Openshift-GitLab安装及使用Nodeport支持ssh访问

部署Gitlab

1. 创建gitlab项目

   oc new-project gitlab

2. 创建cicd serviceaccount

   $ oc create serviceaccount cicd -n gitlab

3. 导入Gitlab模板

   wget https://gitee.com/xhua/OpenshiftOneClick/raw/3.11/openshift-templates/gitlab-template.yaml
   oc create -f openshift-template.json -n openshift

4. 创建持久化存储（如果没有pv的情况下）

   $ cat gitlab-pv.yaml
   apiVersion: v1
   items:
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
       creationTimestamp: null
       name: gitlabdata-volume
     spec:
       accessModes:
       - ReadWriteMany
       capacity:
         storage: 50Gi
       claimRef:
         apiVersion: v1
         kind: PersistentVolumeClaim
         name: gitlab-data
         namespace: gitlab
       nfs:
         path: /mnt/gitlabdata
         server: 192.168.0.13
       persistentVolumeReclaimPolicy: Retain
     status: {}
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
       creationTimestamp: null
       name: gitlabpostgresql-volume
     spec:
       accessModes:
       - ReadWriteMany
       capacity:
         storage: 10Gi
       claimRef:
         apiVersion: v1
         kind: PersistentVolumeClaim
         name: gitlab-postgresql
         namespace: gitlab
       nfs:
         path: /mnt/gitlabpostgresql
         server: 192.168.0.13
       persistentVolumeReclaimPolicy: Retain
     status: {}
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
       creationTimestamp: null
       name: gitlabredisdata-volume
     spec:
       accessModes:
       - ReadWriteMany
       capacity:
         storage: 50Gi
       claimRef:
         apiVersion: v1
         kind: PersistentVolumeClaim
         name: gitlab-redis-data
         namespace: gitlab
       nfs:
         path: /mnt/gitlabredisdata
         server: 192.168.0.13
       persistentVolumeReclaimPolicy: Retain
     status: {}
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
       creationTimestamp: null
       name: gitlabetc-volume
     spec:
       accessModes:
       - ReadWriteMany
       capacity:
         storage: 50Gi
       claimRef:
         apiVersion: v1
         kind: PersistentVolumeClaim
         name: gitlab-etc
         namespace: gitlab
       nfs:
         path: /mnt/gitlabetc
         server: 192.168.0.13
       persistentVolumeReclaimPolicy: Retain
     status: {}
   $ oc create gitlab-pv.yaml

5. 给gitlab 容器使用root用户的权限

   $  oc adm  policy add-scc-to-user anyuid -z cicd -n gitlab

6. 在Openshift上创建gitlab应用

设置gitlab安装配置（自定义）

7. 通过访问Route访问gitlab
   在访问的机器上hosts文件中配置Router Host与Ip的对应
   用户名（root） 密码（根据自定义配置中设定）

使用Nodeport让gitlab服务支持ssh访问

• Openshift上的服务最常使用的是Route来对外提供服务。但是Route只支持Http协议，而对于Gitlab通过ssh访问的方式，得通过TCP协议。所以可以使用NodePort向外提供服务。

1. 创建NodePort (30022->gitlab 22)

   $ cat gitlab-nodeport.yaml
   apiVersion: v1
   kind: Service
   metadata:
     name: gitlab-nodeport
     namespace: gitlab
     labels:
       name: gitlab-nodeport
   spec:
     type: NodePort
     ports:
       - port: 22
         nodePort: 30022
         name: ssh
     selector:
       app: gitlab-ce
       deploymentconfig: gitlab-ce
   $ oc create -f gitlab-nodeport.yaml

2. 将本机的公钥拷贝到gitlab网站的ssh key管理

3.客户端clone代码

git clone ssh://git@gitlab.apps.it.example.com:30022/root/test.git
# 或者
git clone ssh://git@192.168.1.x:30022/root/test.git ##192.168.1.x为集群中任意Node的ip

注意：因为Nodeport使用的不是ssh默认的22端口，在clone时必须在前缀使用ssh://，同时在git服务后添加:NodePort端口号
4. 结果展示

[root@gitlab ~]# git clone ssh://git@gitlab.apps.it.example.com:30022/root/test.git
Cloning into 'test'...
Warning: Permanently added '[gitlab.apps.it.example.com]:30022,[192.168.1.3]:30022' (ECDSA) to the list of known hosts.
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 12 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (12/12), done.

参考资源

https://docs.gitlab.com/ee/install/openshift_and_gitlab/index.html