henry/HomeLabScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ADD: addend gitlab

Browse Source
This commit is contained in:
henry
2026-03-12 14:23:02 +01:00
parent f0a02c3740
commit 2ea9f3973f
8 changed files with 612 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
k3s/apps/gitLab/manifest.yaml Normal file
View File

@@ -0,0 +1,262 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitlab
---
# ─── NFS PersistentVolume für gitlab-data ─────────────────────────
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitlab-data-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany # NFS unterstützt RWX
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
- rsize=1048576
- wsize=1048576
- timeo=600
- retrans=2
nfs:
server: 192.168.1.100 # ← deine NFS Server IP
path: /exports/gitlab/data # ← NFS Export Pfad
---
# ─── PVC für gitlab-data (NFS) ────────────────────────────────────
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-data-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
volumeName: gitlab-data-pv # direkte Bindung an den PV oben
storageClassName: "" # wichtig: verhindert dynamische Provisionierung
---
# ─── Lokale PVCs (Logs & Config bleiben lokal) ────────────────────
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-logs-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitlab-config-pvc
namespace: gitlab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard
---
# ─── Secret ───────────────────────────────────────────────────────
apiVersion: v1
kind: Secret
metadata:
name: gitlab-secrets
namespace: gitlab
type: Opaque
stringData:
GITLAB_ROOT_PASSWORD: "ChangeMeSecurely123!"
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.com'
gitlab_rails['gitlab_shell_ssh_port'] = 22
nginx['listen_port'] = 80
nginx['listen_https'] = false
prometheus_monitoring['enable'] = false
---
# ─── ConfigMap ────────────────────────────────────────────────────
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-config
namespace: gitlab
data:
GITLAB_TIMEZONE: "Europe/Berlin"
---
# ─── Deployment ───────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab
namespace: gitlab
labels:
app: gitlab
spec:
replicas: 1
selector:
matchLabels:
app: gitlab
strategy:
type: Recreate
template:
metadata:
labels:
app: gitlab
spec:
initContainers:
- name: fix-permissions
image: busybox
command:
- sh
- -c
- |
chown -R 998:998 /var/opt/gitlab /var/log/gitlab /etc/gitlab
# NFS: sicherstellen dass das Verzeichnis existiert
mkdir -p /var/opt/gitlab/git-data
volumeMounts:
- name: gitlab-data
mountPath: /var/opt/gitlab
- name: gitlab-logs
mountPath: /var/log/gitlab
- name: gitlab-config
mountPath: /etc/gitlab
containers:
- name: gitlab
image: gitlab/gitlab-ce:16.9.0-ce.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 22
envFrom:
- configMapRef:
name: gitlab-config
- secretRef:
name: gitlab-secrets
resources:
requests:
memory: "4Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "4000m"
# ─── Mounts ─────────────────────────────────────────────
volumeMounts:
- name: gitlab-data # → NFS
mountPath: /var/opt/gitlab
- name: gitlab-logs # → lokal
mountPath: /var/log/gitlab
- name: gitlab-config # → lokal
mountPath: /etc/gitlab
- name: shm
mountPath: /dev/shm
readinessProbe:
httpGet:
path: /-/readiness
port: 80
initialDelaySeconds: 60
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet:
path: /-/liveness
port: 80
initialDelaySeconds: 120
periodSeconds: 30
failureThreshold: 5
# ─── Volumes ──────────────────────────────────────────────────
volumes:
- name: gitlab-data # NFS via PVC
persistentVolumeClaim:
claimName: gitlab-data-pvc
- name: gitlab-logs # lokal via PVC
persistentVolumeClaim:
claimName: gitlab-logs-pvc
- name: gitlab-config # lokal via PVC
persistentVolumeClaim:
claimName: gitlab-config-pvc
- name: shm
emptyDir:
medium: Memory
sizeLimit: 256Mi
---
# ─── Service ──────────────────────────────────────────────────────
apiVersion: v1
kind: Service
metadata:
name: gitlab
namespace: gitlab
spec:
selector:
app: gitlab
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
- name: ssh
port: 22
targetPort: 22
type: ClusterIP
---
# ─── Ingress ──────────────────────────────────────────────────────
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitlab
namespace: gitlab
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "512m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
tls:
- hosts:
- gitlab.example.com
secretName: gitlab-tls
rules:
- host: gitlab.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitlab
port:
number: 80