texousliu/keyfil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[2025-01-08] 添加Gitlab平台接入指南
All checks were successful
Publish to Confluence / confluence (push) Successful in 50s
Details

Browse Source
This commit is contained in:
liuxiaohua 2025-01-07 18:31:43 +08:00
parent 29bc03531a
commit 297c22503f
2 changed files with 105 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
任务/周报.md
View File

@ -1,5 +1,6 @@
## 20250106 - 20250110 ## 20250106 - 20250110
- [ ] Yearning SSO接入 - [X] Yearning SSO接入
- [ ] K8s健康检查接口集成。
- [ ] 集简云对接(需要付费后才能介入) - [ ] 集简云对接(需要付费后才能介入)
- 基础架子搭建 - 基础架子搭建
- 接口对接 - 接口对接

103
教程/20250108-Gitlab安装及SSO接入指南.md Normal file
View File

@ -0,0 +1,103 @@
<!-- Space: qifu -->
<!-- Parent: 后端技术&知识&规范 -->
<!-- Parent: 技术方案 -->
<!-- Parent: 基建 -->
<!-- Title: 20250108-Gitlab安装及SSO接入指南 -->
<!-- Macro: :anchor\((.*)\):
Template: ac:anchor
Anchor: ${1} -->
<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
Template: ac:image
Url: ${1}
Width: ${2} -->
<!-- Macro: \<\!\-\- :toc: \-\-\>
Template: ac:toc
Printable: 'false'
MinLevel: 2
MaxLevel: 4 -->
<!-- Include: 杂项/声明文件.md -->
<!-- :toc: -->
# Gitlab 安装及 SSO 接入指南
## Gitlab 安装启动
- 可以参考https://docs.gitlab.com/ee/install/docker/installation.html
- GITLAB_HOME: /usr/local/gitlab
### Docker Compose 启动
#### 修改 docker compose 文件
- Docker Compose 文件 `$GITLAB_HOME/docker-compose.yml`
```yaml
version: '3.6'
services:
gitlab:
image: gitlab/gitlab-ce:17.7.0-ce.0
container_name: gitlab
restart: always
hostname: '192.168.113.131'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://192.168.113.131:8929'
gitlab_rails['gitlab_shell_ssh_port'] = 2424
ports:
- '8929:8929'
- '2443:443'
- '2424:22'
volumes:
- '$GITLAB_HOME/config:/etc/gitlab'
- '$GITLAB_HOME/logs:/var/log/gitlab'
- '$GITLAB_HOME/data:/var/opt/gitlab'
shm_size: '256m'
```
- 默认账号:`root`
- 默认密码:在 `$GITLAB_HOME/config/initial_root_password`
### Yearning OIDC 配置
- 可以参考https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak
- **注意:** Gitlab 整合 OIDCIdentity Provider 必须要用 `https`
#### 修改配置文件Keycloak示例
- 配置文件 `$GITLAB_HOME/config/gitlab.rb`
```shell
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_auto_link_user'] = ['openid_connect']
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect", # do not change this parameter
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://keycloak.example.com/realms/myrealm",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
pkce: true,
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
]
```
## 参考
- [Gitlab OIDC](https://docs.gitlab.com/ee/administration/auth/oidc.html)
- [Gitlab OIDC 整合 Keycloak](https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-keycloak)