henry/HomeLabScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ADD: addend gitlab

Browse Source
This commit is contained in:
henry
2026-03-12 14:23:02 +01:00
parent f0a02c3740
commit 2ea9f3973f
8 changed files with 612 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
k3s/apps/gitLab/manifest/gitlab-deployment.yaml Normal file
View File

@@ -0,0 +1,118 @@
# ─── Deployment ───────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab
labels:
app: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
spec:
initContainers:
- name: fix-permissions
image: busybox
command:
- sh
- -c
- mkdir -p /var/opt/gitlab/git-data
volumeMounts:
- name: gitlab-data
mountPath: /var/opt/gitlab
- name: gitlab-git
mountPath: /var/opt/gitlab/git-data
- name: gitlab-config
mountPath: /etc/gitlab
containers:
- name: gitlab
image: gitlab/gitlab-ce:latest
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add:
- SYS_RESOURCE
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 22
envFrom:
- configMapRef:
name: gitlab-config
- secretRef:
name: gitlab-secrets
resources:
requests:
memory: "4Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "4000m"
# ─── Mounts ─────────────────────────────────────────────
volumeMounts:
- name: gitlab-data # → lokal (postgresql, redis, etc.)
mountPath: /var/opt/gitlab
- name: gitlab-git # → NFS (Git-Repositories)
mountPath: /var/opt/gitlab/git-data
- name: gitlab-config # → lokal
mountPath: /etc/gitlab
- name: gitlab-logs # → ephemeral
mountPath: /var/log/gitlab
- name: shm
mountPath: /dev/shm
startupProbe:
exec:
command: ["curl", "-sf", "http://localhost/-/health"]
failureThreshold: 40
periodSeconds: 15
readinessProbe:
exec:
command: ["curl", "-sf", "http://localhost/-/health"]
periodSeconds: 15
failureThreshold: 3
livenessProbe:
exec:
command: ["curl", "-sf", "http://localhost/-/health"]
periodSeconds: 30
failureThreshold: 5
# ─── Volumes ──────────────────────────────────────────────────
volumes:
- name: gitlab-data # lokal (postgresql, redis, etc.)
persistentVolumeClaim:
claimName: gitlab-data-pvc
- name: gitlab-git # NFS (Git-Repositories)
persistentVolumeClaim:
claimName: gitlab-git-pvc
- name: gitlab-config # lokal
persistentVolumeClaim:
claimName: gitlab-config-pvc
- name: gitlab-logs # ephemeral
emptyDir: {}
- name: shm
emptyDir:
medium: Memory
sizeLimit: 256Mi

4
k3s/apps/gitLab/manifest/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitlab

98
k3s/apps/gitLab/manifest/pv-pvc.yaml Normal file
View File

@@ -0,0 +1,98 @@
# ─── NFS PV für git-data (Repositories) ──────────────────────────
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-git-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
mountOptions:
- hard
- rsize=1048576
- wsize=1048576
- timeo=600
- retrans=2
nfs:
server: 192.168.178.166
path: /export/gitlab
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-git-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs
resources:
requests:
storage: 50Gi
volumeName: gitlab-git-pv
---
# ─── Lokaler PV für /var/opt/gitlab (postgresql, redis, etc.) ─────
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-data-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-path
hostPath:
path: /var/lib/gitlab/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-data-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 20Gi
volumeName: gitlab-data-pv
---
# ─── Lokaler PV für /etc/gitlab (Konfiguration) ───────────────────
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-config-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-path
hostPath:
path: /var/lib/gitlab/config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-config-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 1Gi
volumeName: gitlab-config-pv

58
k3s/apps/gitLab/manifest/secret.yaml Normal file
View File

@@ -0,0 +1,58 @@
# ─── Secret ───────────────────────────────────────────────────────
apiVersion: v1
kind: Secret
metadata:
name: gitlab-secrets
namespace: gitlab
type: Opaque
stringData:
GITLAB_ROOT_PASSWORD: "NewPassword123!"
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.henryathome.home64.de'
gitlab_rails['gitlab_shell_ssh_port'] = 31022
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
'X-Forwarded-Proto' => 'https',
'X-Forwarded-Ssl' => 'on'
}
prometheus_monitoring['enable'] = false
# Authentik SSO (OpenID Connect)
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email', 'name']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "Authentik",
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://authentik.henryathome.home64.de/application/o/gitlab/",
discovery: true,
client_auth_method: "query",
uid_field: "sub",
pkce: true,
client_options: {
identifier: "HaKYx5sj767TYywPOekXD99ylk4NdPEX85UWa9Jo",
secret: "9AazToYtgYdfaAgZauR8FMNJVj0qF8qePz0Gq5TPYK9fiE45QUDoEM1v3CEROiSI2BngXJVRqSEgBszSyieHe283w8Ube0yWXzesLNS84qR3fDWWSpbJ3sLZBlJMKMUj",
redirect_uri: "https://gitlab.henryathome.home64.de/users/auth/openid_connect/callback"
}
}
}
]
---
# ─── ConfigMap ────────────────────────────────────────────────────
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-config
namespace: gitlab
data:
GITLAB_TIMEZONE: "Europe/Berlin"

52
k3s/apps/gitLab/manifest/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
# ─── Service ──────────────────────────────────────────────────────
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab
spec:
selector:
app: gitlab
ports:
- name: http
port: 80
targetPort: 80
nodePort: 31080
- name: https
port: 443
targetPort: 443
nodePort: 31443
- name: ssh
port: 31022
targetPort: 31022
nodePort: 31022
type: NodePort
# ---
# ─── Ingress ──────────────────────────────────────────────────────
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: gitlab
# namespace: gitlab
# annotations:
# nginx.ingress.kubernetes.io/proxy-body-size: "512m"
# nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
# spec:
# ingressClassName: nginx
# tls:
# - hosts:
# - gitlab.example.com
# secretName: gitlab-tls
# rules:
# - host: gitlab.example.com
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: gitlab
# port:
# number: 80