GitLab Self-Managed: Complete DevSecOps Platform Without SaaS 培训

DevSecOps Sovereignty with GitLab

• GitLab CE vs EE vs GitLab.com: feature and control comparison.
• Omnibus architecture and Kubernetes Helm deployment options.
• SaaS lock-in risks and data residency requirements.

Installation and Architecture

• Omnibus installation on Ubuntu with PostgreSQL and Redis.
• GitLab Helm chart on Kubernetes with persistent volumes.
• External services: object storage, SMTP, LDAP.
• Geo replication for multi-region disaster recovery.

Repository and Project Management

• Groups, subgroups, and project hierarchies.
• Merge request workflows, code review, and approval rules.
• Issue boards, epics, and milestones for Agile planning.
• Wiki, snippets, and release management.

CI/CD Pipeline Engineering

• .gitlab-ci.yml syntax, stages, and job dependencies.
• Runner types: shared, group, and specific runners.
• Docker executor, Kubernetes executor, and autoscaling.
• Artifact caching, registry publishing, and deployment stages.

Security Scanning

• SAST, DAST, dependency scanning, and container scanning.
• Secret detection and license compliance.
• Vulnerability dashboards and remediation tracking.

Authentication and Authorization

• LDAP, SAML, and OpenID Connect SSO.
• Two-factor authentication and personal access tokens.
• IP allowlisting and audit event logging.

Registry and Package Management

• Container registry: authentication, cleanup policies, and replication.
• Package registry for Maven, npm, PyPI, and Conan.
• Generic package uploads for internal artifacts.

Monitoring and Scaling

• GitLab Exporter metrics and Grafana dashboards.
• Database tuning and PgBouncer connection pooling.
• Horizontal scaling of web, API, and sidekiq nodes.
• Backup strategies: rake tasks, object storage, and restore verification.