feat(gitlab): Move secrets to proper secret manifests
This commit is contained in:
parent
bdf97dbfc3
commit
1dbbdb498b
@ -1,60 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gitlab-config
|
||||
namespace: gitlab
|
||||
data:
|
||||
gitlab.rb: |
|
||||
external_url 'https://git.beta.halia.dev'
|
||||
gitlab_rails['gitlab_default_theme'] = 2
|
||||
registry_external_url 'https://git.beta.halia.dev'
|
||||
puma['worker_processes'] = 0
|
||||
sidekiq['max_concurrency'] = 5
|
||||
nginx['listen_port'] = 80
|
||||
nginx['listen_https'] = false
|
||||
gitlab_kas['enable'] = true
|
||||
registry_nginx['enable'] = true
|
||||
registry_nginx['proxy_set_headers'] = {
|
||||
"X-Forwarded-Proto" => "https",
|
||||
"X-Forwarded-Ssl" => "on"
|
||||
}
|
||||
registry_nginx['listen_port'] = 5050
|
||||
registry_nginx['listen_https'] = false
|
||||
prometheus['enable'] = false
|
||||
gitaly['env'] = {
|
||||
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
|
||||
}
|
||||
gitaly['ruby_max_rss'] = 200_000_000
|
||||
gitaly['concurrency'] = [
|
||||
{
|
||||
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
|
||||
'max_per_repo' => 3
|
||||
}, {
|
||||
'rpc' => "/gitaly.SSHService/SSHUploadPack",
|
||||
'max_per_repo' => 3
|
||||
}
|
||||
]
|
||||
node_exporter['listen_address'] = '0.0.0.0:9100'
|
||||
gitlab_workhorse['prometheus_listen_addr'] = '0.0.0.0:9229'
|
||||
gitlab_exporter['listen_address'] = '0.0.0.0'
|
||||
gitlab_exporter['listen_port'] = '9168'
|
||||
sidekiq['listen_address'] = '0.0.0.0'
|
||||
redis_exporter['listen_address'] = '0.0.0.0:9121'
|
||||
postgres_exporter['listen_address'] = '0.0.0.0:9187'
|
||||
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
|
||||
gitlab_rails['monitoring_whitelist'] = ['0.0.0.0']
|
||||
gitlab_rails['prometheus_address'] = '0.0.0.0:9090'
|
||||
nginx['status']['options'] = {
|
||||
"server_tokens" => "off",
|
||||
"access_log" => "off",
|
||||
"allow" => "0.0.0.0",
|
||||
"deny" => "all",
|
||||
}
|
||||
postgresql['enable'] = false
|
||||
gitlab_rails['db_adapter'] = 'postgresql'
|
||||
gitlab_rails['db_encoding'] = 'unicode'
|
||||
gitlab_rails['db_host'] = 'localhost'
|
||||
gitlab_rails['db_password'] = 'aberation'
|
||||
gitlab_rails['manage_backup_path'] = true
|
||||
gitlab_rails['backup_path'] = "/backups"
|
||||
|
@ -19,12 +19,22 @@ spec:
|
||||
containers:
|
||||
- name: gitlab
|
||||
image: git.halia.dev/athens-school/gitlab:15.5.0-amd64
|
||||
lifecycle:
|
||||
postStart:
|
||||
exec:
|
||||
command: [
|
||||
'/bin/sh',
|
||||
'-c',
|
||||
'cp /etc/gitlab/gitlab-secrets.reference /etc/gitlab/gitlab-secrets.json && cp /etc/gitlab/reference.rb /etc/gitlab/gitlab.rb && chmod 600 /etc/gitlab/gitlab.rb']
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: "/etc/gitlab/gitlab.rb"
|
||||
name: gitlab-config-volume
|
||||
subPath: gitlab.rb
|
||||
- mountPath: "/etc/gitlab/reference.rb"
|
||||
name: gitlab-config-secret
|
||||
subPath: reference.rb
|
||||
- mountPath: "/etc/gitlab/gitlab-secrets.reference"
|
||||
name: gitlab-secrets
|
||||
subPath: gitlab-secrets.reference
|
||||
- mountPath: "/var/opt/gitlab"
|
||||
name: gitlab-pv
|
||||
- name: gitlab-db
|
||||
@ -45,15 +55,18 @@ spec:
|
||||
name: gitlab-backup
|
||||
subPath: backups
|
||||
volumes:
|
||||
- name: gitlab-db-pv
|
||||
hostPath:
|
||||
path: "/mnt/gitlab/db"
|
||||
- name: gitlab-pv
|
||||
hostPath:
|
||||
path: "/mnt/gitlab/data"
|
||||
- name: gitlab-config-volume
|
||||
configMap:
|
||||
name: gitlab-config
|
||||
- name: gitlab-config-secret
|
||||
secret:
|
||||
secretName: gitlab-config
|
||||
- name: gitlab-secrets
|
||||
secret:
|
||||
secretName: gitlab-secrets
|
||||
- name: gitlab-db-pv
|
||||
hostPath:
|
||||
path: "/mnt/gitlab/db"
|
||||
- name: gitlab-backup
|
||||
persistentVolumeClaim:
|
||||
claimName: gitlab-backup-pvc
|
||||
|
8
gitlab/gitlab-secret-config.yaml
Normal file
8
gitlab/gitlab-secret-config.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
reference.rb: ZXh0ZXJuYWxfdXJsICdodHRwczovL2dpdC5iZXRhLmhhbGlhLmRldicKZ2l0bGFiX3JhaWxzWydnaXRsYWJfZGVmYXVsdF90aGVtZSddID0gMgpyZWdpc3RyeV9leHRlcm5hbF91cmwgJ2h0dHBzOi8vZ2l0LmJldGEuaGFsaWEuZGV2JwpwdW1hWyd3b3JrZXJfcHJvY2Vzc2VzJ10gPSAwCnNpZGVraXFbJ21heF9jb25jdXJyZW5jeSddID0gNQpuZ2lueFsnbGlzdGVuX3BvcnQnXSA9IDgwCm5naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCmdpdGxhYl9rYXNbJ2VuYWJsZSddID0gdHJ1ZQpyZWdpc3RyeV9uZ2lueFsnZW5hYmxlJ10gPSB0cnVlCnJlZ2lzdHJ5X25naW54Wydwcm94eV9zZXRfaGVhZGVycyddID0gewogICJYLUZvcndhcmRlZC1Qcm90byIgPT4gImh0dHBzIiwKICAiWC1Gb3J3YXJkZWQtU3NsIiA9PiAib24iCn0KcmVnaXN0cnlfbmdpbnhbJ2xpc3Rlbl9wb3J0J10gPSA1MDUwCnJlZ2lzdHJ5X25naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCnByb21ldGhldXNbJ2VuYWJsZSddID0gZmFsc2UKZ2l0YWx5WydlbnYnXSA9IHsKICAnR0lUQUxZX0NPTU1BTkRfU1BBV05fTUFYX1BBUkFMTEVMJyA9PiAnMicKfQpnaXRhbHlbJ3J1YnlfbWF4X3JzcyddID0gMjAwXzAwMF8wMDAKZ2l0YWx5Wydjb25jdXJyZW5jeSddID0gWwogIHsKICAgICdycGMnID0+ICIvZ2l0YWx5LlNtYXJ0SFRUUFNlcnZpY2UvUG9zdFJlY2VpdmVQYWNrIiwKICAgICdtYXhfcGVyX3JlcG8nID0+IDMKICB9LCB7CiAgICAncnBjJyA9PiAiL2dpdGFseS5TU0hTZXJ2aWNlL1NTSFVwbG9hZFBhY2siLAogICAgJ21heF9wZXJfcmVwbycgPT4gMwogIH0KXQpub2RlX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEwMCcKZ2l0bGFiX3dvcmtob3JzZVsncHJvbWV0aGV1c19saXN0ZW5fYWRkciddID0gJzAuMC4wLjA6OTIyOScKZ2l0bGFiX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCmdpdGxhYl9leHBvcnRlclsnbGlzdGVuX3BvcnQnXSA9ICc5MTY4JwpzaWRla2lxWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCnJlZGlzX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEyMScKcG9zdGdyZXNfZXhwb3J0ZXJbJ2xpc3Rlbl9hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MTg3JwpnaXRhbHlbJ3Byb21ldGhldXNfbGlzdGVuX2FkZHInXSA9ICcwLjAuMC4wOjkyMzYnCmdpdGxhYl9yYWlsc1snbW9uaXRvcmluZ193aGl0ZWxpc3QnXSA9IFsnMC4wLjAuMCddCmdpdGxhYl9yYWlsc1sncHJvbWV0aGV1c19hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MDkwJwpuZ2lueFsnc3RhdHVzJ11bJ29wdGlvbnMnXSA9IHsKICAic2VydmVyX3Rva2VucyIgPT4gIm9mZiIsCiAgImFjY2Vzc19sb2ciID0+ICJvZmYiLAogICJhbGxvdyIgPT4gIjAuMC4wLjAiLAogICJkZW55IiA9PiAiYWxsIiwKfQpwb3N0Z3Jlc3FsWydlbmFibGUnXSA9IGZhbHNlCmdpdGxhYl9yYWlsc1snZGJfYWRhcHRlciddID0gJ3Bvc3RncmVzcWwnCmdpdGxhYl9yYWlsc1snZGJfZW5jb2RpbmcnXSA9ICd1bmljb2RlJwpnaXRsYWJfcmFpbHNbJ2RiX2hvc3QnXSA9ICdsb2NhbGhvc3QnCmdpdGxhYl9yYWlsc1snZGJfcGFzc3dvcmQnXSA9ICdhYmVyYXRpb24nCmdpdGxhYl9yYWlsc1snbWFuYWdlX2JhY2t1cF9wYXRoJ10gPSB0cnVlCmdpdGxhYl9yYWlsc1snYmFja3VwX3BhdGgnXSA9ICIvYmFja3VwcyIK
|
||||
kind: Secret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gitlab-config
|
||||
namespace: gitlab
|
Loading…
Reference in New Issue
Block a user