Installing Gitlab on Openshift 4.x using Helm Chart

gitlab-on-openshift-install.md

• Install Cert Manager
  • using the Operator Hub

• using helm chart

helm repo add jetstack https://charts.jetstack.io --force-update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.14.5 \
  --set installCRDs=true \
  --set prometheus.enabled=false \
  --set webhook.timeoutSeconds=4

• Install Gitlab Operator
  • using helm chart

helm repo add gitlab-operator https://gitlab.com/api/v4/projects/18899486/packages/helm/stable

helm install gitlab-operator gitlab-operator/gitlab-operator --create-namespace --namespace gitlab-system

• create a new Gitlab instance on gitlab-system namespace
  • Option 1) using a LetsEncrypt Cert and Openshift Routes for Ingress

kind: GitLab
apiVersion: apps.gitlab.com/v1beta1
metadata:
  name: gitlab
  namespace: gitlab-system
spec:
  chart:
    version: 8.4.1
    values:
      certmanager-issuer:
        email: username@openshift.com # update with your email here
      configureCertmanager:
        install: false
      global:
        hosts:
          domain: apps.cluster.com # update with the cluster domain here.
        ingress:
          annotations:
            route.openshift.io/termination: edge
            kubernetes.io/tls-acme: true
          class: none
          # configureCertmanager: true
      nginx-ingress:
        enabled: false

* Option 2) Using self-signed cert and Openshift Routes for Ingress

kind: GitLab
apiVersion: apps.gitlab.com/v1beta1
metadata:
  name: gitlab
  namespace: gitlab-system
spec:
  chart:
    values:
      certmanager:
        install: false
      global:
        hosts:
          domain: apps.cluster.com
        ingress:
          annotations:
            kubernetes.io/tls-acme: true
            route.openshift.io/termination: edge
          class: none
          configureCertmanager: false
      nginx-ingress:
        enabled: false
      postgresql:
        primary:
          extendedConfiguration: max_connections = 200
    version: 8.4.1

* Option 3) Using self-signed Cert and Nginx for Ingress + SSH support enabled

kind: GitLab
apiVersion: apps.gitlab.com/v1beta1
metadata:
  name: gitlab
  namespace: gitlab-system
spec:
  chart:
    values:
      certmanager:
        install: false
      gitlab:
        gitlab-shell:
          enabled: true
      global:
        hosts:
          domain: apps.cluster.com
        ingress:
          annotations:
            kubernetes.io/tls-acme: true
          configureCertmanager: false
      nginx-ingress:
        enabled: true
      postgresql:
        primary:
          extendedConfiguration: max_connections = 200
    version: 8.4.2

Note that with this option (using nginx for ingress) you may need to add a custom scc manually. see https://docs.gitlab.com/operator/troubleshooting.html

• accessing Gitlab: https://gitlab.apps.yourclusterdomain.com/
• root credentials: root / see token inside the gitlab-gitlab-initial-root-password Secret inside namespace gitlab-system

Using helm chart directly

helm upgrade --install gitlab gitlab/gitlab \                                                                                                                [10:53:39]
  --timeout 600s \
  --namespace gitlab-system \
  --create-namespace \
  --set global.hosts.domain=cluster.subdomain.com \
  --set global.ingress.class=none \
  --set global.ingress.configureCertmanager=false \
  --set global.ingress.annotations."kubernetes.io/tls-acme"=true \
  --set global.ingress.annotations."route.openshift.io/termination"=edge \
  --set nginx-ingress.enabled=false \
  --set certmanager.install=false \
  --set certmanager.installCRDs=false