Mattermost 是一个开源可自建的在线聊天服务,主要用作 Slack 与 Microsoft Teams 的开源替代品。 GitLab Omnibus 集成了 Mattermost 的服务端,并支持让 Mattermost 通过 OAuth2 授权来获取用户的信息,实现 SSO ( Single Sign On ,单点登录 )的功能。
Mattermost 需要的应用 ID 和 私钥 并不会像 Grafana 那样在 GitLab 初始化的过程中被自动创建,因而需要在初始化完成后去 GitLab 管理员控制台手动设置,再在加入配置文件后重新生成 GitLab 配置。估计是一个 bug 。 并且 Mattermost 需要访问 user API 端点,因而需要授权 read_user 权限,而不是像官方文档描述的那样不需要授予任何权限(其实是因为不授予任何权限会报错不让创建应用)。
######################################### # Gitlab setttings # ######################################### ##! Use `gitlab-ctl reconfigure` to restart services ##! after editing this file
## Main URL external_url 'https://<gitlab.instance>'
## SSH Host gitlab_rails['gitlab_ssh_host'] = '<ssh.gitlab.instance>'# With CloudFlare Spectrum enabled
## Default theme gitlab_rails['gitlab_default_theme'] = 7# Light Blue
## GitLab Runner Image ## ## By default it's using gitlab/gitlab-runner:alpine-v{VERSION} ## where {VERSION} is taken from Chart.yaml from appVersion field ## ## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/ ## ## Note: If you change the image to the ubuntu release ## don't forget to change the securityContext; ## these images run on different user IDs. ## # image: gitlab/gitlab-runner:alpine-v14.6.0
## Specify a imagePullPolicy for the main runner deployment ## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' ## ## Note: it does not apply to job containers launched by this executor. ## Use `pull_policy` in [runners.kubernetes] to change it. ## ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## imagePullPolicy:IfNotPresent
## Specifying ImagePullSecrets on a Pod ## Kubernetes supports specifying container image registry keys on a Pod. ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod ## # imagePullSecrets: # - name: "image-pull-secret"
## Timeout, in seconds, for liveness and readiness probes of a runner pod. # probeTimeoutSeconds: 1
## How many runner pods to launch. ## ## Note: Using more than one replica is not supported with a runnerToken. Use a runnerRegistrationToken ## to create multiple runner replicas. # replicas: 1
## How many old ReplicaSets for this Deployment you want to retain # revisionHistoryLimit: 10
## The GitLab Server URL (with protocol) that want to register the runner against ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register ## gitlabUrl:https://<gitlab.instance>/
## The Registration Token for adding new Runners to the GitLab Server. This must ## be retrieved from your GitLab Instance. ## ref: https://docs.gitlab.com/ce/ci/runners/README.html ## runnerRegistrationToken:"<runner_registration_token>"
## The Runner Token for adding new Runners to the GitLab Server. This must ## be retrieved from your GitLab Instance. It is token of already registered runner. ## ref: (we don't yet have docs for that, but we want to use existing token) ## # runnerToken: "" # ## Unregister all runners before termination ## ## Updating the runner's chart version or configuration will cause the runner container ## to be terminated and created again. This may cause your Gitlab instance to reference ## non-existant runners. Un-registering the runner before termination mitigates this issue. ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister ## unregisterRunners:true
## When stopping the runner, give it time to wait for its jobs to terminate. ## ## Updating the runner's chart version or configuration will cause the runner container ## to be terminated with a graceful stop request. terminationGracePeriodSeconds ## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully. ## ref: https://docs.gitlab.com/runner/commands/#signals terminationGracePeriodSeconds:3600
## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use ## Provide resource name for a Kubernetes Secret Object in the same namespace, ## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates ## # certsSecretName:
## Configure the maximum number of concurrent jobs ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section ## concurrent:4
## Defines in seconds how often to check GitLab for a new builds ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section ## checkInterval:30
## A custom bash script that will be executed prior to the invocation ## gitlab-runner process # #preEntrypointScript: | # echo "hello"
## Specify whether the runner should start the session server. ## Defaults to false ## ref: ## ## When sessionServer is enabled, the user can either provide a public publicIP ## or either rely on the external IP auto discovery ## When a serviceAccountName is used with the automounting to the pod disable, ## we recommend the usage of the publicIP sessionServer: enabled:false # timeout: 1800 # internalPort: 8093 # externalPort: 9000 # publicIP: ""
## Define list of rules to be added to the rbac role permissions. ## Each rule supports the keys: ## - apiGroups: default "" (indicates the core API group) if missing or empty. ## - resources: default "*" if missing or empty. ## - verbs: default "*" if missing or empty. rules: -resources: ["configmaps", "pods", "pods/attach", "secrets", "services"] verbs: ["get", "list", "watch", "create", "patch", "delete", "update"] -apiGroups: [""] resources: ["pods/exec"] verbs: ["create", "patch", "delete"]
## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs ## cluster-wide or only within namespace clusterWideAccess:false
## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create) ## # serviceAccountName: default
## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn ## ## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html ## # serviceAccountAnnotations: {}
## Specify one or more imagePullSecrets used for pulling the runner image ## ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account ## # imagePullSecrets: []
## Define a name for the metrics port ## portName:metrics
## Provide a port number for the integrated Prometheus metrics exporter ## port:9252
## Configure a prometheus-operator serviceMonitor to allow autodetection of ## the scraping target. Requires enabling the service resource below. ## serviceMonitor: enabled:false
## Provide additional labels to the service monitor ressource ## ## labels: {}
## Define a scrape interval (otherwise prometheus default is used) ## ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config ## # interval: ""
## Specify the scrape protocol scheme e.g., https or http ## # scheme: "http"
## Supply a tls configuration for the service monitor ## ## ref: https://github.com/helm/charts/blob/master/stable/prometheus-operator/crds/crd-servicemonitor.yaml ## # tlsConfig: {}
## The URI path where prometheus metrics can be scraped from ## # path: "/metrics"
## A list of MetricRelabelConfigs to apply to samples before ingestion ## ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs ## # metricRelabelings: []
## A list of RelabelConfigs to apply to samples before scraping ## ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config ## ## relabelings: []
## Configure a service resource e.g., to allow scraping metrics via ## prometheus-operator serviceMonitor service: enabled:false
## Provide additonal labels for the service ## # labels: {}
## Provide additonal annotations for the service ## # annotations: {}
## Define a specific ClusterIP if you do not want a dynamic one ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address ## # clusterIP: ""
## Define a list of one or more external IPs for this service ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## # externalIPs: []
## Provide a specific loadbalancerIP e.g., of an external Loadbalancer ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer ## # loadBalancerIP: ""
## Provide a list of source IP ranges to have access to this service ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support ## # loadBalancerSourceRanges: []
## Specify the service type e.g., ClusterIP, NodePort, Loadbalancer or ExternalName ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types ## type:ClusterIP
## Specify the services metrics nodeport if you use a service of type nodePort ## # metrics:
## Specify the node port under which the prometheus metrics of the runner are made ## available. ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport ## # nodePort: ""
## Provide a list of additional ports to be exposed by this service ## ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service ## # additionalPorts: []
## Configuration for the Pods that the runner launches for each new job ## runners: # runner configuration, where the multi line strings is evaluated as # template so you can specify helm values inside of it. # # tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function # runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html config:| [[runners]] [runners.kubernetes] namespace = "{{.Release.Namespace}}" image = "ubuntu:16.04" ## Which executor should be used ## # executor: kubernetes
## Default container image to use for builds when none is specified ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # image: ubuntu:16.04
## Specify one or more imagePullSecrets ## ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # imagePullSecrets: []
## Specify the image pull policy: never, if-not-present, always. The cluster default will be used if not set. ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # imagePullPolicy: ""
## Defines number of concurrent requests for new job from GitLab ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # requestConcurrency: 1
## Specify whether the runner should be locked to a specific project: true, false. Defaults to true. ## # locked: true
## Specify the tags associated with the runner. Comma-separated list of tags. ## ## ref: https://docs.gitlab.com/ce/ci/runners/#use-tags-to-limit-the-number-of-jobs-using-the-runner ## # tags: ""
## Specify the name for the runner. ## # name: ""
## Specify if jobs without tags should be run. ## If not specified, Runner will default to true if no tags were specified. In other case it will ## default to false. ## ## ref: https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs ## # runUntagged: true
## Specify whether the runner should only run protected branches. ## Defaults to false. ## ## ref: https://docs.gitlab.com/ee/ci/runners/#prevent-runners-from-revealing-sensitive-information ## # protected: true
## Run all containers with the privileged flag enabled ## This will allow the docker:dind image to run if you need to run Docker ## commands. Please read the docs before turning this on: ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration privileged:true
## The name of the secret containing runner-token and runner-registration-token # secret: gitlab-runner
## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release) ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # namespace:
## The amount of time, in seconds, that needs to pass before the runner will ## timeout attempting to connect to the container it has just created. ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # pollTimeout: 180
## Set maximum build log size in kilobytes, by default set to 4096 (4MB) ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # outputLimit: 4096
## Distributed runners caching ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching ## ## If you want to use s3 based distributing caching: ## First of all you need to uncomment General settings and S3 settings sections. ## ## Create a secret 's3access' containing 'accesskey' & 'secretkey' ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ ## ## $ kubectl create secret generic s3access \ ## --from-literal=accesskey="YourAccessKey" \ ## --from-literal=secretkey="YourSecretKey" ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ ## ## If you want to use gcs based distributing caching: ## First of all you need to uncomment General settings and GCS settings sections. ## ## Access using credentials file: ## Create a secret 'google-application-credentials' containing your application credentials file. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section ## You could configure ## $ kubectl create secret generic google-application-credentials \ ## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ ## ## Access using access-id and private-key: ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'. ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section ## You could configure ## $ kubectl create secret generic gcsaccess \ ## --from-literal=gcs-access-id="YourAccessID" \ ## --from-literal=gcs-private-key="YourPrivateKey" ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ ## ## If you want to use Azure-based distributed caching: ## First, uncomment General settings. ## ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key' ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction ## ## $ kubectl create secret generic azureaccess \ ## --from-literal=azure-account-name="YourAccountName" \ ## --from-literal=azure-account-key="YourAccountKey" ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
cache: {} ## General settings ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template # cacheType: s3 # cachePath: "gitlab_runner" # cacheShared: true
## S3 settings ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template # s3ServerAddress: s3.amazonaws.com # s3BucketName: # s3BucketLocation: # s3CacheInsecure: false
## GCS settings ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration and https://docs.gitlab.com/runner/install/kubernetes.html#using-cache-with-configuration-template # gcsBucketName:
## S3 the name of the secret. # secretName: s3access ## Use this line for access using gcs-access-id and gcs-private-key # secretName: gcsaccess ## Use this line for access using google-application-credentials file # secretName: google-application-credentials ## Use this line for access using Azure with azure-account-name and azure-account-key # secretName: azureaccess
## Service Account to be used for runners ## # serviceAccountName:
## If Gitlab is not reachable through $CI_SERVER_URL ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # cloneUrl:
## Specify node labels for CI job pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # nodeSelector: {}
## Specify node tolerations for CI job pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # nodeTolerations: {}
## Specify pod labels for CI job pods ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # podLabels: {}
## Specify annotations for job pods, useful for annotations such as iam.amazonaws.com/role ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # podAnnotations: {}
## Configure environment variables that will be injected to the pods that are created while ## the build is running. These variables are passed as parameters, i.e. `--env "NAME=VALUE"`, ## to `gitlab-runner register` command. ## ## Note that `envVars` (see below) are only present in the runner pod, not the pods that are ## created for each build. ## ## ref: https://docs.gitlab.com/runner/commands/#gitlab-runner-register ## ## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration # env: # NAME: VALUE
## Specify the name of the scheduler which used to schedule runner pods. ## Kubernetes supports multiple scheduler configurations. ## ref: https://kubernetes.io/docs/reference/scheduling # schedulerName: "my-custom-scheduler"
## Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {}
## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} # Example: The gitlab runner manager should not run on spot instances so you can assign # them to the regular worker nodes only. # node-role.kubernetes.io/worker: "true"
## List of node taints to tolerate (requires Kubernetes >= 1.6) ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes. # - key: "node-role.kubernetes.io/worker" # operator: "Exists"
## Configure environment variables that will be present when the registration command runs ## This provides further control over the registration process and the config.toml file ## ref: `gitlab-runner register --help` ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html ## # envVars: # - name: RUNNER_EXECUTOR # value: kubernetes
## list of hosts and IPs that will be injected into the pod's hosts file hostAliases: [] # Example: # - ip: "127.0.0.1" # hostnames: # - "foo.local" # - "bar.local" # - ip: "10.1.2.3" # hostnames: # - "foo.remote" # - "bar.remote"
## Annotations to be added to manager pod ## podAnnotations: {} # Example: # iam.amazonaws.com/role: <my_role_arn>
## Labels to be added to manager pod ## podLabels: {} # Example: # owner.team: <my_cool_team>
## HPA support for custom metrics: ## This section enables runners to autoscale based on defined custom metrics. ## In order to use this functionality, Need to enable a custom metrics API server by ## implementing "custom.metrics.k8s.io" using supported third party adapter ## Example: https://github.com/directxman12/k8s-prometheus-adapter ## #hpa: {} # minReplicas: 1 # maxReplicas: 10 # metrics: # - type: Pods # pods: # metricName: gitlab_runner_jobs # targetAverageValue: 400m
## Secrets to be additionally mounted to the containers. ## All secrets are mounted through init-runner-secrets volume ## and placed as readonly at /init-secrets in the init container ## and finally copied to an in-memory volume runner-secrets that is ## mounted at /secrets. secrets: [] # Example: # - name: my-secret # - name: myOtherSecret # items: # - key: key_one # path: path_one
## Additional config files to mount in the containers in `/configmaps`. ## ## Please note that a number of keys are reserved by the runner. ## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml ## for a current list. configMaps: {}