From 33c855ae9ff26e879d040929ebc540128a394d1a Mon Sep 17 00:00:00 2001 From: Baykanurov Date: Sun, 3 Dec 2023 00:44:19 +0400 Subject: [PATCH] kubernetes-4 --- README.md | 8 + gitlab-ci/.env.example | 1 - gitlab-ci/.gitlab-ci.yml | 71 ----- gitlab-ci/docker-compose.yml | 15 -- kubernetes/Charts/comment/Chart.yaml | 9 + .../Charts/comment/templates/_helpers.tpl | 3 + .../Charts/comment/templates/deployment.yaml | 34 +++ .../Charts/comment/templates/service.yaml | 19 ++ kubernetes/Charts/comment/values.yaml | 10 + .../Charts/gitlab-ci/.gitlab-ci-comment.yml | 228 ++++++++++++++++ .../Charts/gitlab-ci/.gitlab-ci-post.yml | 223 ++++++++++++++++ .../Charts/gitlab-ci/.gitlab-ci-reddit.yml | 135 ++++++++++ kubernetes/Charts/gitlab-ci/.gitlab-ci-ui.yml | 183 +++++++++++++ .../Charts/gitlab-omnibus/.gitlab-ci.yml | 19 ++ kubernetes/Charts/gitlab-omnibus/.helmignore | 21 ++ kubernetes/Charts/gitlab-omnibus/CHANGELOG.md | 11 + kubernetes/Charts/gitlab-omnibus/Chart.yaml | 26 ++ kubernetes/Charts/gitlab-omnibus/README.md | 23 ++ .../charts/gitlab-runner/.gitlab-ci.yml | 19 ++ .../charts/gitlab-runner/.helmignore | 21 ++ .../charts/gitlab-runner/Chart.yaml | 16 ++ .../charts/gitlab-runner/README.md | 3 + .../charts/gitlab-runner/templates/NOTES.txt | 27 ++ .../gitlab-runner/templates/_cache_s3.tpl | 26 ++ .../gitlab-runner/templates/_helpers.tpl | 23 ++ .../gitlab-runner/templates/configmap.yaml | 30 +++ .../gitlab-runner/templates/deployment.yaml | 125 +++++++++ .../gitlab-runner/templates/role-binding.yaml | 19 ++ .../charts/gitlab-runner/templates/role.yaml | 15 ++ .../gitlab-runner/templates/secrets.yaml | 13 + .../templates/service-account.yaml | 11 + .../charts/gitlab-runner/values.yaml | 144 ++++++++++ .../Charts/gitlab-omnibus/requirements.lock | 6 + .../Charts/gitlab-omnibus/requirements.yaml | 4 + .../Charts/gitlab-omnibus/templates/NOTES.txt | 28 ++ .../gitlab-omnibus/templates/_helpers.tpl | 45 ++++ .../templates/fast-storage/storage.yaml | 20 ++ .../templates/gitlab-config.yaml | 36 +++ .../gitlab/gitlab-config-storage.yaml | 23 ++ .../templates/gitlab/gitlab-deployment.yaml | 249 ++++++++++++++++++ .../templates/gitlab/gitlab-storage.yaml | 48 ++++ .../templates/gitlab/gitlab-svc.yaml | 36 +++ .../gitlab/postgresql-configmap.yaml | 12 + .../gitlab/postgresql-deployment.yaml | 81 ++++++ .../templates/gitlab/postgresql-storage.yaml | 25 ++ .../templates/gitlab/postgresql-svc.yaml | 16 ++ .../templates/gitlab/redis-deployment.yaml | 49 ++++ .../templates/gitlab/redis-storage.yaml | 25 ++ .../templates/gitlab/redis-svc.yaml | 16 ++ .../templates/ingress/gitlab-ingress.yaml | 51 ++++ .../ingress/gitlab-pages-ingress.yaml | 29 ++ .../load-balancer/lego/00-namespace.yaml | 4 + .../load-balancer/lego/configmap.yaml | 10 + .../load-balancer/lego/deployment.yaml | 46 ++++ .../load-balancer/nginx/00-namespace.yaml | 4 + .../load-balancer/nginx/configmap.yaml | 13 + .../load-balancer/nginx/daemonset.yaml | 48 ++++ .../nginx/default-deployment.yaml | 37 +++ .../load-balancer/nginx/default-service.yaml | 12 + .../load-balancer/nginx/service.yaml | 20 ++ .../load-balancer/nginx/tcp-configmap.yaml | 7 + kubernetes/Charts/gitlab-omnibus/values.yaml | 110 ++++++++ kubernetes/Charts/post/Chart.yaml | 9 + kubernetes/Charts/post/templates/_helpers.tpl | 3 + .../Charts/post/templates/deployment.yaml | 34 +++ kubernetes/Charts/post/templates/service.yaml | 19 ++ kubernetes/Charts/post/values.yaml | 10 + kubernetes/Charts/reddit/Chart.yaml | 7 + kubernetes/Charts/reddit/requirements.yaml | 17 ++ kubernetes/Charts/reddit/values.yaml | 20 ++ kubernetes/Charts/ui/Chart.yaml | 9 + kubernetes/Charts/ui/templates/_helpers.tpl | 3 + .../Charts/ui/templates/deployment.yaml | 46 ++++ kubernetes/Charts/ui/templates/ingress.yaml | 17 ++ kubernetes/Charts/ui/templates/service.yaml | 19 ++ kubernetes/Charts/ui/values.yaml | 16 ++ kubernetes/reddit/post-deployment.yml | 27 -- kubernetes/reddit/post-mongodb-service.yml | 18 -- kubernetes/reddit/post-service.yml | 16 -- kubernetes/reddit/ui-deployment.yml | 29 -- kubernetes/reddit/ui-ingress.yml | 22 -- kubernetes/reddit/ui-service.yml | 17 -- 82 files changed, 2783 insertions(+), 216 deletions(-) delete mode 100644 gitlab-ci/.env.example delete mode 100644 gitlab-ci/.gitlab-ci.yml delete mode 100644 gitlab-ci/docker-compose.yml create mode 100644 kubernetes/Charts/comment/Chart.yaml create mode 100644 kubernetes/Charts/comment/templates/_helpers.tpl create mode 100644 kubernetes/Charts/comment/templates/deployment.yaml create mode 100644 kubernetes/Charts/comment/templates/service.yaml create mode 100644 kubernetes/Charts/comment/values.yaml create mode 100644 kubernetes/Charts/gitlab-ci/.gitlab-ci-comment.yml create mode 100644 kubernetes/Charts/gitlab-ci/.gitlab-ci-post.yml create mode 100644 kubernetes/Charts/gitlab-ci/.gitlab-ci-reddit.yml create mode 100644 kubernetes/Charts/gitlab-ci/.gitlab-ci-ui.yml create mode 100644 kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml create mode 100644 kubernetes/Charts/gitlab-omnibus/.helmignore create mode 100644 kubernetes/Charts/gitlab-omnibus/CHANGELOG.md create mode 100644 kubernetes/Charts/gitlab-omnibus/Chart.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/README.md create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/requirements.lock create mode 100644 kubernetes/Charts/gitlab-omnibus/requirements.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml create mode 100644 kubernetes/Charts/gitlab-omnibus/values.yaml create mode 100644 kubernetes/Charts/post/Chart.yaml create mode 100644 kubernetes/Charts/post/templates/_helpers.tpl create mode 100644 kubernetes/Charts/post/templates/deployment.yaml create mode 100644 kubernetes/Charts/post/templates/service.yaml create mode 100644 kubernetes/Charts/post/values.yaml create mode 100644 kubernetes/Charts/reddit/Chart.yaml create mode 100644 kubernetes/Charts/reddit/requirements.yaml create mode 100644 kubernetes/Charts/reddit/values.yaml create mode 100644 kubernetes/Charts/ui/Chart.yaml create mode 100644 kubernetes/Charts/ui/templates/_helpers.tpl create mode 100644 kubernetes/Charts/ui/templates/deployment.yaml create mode 100644 kubernetes/Charts/ui/templates/ingress.yaml create mode 100644 kubernetes/Charts/ui/templates/service.yaml create mode 100644 kubernetes/Charts/ui/values.yaml delete mode 100644 kubernetes/reddit/post-deployment.yml delete mode 100644 kubernetes/reddit/post-mongodb-service.yml delete mode 100644 kubernetes/reddit/post-service.yml delete mode 100644 kubernetes/reddit/ui-deployment.yml delete mode 100644 kubernetes/reddit/ui-ingress.yml delete mode 100644 kubernetes/reddit/ui-service.yml diff --git a/README.md b/README.md index 8a6fe64..af30f8d 100644 --- a/README.md +++ b/README.md @@ -476,3 +476,11 @@ yc compute disk create \ --size 4 \ --description "disk for k8s" ``` + +## Kubernetes-4 +### Что было сделано: +1. Установил и настроил helm +2. Написал helm чарты для компонентов приложения +3. Разобрался с управлением зависимостями в helm +4. Установил Gitlab в Kubernetes +5. Настроил CI и выстроил пайплайн diff --git a/gitlab-ci/.env.example b/gitlab-ci/.env.example deleted file mode 100644 index 1e19627..0000000 --- a/gitlab-ci/.env.example +++ /dev/null @@ -1 +0,0 @@ -VM_IP="62.84.127.187" diff --git a/gitlab-ci/.gitlab-ci.yml b/gitlab-ci/.gitlab-ci.yml deleted file mode 100644 index 375cc3b..0000000 --- a/gitlab-ci/.gitlab-ci.yml +++ /dev/null @@ -1,71 +0,0 @@ -image: ruby:2.4.2 - -stages: - - build - - test - - review - - stage - - production - -variables: - DATABASE_URL: 'mongodb://mongo/user_posts' - -before_script: - - cd reddit - - bundle install - -build_job: - stage: build - script: - - echo 'Building' - -test_unit_job: - stage: test - services: - - mongo:latest - script: - - ruby simpletest.rb - -test_integration_job: - stage: test - script: - - echo 'Testing 1' - -deploy_dev_job: - stage: review - script: - - echo 'Deploy' - environment: - name: dev - url: http://dev.example.com - -branch_review: - stage: review - script: echo "Deploy to $CI_ENVIRONMENT_SLUG" - environment: - name: branch/$CI_COMMIT_REF_NAME - url: http://$CI_ENVIRONMENT_SLUG.example.com - only: - - branches - except: - - master - -staging: - stage: stage - when: manual - only: - - /^\d+\.\d+\.\d+/ - script: - - echo 'Deploy' - environment: - name: stage - url: https://beta.example.com - -production: - stage: production - when: manual - script: - - echo 'Deploy' - environment: - name: production - url: http://example.com diff --git a/gitlab-ci/docker-compose.yml b/gitlab-ci/docker-compose.yml deleted file mode 100644 index 6c6dc50..0000000 --- a/gitlab-ci/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -web: - image: 'gitlab/gitlab-ce:latest' - restart: always - hostname: 'gitlab.example.com' - environment: - GITLAB_OMNIBUS_CONFIG: | - external_url 'http://' - ports: - - '80:80' - - '443:443' - - '2222:22' - volumes: - - '/srv/gitlab/config:/etc/gitlab' - - '/srv/gitlab/logs:/var/log/gitlab' - - '/srv/gitlab/data:/var/opt/gitlab' diff --git a/kubernetes/Charts/comment/Chart.yaml b/kubernetes/Charts/comment/Chart.yaml new file mode 100644 index 0000000..b4a661a --- /dev/null +++ b/kubernetes/Charts/comment/Chart.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v2 +appVersion: "1.0.0" +name: comment +version: 1.0.0 +description: OTUS reddit application COMMENT +maintainers: +- name: Baykanurov + email: vov_ef@mail.ru diff --git a/kubernetes/Charts/comment/templates/_helpers.tpl b/kubernetes/Charts/comment/templates/_helpers.tpl new file mode 100644 index 0000000..9b3d4c8 --- /dev/null +++ b/kubernetes/Charts/comment/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "comment.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} diff --git a/kubernetes/Charts/comment/templates/deployment.yaml b/kubernetes/Charts/comment/templates/deployment.yaml new file mode 100644 index 0000000..21d62f8 --- /dev/null +++ b/kubernetes/Charts/comment/templates/deployment.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "comment.fullname" . }} + labels: + app: reddit + component: comment + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: reddit + component: comment + release: {{ .Release.Name }} + template: + metadata: + name: comment + labels: + app: reddit + component: comment + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: comment + ports: + - containerPort: {{ .Values.service.internalPort }} + name: comment + protocol: TCP + env: + - name: COMMENT_DATABASE_HOST + value: {{ .Values.databaseHost | default (printf "%s-mongodb" .Release.Name) }} diff --git a/kubernetes/Charts/comment/templates/service.yaml b/kubernetes/Charts/comment/templates/service.yaml new file mode 100644 index 0000000..105b8bc --- /dev/null +++ b/kubernetes/Charts/comment/templates/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "comment.fullname" . }} + labels: + app: reddit + component: comment + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: {{ .Values.service.internalPort }} + selector: + app: reddit + component: comment + release: {{ .Release.Name }} diff --git a/kubernetes/Charts/comment/values.yaml b/kubernetes/Charts/comment/values.yaml new file mode 100644 index 0000000..eee4a68 --- /dev/null +++ b/kubernetes/Charts/comment/values.yaml @@ -0,0 +1,10 @@ +--- +service: + internalPort: 9292 + externalPort: 9292 + +image: + repository: baykanurov/comment + tag: latest + +databaseHost: diff --git a/kubernetes/Charts/gitlab-ci/.gitlab-ci-comment.yml b/kubernetes/Charts/gitlab-ci/.gitlab-ci-comment.yml new file mode 100644 index 0000000..3ebbdcc --- /dev/null +++ b/kubernetes/Charts/gitlab-ci/.gitlab-ci-comment.yml @@ -0,0 +1,228 @@ +--- +image: alpine:latest + +stages: + - build + - test + - review + - release + - cleanup + - deploy_trigger + +build: + stage: build + image: docker:git + services: + - docker:18.09.7-dind + script: + - setup_docker + - build + variables: + DOCKER_DRIVER: overlay2 + only: + - branches + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:18.09.7-dind + script: + - setup_docker + - release + only: + - master + +review: + stage: review + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + on_stop: stop_review + only: + refs: + - branches + kubernetes: active + except: + - master + +stop_review: + stage: cleanup + variables: + GIT_STRATEGY: none + script: + - install_dependencies + - delete + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + action: stop + when: manual + allow_failure: true + only: + refs: + - branches + kubernetes: active + except: + - master + +deploy_trigger: + stage: deploy_trigger + script: + - apk add curl + - "curl -X POST -F token=$CI_DEPLOY_TOKEN -F ref=master http://gitlab-gitlab/api/v4/projects/1/trigger/pipeline" + only: + refs: + - master + kubernetes: active + +.auto_devops: &auto_devops | + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + + if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + + echo "Clone deploy repository..." + git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + + echo "Download helm dependencies......." + helm dep update reddit-deploy/reddit + + echo "Deploy helm release $name to $KUBE_NAMESPACE" + + echo "end helm tiller" + helm tiller run -- helm upgrade \ + --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag=$CI_APPLICATION_TAG \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + echo "end helm tiller" + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + export PATH=${PATH}:$HOME/gsutil + + curl https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar zx + + mv linux-amd64/helm /usr/bin/ + helm version --client + + curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + chmod a+x /usr/bin/sync-repo.sh + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.19.15/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function setup_docker() { + if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + } + + function ensure_namespace() { + kubectl version + kubectl config get-contexts + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function release() { + + echo "Updating docker images ...." + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + echo "" + } + + function build() { + + echo "Building Dockerfile-based application..." + echo `git show --format="%h" HEAD | head -1` > build_info.txt + echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + echo "Pushing to GitLab Container Registry..." + docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + echo "" + } + + function install_tiller() { + echo "Insall tiller plugin..." + + helm init --client-only --skip-refresh + helm repo rm stable + helm repo add stable https://charts.helm.sh/stable + helm plugin install https://github.com/yar2dev/helm-tiller + echo step_1 $TILLER_NAMESPACE + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + echo step_2 + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + + function delete() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + helm delete "$name" --purge || true + } + + + +before_script: + - *auto_devops diff --git a/kubernetes/Charts/gitlab-ci/.gitlab-ci-post.yml b/kubernetes/Charts/gitlab-ci/.gitlab-ci-post.yml new file mode 100644 index 0000000..69698e4 --- /dev/null +++ b/kubernetes/Charts/gitlab-ci/.gitlab-ci-post.yml @@ -0,0 +1,223 @@ +--- +image: alpine:latest + + +stages: + - build + - test + - review + - release + - cleanup + - deploy_trigger + + +build: + stage: build + image: docker:git + services: + - docker:18.09.7-dind + script: + - setup_docker + - build + variables: + DOCKER_DRIVER: overlay2 + only: + - branches + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:18.09.7-dind + script: + - setup_docker + - release + only: + - master + + +review: + stage: review + script: + - install_dependencies + - ensure_namespace + - deploy + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + on_stop: stop_review + only: + refs: + - branches + kubernetes: active + except: + - master + +stop_review: + stage: cleanup + variables: + GIT_STRATEGY: none + script: + - install_dependencies + - delete + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + action: stop + when: manual + allow_failure: true + only: + refs: + - branches + kubernetes: active + except: + - master + +deploy_trigger: + stage: deploy_trigger + script: + - apk add curl + - "curl -X POST -F token=$CI_DEPLOY_TOKEN -F ref=master http://gitlab-gitlab/api/v4/projects/1/trigger/pipeline" + only: + refs: + - master + kubernetes: active + +.auto_devops: &auto_devops | + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + + if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + + echo "Clone deploy repository..." + git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + + echo "Download helm dependencies......." + helm dep update reddit-deploy/reddit + + echo "Deploy helm release $name to $KUBE_NAMESPACE" + helm upgrade --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag=$CI_APPLICATION_TAG \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + export PATH=${PATH}:$HOME/gsutil + + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + helm version --client + + curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + chmod a+x /usr/bin/sync-repo.sh + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.19.15/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function setup_docker() { + if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + } + + function ensure_namespace() { + kubectl version + kubectl config get-contexts + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function release() { + + echo "Updating docker images ...." + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + echo "" + } + + function build() { + + echo "Building Dockerfile-based application..." + echo `git show --format="%h" HEAD | head -1` > build_info.txt + echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + echo "Pushing to GitLab Container Registry..." + docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + echo "" + } + + function install_tiller() { + echo "Checking Tiller..." + + + echo step_1 $TILLER_NAMESPACE + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + echo step_2 + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + + function delete() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + helm delete "$name" --purge || true + } + + + +before_script: + - *auto_devops diff --git a/kubernetes/Charts/gitlab-ci/.gitlab-ci-reddit.yml b/kubernetes/Charts/gitlab-ci/.gitlab-ci-reddit.yml new file mode 100644 index 0000000..4e0498c --- /dev/null +++ b/kubernetes/Charts/gitlab-ci/.gitlab-ci-reddit.yml @@ -0,0 +1,135 @@ +--- +image: alpine:latest + +variables: + GITLAB_HOST: gitlab.com + CI_REGISTRY: "index.docker.io" + CI_APPLICATION_REPOSITORY: $CI_REGISTRY/$CI_PROJECT_PATH + CI_APPLICATION_TAG: $CI_COMMIT_REF_SLUG + CI_CONTAINER_NAME: ci_job_build_${CI_JOB_ID} + TILLER_NAMESPACE: "kube-system" + +stages: + - test + - staging + - production + +test: + stage: test + script: + - exit 0 + only: + - triggers + - branches + +staging: + stage: staging + variables: + KUBE_NAMESPACE: staging + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + name: $CI_ENVIRONMENT_SLUG + environment: + name: staging + url: http://staging + + before_script: + - apk add -U openssl curl tar gzip bash ca-certificates git + - wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + - wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + - apk add glibc-2.23-r3.apk + - curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + - export PATH=${PATH}:$HOME/gsutil + - curl https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar zx + - mv linux-amd64/helm /usr/bin/ + - helm version --client + - curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + - chmod a+x /usr/bin/sync-repo.sh + - curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x /usr/bin/kubectl + - kubectl version --client + - kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + - echo "Checking Tiller..." + - helm init --upgrade + - kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + - if ! helm version --debug; then + echo "Failed to init Tiller." + exit 1 + fi + script: + - export track="${1-stable}" + - if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + - echo "Clone deploy repository..." + - git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + - echo "Download helm dependencies..." + - helm dep update reddit-deploy/reddit + - echo "Deploy helm release $name to $KUBE_NAMESPACE" + - echo "Upgrading existing release..." + - echo "helm upgrade --install --wait --set ui.ingress.host="$host" --set $CI_PROJECT_NAME.image.tag="$CI_APPLICATION_TAG" --namespace="$KUBE_NAMESPACE" --version="$CI_PIPELINE_ID-$CI_JOB_ID" "$name" reddit-deploy/reddit/" + - helm upgrade \ + --install \ + --force \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag="$CI_APPLICATION_TAG" \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit + only: + refs: + - master + kubernetes: active + except: + - triggers + +production: + stage: production + + variables: + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + name: $CI_ENVIRONMENT_SLUG + environment: + name: production + url: http://production + script: + - apk add -U openssl curl tar gzip bash ca-certificates git + - wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + - wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + - apk add glibc-2.23-r3.apk + - rm glibc-2.23-r3.apk + - curl https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar zx + - mv linux-amd64/helm /usr/bin/ + - helm version --client + - curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x /usr/bin/kubectl + - kubectl version --client + - kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + - echo "Checking Tiller..." + - helm init --client-only --skip-refresh + - helm repo rm stable + - helm repo add stable https://charts.helm.sh/stable + - kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + - if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + - echo "" + - helm upgrade --install + --wait + --force + --set ui.ingress.host="$host" + --set $CI_PROJECT_NAME.image.tag="$CI_APPLICATION_TAG" + --namespace="$KUBE_NAMESPACE" + --version="$CI_PIPELINE_ID-$CI_JOB_ID" + "$name" + reddit + + except: + - pushes + + only: + refs: + - master + kubernetes: active diff --git a/kubernetes/Charts/gitlab-ci/.gitlab-ci-ui.yml b/kubernetes/Charts/gitlab-ci/.gitlab-ci-ui.yml new file mode 100644 index 0000000..d95f9a8 --- /dev/null +++ b/kubernetes/Charts/gitlab-ci/.gitlab-ci-ui.yml @@ -0,0 +1,183 @@ +--- +image: alpine:latest + +variables: + GITLAB_HOST: gitlab.com + CI_REGISTRY: "index.docker.io" + CI_APPLICATION_REPOSITORY: $CI_REGISTRY/$CI_PROJECT_PATH + CI_APPLICATION_TAG: $CI_COMMIT_REF_SLUG + CI_CONTAINER_NAME: ci_job_build_${CI_JOB_ID} + TILLER_NAMESPACE: "kube-system" + +stages: + - build + - test + - review + - release + - cleanup + - deploy_trigger + +build: + stage: build + only: + - branches + image: docker:git + services: + - docker:18.09.7-dind + variables: + DOCKER_DRIVER: overlay2 + before_script: + - if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + script: + - echo "Building Dockerfile-based application..." + - echo `git show --format="%h" HEAD | head -1` > build_info.txt + - echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + - docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + - if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials...for build" + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + fi + - echo "Pushing to GitLab Container Registry..." + - docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:18.09.7-dind + before_script: + - if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + script: + - echo "Updating docker images ..." + - if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials for release..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + fi + - docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + - docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + - docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + - docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:latest" + - docker push "$CI_APPLICATION_REPOSITORY:latest" + only: + - master + +review: + stage: review + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + name: $CI_ENVIRONMENT_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + on_stop: stop_review + only: + refs: + - branches + kubernetes: active + except: + - master + before_script: + - apk add -U openssl curl tar gzip bash ca-certificates git + - wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + - wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + - apk add glibc-2.23-r3.apk + - curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + - export PATH=${PATH}:$HOME/gsutil + - curl https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar zx + - mv linux-amd64/helm /usr/bin/ + - helm version --client + - curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + - chmod a+x /usr/bin/sync-repo.sh + - curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x /usr/bin/kubectl + - kubectl version --client + - kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + - echo "Checking Tiller..." + - helm init --upgrade + - kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + - if ! helm version --debug; then + echo "Failed to init Tiller." + exit 1 + fi + script: + - export track="${1-stable}" + - if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + - echo "Clone deploy repository..." + - git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + - echo "Download helm dependencies..." + - helm dep update reddit-deploy/reddit + - echo "Deploy helm release $name to $KUBE_NAMESPACE" + - echo "Upgrading existing release..." + - echo "helm upgrade --install --wait --set ui.ingress.host="$host" --set $CI_PROJECT_NAME.image.tag="$CI_APPLICATION_TAG" --namespace="$KUBE_NAMESPACE" --version="$CI_PIPELINE_ID-$CI_JOB_ID" "$name" reddit-deploy/reddit/" + - helm upgrade \ + --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag="$CI_APPLICATION_TAG" \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + +stop_review: + stage: cleanup + variables: + GIT_STRATEGY: none + name: $CI_ENVIRONMENT_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + action: stop + when: manual + allow_failure: true + only: + refs: + - branches + kubernetes: active + except: + - master + before_script: + - apk add -U openssl curl tar gzip bash ca-certificates git + - wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + - wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + - apk add glibc-2.23-r3.apk + - curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + - export PATH=${PATH}:$HOME/gsutil + - curl https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar zx + - mv linux-amd64/helm /usr/bin/ + - helm version --client + - curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + - chmod a+x /usr/bin/sync-repo.sh + - curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x /usr/bin/kubectl + - kubectl version --client + script: + - helm delete "$name" --purge + +deploy_trigger: + stage: deploy_trigger + script: + - apk add curl + - "curl -X POST -F token=$CI_DEPLOY_TOKEN -F ref=master http://gitlab-gitlab/api/v4/projects/1/trigger/pipeline" + + only: + refs: + - master + kubernetes: active diff --git a/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml b/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml new file mode 100644 index 0000000..c0e9a6b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml @@ -0,0 +1,19 @@ +image: registry.gitlab.com/charts/alpine-helm + +stages: + - test + - release + +lint: + stage: test + script: + - helm lint . + except: + - master + +release-chart: + stage: release + script: + - curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + only: + - master diff --git a/kubernetes/Charts/gitlab-omnibus/.helmignore b/kubernetes/Charts/gitlab-omnibus/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md b/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md new file mode 100644 index 0000000..ed5f142 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md @@ -0,0 +1,11 @@ +**0.1.35** +> Upgrade note: +* Due to the change in default access mode, existing users will have to specify `ReadWriteMany` as the access mode. For example: +``` +gitlabDataAccessMode=ReadWriteMany +gitlabRegistryAccessMode=ReadWriteMany +gitlabConfigAccessMode=ReadWriteMany +``` + +* Sets the default access mode for `gitlab-storage`, `gitlab-registry-storage`, and `gitlab-config-storage` to be `ReadWriteOnce` to be compatible with Kubernetes 1.7.0+. +* The parameter name to configure the size of the `gitlab-storage` PVC has changed from `gitlabRailsStorageSize` to `gitlabDataStorageSize`. For backwards compatability, `gitlabRailsStorageSize` will still apply provided `gitlabDataStorageSize` is undefined. diff --git a/kubernetes/Charts/gitlab-omnibus/Chart.yaml b/kubernetes/Charts/gitlab-omnibus/Chart.yaml new file mode 100644 index 0000000..aefe028 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +deprecated: true +description: GitLab Omnibus all-in-one bundle +home: https://about.gitlab.com +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png +keywords: +- git +- ci +- cd +- deploy +- issue tracker +- code review +- wiki +maintainers: +- email: support@gitlab.com + name: GitLab Inc. +- name: Mark Pundsack +- name: Jason Plum +- name: DJ Mountney +- name: Joshua Lambert +name: gitlab-omnibus +sources: +- http://docs.gitlab.com/ce/install/kubernetes/ +- https://gitlab.com/charts/charts.gitlab.io +tillerVersion: '>=2.5.0' +version: 0.1.37 diff --git a/kubernetes/Charts/gitlab-omnibus/README.md b/kubernetes/Charts/gitlab-omnibus/README.md new file mode 100644 index 0000000..9c0562a --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/README.md @@ -0,0 +1,23 @@ +# DEPRECATION NOTICE + +This chart is **DEPRECATED**. + +### Replacement + +We have built a set of fully cloud native charts in [gitlab/gitlab](https://gitlab.com/charts/gitlab). +These new charts are designed from the ground up to be performant, flexible, scalable, and resilient. + +We _very strongly_ recommend transitioning, if you are currently using these charts. If you have +never used these charts, _do not now_. + +### Availability + +This project remains visible as an example of how to convert a full monolith application to Kubernetes capable. +[Monolith to Microservice: Pitchforks not included](https://youtu.be/rIUth_KrJdw?list=PLj6h78yzYM2PZf9eA7bhWnIh_mK1vyOfU) (video) +details the work done to break this monolithic container into component parts. + +# GitLab-Omnibus Helm Chart + +This chart is an easy way to get started with GitLab on Kubernetes. It includes everything needed to run GitLab, including: a Runner, Container Registry, automatic SSL, and an Ingress. + +For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_omnibus.html). diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml new file mode 100644 index 0000000..c0e9a6b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml @@ -0,0 +1,19 @@ +image: registry.gitlab.com/charts/alpine-helm + +stages: + - test + - release + +lint: + stage: test + script: + - helm lint . + except: + - master + +release-chart: + stage: release + script: + - curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + only: + - master diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml new file mode 100644 index 0000000..6c54279 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml @@ -0,0 +1,16 @@ +description: GitLab Runner +icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png +keywords: +- git +- ci +- deploy +maintainers: +- email: support@gitlab.com + name: GitLab Inc. +- email: dj@gitlab.com + name: DJ Mountney +name: gitlab-runner +sources: +- https://hub.docker.com/r/gitlab/gitlab-runner/ +- https://docs.gitlab.com/runner/ +version: 0.1.13 diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md new file mode 100644 index 0000000..46e848a --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md @@ -0,0 +1,3 @@ +# GitLab Runner Helm Chart + +This chart deploys a GitLab Runner instance into your Kubernetes cluster. For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_runner_chart.html). diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt new file mode 100644 index 0000000..af5a074 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt @@ -0,0 +1,27 @@ +{{- if include "gitlabUrl" . }} +{{- if or (default "" .Values.runnerRegistrationToken) (default "" .Values.runnerToken) }} +Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ template "gitlabUrl" . }} +{{- else -}} +############################################################################## +## WARNING: You did not specify an runnerRegistrationToken in your 'helm install' call. ## +############################################################################## + +This deployment will be incomplete until you provide the Registration Token for your +GitLab instance: + + helm upgrade {{ .Release.Name }} \ + --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ + stable/gitlab-runner +{{- end -}} +{{- else -}} +############################################################################## +## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ## +############################################################################## + +This deployment will be incomplete until you provide the URL that your +GitLab instance is reachable at: + + helm upgrade {{ .Release.Name }} \ + --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ + stable/gitlab-runner +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl new file mode 100644 index 0000000..4641b02 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl @@ -0,0 +1,26 @@ +{{- define "cache_s3" }} +- name: CACHE_TYPE + value: {{ default "" .Values.runners.cache.cacheType | quote }} +- name: S3_SERVER_ADDRESS + value: {{ default "" .Values.runners.cache.s3ServerAddress | quote }} +- name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3access + key: accessKey +- name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: s3access + key: secretKey +- name: S3_BUCKET_NAME + value: {{ default "" .Values.runners.cache.s3BucketName | quote }} +- name: S3_BUCKET_LOCATION + value: {{ default "" .Values.runners.cache.s3BucketLocation | quote }} +- name: S3_CACHE_INSECURE + value: {{ default "" .Values.runners.cache.s3CacheInsecure | quote }} +- name: S3_CACHE_PATH + value: {{ default "" .Values.runners.cache.s3CachePath | quote }} +- name: CACHE_SHARED + value: {{ default "" .Values.runners.cache.cacheShared | quote }} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl new file mode 100644 index 0000000..ec4c5bd --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Template for outputing the gitlabUrl +*/}} +{{- define "gitlabUrl" -}} +{{- .Values.gitlabUrl | quote -}} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml new file mode 100644 index 0000000..059f2d6 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + entrypoint: | + #!/bin/bash + + set -xe + + cp /scripts/config.toml /etc/gitlab-runner/ + + # Register the runner + /entrypoint register --non-interactive \ + --executor kubernetes \ + {{- range .Values.runners.imagePullSecrets }} + --kubernetes-image-pull-secrets {{ . | quote }} \ + {{- end }} + + # Start the runner + /entrypoint run --user=gitlab-runner \ + --working-directory=/home/gitlab-runner + config.toml: | + concurrent = {{ .Values.concurrent }} + check_interval = {{ .Values.checkInterval }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml new file mode 100644 index 0000000..30f69d6 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml @@ -0,0 +1,125 @@ +{{- if and (include "gitlabUrl" .) (or (default "" .Values.runnerRegistrationToken) (default "" .Values.runnerToken)) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + containers: + - name: {{ template "fullname" . }} + image: {{ .Values.image }} + {{- if and .Values.unregisterRunners .Values.runnerRegistrationToken }} + lifecycle: + preStop: + exec: + command: ["gitlab-runner", "unregister", "--all-runners"] + {{- end }} + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + command: ["/bin/bash", "/scripts/entrypoint"] + env: + - name: CI_SERVER_URL + value: {{ template "gitlabUrl" . }} + - name: CI_SERVER_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }} + key: runner-token + - name: REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }} + key: runner-registration-token + - name: KUBERNETES_IMAGE + value: {{ .Values.runners.image | quote }} + {{ if .Values.runners.privileged }} + - name: KUBERNETES_PRIVILEGED + value: "true" + {{ end }} + - name: KUBERNETES_NAMESPACE + value: {{ default .Release.Namespace .Values.runners.namespace | quote }} + - name: KUBERNETES_CPU_LIMIT + value: {{ default "" .Values.runners.builds.cpuLimit | quote }} + - name: KUBERNETES_MEMORY_LIMIT + value: {{ default "" .Values.runners.builds.memoryLimit | quote }} + - name: KUBERNETES_CPU_REQUEST + value: {{ default "" .Values.runners.builds.cpuRequests | quote }} + - name: KUBERNETES_MEMORY_REQUEST + value: {{ default "" .Values.runners.builds.memoryRequests| quote }} + - name: KUBERNETES_SERVICE_CPU_LIMIT + value: {{ default "" .Values.runners.services.cpuLimit | quote }} + - name: KUBERNETES_SERVICE_MEMORY_LIMIT + value: {{ default "" .Values.runners.services.memoryLimit | quote }} + - name: KUBERNETES_SERVICE_CPU_REQUEST + value: {{ default "" .Values.runners.services.cpuRequests | quote }} + - name: KUBERNETES_SERVICE_MEMORY_REQUEST + value: {{ default "" .Values.runners.services.memoryRequests | quote }} + - name: KUBERNETES_HELPERS_CPU_LIMIT + value: {{ default "" .Values.runners.helpers.cpuLimit | quote }} + - name: KUBERNETES_HELPERS_MEMORY_LIMIT + value: {{ default "" .Values.runners.helpers.memoryLimit | quote }} + - name: KUBERNETES_HELPERS_CPU_REQUEST + value: {{ default "" .Values.runners.helpers.cpuRequests | quote }} + - name: KUBERNETES_HELPERS_MEMORY_REQUEST + value: {{ default "" .Values.runners.helpers.memoryRequests | quote }} + {{- if .Values.runners.cache -}} + {{ include "cache_s3" . | indent 8 }} + {{- end }} + livenessProbe: + exec: + command: ["/usr/bin/pgrep","gitlab.*runner"] + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: ["/usr/bin/pgrep","gitlab.*runner"] + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: scripts + mountPath: /scripts + {{- if .Values.certsSecretName }} + - name: custom-certs + readOnly: true + mountPath: /etc/gitlab-runner/certs/ + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + volumes: + {{ if .Values.runners.privileged }} + - name: var-run-docker-sock + hostPath: + path: /var/run/docker.sock + {{ end }} + {{- if .Values.certsSecretName }} + - name: custom-certs + secret: + secretName: {{ .Values.certsSecretName }} + {{- end }} + - name: scripts + configMap: + name: {{ template "fullname" . }} +{{ else }} +{{ end }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml new file mode 100644 index 0000000..c1044eb --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRoleBinding"{{ else }}"RoleBinding"{{ end }} +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} + name: {{ template "fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: "{{ .Release.Namespace }}" +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml new file mode 100644 index 0000000..ecb0ba2 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["*"] + verbs: ["*"] +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml new file mode 100644 index 0000000..de1adec --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }} + runner-token: {{ default "" .Values.runnerToken | b64enc | quote }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml new file mode 100644 index 0000000..1d049fd --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml new file mode 100644 index 0000000..ae845c2 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml @@ -0,0 +1,144 @@ +## GitLab Runner Image +## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/ +## +image: gitlab/gitlab-runner:alpine-v10.3.0 + +## Specify a imagePullPolicy +## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +# imagePullPolicy: + +## The GitLab Server URL (with protocol) that want to register the runner against +## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register +## +# gitlabUrl: http://gitlab.your-domain.com/ + +## The Registration Token for adding new Runners to the GitLab Server. This must +## be retreived from your GitLab Instance. +## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner +## +# runnerRegistrationToken: "" + +## The Runner Token for adding new Runners to the GitLab Server. This must +## be retreived from your GitLab Instance. It is token of already registered runner. +## ref: (we don't yet have docs for that, but we want to use existing token) +## +# runnerToken: "" + +## Unregister all runners before termination +## +## Updating the runner's chart version or configuration will cause the runner container +## to be terminated and created again. This may cause your Gitlab instance to reference +## non-existant runners. Un-registering the runner before termination mitigates this issue. +## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister +## +unregisterRunners: true + +## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use +## Provide resource name for a Kubernetes Secret Object in the same namespace, +## this is used to populate the /etc/gitlab-runner/certs directory +## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates +## +# certsSecretName: + +## Configure the maximum number of concurrent jobs +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +concurrent: 10 + +## Defines in seconds how often to check GitLab for a new builds +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +checkInterval: 30 + +## For RBAC support: +rbac: + create: true + + ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs + ## cluster-wide or only within namespace + clusterWideAccess: true + + ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create) + ## + # serviceAccountName: default + +## Configuration for the Pods that that the runner launches for each new job +## +runners: + ## Default container image to use for builds when none is specified + ## + image: ubuntu:16.04 + + ## Specify one or more imagePullSecrets + ## + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # imagePullSecrets: [] + + ## Run all containers with the privileged flag enabled + ## This will allow the docker:dind image to run if you need to run Docker + ## commands. Please read the docs before turning this on: + ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind + ## + privileged: false + + ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release) + ## + # namespace: + + ## Distributed runners caching + ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching + ## + ## Create a secret 's3access' containing 'accessKey' & 'secretKey' + ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ + ## + ## $ kubectl create secret generic s3access --\ + ## --from-literal=accessKey="YourAccessKey" \ + ## --from-literal=secretKey="YourSecretKey" + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + ## + cache: {} + # cacheType: s3 + # s3ServerAddress: s3.amazonaws.com + # s3BucketName: + # s3BucketLocation: + # s3CacheInsecure: false + # s3CachePath: "gitlab_runner" + # cacheShared: true + + ## Build Container specific configuration + ## + builds: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Service Container specific configuration + ## + services: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Helper Container specific configuration + ## + helpers: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} + # limits: + # memory: 256Mi + # cpu: 200m + # requests: + # memory: 128Mi + # cpu: 100m diff --git a/kubernetes/Charts/gitlab-omnibus/requirements.lock b/kubernetes/Charts/gitlab-omnibus/requirements.lock new file mode 100644 index 0000000..25863e0 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.1.13 +digest: sha256:603f6c21e8f8c0f523f830d3cff6612b6fb75513d5fb77d92a5abb1bcdd3cd02 +generated: "2022-08-09T00:25:11.909676505+03:00" diff --git a/kubernetes/Charts/gitlab-omnibus/requirements.yaml b/kubernetes/Charts/gitlab-omnibus/requirements.yaml new file mode 100644 index 0000000..a13ac14 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: gitlab-runner + version: 0.1.13 + repository: https://charts.gitlab.io/ diff --git a/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt b/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt new file mode 100644 index 0000000..410e5fc --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt @@ -0,0 +1,28 @@ +{{- if and (default "" .Values.baseDomain) (default "" .Values.legoEmail) }} + It may take several minutes for GitLab to reconfigure. + You can watch the status by running `kubectl get deployment -w {{ template "fullname" . }} --namespace {{ .Release.Namespace }} + + {{- if .Values.baseIP }} + Make sure to configure DNS with something like: + *.{{ .Values.baseDomain }} 300 IN A {{ .Values.baseIP }} + {{- else }} + You did not specify a baseIP so one will be assigned for you. + It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc -w --namespace nginx-ingress nginx', then: + + export SERVICE_IP=$(kubectl get svc --namespace nginx-ingress nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + + Then make sure to configure DNS with something like: + *.{{ .Values.baseDomain }} 300 IN A $SERVICE_IP + {{- end }} +{{- else }} +#################################################################################################### +## WARNING: You did not specify an baseDomain, gitlab-runner.gitlabUrl, and legoEmail in your 'helm install' call. ## +#################################################################################################### + +This deployment will be incomplete until you provide these variables: + +$ helm upgrade {{ .Release.Name }} \ + --set baseDomain=example.com,gitlab-runner.gitlabUrl=https://gitlab.example.com,legoEmail=you@example.com \ + gitlab/kubernetes-gitlab-demo +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl b/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl new file mode 100644 index 0000000..5dfb005 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified postgresql name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- $appName := (include "fullname" .) | trunc 54 | trimSuffix "-" -}} +{{- printf "%s-%s" $appName "postgresql" -}} +{{- end -}} + +{{/* +Create a default fully qualified redis name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redis.fullname" -}} +{{- $appName := (include "fullname" .) | trunc 57 | trimSuffix "-" -}} +{{- printf "%s-%s" $appName "redis" -}} +{{- end -}} + +{{/* +Template for outputing the gitlabUrl +*/}} +{{- define "gitlabUrl" -}} +{{- if .Values.gitlabUrl -}} +{{- .Values.gitlabUrl | quote -}} +{{- else -}} +{{- printf "http://%s-gitlab.%s:8005/" .Release.Name .Release.Namespace | quote -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml new file mode 100644 index 0000000..68154bd --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml @@ -0,0 +1,20 @@ +{{- if (eq .Values.provider "gke") }} +kind: StorageClass +apiVersion: {{ if .Capabilities.APIVersions.Has "storage.k8s.io/v1" }}storage.k8s.io/v1{{ else }}storage.k8s.io/v1beta1{{ end }} +metadata: + name: {{ template "fullname" . }}-fast + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + storageclass.beta.kubernetes.io/is-default-class: "false" + labels: + kubernetes.io/cluster-service: "true" +{{- if eq .Values.provider "gke" }} +provisioner: disk-csi-driver.mks.ycloud.io +parameters: + type: network-hdd +{{- end }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml new file mode 100644 index 0000000..57f5c93 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-config + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + external_scheme: http + external_hostname: {{ template "fullname" . }} + registry_external_scheme: https + registry_external_hostname: registry.{{ .Values.baseDomain }} + mattermost_external_scheme: https + mattermost_external_hostname: mattermost.{{ .Values.baseDomain }} + mattermost_app_uid: {{ .Values.mattermostAppUID }} + postgres_user: gitlab + postgres_db: gitlab_production +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }}-secrets + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + postgres_password: {{ .Values.postgresPassword }} + initial_shared_runners_registration_token: {{ default "" .Values.initialSharedRunnersRegistrationToken | b64enc | quote }} + mattermost_app_secret: {{ .Values.mattermostAppSecret | b64enc | quote }} +{{- if .Values.gitlabEELicense }} + gitlab_ee_license: {{ .Values.gitlabEELicense | b64enc | quote }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml new file mode 100644 index 0000000..1ec6c38 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-config-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabConfigStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabConfigStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabConfigAccessMode | quote }} + resources: + requests: + storage: {{ default "1Gi" .Values.gitlabConfigStorageSize }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml new file mode 100644 index 0000000..7957e70 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml @@ -0,0 +1,249 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + name: {{ template "fullname" . }} + spec: + containers: + - name: gitlab + {{- if eq .Values.gitlab "ee" }} + image: {{ .Values.gitlabEEImage }} + {{- else }} + image: {{ .Values.gitlabCEImage }} + {{- end }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash", "-c", + "sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && echo 'gitlab-omnibus-helm-chart' > /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE && exec /assets/wrapper"] + env: + - name: GITLAB_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: external_scheme + - name: GITLAB_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: external_hostname + - name: GITLAB_REGISTRY_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: registry_external_scheme + - name: GITLAB_REGISTRY_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: registry_external_hostname + - name: GITLAB_MATTERMOST_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_external_scheme + - name: GITLAB_MATTERMOST_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_external_hostname + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: postgres_password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_db + - name: GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: initial_shared_runners_registration_token + - name: MATTERMOST_APP_UID + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_app_uid + - name: MATTERMOST_APP_SECRET + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: mattermost_app_secret + {{- if .Values.gitlabEELicense }} + - name: GITLAB_EE_LICENSE + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: gitlab_ee_license + {{- end }} + {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} + - name: PAGES_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: pages_external_scheme + - name: PAGES_EXTERNAL_DOMAIN + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: pages_external_domain + {{- end }} + - name: GITLAB_OMNIBUS_CONFIG + value: | + external_url "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}" + registry_external_url "#{ENV['GITLAB_REGISTRY_EXTERNAL_SCHEME']}://#{ENV['GITLAB_REGISTRY_EXTERNAL_HOSTNAME']}" + mattermost_external_url "#{ENV['GITLAB_MATTERMOST_EXTERNAL_SCHEME']}://#{ENV['GITLAB_MATTERMOST_EXTERNAL_HOSTNAME']}" + + gitlab_rails['initial_shared_runners_registration_token'] = ENV['GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN'] + + nginx['enable'] = false + registry_nginx['enable'] = false + mattermost_nginx['enable'] = false + + gitlab_workhorse['listen_network'] = 'tcp' + gitlab_workhorse['listen_addr'] = '0.0.0.0:8005' + + mattermost['service_address'] = '0.0.0.0' + mattermost['service_port'] = '8065' + + registry['registry_http_addr'] = '0.0.0.0:8105' + + postgresql['enable'] = false + gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}' + gitlab_rails['db_password'] = ENV['POSTGRES_PASSWORD'] + gitlab_rails['db_username'] = ENV['POSTGRES_USER'] + gitlab_rails['db_database'] = ENV['POSTGRES_DB'] + + redis['enable'] = false + gitlab_rails['redis_host'] = '{{ template "redis.fullname" . }}' + + mattermost['file_directory'] = '/gitlab-data/mattermost'; + mattermost['sql_driver_name'] = 'postgres'; + mattermost['sql_data_source'] = "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=mattermost_production password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable"; + mattermost['gitlab_enable'] = true; + mattermost['gitlab_secret'] = ENV['MATTERMOST_APP_SECRET']; + mattermost['gitlab_id'] = ENV['MATTERMOST_APP_UID']; + mattermost['gitlab_scope'] = ''; + mattermost['gitlab_auth_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/authorize"; + mattermost['gitlab_token_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/token"; + mattermost['gitlab_user_api_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/api/v4/user" + + manage_accounts['enable'] = true + manage_storage_directories['manage_etc'] = false + + if ENV['PAGES_EXTERNAL_SCHEME'] && ENV['PAGES_EXTERNAL_DOMAIN'] + pages_external_url "#{ENV['PAGES_EXTERNAL_SCHEME']}://#{ENV['PAGES_EXTERNAL_DOMAIN']}/" + gitlab_pages['enable'] = true + gitlab_pages['listen_proxy'] = "0.0.0.0:8090" + end + + gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys' + git_data_dirs({ "default" => { "path" => "/gitlab-data/git-data" } }) + gitlab_rails['shared_path'] = '/gitlab-data/shared' + gitlab_rails['uploads_directory'] = '/gitlab-data/uploads' + gitlab_ci['builds_directory'] = '/gitlab-data/builds' + gitlab_rails['registry_path'] = '/gitlab-registry' + gitlab_rails['trusted_proxies'] = ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"] + + prometheus['listen_address'] = '0.0.0.0:9090' + postgres_exporter['enable'] = true + postgres_exporter['env'] = { + 'DATA_SOURCE_NAME' => "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=#{ENV['POSTGRES_DB']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable" + } + redis_exporter['enable'] = true + redis_exporter['flags'] = { + 'redis.addr' => "{{ template "redis.fullname" . }}:6379", + } + +{{ .Values.omnibusConfigRuby | default "" | indent 12 }} + - name: GITLAB_POST_RECONFIGURE_CODE + value: | + include Gitlab::CurrentSettings + + Doorkeeper::Application.where(uid: ENV["MATTERMOST_APP_UID"]).first_or_create( + name: "GitLab Mattermost", + secret: ENV["MATTERMOST_APP_SECRET"], + redirect_uri: "#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/signup/gitlab/complete\r\n#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/login/gitlab/complete") + + PrometheusService.where(template: true).first_or_create( + active: true, api_url: "http://localhost:9090") + + KubernetesService.where(template: true).first_or_create( + active: true, + api_url: "https://#{ENV["KUBERNETES_SERVICE_HOST"]}:#{ENV["KUBERNETES_SERVICE_PORT"]}", + token: File.read("/var/run/secrets/kubernetes.io/serviceaccount/token"), + ca_pem: File.read("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")) + + Gitlab::CurrentSettings.current_application_settings.update_attribute(:health_check_access_token, '{{.Values.healthCheckToken}}') + + {{- if .Values.gitlabEELicense }} + License.first_or_create(data: "#{ENV["GITLAB_EE_LICENSE"]}") + {{- end }} + - name: GITLAB_POST_RECONFIGURE_SCRIPT + value: | + /opt/gitlab/bin/gitlab-rails runner -e production "$GITLAB_POST_RECONFIGURE_CODE" + ports: + - name: registry + containerPort: 8105 + - name: mattermost + containerPort: 8065 + - name: workhorse + containerPort: 8005 + - name: ssh + containerPort: 22 + - name: prometheus + containerPort: 9090 + {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} + - name: pages + containerPort: 8090 + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/gitlab + - name: data + mountPath: /gitlab-data + subPath: gitlab-data + - name: registry + mountPath: /gitlab-registry + livenessProbe: + httpGet: + path: /health_check?token={{.Values.healthCheckToken}} + port: 8005 + initialDelaySeconds: 180 + timeoutSeconds: 15 + readinessProbe: + httpGet: + path: /health_check?token={{.Values.healthCheckToken}} + port: 8005 + initialDelaySeconds: 15 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-storage + - name: registry + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-registry-storage + - name: config + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-config-storage diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml new file mode 100644 index 0000000..45fd8eb --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabDataStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabDataStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabDataAccessMode | quote }} + resources: + requests: + # Fallback to supporting older value: gitlabRailsStorageSize when the new one is not set + storage: {{ coalesce .Values.gitlabDataStorageSize .Values.gitlabRailsStorageSize "30Gi" }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-registry-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabRegistryStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabRegistryStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabRegistryAccessMode | quote }} + resources: + requests: + storage: {{ default "30Gi" .Values.gitlabRegistryStorageSize }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml new file mode 100644 index 0000000..a273157 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + name: {{ template "fullname" . }} + ports: + - name: ssh + port: 22 + targetPort: ssh + - name: mattermost + port: 8065 + targetPort: mattermost + - name: registry + port: 8105 + targetPort: registry + - name: workhorse + port: 8005 + targetPort: workhorse + - name: prometheus + port: 9090 + targetPort: prometheus + {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain}} + - name: pages + port: 8090 + targetPort: pages + {{- end }} + - name: web + port: 80 + targetPort: workhorse diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml new file mode 100644 index 0000000..a965a0e --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-initdb + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + 01_create_mattermost_production.sql: | + CREATE DATABASE mattermost_production WITH OWNER gitlab; diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml new file mode 100644 index 0000000..d7b103d --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + name: {{ template "postgresql.fullname" . }} + spec: + containers: + - name: postgresql + image: {{ .Values.postgresImage }} + imagePullPolicy: IfNotPresent + env: + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: postgres_password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_db + - name: DB_EXTENSION + value: pg_trgm + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - name: postgres + containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: data + subPath: postgres + - mountPath: /docker-entrypoint-initdb.d + name: initdb + readOnly: true + livenessProbe: + exec: + command: + - pg_isready + - -h + - localhost + - -U + - postgres + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - pg_isready + - -h + - localhost + - -U + - postgres + initialDelaySeconds: 5 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ if .Values.postgresDedicatedStorage }} {{ template "postgresql.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} + - name: initdb + configMap: + name: {{ template "postgresql.fullname" . }}-initdb diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml new file mode 100644 index 0000000..71ce994 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml @@ -0,0 +1,25 @@ +{{- if .Values.postgresDedicatedStorage }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "postgresql.fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.postgresStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.postgresStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.postgresAccessMode | quote }} + resources: + requests: + storage: {{ default "30Gi" .Values.postgresStorageSize }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml new file mode 100644 index 0000000..b9d3171 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + ports: + - name: postgres + port: 5432 + targetPort: postgres + selector: + name: {{ template "postgresql.fullname" . }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml new file mode 100644 index 0000000..13a32b1 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "redis.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + name: {{ template "redis.fullname" . }} + app: {{ template "fullname" . }} + spec: + containers: + - name: redis + image: {{ .Values.redisImage }} + imagePullPolicy: IfNotPresent + ports: + - name: redis + containerPort: 6379 + volumeMounts: + - mountPath: /var/lib/redis + name: data + subPath: redis + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 5 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ if .Values.redisDedicatedStorage }} {{ template "redis.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml new file mode 100644 index 0000000..6c1cbdc --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml @@ -0,0 +1,25 @@ +{{- if .Values.redisDedicatedStorage }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "redis.fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.redisStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.redisStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.redisAccessMode | quote }} + resources: + requests: + storage: {{ default "5Gi" .Values.redisStorageSize }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml new file mode 100644 index 0000000..a039c7d --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + name: {{ template "redis.fullname" . }} + ports: + - name: redis + port: 6379 + targetPort: redis diff --git a/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml new file mode 100644 index 0000000..0e71e58 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml @@ -0,0 +1,51 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + #kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: 'true' +spec: + tls: + - hosts: + - gitlab.{{ .Values.baseDomain }} + - registry.{{ .Values.baseDomain }} + - mattermost.{{ .Values.baseDomain }} + - prometheus.{{ .Values.baseDomain }} + secretName: gitlab-ingress + rules: + - host: {{ template "fullname" . }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8005 + - host: registry.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8105 + - host: mattermost.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8065 + - host: prometheus.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 9090 +--- diff --git a/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml new file mode 100644 index 0000000..d108fdf --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }}-pages + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + kubernetes.io/ingress.class: "nginx" +spec: + {{- if .Values.pagesTlsSecret }} + tls: + - hosts: + - "*.{{ .Values.pagesExternalDomain }}" + secretName: {{ .Values.pagesTlsSecret }} + {{- end }} + rules: + - host: "*.{{ .Values.pagesExternalDomain }}" + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8090 +{{- end }} +--- diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml new file mode 100644 index 0000000..be95521 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-lego diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml new file mode 100644 index 0000000..0b8c74e --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +metadata: + name: kube-lego + namespace: kube-lego +data: + # modify this to specify your address + lego.email: "{{ .Values.legoEmail }}" + # configure letencrypt's production api + lego.url: "https://acme-v01.api.letsencrypt.org/directory" +kind: ConfigMap diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml new file mode 100644 index 0000000..d96d5ae --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-lego + namespace: kube-lego +spec: + replicas: 1 + selector: + matchLabels: + app: kube-lego + template: + metadata: + labels: + app: kube-lego + spec: + containers: + - name: kube-lego + image: jetstack/kube-lego:0.1.6 + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: LEGO_EMAIL + valueFrom: + configMapKeyRef: + name: kube-lego + key: lego.email + - name: LEGO_URL + valueFrom: + configMapKeyRef: + name: kube-lego + key: lego.url + - name: LEGO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LEGO_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 1 diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml new file mode 100644 index 0000000..4b60fec --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-ingress diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml new file mode 100644 index 0000000..e85a70f --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + proxy-connect-timeout: "15" + proxy-read-timeout: "600" + proxy-send-timeout: "600" + hsts-include-subdomains: "false" + proxy-body-size: "1024m" + server-name-hash-bucket-size: "256" + enable-vts-status: "true" +kind: ConfigMap +metadata: + namespace: nginx-ingress + name: nginx diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml new file mode 100644 index 0000000..5a267f5 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: nginx + namespace: nginx-ingress +spec: + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + annotations: + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + spec: + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11 + name: nginx + imagePullPolicy: Always + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 80 + - containerPort: 443 + - containerPort: 22 + - containerPort: 18080 + - containerPort: 10254 + args: + - /nginx-ingress-controller + - --default-backend-service=nginx-ingress/default-http-backend + - --configmap=nginx-ingress/nginx + - --tcp-services-configmap=nginx-ingress/tcp-ports diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml new file mode 100644 index 0000000..d8519c0 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: default-http-backend + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: default-http-backend + template: + metadata: + labels: + app: default-http-backend + spec: + containers: + - name: default-http-backend + # Any image is permissable as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml new file mode 100644 index 0000000..d9db408 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: nginx-ingress +spec: + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + selector: + app: default-http-backend diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml new file mode 100644 index 0000000..69ea706 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: nginx-ingress +spec: + type: LoadBalancer +{{- if .Values.baseIP }} + loadBalancerIP: {{ .Values.baseIP }} +{{- end }} + ports: + - port: 80 + name: http + - port: 443 + name: https + - port: 22 + name: git + selector: + app: nginx +apiVersion: v1 diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml new file mode 100644 index 0000000..af26e5b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-ports + namespace: nginx-ingress +data: + 22: "{{ .Release.Namespace }}/{{ template "fullname" . }}:22" diff --git a/kubernetes/Charts/gitlab-omnibus/values.yaml b/kubernetes/Charts/gitlab-omnibus/values.yaml new file mode 100644 index 0000000..300cb0b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/values.yaml @@ -0,0 +1,110 @@ +# Default values for kubernetes-gitlab-demo. +# This is a YAML-formatted file. + +# Required variables + +# baseDomain is the top-most part of the domain. Subdomains will be generated +# for gitlab, mattermost, registry, and prometheus. +# Recommended to set up an A record on the DNS to *.your-domain.com to point to +# the baseIP + +baseDomain: gneginskiy.site + +# legoEmail is a valid email address used by Let's Encrypt. It does not have to +# be at the baseDomain. +legoEmail: gneginskiy@mail.ru + +# Optional variables +# baseIP is an externally provisioned static IP address to use instead of the provisioned one. +#baseIP: 1.1.1.1 +nameOverride: gitlab +# `ce` or `ee` +gitlab: ce +gitlabCEImage: gitlab/gitlab-ce:10.6.2-ce.0 +gitlabEEImage: gitlab/gitlab-ee:10.6.2-ee.0 +postgresPassword: NDl1ZjNtenMxcWR6NXZnbw== +initialSharedRunnersRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" +mattermostAppSecret: NDl1ZjNtenMxcWR6NXZnbw== +mattermostAppUID: aadas +redisImage: redis:3.2.10 +redisDedicatedStorage: true +#redisStorageSize: 5Gi +redisAccessMode: ReadWriteOnce +postgresImage: postgres:9.6.5 +# If you disable postgresDedicatedStorage, you should consider bumping up gitlabRailsStorageSize +postgresDedicatedStorage: true +postgresAccessMode: ReadWriteOnce +#postgresStorageSize: 30Gi +gitlabDataAccessMode: ReadWriteOnce +#gitlabDataStorageSize: 30Gi +gitlabRegistryAccessMode: ReadWriteOnce +#gitlabRegistryStorageSize: 30Gi +gitlabConfigAccessMode: ReadWriteOnce +#gitlabConfigStorageSize: 1Gi +gitlabRunnerImage: gitlab/gitlab-runner:alpine-v10.6.0 +# Valid values for provider are `gke` for Google Container Engine. Leaving it blank (or any othervalue) will disable fast disk options. +provider: gke + +# Gitlab pages +# The following 3 lines are needed to enable gitlab pages. +# pagesExternalScheme: http +# pagesExternalDomain: your-pages-domain.com +# pagesTlsSecret: gitlab-pages-tls # An optional reference to a tls secret to use in pages + +## Storage Class Options +## If defined, volume.beta.kubernetes.io/storage-class: +## If not defined, but provider is gke, will use SSDs +## Otherwise default: volume.alpha.kubernetes.io/storage-class: default +#gitlabConfigStorageClass: default +#gitlabDataStorageClass: default +#gitlabRegistryStorageClass: default +#postgresStorageClass: default +#redisStorageClass: default + +healthCheckToken: 'SXBAQichEJasbtDSygrD' +# Optional, for GitLab EE images only +#gitlabEELicense: base64-encoded-license + +# Additional omnibus configuration, +# see https://docs.gitlab.com/omnibus/settings/configuration.html +# for possible configuration options +#omnibusConfigRuby: | +# gitlab_rails['smtp_enable'] = true +# gitlab_rails['smtp_address'] = "smtp.example.org" + +gitlab-runner: + checkInterval: 1 + # runnerRegistrationToken must equal initialSharedRunnersRegistrationToken + runnerRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" + # resources: + # limits: + # memory: 500Mi + # cpu: 600m + # requests: + # memory: 500Mi + # cpu: 600m + runners: + privileged: true + ## Build Container specific configuration + ## + # builds: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Service Container specific configuration + ## + # services: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Helper Container specific configuration + ## + # helpers: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi diff --git a/kubernetes/Charts/post/Chart.yaml b/kubernetes/Charts/post/Chart.yaml new file mode 100644 index 0000000..174bbf7 --- /dev/null +++ b/kubernetes/Charts/post/Chart.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v2 +appVersion: "1.0.0" +name: post +version: 1.0.0 +description: OTUS reddit application POST +maintainers: +- name: Baykanurov + email: vov_ef@mail.ru diff --git a/kubernetes/Charts/post/templates/_helpers.tpl b/kubernetes/Charts/post/templates/_helpers.tpl new file mode 100644 index 0000000..1a9a062 --- /dev/null +++ b/kubernetes/Charts/post/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "post.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} diff --git a/kubernetes/Charts/post/templates/deployment.yaml b/kubernetes/Charts/post/templates/deployment.yaml new file mode 100644 index 0000000..69601b7 --- /dev/null +++ b/kubernetes/Charts/post/templates/deployment.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: post + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: reddit + component: post + release: {{ .Release.Name }} + template: + metadata: + name: post + labels: + app: reddit + component: post + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: post + ports: + - containerPort: {{ .Values.service.internalPort }} + name: post + protocol: TCP + env: + - name: POST_DATABASE_HOST + value: {{ .Values.databaseHost | default (printf "%s-mongodb" .Release.Name) }} diff --git a/kubernetes/Charts/post/templates/service.yaml b/kubernetes/Charts/post/templates/service.yaml new file mode 100644 index 0000000..06c89d9 --- /dev/null +++ b/kubernetes/Charts/post/templates/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: post + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: {{ .Values.service.internalPort }} + selector: + app: reddit + component: post + release: {{ .Release.Name }} diff --git a/kubernetes/Charts/post/values.yaml b/kubernetes/Charts/post/values.yaml new file mode 100644 index 0000000..87be5be --- /dev/null +++ b/kubernetes/Charts/post/values.yaml @@ -0,0 +1,10 @@ +--- +service: + internalPort: 5000 + externalPort: 5000 + +image: + repository: baykanurov/post + tag: latest + +databaseHost: diff --git a/kubernetes/Charts/reddit/Chart.yaml b/kubernetes/Charts/reddit/Chart.yaml new file mode 100644 index 0000000..f27d283 --- /dev/null +++ b/kubernetes/Charts/reddit/Chart.yaml @@ -0,0 +1,7 @@ +--- +name: reddit +version: 0.1.0 +description: OTUS sample reddit application +maintainers: +- name: Baykanurov + email: vov_ef@mail.ru diff --git a/kubernetes/Charts/reddit/requirements.yaml b/kubernetes/Charts/reddit/requirements.yaml new file mode 100644 index 0000000..6b09dc7 --- /dev/null +++ b/kubernetes/Charts/reddit/requirements.yaml @@ -0,0 +1,17 @@ +--- +dependencies: + - name: ui + version: "1.0.0" + repository: "file://../ui" + + - name: post + version: "1.0.0" + repository: "file://../post" + + - name: comment + version: "1.0.0" + repository: "file://../comment" + + - name: mongodb + version: "12.1.27" + repository: https://charts.bitnami.com/bitnami diff --git a/kubernetes/Charts/reddit/values.yaml b/kubernetes/Charts/reddit/values.yaml new file mode 100644 index 0000000..9e95ac6 --- /dev/null +++ b/kubernetes/Charts/reddit/values.yaml @@ -0,0 +1,20 @@ +comment: + image: + repository: baykanurov/comment + tag: latest + service: + externalPort: 9292 + +post: + image: + repository: baykanurov/post + tag: latest + service: + externalPort: 5000 + +ui: + image: + repository: baykanurov/ui + tag: latest + service: + externalPort: 9292 diff --git a/kubernetes/Charts/ui/Chart.yaml b/kubernetes/Charts/ui/Chart.yaml new file mode 100644 index 0000000..181b95d --- /dev/null +++ b/kubernetes/Charts/ui/Chart.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v2 +appVersion: "1.0.0" +name: ui +version: 1.0.0 +description: OTUS reddit application UI +maintainers: +- name: Baykanurov + email: vov_ef@mail.ru diff --git a/kubernetes/Charts/ui/templates/_helpers.tpl b/kubernetes/Charts/ui/templates/_helpers.tpl new file mode 100644 index 0000000..c61a4c3 --- /dev/null +++ b/kubernetes/Charts/ui/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "ui.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} diff --git a/kubernetes/Charts/ui/templates/deployment.yaml b/kubernetes/Charts/ui/templates/deployment.yaml new file mode 100644 index 0000000..d9a12f3 --- /dev/null +++ b/kubernetes/Charts/ui/templates/deployment.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: ui + release: {{ .Release.Name }} +spec: + replicas: 3 + strategy: + type: Recreate + selector: + matchLabels: + app: reddit + component: ui + release: {{ .Release.Name }} + template: + metadata: + name: ui + labels: + app: reddit + component: ui + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: ui + ports: + - containerPort: {{ .Values.service.internalPort }} + name: ui + protocol: TCP + env: + - name: POST_SERVICE_HOST + value: {{ .Values.postHost | default (printf "%s-post" .Release.Name) }} + - name: POST_SERVICE_PORT + value: {{ .Values.postPort | default "5000" | quote }} + - name: COMMENT_SERVICE_HOST + value: {{ .Values.commentHost | default (printf "%s-comment" .Release.Name) }} + - name: COMMENT_SERVICE_PORT + value: {{ .Values.commentPort | default "9292" | quote }} + - name: ENV + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/kubernetes/Charts/ui/templates/ingress.yaml b/kubernetes/Charts/ui/templates/ingress.yaml new file mode 100644 index 0000000..55b8b94 --- /dev/null +++ b/kubernetes/Charts/ui/templates/ingress.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ui +spec: + ingressClassName: {{ .Release.Name }}-{{ .Chart.Name }} + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-{{ .Chart.Name }} + port: + number: {{ .Values.service.externalPort }} diff --git a/kubernetes/Charts/ui/templates/service.yaml b/kubernetes/Charts/ui/templates/service.yaml new file mode 100644 index 0000000..7544bd0 --- /dev/null +++ b/kubernetes/Charts/ui/templates/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: ui + release: {{ .Release.Name }} +spec: + type: NodePort + ports: + - port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: {{ .Values.service.internalPort }} + selector: + app: reddit + component: ui + release: {{ .Release.Name }} diff --git a/kubernetes/Charts/ui/values.yaml b/kubernetes/Charts/ui/values.yaml new file mode 100644 index 0000000..97bb333 --- /dev/null +++ b/kubernetes/Charts/ui/values.yaml @@ -0,0 +1,16 @@ +--- +service: + internalPort: 9292 + externalPort: 9292 + +image: + repository: baykanurov/ui + tag: latest + +ingress: + class: nginx + +postHost: +postPort: +commentHost: +commentPort: diff --git a/kubernetes/reddit/post-deployment.yml b/kubernetes/reddit/post-deployment.yml deleted file mode 100644 index 267a2f4..0000000 --- a/kubernetes/reddit/post-deployment.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: post - labels: - app: reddit - component: post -spec: - replicas: 1 - selector: - matchLabels: - app: reddit - component: post - template: - metadata: - name: post - labels: - app: reddit - component: post - spec: - containers: - - image: baykanurov/post - name: post - env: - - name: POST_DATABASE_HOST - value: post-db diff --git a/kubernetes/reddit/post-mongodb-service.yml b/kubernetes/reddit/post-mongodb-service.yml deleted file mode 100644 index e4810cf..0000000 --- a/kubernetes/reddit/post-mongodb-service.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: post-db - labels: - app: reddit - component: mongo - post-db: "true" -spec: - ports: - - port: 27017 - protocol: TCP - targetPort: 27017 - selector: - app: reddit - component: mongo - post-db: "true" \ No newline at end of file diff --git a/kubernetes/reddit/post-service.yml b/kubernetes/reddit/post-service.yml deleted file mode 100644 index 851cbd4..0000000 --- a/kubernetes/reddit/post-service.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: post - labels: - app: reddit - component: post -spec: - ports: - - port: 5000 - protocol: TCP - targetPort: 5000 - selector: - app: reddit - component: post \ No newline at end of file diff --git a/kubernetes/reddit/ui-deployment.yml b/kubernetes/reddit/ui-deployment.yml deleted file mode 100644 index b58ba40..0000000 --- a/kubernetes/reddit/ui-deployment.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ui - labels: - app: reddit - component: ui -spec: - replicas: 1 - selector: - matchLabels: - app: reddit - component: ui - template: - metadata: - name: ui-pod - labels: - app: reddit - component: ui - spec: - containers: - - image: baykanurov/ui - name: ui - env: - - name: ENV - valueFrom: - fieldRef: - fieldPath: metadata.namespace \ No newline at end of file diff --git a/kubernetes/reddit/ui-ingress.yml b/kubernetes/reddit/ui-ingress.yml deleted file mode 100644 index bd32c68..0000000 --- a/kubernetes/reddit/ui-ingress.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ui -spec: - ingressClassName: nginx - rules: - - host: ui.reddit.baykanurov.ru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ui - port: - number: 80 - tls: - - hosts: - - ui.reddit.baykanurov.ru - secretName: ui-ingress diff --git a/kubernetes/reddit/ui-service.yml b/kubernetes/reddit/ui-service.yml deleted file mode 100644 index 77d85ad..0000000 --- a/kubernetes/reddit/ui-service.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: ui - labels: - app: reddit - component: ui -spec: - type: NodePort - ports: - - port: 9292 - protocol: TCP - targetPort: 9292 - selector: - app: reddit - component: ui