mmfei / gitlab-compose Goto Github PK

Create certificates for "*.example.com" in /srv/gitlab/ssl

• https://github.com/FiloSottile/mkcert
• openssl
• let's encrypt

Wake up, gitlab!

docker-compose up -d

echo "127.0.0.1 gitlab.example.com traefik.example.com registry.gitlab.example.com" | sudo tee -a /etc/hosts

• Log into gitlab.example.com , go to user settings:
  • Add ssh key to profile
  • Create 'personal access token'
  • Get gitlab-runner token api in CI/CD settings

https://docs.gitlab.com/runner/configuration/advanced-configuration.html

• Register the gitlab-runner:

  • [WIP] Gitlab-runner example config:

  concurrent = 1
  check_interval = 0
  
  [session_server]
    session_timeout = 1800
  
  [[runners]]
    name = "a45488195e3c"
    url = "http://gitlab:80"
    token = "_GITLAB_RUNNER_TOKEN_"
    executor = "docker"
    clone_url = "http://gitlab:80"
    environment = ["DOCKER_DRIVER=overlay2"]
    [runners.custom_build_dir]
    [runners.docker]
      tls_verify = false
      image = "docker:latest"
      privileged = true
      disable_entrypoint_overwrite = false
      oom_kill_disable = false
      disable_cache = false
      cache_dir = "/cache"
      volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/    cache"]
      network_mode = "gitlabcompose_gitlab"
      shm_size = 0
    [runners.cache]
      Insecure = false
      [runners.cache.s3]
      [runners.cache.gcs]

  • Update token api

  docker exec gitlabrunner /bin/bash -c "export    GITLAB_RUNNER_TOKEN=XXXXXXXXXXXXXXXXXXXX; sed -i 's/   _GITLAB_RUNNER_TOKEN_/${GITLAB_RUNNER_TOKEN}/g' /etcgitlab-runner/   config.toml"

• Check gitlab-registry login

  DOCKER_USERNAME=username # gitlab credentials
  DOCKER_PASSWORD=password
  
  docker login -u=${DOCKER_USERNAME} -p=${DOCKER_PASSWORD}    registry.gitlab.example.com

• Traefik example config

  defaultEntryPoints = ["https","http"]
  
  [entryPoints]
    [entryPoints.dashboard]
      address = ":8080"
    [entryPoints.http]
      address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
    [entryPoints.https]
      address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
        certFile = "/ssl/example.com.pem"
        keyFile = "/ssl/example.com.key"
  
  [api]
  entrypoint="dashboard"
  #debug = true
  
  [docker]
  domain = "example.com"
  watch = true
  network = "gitlab"
  exposedbydefault = false

• Gitlab-ci.yml example

  stages:
    - build
    - test
  
  build:
    image: docker:stable
    services:
      - name:  docker:dind
    stage: build
    script:
      #- export # show environment variables
      - apk add --no-cache git
      - if [ -f "./faas-cli" ] ; then cp ./faas-cli /usr/local/bin/   faas-cli || 0 ; fi
      - if [ ! -f "/usr/local/bin/faas-cli" ] ; then apk add --no-cache     curl git && curl -sSL cli.openfaas.com | sh && chmod +x /usr/   local/bin/faas-cli && cp /usr/local/bin/faas-cli ./faas-cli ; fi
      # Build Docker image
      - /usr/local/bin/faas-cli build -f criptowatch-ohlc.yml     --build-arg ADDITIONAL_PACKAGE='make automake gcc musl-dev g++    python3-dev'
      - docker tag kammin/criptowatch-ohlc:latest     registry.gitlab.example.com/functions/criptowatch-ohlc:latest 
      - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD    registry.gitlab.example.com
      - docker push registry.gitlab.example.com/functions/    criptowatch-ohlc:latest
  #  after_script:
  #    - 
    only:
      - master
  
  test:
    image: docker:stable
    services:
      - docker:dind
    stage: test
    dependencies:
      - build
    script:
      - ""
    after_script:
      - ""
    only:
      - master