├── .gitignore ├── README.md ├── assets ├── social.jpg ├── v01-server-location.png ├── v02-server-type.png ├── v03-server-size.png └── v04-server-hostname.png ├── diagrams ├── devops-toolchain-cicd.png ├── k3s-yaml.jpg └── kubectl-config.jpg └── k8s ├── 0000-global ├── 001-cert-manager-helm.yml └── 005-clusterissuer.yml ├── 0500-apk8s ├── 000-namespace │ └── 000-namespace.yml └── 005-echo │ ├── 10-service.yml │ └── 40-deployment.yml └── 1000-gitlab ├── 000-namespace ├── 000-namespace.yml └── 010-certs.yml └── 100-gitlab ├── 10-service.yml ├── 40-deployment.yml └── 50-ingress.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # k3s + Gitlab 2 | 3 | This document outlines the steps for utilizing [k3s] to manage a self-hosted [Gitlab] instance. This may be beneficial for individuals and organizations already leveraging [Kubernetes] for platform development. Many applications such as [Gitlab] do not need sophisticated compute clusters to operate, yet [k3s] allows us to achieve additional continuity in the management of development operations. [k3s], although slim-down, is a fully functional [Kubernetes]. 4 | 5 | ![k3s gitlab diagram](https://raw.githubusercontent.com/apk8s/k3s-gitlab/master/diagrams/devops-toolchain-cicd.png) 6 | 7 | Containers have made applications like [Gitlab] incredibly portable, [Kubernetes] brings that portability to container management and [k3s] makes that portability available at the smallest of scale. 8 | 9 | This document outlines a process for setting up a Gitlab instance in a single custom node Kubernetes ([k3s]) cluster on [Vultr]. However, there is very little difference in utilizing other vendors, such as [Digital Ocean] or [Linode]. 10 | 11 | **Disclosure**: Links to [Vultr], [Digital Ocean] and [Linode] are affiliate links and credit my accounts on those services if you sign up. Affiliate credit helps me offset the expense of setting up environments for developing articles and tutorials. I do not endorse any of these vendors specifically; however, they are all great choices if you are looking for alternatives or redundancies to Google, Amazon, or Microsoft. [Kubernetes] is a Cloud Native and Vendor Neutral solution, and if implemented well, the specific vendor should only be a high-level business concern. 12 | 13 | ## Obtain a Server (or VM Instance) 14 | 15 | This document utilizes one **Los Angeles** instance of a **2 CPU / 4096MB Memory** **[Ubuntu 18.04] x64** server on [Vultr] with Private Networking enabled and a "Server Hostname & Label" of **gitlab.apk8s.dev**. At the time of this writing, the instance cost is $20/mo, or 3 cents per hour. 16 | 17 | ![Server Location](https://github.com/apk8s/k3s-gitlab/blob/master/assets/v01-server-location.png?raw=true) 18 | 19 | ![Server Type](https://github.com/apk8s/k3s-gitlab/blob/master/assets/v02-server-type.png?raw=true) 20 | 21 | ![Server Size](https://github.com/apk8s/k3s-gitlab/blob/master/assets/v03-server-size.png?raw=true) 22 | 23 | ![Server Hostname](https://github.com/apk8s/k3s-gitlab/blob/master/assets/v04-server-hostname.png?raw=true) 24 | 25 | ## Configure DNS 26 | 27 | Add DNS `A` records for your domain, such as: **gitlab.apk8s.dev** and ***.gitlab.apk8s.dev** pointed to the public IP address of the [Vultr] instance above. See your Domain Name / DNS provider for instructions on adding `A` records. 28 | 29 | ## Prepare Server 30 | 31 | Login to the new server (IP) as the root user: 32 | 33 | ```bash 34 | ssh root@NEW_SERVER_IP 35 | ``` 36 | 37 | Upgrade any outdated packages: 38 | 39 | ```bash 40 | apt update && apt upgrade -y 41 | ``` 42 | 43 | ## Install [k3s] 44 | 45 | [k3s] is "Easy to install. A binary of less than 40 MB. Only 512 MB of RAM required to run." this allows us to utilized Kubernetes for managing the Gitlab application container on a single node while limited the footprint of Kubernetes itself. 46 | 47 | ```bash 48 | curl -sfL https://get.k3s.io | sh - 49 | ``` 50 | 51 | [k3s] is now installed and the [Kubernetes] API is listening on the public IP of the server through port **6443**. 52 | 53 | ## Remote Access with `kubectl` 54 | 55 | From your local workstation you should be able to issue a [curl] command to Kubernetes: 56 | 57 | ```bash 58 | curl --insecure https://SERVER_IP:6443/ 59 | ``` 60 | 61 | The new [k3s] cluster should return a **401 Unauthorized** response with the following payload: 62 | 63 | ```json 64 | { 65 | "kind": "Status", 66 | "apiVersion": "v1", 67 | "metadata": { 68 | 69 | }, 70 | "status": "Failure", 71 | "message": "Unauthorized", 72 | "reason": "Unauthorized", 73 | "code": 401 74 | } 75 | ``` 76 | 77 | [k3s] credentials are stored on the server at `/etc/rancher/k3s/k3s.yaml`: 78 | 79 | Review the contents of the generated `k8s.yml` file: 80 | 81 | ```bash 82 | cat /etc/rancher/k3s/k3s.yaml 83 | ``` 84 | 85 | The `k3s.yaml` is a Kubernetes config file used by `kubectl` and contains (1) one cluster, (3) one user and a (2) context that ties them together. `kubectl` uses [contexts] to determine the cluster you wish to connect to and use for access credentials. The `current-context` section is the name of the context currently selected with the `kubectl config use-context` command. 86 | 87 | 88 | ![k3s.yml](https://raw.githubusercontent.com/apk8s/k3s-gitlab/master/diagrams/k3s-yaml.jpg) 89 | 90 | Ensure that [kubectl] is installed on your local workstation. 91 | 92 | If you have [kubectl] installed on your local workstation, notice that the `k8s.yml` file on the new [k3s] node is a `kubectl` config file similar to the file `~/.kube/config` generated by `kubectl`. 93 | 94 | You can copy the entire `k8s.yml` file over to `~/.kube/config` if you have not other contexts there already, it may also be a good practice to rename the **cluster**, **user** and **context** from `default` to something more descriptive. 95 | 96 | If you already have clusters, user and contexts in your `~/.kube/config` you can add these new entries after renaming them. 97 | 98 | Another option is to create another file such as `~/.kube/gitlab-config` and set the **KUBECONFIG** environment variable to point to it. Read more about `kubectl` [configuration options][contexts]. 99 | 100 | ![kubectl config](https://raw.githubusercontent.com/apk8s/k3s-gitlab/master/diagrams/kubectl-config.jpg) 101 | 102 | Before you being configuring [k3s] make sure `kubectl` pointed to the correct cluster: 103 | 104 | ```bash 105 | kubectl config use-context gitlab-admin 106 | ``` 107 | 108 | Ensure that you can communicate with the new [k3s] cluster by requesting a list of nodes: 109 | 110 | ```bash 111 | kubectl get nodes 112 | ``` 113 | 114 | If successful, you should get output similar to the following: 115 | 116 | ```bash 117 | NAME STATUS ROLES AGE VERSION 118 | gitlab.apk8s.dev Ready 171m v1.14.1-k3s.4 119 | ``` 120 | 121 | ## Install [Cert Manager] / [Let's Encrypt] 122 | 123 | [Gitlab] ships with [Let's Encrypt] capabilities, however, since we are running Gitlab through [k3s] (Kubernetes) [Ingress] (using [Traefik],) we need to generate Certs and provide TLS from the cluster. 124 | 125 | Create Cert Manager's Custom Resource Definitions: 126 | ```bash 127 | kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml 128 | ``` 129 | 130 | Install [Cert Manager] with the [./k8s/0000-global/001-cert-manager-helm.yml](./k8s/0000-global/001-cert-manager-helm.yml) manifest (the [k3s] way): 131 | 132 | ```bash 133 | kubectl create -f ./k8s/0000-global/001-cert-manager-helm.yml 134 | ``` 135 | 136 | Ensure that cert manager is now running: 137 | ```bash 138 | kubectl get all -n cert-manager 139 | ``` 140 | 141 | Output: 142 | ```plain 143 | NAME READY STATUS RESTARTS AGE 144 | pod/cert-manager-5d669ffbd8-2s6pm 1/1 Running 0 5m11s 145 | pod/cert-manager-cainjector-79b7fc64f-n9qdt 1/1 Running 0 5m11s 146 | pod/cert-manager-webhook-6484955794-j6cpr 1/1 Running 0 5m11s 147 | 148 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 149 | service/cert-manager-webhook ClusterIP 10.43.103.18 443/TCP 5m11s 150 | 151 | NAME READY UP-TO-DATE AVAILABLE AGE 152 | deployment.apps/cert-manager 1/1 1 1 5m11s 153 | deployment.apps/cert-manager-cainjector 1/1 1 1 5m11s 154 | deployment.apps/cert-manager-webhook 1/1 1 1 5m11s 155 | 156 | NAME DESIRED CURRENT READY AGE 157 | replicaset.apps/cert-manager-5d669ffbd8 1 1 1 5m11s 158 | replicaset.apps/cert-manager-cainjector-79b7fc64f 1 1 1 5m11s 159 | replicaset.apps/cert-manager-webhook-6484955794 1 1 1 5m11s 160 | ``` 161 | 162 | 163 | Add a [ClusterIssuer] to handle the generation of Certs cluster-wide: 164 | 165 | ***NOTE:** First edit [./k8s/0000-global/005-clusterissuer.yml](./k8s/0000-global/005-clusterissuer.yml) and replace **YOUR_EMAIL_ADDRESS** with your email address. 166 | 167 | ```bash 168 | kubectl apply -f ./k8s/0000-global/005-clusterissuer.yml 169 | ``` 170 | 171 | ## Install Gitlab 172 | 173 | ### Namespace 174 | 175 | [./k8s/1000-gitlab/000-namespace/000-namespace.yml](./k8s/1000-gitlab/000-namespace/000-namespace.yml) creates the [Namespace] `gitlab`: 176 | 177 | ```bash 178 | kubectl apply -f ./k8s/1000-gitlab/000-namespace/000-namespace.yml 179 | ``` 180 | 181 | ### TLS Certificate 182 | 183 | Generate a TLS Certificate (first edit [./k8s/1000-gitlab/000-namespace/010-certs.yml](./k8s/1000-gitlab/000-namespace/010-certs.yml) and replace **apk8s.dev** with your domain): 184 | 185 | ```bash 186 | kubectl apply -f ./k8s/1000-gitlab/000-namespace/010-certs.yml 187 | ``` 188 | 189 | ### Services 190 | 191 | [./k8s/1000-gitlab/100-gitlab/10-service.yml](./k8s/1000-gitlab/100-gitlab/10-service.yml) creates two **[Services]**. Service **gitlab** provides a backend service for [Ingress] to serve the Gitlab web UI. Service **gitlab-tcp** exposes port **32222** for interacting with Gitlab over ssh for operations such as git clone, push and pull. 192 | 193 | ```bash 194 | kubectl apply -f ./k8s/1000-gitlab/100-gitlab/10-service.yml 195 | ``` 196 | 197 | ### Deployment 198 | 199 | [./k8s/1000-gitlab/100-gitlab/40-deployment.yml](./k8s/1000-gitlab/100-gitlab/40-deployment.yml) creates a Gitlab **[Deployment]**. 200 | 201 | ```bash 202 | kubectl apply -f ./k8s/1000-gitlab/100-gitlab/40-deployment.yml 203 | ``` 204 | 205 | The Gitlab deployment launches a single [Pod] creating and mounting the directory `/srv/gitlab/` on the new server for the persistent storage for configuration, logs, and data (Git repos.) containers (registry) and uploads. 206 | 207 | ```yaml 208 | - name: config-volume 209 | hostPath: 210 | path: /srv/gitlab/config 211 | - name: logs-volume 212 | hostPath: 213 | path: /srv/gitlab/logs 214 | - name: data-volume 215 | hostPath: 216 | path: /srv/gitlab/data 217 | - name: reg-volume 218 | hostPath: 219 | path: /srv/gitlab/reg 220 | - name: uploads-volume 221 | hostPath: 222 | path: /srv/gitlab/uploads 223 | ``` 224 | 225 | ### Configure Gitlab 226 | 227 | Gitlab may take a minute or more to boot. Once Gitlab is running locate the newly generated config file gitlab.rb on the server at `/srv/gitlab/config/gitlab.rb`. 228 | 229 | The initial `gitlab.rb` file is commented out sample configuration so you may simply back it up and add a new file with the following. Replace **.apk8s.dev** with your domain. 230 | 231 | `/srv/gitlab/config/gitlab.rb`: 232 | ```ruby 233 | external_url 'https://gitlab.apk8s.dev' 234 | 235 | nginx['listen_port'] = 80 236 | nginx['listen_https'] = false 237 | nginx['proxy_set_headers'] = { 238 | 'X-Forwarded-Proto' => 'https', 239 | 'X-Forwarded-Ssl' => 'on' 240 | } 241 | 242 | gitlab_rails['gitlab_shell_ssh_port'] = 32222 243 | 244 | registry_external_url 'https://reg.gitlab.apk8s.dev' 245 | 246 | gitlab_rails['registry_enabled'] = true 247 | 248 | registry_nginx['listen_port'] = 5050 249 | registry_nginx['listen_https'] = false 250 | registry_nginx['proxy_set_headers'] = { 251 | 'X-Forwarded-Proto' => 'https', 252 | 'X-Forwarded-Ssl' => 'on' 253 | } 254 | 255 | prometheus['monitor_kubernetes'] = false 256 | ``` 257 | 258 | ### Ingress 259 | 260 | The Kubernetes [Ingress] manifest [./k8s/1000-gitlab/100-gitlab/50-ingress.yml](./k8s/1000-gitlab/100-gitlab/50-ingress.yml) sets up [Traefik] to direct requests to the host **gitlab.apk8s.dev** to backend [Service] named **gitlab**. 261 | 262 | ```bash 263 | kubectl apply -f ./k8s/1000-gitlab/100-gitlab/50-ingress.yml 264 | ``` 265 | 266 | ## Login 267 | 268 | Browse to https://gitlab.apk8s.dev (replace top-level domain with your domain). **NOTE:** New [Gitlab] installs present a screen to set the admin (**root**) user's password. **Do this immediately** to prevent someone else from setting up Gitlab for you. 269 | 270 | ## Note 271 | 272 | Remember to keep the directory `/srv/gitlab` on the server backed up. 273 | 274 | 275 | [Pod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/ 276 | [Deployment]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ 277 | [Ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ 278 | [Namespace]: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 279 | [Service]: https://kubernetes.io/docs/concepts/services-networking/service/ 280 | [Services]: https://kubernetes.io/docs/concepts/services-networking/service/ 281 | [Let's Encrypt]: https://letsencrypt.org/ 282 | [ClusterIssuer]: https://docs.cert-manager.io/en/latest/tasks/issuers/ 283 | [Traefik]:https://traefik.io/ 284 | [Cert Manager]: 285 | [./k8s/0000-global/001-cert-manager-helm.yml]:./k8s/0000-global/001-cert-manager-helm.yml 286 | [contexts]: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/ 287 | [kubectl]: https://kubernetes.io/docs/tasks/tools/install-kubectl/ 288 | [k3s]: https://k3s.io/ 289 | [Vultr]: https://www.vultr.com/?ref=7418713 290 | [Gitlab]: https://about.gitlab.com/ 291 | [Digital Ocean]: https://m.do.co/c/97b733e7eba4 292 | [Linode]: https://www.linode.com/?r=848a6b0b21dc8edd33124f05ec8f99207ccddfde 293 | [Kubernetes]: https://kubernetes.io/ 294 | [Ubuntu 18.04]: http://releases.ubuntu.com/18.04/ -------------------------------------------------------------------------------- /assets/social.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/assets/social.jpg -------------------------------------------------------------------------------- /assets/v01-server-location.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/assets/v01-server-location.png -------------------------------------------------------------------------------- /assets/v02-server-type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/assets/v02-server-type.png -------------------------------------------------------------------------------- /assets/v03-server-size.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/assets/v03-server-size.png -------------------------------------------------------------------------------- /assets/v04-server-hostname.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/assets/v04-server-hostname.png -------------------------------------------------------------------------------- /diagrams/devops-toolchain-cicd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/diagrams/devops-toolchain-cicd.png -------------------------------------------------------------------------------- /diagrams/k3s-yaml.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/diagrams/k3s-yaml.jpg -------------------------------------------------------------------------------- /diagrams/kubectl-config.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apk8s/k3s-gitlab/e87fa326fb34511569c48d1d05329a19271791f0/diagrams/kubectl-config.jpg -------------------------------------------------------------------------------- /k8s/0000-global/001-cert-manager-helm.yml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChart 3 | metadata: 4 | namespace: kube-system 5 | name: cert-manager 6 | spec: 7 | chart: cert-manager 8 | repo: https://charts.jetstack.io 9 | targetNamespace: cert-manager 10 | -------------------------------------------------------------------------------- /k8s/0000-global/005-clusterissuer.yml: -------------------------------------------------------------------------------- 1 | apiVersion: certmanager.k8s.io/v1alpha1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-production 5 | spec: 6 | acme: 7 | # The ACME server URL 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | # Email address used for ACME registration 10 | email: YOUR_EMAIL_ADDRESS 11 | # Name of a secret used to store the ACME account private key 12 | privateKeySecretRef: 13 | name: letsencrypt-production 14 | # Enable the HTTP-01 challenge provider 15 | http01: {} -------------------------------------------------------------------------------- /k8s/0500-apk8s/000-namespace/000-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apk8s -------------------------------------------------------------------------------- /k8s/0500-apk8s/005-echo/10-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: echo 5 | namespace: apk8s 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: tcp 10 | port: 30001 11 | targetPort: 1025 12 | protocol: TCP 13 | nodePort: 30001 14 | selector: 15 | app: echo -------------------------------------------------------------------------------- /k8s/0500-apk8s/005-echo/40-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: apk8s 5 | name: echo 6 | labels: 7 | app: echo 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 1 11 | selector: 12 | matchLabels: 13 | app: echo 14 | template: 15 | metadata: 16 | labels: 17 | app: echo 18 | spec: 19 | containers: 20 | - name: echo 21 | image: apk8s/echo:v0.0.2 22 | imagePullPolicy: IfNotPresent 23 | env: 24 | - name: NODE_NAME 25 | valueFrom: 26 | fieldRef: 27 | fieldPath: spec.nodeName 28 | - name: NAMESPACE 29 | valueFrom: 30 | fieldRef: 31 | fieldPath: metadata.namespace 32 | - name: POD_NAME 33 | valueFrom: 34 | fieldRef: 35 | fieldPath: metadata.name 36 | ports: 37 | - name: tcp-echo 38 | containerPort: 1025 39 | - name: http-metrics 40 | containerPort: 2112 -------------------------------------------------------------------------------- /k8s/1000-gitlab/000-namespace/000-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: gitlab -------------------------------------------------------------------------------- /k8s/1000-gitlab/000-namespace/010-certs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: certmanager.k8s.io/v1alpha1 2 | kind: Certificate 3 | metadata: 4 | name: gitlab-apk8s 5 | namespace: gitlab 6 | spec: 7 | secretName: gitlab-apk8s-tls 8 | issuerRef: 9 | name: letsencrypt-production 10 | kind: ClusterIssuer 11 | commonName: gitlab.apk8s.dev 12 | dnsNames: 13 | - gitlab.apk8s.dev 14 | - reg.gitlab.apk8s.dev 15 | acme: 16 | config: 17 | - http01: 18 | ingressClass: traefik 19 | domains: 20 | - gitlab.apk8s.dev 21 | - reg.gitlab.apk8s.dev -------------------------------------------------------------------------------- /k8s/1000-gitlab/100-gitlab/10-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: gitlab 5 | namespace: gitlab 6 | labels: 7 | app: gitlab 8 | spec: 9 | selector: 10 | app: gitlab 11 | ports: 12 | - name: http-web 13 | protocol: "TCP" 14 | port: 80 15 | targetPort: 80 16 | - name: http-reg 17 | protocol: "TCP" 18 | port: 5050 19 | targetPort: 5050 20 | type: ClusterIP 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: gitlab-ssh 26 | namespace: gitlab 27 | labels: 28 | app: gitlab-ssh 29 | spec: 30 | selector: 31 | app: gitlab 32 | ports: 33 | - name: tcp-git 34 | protocol: "TCP" 35 | targetPort: 22 36 | port: 32222 37 | nodePort: 32222 38 | type: NodePort -------------------------------------------------------------------------------- /k8s/1000-gitlab/100-gitlab/40-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: gitlab 5 | name: gitlab 6 | labels: 7 | app: gitlab 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 1 11 | selector: 12 | matchLabels: 13 | app: gitlab 14 | template: 15 | metadata: 16 | labels: 17 | app: gitlab 18 | spec: 19 | containers: 20 | - name: gitlab 21 | image: gitlab/gitlab-ce:11.10.4-ce.0 22 | imagePullPolicy: IfNotPresent 23 | volumeMounts: 24 | - name: config-volume 25 | mountPath: /etc/gitlab 26 | - name: logs-volume 27 | mountPath: /var/log/gitlab 28 | - name: data-volume 29 | mountPath: /var/opt/gitlab 30 | - name: reg-volume 31 | mountPath: /var/opt/gitlab/gitlab-rails/shared/registry 32 | - name: uploads-volume 33 | mountPath: /var/opt/gitlab/gitlab-rails/uploads 34 | ports: 35 | - name: http-web 36 | containerPort: 80 37 | - name: tcp-ssh 38 | containerPort: 22 39 | - name: http-reg 40 | containerPort: 5050 41 | volumes: 42 | - name: config-volume 43 | hostPath: 44 | path: /srv/gitlab/config 45 | - name: logs-volume 46 | hostPath: 47 | path: /srv/gitlab/logs 48 | - name: data-volume 49 | hostPath: 50 | path: /srv/gitlab/data 51 | - name: reg-volume 52 | hostPath: 53 | path: /srv/gitlab/reg 54 | - name: uploads-volume 55 | hostPath: 56 | path: /srv/gitlab/uploads -------------------------------------------------------------------------------- /k8s/1000-gitlab/100-gitlab/50-ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: gitlab 5 | namespace: gitlab 6 | labels: 7 | app: gitlab 8 | annotations: 9 | traefik.ingress.kubernetes.io/redirect-entry-point: https 10 | spec: 11 | rules: 12 | - host: gitlab.apk8s.dev 13 | http: 14 | paths: 15 | - backend: 16 | serviceName: gitlab 17 | servicePort: 80 18 | path: / 19 | - host: reg.gitlab.apk8s.dev 20 | http: 21 | paths: 22 | - backend: 23 | serviceName: gitlab 24 | servicePort: 5050 25 | path: / 26 | tls: 27 | - hosts: 28 | - reg.gitlab.apk8s.dev 29 | - gitlab.apk8s.dev 30 | secretName: gitlab-apk8s-tls --------------------------------------------------------------------------------