> For the complete documentation index, see [llms.txt](https://liujinye.gitbook.io/openshift-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://liujinye.gitbook.io/openshift-docs/cicd/k8s1.22-bu-shu-gitlab-dui-jie-keycloak.md). # k8s1.22部署gitlab对接keycloak ## 添加 gitlab repo, 下载 chart 包 ``` helm repo add gitlab https://charts.gitlab.io/ helm repo update helm pull gitlab/gitlab ``` ## 查看 values.yaml 及依赖的 requirements.yaml相关参数 [values.yaml](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/values.yaml) [requirements.yaml](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/requirements.yaml) ## keycloak 添加 giltab client 略 ## 添加gitab 对接keycloak 使用 secret 创建 `provider`文件 ```yaml name: openid_connect label: keycloak args: name: "openid_connect" scope: ["openid","profile",] response_type: "code" issuer: "https://sso.example.com/auth/realms/oc" client_auth_method: "query" uid_field: "preferred_username" send_scope_to_token_endpoint: false discovery: true client_options: identifier: "gitlab-92250" secret: "<凭证>" redirect_uri: "https://gitlab-apps92250.example.com/users/auth/openid_connect/callback" ``` 创建`gitlab-keycloak-oauth2-secret` secret ``` kubectl create secret generic gitlab-keycloak-oauth2-secret --from-file=provider -n cicd ``` ## 创建外部redis secret ``` kubectl create secret generic gitlab-redis-secret --from-literal=redis-password=xxxxxx -n cicd ``` ## 创建 values.yaml ```yaml # --- Global settings --- global: hosts: domain: example.com hostSuffix: apps92250 tls: secretName: example-com-tls ingress: configureCertmanager: false class: nginx tls: secretName: example-com-tls enabled: true # 外部redis连接信息 redis: host: 172.16.180.8 password: secret: gitlab-redis-secret key: "redis-password" # keycloak 配置 appConfig: omniauth: enabled: true syncProfileAttributes: ["openid", "profile", "email", "groups"] allowSingleSignOn: ["openid_connect"] auto_link_user: ["openid_connect"] providers: - secret: gitlab-keycloak-oauth2-secret key: provider certmanager: install: false gitlab-runner: # 外部gitlab 不能访问,所以配置内部svc 地址 gitlabUrl: "http://gitlab-webservice-default.cicd.svc:8181" runners: locked: false cache: secretName: gitlab-minio-secret config: | [[runners]] # 外部gitlab 不能访问,所以配置内部svc 地址 clone_url = "http://gitlab-webservice-default.cicd.svc:8181" [runners.cache] Type = "s3" Path = "gitlab-runner" Shared = true [runners.cache.s3] # 外部minio 不能访问,所以配置内部svc 地址 ServerAddress = "gitlab-minio-svc.cicd.svc:9000" BucketName = "runner-cache" BucketLocation = "us-east-1" Insecure = true redis: install: false postgresql: persistence: storageClass: "nfs4-client" subPath: "postgresql" size: 50Gi minio: persistence: storageClass: "nfs4-client" subPath: "minio" size: 100Gi gitlab: gitaly: persistence: storageClass: "nfs4-client" subPath: "gitaly" size: 50Gi nginx-ingress: enabled: false registry: enabled: true prometheus: install: false ``` ## 执行安装gitlab ``` helm upgrade --install gitlab gitlab-5.6.0.tgz \ --namespace=cicd --create-namespace \ --timeout 600s \ -f values.yaml ``` ## 参考 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://liujinye.gitbook.io/openshift-docs/cicd/k8s1.22-bu-shu-gitlab-dui-jie-keycloak.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.