配置目標
- 郵件提示
- GitHub第三方授權登陸
- GitLab Runner
- Docker私服註冊
官方介紹
目前微服務盛行環境下,服務部署優先考慮Docker方式,便於遷移和彈性伸縮
官方映象介紹 GitLab Docker images
GitLab Docker images
Both GitLab CE and EE are in Docker Hub:
The GitLab Docker images are monolithic images of GitLab running all the necessary services on a single container.
In the following examples we are using the image of GitLab CE. To use GitLab EE instead of GitLab CE, replace the image name to
gitlab/gitlab-ee:latest.If you want to use the latest RC image, use
gitlab/gitlab-ce:rcorgitlab/gitlab-ee:rcfor GitLab CE and GitLab EE respectively.The GitLab Docker images can be run in multiple ways:
docker-compose 指令碼
此處選擇社群版(CE)安裝,同時為了便於引數配置,使用docker-compose方式編寫指令碼檔案
Install GitLab using docker-compose
With Docker compose you can easily configure, install, and upgrade your Docker-based GitLab installation.
Install Docker Compose
Create a
docker-compose.ymlfile (or download an example):web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' # Add any other gitlab.rb configuration here, each on its own line ports: - '80:80' - '443:443' - '22:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' 複製程式碼Make sure you are in the same directory as
docker-compose.ymland rundocker-compose up -dto start GitLabRead “Pre-configure Docker container” to see how the
GITLAB_OMNIBUS_CONFIGvariable works.Below is another
docker-compose.ymlexample with GitLab running on a custom HTTP and SSH port. Notice how theGITLAB_OMNIBUS_CONFIGvariables match theportssection:web: image: 'gitlab/gitlab-ce:latest' restart: always hostname: 'gitlab.example.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.example.com:9090' gitlab_rails['gitlab_shell_ssh_port'] = 2224 ports: - '9090:9090' - '2224:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' 複製程式碼This is the same as using
--publish 9090:9090 --publish 2224:22.
官方提示說明Docker CE版基於Omnibus版本,故環境配置也可參考相關文件
Omnibus文件目錄
Installation and Configuration using omnibus package
Note: This section describes the commonly used configuration settings. Check configuration section of the documentation for complete configuration settings.
- Installing GitLab
- Setting up a domain name/URL for the GitLab Instance so that it can be accessed easily
- Enabling HTTPS
- Enabling notification EMails
- Enabling replying via email
- Enabling container registry on GitLab
- You will require SSL certificates for the domain used for container registry
- Enabling GitLab Pages
- If you want HTTPS enabled, you will have to get wildcard certificates
- Enabling Elasticsearch
- GitLab Mattermost Set up the Mattermost messaging app that ships with Omnibus GitLab package.
- GitLab Prometheus Set up the Prometheus monitoring included in the Omnibus GitLab package.
- GitLab High Availability Roles
結合配置目標編寫yaml檔案
注意:
- 此處郵件使用163郵箱(官方沒有提供163郵箱支援案例)
- Docker私服公鑰執行從私服上獲取
- 由於特殊原因,目標配置未啟動SSL安全連線,但GitLab可以通過簡單配置支援SSL並自動更新證書
Let’s Encrypt Integration
Primary GitLab Instance
Note: Introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if
external_urlis set with the httpsprotocol and no certificates are configured.Note: In order for Let’s Encrypt verification to work correctly, ports 80 and 443 will need to be accessible to the Let’s Encrypt servers that run the validation. Also note that the validation currently does not work with non-standard ports.
Caution Administrators installing or upgrading to GitLab version 10.7 or later and do not plan on using Let’s Encrypt should set the following in
/etc/gitlab/gitlab.rbto disable:letsencrypt['enable'] = false 複製程式碼Add the following entries to
/etc/gitlab/gitlab.rbto enable Let’s Encrypt support for the primary domain:letsencrypt['enable'] = true # GitLab 10.5 and 10.6 require this option external_url "https://gitlab.example.com" # Must use https protocol letsencrypt['contact_emails'] = ['foo@email.com'] # Optional 複製程式碼
生成163郵箱授權密碼
生成GitHub授權祕鑰
最終配置
version: '3.1'
services:
gitlab:
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url '外部訪問地址'
gitlab_rails['gitlab_shell_ssh_port'] = 22
registry_external_url 'Docker私服地址'
registry_nginx['ssl_certificate'] = "Docker 私服CA證書 crt檔案"
registry_nginx['ssl_certificate_key'] = "Docker 私服公鑰 pem檔案"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "郵件傳送者名稱"
gitlab_rails['gitlab_email_from'] = '郵件傳送地址'
gitlab_rails['smtp_password'] = "授權密碼"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "Client ID",
"app_secret" => "Client Secret",
"url" => "https://github.com/",
"args" => { "scope" => "user:email" }
}
]
image: gitlab/gitlab-ce:latest
hostname: 域名
restart: always
networks:
- devops-service-bridge
ports:
- '443:443'
- '80:8099'
- '22:22'
volumes:
- ./srv/gitlab/config:/etc/gitlab
- ./srv/gitlab/logs:/var/log/gitlab
- ./srv/gitlab/data:/var/opt/gitlab
- /etc/docker/certs.d:/etc/docker/certs.d
networks:
devops-service-bridge:
driver: bridge
複製程式碼