--- # tasks file for gitlab - name: Create git namespace k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: git - name: Create PVC for PostgreSQL k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgres namespace: git spec: accessModes: - ReadWriteOnce resources: requests: storage: 64Gi - name: Create Deployment for PostgreSQL k8s: state: present definition: apiVersion: v1 kind: Deployment metadata: name: postgres namespace: git labels: app: postgres spec: replicas: 1 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres volumeMounts: - name: data mountPath: /var/lib/postgresql/data ports: - containerPort: 5432 env: - name: PGDATA value: /var/lib/postgresql/data/pgdata - name: POSTGRES_DB value: gitlabhq_production - name: POSTGRES_USER value: gitlab - name: POSTGRES_PASSWORD value: "{{ gitlab_postgres_password }}" volumes: - name: data persistentVolumeClaim: claimName: postgres - name: Create Service for PostgreSQL k8s: state: present definition: apiVersion: v1 kind: Service metadata: name: postgres namespace: git spec: selector: app: postgres ports: - port: 5432 name: postgres type: ClusterIP - name: Create PVC for GitLab k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitlab namespace: git spec: accessModes: - ReadWriteOnce resources: requests: storage: 128Gi - name: Create Deployment for GitLab k8s: state: present definition: apiVersion: v1 kind: Deployment metadata: name: gitlab namespace: git labels: app: gitlab spec: replicas: 1 selector: matchLabels: app: gitlab template: metadata: labels: app: gitlab spec: containers: - name: gitlab image: gitlab/gitlab-ce volumeMounts: - name: data mountPath: /var/opt/gitlab ports: - containerPort: 80 - containerPort: 22 env: - name: GITLAB_OMNIBUS_CONFIG value: > external_url 'https://git.eom.dev/'; postgresql['enable'] = false; gitlab_rails['lfs_enabled'] = true; gitlab_rails['db_adapter'] = 'postgresql'; gitlab_rails['db_host'] = 'postgres'; gitlab_rails['db_password'] = '{{ gitlab_postgres_password }}'; nginx['listen_port'] = 80; nginx['listen_https'] = false; gitlab_rails['ldap_enabled'] = true; gitlab_rails['ldap_servers'] = { 'main' => { 'label' => 'OpenLDAP', 'host' => 'openldap.auth.svc.cluster.local', 'port' => 389, 'encryption' => 'plain', 'uid' => 'uid', 'bind_dn' => 'cn=readonly,dc=eom,dc=dev', 'password' => '{{ ldap_readonly_password }}', 'base' => 'dc=eom,dc=dev', 'user_filter' => '(|(objectclass=inetOrgPerson))' } } volumes: - name: data persistentVolumeClaim: claimName: gitlab - name: Create Service for GitLab k8s: state: present definition: apiVersion: v1 kind: Service metadata: name: gitlab namespace: git spec: selector: app: gitlab ports: - port: 22 name: ssh - port: 80 name: http type: LoadBalancer - name: Create Ingress k8s: state: present definition: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: ca-issuer name: gitlab namespace: git spec: ingressClassName: nginx rules: - host: git.eom.dev http: paths: - pathType: Prefix path: / backend: service: name: gitlab port: number: 80 tls: - hosts: - git.eom.dev secretName: gitlab