Commit e39030cc authored by Joshua Lambert's avatar Joshua Lambert Committed by Marin Jankovski
Browse files

Official all-in-one chart

parent cf9b27a5
## GitLab Helm Charts
This repository contains GitLab's official Helm charts. [Helm](https://helm.sh/) is a package manager for Kubernetes, making it easier to deploy, upgrade, and maintain software like GitLab. The charts are automatically published to our Helm repo, located at [charts.gitlab.io](https://charts.gitlab.io).
This repository contains GitLab's official Helm charts. [Helm](https://helm.sh/) is a package manager for
Kubernetes, making it easier to deploy, upgrade, and maintain software like GitLab.
The charts are automatically published to our Helm repo, located at [charts.gitlab.io](https://charts.gitlab.io).
Charts in this repository should be considered beta. We are building a set of Cloud Native
charts at a separate repo at [helm.gitlab.io](https://gitlab.com/charts/helm.gitlab.io). The goal of that work
......
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v1
description: GitLab running on Kubernetes suitable for demos
name: gitlab-omnibus
version: 0.1.30
tillerVersion: ">=2.5.0"
keywords:
- git
- ci
- cd
- deploy
- issue tracker
- code review
- wiki
home: https://about.gitlab.com
sources:
- http://docs.gitlab.com/ce/install/kubernetes/
- https://gitlab.com/charts/charts.gitlab.io
icon: https://gitlab.com/uploads/group/avatar/6543/gitlab-logo-square.png
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
- name: Mark Pundsack
- name: Jason Plum
- name: DJ Mountney
- name: Joshua Lambert
# gitlab-omnibus
This work is based partially on: https://github.com/lwolf/kubernetes-gitlab/. GitLab would like to thank Sergey Nuzhdin for his work.
[GitLab](https://about.gitlab.com/) is an application to code, test, and deploy code together. It provides Git repository management with fine grained access controls, code reviews, issue tracking, activity feeds, wikis, and continuous integration.
## Introduction
This chart is provided for the deployment and testing of [GitLab](https://about.gitlab.com) on [Kubernetes](https://kubernetes.io/) via [Google Container Engine](https://cloud.google.com/container-engine/) or [Azure Container Service](https://azure.microsoft.com/en-us/services/container-service/). This provides an easy way to deploy GitLab and exercise most of its capabilities. The [GitLab Idea to Production demo on GKE](https://about.gitlab.com/handbook/sales/demo/) from the [GitLab handbook](https://about.gitlab.com/handbook) provides a great getting started tutorial with the included functionality.
This includes:
- A [GitLab Omnibus](https://docs.gitlab.com/omnibus/) Pod, including Mattermost, Container Registry, and Prometheus
- GitLab Runner
- Redis
- Postgresql
- NGINX Ingress
Terms:
- Google Cloud Platform (**GCP**)
- Google Container Engine (**GKE**)
- Azure Container Service (**ACS**)
- Kubernetes (**k8s**)
## Prerequisites
- [Google Cloud Platform](https://cloud.google.com/) or [Azure](https://portal.azure.com) account. This can be a trial, or paid account. The trial has lower limitations, so extensive
testing with GitLab's Review Apps feature may exceed those limitations.
- [Google Cloud SDK](https://cloud.google.com/sdk/) for using `gcloud` commands or [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) for using `az` commands. These SDKs also includes the necessary `kubectl` utilities.
- Access to a `bash` shell. It is recommended at this time to use a GNU/Linux-based or OSX operating system.
- Access to the internet via HTTPS traffic.
- _At least_ 4 GB of RAM available on your cluster
- _At least_ 2vCPUs per node in your cluster
- Kubernetes 1.4+ with Beta APIs enabled
- The ability to point a DNS entry or URL at your GitLab install
## Installing the Chart
To install the chart with the release name `my-release` run:
```bash
$ helm repo add gitlab https://charts.gitlab.io
$ helm install --name my-release \
--set baseDomain=example.com,legoEmail=you@example.com \
gitlab/kubernetes-gitlab-demo
```
Note that you _must_ pass in baseIP, baseDomain, and legoEmail, or you'll end up with a non-functioning release.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
Refer to [values.yaml](values.yaml) for the full run-down on defaults. These are a mixture of Kubernetes and GitLab-related directives.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install --name my-release \
--set baseIP=172.16.254.1,baseDomain=example.com,legoEmail=you@example.com, \
--set postgresPassword=foobar \
--set gitlab=ee,gitlabEELicense=$LICENSE \
gitlab/kubernetes-gitlab-demo
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install --name my-release -f values.yaml gitlab/kubernetes-gitlab-demo
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Persistence
Persistence of GitLab data and configuration happens using PVCs. If you know that you'll need a larger amount of space, make _sure_ to look at [values.yaml](values.yaml) for values you can override.
dependencies:
- alias: ""
condition: ""
enabled: false
import-values: null
name: gitlab-runner
repository: https://charts.gitlab.io/
tags: null
version: 0.1.9
digest: sha256:e3f28f3ef931427e7173309b904b25006b7df5b6b172f050fb1318ac0822d7a9
generated: 2017-08-06T01:03:49.186687157-04:00
dependencies:
- name: gitlab-runner
version: 0.1.9
repository: https://charts.gitlab.io/
{{- if and (default "" .Values.baseDomain) (default "" .Values.legoEmail) }}
It may take several minutes for GitLab to reconfigure.
You can watch the status by running `kubectl get deployment -w {{ template "fullname" . }} --namespace {{ .Release.Namespace }}
{{- if .Values.baseIP }}
Make sure to configure DNS with something like:
*.{{ .Values.baseDomain }} 300 IN A {{ .Values.baseIP }}
{{- else }}
You did not specify a baseIP so one will be assigned for you.
It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w --namespace nginx-ingress nginx', then:
export SERVICE_IP=$(kubectl get svc --namespace nginx-ingress nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
Then make sure to configure DNS with something like:
*.{{ .Values.baseDomain }} 300 IN A $SERVICE_IP
{{- end }}
{{- else }}
####################################################################################################
## WARNING: You did not specify an baseDomain, gitlab-runner.gitlabUrl, and legoEmail in your 'helm install' call. ##
####################################################################################################
This deployment will be incomplete until you provide these variables:
$ helm upgrade {{ .Release.Name }} \
--set baseDomain=example.com,gitlab-runner.gitlabUrl=https://gitlab.example.com,legoEmail=you@example.com \
gitlab/kubernetes-gitlab-demo
{{- end -}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified postgresql name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.fullname" -}}
{{- $appName := (include "fullname" .) | trunc 54 | trimSuffix "-" -}}
{{- printf "%s-%s" $appName "postgresql" -}}
{{- end -}}
{{/*
Create a default fully qualified redis name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis.fullname" -}}
{{- $appName := (include "fullname" .) | trunc 57 | trimSuffix "-" -}}
{{- printf "%s-%s" $appName "redis" -}}
{{- end -}}
{{/*
Template for outputing the gitlabUrl
*/}}
{{- define "gitlabUrl" -}}
{{- if .Values.gitlabUrl -}}
{{- .Values.gitlabUrl | quote -}}
{{- else -}}
{{- printf "http://%s-gitlab.%s:8005/" .Release.Name .Release.Namespace | quote -}}
{{- end -}}
{{- end -}}
{{- if (eq .Values.provider "gke") }}
kind: StorageClass
apiVersion: {{ if .Capabilities.APIVersions.Has "storage.k8s.io/v1" }}storage.k8s.io/v1{{ else }}storage.k8s.io/v1beta1{{ end }}
metadata:
name: {{ template "fullname" . }}-fast
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
annotations:
storageclass.beta.kubernetes.io/is-default-class: "false"
labels:
kubernetes.io/cluster-service: "true"
{{- if eq .Values.provider "gke" }}
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-ssd
{{- end }}
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fullname" . }}-config
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
external_scheme: https
external_hostname: gitlab.{{ .Values.baseDomain }}
registry_external_scheme: https
registry_external_hostname: registry.{{ .Values.baseDomain }}
mattermost_external_scheme: https
mattermost_external_hostname: mattermost.{{ .Values.baseDomain }}
mattermost_app_uid: {{ .Values.mattermostAppUID }}
postgres_user: gitlab
postgres_db: gitlab_production
---
apiVersion: v1
kind: Secret
metadata:
name: {{ template "fullname" . }}-secrets
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
postgres_password: {{ .Values.postgresPassword }}
initial_shared_runners_registration_token: {{ default "" .Values.initialSharedRunnersRegistrationToken | b64enc | quote }}
mattermost_app_secret: {{ .Values.mattermostAppSecret | b64enc | quote }}
{{- if .Values.gitlabEELicense }}
gitlab_ee_license: {{ .Values.gitlabEELicense | b64enc | quote }}
{{- end }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "fullname" . }}-config-storage
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if (eq .Values.provider "gke") }}
annotations:
volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.gitlabConfigStorageSize }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
template:
metadata:
labels:
app: {{ template "fullname" . }}
name: {{ template "fullname" . }}
spec:
containers:
- name: gitlab
{{- if eq .Values.gitlab "ee" }}
image: {{ .Values.gitlabEEImage }}
{{- else }}
image: {{ .Values.gitlabCEImage }}
{{- end }}
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-c",
"sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]
env:
- name: GITLAB_EXTERNAL_SCHEME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: external_scheme
- name: GITLAB_EXTERNAL_HOSTNAME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: external_hostname
- name: GITLAB_REGISTRY_EXTERNAL_SCHEME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: registry_external_scheme
- name: GITLAB_REGISTRY_EXTERNAL_HOSTNAME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: registry_external_hostname
- name: GITLAB_MATTERMOST_EXTERNAL_SCHEME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: mattermost_external_scheme
- name: GITLAB_MATTERMOST_EXTERNAL_HOSTNAME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: mattermost_external_hostname
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: postgres_user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secrets
key: postgres_password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: postgres_db
- name: GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secrets
key: initial_shared_runners_registration_token
- name: MATTERMOST_APP_UID
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}-config
key: mattermost_app_uid
- name: MATTERMOST_APP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secrets
key: mattermost_app_secret
{{- if .Values.gitlabEELicense }}
- name: GITLAB_EE_LICENSE
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secrets
key: gitlab_ee_license
{{- end }}
- name: GITLAB_OMNIBUS_CONFIG
value: |
external_url "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}"
registry_external_url "#{ENV['GITLAB_REGISTRY_EXTERNAL_SCHEME']}://#{ENV['GITLAB_REGISTRY_EXTERNAL_HOSTNAME']}"
mattermost_external_url "#{ENV['GITLAB_MATTERMOST_EXTERNAL_SCHEME']}://#{ENV['GITLAB_MATTERMOST_EXTERNAL_HOSTNAME']}"
gitlab_rails['initial_shared_runners_registration_token'] = ENV['GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN']
nginx['enable'] = false
registry_nginx['enable'] = false
mattermost_nginx['enable'] = false
gitlab_workhorse['listen_network'] = 'tcp'
gitlab_workhorse['listen_addr'] = '0.0.0.0:8005'
mattermost['service_address'] = '0.0.0.0'
mattermost['service_port'] = '8065'
registry['registry_http_addr'] = '0.0.0.0:8105'
postgresql['enable'] = false
gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}'
gitlab_rails['db_password'] = ENV['POSTGRES_PASSWORD']
gitlab_rails['db_username'] = ENV['POSTGRES_USER']
gitlab_rails['db_database'] = ENV['POSTGRES_DB']
redis['enable'] = false
gitlab_rails['redis_host'] = '{{ template "redis.fullname" . }}'
mattermost['file_directory'] = '/gitlab-data/mattermost';
mattermost['sql_driver_name'] = 'postgres';
mattermost['sql_data_source'] = "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=mattermost_production password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable";
mattermost['gitlab_enable'] = true;
mattermost['gitlab_secret'] = ENV['MATTERMOST_APP_SECRET'];
mattermost['gitlab_id'] = ENV['MATTERMOST_APP_UID'];
mattermost['gitlab_scope'] = '';
mattermost['gitlab_auth_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/authorize";
mattermost['gitlab_token_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/token";
mattermost['gitlab_user_api_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/api/v4/user"
manage_accounts['enable'] = true
manage_storage_directories['manage_etc'] = false
gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys'
git_data_dir '/gitlab-data/git-data'
gitlab_rails['shared_path'] = '/gitlab-data/shared'
gitlab_rails['uploads_directory'] = '/gitlab-data/uploads'
gitlab_ci['builds_directory'] = '/gitlab-data/builds'
gitlab_rails['registry_path'] = '/gitlab-registry'
gitlab_rails['trusted_proxies'] = ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]
prometheus['listen_address'] = '0.0.0.0:9090'
postgres_exporter['enable'] = true
postgres_exporter['env'] = {
'DATA_SOURCE_NAME' => "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=#{ENV['POSTGRES_DB']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable"
}
redis_exporter['enable'] = true
redis_exporter['flags'] = {
'redis.addr' => "{{ template "redis.fullname" . }}:6379",
}
- name: GITLAB_POST_RECONFIGURE_CODE
value: |
include Gitlab::CurrentSettings
Doorkeeper::Application.where(uid: ENV["MATTERMOST_APP_UID"]).first_or_create(
name: "GitLab Mattermost",
secret: ENV["MATTERMOST_APP_SECRET"],
redirect_uri: "#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/signup/gitlab/complete\r\n#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/login/gitlab/complete")
PrometheusService.where(template: true).first_or_create(
active: true, api_url: "http://localhost:9090")
KubernetesService.where(template: true).first_or_create(
active: true,
api_url: "https://#{ENV["KUBERNETES_SERVICE_HOST"]}:#{ENV["KUBERNETES_SERVICE_PORT"]}",
token: File.read("/var/run/secrets/kubernetes.io/serviceaccount/token"),
ca_pem: File.read("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"))
current_application_settings.update_attribute(:health_check_access_token, '{{.Values.healthCheckToken}}')
{{- if .Values.gitlabEELicense }}
License.first_or_create(data: "#{ENV["GITLAB_EE_LICENSE"]}")
{{- end }}
- name: GITLAB_POST_RECONFIGURE_SCRIPT
value: |
/opt/gitlab/bin/gitlab-rails runner -e production "$GITLAB_POST_RECONFIGURE_CODE"
ports:
- name: registry
containerPort: 8105
- name: mattermost
containerPort: 8065
- name: workhorse
containerPort: 8005
- name: ssh
containerPort: 22
- name: prometheus
containerPort: 9090
volumeMounts:
- name: config
mountPath: /etc/gitlab
- name: data
mountPath: /gitlab-data
subPath: gitlab-data
- name: registry
mountPath: /gitlab-registry
livenessProbe:
httpGet:
path: /health_check?token={{.Values.healthCheckToken}}
port: 8005
initialDelaySeconds: 180
timeoutSeconds: 15
readinessProbe:
httpGet:
path: /health_check?token={{.Values.healthCheckToken}}
port: 8005
initialDelaySeconds: 15
timeoutSeconds: 1
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-storage
- name: registry
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-registry-storage
- name: config
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-config-storage
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "fullname" . }}-storage
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if (eq .Values.provider "gke") }}
annotations:
volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.gitlabRailsStorageSize }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "fullname" . }}-registry-storage
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if (eq .Values.provider "gke") }}
annotations:
volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.gitlabRegistryStorageSize }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
name: {{ template "fullname" . }}