Created
July 19, 2021 03:12
-
-
Save duyhenryer/efa60f7bf4f4d93f07310ee91779b1ad to your computer and use it in GitHub Desktop.
GitLab stuff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Start minikube | |
minikube ip || minikube start --vm-driver=kvm2 --cpus=8 --memory=10000 --insecure-registry=192.168.0.0/16 | |
for addon in default-storageclass ingress storage-provisioner | |
do | |
minikube addons list | grep $addon | grep -q enabled || minikube addons enable $addon | |
done | |
# Init helm | |
helm repo add gitlab https://charts.gitlab.io/ | |
helm repo update | |
# Gensecrets | |
SECRETS_DIR=$(mktemp -d) | |
kubectl create ns gitlab | |
kubectl -n gitlab create secret generic gitlab-initial-root-password --from-literal=password=testPass || true | |
kubectl -n gitlab create secret generic gitlab-runner-secret --from-literal=runner-registration-token=testRegistrationToken || true | |
# Deploy gitlab | |
helm upgrade gitlab gitlab/gitlab \ | |
--namespace gitlab \ | |
--install \ | |
--set global.edition=ce \ | |
--set global.hosts.domain=$(minikube ip).xip.io \ | |
--set global.ingress.configureCertmanager=false \ | |
--set global.ingress.enabled=true \ | |
--set global.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \ | |
--set global.initialRootPassword.secret=gitlab-initial-root-password \ | |
--set global.initialRootPassword.key=password \ | |
--set global.runner.registrationToken.secret=gitlab-runner-secret \ | |
--set certmanager.install=false \ | |
--set nginx-ingress.enabled=false \ | |
--set gitlab-runner.install=true \ | |
--set gitlab-runner.runnerRegistrationToken=testRegistrationToken \ | |
--set gitlab-runner.runners.privileged=false | |
# Settings | |
printf 'Allow local network requests!\n' | |
if [ -d ~/.ssh ]; then | |
printf 'Add your ssh keys:\n' | |
for key in ~/.ssh/*.pub; do printf '\n%s\n' "$( cat $key )"; done | |
fi | |
# GitLab runner | |
printf 'GitLab runner token: ' && read TOKEN | |
kubectl create namespace gitlab --dry-run -o yaml --save-config | kubectl apply -f - | |
kubectl -n gitlab create serviceaccount gitlab-runner-sa --dry-run -o yaml --save-config | kubectl apply -f - | |
kubectl create clusterrolebinding gitlab-runner-sa --clusterrole=cluster-admin --serviceaccount=gitlab:gitlab-runner-sa --dry-run -o yaml --save-config | kubectl apply -f - | |
kubectl -n gitlab apply -f - <<EOF | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: gitlab-runner-certs | |
data: | |
gitlab.$(minikube ip).xip.io.crt: "$(kubectl -n gitlab get secret gitlab-wildcard-tls-ca -o jsonpath='{.data.cfssl_ca}')" | |
EOF | |
helm upgrade gitlab-runner gitlab/gitlab-runner \ | |
--namespace gitlab \ | |
--install \ | |
--atomic \ | |
--timeout 600 \ | |
--set gitlabUrl="https://gitlab.$(minikube ip).xip.io" \ | |
--set certsSecretName=gitlab-runner-certs \ | |
--set runnerRegistrationToken="$TOKEN" \ | |
--set checkInterval=5 \ | |
--set concurrent=50 \ | |
--set rbac.create=true \ | |
--set runners.image=debian:9 \ | |
--set runners.privileged=true \ | |
--set runners.locked=false \ | |
--set runners.serviceAccountName=gitlab-runner-sa | |
# Edit ~/.ssh/known_hosts | |
if [ -f ~/.ssh/known_hosts ]; then | |
NEWHOSTS=$(mktemp) | |
grep -v "$(hostname)" ~/.ssh/known_hosts | grep -v "$(minikube ip)" > "$NEWHOSTS" | |
cat < "$NEWHOSTS" > ~/.ssh/known_hosts | |
rm "$NEWHOSTS" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment