Deploy cloud native gitlab on kubernetes in intranet environment, can't run chart without https
Summary
Deploy cloud native gitlab on kubernetes in intranet environment, can't run chart without https
Steps to reproduce
Deploy cloud native gitlab on kubernetes in intranet environment, can't run chart without https
Configuration used
1.0.2 values.yaml config files
# Default values for gitlab-chart.
# This is a YAML-formatted file.
global:
edition: ce
# gitlabVersion: master
application:
create: false
links: []
hosts:
domain: zyy.io
https: false
externalIP: 10.100.100.131
ingress:
configureCertmanager: false
annotations: {}
enabled: true
initialRootPassword: {}
psql:
password: {}
# host: myexternalsql.hostedsomewhere.else
# port: 123
# username: gitlab
# database: gitlabhq_production
redis:
password: {}
gitaly:
authToken: {}
internal:
names: ['default']
external: []
minio:
enabled: true
credentials: {}
appConfig:
issueClosingPattern:
defaultTheme:
webhookTimeout:
gravatar:
plainUrl:
sslUrl:
extra:
googleAnalyticsId:
piwikUrl:
piwikSiteId:
lfs:
bucket: git-lfs
connection: {}
artifacts:
bucket: gitlab-artifacts
connection: {}
uploads:
bucket: gitlab-uploads
connection: {}
backups:
bucket: gitlab-backups
tmpBucket: tmp
incomingEmail:
enabled: false
address: ""
host: "imap.gmail.com"
port: 993
ssl: true
startTls: false
user: ""
password:
secret: ""
key: password
mailbox: inbox
idleTimeout: 60
shell:
authToken: {}
hostKeys: {}
railsSecrets: {}
registry:
bucket: registry
certificate: {}
runner:
registrationToken: {}
# Outgoing email server settings
smtp:
enabled: false
address: smtp.mailgun.org
port: 2525
user_name: ""
password:
secret: ""
key: password
# domain:
authentication: "plain"
starttls_auto: false
openssl_verify_mode: "peer"
# Email persona used in email sent by GitLab
email:
from: ''
display_name: GitLab
reply_to: ''
subject_suffix: ''
time_zone: Beijing
service:
annotations: {}
antiAffinity: soft
workhorse: {}
# configuration of certificates container & custom CA injection
certificates:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/alpine-certificates
tag: 20171114-r3
customCAs: []
# - secret: custom-CA
# - secret: more-custom-CAs
# Settings to for the Let's Encrypt ACME Issuer
# certmanager-issuer:
# The email address to register certificates requested from Let's Encrypt. Required if using Let's Encrypt.
# email: email@example.com
certmanager:
# Install cert-manager chart. Set to false if you already have cert-manager
# installed or if you are not using cert-manager.
install: false
# Other cert-manager configurations from upstream
# See https://github.com/kubernetes/charts/tree/master/stable/cert-manager#configuration
rbac:
create: true
image:
repository: 192.168.30.100:8889/jetstack/cert-manager-controller
certmanager-issuer:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/kubectl
gitlab:
gitlab-runner:
enabled: true
gitaly:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitaly
init:
image: 192.168.30.100:8889/busybox
gitlab-shell:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-shell
tag: v8.3.3
init:
image: 192.168.30.100:8889/busybox
mailroom:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-mailroom
init:
image: 192.168.30.100:8889/busybox
migrations:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-rails-ce
tag: v11.3.0
init:
image: 192.168.30.100:8889/busybox
sidekiq:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-sidekiq-ce
tag: v11.3.0
init:
image: 192.168.30.100:8889/busybox
task-runner:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-task-runner-ce
tag: v11.3.0
init:
image: 192.168.30.100:8889/busybox
unicorn:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-unicorn-ce
tag: v11.3.0
init:
image: 192.168.30.100:8889/busybox
workhorse:
image: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-workhorse-ce
tag: v11.3.0
minio:
image: 192.168.30.100:8889/minio/minio
minioMc:
image: 192.168.30.100:8889/minio/mc
init:
image: 192.168.30.100:8889/busybox
nginx-ingress:
enabled: true
tcp:
22: "enabled"
tcpExternalConfig: "true"
controller:
image:
repository: 192.168.30.100:8889/kubernetes-ingress-controller/nginx-ingress-controller
config:
hsts-include-subdomains: "false"
server-name-hash-bucket-size: "256"
enable-vts-status: "true"
use-http2: "false"
ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl-protocols: "TLSv1.1 TLSv1.2"
server-tokens: "false"
extraArgs:
force-namespace-isolation: ""
service:
externalTrafficPolicy: "Local"
resources:
requests:
cpu: 100m
memory: 100Mi
publishService:
enabled: true
replicaCount: 3
minAvailable: 2
scope:
enabled: true
stats:
enabled: true
metrics:
enabled: true
service:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
defaultBackend:
image:
repository: 192.168.30.100:8889/google_containers/defaultbackend
minAvailable: 1
replicaCount: 2
resources:
requests:
cpu: 5m
memory: 5Mi
rbac:
create: false
createClusterRole: false
createRole: true
prometheus:
alertmanager:
ingress:
enabled: true
hosts:
- alertmanager.zyy.io
enabled: true
image:
repository: 192.168.30.100:8889/prom/alertmanager
configmapReload:
image:
repository: 192.168.30.100:8889/jimmidyson/configmap-reload
initChownData:
image:
repository: 192.168.30.100:8889/busybox
kubeStateMetrics:
enabled: true
image:
repository: 192.168.30.100:8889/google_containers/kube-state-metrics
server:
ingress:
enabled: true
hosts:
- prometheus.zyy.io
image:
repository: 192.168.30.100:8889/prom/prometheus
pushgateway:
enabled: true
image:
repository: 192.168.30.100:8889/prom/pushgateway
install: true
rbac:
create: true
alertmanagerFiles:
alertmanager.yml:
global:
resolve_timeout: 2m
wechat_api_url: 'https://qyapi.weixin.qq.com/cgi-bin/'
wechat_api_secret: 'xxx'
wechat_api_corp_id: 'xxx'
route:
group_by: ['alertname']
group_wait: 10s
group_interval: 10s
repeat_interval: 1h
receiver: 'wechat'
receivers:
- name: 'wechat'
wechat_configs:
- send_resolved: true
to_party: '1'
agent_id: '1000002'
nodeExporter:
enabled: false
redis:
image:
repository: 192.168.30.100:8889/redis
init:
image: 192.168.30.100:8889/busybox
metrics:
image: 192.168.30.100:8889/oliver006/redis_exporter
redis-ha:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/gitlab-redis-ha
init:
image: 192.168.30.100:8889/busybox
metrics:
image: 192.168.30.100:8889/oliver006/redis_exporter
nameOverride: redis
enabled: false
registry:
enabled: false
image:
repository: 192.168.30.100:8889/registry
init:
image: 192.168.30.100:8889/busybox
postgresql:
install: true
postgresUser: gitlab
postgresDatabase: gitlabhq_production
image: 192.168.30.100:8889/postgres
imageTag: 9.6.8
usePasswordFile: true
existingSecret: 'secret'
metrics:
enabled: true
image: 192.168.30.100:8889/wrouesnel/postgres_exporter
## Optionally define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
# registry:
# enabled: false
#
# redis:
# enabled: false
shared-secrets:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/kubectl
selfsign:
image:
repository: 192.168.30.100:8889/gitlab-org/build/cng/cfssl-self-sign
rbac:
create: true
gitlab-runner:
image: 192.168.30.100:8889/gitlab/gitlab-runner:alpine-v10.3.0
init:
image: 192.168.30.100:8889/busybox
install: true
rbac:
create: true
#certsSecretName: cloude-native-gitlab-wildcard-tls
runners:
# cloneUrl: http://cloude-native-gitlab-unicorn.gitlab:8181/
image: 192.168.30.100:8889/ubuntu:16.04
helpers:
image: 192.168.30.100:8889/gitlab/gitlab-runner-helper:x86_64-latest
cache:
cacheType: s3
s3BucketName: runner-cache
cacheShared: true
s3BucketLocation: us-east-1
s3CachePath: gitlab-runner
s3CacheInsecure: false
# gitlab:
# migrations:
# enabled: false
# unicorn:
# enabled: false
# sidekiq:
# enabled: false
# gitaly:
# enabled: false
# gitlab-shell:
# enabled: false
Current behavior
gitlab runner not running
Expected behavior
gitlab runner running
Versions
-
Chart: 1.0.2
-
Platform:
- Cloud: kubernetes v1.11.3
- Self-hosted: kubernetes v1.11.3
-
Kubernetes: (
kubectl version
)-
Client: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"windows/amd64"}
-
Server: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.3", GitCommit:"a4529464e4629c21224b3d52edfe0ea91b072862", GitTreeState:"clean", BuildDate:"2018-09-09T17:53:03Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
-
-
Helm: (
helm version
)- Client: &version.Version{SemVer:"v2.8+unreleased", GitCommit:"f487a486f19b555f62303664fd2dd8fe24e8af02", GitTreeState:"clean"}
- Server: &version.Version{SemVer:"v2.8.2", GitCommit:"a80231648a1473929271764b920a8e346f6de844", GitTreeState:"clean"}