-name-hash-bucket-size: "256" use-http2: "true" ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" ssl-protocols: "TLSv1.3 TLSv1.2" server-tokens: "false" # Configure smaller defaults for upstream-keepalive-*, see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration upstream-keepalive-connections: 100 # Limit of 100 held-open connections upstream-keepalive-time: 30s # 30 second limit for connection reuse upstream-keepalive-timeout: 5 # 5 second timeout to hold open idle connections upstream-keepalive-requests: 1000 # 1000 requests per connection, before recycling service: externalTrafficPolicy: "Local" ingressClassByName: false ingressClassResource: name: '{{ include "ingress.class.name" $ | quote }}' resources: requests: cpu: 100m memory: 100Mi publishService: enabled: true replicaCount: 2 minAvailable: 1 scope: enabled: true metrics: enabled: true service: annotations: gitlab.com/prometheus_scrape: "true" gitlab.com/prometheus_port: "10254" prometheus.io/scrape: "true" prometheus.io/port: "10254" admissionWebhooks: enabled: false defaultBackend: resources: requests: cpu: 5m memory: 5Mi rbac: create: true # Needed for k8s 1.20 and 1.21 # https://github.com/kubernetes/ingress-nginx/issues/7510 # https://github.com/kubernetes/ingress-nginx/issues/7519 scope: false serviceAccount: create: true ## Installation & configuration of stable/prometheus ## See requirements.yaml for current version prometheus: install: false rbac: create: true alertmanager: enabled: false alertmanagerFiles: alertmanager.yml: {} kubeStateMetrics: enabled: false nodeExporter: enabled: false pushgateway: enabled: false server: retention: 15d strategy: type: Recreate image: tag: v2.38.0 serverFiles: prometheus.yml: scrape_configs: - job_name: prometheus static_configs: - targets: - localhost:9090 - job_name: kubernetes-apiservers kubernetes_sd_configs: - role: endpoints scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - source_labels: [ __meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name, ] action: keep regex: default;kubernetes;https - job_name: kubernetes-pods kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scheme] action: replace regex: (https?) target_label: __scheme__ - source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [ __address__, __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port, ] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name - job_name: kubernetes-service-endpoints kubernetes_sd_configs: - role: endpoints relabel_configs: - action: keep regex: true source_labels: - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape - action: replace regex: (https?) source_labels: - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme target_label: __scheme__ - action: replace regex: (.+) source_labels: - __meta_kubernetes_service_annotation_gitlab_com_prometheus_path target_label: __metrics_path__ - action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 source_labels: - __address__ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_port target_label: __address__ - action: labelmap regex: __meta_kubernetes_service_label_(.+) - action: replace source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - action: replace source_labels: - __meta_kubernetes_service_name target_label: kubernetes_name - action: replace source_labels: - __meta_kubernetes_pod_node_name target_label: kubernetes_node - job_name: kubernetes-services metrics_path: /probe params: module: [http_2xx] kubernetes_sd_configs: - role: service relabel_configs: - source_labels: [ __meta_kubernetes_service_annotation_gitlab_com_prometheus_probe, ] action: keep regex: true - source_labels: [__address__] target_label: __param_target - target_label: __address__ replacement: blackbox - source_labels: [__param_target] target_label: instance - action: labelmap regex: __meta_kubernetes_service_label_(.+) - source_labels: [__meta_kubernetes_namespace] target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_service_name] target_label: kubernetes_name ## Configuration of Redis ## https://docs.gitlab.com/charts/architecture/decisions#redis ## https://docs.gitlab.com/charts/installation/deployment.html#redis redis: install: true master: persistence: size: 40Gi auth: existingSecret: gitlab-redis-secret existingSecretKey: redis-password usePasswordFiles: true architecture: standalone cluster: enabled: false metrics: enabled: true ## Installation & configuration of stable/prostgresql ## See requirements.yaml for current version postgresql: install: true auth: ## These need to be set, for the sake of bitnami/postgresql upgrade patterns. ## They are overridden by use of `existingSecret` password: bogus-satisfy-upgrade postgresPassword: bogus-satisfy-upgrade ## usePasswordFiles: false existingSecret: '{{ include "gitlab.psql.password.secret" . }}' secretKeys: adminPasswordKey: postgresql-postgres-password userPasswordKey: '{{ include "gitlab.psql.password.key" $ }}' image: tag: 14.8.0 primary: persistence: size: 40Gi initdb: scriptsConfigMap: '{{ include "gitlab.psql.initdbscripts" $}}' extraVolumeMounts: - name: custom-init-scripts mountPath: /docker-entrypoint-preinitdb.d/init_revision.sh subPath: init_revision.sh podAnnotations: postgresql.gitlab/init-revision: "1" metrics: enabled: false service: annotations: prometheus.io/scrape: "true" prometheus.io/port: "9187" gitlab.com/prometheus_scrape: "true" gitlab.com/prometheus_port: "9187" ## Optionally define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file ## Installation & configuration charts/registry ## https://docs.gitlab.com/charts/architecture/decisions#registry ## https://docs.gitlab.com/charts/charts/registry/ registry: enabled: false hpa: minReplicas: 1 maxReplicas: 1 ## Automatic shared secret generation ## https://docs.gitlab.com/charts/installation/secrets ## https://docs.gitlab.com/charts/charts/shared-secrets.html shared-secrets: enabled: true rbac: create: true selfsign: image: # pullPolicy: IfNotPresent # pullSecrets: [] repository: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign # Default tag is `master`, overridable by `global.gitlabVersion`. # tag: master keyAlgorithm: "rsa" keySize: "4096" expiry: "3650d" caSubject: "GitLab Helm Chart" env: production serviceAccount: enabled: true create: true name: # Specify a pre-existing ServiceAccount name resources: requests: cpu: 50m securityContext: # in debian/alpine based images, this is `nobody:nogroup` runAsUser: 65534 fsGroup: 65534 tolerations: [] podLabels: {} annotations: {} ## Installation & configuration of gitlab/gitlab-runner ## See requirements.yaml for current version gitlab-runner: install: false rbac: create: true runners: locked: false config: | [[runners]] [runners.kubernetes] image = "ubuntu:22.04" {{- if .Values.global.minio.enabled }} [runners.cache] Type = "s3" Path = "gitlab-runner" Shared = true [runners.cache.s3] ServerAddress = {{ include "gitlab-runner.cache-tpl.s3ServerAddress" . }} BucketName = "runner-cache" BucketLocation = "us-east-1" Insecure = false {{ end }} podAnnotations: gitlab.com/prometheus_scrape: "true" gitlab.com/prometheus_port: 9252 ## Settings for individual sub-charts under GitLab ## Note: Many of these settings are configurable via globals gitlab: ## https://docs.gitlab.com/charts/charts/gitlab/toolbox toolbox: replicas: 1 antiAffinityLabels: matchLabels: app: gitaly webservice: enabled: true minReplicas: 1 maxReplicas: 1 ## https://docs.gitlab.com/charts/charts/gitlab/sidekiq sidekiq: enabled: true minReplicaCount: 1 maxReplicaCount: 1 ## https://docs.gitlab.com/charts/charts/gitlab/gitaly # gitaly: ## https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell gitlab-shell: enabled: true minReplicas: 1 maxReplicas: 1 ## https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages # gitlab-pages: ## https://docs.gitlab.com/charts/charts/gitlab/kas kas: maxReplicas: 1 minReplicas: 1 ## Installation & configuration of gitlab/gitlab-zoekt gitlab-zoekt: install: false

$ helm install gitlab . -f gitlab-values.yaml -n gitlab --create-namespace
$ kubectl get po -n gitlab
NAME                                          READY   STATUS      RESTARTS   AGE
gitlab-gitaly-0                               1/1     Running     0          1d6h
gitlab-gitlab-exporter-5d497dd854-2tqrt       1/1     Running     0          1d6h
gitlab-gitlab-shell-5f64c4b7cb-ccpxc          1/1     Running     0          1d6h
gitlab-kas-7dc4dc56b5-qzgkn                   1/1     Running     0          1d6h
gitlab-migrations-1-vr6nn                     0/1     Completed   0          1d6h
gitlab-minio-6bdf64c676-ppqm5                 1/1     Running     0          1d6h
gitlab-minio-create-buckets-1-mgm8l           0/1     Completed   0          1d6h
gitlab-postgresql-0                           1/1     Running     0          1d6h
gitlab-redis-master-0                         2/2     Running     0          1d6h
gitlab-runner-7bbbdb9fb4-82246                1/1     Running     0          1d5h
gitlab-sidekiq-all-in-1-v2-758dd95d84-g486q   1/1     Running     0          1d6h
gitlab-toolbox-785bcc5495-td7m5               1/1     Running     0          1d6h
gitlab-webservice-default-7fbfc55849-ktbsn    2/2     Running     0          1d6h

초기 Root 패스워드 확인 및 로그인

$ kubectl edit secret `kubectl get secret -n gitlab | grep initial-root-password | awk '{print $1}'` -n gitlab
data.password 값 복사하기
$ echo "data.password" | base64 -d ; echo ""