Helm 部署 GitLab

0.

1. 添加并拉取 GitLab Helm 仓库

1
2
3
helm repo add gitlab https://charts.gitlab.io/
helm repo update
helm pull gitlab/gitlab --untar

2. 修改 values 参数

以下为根据个人需求修改的部分参数,未列出的部分使用默认值。

2.1 修改 GitLab 的外部访问地址

采用 Ingress 的方式暴露 GitLab 服务

1
2
3
4
5
global:
  hosts:
    domain: <DOMAIN/IP>
    ingress:
      enabled: true

2.2 启用 TLS

这里采用外部 cert-manager 和外部签发证书的方式管理 TLS 证书,提前部署了 cert-manager。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
global:
  ingress:
    configureCertmanager: false
    annotations:
      kubernetes.io/tls-acme: "true"
    tls:
      enabled: true

certmanager:
  install: false

certmanager-issuer:
  email: <EMAIL>

gitlab:
  webservice:
    ingress:
      tls:
        secretName: "gitlab-webservice-tls"
  kas:
    ingress:
      tls:
        secretName: "gitlab-kas-tls"

registry:
  ingress:
    tls:
      secretName: "registry-tls"

minio:
  ingress:
    tls:
      secretName: "minio-tls"

2.3 设置镜像地址为私仓地址

为了加快镜像拉取速度,提前在本地部署了 Harbor 私有仓库。
参考示例修改多个 values.yaml 文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# --- values.yaml ---
global:
  kubectl: <IMAGE>
  certificates: <IMAGE>
  gitlabBase: <IMAGE>

# --- charts/gitlab/values.yaml ---
global:
  communityImages:
    migrations:
      repository: <IMAGE>
    sidekiq:
      repository: <IMAGE>
    toolbox:
      repository: <IMAGE>
    webservice:
      repository: <IMAGE>
    workhorse:
      repository: <IMAGE>

# --- charts/gitlab-runner/values.yaml ---
image:
  registry: <HARBOR_REGISTRY>
  image: <IMAGE>

2.4设置发信邮箱

2.4.1 添加邮箱密码 Secret

1
kubectl -n gitlab create secret generic gitlab-smtp-password --from-literal=password=<SMTP_PASSWORD>

2.4.2 修改 values.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
gitlab:
  smtp:
    enabled: true
    address: "<SMTP_SERVER>"
    tls: true
    port: <SMTP_PORT>
    user_name: "[email protected]"
    password:
      secret: "gitlab-smtp-password"
      key: password
    authentication: "login" # SMTP 身份验证方式
    starttls_auto: false # 按需设置是否启用 STARTTLS
  email:
    from: "[email protected]"
    display_name: Gitlab # 发信显示名称
    reply_to: "[email protected]"

测试发信邮箱

2.5 其他设置

1
2
prometheus:
  install: false

3. 部署 Helm

3.1 测试配置编写是否正确

1
helm install gitlab . --dry-run --debug

3.2 部署 GitLab

1
helm install gitlab . --namespace gitlab --create-namespace

3.2.1 部署日志

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
NAME: gitlab
LAST DEPLOYED: Sun Mar  9 04:01:01 2025
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
NOTES:
=== NOTICE
GitLab 18/GitLab chart 9.0 will release in May 2025.
Please check the upcoming deprecations and removals at:
* https://docs.gitlab.com/ee/update/deprecations.html#gitlab-180, and
* https://docs.gitlab.com/charts/releases/9_0.html.

=== CRITICAL
The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
- PostgreSQL
- Redis
- Gitaly
- MinIO

=== NOTICE
The minimum required version of PostgreSQL is now 14. See https://docs.gitlab.com/charts/installation/upgrade.html for more details.

=== NOTICE
You've installed GitLab Runner without the ability to use 'docker in docker'.
The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we
chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=helm&release=17-9

3.3 获取初始密码

用户名root,初始密码存储在*-gitlab-initial-root-password Secret 中

1
kubectl -n gitlab get secret gitlab-gitlab-initial-root-password -o jsonpath="{.data.password}" | base64 --decode

3.4 测试发信邮箱

3.4.1 进入 gitlab-toolbox 容器

GitLab-Toolbox 容器是 GitLab 生态系统中的一个工具容器,主要用于辅助 GitLab 的部署、管理和维护。

1
kubectl -n gitlab exec -it $(kubectl -n gitlab get pod -l app=toolbox -o name) -- /bin/bash

3.4.2 使用 GitLab Rails 控制台进行发信测试

1
2
gitlab-rails console
Notify.test_email('<YOUR_EMAIL>', 'Gitlab Mail Test', 'Hello, world!').deliver_now

附录

重启 GitLab

1
kubectl delete pods -l release=<helm release name>,app=<component name>
运维 > DevOps
#GitLab #K8s
Helm 部署 GitLab
https://heeteve-blog.pages.dev/2025/03/Helm部署GitLab/
作者
Heeteve
发布于
2025年3月7日
许可协议