Problem to solve
I am hosting my own gitlab instance and i want to know how i can adjust my docker-compose.yml
file to add the OIDC capability through there.
I already have it working by going into the image, adjusting the gitlab.rb
file and run the reconfigure command.
But something tells me that it should also be possible to achieve directly in the compose file.
i just need to know how i can run these commands when creating a new instance with docker. i just want to know if i can do this in 1 go?
Steps to reproduce
- either go into the container like this:
docker run -it gitlab/gitlab-ce /bin/bash
- edit the gitlab.rb file
- run the reconfigure command
this is how i currently add my OICD and memory optimizations by reading these guides:
- Use OpenID Connect as an authentication provider | GitLab
- Running GitLab in a memory-constrained environment | GitLab
these are the configurations i want to pass:
- OIDC:
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect", # do not change this parameter
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
icon: "/logo/logo.png",
args: {
name: "THENAME",
scope: ["openid","profile","email"],
response_type: "code",
issuer: "THEURL/realms/master",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
send_scope_to_token_endpoint: "false",
pkce: true,
client_options: {
identifier: "THEIDENTIFIER",
secret: "THEKEY",
redirect_uri: "THEURL/users/auth/openid_connect/callback"
}
}
}
]
optimizations:
puma['worker_processes'] = 0
sidekiq['concurrency'] = 5
prometheus_monitoring['enable'] = false
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}
gitaly['configuration'] = {
concurrency: [
{
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
'max_per_repo' => 3,
}, {
'rpc' => "/gitaly.SSHService/SSHUploadPack",
'max_per_repo' => 3,
},
],
cgroups: {
repositories: {
count: 2,
},
mountpoint: '/sys/fs/cgroup',
hierarchy_root: 'gitaly',
memory_bytes: 500000,
cpu_shares: 512,
},
}
gitaly['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
}
Configuration (DOCKER)
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: always
hostname: ${HOSTNAME}
environment:
PUID: 1000
PGID: 1000
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://git.localhost.com'
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
GITLAB_ROOT_PASSWORD: ${GITLAB_ROOT_PASSWORD}
GITLAB_ROOT_EMAIL: ${GITLAB_ROOT_EMAIL}
GITLAB_NOTIFY_ON_BROKEN_BUILDS: true
GITLAB_NOTIFY_PUSHER: true
GITLAB_EMAIL: ${GITLAB_EMAIL}
GITLAB_EMAIL_REPLY_TO: ${GITLAB_EMAIL_REPLY_TO}
GITLAB_INCOMING_EMAIL_ADDRESS: ${GITLAB_INCOMING_EMAIL_ADDRESS}
GITLAB_BACKUP_SCHEDULE: daily
GITLAB_BACKUP_TIME : "01:00"
OAUTH_ENABLED: true
OAUTH_ALLOW_SSO: true
# Add any other gitlab.rb configuration here, each on its own line
ports:
- '580:80'
- '6443:443'
- '6022:22'
volumes:
- /mnt/Data/Services/gitlab/config:/etc/gitlab
- /mnt/Data/Services/gitlab/logs:/var/log/gitlab
- /mnt/Data/Services/gitlab/data:/var/opt/gitlab
- /mnt/Data/Services/gitlab/logo:/logo
shm_size: '256m'
deploy:
resources:
limits:
cpus: '0.5'
networks:
- outside
- default
networks:
outside:
external: true
name: nginx-reverse-proxy_default
Self managed: Docker
Version: [16.9.6-ce.0]
as the docker states every configuration should be its own line but how do i pass these objects? do i just paste it in? can i pas a file? its all very confusing to me since these are not just 1 liners.
Thanks in advance.