From 297c22503ffe5f70ee95a189ed626726d8c32f5c Mon Sep 17 00:00:00 2001
From: liuxiaohua <texousliu@foxmail.com>
Date: Tue, 7 Jan 2025 18:31:43 +0800
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20[2025-01-08]=20=E6=B7=BB=E5=8A=A0Gi?=
 =?UTF-8?q?tlab=E5=B9=B3=E5=8F=B0=E6=8E=A5=E5=85=A5=E6=8C=87=E5=8D=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 任务/周报.md                             |   3 +-
 教程/20250108-Gitlab安装及SSO接入指南.md | 103 +++++++++++++++++++++++
 2 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 教程/20250108-Gitlab安装及SSO接入指南.md

diff --git a/任务/周报.md b/任务/周报.md
index eefa437..dfe85cf 100644
--- a/任务/周报.md
+++ b/任务/周报.md
@@ -1,5 +1,6 @@
 ## 20250106 - 20250110
-- [ ] Yearning SSO接入
+- [X] Yearning SSO接入
+- [ ] K8s健康检查接口集成。
 - [ ] 集简云对接（需要付费后才能介入）
   - 基础架子搭建
   - 接口对接
diff --git a/教程/20250108-Gitlab安装及SSO接入指南.md b/教程/20250108-Gitlab安装及SSO接入指南.md
new file mode 100644
index 0000000..d63291b
--- /dev/null
+++ b/教程/20250108-Gitlab安装及SSO接入指南.md
@@ -0,0 +1,103 @@
+<!-- Space: qifu -->
+<!-- Parent: 后端技术&知识&规范 -->
+<!-- Parent: 技术方案 -->
+<!-- Parent: 基建 -->
+<!-- Title: 20250108-Gitlab安装及SSO接入指南 -->
+
+<!-- Macro: :anchor\((.*)\):
+     Template: ac:anchor
+     Anchor: ${1} -->
+<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
+     Template: ac:image
+     Url: ${1}
+     Width: ${2} -->
+<!-- Macro: \<\!\-\- :toc: \-\-\>
+     Template: ac:toc
+     Printable: 'false'
+     MinLevel: 2 
+     MaxLevel: 4 -->
+<!-- Include: 杂项/声明文件.md -->
+
+<!-- :toc: -->
+
+# Gitlab 安装及 SSO 接入指南
+
+## Gitlab 安装启动
+
+- 可以参考：https://docs.gitlab.com/ee/install/docker/installation.html
+- GITLAB_HOME: /usr/local/gitlab
+
+### Docker Compose 启动
+
+#### 修改 docker compose 文件
+
+- Docker Compose 文件 `$GITLAB_HOME/docker-compose.yml`
+
+```yaml
+version: '3.6'
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:17.7.0-ce.0
+    container_name: gitlab
+    restart: always
+    hostname: '192.168.113.131'
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'http://192.168.113.131:8929'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2424
+    ports:
+      - '8929:8929'
+      - '2443:443'
+      - '2424:22'
+    volumes:
+      - '$GITLAB_HOME/config:/etc/gitlab'
+      - '$GITLAB_HOME/logs:/var/log/gitlab'
+      - '$GITLAB_HOME/data:/var/opt/gitlab'
+    shm_size: '256m'
+
+```
+- 默认账号：`root`
+- 默认密码：在 `$GITLAB_HOME/config/initial_root_password`
+
+### Yearning OIDC 配置
+
+- 可以参考：https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak
+- **注意：** Gitlab 整合 OIDC，Identity Provider 必须要用 `https`
+
+#### 修改配置文件（Keycloak示例）
+
+- 配置文件 `$GITLAB_HOME/config/gitlab.rb`
+
+```shell
+gitlab_rails['omniauth_enabled'] = true
+gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
+gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
+gitlab_rails['omniauth_auto_link_user'] = ['openid_connect']
+gitlab_rails['omniauth_providers'] = [
+  {
+    name: "openid_connect", # do not change this parameter
+    label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
+    args: {
+      name: "openid_connect",
+      scope: ["openid", "profile", "email"],
+      response_type: "code",
+      issuer:  "https://keycloak.example.com/realms/myrealm",
+      client_auth_method: "query",
+      discovery: true,
+      uid_field: "preferred_username",
+      pkce: true,
+      client_options: {
+        identifier: "<YOUR CLIENT ID>",
+        secret: "<YOUR CLIENT SECRET>",
+        redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
+      }
+    }
+  }
+]
+```
+
+## 参考
+
+- [Gitlab OIDC](https://docs.gitlab.com/ee/administration/auth/oidc.html)
+- [Gitlab OIDC 整合 Keycloak](https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak)
+