I am trying to install gitlab using the helm charts in a Microk8s kubernetes cluster, and I keep running into some problems with LDAP.
Here is how I installed gitlab:
microk8s helm3 install gitlab /var/snap/install/helm/gitlab/ -n gitlab-system \
--timeout 600s \
--set global.hosts.domain=my.domain.dev \
--set https=true \
--set global.ingress.enabled=true \
--set nginx-ingress.enabled=false \
--set certmanager.install=false \
--set global.ingress.configureCertmanager=false \
--set global.certificates.customCAs[0].secret=gitlab-dev-ca \
--set global.ingress.tls.secretName=gitlab-tls \
--set global.appConfig.ldap.enabled=true \
--set global.appConfig.ldap.servers.main.ca_file=/etc/ssl/certs/ca-cert-dev-ca.pem \
--set global.appConfig.ldap.servers.main.label='DEV' \
--set global.appConfig.ldap.servers.main.host='mydc01.my.domain.dev' \
--set global.appConfig.ldap.servers.main.port='636' \
--set global.appConfig.ldap.servers.main.uid='sAMAccountName' \
--set global.appConfig.ldap.servers.main.encryption='simple_tls' \
--set global.appConfig.ldap.servers.main.bind_dn='CN=svc_gitlab,OU=Users,OU=Common,DC=my,DC=domain,DC=dev' \
--set global.appConfig.ldap.servers.main.password.secret=gitlab-ldap \
--set global.appConfig.ldap.servers.main.password.key=ldap-pw \
--set global.appConfig.ldap.servers.main.active_directory=true \
--set global.appConfig.ldap.servers.main.base='dc=my,dc=domain,dc=dev' \
--set postgresql.install=false \
--set global.psql.host=postgresql.default \
--set global.psql.username=gitlab \
--set global.psql.database=gitlab_db \
--set global.psql.password.useSecret=true \
--set global.psql.password.secret=gitlab-passwords \
--set global.psql.password.key=postgres-pw \
-f gitlab-pvc.yaml
The pods spin up and I can log into the gitlab-instance at https://gitlab.my.domain.dev just fine, but I can’t get LDAP login to work.
I then go to the gitlab-task-runner pod to run some tests:
git@gitlab-task-runner-546d866685-g4lk4:/$ gitlab-rake gitlab:env:info
System information
System:
Proxy: no
Current User: git
Using RVM: no
Ruby Version: 2.7.4p191
Gem Version: 3.2.19
Bundler Version:2.2.19
Rake Version: 13.0.6
Redis Version: unknown
Git Version: unknown
Sidekiq Version:6.2.2
Go Version: unknown
GitLab information
Version: 14.4.2-ee
Revision: 84aa6daaffd
Directory: /srv/gitlab
DB Adapter: PostgreSQL
DB Version: 12.9
URL: https://gitlab.my.domain.dev
HTTP Clone URL: https://gitlab.my.domain.dev/some-group/some-project.git
SSH Clone URL: git@gitlab.my.domain.dev:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: no
GitLab Shell
Version: 13.21.1
Repository storage paths:
- default: /var/opt/gitlab/repo
GitLab Shell path: /home/git/gitlab-shell
Git: /usr/bin/git
git@gitlab-task-runner-546d866685-g4lk4:/$ gitlab-rake gitlab:ldap:check
Checking LDAP ...
LDAP: ... Server: ldapmain
LDAP authentication... Failed. Check `bind_dn` and `password` configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP ... Finished
git@gitlab-task-runner-546d866685-g4lk4:/etc/gitlab/ldap/main$ ls -la
total 4
drwxr-sr-x 2 git git 60 Nov 30 13:59 .
drwxr-sr-x 3 git git 60 Nov 30 13:59 ..
-r--r----- 1 git git 34 Nov 30 13:59 password
Checking the password in the file confirms that it is the correct one - and running ldapsearch against the domain from the host using the bind_dn works fine
ldapsearch -LLL -H ldaps://mydc01.my.domain.dev:636 -b "DC=my,DC=domain,DC=dev" -D "CN=svc_gitlab,OU=Users,OU=Common,DC=my,DC=domain,DC=dev" -W
I’m quite new to both Kubernetes and Gitlab, so there is probably tons of stuff I have overlooked, but right now I’m a little stuck
Any help or pointers would be appreciated.