配置目标
- 邮件提示
- GitHub第三方授权登陆
- GitLab Runner
- Docker私服注册
官方介绍
目前微服务盛行环境下,服务部署优先考虑Docker方式,便于迁移和弹性伸缩
官方镜像介绍 GitLab Docker images
GitLab Docker images
Both GitLab CE and EE are in Docker Hub:
The GitLab Docker images are monolithic images of GitLab running all the necessary services on a single container.
In the following examples we are using the image of GitLab CE. To use GitLab EE instead of GitLab CE, replace the image name to
gitlab/gitlab-ee:latest.If you want to use the latest RC image, use
gitlab/gitlab-ce:rcorgitlab/gitlab-ee:rcfor GitLab CE and GitLab EE respectively.The GitLab Docker images can be run in multiple ways:
docker-compose 脚本
此处选择社区版(CE)安装,同时为了便于参数配置,使用docker-compose方式编写脚本文件
Install GitLab using docker-compose
With Docker compose you can easily configure, install, and upgrade your Docker-based GitLab installation.
Install Docker Compose
Create a
docker-compose.ymlfile (or download an example):web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' # Add any other gitlab.rb configuration here, each on its own line ports: - '80:80' - '443:443' - '22:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' 复制代码Make sure you are in the same directory as
docker-compose.ymland rundocker-compose up -dto start GitLabRead “Pre-configure Docker container” to see how the
GITLAB_OMNIBUS_CONFIGvariable works.Below is another
docker-compose.ymlexample with GitLab running on a custom HTTP and SSH port. Notice how theGITLAB_OMNIBUS_CONFIGvariables match theportssection:web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.example.com:9090' gitlab_rails['gitlab_shell_ssh_port'] = 2224 ports: - '9090:9090' - '2224:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' 复制代码This is the same as using
--publish 9090:9090 --publish 2224:22.
官方提示说明Docker CE版基于Omnibus版本,故环境配置也可参考相关文档
Omnibus文档目录
Installation and Configuration using omnibus package
Note: This section describes the commonly used configuration settings. Check configuration section of the documentation for complete configuration settings.
- Installing GitLab
- Setting up a domain name/URL for the GitLab Instance so that it can be accessed easily
- Enabling HTTPS
- Enabling notification EMails
- Enabling replying via email
- Enabling container registry on GitLab
- You will require SSL certificates for the domain used for container registry
- Enabling GitLab Pages
- If you want HTTPS enabled, you will have to get wildcard certificates
- Enabling Elasticsearch
- GitLab Mattermost Set up the Mattermost messaging app that ships with Omnibus GitLab package.
- GitLab Prometheus Set up the Prometheus monitoring included in the Omnibus GitLab package.
- GitLab High Availability Roles
结合配置目标编写yaml文件
注意:
- 此处邮件使用163邮箱(官方没有提供163邮箱支持案例)
- Docker私服公钥执行从私服上获取
- 由于特殊原因,目标配置未启动SSL安全连接,但GitLab可以通过简单配置支持SSL并自动更新证书
Let’s Encrypt Integration
Primary GitLab Instance
Note: Introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if
external_urlis set with the httpsprotocol and no certificates are configured.Note: In order for Let’s Encrypt verification to work correctly, ports 80 and 443 will need to be accessible to the Let’s Encrypt servers that run the validation. Also note that the validation currently does not work with non-standard ports.
Caution Administrators installing or upgrading to GitLab version 10.7 or later and do not plan on using Let’s Encrypt should set the following in
/etc/gitlab/gitlab.rbto disable:letsencrypt['enable'] = false 复制代码Add the following entries to
/etc/gitlab/gitlab.rbto enable Let’s Encrypt support for the primary domain:letsencrypt['enable'] = true # GitLab 10.5 and 10.6 require this option external_url "https://gitlab.example.com" # Must use https protocol letsencrypt['contact_emails'] = ['foo@email.com'] # Optional 复制代码
生成163邮箱授权密码
生成GitHub授权秘钥
最终配置
version: '3.1'
services:
gitlab:
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url '外部访问地址'
gitlab_rails['gitlab_shell_ssh_port'] = 22
registry_external_url 'Docker私服地址'
registry_nginx['ssl_certificate'] = "Docker 私服CA证书 crt文件"
registry_nginx['ssl_certificate_key'] = "Docker 私服公钥 pem文件"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "邮件发送者名称"
gitlab_rails['gitlab_email_from'] = '邮件发送地址'
gitlab_rails['smtp_password'] = "授权密码"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "Client ID",
"app_secret" => "Client Secret",
"url" => "https://github.com/",
"args" => { "scope" => "user:email" }
}
]
image: gitlab/gitlab-ce:latest
hostname: 域名
restart: always
networks:
- devops-service-bridge
ports:
- '443:443'
- '80:8099'
- '22:22'
volumes:
- ./srv/gitlab/config:/etc/gitlab
- ./srv/gitlab/logs:/var/log/gitlab
- ./srv/gitlab/data:/var/opt/gitlab
- /etc/docker/certs.d:/etc/docker/certs.d
networks:
devops-service-bridge:
driver: bridge
复制代码
818
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
