►
From YouTube: Trying out GitLab Geo installation via the Helm Charts
Description
Going through the Geo docs to install Geo using our Helm Charts with two Omnibus, external (from k8s) DBs.
Issue link: https://gitlab.com/gitlab-org/gitlab/-/issues/36965
(there's a blank screen at ~15:30 because of a system crash, afterwards it continues with the second part)
A
B
So
as
pre
kind
of
pre-flight,
we've
installed
omnibus
on
two
different
databases:
they're
in
the
same
zones
as
the
two
clusters
created
here
and
we're
going
to
use
just
some
basic
passwords.
The
instances
will
be
anyway
firewalled
from
the
outside,
so
those
will
be
safe.
B
Yeah,
so
we
don't,
we
don't
recommend
running
you
kind
of
your
own
postgres
version,
and
we
also
don't
have
like
a
tested
way
of
doing
replication,
like
the
main
thing
of
you
is
that
you
need
to
have
replicated
database
for
the
secondary
as
well.
So
in
this
case
we
already
have
like
the
omnibus
atoms,
or
you
could
also
use
like
an
external
postgres
and
set
up
the
application
yourself
there
sure,
but.
C
Do
we
know
what's
the
most
used
case
scenario
with
our
customers,
it's
like
they.
B
B
The
most
are
with
external
databases,
so
you
yeah
that,
basically,
because
nowadays,
most
of
the
kubernetes
clusters
are
in
like
a
cloud
profile.
Let's
say:
yeah.
A
B
A
Maybe
something
we
can,
I
mean
this
is
maybe
something
we
can
do
at
the
like
sec
like
later
iteration,
because
I
don't
see
any
issue
with
that
at
all
right.
You
should
you
just
need
to
make
sure
that
your
databases
work
right
and
then
point
your
your
clusters
to
that
right
and
if
the
external
db
handles
the
replication
that
shouldn't
be
an
issue
yeah.
B
Cool
so
in
this
case
yeah
we're
going
to
use
the
only
bus
ones
so
we're
going
to
follow
the
docks.
This
is
like
the
most
straightforward
one,
because
we
already
have
all
the
setup
in
only
bus
for
like
regular
two
instances,
so
we
could
just
use
the
same
for
the
databases
and
have
the
install
in
kubernetes
so
going
to
the
docs
requirements.
B
The
first
line
is
talking
about
external
postgres,
just
as
we
talked
now,
the
database,
if
you're
using
external
ones
for
application,
needs
to
be
reachable
from
the
from
the
helm
deployments
and
also
needs
to
support
ssl
between
the
primary
secondary
db.
B
In
our
case,
I've
already
added,
I
think,
network
tags.
So
all
the
instances
in
this
network
should
be
reachable
between
each
other.
B
I've
added,
like
geodevo
network
tag
so
and
I've
also
created
a
firewall
rule
that
also
the
traffic
between
all
the
geodemo
network
target
instances
which
in
this
case,
are
the
tommy
bus,
db's
and
the
two
current
discussers.
D
B
B
B
Okay,
before
that
information
must
be
collected.
So
I've
already
collected
the
information
in
in
this
in
this
file.
B
B
C
D
B
For
the
kubernetes
clusters,
we
have
again
the
firewall
rules,
as
I
mentioned
they're
already
in
the
same
kind
of
network,
that's
allowing
all
the
traffic
within
and
then
each
classroom.
This
provision
should
have
enough
resources.
B
B
What
exactly
which,
which
part
do
it?
I.
A
I
think
there
is
an
effort
to
not
store
plain
text
passwords
in
gitlab
rb.
A
B
Which
is
trying
to
implement
that
so
this
might
change
pretty
soon
yeah,
okay
cool!
So
let's
configure
the
primary
db
first.
So
we're
going
to
start
with
this
example:
config,
I'm
just
going
to
to
initially
paste
it
in
my
my
editor
and
then
we'll
actually
paste
it
in
the
on
the
server
itself
after
we
edit
it
so.
B
B
I
was
going
to
go
with
this
domain
overall
and
let's
say
the
primary
would
be
gitlab,
but
this
domain,
and
then
we
have
another
one
for
the
secondary,
so
we're
going
to
go
ahead
with
https,
because
we
also
wanted
https,
adding
the
external
url
okay
and
then
the
unique
identifier
for
the
geonote
name,
your
node
name
with
our
primary.example.com.
B
So
this
doesn't
need
to
be
the
exact
domain.
You
can
put
it
as
well-
oh
it
can
be
just
like
a
node
name
as
long
as
we're
going
to
use
the
same
in
the
ui
when
we
add
the
nodes,
this
is
more
important
for
the
secondary,
basically
so
that
when
we
add
it
in
in
the
primary
data
when
we're
editing
the
primary
ui
as
the
tune,
node
we're
going
to
need
to
match
the
geonote
name
and
the
external
url.
Just
so,
let's
your
setup
will
recognize
the
node.
B
So
I
face
it
in
here
as
the
url
to
migrate,
false
all
the
services
disabled.
B
B
A
C
D
B
We'd
also
need
to
configure
the
postgres
db
listen
address.
I
think
it's
mentioned
in
the
dog.
B
So
it's
not
actually
mentioned
we
could
use
0.0.0.0,
which
means
it's
going
to
listen
on
all
addresses,
or
in
our
case
since
we
know
the
internality,
and
we
know
that
it's
already
bypassing
the
firewall
on
this
internal
network.
We
could
just
listen
on
this
ip
instead
of
force
listening
on
the
public
one
as
well,
and
then
for
the
user
password,
we
already
have
it
here,
I'm
going
to
copy
it,
okay
and
then
the
list
of
the
ca
cid
addresses.
B
So
if
we
leave
it
like
that,
we're
going
to
allow
all
instances
in
this
case
it's
only
on
an
internal
network.
So
that's
fine,
I'm
going
to
leave
it
like
that,
but
I
really
wanted
to
customize.
As
mentioned
in
the
in
the
docs,
you
you
want
to
add
your
local
ip
and
then
type
address
of
the
cluster
and
the
secondary
node
as
well.
B
B
So
I
think
my
my
internet
is
a
bit
slow.
You
kind
of
interrupted.
A
B
B
B
We're
going
to
set
that
simple
password
from
from
the
the
previous
file.
B
B
B
B
The
is
this
one.
B
And
I
think
it's
the
part
where
we
could
add
a
bit
in
the
docs
like
in
this
case.
I
know
because
I've
tested
I've
played
with
a
help
chart
before,
but
basically
it's
going
to
create
actually
a
kit
lab
dot
this
domain
when
it's
deployed,
so
the
domain
is
actually
like
the
the
base
domain,
where
this
install
is
going
to
leave
and
then
it's
going
to
create
automatically
gitlab
dot
and
then
menu
dot
and
registry,
both
so
we'll
end
up
with
this
url
for
our
primary
node.
B
A
A
C
B
C
Okay,
so
I
have
a
question
at
once:
yep,
so
are
you
supposed
to
create
the
file
before
you're
going
to
run
this
so
because,
basically
I
you
know
you
just
said
earlier
that,
oh
I
think
I
went
ahead
with
the
with
the
actual
file,
but
then
the
step
says:
oh
one
will
need
to
create
secret
blah
blah
blah.
Then
two
you
will
need
to
do
the
following.
So
basically
the
the
information
before
that
is
not
really
useful
at
the
moment.
A
A
B
C
Yeah
yeah
yeah
in
this
specifically
a
hundred
percent,
I'm
just
it's
just
odd
to
me
going
back
to
what
oh.
A
B
Okay,
let
me
just
check
that
this
is
my
global
cubicle
version.
Let
me
check
that
I'm
on
the
primary.
B
No,
so
I've
just
switched
my
context
to
the
primary,
because
we
want
to
be
doing
stuff
on
the
primary
cluster
and
let
me
create
the
secret
and
it
says
you
play
pass
it
first
password
with
the
password
for
looking
at
the
user
and
that's
in
our
case
that's
simple.
B
B
B
B
B
Doesn't
mention
the
node
name
in
here,
but
it
should
be
the
one
that
we've
set
in
the
primary
dot
rb,
oh
and
by
the
way.
Another
point
this
one
specifically
shouldn't
be
needed
here,
because
the
gitlab
rails
settings
are
for
rails
itself,
but
we
only
run
the
database
on
this
node.
So
pretty
much.
The
node
name
wouldn't
do
anything
even
if
we
set
it
on
this
host.
So
this
is
actually
what
we
need
to
set
in.
B
B
B
So
to
use
tls
we're
going
to
need
this
include
these
options
in
your
helmistar
command.
Okay,
so
I'm
going
to
copy
this
one
as
well.
B
B
Okay
and
because
we
want
to
also
use
dls,
I'm
also
going
to
add
this
at
the
end.
Okay,
and
that
would
be
my
email
and
let's
go
installing
it
now
cool.
B
B
B
C
While
this
is
installing,
it
says,
do
this,
if
you
use
v2
right,
yeah.
A
C
C
B
B
Yeah,
I
think
there
is
a
way
to
see
the
current
status-
it's
not
mentioned
in
here
as
a
command,
but
it
should
be
something
like
ingress
yeah,
so
we
got
an
ip.
B
C
C
B
C
Presumption,
I'm
curious
is
it
do
we
say
something
like
that
in
the
docs
like
you
have
to
allow.
B
C
We
have
mostly
the
reason
I
ask
you
that
is
like
what,
if
the
application
doesn't
come
online
in
five
minutes,
what
if
the
application
doesn't
come
online
in
10
minutes?
Maybe
they
think
maybe
they
think
it
failed,
and
there
is
no
error
message
how
they
can
verify
that
the
customer
can
verify
that.
B
Yeah
yeah,
that's
a
good
point,
don't
know
much
kubernetes
for
that,
but
I
think
you
can
look
first
at
the
ingressy
see
if
you,
if
you
get
an
ip,
because
I
think
the
main
problem
is
for
this
epi
to
get
allocated
by
the
cloud
provider
and
then
the
dns
to
be
set
and
afterwards,
if
you
get
those,
but
it's
still
not
happening
like
anything,
is
not
happening
and
the
ip
address
gets
resolved
or
looks
like
in
this
case.
It
start
now:
let's
see
okay,
so
we
didn't
get
a
certificate
yet.
B
C
B
Yeah
yeah,
so
it's
basically,
this
cert
manager
board,
which
I
think
is
doing
like
the
verification
and
then
also
setting
the
correct
certificate
once
it
got,
gets
back.
I
think,
even
if
we
look
at
the
logs
for
this
one,
okay
yeah
see
this
one
didn't
get
the
dns,
yet
it
says:
look
up
gitlab
dot
domain!
No
such
host,
so
forward
wait
for
a
few
seconds,
just
run
it
with
follow.
So
we
can
see.
B
Okay,
so
we
don't
get
an
error
anymore,
maybe
yeah!
Okay,
it
got
now
nice
cool,
so
it's
up
nice
and
now
look
into
github
and
up
your
you
upload
your
license
file
but
nightly
thing.
Okay.
So
now
there
is
a
problem
that
it's
not
mentioned
in
here,
but
I
think
it's
mentioned
in
the
particular
install
box
about
how
to
actually
get
that
password.
B
B
B
B
B
B
Yeah,
so
I
think
the
problem
with
this
one
is
that
it's
we
didn't
declare
namespace
and
yeah.
B
I'm
guessing
we'll
have
to
do
something
like
this
when
we
create
like
the
helm
deployment.
However,
we
didn't
so
we
can
adapt
this
command
by
just
removing
the
namespace,
because
it's
going
to
be
in
the
default
namespace
yeah.
So
we
see
the
code
here,
but.
B
B
A
B
Yeah,
I'm
not
sure
we
may
need
to,
I
think,
ask
the
distribution.
C
Yeah
now
it's
just
about
to
say
that
it
all
depends
on
how
do
we
con
how
you
we
write
the
following.
I
think
the
name
space
is
not
important.
It's
just
for
if
you,
if
you
have
a
lot
of
deployments,
it's
easy
for
you
to
spot
right
because
you're
going
to
set
the
name
for
it,
but
if
you're
just
going
to
set
this
99
of
the
time
it's
going
to
be
default,
unless
they
manually
specify
the
name
of
it.
Yeah
correct
me:
if
I'm
wrong.
B
Yeah
yeah,
I
think
best
practice-
is
to
usually
set
the
name
space.
I'm
not
sure
why
exactly
we
don't
have
one
here,
but
we
we
need
to
ask
the
distribution
team.
Maybe
there
is
a
reason.
Maybe
there
is
something
that's
necessary,
because
I
also
see
it's
upgrade
install.
So
I'm
not
sure
if
that,
if
that
makes
any
difference,
but
yes,
basically,
we
at
least
need
to
mention
if
we
don't
add
the
default
namespace
that
you
may
need
to
change
the
commands
before
doing
space.
If
you
don't
add
one
that
makes
sense
yeah.
B
B
Okay,
you
should
see
that
output
similar
to
below
don't
worry
about
the
exception
asking
when
these
containers
will
not
have
access
to
the
host
clock.
Okay,
so
we
do
get
that
and
then
authorize
keys
command
is
also
no
is
expected,
is
checking
for
a
local
sa
server
which
is
actually
present
in
the
glove
shelter
deployed
elsewhere.
Okay,
so
that
that
seems
to
be
expected
cool.
B
B
B
B
We
need
to
replace
the
word
item
16
very
much
completely
to
refer
the
host
name
of
our
secondary
instance
so
spell
of
secondary.example.com.
Let's
use
our
domain
here.
B
B
The
geonot
name
must
replace
with
a
unique
name
for
your
node.
In
this
case.
Let's
go
with
yeah,
let's
go
with
the
entire
dns.
Just
to
be
safe
doesn't
need
to
be,
it
could
be
just
a
unique
name
and
again,
I'm
not
sure
this
is
needed
on
the
database
host.
To
be
honest,
but
let's
set
it
here
as
well.
B
User
password
hash
must
be
replaced
with
the
hash
form
of
the
password
yeah,
so
the
poster
settings
list
an
address
again
as
in
the
primary
host
it's
already
in
that
internal
network.
So
I'm
going
to
just
use
this
the
internal
ip
for
this
one,
instead
of
listening
on
all
other
c's.
B
B
Hash,
okay,
the
mb5
all
civil
addresses,
as
in
the
previous
example,
it
should
be
customized
to
to
pull
that
piece
of
the
class
that
would
connect
to
this
instance,
in
this
case
the
localhost
and
the
ip
of
the
secondary
chart.
But
in
my
case
I'm
already
in
that
internal
network,
so
it's
firewalled
out
from
the
outside,
so
I
can
keep
all
the
ips
allowed
in
it
and
the
same
for
the
geophysical
skill
is
going
to
be
the
same
ip.
B
One
okay
same
here
with
the
old
cidr
addresses
same
story,
exact
same
story
and
then
for
the
actual
gitlab
user.
Password
is
the
simple
one
that
we
have
set
there.
B
Okay
and
then
the
password
is
used
here
to
allow
only
was
to
automate
the
postgres
configuration
cool
there.
Is
this
another
explanation
of
the
md5
votes
yeah
there
are
addresses
that
we've
discussed
for
the
primary
node,
so
this
can
be
left
as
0.0.0,
meaning
all
addresses
it's
not
best
practice.
However,
in
my
case,
I'm
on
an
internet,
or
so
that
should
be
fine
cool
once
the
configuration
above
is
prepared.
B
B
Check
this
speed
connectivity
to
the
primary
node
using
this
command
so
going
back
to
the
databases,
I'm
replacing
the
primary
node
ip
with
this
one.
B
B
B
B
B
B
B
B
B
B
B
Okay,
let's
run
this
cool,
so
we've
created
the
geosecret
as
well
and
now
to
the
geosecondary
chart
deployment.
This
section
we
perform
the
secondary
kubernetes
cluster
in
order
to
deploy
this
chart.
As
you
see
when
I
will
start
from
this
example,
configuration
yeah
so
again
as
before
it
may
be
a
bit.
B
B
B
D
B
Again
for
this
one
we're
going
to
need
the
secondary
database,
let's
just
copy
the
internal
ip,
basically
as
we
did
for
the
for
the
for
the
primary
chart
and
leave
everything
else,
unchanged,
geosecondary,
node
name
so
again
for
the
node
name
as
well,
we're
going
to
use
the
one
that
we've
also
set
in
the
secondary
rb,
which
I
don't
think
it's
going
to
matter
in
the
actual
database.
But
it's
going
to
matter
here.
B
B
An
omnibus
instance,
and
it's
on
the
same
host
with
the
secondary
db,
is
going
to
be
the
same,
the
same
host,
the
same
internal
ip
and
it's
going
to
post
to
the
secondary
omnibus
instance.
But
if
you
use,
like
external
databases,
you're
going
to
want
to
point
this
to
the
tracking
database
instead
of
the
secondary
database.
As
in
here,
I
think
the
docs
are
written
with
omnibus
db's
in
mind,
which
is
why
it
uses
geo2.
B
A
And
you
also
need
ssl
stuff.
B
D
B
B
I
think
the
next
steps
would
be
to
add
the
node
on
the
primary
as
well,
so
it
recognizes
it
as
the
secondary
and
after
that,
the
deployment
should
be
crossed.
Fingers
complete.
B
B
B
Okay,
so
they
didn't
get
an
ips
ip,
yet
we're
likely
going
to
get
an
ip
and
afterwards
set
the
dns
and
then
wait
for
the
ssl
certificate
and
afterwards
we
should
be
able
to
reach
the
instance.
B
B
B
B
B
B
Oh
so
we
got
the
hostname
as
well
the
certificate,
that's
awesome,
but
now
we're
redirected
to
the
sign
in.
However,
we
don't
want
that
because
this
is
the
jio
secondary.
So
we're
going
to
continue
with
the
steps
yeah.
It
says
that
wait
for
the
deployment
to
complete
an
application
will
come
online,
so
it
came
online
now
and
let's
go
to
next
step.
Add
secondary
g
instance
via
primaries.
So
now
that
both
dbs
are
configured
and
applications
are
deployed,
we
must
primary
that
the
secondary
exists
makes
sense.
B
B
That's
actually
for
the
secondary,
so
we're
going
to
add
the
secondary
suffix
and
then
for
the
name.
It's
also
mentioned
in
the
dogs
fill
in
the
name
with
the
geo,
the
global
geode
name.
The
value
must
be,
must
always
match
exactly
character
for
character.
So
I'm
just
going
to
copy
the
node
name
from
here
and
use
it
for.
Oh,
not
here,
use
it
for
name,
okay
and
then
save.
B
Cool,
so
it's
still
404
because
we've
just
added
it,
but
once
added
to
the
admin
panel,
the
secondary
instance
will
automatically
start
replicating
some
data.
Meanwhile,
the
primary
start,
25
stream
distance
of
any
changes
immediately.
Okay,
confirm
operational
status.
The
final
step
is
to
verify
that
your
application
status
on
the
secondary
instance
was
fully
configured
via
the
task:
runner
port.
Okay.
So,
let's
see
again
the
name
space
problem
we're
just
going
to
remove
the
namespace
okay,
we
got
the
pod
cube,
ctl
exec,
ti.
B
D
B
A
B
A
A
A
A
Yeah
and
then
I
wrote
also
make
it
clear
that
you
need
to
create
a
secondary
camera,
but
that's
kind
of
implicit
with
what
I
said
already
any
else.
B
Yeah,
we
would
probably
also
want
to
double
check
that
you're
not
named
in
the
database,
but
I
don't
think
that's
needed.
A
And
you
need
that's
the
role,
the
gitlab
rails
options.
B
No,
I
think,
that's
straightforward,
maybe
for
the
secondary
chart.
If
we
want
to
explain
a
bit
more,
that
the
psql.host
should
be
the
address
of
the
secondary
db
and
geo
psql
host
would
be
the
tracking
database.
B
A
A
So
my
I
made
the
call
so
I
would
argue
we
can
maybe
close
this
issue
on
our
billboard
by
fixing
the
documentation,
yeah
yeah,
that's
right
right!
So
if
we
just
put
an
mr
up
on.
A
On
against
those
things
fixing
those
little
things,
then
we
can
review
and
then
we
can
just
once
they're
in
we
can.
We
can
close.