feat(gitlab): Move secrets to proper secret manifests
This commit is contained in:
parent
bdf97dbfc3
commit
1dbbdb498b
@ -1,60 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: gitlab-config
|
|
||||||
namespace: gitlab
|
|
||||||
data:
|
|
||||||
gitlab.rb: |
|
|
||||||
external_url 'https://git.beta.halia.dev'
|
|
||||||
gitlab_rails['gitlab_default_theme'] = 2
|
|
||||||
registry_external_url 'https://git.beta.halia.dev'
|
|
||||||
puma['worker_processes'] = 0
|
|
||||||
sidekiq['max_concurrency'] = 5
|
|
||||||
nginx['listen_port'] = 80
|
|
||||||
nginx['listen_https'] = false
|
|
||||||
gitlab_kas['enable'] = true
|
|
||||||
registry_nginx['enable'] = true
|
|
||||||
registry_nginx['proxy_set_headers'] = {
|
|
||||||
"X-Forwarded-Proto" => "https",
|
|
||||||
"X-Forwarded-Ssl" => "on"
|
|
||||||
}
|
|
||||||
registry_nginx['listen_port'] = 5050
|
|
||||||
registry_nginx['listen_https'] = false
|
|
||||||
prometheus['enable'] = false
|
|
||||||
gitaly['env'] = {
|
|
||||||
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
|
|
||||||
}
|
|
||||||
gitaly['ruby_max_rss'] = 200_000_000
|
|
||||||
gitaly['concurrency'] = [
|
|
||||||
{
|
|
||||||
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
|
|
||||||
'max_per_repo' => 3
|
|
||||||
}, {
|
|
||||||
'rpc' => "/gitaly.SSHService/SSHUploadPack",
|
|
||||||
'max_per_repo' => 3
|
|
||||||
}
|
|
||||||
]
|
|
||||||
node_exporter['listen_address'] = '0.0.0.0:9100'
|
|
||||||
gitlab_workhorse['prometheus_listen_addr'] = '0.0.0.0:9229'
|
|
||||||
gitlab_exporter['listen_address'] = '0.0.0.0'
|
|
||||||
gitlab_exporter['listen_port'] = '9168'
|
|
||||||
sidekiq['listen_address'] = '0.0.0.0'
|
|
||||||
redis_exporter['listen_address'] = '0.0.0.0:9121'
|
|
||||||
postgres_exporter['listen_address'] = '0.0.0.0:9187'
|
|
||||||
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
|
|
||||||
gitlab_rails['monitoring_whitelist'] = ['0.0.0.0']
|
|
||||||
gitlab_rails['prometheus_address'] = '0.0.0.0:9090'
|
|
||||||
nginx['status']['options'] = {
|
|
||||||
"server_tokens" => "off",
|
|
||||||
"access_log" => "off",
|
|
||||||
"allow" => "0.0.0.0",
|
|
||||||
"deny" => "all",
|
|
||||||
}
|
|
||||||
postgresql['enable'] = false
|
|
||||||
gitlab_rails['db_adapter'] = 'postgresql'
|
|
||||||
gitlab_rails['db_encoding'] = 'unicode'
|
|
||||||
gitlab_rails['db_host'] = 'localhost'
|
|
||||||
gitlab_rails['db_password'] = 'aberation'
|
|
||||||
gitlab_rails['manage_backup_path'] = true
|
|
||||||
gitlab_rails['backup_path'] = "/backups"
|
|
||||||
|
|
@ -19,12 +19,22 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: gitlab
|
- name: gitlab
|
||||||
image: git.halia.dev/athens-school/gitlab:15.5.0-amd64
|
image: git.halia.dev/athens-school/gitlab:15.5.0-amd64
|
||||||
|
lifecycle:
|
||||||
|
postStart:
|
||||||
|
exec:
|
||||||
|
command: [
|
||||||
|
'/bin/sh',
|
||||||
|
'-c',
|
||||||
|
'cp /etc/gitlab/gitlab-secrets.reference /etc/gitlab/gitlab-secrets.json && cp /etc/gitlab/reference.rb /etc/gitlab/gitlab.rb && chmod 600 /etc/gitlab/gitlab.rb']
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: "/etc/gitlab/gitlab.rb"
|
- mountPath: "/etc/gitlab/reference.rb"
|
||||||
name: gitlab-config-volume
|
name: gitlab-config-secret
|
||||||
subPath: gitlab.rb
|
subPath: reference.rb
|
||||||
|
- mountPath: "/etc/gitlab/gitlab-secrets.reference"
|
||||||
|
name: gitlab-secrets
|
||||||
|
subPath: gitlab-secrets.reference
|
||||||
- mountPath: "/var/opt/gitlab"
|
- mountPath: "/var/opt/gitlab"
|
||||||
name: gitlab-pv
|
name: gitlab-pv
|
||||||
- name: gitlab-db
|
- name: gitlab-db
|
||||||
@ -45,15 +55,18 @@ spec:
|
|||||||
name: gitlab-backup
|
name: gitlab-backup
|
||||||
subPath: backups
|
subPath: backups
|
||||||
volumes:
|
volumes:
|
||||||
- name: gitlab-db-pv
|
|
||||||
hostPath:
|
|
||||||
path: "/mnt/gitlab/db"
|
|
||||||
- name: gitlab-pv
|
- name: gitlab-pv
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/mnt/gitlab/data"
|
path: "/mnt/gitlab/data"
|
||||||
- name: gitlab-config-volume
|
- name: gitlab-config-secret
|
||||||
configMap:
|
secret:
|
||||||
name: gitlab-config
|
secretName: gitlab-config
|
||||||
|
- name: gitlab-secrets
|
||||||
|
secret:
|
||||||
|
secretName: gitlab-secrets
|
||||||
|
- name: gitlab-db-pv
|
||||||
|
hostPath:
|
||||||
|
path: "/mnt/gitlab/db"
|
||||||
- name: gitlab-backup
|
- name: gitlab-backup
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: gitlab-backup-pvc
|
claimName: gitlab-backup-pvc
|
||||||
|
8
gitlab/gitlab-secret-config.yaml
Normal file
8
gitlab/gitlab-secret-config.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
reference.rb: ZXh0ZXJuYWxfdXJsICdodHRwczovL2dpdC5iZXRhLmhhbGlhLmRldicKZ2l0bGFiX3JhaWxzWydnaXRsYWJfZGVmYXVsdF90aGVtZSddID0gMgpyZWdpc3RyeV9leHRlcm5hbF91cmwgJ2h0dHBzOi8vZ2l0LmJldGEuaGFsaWEuZGV2JwpwdW1hWyd3b3JrZXJfcHJvY2Vzc2VzJ10gPSAwCnNpZGVraXFbJ21heF9jb25jdXJyZW5jeSddID0gNQpuZ2lueFsnbGlzdGVuX3BvcnQnXSA9IDgwCm5naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCmdpdGxhYl9rYXNbJ2VuYWJsZSddID0gdHJ1ZQpyZWdpc3RyeV9uZ2lueFsnZW5hYmxlJ10gPSB0cnVlCnJlZ2lzdHJ5X25naW54Wydwcm94eV9zZXRfaGVhZGVycyddID0gewogICJYLUZvcndhcmRlZC1Qcm90byIgPT4gImh0dHBzIiwKICAiWC1Gb3J3YXJkZWQtU3NsIiA9PiAib24iCn0KcmVnaXN0cnlfbmdpbnhbJ2xpc3Rlbl9wb3J0J10gPSA1MDUwCnJlZ2lzdHJ5X25naW54WydsaXN0ZW5faHR0cHMnXSA9IGZhbHNlCnByb21ldGhldXNbJ2VuYWJsZSddID0gZmFsc2UKZ2l0YWx5WydlbnYnXSA9IHsKICAnR0lUQUxZX0NPTU1BTkRfU1BBV05fTUFYX1BBUkFMTEVMJyA9PiAnMicKfQpnaXRhbHlbJ3J1YnlfbWF4X3JzcyddID0gMjAwXzAwMF8wMDAKZ2l0YWx5Wydjb25jdXJyZW5jeSddID0gWwogIHsKICAgICdycGMnID0+ICIvZ2l0YWx5LlNtYXJ0SFRUUFNlcnZpY2UvUG9zdFJlY2VpdmVQYWNrIiwKICAgICdtYXhfcGVyX3JlcG8nID0+IDMKICB9LCB7CiAgICAncnBjJyA9PiAiL2dpdGFseS5TU0hTZXJ2aWNlL1NTSFVwbG9hZFBhY2siLAogICAgJ21heF9wZXJfcmVwbycgPT4gMwogIH0KXQpub2RlX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEwMCcKZ2l0bGFiX3dvcmtob3JzZVsncHJvbWV0aGV1c19saXN0ZW5fYWRkciddID0gJzAuMC4wLjA6OTIyOScKZ2l0bGFiX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCmdpdGxhYl9leHBvcnRlclsnbGlzdGVuX3BvcnQnXSA9ICc5MTY4JwpzaWRla2lxWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjAnCnJlZGlzX2V4cG9ydGVyWydsaXN0ZW5fYWRkcmVzcyddID0gJzAuMC4wLjA6OTEyMScKcG9zdGdyZXNfZXhwb3J0ZXJbJ2xpc3Rlbl9hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MTg3JwpnaXRhbHlbJ3Byb21ldGhldXNfbGlzdGVuX2FkZHInXSA9ICcwLjAuMC4wOjkyMzYnCmdpdGxhYl9yYWlsc1snbW9uaXRvcmluZ193aGl0ZWxpc3QnXSA9IFsnMC4wLjAuMCddCmdpdGxhYl9yYWlsc1sncHJvbWV0aGV1c19hZGRyZXNzJ10gPSAnMC4wLjAuMDo5MDkwJwpuZ2lueFsnc3RhdHVzJ11bJ29wdGlvbnMnXSA9IHsKICAic2VydmVyX3Rva2VucyIgPT4gIm9mZiIsCiAgImFjY2Vzc19sb2ciID0+ICJvZmYiLAogICJhbGxvdyIgPT4gIjAuMC4wLjAiLAogICJkZW55IiA9PiAiYWxsIiwKfQpwb3N0Z3Jlc3FsWydlbmFibGUnXSA9IGZhbHNlCmdpdGxhYl9yYWlsc1snZGJfYWRhcHRlciddID0gJ3Bvc3RncmVzcWwnCmdpdGxhYl9yYWlsc1snZGJfZW5jb2RpbmcnXSA9ICd1bmljb2RlJwpnaXRsYWJfcmFpbHNbJ2RiX2hvc3QnXSA9ICdsb2NhbGhvc3QnCmdpdGxhYl9yYWlsc1snZGJfcGFzc3dvcmQnXSA9ICdhYmVyYXRpb24nCmdpdGxhYl9yYWlsc1snbWFuYWdlX2JhY2t1cF9wYXRoJ10gPSB0cnVlCmdpdGxhYl9yYWlsc1snYmFja3VwX3BhdGgnXSA9ICIvYmFja3VwcyIK
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: gitlab-config
|
||||||
|
namespace: gitlab
|
Loading…
Reference in New Issue
Block a user