GitLab
Kubernetes Administration
Notes on deploying GitLab using their Helm chart.
Setup
To use your own PVs and PVCs,
- Create your own PVs and PVCs for gitaly, postgres, and redis.
- Setup a PV for minio.
- Note that the gitaly PVC should be named
repo-data-gitlab-gitaly-0
- Note that the gitaly PVC should be named
- Set the following values:
minio: replicas: 2 persistence: volumeName: gitlab-minio redis: persistence: existingClaim: gitlab-redis postgresql: persistence: existingClaim: gitlab-postgres
Migration from Omnibus Install
Omnibus Administration
Here are notes on running your own gitlab instance.
Note: I've migrated from the Omnibus install to the helm charts.
Terms
- unicorn - this is the web server portion of gitlab
- sidekiq - the background job processor
Basic Commands
sudo gitlab-ctl start sudo gitlab-ctl stop sudo gitlab-ctl restart
LFS
Edit the config in /etc/gitlab/gitlab.rb
and set the following:
### Git LFS gitlab_rails['lfs_enabled'] = true gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
- Notes
- If you change the LFS directory, you should run
sudo gitlab-ctl reconfigure
- The LFS directory should be
700
andgit:root
. - Parent directories need to have permissions
775
withgit
in the group or owned by usergit
. - See https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management for more details.
- The LFS directory should be
The easiest way if you have very few users like me is to setup a separate gmail account.
Then use forwardemail.net such that the separate gmail account can send using your domain.
Then fill in the configuration.
See settings:smtp#gmail.
Also set:
gitlab_rails['gitlab_email_from'] = '[email protected]'
Container Registry
In /etc/gitlab/gitlab.rb
, edit the following:
registry_external_url 'https://gitlab.davidl.me:5050' ### Settings used by GitLab application gitlab_rails['registry_enabled'] = true gitlab_rails['registry_host'] = "gitlab.davidl.me" gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" registry_nginx['enable'] = false
Then have your reverse proxy terminate TLS and forward 5050 to 5000.