Docker/Compose/GitLab

From Chorke Wiki
Revision as of 05:04, 11 September 2024 by Shahed (talk | contribs) (→‎References)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

PSQL » Schema » Drop

cat << DDL | psql -U${USER}
DROP DATABASE IF EXISTS gitlab;
DROP USER     IF EXISTS gitlab;
DDL

PSQL » Schema » Create

cat << DDL | psql -U${USER}
CREATE DATABASE gitlab;
CREATE USER gitlab WITH ENCRYPTED PASSWORD 'sadaqah!';
GRANT ALL PRIVILEGES ON DATABASE gitlab TO gitlab;
ALTER USER gitlab WITH SUPERUSER;
DDL

PSQL » Schema » Import

gunzip -c ./gitlab_archive/gitlab-sdlc-20241010-T1010-ZP0600.sql.gz|\
psql -p5432 -hlocalhost -Ugitlab -dgitlab

Linux » UFW » Allow » 5432

# please update these two filse to allow psql remote client
# /etc/postgresql/14/main/{postgresql,pg_hba}.conf
sudo ufw allow 5432/tcp
sudo ufw status numbered

Linux » UFW » Allow » 1080

sudo ufw allow 1080/tcp
sudo ufw status numbered

Docker » Compose » Volume

mkdir -p ${HOME}/Documents/gitlab-playground/
      cd ${HOME}/Documents/gitlab-playground/
sudo tar -xzf gitlab_archive/gitlab-sdlc-20241010-T1010-ZP0600.tar.gz

Docker » Compose » Create

cat << YML | tee ${HOME}/Documents/gitlab-playground/docker-compose.yml >/dev/null
---
name: gitlab
services:
  gitlab:
    image: gitlab/gitlab-ce:15.1.3-ce.0
    container_name: gitlab
    restart: always
    hostname: 'gitlab.host.k8s.local'
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      portal:
        aliases:
          - gitlab.host.k8s.local
    labels:
      gitlab: "GitLab CE"
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.host.k8s.local'
        gitlab_rails['db_adapter'] = 'postgresql'
        gitlab_rails['db_database'] = 'gitlab'
        gitlab_rails['db_username'] = 'gitlab'
        gitlab_rails['db_password'] = 'sadaqah!'
        gitlab_rails['db_host'] = 'host.docker.internal'
        gitlab_rails['gitlab_ssh_host'] = 'code.host.k8s.local'
        nginx['proxy_set_headers'] = { 'X-Forwarded-Proto' => 'http', 'X-Forwarded-Ssl' => 'Off' }
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_domain'] = "mail.k8s.local"
        gitlab_rails['smtp_address'] = 'mail.k8s.local'
        gitlab_rails['smtp_port'] = 10587
        gitlab_rails['smtp_user_name'] = '[email protected]'
        gitlab_rails['smtp_password'] = 'sadaqah!'
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_tls'] = false
        gitlab_rails['gitlab_email_from'] = '[email protected]'
        gitlab_rails['gitlab_email_display_name'] = 'Academia Gitlab'
        gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
        gitlab_rails['omniauth_enabled'] = true
        gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
        gitlab_rails['omniauth_block_auto_created_users'] = false
        gitlab_rails['gitlab_default_can_create_group'] = false
        gitlab_rails['gitlab_username_changing_enabled'] = false
        gitlab_rails['omniauth_providers'] = [{ 'name' => 'openid_connect', 'label' => 'Academia OpenID', 'icon' => '', 'args' => {'name' => 'openid_connect', 'scope' => ['openid','profile'], 'response_type' => 'code', 'issuer' => 'http://keycloak.k8s.local/realms/GoogleWorkspace', 'discovery' => true, 'client_auth_method' => 'query', 'uid_field' => 'sub', 'send_scope_to_token_endpoint' => 'false', 'client_options' => { 'identifier' => 'gitlab.host.k8s.local', 'secret' => 'sRQwifypRYYhvXPZId8yh3wK0oU9Jqgh', 'redirect_uri' => 'http://gitlab.host.k8s.local/users/auth/openid_connect/callback' }}}]
    ports:
      - '4430:443'
      - '1080:80'
      - '1022:22'
    volumes:
      - './gitlab/config:/etc/gitlab'
      - './gitlab/logs:/var/log/gitlab'
      - './gitlab/data:/var/opt/gitlab'
    shm_size: '256m'
networks:
  portal:
    ipam:
      config:
        - subnet: 10.10.10.0/24
YML

Docker » Compose » Manage

docker compose up -d
docker compose logs -f -t
docker compose down

Docker » Compose » Systemd

cat << INI | sudo tee /etc/systemd/system/gitlab.service >/dev/null
[Unit]
Description=Gitlab CE
After=docker.service

[Service]
Restart=always
User=gitlab
Group=gitlab
ExecStart=/usr/bin/docker-compose -f /etc/gitlab/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /etc/gitlab/docker-compose.yml stop

[Install]
WantedBy=multi-user.target
INI

Minikube » Internal  » Namespace

kubectl get ns|grep internal
kubectl create namespace internal

Minikube » Internal  » Service

cat << YML|kubectl apply -n internal -f -
---
apiVersion: v1
kind: Service
metadata:
  name: minikube-host
  namespace: internal
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: minikube-host
    app.kubernetes.io/instance: minikube-host
spec:
  type: ExternalName
  externalName: host.minikube.internal
YML

Minikube » Internal  » Ingress

cat << YML | kubectl apply -n internal -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitlab
  namespace: internal
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: minikube-host
    app.kubernetes.io/instance: minikube-host
spec:
  ingressClassName: nginx
  rules:
    - host: "gitlab.host.k8s.local"
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: minikube-host
                port:
                  number: 1080
YML

GitLab » Update » Password

docker exec -it gitlab gitlab-rails console -e production
user = User.where(id: 1).first
user.password = 'sadaqah!'
user.password_confirmation = 'sadaqah!'
user.save

GitLab » Open » Browser

xdg-open http://gitlab.host.k8s.local &>/dev/null &
gnome-open http://gitlab.host.k8s.local &>/dev/null &
x-www-browser http://gitlab.host.k8s.local &>/dev/null &
sensible-browser http://gitlab.host.k8s.local &>/dev/null &

References