Skip to content

gitlab.md

Latest commit

 

History

History
214 lines (159 loc) · 6.38 KB

gitlab.md

File metadata and controls

214 lines (159 loc) · 6.38 KB

GitLab Service

GitLab is a complete DevOps platform providing Git repository hosting, CI/CD pipelines, issue tracking, and container registry.

Overview

  • Namespace: gitops
  • Version: Community Edition (latest)
  • Port: 80/443 (application), 443 (nginx-tls)
  • Storage: 50Gi for repositories, 10Gi each for PostgreSQL/Redis
  • Access: VPN-only via HTTPS
  • Authentication: LDAP via FreeIPA (optional) + local users

Features

  • Git Repository Hosting - Full Git server with web interface
  • CI/CD Pipelines - Built-in continuous integration and deployment
  • Container Registry - Docker image registry
  • Issue Tracking - Project management and bug tracking
  • Wiki - Documentation platform
  • Merge Requests - Code review workflow
  • LDAP Integration - FreeIPA authentication support

Architecture

GitLab in Charon follows the 3-container StatefulSet pattern:

┌─────────────────────────────────────────┐
│           GitLab StatefulSet            │
├─────────────────────────────────────────┤
│  ┌──────────┐  ┌────────────────────┐  │
│  │ nginx-   │─▶│    GitLab CE      │  │
│  │ tls      │  │   (port 80)       │  │
│  │ (443)    │  └────────────────────┘  │
│  └──────────┘           │               │
│                         ▼               │
│              ┌──────────────────┐       │
│              │   PostgreSQL     │       │
│              │   (built-in)     │       │
│              └──────────────────┘       │
│                         │               │
│              ┌──────────────────┐       │
│              │     Redis        │       │
│              │   (built-in)     │       │
│              └──────────────────┘       │
│                                         │
│  ┌──────────┐                          │
│  │Tailscale │ VPN connectivity         │
│  └──────────┘                          │
└─────────────────────────────────────────┘

Configuration

Enable GitLab

In terraform.tfvars:

gitlab_enabled           = true
gitlab_hostname          = "gitlab.example.com"
gitlab_tailscale_enabled = true

Apply Configuration

cd terraform
terraform apply

This will:

  1. Deploy GitLab StatefulSet with PostgreSQL and Redis
  2. Configure TLS certificates via cert-manager
  3. Set up DNS records automatically
  4. Enable VPN access via Tailscale

Initial Setup

Access GitLab

After deployment:

# Connect to VPN first
tailscale up --login-server https://vpn.example.com

# Access GitLab
open https://gitlab.example.com

Get Initial Root Password

# GitLab generates a random root password on first startup
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  cat /etc/gitlab/initial_root_password

Configure Admin Account

  1. Login with username root and the initial password
  2. Change the root password immediately
  3. Create admin users as needed

LDAP Integration (Optional)

GitLab can be configured to use FreeIPA for authentication:

  1. Access GitLab admin panel
  2. Navigate to Admin → Settings → General → LDAP
  3. Configure with FreeIPA settings:
    • Host: freeipa.core.svc.cluster.local
    • Port: 636 (LDAPS)
    • Base DN: cn=users,cn=accounts,dc=example,dc=org

Storage Configuration

GitLab uses persistent volumes for:

  • Git repositories: 50Gi
  • PostgreSQL database: 10Gi
  • Redis cache: 10Gi
  • GitLab config: 1Gi

All volumes use the block_storage_class_retain StorageClass to prevent data loss.

Backup and Restore

Backup GitLab Data

# Create a backup
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-backup create

# List backups
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  ls /var/opt/gitlab/backups

Restore from Backup

# Stop GitLab services
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-ctl stop unicorn
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-ctl stop sidekiq

# Restore backup (replace TIMESTAMP)
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-backup restore BACKUP=TIMESTAMP_gitlab_backup.tar

# Restart GitLab
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-ctl restart

Troubleshooting

Check GitLab Status

# View pod status
kubectl get pod -n gitops gitlab-0

# Check GitLab services
kubectl exec -n gitops gitlab-0 -c gitlab -- gitlab-ctl status

# View logs
kubectl logs -n gitops gitlab-0 -c gitlab
kubectl logs -n gitops gitlab-0 -c nginx-tls
kubectl logs -n gitops gitlab-0 -c tailscale

Common Issues

GitLab not starting:

  • Check available storage: kubectl get pvc -n gitops
  • Verify PostgreSQL is running: kubectl exec -n gitops gitlab-0 -c gitlab -- gitlab-psql --version

Cannot access via HTTPS:

  • Verify certificate: kubectl get certificate -n gitops gitlab-tls
  • Check nginx-tls logs: kubectl logs -n gitops gitlab-0 -c nginx-tls

CI/CD runners not connecting:

  • Ensure runners are on VPN network
  • Check runner registration token in Admin → Overview → Runners

CI/CD Setup

Register a Runner

# Get registration token from GitLab UI or:
kubectl exec -n gitops gitlab-0 -c gitlab -- \
  gitlab-rails runner "puts Gitlab::CurrentSettings.current_application_settings.runners_registration_token"

# Register runner (from runner machine)
gitlab-runner register \
  --url https://gitlab.example.com \
  --registration-token <token>

Related Documentation

Navigation: Documentation Index | Services | Home