jei0486 · July 27, 2023 03:54
diff --git a/alb-full.yaml b/alb-full.yaml
 # AWS Load Balancer Controller using ALB Ingress
 # https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/aws/alb-full.yaml
 # minimal settings needed to run gitlab on ALB
 # Note that when using an ALB ingress controller we need to use a separate NLB for gitlab-shell (ssh) connections.

 # Disable nginx-ingress
 nginx-ingress:
  enabled: false
 # Common settings for AWS Load Balancer Controller
 global:
  hosts:
    domain: example.com
    # we need a different dns endpoint for webservice and ssh
    ssh: gitlab-shell.example.com
  ingress:
    # Common annotations used by kas, registry, and webservice
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTP
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:123456789012:certificate/01234567-89ab-cdef-0123-456789abcdef
      alb.ingress.kubernetes.io/group.name: gitlab
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      kubernetes.io/ingress.class: alb
      nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
    class: none
    configureCertmanager: false
    enabled: true
    path: /*
    pathType: ImplementationSpecific
    provider: aws
    tls:
      enabled: false
 gitlab:
  kas:
    enabled: true
    ingress:
      # Specific annotations needed for kas service to support websockets
      annotations:
        alb.ingress.kubernetes.io/healthcheck-path: /liveness
        alb.ingress.kubernetes.io/healthcheck-port: "8151"
        alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
        alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=4000,routing.http2.enabled=false
        alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400
        alb.ingress.kubernetes.io/target-type: ip
        kubernetes.io/tls-acme: "true"
        nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
        nginx.ingress.kubernetes.io/x-forwarded-prefix: "/path"
    # k8s services exposed via an ingress rule to an ELB need to be of type NodePort
    service:
      type: NodePort
  webservice:
    enabled: true
    service:
      type: NodePort
  # gitlab-shell (ssh) needs an NLB
  gitlab-shell:
    enabled: true
    service:
      annotations:
        external-dns.alpha.kubernetes.io/hostname: "gitlab-shell.example.com"
        service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
        service.beta.kubernetes.io/aws-load-balancer-type: "external"
      type: LoadBalancer
 registry:
  enabled: true
  service:
    type: NodePort
	# AWS Load Balancer Controller using ALB Ingress
	# https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/aws/alb-full.yaml
	# minimal settings needed to run gitlab on ALB
	# Note that when using an ALB ingress controller we need to use a separate NLB for gitlab-shell (ssh) connections.

	# Disable nginx-ingress
	nginx-ingress:
	enabled: false
	# Common settings for AWS Load Balancer Controller
	global:
	hosts:
	domain: example.com
	# we need a different dns endpoint for webservice and ssh
	ssh: gitlab-shell.example.com
	ingress:
	# Common annotations used by kas, registry, and webservice
	annotations:
	alb.ingress.kubernetes.io/backend-protocol: HTTP
	alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:123456789012:certificate/01234567-89ab-cdef-0123-456789abcdef
	alb.ingress.kubernetes.io/group.name: gitlab
	alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
	alb.ingress.kubernetes.io/scheme: internet-facing
	alb.ingress.kubernetes.io/target-type: ip
	kubernetes.io/ingress.class: alb
	nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
	class: none
	configureCertmanager: false
	enabled: true
	path: /*
	pathType: ImplementationSpecific
	provider: aws
	tls:
	enabled: false
	gitlab:
	kas:
	enabled: true
	ingress:
	# Specific annotations needed for kas service to support websockets
	annotations:
	alb.ingress.kubernetes.io/healthcheck-path: /liveness
	alb.ingress.kubernetes.io/healthcheck-port: "8151"
	alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
	alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=4000,routing.http2.enabled=false
	alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400
	alb.ingress.kubernetes.io/target-type: ip
	kubernetes.io/tls-acme: "true"
	nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
	nginx.ingress.kubernetes.io/x-forwarded-prefix: "/path"
	# k8s services exposed via an ingress rule to an ELB need to be of type NodePort
	service:
	type: NodePort
	webservice:
	enabled: true
	service:
	type: NodePort
	# gitlab-shell (ssh) needs an NLB
	gitlab-shell:
	enabled: true
	service:
	annotations:
	external-dns.alpha.kubernetes.io/hostname: "gitlab-shell.example.com"
	service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
	service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
	service.beta.kubernetes.io/aws-load-balancer-type: "external"
	type: LoadBalancer
	registry:
	enabled: true
	service:
	type: NodePort