[!Tip]
Docker 部署 gitlab

转载请注明出处：https://janrs.com

gitlab 版本：v15.4.2

docker 部署 gitlab

1.创建目录

mkdir -p /opt/gitlab/{data/,logs,config/}

2.部署服务

docker run -d --restart=always \
--hostname gitlab --name=gitlab \
-p 5443:443 -p 90:80 -p 1122:22 \
-v /etc/localtime:/etc/localtime \
-v /opt/gitlab/config:/etc/gitlab \
-v /opt/gitlab/logs:/var/log/gitlab \
-v /opt/gitlab/data:/var/opt/gitlab \
registry.cn-shenzhen.aliyuncs.com/yjy_k8s/gitlab:v15.4.2

3.设置访问地址

启动后修改配置设置地址

# 修改 http 访问地址
external_url 'http://172.16.222.250:90'

# 修改了 http 端口同时也要修改 nginx 端口
nginx['listen_port'] = 80

# 修改 ssh 访问地址
gitlab_rails['gitlab_ssh_host'] = '172.16.222.250'

# 修改 ssh 端口为上面 docker run 设置的端口
gitlab_rails['gitlab_shell_ssh_port'] = 1122

4.优化 gitlab

中小型项目或者个人学习使用，可以关闭很多服务以及优化内存。gitlab 极其的吃内存，需要优化。

关闭 Prometheus 跟 Grafana 指标。设置位置：Admin -> Setting -> Metrics and Profling。

# 关闭容器仓库功能
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
registry['enable'] = false
registry_nginx['enable'] = false

# 包仓库、依赖管理
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false

# GitLab Pages
gitlab_pages['enable'] = false
pages_nginx['enable'] = false

# 关闭监控和性能基准相关功能
prometheus_monitoring['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
grafana['enable'] = false
sidekiq['metrics_enabled'] = false

# Usage Statistics
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false
grafana['reporting_enabled'] = false

# GitLab KAS
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false
# Terraform
gitlab_rails['terraform_state_enabled'] = false
# Kerberos 文档说EE only，但是默认值为 true
gitlab_rails['kerberos_enabled'] = false
# Sentinel
sentinel['enable'] = false
# Mattermost
mattermost['enable'] = false
mattermost_nginx['enable'] = false

# 降低后台守护进程并发数
sidekiq['max_concurrency'] = 5

# 关闭电子邮件相关功能
gitlab_rails['smtp_enable'] = false
gitlab_rails['gitlab_email_enabled'] = false
gitlab_rails['incoming_email_enabled'] = false

# 关闭 CI 功能
gitlab_ci['gitlab_ci_all_broken_builds'] = false
gitlab_ci['gitlab_ci_add_pusher'] = false

# 减少数据库并发数。默认为 8
postgresql['max_worker_processes'] = 4
# 减少数据库缓存。默认为 256MB
postgresql['shared_buffers'] = "128MB"

# 禁用 puma
puma['worker_processes'] = 0
puma['min_threads'] = 1
puma['max_threads'] = 2

#gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup'
gitaly['cgroups_hierarchy_root'] = 'gitaly'
gitaly['cgroups_cpu_shares'] = 512

gitaly['concurrency'] = [
  {
    'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
    'max_per_repo' => 3
  }, {
    'rpc' => "/gitaly.SSHService/SSHUploadPack",
    'max_per_repo' => 3
  }
]

# 在结尾添加以下配置
gitlab_rails['env'] = {
  'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}

gitaly['env'] = {
  'LD_PRELOAD' => '/opt/gitlab/embedded/lib/libjemalloc.so',
  'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
  'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
}

#gitaly['cgroups_count'] = 2
gitaly['cgroups_memory_enabled'] = true
gitaly['cgroups_memory_limit'] = 500000
gitaly['cgroups_cpu_enabled'] = true

优化后重启 gitlab

docker restart gitlab

6.登录 gitlab

获取密码

密码在容器里的 /etc/gitlab/initial_root_password，即宿主机的 /docker/gitlab/config/initial_root_password

cat /opt/gitlab/config/initial_root_password

显示如下

可以明显看到密码

# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: 46OEioRgqe7A1aJlMsBerq+SEqPi2yo8db+MDYwZ48c=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

默认管理员账号为 root。输入密码账号即可登录。

登录需要修改密码重新登录。

至此。dokcer 部署 gitlab 服务成功。