Configuring Gitlab Helm Chart to use NFS storage
Hello,
I'm deploying Gitlab on a k3s server (Kubernetes) and I'm wondering about storage. On my cluster, I have a StorageClass nfs which is already configured in my cluster like this:
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: nfs
namespace: default
spec:
chart: nfs-subdir-external-provisioner
repo: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner
targetNamespace: default
set:
nfs.server: 192.168.9.148
nfs.path: /mnt/Data/Kubernetes
storageClass.name: nfs
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: nfs
namespace: default
spec:
chart: nfs-subdir-external-provisioner
repo: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner
targetNamespace: default
set:
nfs.server: 192.168.9.148
nfs.path: /mnt/Data/Kubernetes
storageClass.name: nfs
But I have no idea how to configure my values.yaml file so that everything installed with Gitlab uses this StorageClass. Here's my values.yaml file:
global:
common:
labels: {}
image:
{}
pod:
labels: {}
edition: ce
application:
create: false
links: []
allowClusterRoles: true
hosts:
domain: elormont.fr
hostSuffix:
https: true
externalIP:
ssh:
gitlab: {}
minio: {}
registry: {}
tls: {}
smartcard: {}
kas: {}
pages: {}
ingress:
apiVersion: ""
configureCertmanager: true
useNewIngressForCerts: false
provider: traefik
class: traefik
annotations: {}
enabled: true
tls: {}
path: /
pathType: Prefix
hpa:
apiVersion: ""
keda:
enabled: false
pdb:
apiVersion: ""
batch:
cronJob:
apiVersion: ""
monitoring:
enabled: false
gitlab:
license:
{}
initialRootPassword:
{}
psql:
host: svc-postgresql.database.svc.cluster.local
port: 5432
database: gitlab
username: pregame
applicationName:
preparedStatements:
databaseTasks:
connectTimeout:
keepalives:
keepalivesIdle:
keepalivesInterval:
keepalivesCount:
tcpUserTimeout:
password:
useSecret: true
secret: gitlab-psql-password
key: password
main:
{}
ci:
enabled: false
redis:
auth:
enabled: false
host: svc-redis-stack.database.svc.cluster.local
port: 6379
sentinelAuth:
enabled: false
gitaly:
enabled: true
authToken:
{}
internal:
names: [default]
external: []
service:
name: gitaly
type: ClusterIP
externalPort: 8075
internalPort: 8075
tls:
externalPort: 8076
internalPort: 8076
tls:
enabled: false
praefect:
enabled: false
ntpHost: pool.ntp.org
replaceInternalGitaly: true
authToken: {}
autoMigrate: true
dbSecret: {}
virtualStorages:
- name: default
gitalyReplicas: 3
maxUnavailable: 1
psql:
sslMode: disable
service:
name: praefect
type: ClusterIP
externalPort: 8075
internalPort: 8075
tls:
externalPort: 8076
internalPort: 8076
tls:
enabled: false
minio:
enabled: true
credentials:
{}
appConfig:
enableUsagePing: true
enableSeatLink: true
enableImpersonation:
applicationSettingsCacheSeconds: 60
usernameChangingEnabled: true
issueClosingPattern:
defaultTheme:
defaultProjectsFeatures:
issues: true
mergeRequests: true
wiki: true
snippets: true
builds: true
graphQlTimeout:
webhookTimeout:
maxRequestDurationSeconds:
cron_jobs:
{}
contentSecurityPolicy:
enabled: false
report_only: true
gravatar:
plainUrl:
sslUrl:
extra:
googleAnalyticsId:
matomoUrl:
matomoSiteId:
matomoDisableCookies:
oneTrustId:
googleTagManagerNonceId:
bizible:
object_store:
enabled: false
proxy_download: true
storage_options:
{}
connection:
{}
lfs:
enabled: true
proxy_download: true
bucket: git-lfs
connection:
{}
artifacts:
enabled: true
proxy_download: true
bucket: gitlab-artifacts
connection:
{}
uploads:
enabled: true
proxy_download: true
bucket: gitlab-uploads
connection:
{}
packages:
enabled: true
proxy_download: true
bucket: gitlab-packages
connection: {}
externalDiffs:
enabled: false
when:
proxy_download: true
bucket: gitlab-mr-diffs
connection: {}
terraformState:
enabled: false
bucket: gitlab-terraform-state
connection: {}
ciSecureFiles:
enabled: false
bucket: gitlab-ci-secure-files
connection: {}
dependencyProxy:
enabled: false
proxy_download: true
bucket: gitlab-dependency-proxy
connection: {}
backups:
bucket: gitlab-backups
tmpBucket: tmp
microsoft_graph_mailer:
enabled: false
user_id: ""
tenant: ""
client_id: ""
client_secret:
secret: ""
key: secret
azure_ad_endpoint: "https://login.microsoftonline.com"
graph_endpoint: "https://graph.microsoft.com"
incomingEmail:
enabled: false
address: ""
host: "imap.gmail.com"
port: 993
ssl: true
startTls: false
user: ""
password:
secret: ""
key: password
deleteAfterDelivery: true
expungeDeleted: false
logger:
logPath: "/dev/stdout"
mailbox: inbox
idleTimeout: 60
inboxMethod: "imap"
clientSecret:
key: secret
pollInterval: 60
deliveryMethod: webhook
authToken:
{}
serviceDeskEmail:
enabled: false
address: ""
host: "imap.gmail.com"
port: 993
ssl: true
startTls: false
user: ""
password:
secret: ""
key: password
deleteAfterDelivery: true
expungeDeleted: false
logger:
logPath: "/dev/stdout"
mailbox: inbox
idleTimeout: 60
inboxMethod: "imap"
clientSecret:
key: secret
pollInterval: 60
deliveryMethod: webhook
authToken:
{}
ldap:
preventSignin: false
servers: {}
duoAuth:
enabled: false
gitlab_kas:
{}
suggested_reviewers:
{}
omniauth:
enabled: false
autoSignInWithProvider:
syncProfileFromProvider: []
syncProfileAttributes: [email]
allowSingleSignOn: [saml]
blockAutoCreatedUsers: true
autoLinkLdapUser: false
autoLinkSamlUser: false
autoLinkUser: []
externalProviders: []
allowBypassTwoFactor: []
providers: []
kerberos:
enabled: false
keytab:
key: keytab
servicePrincipalName: ""
krb5Config: ""
dedicatedPort:
enabled: false
port: 8443
https: true
simpleLdapLinkingAllowedRealms: []
sentry:
enabled: false
dsn:
clientside_dsn:
environment:
gitlab_docs:
enabled: false
host: ""
smartcard:
enabled: false
CASecret:
clientCertificateRequiredHost:
sanExtensions: false
requiredForGitAccess: false
sidekiq:
routingRules: []
initialDefaults:
{}
oauth:
gitlab-pages:
{}
geo:
enabled: false
role: primary
nodeName: # defaults to `gitlab.gitlab.host`
psql:
password: {}
registry:
replication:
enabled: false
primaryApiUrl:
kas:
enabled: true
service:
apiExternalPort: 8153 # port for connections from the GitLab backend
tls:
enabled: false
verify: true
spamcheck:
enabled: false
shell:
authToken: {}
hostKeys:
{}
tcp:
proxyProtocol: false
rails-secret
railsSecrets:
{}
rails:
bootsnap: # Enable / disable Shopify/Bootsnap cache
enabled: true
sessionStore:
sessionCookieTokenPrefix: ""
registry:
bucket: registry
certificate:
{}
httpSecret:
{}
notificationSecret:
{}
tls:
enabled: false
redis:
cache:
password: {}
rateLimiting:
password: {}
notifications:
{}
enabled: true
host:
api:
protocol: http
serviceName: registry
port: 5000
tokenIssuer: gitlab-issuer
pages:
enabled: false
accessControl: false
path:
host:
port:
https: # default true
externalHttp: []
externalHttps: []
artifactsServer: true
localStore:
enabled: false
objectStore:
enabled: true
bucket: gitlab-pages
connection:
{}
apiSecret:
{}
authSecret:
{}
runner:
registrationToken:
{}
smtp:
enabled: false
address: smtp.mailgun.org
port: 2525
user_name: ""
password:
secret: ""
key: password
authentication: "plain"
starttls_auto: false
openssl_verify_mode: "peer"
open_timeout: 30
read_timeout: 60
pool: false
email:
from: ""
display_name: GitLab
reply_to: ""
subject_suffix: ""
smime:
enabled: false
secretName: ""
keyName: "tls.key"
certName: "tls.crt"
time_zone: Europe/Paris
service:
labels: {}
annotations: {}
deployment:
annotations: {}
nodeAffinity:
antiAffinity: soft
affinity:
podAntiAffinity:
topologyKey: "kubernetes.io/hostname"
nodeAffinity:
key: topology.kubernetes.io/zone
values: []
priorityClassName: ""
workhorse:
serviceName: webservice-default
tls:
enabled: false
webservice:
workerTimeout: 60
certificates:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/certificates
customCAs: []
kubectl:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
securityContext:
runAsUser: 65534
fsGroup: 65534
gitlabBase:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-base
serviceAccount:
enabled: false
create: true
annotations: {}
tracing:
connection:
string: ""
urlTemplate: ""
zoekt:
gateway:
basicAuth: {}
indexer:
internalApi: {}
extraEnv: {}
extraEnvFrom: {}
job:
nameSuffixOverride:
upgradeCheck:
enabled: true
image:
{}
securityContext:
runAsUser: 65534
fsGroup: 65534
tolerations: []
annotations: {}
configMapAnnotations: {}
resources:
requests:
cpu: 50m
priorityClassName: ""
certmanager-issuer:
email: [email protected]
certmanager:
installCRDs: false
nameOverride: certmanager
install: true
README#configuration
rbac:
create: true
nginx-ingress: &nginx-ingress
enabled: false
nginx-ingress-geo:
<<: *nginx-ingress
enabled: false
haproxy:
install: false
prometheus:
install: false
redis:
install: false
postgresql:
install: false
shared-secrets:
enabled: true
rbac:
create: true
selfsign:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign
keyAlgorithm: "rsa"
keySize: "4096"
expiry: "3650d"
caSubject: "GitLab Helm Chart"
env: production
serviceAccount:
enabled: true
create: true
name: # Specify a pre-existing ServiceAccount name
resources:
requests:
cpu: 50m
securityContext:
runAsUser: 65534
fsGroup: 65534
tolerations: []
podLabels: {}
annotations: {}
gitlab-runner:
install: true
rbac:
create: true
runners:
locked: false
secret: "nonempty"
config: |
[[runners]]
[runners.kubernetes]
image = "ubuntu:22.04"
privileged = true
{{- if .Values.global.minio.enabled }}
[runners.cache]
Type = "s3"
Path = "gitlab-runner"
Shared = true
[runners.cache.s3]
ServerAddress = {{ include "gitlab-runner.cache-tpl.s3ServerAddress" . }}
BucketName = "runner-cache"
BucketLocation = "us-east-1"
Insecure = false
{{ end }}
podAnnotations:
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: 9252
traefik:
install: false
enabled: true
gitlab:
toolbox:
replicas: 1
antiAffinityLabels:
matchLabels:
app: gitaly
gitlab-zoekt:
install: false
Does anyone know how to do this? Thanks in advance for your answers!