Created
July 27, 2023 03:54
-
-
Save jei0486/a75785c3e9a2b0dffe8ef933ca2d50a7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AWS Load Balancer Controller using ALB Ingress | |
| # https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/aws/alb-full.yaml | |
| # minimal settings needed to run gitlab on ALB | |
| # Note that when using an ALB ingress controller we need to use a separate NLB for gitlab-shell (ssh) connections. | |
| # Disable nginx-ingress | |
| nginx-ingress: | |
| enabled: false | |
| # Common settings for AWS Load Balancer Controller | |
| global: | |
| hosts: | |
| domain: example.com | |
| # we need a different dns endpoint for webservice and ssh | |
| ssh: gitlab-shell.example.com | |
| ingress: | |
| # Common annotations used by kas, registry, and webservice | |
| annotations: | |
| alb.ingress.kubernetes.io/backend-protocol: HTTP | |
| alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:123456789012:certificate/01234567-89ab-cdef-0123-456789abcdef | |
| alb.ingress.kubernetes.io/group.name: gitlab | |
| alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' | |
| alb.ingress.kubernetes.io/scheme: internet-facing | |
| alb.ingress.kubernetes.io/target-type: ip | |
| kubernetes.io/ingress.class: alb | |
| nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" | |
| class: none | |
| configureCertmanager: false | |
| enabled: true | |
| path: /* | |
| pathType: ImplementationSpecific | |
| provider: aws | |
| tls: | |
| enabled: false | |
| gitlab: | |
| kas: | |
| enabled: true | |
| ingress: | |
| # Specific annotations needed for kas service to support websockets | |
| annotations: | |
| alb.ingress.kubernetes.io/healthcheck-path: /liveness | |
| alb.ingress.kubernetes.io/healthcheck-port: "8151" | |
| alb.ingress.kubernetes.io/healthcheck-protocol: HTTP | |
| alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=4000,routing.http2.enabled=false | |
| alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400 | |
| alb.ingress.kubernetes.io/target-type: ip | |
| kubernetes.io/tls-acme: "true" | |
| nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" | |
| nginx.ingress.kubernetes.io/x-forwarded-prefix: "/path" | |
| # k8s services exposed via an ingress rule to an ELB need to be of type NodePort | |
| service: | |
| type: NodePort | |
| webservice: | |
| enabled: true | |
| service: | |
| type: NodePort | |
| # gitlab-shell (ssh) needs an NLB | |
| gitlab-shell: | |
| enabled: true | |
| service: | |
| annotations: | |
| external-dns.alpha.kubernetes.io/hostname: "gitlab-shell.example.com" | |
| service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" | |
| service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" | |
| service.beta.kubernetes.io/aws-load-balancer-type: "external" | |
| type: LoadBalancer | |
| registry: | |
| enabled: true | |
| service: | |
| type: NodePort |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment