Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

Latest commit

 

History

History
383 lines (338 loc) · 11.1 KB

File metadata and controls

383 lines (338 loc) · 11.1 KB

Install GitLab

Add GitLab repository:

helm repo add gitlab https://charts.gitlab.io/
helm repo update

Create gitlab namespaces with secrets needed for GitLab (certificates and passwords):

kubectl create namespace gitlab
kubectl create secret generic gitlab-initial-root-password --from-literal=password="admin123" -n gitlab
kubectl create secret generic custom-ca --from-file=unique_name=tmp/fakelerootx1.pem -n gitlab

Create Istio Gateways and VirtualServices to allow accessing GitLab from "outside":

cat << EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gitlab-gateway
  namespace: gitlab
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 22
      name: ssh-gitlab
      protocol: TCP
    hosts:
    - gitlab.${MY_DOMAIN}
  - port:
      number: 80
      name: http-gitlab
      protocol: HTTP
    hosts:
    - gitlab.${MY_DOMAIN}
    - minio.${MY_DOMAIN}
    tls:
      httpsRedirect: true
  - port:
      number: 443
      name: https-gitlab
      protocol: HTTPS
    hosts:
    - gitlab.${MY_DOMAIN}
    - minio.${MY_DOMAIN}
    tls:
      credentialName: ingress-cert-${LETSENCRYPT_ENVIRONMENT}
      mode: SIMPLE
      privateKey: sds
      serverCertificate: sds
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gitlab-ssh-virtual-service
  namespace: gitlab
spec:
  hosts:
  - gitlab.${MY_DOMAIN}
  gateways:
  - gitlab-gateway
  tcp:
  - match:
    - port: 22
    route:
    - destination:
        host: gitlab-gitlab-shell.gitlab.svc.cluster.local
        port:
          number: 22
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gitlab-http-virtual-service
  namespace: gitlab
spec:
  hosts:
  - gitlab.${MY_DOMAIN}
  gateways:
  - gitlab-gateway
  http:
  - match:
    - uri:
        prefix: /admin/sidekiq
    route:
    - destination:
        host: gitlab-unicorn.gitlab.svc.cluster.local
        port:
          number: 8080
  - route:
    - destination:
        host: gitlab-unicorn.gitlab.svc.cluster.local
        port:
          number: 8181
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gitlab-minio-virtual-service
  namespace: gitlab
spec:
  hosts:
  - minio.${MY_DOMAIN}
  gateways:
  - gitlab-gateway
  http:
  - route:
    - destination:
        host: gitlab-minio-svc.gitlab.svc.cluster.local
        port:
          number: 9000
EOF

Install GitLab using Helm:

helm install gitlab gitlab/gitlab --namespace gitlab --wait --version 2.6.0 \
  --set certmanager.install=false \
  --set gitlab-runner.install=false \
  --set gitlab.gitaly.persistence.size=1Gi \
  --set gitlab.unicorn.ingress.enabled=false \
  --set global.appConfig.cron_jobs.ci_archive_traces_cron_worker.cron="17 * * * *" \
  --set global.appConfig.cron_jobs.expire_build_artifacts_worker.cron="50 * * * *" \
  --set global.appConfig.cron_jobs.pipeline_schedule_worker.cron="19 * * * *" \
  --set global.appConfig.cron_jobs.repository_archive_cache_worker.cron="0 * * * *" \
  --set global.appConfig.cron_jobs.repository_check_worker.cron="20 * * * *" \
  --set global.appConfig.cron_jobs.stuck_ci_jobs_worker.cron="0 * * * *" \
  --set global.appConfig.gravatar.plainUrl="https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon" \
  --set global.appConfig.gravatar.sslUrl="https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon" \
  --set global.certificates.customCAs[0].secret=custom-ca \
  --set global.edition=ce \
  --set global.hosts.domain=${MY_DOMAIN} \
  --set global.ingress.configureCertmanager=false \
  --set global.ingress.enabled=false \
  --set global.initialRootPassword.secret=gitlab-initial-root-password \
  --set minio.persistence.size=5Gi \
  --set nginx-ingress.enabled=false \
  --set postgresql.persistence.size=1Gi \
  --set prometheus.install=false \
  --set redis.persistence.size=1Gi \
  --set registry.enabled=false

Output:

NAME: gitlab
LAST DEPLOYED: Fri Dec 27 10:57:01 2019
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
WARNING: Automatic TLS certificate generation with cert-manager is disabled and no TLS certificates were provided. Self-signed certificates were generated.

You may retrieve the CA root for these certificates from the `gitlab-wildcard-tls-ca` secret, via the following command. It can then be imported to a web browser or system store.

    kubectl get secret gitlab-wildcard-tls-ca -ojsonpath='{.data.cfssl_ca}' | base64 --decode > gitlab.mylabs.dev.ca.pem

If you do not wish to use self-signed certificates, please set the following properties:
  - global.ingress.tls.secretName
  OR
  - gitlab.unicorn.ingress.tls.secretName
  - minio.ingress.tls.secretName

Try to access the GitLab using the URL https://gitlab.mylabs.dev with following credentials:

  • Username: root
  • Password: admin123

Create Personal Access Token 1234567890 for user root:

UNICORN_POD=$(kubectl get pods -n gitlab -l=app=unicorn -o jsonpath="{.items[0].metadata.name}")
echo ${UNICORN_POD}
kubectl exec -n gitlab -it $UNICORN_POD -c unicorn -- /bin/bash -c "
cd /srv/gitlab;
bin/rails r \"
token_digest = Gitlab::CryptoHelper.sha256 \\\"1234567890\\\";
token=PersonalAccessToken.create!(name: \\\"Full Access\\\", scopes: [:api], user: User.where(id: 1).first, token_digest: token_digest);
token.save!
\";
"

Output:

gitlab-unicorn-566c465dc4-4dwdz

Create new user myuser:

GITLAB_USER_ID=$(curl -s -k -X POST -H "Content-type: application/json" -H "PRIVATE-TOKEN: 1234567890" https://gitlab.${MY_DOMAIN}/api/v4/users -d \
"{
  \"name\": \"myuser\",
  \"username\": \"myuser\",
  \"password\": \"myuser_password\",
  \"email\": \"myuser@${MY_DOMAIN}\",
  \"skip_confirmation\": true
}" | jq ".id")
echo ${GITLAB_USER_ID}

Output:

2

Create a personal access token for user myuser:

kubectl exec -n gitlab -it $UNICORN_POD -c unicorn -- /bin/bash -c "
cd /srv/gitlab;
bin/rails r \"
token_digest = Gitlab::CryptoHelper.sha256 \\\"0987654321\\\";
token=PersonalAccessToken.create!(name: \\\"Full Access\\\", scopes: [:api], user: User.where(id: ${GITLAB_USER_ID}).first, token_digest: token_digest);
token.save!
\";
"

Create Impersonation token for myuser:

GILAB_MYUSER_TOKEN=$(curl -s -k -X POST -H "Content-type: application/json" -H "PRIVATE-TOKEN: 1234567890" https://gitlab.${MY_DOMAIN}/api/v4/users/${GITLAB_USER_ID}/impersonation_tokens -d \
"{
  \"name\": \"mytoken\",
  \"scopes\": [\"api\"]
}" | jq -r ".token")
echo ${GILAB_MYUSER_TOKEN}

Output:

t_dJwRNpVkdsxWzs3Yv3

Create SSH key which will be imported to GitLab:

ssh-keygen -t ed25519 -f tmp/id_rsa_gitlab -q -N "" -C "[email protected]"

Add ssh key to the myuser:

curl -sk -X POST -F "private_token=${GILAB_MYUSER_TOKEN}" https://gitlab.${MY_DOMAIN}/api/v4/user/keys -F "title=my_ssh_key" -F "key=$(cat tmp/id_rsa_gitlab.pub)" | jq

Output:

{
  "id": 1,
  "title": "my_ssh_key",
  "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH2+gqsWrziaAmzGumc/frT0EBMSrXSP0MT/jRcKwtm [email protected]",
  "created_at": "2019-12-27T10:01:45.403Z"
}

Create new project:

PROJECT_ID=$(curl -s -k -X POST -H "Content-type: application/json" -H "PRIVATE-TOKEN: 1234567890" https://gitlab.${MY_DOMAIN}/api/v4/projects/user/${GITLAB_USER_ID} -d \
"{
  \"user_id\": \"${GITLAB_USER_ID}\",
  \"name\": \"my-podinfo\",
  \"description\": \"My Test Project\",
  \"wiki_access_level\": \"disabled\",
  \"issues_access_level\": \"disabled\",
  \"builds_access_level\": \"disabled\",
  \"snippets_access_level\": \"disabled\",
  \"container-registry-enabled\": false,
  \"visibility\": \"public\"
}" | jq -r ".id")
echo ${PROJECT_ID}

Output:

1

Clone the podinfo project and push it to the newly created git repository my-podinfo:

export GIT_SSH_COMMAND="ssh -i $PWD/tmp/id_rsa_gitlab -o UserKnownHostsFile=/dev/null"
git clone --bare https://github.com/stefanprodan/podinfo tmp/podinfo
git -C tmp/podinfo push --mirror git@gitlab.${MY_DOMAIN}:myuser/my-podinfo.git
rm -rf tmp/podinfo

Output:

loning into bare repository 'tmp/podinfo'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 5266 (delta 0), reused 3 (delta 0), pack-reused 5256
Receiving objects: 100% (5266/5266), 9.52 MiB | 1.28 MiB/s, done.
Resolving deltas: 100% (2342/2342), done.
Warning: Permanently added 'gitlab.mylabs.dev,18.184.227.16' (ECDSA) to the list of known hosts.
Enumerating objects: 5266, done.
Counting objects: 100% (5266/5266), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2544/2544), done.
Writing objects: 100% (5266/5266), 9.52 MiB | 6.95 MiB/s, done.
Total 5266 (delta 2342), reused 5266 (delta 2342)
remote: Resolving deltas: 100% (2342/2342), done.
remote:
remote: To create a merge request for gh-pages, visit:
remote:   https://gitlab.mylabs.dev/myuser/my-podinfo/merge_requests/new?merge_request%5Bsource_branch%5D=gh-pages
remote:
remote: To create a merge request for v0.x, visit:
remote:   https://gitlab.mylabs.dev/myuser/my-podinfo/merge_requests/new?merge_request%5Bsource_branch%5D=v0.x
remote:
remote: To create a merge request for v1.x, visit:
remote:   https://gitlab.mylabs.dev/myuser/my-podinfo/merge_requests/new?merge_request%5Bsource_branch%5D=v1.x
remote:
remote: To create a merge request for v3.x, visit:
remote:   https://gitlab.mylabs.dev/myuser/my-podinfo/merge_requests/new?merge_request%5Bsource_branch%5D=v3.x
remote:
To gitlab.mylabs.dev:myuser/my-podinfo.git
 * [new branch]      gh-pages -> gh-pages
 * [new branch]      master -> master
 * [new branch]      v0.x -> v0.x
 * [new branch]      v1.x -> v1.x
 * [new branch]      v3.x -> v3.x
 * [new tag]         0.2.2 -> 0.2.2
 * [new tag]         2.0.0 -> 2.0.0
 * [new tag]         2.0.1 -> 2.0.1
 * [new tag]         2.0.2 -> 2.0.2
 * [new tag]         2.1.0 -> 2.1.0
 * [new tag]         2.1.1 -> 2.1.1
 * [new tag]         2.1.2 -> 2.1.2
 * [new tag]         2.1.3 -> 2.1.3
 * [new tag]         3.0.0 -> 3.0.0
 * [new tag]         3.1.0 -> 3.1.0
 * [new tag]         3.1.1 -> 3.1.1
 * [new tag]         3.1.2 -> 3.1.2
 * [new tag]         3.1.3 -> 3.1.3
 * [new tag]         3.1.4 -> 3.1.4
 * [new tag]         3.1.5 -> 3.1.5
 * [new tag]         flux-floral-pine-16 -> flux-floral-pine-16
 * [new tag]         flux-thawing-star-34 -> flux-thawing-star-34
 * [new tag]         v0.4.0 -> v0.4.0
 * [new tag]         v0.5.0 -> v0.5.0
 * [new tag]         v1.0.0 -> v1.0.0
 * [new tag]         v1.1.0 -> v1.1.0
 * [new tag]         v1.1.1 -> v1.1.1
 * [new tag]         v1.2.0 -> v1.2.0
 * [new tag]         v1.2.1 -> v1.2.1
 * [new tag]         v1.3.0 -> v1.3.0
 * [new tag]         v1.3.1 -> v1.3.1
 * [new tag]         v1.4.0 -> v1.4.0
 * [new tag]         v1.4.1 -> v1.4.1
 * [new tag]         v1.4.2 -> v1.4.2
 * [new tag]         v1.6.0 -> v1.6.0
 * [new tag]         v1.7.0 -> v1.7.0
 * [new tag]         v1.8.0 -> v1.8.0

GitLab Screenshot:

GitLab