From 88d9564a5cd85087c281a75f5dc997291535886f Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 8 Nov 2017 16:12:58 -0800 Subject: [PATCH 01/10] First WIP commit for the unicorn-chart, Just some very basic config steps. Not currently working yet. --- .../gitlab/charts/omnibus/templates/configmap.yaml | 9 ++++++++- charts/gitlab/charts/omnibus/values.yaml | 3 ++- charts/gitlab/charts/unicorn/values.yaml | 12 ++++++++++-- values.yaml | 3 +++ 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/charts/omnibus/templates/configmap.yaml b/charts/gitlab/charts/omnibus/templates/configmap.yaml index 1e7a7b395d..a07741f721 100644 --- a/charts/gitlab/charts/omnibus/templates/configmap.yaml +++ b/charts/gitlab/charts/omnibus/templates/configmap.yaml @@ -71,14 +71,21 @@ data: postgresql['listen_address'] = '0.0.0.0' postgresql['port'] = {{ .Values.service.ports.psql }} postgresql['shared_buffers'] = {{ .Values.psql.shared_buffers | quote }} - #postgresql['md5_auth_cidr_addresses'] = %w{{ .Values.trusted_proxies }} + postgresql['md5_auth_cidr_addresses'] = %w{{ .Values.trusted_proxies }} postgresql['trust_auth_cidr_addresses'] = ['127.0.0.1/24', '172.16.0.0/12'] + {{- if .Values.psql.sql_user_password }} + postgresql['sql_user_password'] = {{ .Values.psql.sql_user_password | quote }} + {{- end }} ################### # Redis redis['enable'] = {{ .Values.redis.enabled }} redis['bind'] = '0.0.0.0' redis['port'] = {{ .Values.service.ports.redis }} redis['password'] = File.read("/etc/gitlab-redis/password") + redis_exporter['flags'] = { + 'redis.addr' => "redis://{{ default '127.0.0.1' .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", + 'redis.password' => File.read("/etc/gitlab-redis/password") + } ################### # DISABLED SERVICES # registry, pages, mattermost, prometheus diff --git a/charts/gitlab/charts/omnibus/values.yaml b/charts/gitlab/charts/omnibus/values.yaml index ef2ec2cfb0..296e860c43 100644 --- a/charts/gitlab/charts/omnibus/values.yaml +++ b/charts/gitlab/charts/omnibus/values.yaml @@ -43,11 +43,12 @@ redis: psql: enabled: false shared_buffers: "1MB" - # host: '127.0.0.1' + # host: '0.0.0.0' # port: '5432' # database: 'gitlabhq_production' # username: 'gitlab' # password: nil + # sql_user_password: nil shell: enabled: false unicorn: diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index d8a1b4cef3..403af61de3 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -3,8 +3,8 @@ # Declare variables to be passed into your templates. replicaCount: 1 image: - repository: gitlab/unicorn - tag: stable + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn + tag: latest pullPolicy: IfNotPresent service: name: unicorn @@ -12,6 +12,14 @@ service: externalPort: 8080 internalPort: 8080 enabled: false +redis: + #host: '0.0.0.0' + password: + secret: gitlab-redis + key: redis-password +psql: + #host: '0.0.0.0' + #password: nil resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/values.yaml b/values.yaml index 4ac0bd36f6..539c03b5b3 100644 --- a/values.yaml +++ b/values.yaml @@ -15,6 +15,9 @@ nginx: registry: enabled: false +unicorn: + enabled: false + gitlab: omnibus: enabled: false -- GitLab From 7a573cfb2d20929d35135eebda1169507445cba2 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 9 Nov 2017 15:54:12 -0800 Subject: [PATCH 02/10] Add the config files for unicorn Added the database.yml Started on the resque.yml but needs better config support from the container to use the secret from the password --- .../charts/unicorn/templates/_helpers.tpl | 14 ++++++++++ .../charts/unicorn/templates/configmap.yml | 28 +++++++++++++++++++ charts/gitlab/charts/unicorn/values.yaml | 12 +++++--- 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 charts/gitlab/charts/unicorn/templates/configmap.yml diff --git a/charts/gitlab/charts/unicorn/templates/_helpers.tpl b/charts/gitlab/charts/unicorn/templates/_helpers.tpl index f0d83d2edb..bd4e928e94 100644 --- a/charts/gitlab/charts/unicorn/templates/_helpers.tpl +++ b/charts/gitlab/charts/unicorn/templates/_helpers.tpl @@ -14,3 +14,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Return the db hostname +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "unicorn.psql.host" -}} +{{- if .Values.psql.host -}} +{{- .Values.psql.host | quote -}} +{{- else -}} +{{- $name := default "omnibus" .Value.psql.serviceName -}} +{{- printf "%s-%s" .Release.Name $name -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml new file mode 100644 index 0000000000..b55da0c0ce --- /dev/null +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -0,0 +1,28 @@ +{{- if .Values.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} +data: + database.yml: | + production: + adapter: postgresql + encoding: unicode + database: {{ default "gitlabhq_production" .Values.psql.database | quote }} + pool: 10 + username: {{ default "gitlab" .Values.psql.username | quote }} + password: {{ .Values.psql.passsword | quote }} + host: {{ template "unicorn.psql.host" . }} + port: {{ default 5432 .Values.psql.port }} + # load_balancing: + # hosts: + # - host1.example.com + # - host2.example.com + resque.yml.erb: | + production: + # Redis (single instance) + url: redis://:redis-meercat@omnibus:6379 +# Leave this here - This line denotes end of block to the parser. +{- end } diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index 403af61de3..b31da59f51 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -13,13 +13,17 @@ service: internalPort: 8080 enabled: false redis: - #host: '0.0.0.0' - password: + # host: '0.0.0.0' + password: secret: gitlab-redis key: redis-password psql: - #host: '0.0.0.0' - #password: nil + # host: '0.0.0.0' + # serviceName: 'omnibus' + # port: '5432' + # database: 'gitlabhq_production' + # username: 'gitlab' + # password: nil resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little -- GitLab From 1f52e2afac7b68ec67b4c62ca02c6e4571648d59 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Fri, 10 Nov 2017 15:52:55 -0800 Subject: [PATCH 03/10] Finish wiring up the unicorn chart's settings --- .../charts/omnibus/templates/_helpers.tpl | 15 +++++++ .../charts/omnibus/templates/configmap.yaml | 5 ++- charts/gitlab/charts/omnibus/values.yaml | 8 +++- .../charts/unicorn/templates/_helpers.tpl | 16 +++++++- .../charts/unicorn/templates/configmap.yml | 8 ++-- .../charts/unicorn/templates/deployment.yaml | 40 +++++++++++++++---- charts/gitlab/charts/unicorn/values.yaml | 1 + 7 files changed, 76 insertions(+), 17 deletions(-) diff --git a/charts/gitlab/charts/omnibus/templates/_helpers.tpl b/charts/gitlab/charts/omnibus/templates/_helpers.tpl index f0d83d2edb..0e8c8b8888 100644 --- a/charts/gitlab/charts/omnibus/templates/_helpers.tpl +++ b/charts/gitlab/charts/omnibus/templates/_helpers.tpl @@ -14,3 +14,18 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Return the workhorse auth backend +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "workhorse.auth_backend" -}} +{{- $port := coalesce .Values.workhorse.auth_backend.port .Values.service.ports.unicorn 8080 | toString -}} +{{- if .Values.workhorse.auth_backend.host -}} +{{- printf "%s:%s" .Values.workhorse.auth_backend.host $port -}} +{{- else -}} +{{- $name := default "omnibus" .Values.workhorse.auth_backend.serviceName -}} +{{- printf "http://%s-%s:%s" .Release.Name $name $port -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/charts/omnibus/templates/configmap.yaml b/charts/gitlab/charts/omnibus/templates/configmap.yaml index a07741f721..acf5a18d98 100644 --- a/charts/gitlab/charts/omnibus/templates/configmap.yaml +++ b/charts/gitlab/charts/omnibus/templates/configmap.yaml @@ -54,9 +54,10 @@ data: gitlab_workhorse['enable'] = {{ .Values.workhorse.enabled }} gitlab_workhorse['listen_network'] = 'tcp' gitlab_workhorse['listen_addr'] = '0.0.0.0:{{ .Values.service.ports.workhorse }}' - gitlab_workhorse['auth_backend'] = {{ .Values.workhorse.auth_backend | quote }} + gitlab_workhorse['auth_backend'] = '{{ template "workhorse.auth_backend" . }}' ################### # unicorn + unicorn['enable'] = {{ .Values.unicorn.enabled }} unicorn['listen'] = '*' unicorn['port'] = {{ .Values.service.ports.unicorn }} unicorn['worker_timeout'] = {{ .Values.unicorn.worker.timeout }} @@ -83,7 +84,7 @@ data: redis['port'] = {{ .Values.service.ports.redis }} redis['password'] = File.read("/etc/gitlab-redis/password") redis_exporter['flags'] = { - 'redis.addr' => "redis://{{ default '127.0.0.1' .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", + 'redis.addr' => "redis://{{ default "127.0.0.1" .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", 'redis.password' => File.read("/etc/gitlab-redis/password") } ################### diff --git a/charts/gitlab/charts/omnibus/values.yaml b/charts/gitlab/charts/omnibus/values.yaml index 296e860c43..8bbc1cb86f 100644 --- a/charts/gitlab/charts/omnibus/values.yaml +++ b/charts/gitlab/charts/omnibus/values.yaml @@ -12,7 +12,7 @@ service: clusterIP: '0.0.0.0' ports: nginx: 80 - redis: 6397 + redis: 6379 psql: 5432 shell: 22 unicorn: 8080 @@ -59,7 +59,11 @@ unicorn: workhorse: enabled: false # point to Unicorn - auth_backend: "http://0.0.0.0:8080" + auth_backend: + # host: "http://0.0.0.0" + # serviceName: "unicorn" + # port: 8080 + gitaly: enabled: false diff --git a/charts/gitlab/charts/unicorn/templates/_helpers.tpl b/charts/gitlab/charts/unicorn/templates/_helpers.tpl index bd4e928e94..904b57205a 100644 --- a/charts/gitlab/charts/unicorn/templates/_helpers.tpl +++ b/charts/gitlab/charts/unicorn/templates/_helpers.tpl @@ -24,7 +24,21 @@ to the service name {{- if .Values.psql.host -}} {{- .Values.psql.host | quote -}} {{- else -}} -{{- $name := default "omnibus" .Value.psql.serviceName -}} +{{- $name := default "omnibus" .Values.psql.serviceName -}} +{{- printf "%s-%s" .Release.Name $name -}} +{{- end -}} +{{- end -}} + +{{/* +Return the redis hostname +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "unicorn.redis.host" -}} +{{- if .Values.redis.host -}} +{{- .Values.redis.host | quote -}} +{{- else -}} +{{- $name := default "omnibus" .Values.redis.serviceName -}} {{- printf "%s-%s" .Release.Name $name -}} {{- end -}} {{- end -}} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index b55da0c0ce..7c9f25b1c4 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -6,14 +6,14 @@ metadata: labels: app: {{ template "fullname" . }} data: - database.yml: | + database.yml.erb: | production: adapter: postgresql encoding: unicode database: {{ default "gitlabhq_production" .Values.psql.database | quote }} pool: 10 username: {{ default "gitlab" .Values.psql.username | quote }} - password: {{ .Values.psql.passsword | quote }} + password: {{ .Values.psql.password | quote }} host: {{ template "unicorn.psql.host" . }} port: {{ default 5432 .Values.psql.port }} # load_balancing: @@ -23,6 +23,6 @@ data: resque.yml.erb: | production: # Redis (single instance) - url: redis://:redis-meercat@omnibus:6379 + url: redis://:<%= File.read("/etc/gitlab-redis/password") %>@{{ template "unicorn.redis.host" . }}:{{ default 6379 .Values.redis.port }} # Leave this here - This line denotes end of block to the parser. -{- end } +{{- end }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 45af87995d..c9e9816f8a 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ template "name" . }} release: {{ .Release.Name }} + annotations: + checksum/config: {{ .Files.Get "configmap.yml" | sha256sum }} spec: containers: - name: {{ .Chart.Name }} @@ -22,16 +24,38 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} - livenessProbe: - httpGet: - path: / - port: {{ .Values.service.internalPort }} - readinessProbe: - httpGet: - path: / - port: {{ .Values.service.internalPort }} + env: + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/home/git/gitlab/config' + volumeMounts: + - name: unicorn-config + mountPath: '/var/opt/gitlab/templates' + - name: unicorn-redis + mountPath: '/etc/gitlab-redis' + readOnly: true + # livenessProbe: + # httpGet: + # path: / + # port: {{ .Values.service.internalPort }} + # readinessProbe: + # httpGet: + # path: / + # port: {{ .Values.service.internalPort }} resources: {{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unicorn-config + configMap: + name: {{ template "fullname" . }} + - name: unicorn-redis + secret: + secretName: {{ .Values.redis.password.secret }} + items: + - key: {{ .Values.redis.password.key }} + path: password + defaultMode: 0400 {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index b31da59f51..627271777c 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -14,6 +14,7 @@ service: enabled: false redis: # host: '0.0.0.0' + # serviceName: 'omnibus' password: secret: gitlab-redis key: redis-password -- GitLab From e6db7e3cce148b4db5703c07f264253309139003 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 8 Nov 2017 16:12:58 -0800 Subject: [PATCH 04/10] First WIP commit for the unicorn-chart, Just some very basic config steps. Not currently working yet. --- .../gitlab/charts/omnibus/templates/configmap.yaml | 9 ++++++++- charts/gitlab/charts/omnibus/values.yaml | 3 ++- charts/gitlab/charts/unicorn/values.yaml | 12 ++++++++++-- values.yaml | 3 +++ 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/charts/omnibus/templates/configmap.yaml b/charts/gitlab/charts/omnibus/templates/configmap.yaml index 1e7a7b395d..a07741f721 100644 --- a/charts/gitlab/charts/omnibus/templates/configmap.yaml +++ b/charts/gitlab/charts/omnibus/templates/configmap.yaml @@ -71,14 +71,21 @@ data: postgresql['listen_address'] = '0.0.0.0' postgresql['port'] = {{ .Values.service.ports.psql }} postgresql['shared_buffers'] = {{ .Values.psql.shared_buffers | quote }} - #postgresql['md5_auth_cidr_addresses'] = %w{{ .Values.trusted_proxies }} + postgresql['md5_auth_cidr_addresses'] = %w{{ .Values.trusted_proxies }} postgresql['trust_auth_cidr_addresses'] = ['127.0.0.1/24', '172.16.0.0/12'] + {{- if .Values.psql.sql_user_password }} + postgresql['sql_user_password'] = {{ .Values.psql.sql_user_password | quote }} + {{- end }} ################### # Redis redis['enable'] = {{ .Values.redis.enabled }} redis['bind'] = '0.0.0.0' redis['port'] = {{ .Values.service.ports.redis }} redis['password'] = File.read("/etc/gitlab-redis/password") + redis_exporter['flags'] = { + 'redis.addr' => "redis://{{ default '127.0.0.1' .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", + 'redis.password' => File.read("/etc/gitlab-redis/password") + } ################### # DISABLED SERVICES # registry, pages, mattermost, prometheus diff --git a/charts/gitlab/charts/omnibus/values.yaml b/charts/gitlab/charts/omnibus/values.yaml index fc962fcbf6..25168aa9c4 100644 --- a/charts/gitlab/charts/omnibus/values.yaml +++ b/charts/gitlab/charts/omnibus/values.yaml @@ -43,11 +43,12 @@ redis: psql: enabled: false shared_buffers: "1MB" - # host: '127.0.0.1' + # host: '0.0.0.0' # port: '5432' # database: 'gitlabhq_production' # username: 'gitlab' # password: nil + # sql_user_password: nil shell: enabled: false unicorn: diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index d8a1b4cef3..403af61de3 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -3,8 +3,8 @@ # Declare variables to be passed into your templates. replicaCount: 1 image: - repository: gitlab/unicorn - tag: stable + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn + tag: latest pullPolicy: IfNotPresent service: name: unicorn @@ -12,6 +12,14 @@ service: externalPort: 8080 internalPort: 8080 enabled: false +redis: + #host: '0.0.0.0' + password: + secret: gitlab-redis + key: redis-password +psql: + #host: '0.0.0.0' + #password: nil resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/values.yaml b/values.yaml index 4ac0bd36f6..539c03b5b3 100644 --- a/values.yaml +++ b/values.yaml @@ -15,6 +15,9 @@ nginx: registry: enabled: false +unicorn: + enabled: false + gitlab: omnibus: enabled: false -- GitLab From efae316eb41f4bcfd85ee1761ff9779aa8186914 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 9 Nov 2017 15:54:12 -0800 Subject: [PATCH 05/10] Add the config files for unicorn Added the database.yml Started on the resque.yml but needs better config support from the container to use the secret from the password --- .../charts/unicorn/templates/_helpers.tpl | 14 ++++++++++ .../charts/unicorn/templates/configmap.yml | 28 +++++++++++++++++++ charts/gitlab/charts/unicorn/values.yaml | 12 +++++--- 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 charts/gitlab/charts/unicorn/templates/configmap.yml diff --git a/charts/gitlab/charts/unicorn/templates/_helpers.tpl b/charts/gitlab/charts/unicorn/templates/_helpers.tpl index f0d83d2edb..bd4e928e94 100644 --- a/charts/gitlab/charts/unicorn/templates/_helpers.tpl +++ b/charts/gitlab/charts/unicorn/templates/_helpers.tpl @@ -14,3 +14,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Return the db hostname +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "unicorn.psql.host" -}} +{{- if .Values.psql.host -}} +{{- .Values.psql.host | quote -}} +{{- else -}} +{{- $name := default "omnibus" .Value.psql.serviceName -}} +{{- printf "%s-%s" .Release.Name $name -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml new file mode 100644 index 0000000000..b55da0c0ce --- /dev/null +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -0,0 +1,28 @@ +{{- if .Values.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} +data: + database.yml: | + production: + adapter: postgresql + encoding: unicode + database: {{ default "gitlabhq_production" .Values.psql.database | quote }} + pool: 10 + username: {{ default "gitlab" .Values.psql.username | quote }} + password: {{ .Values.psql.passsword | quote }} + host: {{ template "unicorn.psql.host" . }} + port: {{ default 5432 .Values.psql.port }} + # load_balancing: + # hosts: + # - host1.example.com + # - host2.example.com + resque.yml.erb: | + production: + # Redis (single instance) + url: redis://:redis-meercat@omnibus:6379 +# Leave this here - This line denotes end of block to the parser. +{- end } diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index 403af61de3..b31da59f51 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -13,13 +13,17 @@ service: internalPort: 8080 enabled: false redis: - #host: '0.0.0.0' - password: + # host: '0.0.0.0' + password: secret: gitlab-redis key: redis-password psql: - #host: '0.0.0.0' - #password: nil + # host: '0.0.0.0' + # serviceName: 'omnibus' + # port: '5432' + # database: 'gitlabhq_production' + # username: 'gitlab' + # password: nil resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little -- GitLab From 149e0b20cf8271112db35d44f371d696483629ed Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Fri, 10 Nov 2017 15:52:55 -0800 Subject: [PATCH 06/10] Finish wiring up the unicorn chart's settings --- .../charts/omnibus/templates/_helpers.tpl | 15 +++++++ .../charts/omnibus/templates/configmap.yaml | 5 ++- charts/gitlab/charts/omnibus/values.yaml | 8 +++- .../charts/unicorn/templates/_helpers.tpl | 16 +++++++- .../charts/unicorn/templates/configmap.yml | 8 ++-- .../charts/unicorn/templates/deployment.yaml | 40 +++++++++++++++---- charts/gitlab/charts/unicorn/values.yaml | 1 + 7 files changed, 76 insertions(+), 17 deletions(-) diff --git a/charts/gitlab/charts/omnibus/templates/_helpers.tpl b/charts/gitlab/charts/omnibus/templates/_helpers.tpl index f0d83d2edb..0e8c8b8888 100644 --- a/charts/gitlab/charts/omnibus/templates/_helpers.tpl +++ b/charts/gitlab/charts/omnibus/templates/_helpers.tpl @@ -14,3 +14,18 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Return the workhorse auth backend +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "workhorse.auth_backend" -}} +{{- $port := coalesce .Values.workhorse.auth_backend.port .Values.service.ports.unicorn 8080 | toString -}} +{{- if .Values.workhorse.auth_backend.host -}} +{{- printf "%s:%s" .Values.workhorse.auth_backend.host $port -}} +{{- else -}} +{{- $name := default "omnibus" .Values.workhorse.auth_backend.serviceName -}} +{{- printf "http://%s-%s:%s" .Release.Name $name $port -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/charts/omnibus/templates/configmap.yaml b/charts/gitlab/charts/omnibus/templates/configmap.yaml index a07741f721..acf5a18d98 100644 --- a/charts/gitlab/charts/omnibus/templates/configmap.yaml +++ b/charts/gitlab/charts/omnibus/templates/configmap.yaml @@ -54,9 +54,10 @@ data: gitlab_workhorse['enable'] = {{ .Values.workhorse.enabled }} gitlab_workhorse['listen_network'] = 'tcp' gitlab_workhorse['listen_addr'] = '0.0.0.0:{{ .Values.service.ports.workhorse }}' - gitlab_workhorse['auth_backend'] = {{ .Values.workhorse.auth_backend | quote }} + gitlab_workhorse['auth_backend'] = '{{ template "workhorse.auth_backend" . }}' ################### # unicorn + unicorn['enable'] = {{ .Values.unicorn.enabled }} unicorn['listen'] = '*' unicorn['port'] = {{ .Values.service.ports.unicorn }} unicorn['worker_timeout'] = {{ .Values.unicorn.worker.timeout }} @@ -83,7 +84,7 @@ data: redis['port'] = {{ .Values.service.ports.redis }} redis['password'] = File.read("/etc/gitlab-redis/password") redis_exporter['flags'] = { - 'redis.addr' => "redis://{{ default '127.0.0.1' .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", + 'redis.addr' => "redis://{{ default "127.0.0.1" .Values.redis.host }}:{{ default .Values.service.ports.redis .Values.redis.port }}", 'redis.password' => File.read("/etc/gitlab-redis/password") } ################### diff --git a/charts/gitlab/charts/omnibus/values.yaml b/charts/gitlab/charts/omnibus/values.yaml index 25168aa9c4..a81fc287c6 100644 --- a/charts/gitlab/charts/omnibus/values.yaml +++ b/charts/gitlab/charts/omnibus/values.yaml @@ -12,7 +12,7 @@ service: clusterIP: '0.0.0.0' ports: nginx: 80 - redis: 6397 + redis: 6379 psql: 5432 shell: 22 unicorn: 8080 @@ -59,7 +59,11 @@ unicorn: workhorse: enabled: false # point to Unicorn - auth_backend: "http://0.0.0.0:8080" + auth_backend: + # host: "http://0.0.0.0" + # serviceName: "unicorn" + # port: 8080 + gitaly: enabled: false diff --git a/charts/gitlab/charts/unicorn/templates/_helpers.tpl b/charts/gitlab/charts/unicorn/templates/_helpers.tpl index bd4e928e94..904b57205a 100644 --- a/charts/gitlab/charts/unicorn/templates/_helpers.tpl +++ b/charts/gitlab/charts/unicorn/templates/_helpers.tpl @@ -24,7 +24,21 @@ to the service name {{- if .Values.psql.host -}} {{- .Values.psql.host | quote -}} {{- else -}} -{{- $name := default "omnibus" .Value.psql.serviceName -}} +{{- $name := default "omnibus" .Values.psql.serviceName -}} +{{- printf "%s-%s" .Release.Name $name -}} +{{- end -}} +{{- end -}} + +{{/* +Return the redis hostname +If the postgresql host is provided, it will use that, otherwise it will fallback +to the service name +*/}} +{{- define "unicorn.redis.host" -}} +{{- if .Values.redis.host -}} +{{- .Values.redis.host | quote -}} +{{- else -}} +{{- $name := default "omnibus" .Values.redis.serviceName -}} {{- printf "%s-%s" .Release.Name $name -}} {{- end -}} {{- end -}} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index b55da0c0ce..7c9f25b1c4 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -6,14 +6,14 @@ metadata: labels: app: {{ template "fullname" . }} data: - database.yml: | + database.yml.erb: | production: adapter: postgresql encoding: unicode database: {{ default "gitlabhq_production" .Values.psql.database | quote }} pool: 10 username: {{ default "gitlab" .Values.psql.username | quote }} - password: {{ .Values.psql.passsword | quote }} + password: {{ .Values.psql.password | quote }} host: {{ template "unicorn.psql.host" . }} port: {{ default 5432 .Values.psql.port }} # load_balancing: @@ -23,6 +23,6 @@ data: resque.yml.erb: | production: # Redis (single instance) - url: redis://:redis-meercat@omnibus:6379 + url: redis://:<%= File.read("/etc/gitlab-redis/password") %>@{{ template "unicorn.redis.host" . }}:{{ default 6379 .Values.redis.port }} # Leave this here - This line denotes end of block to the parser. -{- end } +{{- end }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 45af87995d..c9e9816f8a 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ template "name" . }} release: {{ .Release.Name }} + annotations: + checksum/config: {{ .Files.Get "configmap.yml" | sha256sum }} spec: containers: - name: {{ .Chart.Name }} @@ -22,16 +24,38 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} - livenessProbe: - httpGet: - path: / - port: {{ .Values.service.internalPort }} - readinessProbe: - httpGet: - path: / - port: {{ .Values.service.internalPort }} + env: + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/home/git/gitlab/config' + volumeMounts: + - name: unicorn-config + mountPath: '/var/opt/gitlab/templates' + - name: unicorn-redis + mountPath: '/etc/gitlab-redis' + readOnly: true + # livenessProbe: + # httpGet: + # path: / + # port: {{ .Values.service.internalPort }} + # readinessProbe: + # httpGet: + # path: / + # port: {{ .Values.service.internalPort }} resources: {{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unicorn-config + configMap: + name: {{ template "fullname" . }} + - name: unicorn-redis + secret: + secretName: {{ .Values.redis.password.secret }} + items: + - key: {{ .Values.redis.password.key }} + path: password + defaultMode: 0400 {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index b31da59f51..627271777c 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -14,6 +14,7 @@ service: enabled: false redis: # host: '0.0.0.0' + # serviceName: 'omnibus' password: secret: gitlab-redis key: redis-password -- GitLab From a823f101285c22174d4ddd6e442eaed8ec0837d7 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 14 Nov 2017 08:30:37 -0500 Subject: [PATCH 07/10] Update CI with needs of Unicorn chart Currently, making use of two entirely bogus hard coded passwords. TODO @twk3 : use secrets for all passwords, remove them from CI. --- .gitlab-ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 07cf909e51..c9eac413f8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -254,14 +254,23 @@ production: --set registry.registry.tokenIssuer="omnibus-gitlab-issuer" \ --set registry.registry.certBundle.secretName="gitlab-registry" \ --set registry.registry.certBundle.bundleName="registry-auth.crt" \ + --set unicorn.enabled=true \ + --set unicorn.redis.password.secret=gitlab-redis \ + --set unicorn.redis.password.key=redis-password \ + --set unicorn.psql.serviceName=omnibus \ + --set unicorn.psql.password=d3adb33f \ --set gitlab.omnibus.enabled=true \ --set gitlab.omnibus.service.type=NodePort \ --set gitlab.omnibus.external_url="https://gitlab$DOMAIN" \ --set gitlab.omnibus.initial_root_password="$ROOT_PASSWORD" \ + --set gitlab.omnibus.unicorn.enabled=false \ + --set gitlab.omnibus.workhorse.auth_backend.serviceName=unicorn \ --set gitlab.omnibus.redis.enabled=true \ --set gitlab.omnibus.redis.password.secret=gitlab-redis \ --set gitlab.omnibus.redis.password.key=redis-password \ --set gitlab.omnibus.psql.enabled=true \ + --set gitlab.omnibus.psql.password=d3adb33f \ + --set gitlab.omnibus.psql.sql_user_password=b33fc4ke \ --set gitlab.omnibus.registry.host="registry$DOMAIN" \ --set gitlab.omnibus.registry.port=443 \ --set gitlab.omnibus.registry.secret=gitlab-registry \ -- GitLab From 493b0a03190fe02c2ff3304fcd824720daa2a0e2 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 14 Nov 2017 09:52:17 -0500 Subject: [PATCH 08/10] Fix parameters for gitlab.unicorn --- .gitlab-ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c9eac413f8..0893e2f683 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -254,11 +254,11 @@ production: --set registry.registry.tokenIssuer="omnibus-gitlab-issuer" \ --set registry.registry.certBundle.secretName="gitlab-registry" \ --set registry.registry.certBundle.bundleName="registry-auth.crt" \ - --set unicorn.enabled=true \ - --set unicorn.redis.password.secret=gitlab-redis \ - --set unicorn.redis.password.key=redis-password \ - --set unicorn.psql.serviceName=omnibus \ - --set unicorn.psql.password=d3adb33f \ + --set gitlab.unicorn.enabled=true \ + --set gitlab.unicorn.redis.password.secret=gitlab-redis \ + --set gitlab.unicorn.redis.password.key=redis-password \ + --set gitlab.unicorn.psql.serviceName=omnibus \ + --set gitlab.unicorn.psql.password=d3adb33f \ --set gitlab.omnibus.enabled=true \ --set gitlab.omnibus.service.type=NodePort \ --set gitlab.omnibus.external_url="https://gitlab$DOMAIN" \ -- GitLab From 9647170e5750229942706937835c846b8dc034b4 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 14 Nov 2017 11:01:05 -0500 Subject: [PATCH 09/10] CI Update sql_user_password to correct md5 format --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0893e2f683..3f13ebe5d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -270,7 +270,7 @@ production: --set gitlab.omnibus.redis.password.key=redis-password \ --set gitlab.omnibus.psql.enabled=true \ --set gitlab.omnibus.psql.password=d3adb33f \ - --set gitlab.omnibus.psql.sql_user_password=b33fc4ke \ + --set gitlab.omnibus.psql.sql_user_password=bb4564b590a56552ada62d8bb338f554 \ --set gitlab.omnibus.registry.host="registry$DOMAIN" \ --set gitlab.omnibus.registry.port=443 \ --set gitlab.omnibus.registry.secret=gitlab-registry \ -- GitLab From dd7b2a762ae2f63f095ec1b9e725b6640aebe9be Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Mon, 20 Nov 2017 19:32:20 -0800 Subject: [PATCH 10/10] Add workhorse configuration to the unicorn chart --- charts/gitlab/charts/omnibus/values.yaml | 2 +- charts/gitlab/charts/unicorn/templates/configmap.yml | 4 ++++ charts/gitlab/charts/unicorn/templates/deployment.yaml | 5 ++++- charts/gitlab/charts/unicorn/templates/service.yaml | 4 ++++ charts/gitlab/charts/unicorn/values.yaml | 3 +++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/omnibus/values.yaml b/charts/gitlab/charts/omnibus/values.yaml index a81fc287c6..aee3c43cfd 100644 --- a/charts/gitlab/charts/omnibus/values.yaml +++ b/charts/gitlab/charts/omnibus/values.yaml @@ -59,7 +59,7 @@ unicorn: workhorse: enabled: false # point to Unicorn - auth_backend: + auth_backend: {} # host: "http://0.0.0.0" # serviceName: "unicorn" # port: 8080 diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 7c9f25b1c4..cace5e0fe0 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -24,5 +24,9 @@ data: production: # Redis (single instance) url: redis://:<%= File.read("/etc/gitlab-redis/password") %>@{{ template "unicorn.redis.host" . }}:{{ default 6379 .Values.redis.port }} + workhorse-config.toml.erb: | + [redis] + URL = "tcp://{{ template "unicorn.redis.host" . }}:{{ default 6379 .Values.redis.port }}" + Password = "<%= File.read("/etc/gitlab-redis/password") %>" # Leave this here - This line denotes end of block to the parser. {{- end }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index c9e9816f8a..faaca8dc20 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -24,11 +24,14 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.workhorseInternalPort }} env: - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY - value: '/home/git/gitlab/config' + value: '/var/opt/gitlab/config/gitlab/' + - name: GITLAB_HOST + value: {{ .Values.gitlab_host }} volumeMounts: - name: unicorn-config mountPath: '/var/opt/gitlab/templates' diff --git a/charts/gitlab/charts/unicorn/templates/service.yaml b/charts/gitlab/charts/unicorn/templates/service.yaml index 05d087a57c..2162fa48fe 100644 --- a/charts/gitlab/charts/unicorn/templates/service.yaml +++ b/charts/gitlab/charts/unicorn/templates/service.yaml @@ -15,6 +15,10 @@ spec: targetPort: {{ .Values.service.internalPort }} protocol: TCP name: {{ .Values.service.name }} + - port: {{ .Values.service.workhorseExternalPort }} + targetPort: {{ .Values.service.workhorseInternalPort }} + protocol: TCP + name: workhorse selector: app: {{ template "name" . }} release: {{ .Release.Name }} diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index 627271777c..3d1d3b2bbc 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -11,7 +11,10 @@ service: type: ClusterIP externalPort: 8080 internalPort: 8080 + workhorseExternalPort: 8181 + workhorseInternalPort: 8181 enabled: false +gitlab_host: localhost redis: # host: '0.0.0.0' # serviceName: 'omnibus' -- GitLab