Skip to content

Deployment in Kubernetes

Important Information

Warning!

  • Starting from version 4.6.1, the Helm repository for connection has changed!
  • Starting from version 4.6.1, all previous versions of the chart are marked as deprecated and are not recommended for deployment!
  • Starting from version 4.6.1, the chart version and the GitFlic software version are the same.
  • The new chart is not compatible with old chart versions (versions prior to 4.6.1)!

Deployment Setup

Attention!

  • To install the enterprise version, you must first download the gitflic-server-ee:<Current tag> image from your personal account, push it to your container registry, and specify it as the image for GitFlic software.
  • By default, storageClass.name=default is used.
  • Be careful! On most containerization platforms, the reclaimPolicy parameter is set to Delete by default!

You can familiarize yourself with the changes in versions and the capabilities of the Helm chart in the official repository

Quick Start

helm install gitflic oci://registry.gitflic.ru/helm/project/gitflic/gitflic-server-helm/gitflic-server \
    --namespace gitflic \
    --create-namespace

In this case, the latest available GitFlic software will be deployed. The storage configuration (storageClass) set by default in the cluster will be applied. Certificates will be generated automatically. The configuration for the ingress controller will not be applied. Elasticsearch and its functionality will not be installed and applied.

Access to the Web Interface

kubectl -n gitflic port-forward deployments/gitflic 8080:8080

Access to the SSH Server

kubectl -n gitflic port-forward deployments/gitflic 2255:2255

Changing Application Parameters

Changing the Application's baseUrl

The baseUrl parameter is used for generating links inside the application and must contain the final domain or host through which the application will be accessed. The parameter must be formed with the protocol and port. This parameter will be written to the application's configMap. When changing this parameter, it is necessary to restart the GitFlic application for the changes to take effect!

To change the baseUrl, create a values.yaml file or add directives to an existing one:

# values.yaml
gitflic:
  baseUrl: "https://example.my.domain:8080"

How to Get Automatically Generated Certificates and Keys

kubectl -n gitflic get secrets gitflic-cert -o jsonpath='{ .data.key\.pem }' | base64 -d > ./key.pem
kubectl -n gitflic get secrets gitflic-cert -o jsonpath='{ .data.key\.pem\.pub }' | base64 -d > ./key.pem.pub
kubectl -n gitflic get secrets gitflic-cert -o jsonpath='{ .data.private_key\.pem }' | base64 -d > ./private_key.pem
kubectl -n gitflic get secrets gitflic-cert -o jsonpath='{ .data.public_key\.pem }' | base64 -d > ./public_key.pem

After executing the commands, the following files will be created:

  • key.pem - Private key for the GitFlic platform's SSH server
  • key.pem.pub - Public key for the GitFlic platform's SSH server
  • private_key.pem - Private key for the GitFlic platform's operation
  • public_key.pem - Public key for the GitFlic platform's operation

Save these keys in a secure location. Changing these keys during the operation of the GitFlic platform is prohibited and may lead to platform malfunction!

How to Install Your Own Certificates and Keys

Create key pairs for the SSH server and GitFlic platform services:

ssh-keygen -t ed25519 -N "" -q -f key.pem
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

Add additional parameters to the installation command:

helm install gitflic oci://registry.gitflic.ru/helm/project/gitflic/gitflic-server-helm/gitflic-server \
    --namespace gitflic \
    --create-namespace \
    --set generate_certificate=false \
    --set-file gitflic.certs.key=key.pem \
    --set-file gitflic.certs.keyPub=key.pem.pub \
    --set-file gitflic.certs.public_key=public_key.pem \
    --set-file gitflic.certs.private_key=private_key.pem

By default, the code search functionality is disabled. This functionality requires connecting elasticsearch to the deployment and configuring the application to work with it.

To enable the code search functionality, create a values.yaml file or add directives to an existing one:

# values.yaml
elasticsearch:
  install: true
gitflic:
  elasticsearch:
    enable: true

Changing SMTP Server Parameters

By default, the SMTP server is not configured and does not send emails.

To change SMTP server parameters, create a values.yaml file or add directives to an existing one:

# values.yaml
gitflic:
  mail:
    host: "smtp.foo.bar" # SMTP server host
    port: 587 # SMTP server port
    username: foo@bar.net # Username for connecting to the SMTP server
    password: Superp@$$word # User password for connecting to the SMTP server
    sender:
      name: foobar # Username displayed as the sender of emails
      email: foo@noreply.bar # Email displayed as the sender of emails

Changing Deployment Parameters

Changing the imagePullPolicy Parameter

By default, for all deployments, the imagePullPolicy parameter is set to IfNotPresent.

To change the imagePullPolicy parameter, create a values.yaml file or add directives to an existing one:

# values.yaml
redis:
  imagePullPolicy: "Never" # Or Always, depending on your requirements
postgres:
  imagePullPolicy: "Never" # Or Always, depending on your requirements
elasticsearch:
  imagePullPolicy: "Never" # Or Always, depending on your requirements
gitflic:
  imagePullPolicy: "Never" # Or Always, depending on your requirements

Enabling Container Limits

For all containers within the deployment, the resources.requests parameters are set according to the software's minimum requirements for platform operation. Limits (resources.limits parameters) are set only for the gitflic-server and elasticsearch containers. Other containers use all available cluster resources by default. If you need to limit and/or override existing ones, use the service name as the root directive and standard directives for defining container resources. Current limits may be changed in the future and/or removed entirely. For more details, see the values.yaml file.

To change container limits, create a values.yaml file or add directives to an existing one:

# values.yaml
# Example for postgresql
postgres:
  containers:
    resources:
      requests:
        cpu: "500m"
        memory: "512Mi"
      limits:
        cpu: "1000m"
        memory: "2048Mi"

Changing the imagePullSecrets Parameter

By default, for all deployments, the imagePullSecrets parameter is not set. To access private registries, you must create a resource of type secret with parameters for accessing the registry:

kubectl create secret docker-registry my-private-registry \
    --namespace gitflic \
    --docker-server #Address of the container registry \
    --docker-username #Username for accessing the registry \
    --docker-password #User password for accessing the registry

To specify the secret with registry data, create a values.yaml file or add directives to an existing one:

# values.yaml
redis:
  imagePullSecrets: "my-private-registry" # Or the name specified when creating the secret
postgres:
  imagePullSecrets: "my-private-registry" # Or the name specified when creating the secret
elasticsearch:
  imagePullSecrets: "my-private-registry" # Or the name specified when creating the secret
rabbitmq:
  imagePullSecrets: "my-private-registry" # Or the name specified when creating the secret
gitflic:
  imagePullSecrets: "my-private-registry" # Or the name specified when creating the secret

Changing the Default Cluster Zone

By default, the svc.cluster.local zone is set.

To change the cluster zone, create a values.yaml file or add directives to an existing one:

cluster:
  zone: # Your cluster zone name

Changing Default Container Images

By default, images from the public registry registry.gitflic.ru are used. If there is no possibility to connect to the public registry, it is recommended to download the images from this deployment by any available means and load them into your private registry, as the deployment assumes the use of images specified in the deployment configuration.

To change the default images, create a values.yaml file or add directives to an existing one:

# values.yaml
redis:
  image:
    repository: my-private-registry/redis
    tag: "6.2"
postgres:
  image:
    repository: my-private-registry/postgres
    tag: "12"
rabbitmq:
  image:
    repository: my-private-registry/rabbitmq
    tag: "3.13-alpine"
elasticsearch:
  image:
    repository: my-private-registry/elasticsearch
    tag: "7.16.2"
gitflic:
  image:
    repository: my-private-registry/gitflic-server-enterprise
    tag: "4.6.1"

Changing Data Storage Parameters

Changing storageClassName

Attention!

To change storageClassName, create a values.yaml file or add directives to an existing one:

#values.yaml
redis:
  storage:
    storageClassName: #Your storageClass, e.g., longhorn
postgres:
  storage:
    storageClassName: #Your storageClass, e.g., longhorn
elasticsearch:
  storage:
    storageClassName: #Your storageClass, e.g., longhorn
gitflic:
  storage:
    storageClassName: #Your storageClass, e.g., longhorn

Perform the installation using the created values.yaml file:

helm install gitflic oci://registry.gitflic.ru/helm/project/gitflic/gitflic-server-helm/gitflic-server \
    --namespace gitflic \
    --create-namespace \
    --values ./values.yaml

Disabling PersistentVolumeClaim Usage

When disabling the use of PersistentVolumeClaim, the emptyDir parameter will be applied to the containers. This will result in no separate storage being allocated for data, and all changes will be written inside the container. Do not use this parameter in a production environment!

To disable the use of PersistentVolumeClaim, create a values.yaml file or add directives to an existing one:

# values.yaml
redis:
  storage:
    usePVC: false
postgres:
  storage:
    usePVC: false
elasticsearch:
  storage:
    usePVC: false
gitflic:
  storage:
    usePVC: false

Changing the Amount of Allocated Storage Space

To change the amount of allocated space for data storage, create a values.yaml file or add directives to an existing one:

# values.yaml
redis:
  storage:
    capacity: 3Gi # Change if there is not enough space for cache storage
postgres:
  storage:
    capacity: 5Gi # Change if the database exceeds the current size
elasticsearch:
  storage:
    capacity: 20Gi # Change if the database size exceeds the current size
gitflic:
  storage:
    capacity: 20Gi # Change according to your expected repository sizes and/or registry data

Changing Database Parameters

Connecting Your Own Postgresql Database

Before connecting your own Postgresql DB, you must initialize the database and install the necessary extensions yourself: - pgcrypto - pg_trgm

To connect your own postgresql database, create a values.yaml file or add directives to an existing one:

# values.yaml
postgres:
  install: false
  host: foo.bar.sql # Address of the postgresql host
  port: 5432 # Port of the postgresql host. Default value is 5432
  user: foobar # User for the postgresql db. Default value is gitflic
  password: foobarpassword # Password for accessing the postgresql database
  database: # Database name. Default value is gitflic

Perform the installation using the created values.yaml file:

helm install gitflic oci://registry.gitflic.ru/helm/project/gitflic/gitflic-server-helm/gitflic-server \
    --namespace gitflic \
    --create-namespace \
    --values ./values.yaml

How to Get the Postgresql Database Password

In case of installing the Postgresql DB from the chart, the password for accessing the DB will be generated automatically and placed in a Secret in the same namespace where the deployment was performed.

kubectl -n gitflic get secrets passwords -o jsonpath='{ .data.postgres }' | base64 -d

Parameters for the Ingress Controller

Warning!

The templates for the ingress controller only work with the nginx controller!

Enabling Template Creation

By default, the creation of a template for the ingress controller is disabled. Automatic generation of the secret name with TLS certificates is made for deployments that use a third-party cert-manager for certificate generation, such as Let's Encrypt.

To enable template creation, create a values.yaml file or add directives to an existing one:

# values.yaml
ingress:
  create: true
  tls:
    secretName: "" # Name of the secret with TLS certificates. If left empty, the secret name will be generated automatically.
  rules:
    host: "example.gitflic.local" # Host through which access will be provided.

Disabling TLS Certificates

To disable HTTPS access, create a values.yaml file or add directives to an existing one:

# values.yaml
ingress:
  tls:
    enabled: false

Adding Annotations to the Ingress Template

To add your own annotations, create a values.yaml file or add directives to an existing one:

# values.yaml
ingress:
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # Adding forced redirection to the HTTPS protocol
    # Other annotations that need to be added to the template

Disabling Predefined Annotations

By default, some annotations for the controller are included in the template. For more details, see the values.yaml file in the ingress.annotationsStatic block.

To disable predefined annotations, create a values.yaml file or add directives to an existing one:

# values.yaml
ingress:
  annotationsStatic: {}

Example of a Complete values.yaml File

Below is an example of a complete values.yaml file for deployment in a production environment.

It is assumed that:

  • The storageClassName=longhorn-gitflic with the policy reclaimPolicy=Retain and additional storage settings has been created in the cluster beforehand.
  • The nginx ingress controller is installed in the cluster. cert-manager is absent.
  • Certificates for tls have been created and added manually as secret=gitflic-tls-secret.
  • Forced redirection to the HTTPS protocol is enabled.
  • The address https://example.gitflic.local is used as the host.
  • The gitflic-ee:4.6.1 image has been downloaded from the personal account and uploaded to my-private-registry at the path my-private-registry/gitflic-enterprise:4.6.1.
  • A secret=private-registry-secret has been created for accessing the private registry where the gitflic-enterprise:4.6.1 image is located.
  • The Code Search functionality is enabled.
  • The standard cluster zone svc.cluster.local is used.
  • Certificates and keys for SSH will be generated automatically.
  • An external postgresql DB will not be used.
  • The expected storage size for repositories and the registry is 100Gb.
  • The SMTP server is not used.
# values.yaml
redis:
  storage:
    storageClassName: "longhorn-gitflic"
postgres:
  storage:
    storageClassName: "longhorn-gitflic"
elasticsearch:
  install: true
  storage:
    storageClassName: "longhorn-gitflic"
gitflic:
  image:
    repository: my-private-registry/gitflic-enterprise
    tag: "4.6.1"
  imagePullSecrets: "private-registry-secret"
  storage:
    storageClassName: "longhorn-gitflic"
    capacity: 100Gi
  baseUrl: "https://example.gitflic.local"
  elasticsearch:
    enable: true
ingress:
  create: true
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
  tls:
    secretName: "gitflic-tls-secret"
  rules:
    host: "example.gitflic.local"

Automated translation!

This page has been automatically translated. The text may contain inaccuracies.