diff --git a/gitlab/configmap.yaml b/gitlab/configmap.yaml deleted file mode 100644 index af272c3..0000000 --- a/gitlab/configmap.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitlab-config - namespace: gitlab -data: - gitlab.rb: | - external_url 'https://git.beta.halia.dev' - gitlab_rails['gitlab_default_theme'] = 2 - registry_external_url 'https://git.beta.halia.dev' - puma['worker_processes'] = 0 - sidekiq['max_concurrency'] = 5 - nginx['listen_port'] = 80 - nginx['listen_https'] = false - gitlab_kas['enable'] = true - registry_nginx['enable'] = true - registry_nginx['proxy_set_headers'] = { - "X-Forwarded-Proto" => "https", - "X-Forwarded-Ssl" => "on" - } - registry_nginx['listen_port'] = 5050 - registry_nginx['listen_https'] = false - prometheus['enable'] = false - gitaly['env'] = { - 'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2' - } - gitaly['ruby_max_rss'] = 200_000_000 - gitaly['concurrency'] = [ - { - 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", - 'max_per_repo' => 3 - }, { - 'rpc' => "/gitaly.SSHService/SSHUploadPack", - 'max_per_repo' => 3 - } - ] - node_exporter['listen_address'] = '0.0.0.0:9100' - gitlab_workhorse['prometheus_listen_addr'] = '0.0.0.0:9229' - gitlab_exporter['listen_address'] = '0.0.0.0' - gitlab_exporter['listen_port'] = '9168' - sidekiq['listen_address'] = '0.0.0.0' - redis_exporter['listen_address'] = '0.0.0.0:9121' - postgres_exporter['listen_address'] = '0.0.0.0:9187' - gitaly['prometheus_listen_addr'] = '0.0.0.0:9236' - gitlab_rails['monitoring_whitelist'] = ['0.0.0.0'] - gitlab_rails['prometheus_address'] = '0.0.0.0:9090' - nginx['status']['options'] = { - "server_tokens" => "off", - "access_log" => "off", - "allow" => "0.0.0.0", - "deny" => "all", - } - postgresql['enable'] = false - gitlab_rails['db_adapter'] = 'postgresql' - gitlab_rails['db_encoding'] = 'unicode' - gitlab_rails['db_host'] = 'localhost' - gitlab_rails['db_password'] = 'aberation' - gitlab_rails['manage_backup_path'] = true - gitlab_rails['backup_path'] = "/backups" - diff --git a/gitlab/deployment.yaml b/gitlab/deployment.yaml index ae27163..14bb3f1 100644 --- a/gitlab/deployment.yaml +++ b/gitlab/deployment.yaml @@ -19,12 +19,22 @@ spec: containers: - name: gitlab image: git.halia.dev/athens-school/gitlab:15.5.0-amd64 + lifecycle: + postStart: + exec: + command: [ + '/bin/sh', + '-c', + 'cp /etc/gitlab/gitlab-secrets.reference /etc/gitlab/gitlab-secrets.json && cp /etc/gitlab/reference.rb /etc/gitlab/gitlab.rb && chmod 600 /etc/gitlab/gitlab.rb'] ports: - containerPort: 80 volumeMounts: - - mountPath: "/etc/gitlab/gitlab.rb" - name: gitlab-config-volume - subPath: gitlab.rb + - mountPath: "/etc/gitlab/reference.rb" + name: gitlab-config-secret + subPath: reference.rb + - mountPath: "/etc/gitlab/gitlab-secrets.reference" + name: gitlab-secrets + subPath: gitlab-secrets.reference - mountPath: "/var/opt/gitlab" name: gitlab-pv - name: gitlab-db @@ -45,15 +55,18 @@ spec: name: gitlab-backup subPath: backups volumes: - - name: gitlab-db-pv - hostPath: - path: "/mnt/gitlab/db" - name: gitlab-pv hostPath: path: "/mnt/gitlab/data" - - name: gitlab-config-volume - configMap: - name: gitlab-config + - name: gitlab-config-secret + secret: + secretName: gitlab-config + - name: gitlab-secrets + secret: + secretName: gitlab-secrets + - name: gitlab-db-pv + hostPath: + path: "/mnt/gitlab/db" - name: gitlab-backup persistentVolumeClaim: claimName: gitlab-backup-pvc diff --git a/gitlab/gitlab-secret-config.yaml b/gitlab/gitlab-secret-config.yaml new file mode 100644 index 0000000..f99969c --- /dev/null +++ b/gitlab/gitlab-secret-config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + reference.rb: ZXh0ZXJuYWxfdXJsICdodHRwczovL2dpdC5iZXRhLmhhbGlhLmRldicKZ2l0bGFiX3JhaWxzWydnaXRsYWJfZGVmYXVsdF90aGVtZSddID0gMgpyZWdpc3RyeV9leHRlcm5hbF91cmwgJ2h0dHBzOi8vZ2l0LmJldGEuaGFsaWEuZGV2JwpwdW1hWyd3b3JrZXJfcHJvY2Vzc2VzJ10gPSAwCnNpZGVraXFbJ21heF9jb25jdXJyZW5jeSddID0gNQpuZ2lueFsnbGlzdGVuX3BvcnQnXSA9IDgwCm5naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCmdpdGxhYl9rYXNbJ2VuYWJsZSddID0gdHJ1ZQpyZWdpc3RyeV9uZ2lueFsnZW5hYmxlJ10gPSB0cnVlCnJlZ2lzdHJ5X25naW54Wydwcm94eV9zZXRfaGVhZGVycyddID0gewogICJYLUZvcndhcmRlZC1Qcm90byIgPT4gImh0dHBzIiwKICAiWC1Gb3J3YXJkZWQtU3NsIiA9PiAib24iCn0KcmVnaXN0cnlfbmdpbnhbJ2xpc3Rlbl9wb3J0J10gPSA1MDUwCnJlZ2lzdHJ5X25naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCnByb21ldGhldXNbJ2VuYWJsZSddID0gZmFsc2UKZ2l0YWx5WydlbnYnXSA9IHsKICAnR0lUQUxZX0NPTU1BTkRfU1BBV05fTUFYX1BBUkFMTEVMJyA9PiAnMicKfQpnaXRhbHlbJ3J1YnlfbWF4X3JzcyddID0gMjAwXzAwMF8wMDAKZ2l0YWx5Wydjb25jdXJyZW5jeSddID0gWwogIHsKICAgICdycGMnID0+ICIvZ2l0YWx5LlNtYXJ0SFRUUFNlcnZpY2UvUG9zdFJlY2VpdmVQYWNrIiwKICAgICdtYXhfcGVyX3JlcG8nID0+IDMKICB9LCB7CiAgICAncnBjJyA9PiAiL2dpdGFseS5TU0hTZXJ2aWNlL1NTSFVwbG9hZFBhY2siLAogICAgJ21heF9wZXJfcmVwbycgPT4gMwogIH0KXQpub2RlX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEwMCcKZ2l0bGFiX3dvcmtob3JzZVsncHJvbWV0aGV1c19saXN0ZW5fYWRkciddID0gJzAuMC4wLjA6OTIyOScKZ2l0bGFiX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCmdpdGxhYl9leHBvcnRlclsnbGlzdGVuX3BvcnQnXSA9ICc5MTY4JwpzaWRla2lxWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCnJlZGlzX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEyMScKcG9zdGdyZXNfZXhwb3J0ZXJbJ2xpc3Rlbl9hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MTg3JwpnaXRhbHlbJ3Byb21ldGhldXNfbGlzdGVuX2FkZHInXSA9ICcwLjAuMC4wOjkyMzYnCmdpdGxhYl9yYWlsc1snbW9uaXRvcmluZ193aGl0ZWxpc3QnXSA9IFsnMC4wLjAuMCddCmdpdGxhYl9yYWlsc1sncHJvbWV0aGV1c19hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MDkwJwpuZ2lueFsnc3RhdHVzJ11bJ29wdGlvbnMnXSA9IHsKICAic2VydmVyX3Rva2VucyIgPT4gIm9mZiIsCiAgImFjY2Vzc19sb2ciID0+ICJvZmYiLAogICJhbGxvdyIgPT4gIjAuMC4wLjAiLAogICJkZW55IiA9PiAiYWxsIiwKfQpwb3N0Z3Jlc3FsWydlbmFibGUnXSA9IGZhbHNlCmdpdGxhYl9yYWlsc1snZGJfYWRhcHRlciddID0gJ3Bvc3RncmVzcWwnCmdpdGxhYl9yYWlsc1snZGJfZW5jb2RpbmcnXSA9ICd1bmljb2RlJwpnaXRsYWJfcmFpbHNbJ2RiX2hvc3QnXSA9ICdsb2NhbGhvc3QnCmdpdGxhYl9yYWlsc1snZGJfcGFzc3dvcmQnXSA9ICdhYmVyYXRpb24nCmdpdGxhYl9yYWlsc1snbWFuYWdlX2JhY2t1cF9wYXRoJ10gPSB0cnVlCmdpdGxhYl9yYWlsc1snYmFja3VwX3BhdGgnXSA9ICIvYmFja3VwcyIK +kind: Secret +metadata: + creationTimestamp: null + name: gitlab-config + namespace: gitlab