Gitlab and Gitlab Runner Installation will be explained under this topic. This installation tried on the kubernetes cluster which has a one worker node. Also if you have multiple worker node you can use the node selector to run application on the specific worker node. If you decide to use node selector you must create the mount folder under the selected node.
In there,we will use persistent volume, persistent volume claim, deployment and service resources. Also we will use nginx reverse proxy and self signed certificate, to connect gitlab application after created all kubernetes resources. And We can use the ingrees to acces the our applicaiton.
You can follow below commands;
Step1:
Create mount folder under your selected worker node and create yaml file for persistent volume and volume claim. If you want to use the node selector for deployment you must add label on your node and you should edit the your deployment yaml file.
mkdir -p /opt/gitlab/logs /opt/gitlab/data /opt/gitlab/configvim gitlabpv.yamlapiVersion: v1
kind: PersistentVolume
metadata:
name: gitlabcnfgpv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/config"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlablgspv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/logs"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlabdtpv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/data"kubectl apply -f gilabpv.yamlvim gitlabpvc.yamlapiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlabcnfpvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlablgspvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlabdtpvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gikubectl create -f gitlabpvc.yamlThen, check your pv and pvc resources.
kubectl get pv
Then, we can see our pv and pvc resources above picture. PVC resources bounded with the PV resources.
Step2:
Create deployment file after the node labeled. We suppose the we have multiple worker node and we choose the specific node to run the gitlab application.
kubectl label nodes <worker-node-name> app=gitlabvim gitlab.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
labels:
app: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
template:
metadata:
labels:
app: gitlab
spec:
hostAliases:
- ip: "your_ip_address"
hostnames:
- gitlab-ingress.<your_ip_address>.nip.io
containers:
- name: gitlab
image: gitlab/gitlab-ee:latest
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: "/etc/gitlab"
name: gitlabconfig
- mountPath: "/var/log/gitlab"
name: gitlablogs
- mountPath: "/var/opt/gitlab"
name: gitlabdata
volumes:
- name: gitlabconfig
persistentVolumeClaim:
claimName: gitlabcnfpvc
- name: gitlablogs
persistentVolumeClaim:
claimName: gitlablgspvc
- name: gitlabdata
persistentVolumeClaim:
claimName: gitlabdtpvc
nodeSelector:
app: gitlabkubectl create -f gitlab.yamlNow we should go to worker node which gitlab is running and Open mount folder and add below lines for server url address.
vim /opt/gitlab/config/gitlab.rbexternal_url "http://gitlab-ingress.<192.168.56.111>.nip.io"Then you must use below command to reconfigure gitlab.
pod=$(kubectl get pods | awk '{print $1}' | grep -e "gitlab")
kubectl exec -it $pod bashgitlab-ctl reconfigureexitStep3:
Create Service file to establish the connection for gitlab application.
vim gitlabsvc.yamlapiVersion: v1
kind: Service
metadata:
name: gitlab
labels:
app: gitlab
spec:
ports:
- port: 80
name: http
protocol: TCP
- port: 443
name: https
protocol: TCP
- port: 22
name: ssh
protocol: TCP
selector:
app: gitlab
type: NodePortkubectl create -f gitlabsvc.yamlNow we can check the our created service and we should take the node port number to establish connection for gitlab with our browser.
kubectl get svc
If you access the gitlab application like picture below, you must chenge the default root password with connect the pod with “exec” command and use the following lines.
pod=$(kubectl get pods | awk '{print $1}' | grep -e "gitlab")kubectl exec -it $pod bashgitlab-rails console user = User.find_by(username: "root") user.password = 'hafifbilgiler123' user.password_confirmation = 'hafifbilgiler123' user.saveexitexit
Step4:
Create Self Signed Certficate, secret and Ingress yaml file Secure to access the gitlab application without to using node port ip address. Also if you don’t have a Ingress Controller, you can get a lot of information about the Nginx Controller Installation to click here. Also I have been used the nip.io for DNS solving.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out gitlab-ingress-ssl.crt -keyout gitlab-ingress-ssl.key -subj "/CN=gitlab-ingress.<your_ip_addrress>.nip.io/O=gitlab-ingress.<your_ip_addrress>.nip.io"kubectl create secret tls gitlab-ingress-secret --key ./gitlab-ingress-ssl.key --cert ./gitlab-ingress-ssl.crtapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitlab-ingress
spec:
tls:
- hosts:
- gitlab-ingress.<your_ip_addrress>.nip.io
secretName: gitlab-ingress-secret
ingressClassName: nginx
rules:
- host: gitlab-ingress.<your_ip_addrress>.nip.io
http:
paths:
- backend:
service:
name: gitlab
port:
number: 80
path: /
pathType: Prefix
status:
loadBalancer: {}vim ingress.yamlkubectl create -f ingress.yamlStep5:
Create volume folders and yaml files for persistentent volume and persistent volume claim.
mkdir -p /opt/gitlab/gitlab-runner/config /opt/gitlab/gitlab-runner/docker.sock /opt/gitlab/gitlab-runner/SSLvim gitlabrunner_pv_pvc.yamlapiVersion: v1
kind: PersistentVolume
metadata:
name: gitlabrunnercnfgpv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/gitlab-runner/config"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlabrunnercnfgpvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlabrunnerdockerpv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/gitlab-runner/docker.sock"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlabrunnerdockerpvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlabrunnerssl
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/gitlab/gitlab-runner/SSL"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlabrunnerssl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gikubectl create -f gitlabrunner_pv_pvc.yamlStep6:
Create yaml file for gitlab runner application.
vim gitlabrunner.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-runner
labels:
app: gitlab-runner
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
spec:
hostAliases:
- ip: "your-ip-address"
hostnames:
- gitlab-ingress.your-ip-address
containers:
- name: gitlab-runner
image: gitlab/gitlab-runner:latest
#command: ['sh', '-c', 'mkdir /opt/SSL']
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: "/etc/gitlab-runner"
name: config
- mountPath: "/var/run/docker.sock"
name: dockersock
- mountPath: "/opt/SSL"
name: sslcertificate
volumes:
- name: config
persistentVolumeClaim:
claimName: gitlabrunnercnfgpvc
- name: dockersock
persistentVolumeClaim:
claimName: gitlabrunnerdockerpvc
- name: sslcertificate
persistentVolumeClaim:
claimName: gitlabrunnerssl
nodeSelector:
app2: gitlab-runnerkubectl create -f gitlabrunner.yamlStep7:
Now We can test it. Create basic project with echo messages and some steps. Create bash Template .gitlab-ci.yml file for this project on gitlab like below. Take your ip address and token from project CI/CD Settings. And you must write your gitlab url address with https.
Step8:
Go to your worker node which Gitlab-Runner running and put your certificate under volume path “/opt/gitlab/gitlab-runner/SSL”. Then you will use the this certficate for trusted connection during gitlab runner register.
pod=$(kubectl get pods | awk '{print $1}' | grep -e "gitlab")kubectl exec -it $pod bashgitlab-runner register --tls-ca-file=/opt/SSL/gitlab-ingress-ssl.crt
Step9:
Then, you can check the your project if it does register or does not from under CI / CD Settings.
That’s it. If you need to run bash command or other scripts on remote computer you can add gitlab runner as a container like above steps.
