I am trying to run gitlab completely as a docker swarm stack (including docker registry and the possibility to clone repos via ssh). Since traefik does not support tcp streams I can’t use it for ssh. So I will have to define a route to tje container without traefik. The registry should run under a subdomain.
I think you’re good on the gitlab/registry container idea - I agree that you can’t use traefik for SSH, but it shouldn’t matter, since swarm routing mesh will deliver any inbound TCP 2222 on any node, to the correct gitlab container.
Thank you for your quick reply. Unfortunately I couldn’t get sameersbn/gitlab working because of database errors. That’s why I tried the official gitlab image.
Probably not the feedback you were hoping for, I really like what you’ve done with the environment variables! I’ll try and replicate what you’ve got above and refresh the recipe - maybe the sameersbn install is not the best choice anymore anyway. I’ve created an issue to track this, and will test it out over the next day or two
What I don’t like of it is that it makes use of a second service as container registry. I think this makes no sense because gitlab provides the container registry already. Another thing what I realised is the fact that if I edit the gitlab.rb file itself and don’t use omnibus, then my stack file works! Maybe omnibus does not work properly…
BTW, I got the original recipe (finger lickin’ good!) working with the addition of some environment variables. I couldn’t bring myself to try the omnibus solution, because I really like the separation of the various components (postgres, redis, etc) in the sameersbn/gitlab container design
I agree. Docker is mae for isolated singli purpose services. So the first thing is to separate any stack into pieces. I prefere this too. But on the other hand I like to run official images… As you can see GitLab gets me in trouble. However, in the meanwhile I got my (official) GitLab running too (Including SSL encrypted container registry, working shared runners and working git connection over ssh - Everything behind traefik. If you are interested let me know.
Previous example was using separate services for Registry and Mattermost because we were using jwilder/nginx-proxy as Docker front proxy and it was not able to expose the same port twice for a single service (80 → gitlab and 80 → registry).
We still experience some issues with Mattermost, when requesting SSO access token. Feel free to pull request me if you have some suggestions or improvements.