From 267b12c8e1a48bab33915cf357f66a7400617347 Mon Sep 17 00:00:00 2001 From: Darwin Sanoy Date: Mon, 20 Sep 2021 13:05:20 -0400 Subject: [PATCH 001/253] Applying DRY to Upgrade Information --- doc/index.md | 17 +---------------- doc/installation/upgrade.md | 5 +++++ 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/doc/index.md b/doc/index.md index b81449a64f..98ac93dd53 100644 --- a/doc/index.md +++ b/doc/index.md @@ -94,22 +94,7 @@ the amount of context we're comfortable placing here. Please see our (nearly) ## Upgrading -Once your GitLab Chart is installed, configuration changes and chart updates -should be done using `helm upgrade`: - -```shell -helm repo add gitlab https://charts.gitlab.io/ -helm repo update -helm get values gitlab > gitlab.yaml -helm upgrade gitlab gitlab/gitlab -f gitlab.yaml -``` - -For more detailed information see [Upgrading](installation/upgrade.md). - -NOTE: -**Zero-downtime upgrades** are not available with the GitLab charts. -Ongoing work to support this feature can be tracked via -[the GitLab Operator issue](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/59). +Please see [Upgrading](installation/upgrade.md). ## Uninstall diff --git a/doc/installation/upgrade.md b/doc/installation/upgrade.md index e7904699ee..b2850ebd50 100644 --- a/doc/installation/upgrade.md +++ b/doc/installation/upgrade.md @@ -12,6 +12,11 @@ corresponding to the specific release you want to upgrade to and look for any [release notes](../releases/index.md) that might pertain to the new GitLab chart version. +NOTE: +**Zero-downtime upgrades** are not available with the GitLab charts. +Ongoing work to support this feature can be tracked via +[the GitLab Operator issue](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/59). + WARNING: If you are upgrading from the `4.x` version of the chart to the latest `5.0` release, you need to first update to the latest `4.12.x` patch release in order for the upgrade to work. -- GitLab From b16b18aa942627820ef3435b708ba6dffcf4bc35 Mon Sep 17 00:00:00 2001 From: Dilan Orrino Date: Wed, 22 Sep 2021 08:54:18 +0000 Subject: [PATCH 002/253] Update Operator installation and OpenShift docs --- doc/installation/cloud/openshift.md | 118 ++++++++++++++++++- doc/installation/index.md | 2 +- doc/installation/operator.md | 168 +++++++++++++++++++++++++++- 3 files changed, 277 insertions(+), 11 deletions(-) diff --git a/doc/installation/cloud/openshift.md b/doc/installation/cloud/openshift.md index 832dac98a9..3d67951b4f 100644 --- a/doc/installation/cloud/openshift.md +++ b/doc/installation/cloud/openshift.md @@ -4,12 +4,120 @@ group: Distribution info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# Installing GitLab on OKD (OpenShift Origin) **(FREE SELF)** +# OpenShift cluster setup -## Deprecation +This document walks you through using the automation scripts in this project to create an OpenShift cluster in Google Cloud. -Currently GitLab does not target or provide support for OpenShift Installations. We have extensive and verbose documentation around Kubernetes and Omnibus. However, due to OpenShift's increased security restrictions we do not currently target or support it. +## Preparation -Work is being done to rectify this, This work can be tracked [in this epic](https://gitlab.com/groups/gitlab-org/-/epics/2068). +First, you should have a Red Hat account associated with your GitLab email. +Contact our Red Hat Alliance liason; they will arrange to send you an account invitation email. Once you activate your Red Hat account, you will have access the to licenses and subscriptions needed to run OpenShift. -As soon as we finish the engineering work to provide support for OpenShift we'll revise this document with new installation procedures. +To launch a cluster in Google Cloud, a public Cloud DNS zone must be connected to a registered domain and configured in Google Cloud DNS. If a domain is not already available, follow the steps [in this guide](https://github.com/openshift/installer/blob/master/docs/user/gcp/dns.md) to create one. + +### Get the CLI tools and Pull Secret + +Two CLI tools are required to create an OpenShift cluster (`openshift-install`) and then interact with the cluster (`oc`). + +A pull secret is required to fetch images from Red Hat's private Docker registry. +Every developer has a different pull secret associated with their Red Hat account. + +To get the CLI tools and your pull secret, go to [Red Hat's cloud](https://cloud.redhat.com/openshift/install/gcp/installer-provisioned) and log in with your Red Hat account. +On this page, download the latest version of the installer and command-line tools with the links provided. Extract these packages and place `openshift-install` and `oc` in your `PATH`. + +Copy the pull secret to your clipboard and write the content to a file `pull_secret` in the root of this repository. This file is gitignored. + +### Create a Google Cloud (GCP) Service Account + +Follow [these instructions](https://docs.openshift.com/container-platform/4.6/installing/installing_gcp/installing-gcp-account.html#installation-gcp-service-account_installing-gcp-account) to create a Service Account in the Google Cloud `cloud-native` project. Attach all roles marked as Required in that document. +Once the Service Account is created, generate a JSON key and save it as `gcloud.json` in the root of this repository. This file is gitignored. + +## Create your OpenShift cluster + +To create the OpenShift cluster: + +1. Clone the GitLab Operator respository: + + ```shell + git clone https://gitlab.com/gitlab-org/cloud-native/gitlab-operator.git + ``` + +1. Run the script to create the OpenShift cluster in Google Cloud: + + ```shell + cd gitlab-operator + ./scripts/create_openshift_cluster.sh + ``` + +This will be a 6 node cluster with 3 control plane (master) nodes and 3 worker nodes. +The process takes around 40 minutes. Follow the instructions at the end of the +console output to connect to the cluster. + +Once created, you should be able to see your cluster registered in +[Red Hat cloud](https://cloud.redhat.com/openshift/). All installation logs and +metadata will be stored in the `install-$CLUSTER_NAME/` directory in this repository. +This directory is gitignored. + +### Configuration options + +Configuration can be applied during runtime by setting environment variables. +All options have defaults, so no options are required. + +|Variable|Description|Default| +|-|-|-| +|`CLUSTER_NAME`|Name of cluster|`ocp-$USER`| +|`BASE_DOMAIN`|Root domain for cluster|`k8s-ft.win`| +|`GCP_PROJECT_ID`|Google Cloud project ID|`cloud-native-182609`| +|`GCP_REGION`|Google Cloud region for cluster|`us-central1`| +|`GOOGLE_APPLICATION_CREDENTIALS`|Path to Google Cloud service account JSON file|`gcloud.json`| +|`GOOGLE_CREDENTIALS`|Content of Google Cloud service account JSON file|Content of `$GOOGLE_APPLICATION_CREDENTIALS`| +|`PULL_SECRET_FILE`|Path to Red Hat pull secret file|`pull_secret`| +|`PULL_SECRET`|Content of Red Hat pull secret file|Content of `$PULL_SECRET_FILE`| +|`SSH_PUBLIC_KEY_FILE`|Path to SSH public key file|`$HOME/.ssh/id_rsa.pub`| +|`SSH_PUBLIC_KEY`|Content of SSH public key file|Content of `$SSH_PUBLIC_KEY_FILE`| +|`LOG_LEVEL`|Verbosity of `openshift-install` output|`info`| +|`INSTALL_DIR`|Directory for install assets, useful for launching multiple clusters|`install-$CLUSTER_NAME`| + +NOTE: +The variables `CLUSTER_NAME` and `BASE_DOMAIN` are combined to build the domain name for the cluster. + +## Destroy your OpenShift cluster + +To destroy the OpenShift cluster: + +1. Clone the GitLab Operator respository: + + ```shell + git clone https://gitlab.com/gitlab-org/cloud-native/gitlab-operator.git + ``` + +1. Run the script to destroy the OpenShift cluster in Google Cloud. This takes + around 4 minutes: + + ```shell + cd gitlab-operator + ./scripts/destroy_openshift_cluster.sh + ``` + +Configuration can be applied during runtime by setting the following environment +variables. All options have defaults, no options are required. + +|Variable|Description|Default| +|-|-|-| +|`GOOGLE_APPLICATION_CREDENTIALS`|Path to Google Cloud service account JSON file|`gcloud.json`| +|`GOOGLE_CREDENTIALS`|Content of Google Cloud service account JSON file|Content of `$GOOGLE_APPLICATION_CREDENTIALS`| +|`LOG_LEVEL`|Verbosity of `openshift-install` output|`info`| +|`INSTALL_DIR`|Directory for install assets, useful for launching multiple clusters|`install-$CLUSTER_NAME`| + +## Next steps + +When the cluster is up and running, you can continue [installing GitLab](../operator.md). + +## Resources + +- [`openshift-installer` source code](https://github.com/openshift/installer) +- [`oc` source code](https://github.com/openshift/oc) +- [`openshift-installer` and `oc` packages](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/) +- [OpenShift Container Project (OCP) architecture docs](https://access.redhat.com/documentation/en-us/openshift_container_platform/latest/html/architecture/architecture) +- [OpenShift GCP docs](https://docs.openshift.com/container-platform/latest/installing/installing_gcp/installing-gcp-account.html) +- [OpenShift troubleshooting guide](https://docs.openshift.com/container-platform/latest/support/troubleshooting/troubleshooting-installations.html) diff --git a/doc/installation/index.md b/doc/installation/index.md index a7fcf9de78..78405292e1 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -44,7 +44,7 @@ choice: - [Amazon EKS](cloud/eks.md) - [Azure Kubernetes Service](cloud/aks.md) - [Google Kubernetes Engine](cloud/gke.md) -- [OpenShift Origin](cloud/openshift.md) +- [OpenShift](cloud/openshift.md) - [Oracle Container Engine for Kubernetes](cloud/oke.md) - VMware Tanzu - Documentation to be added. - On-Premises solutions - Documentation to be added. diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 7077796478..685d3bb76e 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -11,15 +11,173 @@ for managing the lifecycle and upgrades of a GitLab instance. The GitLab Operato stages of cloud-native GitLab installation/upgrade procedures. Using the Operator provides the ability to perform rolling upgrades with minmal down time. The first goal is to support OpenShift, the subsequent goal will be for automation of day 2 operations like upgrades as noted. -A GitLab Operator is now available in Beta. More information can be found in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/5486), and the documentation can be found in the [GitLab Operator](https://gitlab.com/gitlab-org/gl-openshift/gitlab-operator/-/tree/master/doc) project. +The Operator offers the benefit of Day 2 operators to the GitLab installation, there are many automation benefits to utilizing the Operator vs Helm. The Operator utilizes the Helm Chart but the Operator will continously run making upgrading, backups, and more, automatic. -The GitLab Operator aims to manage the full lifecycle of GitLab instances in your Kubernetes or OpenShift container platforms. -While new and still actively being developed, the operator aims to: +The GitLab Operator aims to: -- Ease installation and configuration of GitLab instances. +- Manage the full lifecycle of GitLab instances in your OpenShift container platforms. +- Ease the installation and configuration of GitLab instances. - Offer seamless upgrades from version to version. - Ease backup and restore of GitLab and its components. - Aggregate and visualize metrics using Prometheus and Grafana. - Set up auto-scaling. -Additionally, a [GitLab Runner-specific Operator](https://docs.gitlab.com/runner/install/openshift.html) is generally available, allowing users to easily run GitLab CI jobs in OpenShift. +The GitLab Operator does not include the GitLab Runner. For more inforation, see +the [GitLab Runner Operator repository](https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator). + +## Known limitations + +Below are the known limitations of the GitLab Operator: + +- Multiple instances of Webservice not supported on OpenShift. The Ingresses + report "All hosts are taken by other resources" when using NGINX Ingress Operator. + See issue [#160](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/160). +- Certain components not supported: + - Praefect: see issue [#136](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/136) + - KAS: see issue [#139](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/139) + +## Prerequisites + +Before you install GitLab with GitLab Operator, you must: + +1. Create or use an existing Kubernetes or OpenShift cluster: + - **Kubernetes:** To create a traditional Kubernetes cluster, consider using + the [official tooling](https://kubernetes.io/docs/tasks/tools/) or your + preferred method of installation. + - **OpenShift:** To create an OpenShift cluster, see the [OpenShift cluster setup docs](cloud/openshift.md). +1. Install the following services and software: + - **Ingress controller** + + An Ingress controller is required to provide external access to the application and secure communication between components. + The GitLab Operator will deploy our [forked NGINX chart from the GitLab Helm Chart](../charts/nginx/index.md) by default. + If you prefer to use an external Ingress controller, we recommend [NGINX Ingress](https://kubernetes.github.io/ingress-nginx/deploy/) by the Kubernetes community to deploy an Ingress Controller. Follow the relevant instructions in the link based on your platform and preferred tooling. Take note of the Ingress class value for later (it typically defaults to `nginx`). + + When configuring the GitLab custom resource (CR), be sure to set `nginx-ingress.enabled=false` to disable the NGINX objects from the GitLab Helm Chart. + + - **Certificate manager** + + For the TLS certificates, we recommend [Cert Manager](https://cert-manager.io/docs/installation/) + to create certificates used to secure the GitLab and Registry URLs. Follow + the relevant instructions in the link based on your platform and preferred tooling. + + - **Metrics server** + + - Kubernetes: Install the [metrics server](https://github.com/kubernetes-sigs/metrics-server#installation) so the HorizontalPodAutoscalers can retrieve pod metrics. + - OpenShift: OpenShift ships with [Prometheus Adapter](https://docs.openshift.com/container-platform/4.6/monitoring/understanding-the-monitoring-stack.html#default-monitoring-components_understanding-the-monitoring-stack) by default, so there is no manual action required here. + +1. Configure the Domain Name services: + + You will need an internet-accessible domain to which you can add a DNS record. + See our [networking and DNS documentation](deployment.md#networking-and-dns) + for more details on connecting your domain to the GitLab components. You will + use the configuration mentioned in this section when defining your GitLab + custom resource (CR). + +## Install the GitLab Operator + +This document describes how to deploy the GitLab Operator via manifests in your +Kubernetes or OpenShift cluster. + +If using OpenShift, these steps normally are handled by the Operator Lifecycle +Manager (OLM) once an operator is bundle published. However, to test the most +recent operator images, users may need to install the operator using the +deployment manifests available in the +[operator repository](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tree/master). + +1. Deploy the GitLab Operator: + + ```shell + GL_OPERATOR_VERSION=0.0.1 + kubectl create namespace gitlab-system + kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml + ``` + + NOTE: + `18899486` is the ID of the + [GitLab Operator project](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator). + + This command first deploys the service accounts, roles and role bindings used by the operator, and then the operator itself. + + By default, the Operator will only watch the namespace where it is deployed. + If you'd like it to watch at the cluster scope, modify + [`kustomization.yaml`](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tree/master/config/manager/kustomization.yaml) + by commenting out the `namesapce_scope.yaml` patch. + +1. Create a GitLab custom resource (CR), by creating a new YAML file (for example + named `mygitlab.yaml`). Here is an example of the content to put in + this file: + + ```yaml + apiVersion: apps.gitlab.com/v1beta1 + kind: GitLab + metadata: + name: example + spec: + chart: + version: "X.Y.Z" # select a version from the CHART_VERSIONS file in the root of this project + values: + global: + hosts: + domain: example.com # use a real domain here + ingress: + configureCertmanager: true + certmanager-issuer: + email: youremail@example.com # use your real email address here + ``` + + For more details on configuration options to use under `spec.chart.values`, + see the [GitLab Helm Chart documentation](../charts/globals.md). + +1. Deploy a GitLab instance using your new GitLab CR: + + ```shell + kubectl -n gitlab-system apply -f mygitlab.yaml + ``` + + This command sends your GitLab CR up to the cluster for the GitLab Operator + to reconcile. You can watch the progress by tailing the logs from the controller pod: + + ```shell + kubectl -n gitlab-system logs deployment/gitlab-controller-manager -c manager -f + ``` + + You can also list GitLab resources and check their status: + + ```shell + kubectl get gitlabs -n gitlab-system + ``` + + When the CR is reconciled (the status of the GitLab resource will be `RUNNING`), + you can access GitLab in your browser at the domain you set up in the custom + resource. + +## Uninstall the GitLab Operator + +Items to note prior to uninstalling the Operator: + +- The operator does not delete the Persistent Volume Claims or Secrets when a + GitLab instance is deleted. +- When deleting the Operator, the namespace where it's installed + (`gitlab-system` by default) will not be deleted automatically. This is to + ensure persistent volumes are not lost unintentionally. + +To remove the GitLab Operator and its associated resources: + +1. Uninstall the GitLab instance: + + ```shell + kubectl -n gitlab-system delete -f mygitlab.yaml + ``` + + This will remove the GitLab instance, and all associated objects except for + PVCs as noted above. + +1. Uninstall the GitLab Operator + + ```shell + GL_OPERATOR_VERSION=0.0.1 + kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml + ``` + + This will delete the Operator's resources, including the running Deployment + of the Operator. This **will not** delete objects associated with a GitLab instance. -- GitLab From 3f747e1a2577cd5c8e62ded11b9ae1400d5730b6 Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Wed, 22 Sep 2021 18:35:07 +0900 Subject: [PATCH 003/253] Fix spacing and typos in 2 docs --- doc/installation/cloud/openshift.md | 6 +-- doc/installation/operator.md | 57 +++++++++++++++-------------- 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/doc/installation/cloud/openshift.md b/doc/installation/cloud/openshift.md index 3d67951b4f..16975cb228 100644 --- a/doc/installation/cloud/openshift.md +++ b/doc/installation/cloud/openshift.md @@ -11,7 +11,7 @@ This document walks you through using the automation scripts in this project to ## Preparation First, you should have a Red Hat account associated with your GitLab email. -Contact our Red Hat Alliance liason; they will arrange to send you an account invitation email. Once you activate your Red Hat account, you will have access the to licenses and subscriptions needed to run OpenShift. +Contact our Red Hat Alliance liaison; they will arrange to send you an account invitation email. Once you activate your Red Hat account, you will have access the to licenses and subscriptions needed to run OpenShift. To launch a cluster in Google Cloud, a public Cloud DNS zone must be connected to a registered domain and configured in Google Cloud DNS. If a domain is not already available, follow the steps [in this guide](https://github.com/openshift/installer/blob/master/docs/user/gcp/dns.md) to create one. @@ -36,7 +36,7 @@ Once the Service Account is created, generate a JSON key and save it as `gcloud. To create the OpenShift cluster: -1. Clone the GitLab Operator respository: +1. Clone the GitLab Operator repository: ```shell git clone https://gitlab.com/gitlab-org/cloud-native/gitlab-operator.git @@ -85,7 +85,7 @@ The variables `CLUSTER_NAME` and `BASE_DOMAIN` are combined to build the domain To destroy the OpenShift cluster: -1. Clone the GitLab Operator respository: +1. Clone the GitLab Operator repository: ```shell git clone https://gitlab.com/gitlab-org/cloud-native/gitlab-operator.git diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 685d3bb76e..6d729f2bef 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -9,9 +9,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w GitLab Operator is an implementation of the [Operator pattern](https://www.openshift.com/blog) for managing the lifecycle and upgrades of a GitLab instance. The GitLab Operator strengthens the support of OpenShift from GitLab, but is intended to be as native to Kubernetes as for OpenShift. The GitLab Operator provides a method of synchronizing and controlling various stages of cloud-native GitLab installation/upgrade procedures. Using the Operator provides the ability to perform -rolling upgrades with minmal down time. The first goal is to support OpenShift, the subsequent goal will be for automation of day 2 operations like upgrades as noted. +rolling upgrades with minimal down time. The first goal is to support OpenShift, the subsequent goal will be for automation of day 2 operations like upgrades as noted. -The Operator offers the benefit of Day 2 operators to the GitLab installation, there are many automation benefits to utilizing the Operator vs Helm. The Operator utilizes the Helm Chart but the Operator will continously run making upgrading, backups, and more, automatic. +The Operator offers the benefit of Day 2 operators to the GitLab installation, there are many automation benefits to utilizing the Operator vs Helm. The Operator utilizes the Helm Chart but the Operator will continuously run making upgrading, backups, and more, automatic. The GitLab Operator aims to: @@ -22,7 +22,7 @@ The GitLab Operator aims to: - Aggregate and visualize metrics using Prometheus and Grafana. - Set up auto-scaling. -The GitLab Operator does not include the GitLab Runner. For more inforation, see +The GitLab Operator does not include the GitLab Runner. For more information, see the [GitLab Runner Operator repository](https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator). ## Known limitations @@ -46,24 +46,25 @@ Before you install GitLab with GitLab Operator, you must: preferred method of installation. - **OpenShift:** To create an OpenShift cluster, see the [OpenShift cluster setup docs](cloud/openshift.md). 1. Install the following services and software: - - **Ingress controller** - An Ingress controller is required to provide external access to the application and secure communication between components. - The GitLab Operator will deploy our [forked NGINX chart from the GitLab Helm Chart](../charts/nginx/index.md) by default. - If you prefer to use an external Ingress controller, we recommend [NGINX Ingress](https://kubernetes.github.io/ingress-nginx/deploy/) by the Kubernetes community to deploy an Ingress Controller. Follow the relevant instructions in the link based on your platform and preferred tooling. Take note of the Ingress class value for later (it typically defaults to `nginx`). + - **Ingress controller** - When configuring the GitLab custom resource (CR), be sure to set `nginx-ingress.enabled=false` to disable the NGINX objects from the GitLab Helm Chart. + An Ingress controller is required to provide external access to the application and secure communication between components. + The GitLab Operator will deploy our [forked NGINX chart from the GitLab Helm Chart](../charts/nginx/index.md) by default. + If you prefer to use an external Ingress controller, we recommend [NGINX Ingress](https://kubernetes.github.io/ingress-nginx/deploy/) by the Kubernetes community to deploy an Ingress Controller. Follow the relevant instructions in the link based on your platform and preferred tooling. Take note of the Ingress class value for later (it typically defaults to `nginx`). - - **Certificate manager** + When configuring the GitLab custom resource (CR), be sure to set `nginx-ingress.enabled=false` to disable the NGINX objects from the GitLab Helm Chart. - For the TLS certificates, we recommend [Cert Manager](https://cert-manager.io/docs/installation/) - to create certificates used to secure the GitLab and Registry URLs. Follow - the relevant instructions in the link based on your platform and preferred tooling. + - **Certificate manager** - - **Metrics server** + For the TLS certificates, we recommend [Cert Manager](https://cert-manager.io/docs/installation/) + to create certificates used to secure the GitLab and Registry URLs. Follow + the relevant instructions in the link based on your platform and preferred tooling. - - Kubernetes: Install the [metrics server](https://github.com/kubernetes-sigs/metrics-server#installation) so the HorizontalPodAutoscalers can retrieve pod metrics. - - OpenShift: OpenShift ships with [Prometheus Adapter](https://docs.openshift.com/container-platform/4.6/monitoring/understanding-the-monitoring-stack.html#default-monitoring-components_understanding-the-monitoring-stack) by default, so there is no manual action required here. + - **Metrics server** + + - Kubernetes: Install the [metrics server](https://github.com/kubernetes-sigs/metrics-server#installation) so the HorizontalPodAutoscalers can retrieve pod metrics. + - OpenShift: OpenShift ships with [Prometheus Adapter](https://docs.openshift.com/container-platform/4.6/monitoring/understanding-the-monitoring-stack.html#default-monitoring-components_understanding-the-monitoring-stack) by default, so there is no manual action required here. 1. Configure the Domain Name services: @@ -86,22 +87,22 @@ deployment manifests available in the 1. Deploy the GitLab Operator: - ```shell - GL_OPERATOR_VERSION=0.0.1 - kubectl create namespace gitlab-system - kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml - ``` + ```shell + GL_OPERATOR_VERSION=0.0.1 + kubectl create namespace gitlab-system + kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml + ``` - NOTE: - `18899486` is the ID of the - [GitLab Operator project](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator). + NOTE: + `18899486` is the ID of the + [GitLab Operator project](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator). - This command first deploys the service accounts, roles and role bindings used by the operator, and then the operator itself. + This command first deploys the service accounts, roles and role bindings used by the operator, and then the operator itself. - By default, the Operator will only watch the namespace where it is deployed. - If you'd like it to watch at the cluster scope, modify - [`kustomization.yaml`](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tree/master/config/manager/kustomization.yaml) - by commenting out the `namesapce_scope.yaml` patch. + By default, the Operator will only watch the namespace where it is deployed. + If you'd like it to watch at the cluster scope, modify + [`kustomization.yaml`](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tree/master/config/manager/kustomization.yaml) + by commenting out the `namesapce_scope.yaml` patch. 1. Create a GitLab custom resource (CR), by creating a new YAML file (for example named `mygitlab.yaml`). Here is an example of the content to put in -- GitLab From 11eade337dcc8dcada2b1f38dd0e2fbb3b8c153c Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 22 Sep 2021 09:32:28 -0500 Subject: [PATCH 004/253] Add $PLATFORM to installation commands Copying changes over from https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/merge_requests/243 Changelog: other --- doc/installation/operator.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 6d729f2bef..06ac9398b9 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -88,9 +88,10 @@ deployment manifests available in the 1. Deploy the GitLab Operator: ```shell - GL_OPERATOR_VERSION=0.0.1 + GL_OPERATOR_VERSION=0.1.0 + PLATFORM=kubernetes # or "openshift" kubectl create namespace gitlab-system - kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml + kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml ``` NOTE: @@ -176,8 +177,9 @@ To remove the GitLab Operator and its associated resources: 1. Uninstall the GitLab Operator ```shell - GL_OPERATOR_VERSION=0.0.1 - kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${GL_OPERATOR_VERSION}.yaml + GL_OPERATOR_VERSION=0.1.0 + PLATFORM=kubernetes # or "opensfhit" + kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml ``` This will delete the Operator's resources, including the running Deployment -- GitLab From a4154df028901125e59e389386df95f784667c77 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 22 Sep 2021 14:55:41 +0000 Subject: [PATCH 005/253] [Docs] [Operator] Follow-up from "Update Operator installation and OpenShift docs" --- doc/installation/operator.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 06ac9398b9..742030a3bd 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -101,9 +101,13 @@ deployment manifests available in the This command first deploys the service accounts, roles and role bindings used by the operator, and then the operator itself. By default, the Operator will only watch the namespace where it is deployed. - If you'd like it to watch at the cluster scope, modify - [`kustomization.yaml`](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tree/master/config/manager/kustomization.yaml) - by commenting out the `namesapce_scope.yaml` patch. + If you'd like it to watch at the cluster scope, then remove the `WATCH_NAMESPACE` + environment variable from the Deployment in the manifest under: + `spec.template.spec.containers[0].env` and re-run the `kubectl apply` command above. + + NOTE: + Running the Operator at the cluster scope is considered experimental. + See [issue #100](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/100) for more information. 1. Create a GitLab custom resource (CR), by creating a new YAML file (for example named `mygitlab.yaml`). Here is an example of the content to put in @@ -128,7 +132,7 @@ deployment manifests available in the ``` For more details on configuration options to use under `spec.chart.values`, - see the [GitLab Helm Chart documentation](../charts/globals.md). + see the [GitLab Helm Chart documentation](../charts/index.md). 1. Deploy a GitLab instance using your new GitLab CR: -- GitLab From 654e002cce4b93d6459924313d7657ce1a70991c Mon Sep 17 00:00:00 2001 From: Arihant Date: Wed, 22 Sep 2021 16:38:03 +0000 Subject: [PATCH 006/253] Troubleshooting TLS error when using Let's encrypt. --- doc/installation/tls.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/doc/installation/tls.md b/doc/installation/tls.md index 63ba5d7a24..7c5f7bf772 100644 --- a/doc/installation/tls.md +++ b/doc/installation/tls.md @@ -139,3 +139,21 @@ helm install gitlab gitlab/gitlab \ --set global.pages.enabled=true \ --set gitlab.gitlab-pages.ingress.tls.secretName= ``` + +## Troubleshooting + +This section contains possible solutions for problems you might encounter. + +### SSL termination errors + +If you are using Let's Encrypt as your TLS provider and you are facing certificate-related errors, you have a few options to debug this: + +1. Check your domain with [letsdebug](https://letsdebug.net/) for any possible errors. +1. If letsdebug returns not errors, see if there's a problem related to cert-manager: + + ```shell + kubectl describe certificate,order,challenge --all-namespaces + ``` + + If you see any errors, try removing the certificate object to force requesting a new one. +1. If nothing of the above works, consider reinstalling the cert-manager. -- GitLab From dd1e2882e69a7164df2252aa6f078c54e816fb8c Mon Sep 17 00:00:00 2001 From: Nailia Iskhakova Date: Wed, 22 Sep 2021 17:46:43 +0300 Subject: [PATCH 007/253] Exclude k3s related spec to make pipeline stable Signed-off-by: Nailia Iskhakova --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 19608284c6..b885f1226a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -677,10 +677,12 @@ production_specs_eks: url: https://gitlab.$KUBE_INGRESS_BASE_DOMAIN resource_group: "eks-production" +# Custom file pattern to exclude failing spec and still enable parallelization +# https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2886 .knapsack-variables: variables: KNAPSACK_REPORT_PATH: "knapsack/master_report.json" - KNAPSACK_TEST_FILE_PATTERN: "qa/specs/features/**/*_spec.rb" + KNAPSACK_TEST_FILE_PATTERN: "qa/specs/features/**/!(kubernetes_integration_spec).rb" KNAPSACK_GENERATE_REPORT: "true" .qa: -- GitLab From ba2b934995b9ac8d8304079b438e803b5ff02f9d Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 23 Sep 2021 23:40:49 +0000 Subject: [PATCH 008/253] Update changelog for 5.0.11 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 968a72741c..33731ca14e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -119,6 +119,10 @@ No changes. - [Do not automount SA token when not needed](gitlab-org/charts/gitlab@108af40ae28e55c882feae66eaecd3a0d0f45996) ([merge request](gitlab-org/charts/gitlab!2093)) +## 5.0.11 (2021-09-23) + +No changes. + ## 5.0.10 (2021-09-02) No changes. -- GitLab From 1b0ae200861b45a040e90d490c191f609930a68e Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 23 Sep 2021 23:41:03 +0000 Subject: [PATCH 009/253] Update version mapping for 5.0.11 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 34c42065cf..92df1ec545 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -22,6 +22,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.1.2 | 14.1.2 | | 5.1.1 | 14.1.1 | | 5.1.0 | 14.1.0 | +| 5.0.11 | 14.0.11 | | 5.0.10 | 14.0.10 | | 5.0.9 | 14.0.9 | | 5.0.8 | 14.0.8 | -- GitLab From 47d613105be71947ba079e1723a2f3b2a7821ee1 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 27 Sep 2021 13:29:13 +0000 Subject: [PATCH 010/253] Update changelog for 5.1.6 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 33731ca14e..b099ad547b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -76,6 +76,10 @@ No changes. - [Update gitlab-exporter appVersion 11.0.1](gitlab-org/charts/gitlab@d6cc85961e3d8369460840e70415b593bd82e432) ([merge request](gitlab-org/charts/gitlab!2092)) - [Update gitlab-org/gitlab-exporter from 10.5.0 to 11.0.0](gitlab-org/charts/gitlab@2c2a8c2b877b45d47b8bb61a09ed6cb5f8b79392) ([merge request](gitlab-org/charts/gitlab!2092)) +## 5.1.6 (2021-09-27) + +No changes. + ## 5.1.5 (2021-09-02) No changes. -- GitLab From be540f86955719253f01751431648577368c410a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 27 Sep 2021 13:29:28 +0000 Subject: [PATCH 011/253] Update version mapping for 5.1.6 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 92df1ec545..b4dc5315a3 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -16,6 +16,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.2.2 | 14.2.2 | | 5.2.1 | 14.2.1 | | 5.2.0 | 14.2.0 | +| 5.1.6 | 14.1.6 | | 5.1.5 | 14.1.5 | | 5.1.4 | 14.1.4 | | 5.1.3 | 14.1.3 | -- GitLab From cbd36f44bf5f0b55d086d0a1fa085e1b693fe095 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 23 Sep 2021 04:02:25 +0000 Subject: [PATCH 012/253] Update gitlab-org/container-registry from 3.11.0-gitlab to 3.11.1-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 1759d62eb4..7eaee92ccb 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.11.0-gitlab' + tag: 'v3.11.1-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 1a432f7ab9..2e60d7fed5 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.11.0-gitlab' + tag: 'v3.11.1-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -148,7 +148,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.11.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.11.1-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -274,7 +274,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.11.0-gitlab'` +- `tag: 'v3.11.1-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From d79810497226df3eb1f89554a193d6b7de97185d Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Fri, 24 Sep 2021 03:09:06 +0000 Subject: [PATCH 013/253] Remove multiple instances of Webservice as a limitation from docs --- doc/installation/operator.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 742030a3bd..57e9448d49 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -29,9 +29,6 @@ the [GitLab Runner Operator repository](https://gitlab.com/gitlab-org/gl-openshi Below are the known limitations of the GitLab Operator: -- Multiple instances of Webservice not supported on OpenShift. The Ingresses - report "All hosts are taken by other resources" when using NGINX Ingress Operator. - See issue [#160](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/160). - Certain components not supported: - Praefect: see issue [#136](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/136) - KAS: see issue [#139](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/139) -- GitLab From 2b80fd06bdd3a4b7cfe6ffba8568fa7a5bc78a0a Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 23 Sep 2021 14:28:23 -0700 Subject: [PATCH 014/253] Allow passing the gitlab image version from the env variables --- scripts/ci/autodevops.sh | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index a538178fd6..c74aa63839 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -70,19 +70,24 @@ function deploy() { ) fi - # Use stable images when on the stable branch - gitlab_version=$(grep 'appVersion:' Chart.yaml | awk '{ print $2}') + # Use the gitlab version from the environment or use stable images when on the stable branch + gitlab_app_version=$(grep 'appVersion:' Chart.yaml | awk '{ print $2}') + if [[ -n "$GITLAB_VERSION" ]]; then + image_branch=$GITLAB_VERSION + elif [[ $CI_COMMIT_BRANCH =~ -stable$ ]] && [[ $gitlab_app_version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + image_branch=$(echo "${gitlab_app_version%.*}-stable" | tr '.' '-') + fi + gitlab_version_args=() - if [[ $CI_COMMIT_BRANCH =~ -stable$ ]] && [[ $gitlab_version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - stable_branch=$(echo "${gitlab_version%.*}-stable" | tr '.' '-') - gitlab_version_args=( - "--set" "global.gitlabVersion=${stable_branch}" - "--set" "global.certificates.image.tag=${stable_branch}" - "--set" "global.kubectl.image.tag=${stable_branch}" - "--set" "gitlab.gitaly.image.tag=${stable_branch}" - "--set" "gitlab.gitlab-shell.image.tag=${stable_branch}" - "--set" "gitlab.gitlab-exporter.image.tag=${stable_branch}" - "--set" "registry.image.tag=${stable_branch}" + if [[ -n "$image_branch" ]]; then + gitlab_version_args=( + "--set" "global.gitlabVersion=${image_branch}" + "--set" "global.certificates.image.tag=${image_branch}" + "--set" "global.kubectl.image.tag=${image_branch}" + "--set" "gitlab.gitaly.image.tag=${image_branch}" + "--set" "gitlab.gitlab-shell.image.tag=${image_branch}" + "--set" "gitlab.gitlab-exporter.image.tag=${image_branch}" + "--set" "registry.image.tag=${image_branch}" ) fi -- GitLab From 03cdd31e72ed35b76f957d8e45ea325757b84cd1 Mon Sep 17 00:00:00 2001 From: Robert Marshall Date: Wed, 29 Sep 2021 19:30:25 +0000 Subject: [PATCH 015/253] Apply 2 suggestion(s) to 1 file(s) --- scripts/ci/autodevops.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index c74aa63839..883feb66f2 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -72,9 +72,9 @@ function deploy() { # Use the gitlab version from the environment or use stable images when on the stable branch gitlab_app_version=$(grep 'appVersion:' Chart.yaml | awk '{ print $2}') - if [[ -n "$GITLAB_VERSION" ]]; then + if [[ -n "${GITLAB_VERSION}" ]]; then image_branch=$GITLAB_VERSION - elif [[ $CI_COMMIT_BRANCH =~ -stable$ ]] && [[ $gitlab_app_version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + elif [[ "${CI_COMMIT_BRANCH}" =~ -stable$ ]] && [[ "${gitlab_app_version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then image_branch=$(echo "${gitlab_app_version%.*}-stable" | tr '.' '-') fi -- GitLab From f3b50e69f7c7508319eec676dac755ee511fc411 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 29 Sep 2021 14:43:22 -0500 Subject: [PATCH 016/253] Move 'global.kas.apiExternalPort' to parent chart Puts 'global.kas.apiExternalPort' in top-level values.yaml because globals should "flow downstream" - meaning the globals should be set in the parent chart for consumption by child/sibling charts. Helm 3.7.0 includes a change that enforces this approach, meaning that enabling KAS in the GitLab Charts would cause a failure because the Webservice ConfigMap could not find the `global.kas.apiExternalPort` value (because it was in the KAS chart, its sibling). Reference issue in Helm project: https://github.com/helm/helm/issues/10154#issuecomment-923120990 Changelog: fixed --- charts/gitlab/charts/kas/values.yaml | 2 -- values.yaml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/kas/values.yaml b/charts/gitlab/charts/kas/values.yaml index e86be40a82..32ce4e6b56 100644 --- a/charts/gitlab/charts/kas/values.yaml +++ b/charts/gitlab/charts/kas/values.yaml @@ -7,8 +7,6 @@ global: ingress: {} kas: enabled: false - service: - apiExternalPort: 8153 # port for connections from the GitLab backend redis: # host: '0.0.0.0' password: {} diff --git a/values.yaml b/values.yaml index 70b033aa52..f53b8a6524 100644 --- a/values.yaml +++ b/values.yaml @@ -487,6 +487,8 @@ global: ## https://docs.gitlab.com/charts/charts/gitlab/kas/ kas: enabled: false + service: + apiExternalPort: 8153 # port for connections from the GitLab backend ## https://docs.gitlab.com/charts/charts/globals#configure-gitlab-shell shell: -- GitLab From cb56d92c588831e7bf73d051ac9b966a088ed7a2 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 29 Sep 2021 20:29:45 +0000 Subject: [PATCH 017/253] Revert "Merge branch '2886-exclude-failing-spec' into 'master'" This reverts merge request !2193 --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b885f1226a..19608284c6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -677,12 +677,10 @@ production_specs_eks: url: https://gitlab.$KUBE_INGRESS_BASE_DOMAIN resource_group: "eks-production" -# Custom file pattern to exclude failing spec and still enable parallelization -# https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2886 .knapsack-variables: variables: KNAPSACK_REPORT_PATH: "knapsack/master_report.json" - KNAPSACK_TEST_FILE_PATTERN: "qa/specs/features/**/!(kubernetes_integration_spec).rb" + KNAPSACK_TEST_FILE_PATTERN: "qa/specs/features/**/*_spec.rb" KNAPSACK_GENERATE_REPORT: "true" .qa: -- GitLab From ce081ae5fdbd03716b2e50c78746d2e9452ac911 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 30 Sep 2021 04:02:03 +0000 Subject: [PATCH 018/253] Update gitlab-org/charts/gitlab-runner from 0.32.0 to 0.33.0 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 019b6c2ce1..0b07e8419c 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.32.0 + version: 0.33.0 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From f2aa063f271bf015f09a48ea8a3d3c9e49939095 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 09:46:47 +0000 Subject: [PATCH 019/253] Update changelog for 5.3.1 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b099ad547b..591e6a10c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.3.1 (2021-09-30) + +No changes. + ## 5.3.0 (2021-09-21) ### Added (1 change) -- GitLab From f232e70b3f893845fb93feabcbca32744fa8d2f3 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 09:47:02 +0000 Subject: [PATCH 020/253] Update Chart versions to 5.3.1 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/task-runner/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index c4d1fbab15..ec40b48e1d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.3.0 +version: 5.3.1 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 364365e12c..ab9b62eea3 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.3.0 +version: 5.3.1 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 4fec28487f..90c562229b 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.3.0 +version: 5.3.1 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index c209f5aec9..07a5bd6fc5 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.3.0 +version: 5.3.1 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index db670b47ff..5373f8a223 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.3.0 +version: 5.3.1 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 81705b1179..a78cb236fc 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.3.0 +version: 5.3.1 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 26777ef460..160d7ce6ea 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.3.0 +version: 5.3.1 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 89ead16881..95b10a135b 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.3.0 +version: 5.3.1 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index bb4459b31a..2fcae030a7 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.3.0 +version: 5.3.1 appVersion: master description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index e15e6db27b..fee259590d 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.3.0 +version: 5.3.1 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index c4230a7f05..fab13affdc 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.3.0 +version: 5.3.1 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 0e8315a935..a8149d42b7 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.3.0 +version: 5.3.1 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 52cf27c179..e0aa7f968b 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.3.0 +version: 5.3.1 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/task-runner/Chart.yaml index f5b136e930..32199ea5af 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/task-runner/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: task-runner -version: 5.3.0 +version: 5.3.1 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 38ded7ed43..f03e7f312b 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.3.0 +version: 5.3.1 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 279989b484682048fda09a85af6a24fba6370328 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 09:47:04 +0000 Subject: [PATCH 021/253] Update version mapping for 5.3.1 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index b4dc5315a3..73c59eaa59 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | | 5.2.4 | 14.2.4 | | 5.2.3 | 14.2.3 | -- GitLab From 53d2979913c6efee8d22da9e8f538481aa775bd5 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 10:03:11 +0000 Subject: [PATCH 022/253] Update changelog for 5.2.5 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 591e6a10c5..d80ff8272b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,10 @@ No changes. - [Update gitlab-org/charts/gitlab-runner from 0.31.0 to 0.32.0](gitlab-org/charts/gitlab@0665982645d842994a54bddb1269fbb694a743cb) ([merge request](gitlab-org/charts/gitlab!2149)) - [Adds pages local_store configuration](gitlab-org/charts/gitlab@426c34858876fe0d52cd4fe880f44771af17e19b) ([merge request](gitlab-org/charts/gitlab!2141)) +## 5.2.5 (2021-09-30) + +No changes. + ## 5.2.4 (2021-09-17) No changes. -- GitLab From 508c0f1b0d06669c70d5d5ed1ae8774c04b3fafb Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 10:03:25 +0000 Subject: [PATCH 023/253] Update version mapping for 5.2.5 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 73c59eaa59..06f83ec8c4 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -12,6 +12,7 @@ The table below maps some of the key previous chart versions and GitLab versions |---------------|----------------| | 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | +| 5.2.5 | 14.2.5 | | 5.2.4 | 14.2.4 | | 5.2.3 | 14.2.3 | | 5.2.2 | 14.2.2 | -- GitLab From 06b9b0e4390e607fd68e4abbc455fd2fb9c25bdd Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 10:17:29 +0000 Subject: [PATCH 024/253] Update changelog for 5.1.7 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d80ff8272b..46cd15fc35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -84,6 +84,10 @@ No changes. - [Update gitlab-exporter appVersion 11.0.1](gitlab-org/charts/gitlab@d6cc85961e3d8369460840e70415b593bd82e432) ([merge request](gitlab-org/charts/gitlab!2092)) - [Update gitlab-org/gitlab-exporter from 10.5.0 to 11.0.0](gitlab-org/charts/gitlab@2c2a8c2b877b45d47b8bb61a09ed6cb5f8b79392) ([merge request](gitlab-org/charts/gitlab!2092)) +## 5.1.7 (2021-09-30) + +No changes. + ## 5.1.6 (2021-09-27) No changes. -- GitLab From 728bb908536e86fd9d10ea9aed6f9b77e9052d4e Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 30 Sep 2021 10:17:43 +0000 Subject: [PATCH 025/253] Update version mapping for 5.1.7 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 06f83ec8c4..d8a4a6cbca 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -18,6 +18,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.2.2 | 14.2.2 | | 5.2.1 | 14.2.1 | | 5.2.0 | 14.2.0 | +| 5.1.7 | 14.1.7 | | 5.1.6 | 14.1.6 | | 5.1.5 | 14.1.5 | | 5.1.4 | 14.1.4 | -- GitLab From 6e15551b56eb57b8a9b7fcc15e7b6bb1a59c86dd Mon Sep 17 00:00:00 2001 From: Graeme Gillies Date: Wed, 29 Sep 2021 13:46:51 +1000 Subject: [PATCH 026/253] Add a preStop hook to registry to sleep for 5 seconds This fixes https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2911 While we have an option to configure the `draintimeout` for the registry configuration, there are very small windows where if no requests are currently going to registry, and it gets a SIGTERM as part of the standard Kubernetes shutdown procedure, registry will terminate before all nodes have a chance to remove the pod endpoint from the Kubernetes service, causing small amounts of connection errors. This change adds a `preStop` hook which simply sleeps for 5 seconds, which will give Kubernetes nodes enough time to remove the pod endpoint from iptables via kube-proxy, making sure there is never a window that requests to registry will go to a pod that is terminated. Changelog: fixed --- charts/registry/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/registry/templates/deployment.yaml b/charts/registry/templates/deployment.yaml index 3e11f3f795..34fb24da61 100644 --- a/charts/registry/templates/deployment.yaml +++ b/charts/registry/templates/deployment.yaml @@ -142,6 +142,10 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} + lifecycle: + preStop: + exec: + command: ["/bin/bash", "-c", "sleep 5"] terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} volumes: - name: registry-server-config -- GitLab From b1cb9801a31e33729de9e0d90a054d41aa5f2674 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 1 Oct 2021 16:09:37 +0000 Subject: [PATCH 027/253] Update changelog for 5.3.2 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46cd15fc35..a2df2dd0e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.3.2 (2021-10-01) + +No changes. + ## 5.3.1 (2021-09-30) No changes. -- GitLab From 1a08bdb7d8f9b91264396f941627978c1141ea63 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 1 Oct 2021 16:09:53 +0000 Subject: [PATCH 028/253] Update Chart versions to 5.3.2 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/task-runner/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index ec40b48e1d..87adb76bec 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.3.1 +version: 5.3.2 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index ab9b62eea3..d970dd4f8c 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.3.1 +version: 5.3.2 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 90c562229b..21ee6aafda 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.3.1 +version: 5.3.2 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 07a5bd6fc5..43944e76aa 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.3.1 +version: 5.3.2 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 5373f8a223..49b3a1de4d 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.3.1 +version: 5.3.2 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index a78cb236fc..23ab6943f9 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.3.1 +version: 5.3.2 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 160d7ce6ea..c7ad78d798 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.3.1 +version: 5.3.2 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 95b10a135b..38da806ad1 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.3.1 +version: 5.3.2 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 2fcae030a7..ca5051bc4f 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.3.1 +version: 5.3.2 appVersion: master description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index fee259590d..56de7528e9 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.3.1 +version: 5.3.2 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index fab13affdc..c19c3448f4 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.3.1 +version: 5.3.2 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index a8149d42b7..ca788a2627 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.3.1 +version: 5.3.2 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index e0aa7f968b..513764af65 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.3.1 +version: 5.3.2 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/task-runner/Chart.yaml index 32199ea5af..46c6f8a1a0 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/task-runner/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: task-runner -version: 5.3.1 +version: 5.3.2 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index f03e7f312b..2e2ba1a66d 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.3.1 +version: 5.3.2 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 20c9386f62e085b222359129f0208555bd0bc75a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 1 Oct 2021 16:09:56 +0000 Subject: [PATCH 029/253] Update version mapping for 5.3.2 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index d8a4a6cbca..7f2324a9cc 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | | 5.2.5 | 14.2.5 | -- GitLab From 4f6eb554de2d7f158c47df2c0ced1fc52fe57e02 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Tue, 28 Sep 2021 10:39:43 -0500 Subject: [PATCH 030/253] Remove reference to deprecated operator Removes reference to the deprecated Operator from the charts deployment docs. The placement here doesn't make sense, given that it's referenced near the end where the entire document prior has assumed Helm, not the Operator. Plus, we now have a direct link on installing with the GitLab Operator: https://docs.gitlab.com/charts/installation/operator.html Changelog: other --- doc/installation/deployment.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/doc/installation/deployment.md b/doc/installation/deployment.md index 0621701dac..e3b13deb45 100644 --- a/doc/installation/deployment.md +++ b/doc/installation/deployment.md @@ -259,13 +259,6 @@ Mappings between chart versions and GitLab versions can be found [here](../index Instructions for installing a development branch rather than a tagged release can be found in the [developer deploy documentation](../development/deploy.md). -### GitLab Operator (experimental) - -WARNING: -This functionality was Alpha and marked experimental. It is now -[**deprecated**](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2210), and will be removed in -the future. Do not use in production. - ## Monitoring the Deployment This will output the list of resources installed once the deployment finishes which may take 5-10 minutes. -- GitLab From f297da03cefcc03ee515582e93ba6b48ce4ca639 Mon Sep 17 00:00:00 2001 From: Craig Miskell Date: Wed, 22 Sep 2021 14:23:16 +1200 Subject: [PATCH 031/253] Allow configuring redis instance for rate limiting The ability to use a separate Redis for rate-limiting (RackAttack and Application Rate Limits) is being added (https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/526), and we need this to support that effort Changelog: added --- .../geo-logcursor/templates/configmap.yml | 1 + .../migrations/templates/configmap.yaml | 1 + .../charts/sidekiq/templates/configmap.yaml | 1 + .../task-runner/templates/configmap.yaml | 1 + .../charts/webservice/templates/configmap.yml | 1 + charts/gitlab/templates/_rails.redis.tpl | 7 ++++++ charts/gitlab/templates/_redis.tpl | 2 +- doc/advanced/external-redis/index.md | 2 +- doc/charts/globals.md | 24 ++++++++++++------- 9 files changed, 30 insertions(+), 10 deletions(-) diff --git a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml index d13007909a..7b3423a5ee 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml +++ b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml @@ -22,6 +22,7 @@ data: {{- include "gitlab.rails.redis.queues" . | nindent 2 }} {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} + {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 2c2c008c91..ed14f8d592 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -24,6 +24,7 @@ data: {{- include "gitlab.rails.redis.queues" . | nindent 2 }} {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} + {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index f2e84fa2f4..3b60bfd72a 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -25,6 +25,7 @@ data: {{- include "gitlab.rails.redis.queues" . | nindent 2 }} {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} + {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index ffdeb8c0ca..54370edb18 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -23,6 +23,7 @@ data: {{- include "gitlab.rails.redis.queues" . | nindent 2 }} {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} + {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 306fd4c70c..5c68763111 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -34,6 +34,7 @@ data: {{- include "gitlab.rails.redis.queues" . | nindent 2 }} {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} + {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 53d1c8e473..8162cbdc99 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -52,6 +52,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.rateLimiting" -}} +{{- if .Values.global.redis.rateLimiting -}} +{{- $_ := set $ "redisConfigName" "rateLimiting" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.rate_limiting") -}} +{{- end -}} +{{- end -}} + {{/* cable.yml configuration If no `global.redis.actioncable`, use `global.redis` diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 0db585b807..d72743bb83 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -96,7 +96,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" -}} +{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" -}} {{- if index $.Values.global.redis $redis -}} {{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} diff --git a/doc/advanced/external-redis/index.md b/doc/advanced/external-redis/index.md index bfab614407..dfc9c44094 100644 --- a/doc/advanced/external-redis/index.md +++ b/doc/advanced/external-redis/index.md @@ -48,7 +48,7 @@ values for the `--set` flag. The index is zero based. GitLab supports splitting several of the resource intensive Redis operations across multiple Redis instances. This chart supports distributing -those persistence classes to other Redis instances: `cache`, `queues`, `sharedState`, `actioncable`, and `traceChunks`. +those persistence classes to other Redis instances: `cache`, `queues`, `sharedState`, `actioncable`, `traceChunks`, and `rateLimiting`. More detailed information on configuring the chart for using multiple Redis instances can be found in the [globals](../../charts/globals.md#multiple-redis-support) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 28c6528b7f..a51fa6a258 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -438,15 +438,16 @@ continue to apply with the Sentinel support unless re-specified in the table abo The GitLab chart includes support for running with separate Redis instances for different persistence classes, currently: `cache`, `queues`, `sharedState`, -`actioncable` and `traceChunks`. +`actioncable`, `traceChunks`, and `rateLimiting`. -| Instance | Purpose | -|:-------------|:----------------------------------------------------| -| `cache` | Store cached data | -| `queues` | Store Sidekiq background jobs | -| `sharedState` | Store session-related and other persistent data | -| `actioncable` | Pub/Sub queue backend for ActionCable | -| `traceChunks` | Store job traces temporarily | +| Instance | Purpose | +|:---------------|:----------------------------------------------------------------| +| `cache` | Store cached data | +| `queues` | Store Sidekiq background jobs | +| `sharedState` | Store session-related and other persistent data | +| `actioncable` | Pub/Sub queue backend for ActionCable | +| `traceChunks` | Store job traces temporarily | +| `rateLimiting` | Store rate-limiting usage for RackAttack and Application Limits | Any number of the instances may be specified. Any instances not specified will be handled by the primary Redis instance specified @@ -499,6 +500,13 @@ global: enabled: true secret: traceChunks-secret key: traceChunks-password + rateLimiting: + host: rateLimiting.redis.example + port: 6379 + password: + enabled: true + secret: rateLimiting-secret + key: rateLimiting-password ``` The following table describes the attributes for each dictionary of the -- GitLab From 9b1ec20442bc2b8e40b8f1d7e31692dadad214cd Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Tue, 28 Sep 2021 09:44:27 -0700 Subject: [PATCH 032/253] Create a trigger update branch Keep an special branch up to date with master - Update the branch whenever there is a push to master - We will use this branch to trigger reviews --- .gitlab-ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 19608284c6..06f57882ce 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,6 +78,24 @@ tag_auto_deploy: - $DEPS_PIPELINE - $TRIGGER_JOB +update-trigger-branch: + stage: prepare + allow_failure: true # Failures are expected if there are parrallel runs, and we hit git locks + before_script: [] + variables: + GIT_STRATEGY: none + TRIGGER_PROJECT: "gitlab.com/gitlab-org/charts/gitlab.git" + TRIGGER_BRANCH: "master-trigger-branch" + script: + - git clone "https://${GITLAB_TRIGGER_UPDATE_BOT_USERNAME}:${GITLAB_TRIGGER_UPDATE_BOT_PASSWORD}@${TRIGGER_PROJECT}" update-project + - cd update-project + - git checkout -B ${TRIGGER_BRANCH} + - git merge $CI_DEFAULT_BRANCH + - git push origin ${TRIGGER_BRANCH} -o ci.skip + rules: + - if: '$CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + - if: '$TRIGGER_UPDATE' # Allow us to manually trigger this job in a pipleine if we wish using this CI variable + dependency_update: image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker stage: prepare -- GitLab From 557da5233f5ce7463ef721a4a29867c0da5c9592 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 29 Sep 2021 20:10:40 +0000 Subject: [PATCH 033/253] Apply 1 suggestion(s) to 1 file(s) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 06f57882ce..9f048f529c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -94,7 +94,7 @@ update-trigger-branch: - git push origin ${TRIGGER_BRANCH} -o ci.skip rules: - if: '$CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' - - if: '$TRIGGER_UPDATE' # Allow us to manually trigger this job in a pipleine if we wish using this CI variable + - if: '$TRIGGER_UPDATE' # Allow us to manually trigger this job in a pipeline if we wish using this CI variable dependency_update: image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker -- GitLab From 621e0d52072a4d52174aecf146e3e334ded82c89 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 30 Sep 2021 09:06:17 -0700 Subject: [PATCH 034/253] Adding a reset rather than a merge to update the trigger branch --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9f048f529c..299fc13917 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -90,8 +90,8 @@ update-trigger-branch: - git clone "https://${GITLAB_TRIGGER_UPDATE_BOT_USERNAME}:${GITLAB_TRIGGER_UPDATE_BOT_PASSWORD}@${TRIGGER_PROJECT}" update-project - cd update-project - git checkout -B ${TRIGGER_BRANCH} - - git merge $CI_DEFAULT_BRANCH - - git push origin ${TRIGGER_BRANCH} -o ci.skip + - git reset --hard $CI_DEFAULT_BRANCH + - git push --force-with-lease=${TRIGGER_BRANCH} origin ${TRIGGER_BRANCH} -o ci.skip rules: - if: '$CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' - if: '$TRIGGER_UPDATE' # Allow us to manually trigger this job in a pipeline if we wish using this CI variable -- GitLab From ff8b63641d648d86089f7fb39d5d77273f83eb89 Mon Sep 17 00:00:00 2001 From: Hordur Freyr Yngvason Date: Fri, 1 Oct 2021 15:12:17 -0400 Subject: [PATCH 035/253] Add missing namespace to default KAS internal URL See https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2915 Changelog: fixed --- charts/gitlab/templates/_kas.tpl | 2 +- spec/configuration/kas_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/templates/_kas.tpl b/charts/gitlab/templates/_kas.tpl index 06f0c6ee2d..11d470ccb7 100644 --- a/charts/gitlab/templates/_kas.tpl +++ b/charts/gitlab/templates/_kas.tpl @@ -45,7 +45,7 @@ Returns the KAS internal URL (for GitLab backend connections) {{- else -}} {{- $serviceName := include "gitlab.kas.serviceName" . -}} {{- $port := .Values.global.kas.service.apiExternalPort -}} -{{- printf "grpc://%s.svc:%s" $serviceName (toString $port) -}} +{{- printf "grpc://%s.%s.svc:%s" $serviceName $.Release.Namespace (toString $port) -}} {{- end -}} {{- end -}} diff --git a/spec/configuration/kas_spec.rb b/spec/configuration/kas_spec.rb index 8f5dfc0ffe..8fbce62684 100644 --- a/spec/configuration/kas_spec.rb +++ b/spec/configuration/kas_spec.rb @@ -388,7 +388,7 @@ describe 'kas configuration' do it 'has the correct defaults' do expect(gitlab_yml(chart)).to include(YAML.safe_load(%( enabled: true - internal_url: grpc://test-kas.svc:8153 + internal_url: grpc://test-kas.default.svc:8153 external_url: wss://kas.example.com ))) end -- GitLab From 0c537c99feef9799e6c0ec8cb44d0f16f9cc8869 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 29 Sep 2021 09:21:59 -0700 Subject: [PATCH 036/253] Allow the environment name to be influenced by CI variables This will allow us to trigger different environments for the same branch when testing upstream changes. --- .gitlab-ci.yml | 53 +++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 299fc13917..d520f49cd2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,6 +38,7 @@ variables: HELM_MAX_HISTORY: 20 TEST_BACKUP_PREFIX: "14.0.5" NAMESPACE: $KUBE_NAMESPACE + ENVIRONMENT_REF_NAME: $CI_COMMIT_REF_NAME stages: - prepare @@ -197,11 +198,11 @@ review_gke: DNS_PROVIDER: "google" extends: .review_template environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke auto_stop_in: 4 days - resource_group: "gke-review-app-${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-${ENVIRONMENT_REF_NAME}" review_gke_dev: variables: @@ -209,11 +210,11 @@ review_gke_dev: HELM_EXTRA_ARGS: "-f scripts/ci/values-dev-images.yaml" extends: .review_template environment: - name: dev_gke_review/$CI_COMMIT_REF_NAME + name: dev_gke_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke_dev auto_stop_in: 4 days - resource_group: "gke-review-app-dev-${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-dev-${ENVIRONMENT_REF_NAME}" only: refs: - /.*-stable/@gitlab/charts/gitlab @@ -225,11 +226,11 @@ review_eks: DNS_PROVIDER: "aws" extends: .review_template environment: - name: eks_review/$CI_COMMIT_REF_NAME + name: eks_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks auto_stop_in: 4 days - resource_group: "eks-review-app-${CI_COMMIT_REF_NAME}" + resource_group: "eks-review-app-${ENVIRONMENT_REF_NAME}" .stop_review_template: stage: review @@ -260,13 +261,13 @@ review_eks: stop_review_gke: extends: .stop_review_template environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME action: stop stop_review_gke_dev: extends: .stop_review_template environment: - name: dev_gke_review/$CI_COMMIT_REF_NAME + name: dev_gke_review/$ENVIRONMENT_REF_NAME action: stop only: refs: @@ -277,7 +278,7 @@ stop_review_gke_dev: stop_review_eks: extends: .stop_review_template environment: - name: eks_review/$CI_COMMIT_REF_NAME + name: eks_review/$ENVIRONMENT_REF_NAME action: stop # Keys that start with a dot (.) will not be processed by GitLab CI. @@ -367,7 +368,7 @@ stable_eks: review_helm_test: stage: qa environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke script: @@ -410,7 +411,7 @@ debug_review: paths: - variables environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke variables: @@ -543,8 +544,8 @@ review-docs-deploy: extends: - .review-docs environment: - name: review-docs/$CI_COMMIT_REF_SLUG - url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_COMMIT_REF_SLUG}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} + name: review-docs/$ENVIRONMENT_REF_NAME + url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${ENVIRONMENT_REF_NAME}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} on_stop: review-docs-cleanup script: - ./trigger-build docs deploy @@ -554,7 +555,7 @@ review-docs-cleanup: extends: - .review-docs environment: - name: review-docs/$CI_COMMIT_REF_SLUG + name: review-docs/$ENVIRONMENT_REF_NAME action: stop script: - ./trigger-build docs cleanup @@ -595,10 +596,10 @@ review_specs_gke: VARIABLES_FILE: "variables/review_gke" RSPEC_TAGS: type:feature environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke - resource_group: "gke-review-app-${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-${ENVIRONMENT_REF_NAME}" only: refs: - branches @@ -617,10 +618,10 @@ review_specs_gke: # VARIABLES_FILE: "variables/review_gke_dev" # RSPEC_TAGS: type:feature # environment: -# name: dev_gke_review/$CI_COMMIT_REF_NAME +# name: dev_gke_review/$ENVIRONMENT_REF_NAME # url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN # on_stop: stop_review_gke_dev -# resource_group: "gke-review-app-dev-${CI_COMMIT_REF_NAME}" +# resource_group: "gke-review-app-dev-${ENVIRONMENT_REF_NAME}" # only: # refs: # - /.*-stable/@gitlab/charts/gitlab @@ -633,10 +634,10 @@ review_specs_eks: VARIABLES_FILE: "variables/review_eks" RSPEC_TAGS: type:feature environment: - name: eks_review/$CI_COMMIT_REF_NAME + name: eks_review/$ENVIRONMENT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks - resource_group: "eks-review-app-${CI_COMMIT_REF_NAME}" + resource_group: "eks-review-app-${CI_COMMENVIRONMENT_REF_NAMEIT_REF_NAME}" only: refs: - branches @@ -815,7 +816,7 @@ qa_gke: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME on_stop: stop_review_gke qa_eks: @@ -824,7 +825,7 @@ qa_eks: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_review/$CI_COMMIT_REF_NAME + name: eks_review/$ENVIRONMENT_REF_NAME on_stop: stop_review_eks qa_gke_production: @@ -833,7 +834,7 @@ qa_gke_production: VARIABLES_FILE: "variables/stable_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_production/$CI_COMMIT_REF_NAME + name: gke_production/$ENVIRONMENT_REF_NAME qa_eks_production: extends: .qa_production @@ -841,7 +842,7 @@ qa_eks_production: VARIABLES_FILE: "variables/stable_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_production/$CI_COMMIT_REF_NAME + name: eks_production/$ENVIRONMENT_REF_NAME # QA jobs for Full E2E suites @@ -852,7 +853,7 @@ qa_gke_manual_full_suite: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: gke_review/$CI_COMMIT_REF_NAME + name: gke_review/$ENVIRONMENT_REF_NAME on_stop: stop_review_gke when: manual @@ -863,7 +864,7 @@ qa_eks_manual_full_suite: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: eks_review/$CI_COMMIT_REF_NAME + name: eks_review/$ENVIRONMENT_REF_NAME on_stop: stop_review_eks when: manual -- GitLab From acf2c81d3e1786b3980abf4a7dbf0f30806273cf Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 29 Sep 2021 10:33:37 -0700 Subject: [PATCH 037/253] Actually use the environment ref in the helm release name --- scripts/ci/autodevops.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index 883feb66f2..9da9f66139 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -8,8 +8,8 @@ export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} # Derive the Helm RELEASE argument from CI_ENVIRONMENT_SLUG if [[ $CI_ENVIRONMENT_SLUG =~ ^.{3}-review ]]; then - # if a "review", use CI_COMMIT_REF_SLUG - RELEASE_NAME=rvw-${CI_COMMIT_REF_SLUG} + # if a "review", use ENVIRONMENT_REF_NAME + RELEASE_NAME=rvw-${ENVIRONMENT_REF_NAME} # Trim release name to leave room for prefixes/suffixes RELEASE_NAME=${RELEASE_NAME:0:30} # Trim any hyphens in the suffix -- GitLab From 362e6b0b6ff11b89d970326b60d6ff9798c3168d Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 29 Sep 2021 11:05:28 -0700 Subject: [PATCH 038/253] Workaround nested variable issues --- .gitlab-ci.yml | 54 ++++++++++++++++++++-------------------- scripts/ci/autodevops.sh | 4 +-- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d520f49cd2..03eefb542e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ variables: HELM_MAX_HISTORY: 20 TEST_BACKUP_PREFIX: "14.0.5" NAMESPACE: $KUBE_NAMESPACE - ENVIRONMENT_REF_NAME: $CI_COMMIT_REF_NAME + REVIEW_REF_PREFIX: "" stages: - prepare @@ -198,11 +198,11 @@ review_gke: DNS_PROVIDER: "google" extends: .review_template environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke auto_stop_in: 4 days - resource_group: "gke-review-app-${ENVIRONMENT_REF_NAME}" + resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" review_gke_dev: variables: @@ -210,11 +210,11 @@ review_gke_dev: HELM_EXTRA_ARGS: "-f scripts/ci/values-dev-images.yaml" extends: .review_template environment: - name: dev_gke_review/$ENVIRONMENT_REF_NAME + name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke_dev auto_stop_in: 4 days - resource_group: "gke-review-app-dev-${ENVIRONMENT_REF_NAME}" + resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" only: refs: - /.*-stable/@gitlab/charts/gitlab @@ -226,11 +226,11 @@ review_eks: DNS_PROVIDER: "aws" extends: .review_template environment: - name: eks_review/$ENVIRONMENT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks auto_stop_in: 4 days - resource_group: "eks-review-app-${ENVIRONMENT_REF_NAME}" + resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" .stop_review_template: stage: review @@ -261,13 +261,13 @@ review_eks: stop_review_gke: extends: .stop_review_template environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME action: stop stop_review_gke_dev: extends: .stop_review_template environment: - name: dev_gke_review/$ENVIRONMENT_REF_NAME + name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME action: stop only: refs: @@ -278,7 +278,7 @@ stop_review_gke_dev: stop_review_eks: extends: .stop_review_template environment: - name: eks_review/$ENVIRONMENT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME action: stop # Keys that start with a dot (.) will not be processed by GitLab CI. @@ -368,7 +368,7 @@ stable_eks: review_helm_test: stage: qa environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke script: @@ -411,7 +411,7 @@ debug_review: paths: - variables environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke variables: @@ -544,8 +544,8 @@ review-docs-deploy: extends: - .review-docs environment: - name: review-docs/$ENVIRONMENT_REF_NAME - url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${ENVIRONMENT_REF_NAME}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} + name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} on_stop: review-docs-cleanup script: - ./trigger-build docs deploy @@ -555,7 +555,7 @@ review-docs-cleanup: extends: - .review-docs environment: - name: review-docs/$ENVIRONMENT_REF_NAME + name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME action: stop script: - ./trigger-build docs cleanup @@ -596,10 +596,10 @@ review_specs_gke: VARIABLES_FILE: "variables/review_gke" RSPEC_TAGS: type:feature environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke - resource_group: "gke-review-app-${ENVIRONMENT_REF_NAME}" + resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" only: refs: - branches @@ -618,10 +618,10 @@ review_specs_gke: # VARIABLES_FILE: "variables/review_gke_dev" # RSPEC_TAGS: type:feature # environment: -# name: dev_gke_review/$ENVIRONMENT_REF_NAME +# name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME # url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN # on_stop: stop_review_gke_dev -# resource_group: "gke-review-app-dev-${ENVIRONMENT_REF_NAME}" +# resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" # only: # refs: # - /.*-stable/@gitlab/charts/gitlab @@ -634,10 +634,10 @@ review_specs_eks: VARIABLES_FILE: "variables/review_eks" RSPEC_TAGS: type:feature environment: - name: eks_review/$ENVIRONMENT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks - resource_group: "eks-review-app-${CI_COMMENVIRONMENT_REF_NAMEIT_REF_NAME}" + resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" only: refs: - branches @@ -816,7 +816,7 @@ qa_gke: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME on_stop: stop_review_gke qa_eks: @@ -825,7 +825,7 @@ qa_eks: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_review/$ENVIRONMENT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME on_stop: stop_review_eks qa_gke_production: @@ -834,7 +834,7 @@ qa_gke_production: VARIABLES_FILE: "variables/stable_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_production/$ENVIRONMENT_REF_NAME + name: gke_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME qa_eks_production: extends: .qa_production @@ -842,7 +842,7 @@ qa_eks_production: VARIABLES_FILE: "variables/stable_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_production/$ENVIRONMENT_REF_NAME + name: eks_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME # QA jobs for Full E2E suites @@ -853,7 +853,7 @@ qa_gke_manual_full_suite: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: gke_review/$ENVIRONMENT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME on_stop: stop_review_gke when: manual @@ -864,7 +864,7 @@ qa_eks_manual_full_suite: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: eks_review/$ENVIRONMENT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME on_stop: stop_review_eks when: manual diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index 9da9f66139..19e3c251ac 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -8,8 +8,8 @@ export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} # Derive the Helm RELEASE argument from CI_ENVIRONMENT_SLUG if [[ $CI_ENVIRONMENT_SLUG =~ ^.{3}-review ]]; then - # if a "review", use ENVIRONMENT_REF_NAME - RELEASE_NAME=rvw-${ENVIRONMENT_REF_NAME} + # if a "review", use $REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + RELEASE_NAME=rvw-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME} # Trim release name to leave room for prefixes/suffixes RELEASE_NAME=${RELEASE_NAME:0:30} # Trim any hyphens in the suffix -- GitLab From ff6e2fa8d13128257f103bf9fde776ebeec9e458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Sch=C3=B6neck?= Date: Fri, 1 Oct 2021 16:12:48 +0000 Subject: [PATCH 039/253] Update runner chart to v0.33.1 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 0b07e8419c..52cb198c90 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.33.0 + version: 0.33.1 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From 5e8f1d2be8dd67dfe86ee06a23fda9ae3b708375 Mon Sep 17 00:00:00 2001 From: Mario Mora Date: Thu, 7 Oct 2021 11:09:14 +0000 Subject: [PATCH 040/253] Docs/Added instructions for setup TLS and DNS for pages --- doc/charts/gitlab/gitlab-pages/index.md | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 7f45c06465..0af8b206d2 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -194,3 +194,29 @@ networkpolicy: - port: 53 protocol: UDP ``` + +### TLS access to GitLab Pages + +To have TLS access to the GitLab Pages feature you must: + +1. Create a dedicated wildcard certificate for your GitLab Pages domain in this format: + `*.pages.`. + +1. Create the secret in Kubernetes: + + ```shell + kubectl create secret tls tls-star-pages- --cert= --key= + ``` + +1. Configure GitLab Pages to use this secret: + + ```yaml + gitlab: + gitlab-pages: + ingress: + tls: + secretName: tls-star-pages- + ``` + +1. Create a DNS entry in your DNS provider with the name `*.pages.` + pointing to your LoadBalancer. -- GitLab From f876344bcaf8b36a99e9604445cc7a8a7d87859f Mon Sep 17 00:00:00 2001 From: Hordur Freyr Yngvason Date: Thu, 7 Oct 2021 16:51:17 -0400 Subject: [PATCH 041/253] Add certificate volumeMounts to Rails deployments Without these, the wait-for-deps script fails. Changelog: fixed --- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 1 + charts/gitlab/charts/webservice/templates/deployment.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 7b2ec80736..ba823bcb26 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -150,6 +150,7 @@ spec: volumeMounts: {{- tpl (default "" .extraVolumeMounts) $ | nindent 10 }} {{- include "gitlab.extraVolumeMounts" $ | nindent 10 }} + {{- include "gitlab.certificates.volumeMount" $ | nindent 10 }} - name: sidekiq-config mountPath: '/var/opt/gitlab/templates' readOnly: true diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index 9c55738dc3..038ad348e7 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -156,6 +156,7 @@ spec: {{- include "webservice.extraEnv" (dict "global" $.Values.global "local" .) | nindent 12 }} volumeMounts: {{- include "gitlab.extraVolumeMounts" $ | nindent 12 }} + {{- include "gitlab.certificates.volumeMount" $ | nindent 12 }} - name: webservice-config mountPath: '/var/opt/gitlab/templates' - name: webservice-secrets -- GitLab From 0558014079ad7a88ed6d8c1165330e7b1ead5b02 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 8 Oct 2021 14:15:45 +0000 Subject: [PATCH 042/253] Docs: Add runtime templates to styleguide --- doc/development/style_guide.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/doc/development/style_guide.md b/doc/development/style_guide.md index ffe0f9d99e..23b7867f74 100644 --- a/doc/development/style_guide.md +++ b/doc/development/style_guide.md @@ -366,3 +366,27 @@ And then pulling the above into a variable and configuration: config: {{ $barVar }} ``` + +## Templating Configuration Files + +These charts make use of the Cloud Native GitLab ("CNG") containers. +Those containers support the use of either [ERB](https://docs.ruby-lang.org/en/2.7.0/ERB.html) +or [gomplate](https://docs.gomplate.ca/). + +**Guidelines:** + +1. Use template files within ConfigMaps (example: `gitlab.yml.erb`, `config.toml.tpl`) + - Entries _must_ use the expected extensions in order to be handled as templates. +1. Use templates to populate Secret contents from mounted file locations. (example: [GitLab Pages `config`](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/gitlab-pages/templates/configmap.yml)) +1. ERB (`.erb`) can be used for any container using Ruby during run-time execution +1. gomplate (`.tpl`) can be used for any container. + +**ERB usage:** + +We make use of standard ERB, and you can expect [`json`](https://docs.ruby-lang.org/en/2.7.0/JSON.html) and [`yaml`](https://docs.ruby-lang.org/en/2.7.0/YAML.html) modules to have been pre-loaded. + +**gomplate usage:** + +We make use of gomplate in order to remove the size and surface of Ruby within +containers. We configure gomplate [syntax](https://docs.gomplate.ca/syntax/) with alternate delimiters of `{% %}`, so not +to collide with Helm's use of `{{ }}`. -- GitLab From 94acaada27448351bc4ed5823de0b22e83b9d62f Mon Sep 17 00:00:00 2001 From: Hordur Freyr Yngvason Date: Fri, 8 Oct 2021 19:59:14 +0000 Subject: [PATCH 043/253] Add TLS support for KAS redis --- .../gitlab/charts/kas/templates/_helpers.tpl | 4 +++ .../charts/kas/templates/deployment.yaml | 4 +++ charts/gitlab/charts/kas/values.yaml | 8 ++++++ spec/configuration/kas_spec.rb | 25 +++++++++++++++++++ 4 files changed, 41 insertions(+) diff --git a/charts/gitlab/charts/kas/templates/_helpers.tpl b/charts/gitlab/charts/kas/templates/_helpers.tpl index 754da5d4c3..bb16adf363 100644 --- a/charts/gitlab/charts/kas/templates/_helpers.tpl +++ b/charts/gitlab/charts/kas/templates/_helpers.tpl @@ -36,5 +36,9 @@ sentinel: {{ end }} master_name: {{ template "gitlab.redis.host" . }} {{- end -}} +{{- if eq (.redisMergedConfig.scheme | default "") "rediss" }} +tls: + enabled: true +{{- end -}} {{- end -}} {{- end -}} diff --git a/charts/gitlab/charts/kas/templates/deployment.yaml b/charts/gitlab/charts/kas/templates/deployment.yaml index e5b472cde3..05efa6cfb6 100644 --- a/charts/gitlab/charts/kas/templates/deployment.yaml +++ b/charts/gitlab/charts/kas/templates/deployment.yaml @@ -51,6 +51,8 @@ spec: runAsGroup: {{ .Values.securityContext.runAsGroup }} fsGroup: {{ .Values.securityContext.fsGroup }} {{- include "gitlab.image.pullSecrets" $imageCfg | indent 6 }} + initContainers: + {{- include "gitlab.certificates.initContainer" . | nindent 8 }} containers: {{- include "gitlab.extraContainers" . | nindent 8 }} - name: {{ template "name" . }} @@ -91,8 +93,10 @@ spec: mountPath: /etc/kas readOnly: true {{- include "gitlab.extraVolumeMounts" . | nindent 12 }} + {{- include "gitlab.certificates.volumeMount" . | nindent 12 }} volumes: {{- include "gitlab.extraVolumes" . | nindent 6 }} + {{- include "gitlab.certificates.volumes" . | nindent 6 }} - name: init-etc-kas projected: defaultMode: 0440 diff --git a/charts/gitlab/charts/kas/values.yaml b/charts/gitlab/charts/kas/values.yaml index 32ce4e6b56..f8e1e94515 100644 --- a/charts/gitlab/charts/kas/values.yaml +++ b/charts/gitlab/charts/kas/values.yaml @@ -15,6 +15,14 @@ global: # name: kas.example.com # https: true +init: + image: {} + # repository: + # tag: + resources: + requests: + cpu: 50m + hpa: targetAverageValue: 100m image: diff --git a/spec/configuration/kas_spec.rb b/spec/configuration/kas_spec.rb index 8fbce62684..2fa74d62cb 100644 --- a/spec/configuration/kas_spec.rb +++ b/spec/configuration/kas_spec.rb @@ -326,6 +326,31 @@ describe 'kas configuration' do end end end + + describe 'tls' do + let(:kas_values) { default_kas_values } + + it 'is empty by default' do + expect(config_yaml_data['redis']).not_to include('tls') + end + + context 'when redis scheme is "rediss"' do + let(:kas_values) do + default_kas_values.deep_merge!(YAML.safe_load(%( + global: + redis: + scheme: rediss + ))) + end + + it 'is enabled' do + expect(config_yaml_data['redis']).to include(YAML.safe_load(%( + tls: + enabled: true + ))) + end + end + end end end -- GitLab From 3075400e188b18b2962f8283977e0952d6109f5d Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 12 Oct 2021 16:10:44 +0000 Subject: [PATCH 044/253] Update changelog for 5.3.3 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2df2dd0e1..9288dc571d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.3.3 (2021-10-12) + +No changes. + ## 5.3.2 (2021-10-01) No changes. -- GitLab From c89b0d4b9cc7b55e868b9a143acb7fdf4c68d71e Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 12 Oct 2021 16:11:00 +0000 Subject: [PATCH 045/253] Update Chart versions to 5.3.3 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/task-runner/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 87adb76bec..fbb5db2ea2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.3.2 +version: 5.3.3 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index d970dd4f8c..986671f33b 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.3.2 +version: 5.3.3 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 21ee6aafda..0609b3534b 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.3.2 +version: 5.3.3 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 43944e76aa..8f6852d8ad 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.3.2 +version: 5.3.3 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 49b3a1de4d..ad0f4b1bf7 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.3.2 +version: 5.3.3 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 23ab6943f9..eb5447b8c8 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.3.2 +version: 5.3.3 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index c7ad78d798..b9b4afecea 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.3.2 +version: 5.3.3 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 38da806ad1..3f898f4d9b 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.3.2 +version: 5.3.3 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index ca5051bc4f..c12e8005ae 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.3.2 +version: 5.3.3 appVersion: master description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 56de7528e9..4095fc1c34 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.3.2 +version: 5.3.3 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index c19c3448f4..1769dabe4f 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.3.2 +version: 5.3.3 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index ca788a2627..35b135f7a4 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.3.2 +version: 5.3.3 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 513764af65..ae8a2814ba 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.3.2 +version: 5.3.3 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/task-runner/Chart.yaml index 46c6f8a1a0..f6a388244d 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/task-runner/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: task-runner -version: 5.3.2 +version: 5.3.3 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 2e2ba1a66d..6c909d8809 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.3.2 +version: 5.3.3 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 2426134d9fd734a9a1a4a01980a53c86b4a4cb1b Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 12 Oct 2021 16:11:04 +0000 Subject: [PATCH 046/253] Update version mapping for 5.3.3 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 7f2324a9cc..bd5b4b8a46 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.3.3 | 14.3.3 | | 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | -- GitLab From 5712ef5a8da855f52ce5a4132ffa4e1b448ff486 Mon Sep 17 00:00:00 2001 From: Suzanne Selhorn Date: Wed, 13 Oct 2021 00:35:06 +0000 Subject: [PATCH 047/253] Removed broken link as part of TW chores Related to: https://gitlab.com/gitlab-org/technical-writing/-/issues/492 --- doc/charts/gitlab/webservice/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/charts/gitlab/webservice/index.md b/doc/charts/gitlab/webservice/index.md index 850f4fe2dc..779ebd259e 100644 --- a/doc/charts/gitlab/webservice/index.md +++ b/doc/charts/gitlab/webservice/index.md @@ -56,7 +56,7 @@ to the `helm install` command using the `--set` flags. | `gitlab.webservice.workhorse.image` | `registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee` | Workhorse image repository | | `gitlab.webservice.workhorse.tag` | | Workhorse image tag | | `hpa.targetAverageValue` | `1` | Set the autoscaling target value | -| `sshHostKeys.mount` | `false` | Whether to mount the GitLab Shell [secret] containing the public SSH keys. | +| `sshHostKeys.mount` | `false` | Whether to mount the GitLab Shell secret containing the public SSH keys. | | `sshHostKeys.mountName` | `ssh-host-keys` | Name of the mounted volume. | | `sshHostKeys.types` | `[dsa,rsa,ecdsa,ed25519]` | List of SSH key types to mount. | | `image.pullPolicy` | `Always` | Webservice image pull policy | -- GitLab From 85b95008f5b10df916a8afd7dc9f2713305be07f Mon Sep 17 00:00:00 2001 From: Suzanne Selhorn Date: Wed, 13 Oct 2021 16:33:40 +0000 Subject: [PATCH 048/253] Fixed typo of openshift --- doc/installation/operator.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 57e9448d49..ee5bd51374 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -175,11 +175,11 @@ To remove the GitLab Operator and its associated resources: This will remove the GitLab instance, and all associated objects except for PVCs as noted above. -1. Uninstall the GitLab Operator +1. Uninstall the GitLab Operator. ```shell GL_OPERATOR_VERSION=0.1.0 - PLATFORM=kubernetes # or "opensfhit" + PLATFORM=kubernetes # or "openshift" kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml ``` -- GitLab From f1f3cfbd92cf2b18e2b8348ed171d59ee424f451 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 14 Oct 2021 01:07:02 +0000 Subject: [PATCH 049/253] [Docs] Note that NGINX Ingress not yet supported on K8s 1.22 --- doc/charts/nginx/index.md | 4 ++++ doc/troubleshooting/index.md | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/doc/charts/nginx/index.md b/doc/charts/nginx/index.md index aa8d1da1b1..fe082b83e2 100644 --- a/doc/charts/nginx/index.md +++ b/doc/charts/nginx/index.md @@ -17,6 +17,10 @@ NOTE: Our [fork](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress) of the NGINX chart was pulled from [GitHub](https://github.com/kubernetes/ingress-nginx). See [Our NGINX fork](fork.md) for details on what was modified in our fork. +NOTE: +The version of the NGINX Ingress Helm Chart bundled with the GitLab Helm Charts does not support Kubernetes 1.22. +See [#2852](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2852) for more information. + ## Configuring NGINX See [NGINX chart documentation](https://gitlab.com/gitlab-org/charts/gitlab/blob/master/charts/nginx-ingress/README.md#configuration) diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index fdac580516..41edc87502 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -270,6 +270,18 @@ version of the chart and then follow the steps in the [upgrade guide](../install upgrade the bundled PostgreSQL version. Once PostgreSQL is properly upgraded, try the GitLab Helm chart upgrade again. +## Bundled NGINX Ingress pod fails to start: `Failed to watch *v1beta1.Ingress` + +The following error message may appear in the bundled NGINX Ingress controller pod if running Kubernetes version 1.22 or later: + +```plaintext +Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource +``` + +To address this, ensure the Kubernetes version is 1.21 or older. See +[#2852](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2852) for +more information regarding NGINX Ingress support for Kubernetes 1.22 or later. + ## Increased load on `/api/v4/jobs/requests` endpoint You may face this issue if the option `workhorse.keywatcher` was set to `false` for the deployment servicing `/api/*`. -- GitLab From a1664df302948db139cd6a0508022d12e182a84d Mon Sep 17 00:00:00 2001 From: Suzanne Selhorn Date: Mon, 18 Oct 2021 03:25:36 +0000 Subject: [PATCH 050/253] Fixed broken external links --- doc/installation/cloud/openshift.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/cloud/openshift.md b/doc/installation/cloud/openshift.md index 16975cb228..f4dc23a09b 100644 --- a/doc/installation/cloud/openshift.md +++ b/doc/installation/cloud/openshift.md @@ -119,5 +119,5 @@ When the cluster is up and running, you can continue [installing GitLab](../oper - [`oc` source code](https://github.com/openshift/oc) - [`openshift-installer` and `oc` packages](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/) - [OpenShift Container Project (OCP) architecture docs](https://access.redhat.com/documentation/en-us/openshift_container_platform/latest/html/architecture/architecture) -- [OpenShift GCP docs](https://docs.openshift.com/container-platform/latest/installing/installing_gcp/installing-gcp-account.html) -- [OpenShift troubleshooting guide](https://docs.openshift.com/container-platform/latest/support/troubleshooting/troubleshooting-installations.html) +- [OpenShift GCP docs](https://docs.openshift.com/container-platform/4.8/installing/installing_gcp/installing-gcp-account.html) +- [OpenShift troubleshooting guide](https://docs.openshift.com/container-platform/4.8/support/troubleshooting/troubleshooting-installations.html) -- GitLab From 76b302ed9385ecabe5295567484d6fa5cc3cd2e5 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Fri, 8 Oct 2021 19:58:39 +0000 Subject: [PATCH 051/253] Add instructions on how to get initial root password. --- doc/installation/operator.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index ee5bd51374..3c6e857a0e 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -154,6 +154,12 @@ deployment manifests available in the you can access GitLab in your browser at the domain you set up in the custom resource. + To log in, an initial administrator account has been created. The username is `root` and the password is stored in the `-gitlab-initial-root-password` secret. By default, this is in the `gitlab-system` namespace, and must be base64 decoded to use. + + ```shell + kubectl -n gitlab-system get secret -gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo + ``` + ## Uninstall the GitLab Operator Items to note prior to uninstalling the Operator: -- GitLab From a136824dd4cd725f3c40a0d509518467ae38754b Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Fri, 8 Oct 2021 20:01:10 +0000 Subject: [PATCH 052/253] Document the location of the web service --- doc/installation/operator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 3c6e857a0e..46ba9e0487 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -154,7 +154,7 @@ deployment manifests available in the you can access GitLab in your browser at the domain you set up in the custom resource. - To log in, an initial administrator account has been created. The username is `root` and the password is stored in the `-gitlab-initial-root-password` secret. By default, this is in the `gitlab-system` namespace, and must be base64 decoded to use. + To log in use the base domain you specified, with the `gitlab` subdomain, for example: `https://gitlab.example.com`. An initial administrator account has also been created. The username is `root` and the password is stored in the `-gitlab-initial-root-password` secret. By default, this is in the `gitlab-system` namespace, and must be base64 decoded to use. ```shell kubectl -n gitlab-system get secret -gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo -- GitLab From 5062e8267d46a06a16eaa7794dffc84d0dfa30fc Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Tue, 12 Oct 2021 23:34:11 +0000 Subject: [PATCH 053/253] Try to appease markdown linter --- doc/installation/operator.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 46ba9e0487..c964d6b755 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -157,7 +157,9 @@ deployment manifests available in the To log in use the base domain you specified, with the `gitlab` subdomain, for example: `https://gitlab.example.com`. An initial administrator account has also been created. The username is `root` and the password is stored in the `-gitlab-initial-root-password` secret. By default, this is in the `gitlab-system` namespace, and must be base64 decoded to use. ```shell + kubectl -n gitlab-system get secret -gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo + ``` ## Uninstall the GitLab Operator -- GitLab From 938f65f10f5c2fef23e34c19838c1d22b9445067 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Tue, 12 Oct 2021 23:39:01 +0000 Subject: [PATCH 054/253] Revert markdown lint change --- doc/installation/operator.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index c964d6b755..b5992fe7bd 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -156,11 +156,9 @@ deployment manifests available in the To log in use the base domain you specified, with the `gitlab` subdomain, for example: `https://gitlab.example.com`. An initial administrator account has also been created. The username is `root` and the password is stored in the `-gitlab-initial-root-password` secret. By default, this is in the `gitlab-system` namespace, and must be base64 decoded to use. - ```shell - + ```shell kubectl -n gitlab-system get secret -gitlab-initial-root-password -ojsonpath='{.data.password}' | base64 --decode ; echo - - ``` + ``` ## Uninstall the GitLab Operator -- GitLab From 4d718cab86d0b861c7ac3e6f753675a9d660ee77 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Fri, 8 Oct 2021 19:23:47 +0000 Subject: [PATCH 055/253] Clarify comment for domain host and fix typo --- doc/installation/operator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index b5992fe7bd..c4f9a46a1d 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -121,7 +121,7 @@ deployment manifests available in the values: global: hosts: - domain: example.com # use a real domain here + domain: example.com # = Use the base domain for GitLab. "gitlab." and "registry." will be exposed as subdomains. ingress: configureCertmanager: true certmanager-issuer: -- GitLab From 7ac98dbcdc0f0d962aab48e9cc8a8208a806217b Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Fri, 8 Oct 2021 19:48:59 +0000 Subject: [PATCH 056/253] Retain "real" language and add line for ExternalIP --- doc/installation/operator.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index c4f9a46a1d..d4115fef62 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -121,7 +121,8 @@ deployment manifests available in the values: global: hosts: - domain: example.com # = Use the base domain for GitLab. "gitlab." and "registry." will be exposed as subdomains. + domain: example.com # Provide a real base domain for GitLab. "gitlab." and "registry." will be exposed as subdomains. + externalIP: "1.1.1.1" # If using a static DNS record for the subdomain, enter the IP address it resolves to here. ingress: configureCertmanager: true certmanager-issuer: -- GitLab From 7c4e963cfaa52587cb197c1677acba6929420d98 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Tue, 19 Oct 2021 15:20:46 +0000 Subject: [PATCH 057/253] Apply 1 suggestion(s) to 1 file(s) --- doc/installation/operator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index d4115fef62..c6b238c818 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -122,7 +122,7 @@ deployment manifests available in the global: hosts: domain: example.com # Provide a real base domain for GitLab. "gitlab." and "registry." will be exposed as subdomains. - externalIP: "1.1.1.1" # If using a static DNS record for the subdomain, enter the IP address it resolves to here. + externalIP: "1.1.1.1" # If using a static wildcard DNS record for the base domain, enter the IP address it resolves to here. ingress: configureCertmanager: true certmanager-issuer: -- GitLab From 19f9a532412fce2a030ba6372586a043456c755e Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 14 Oct 2021 04:02:03 +0000 Subject: [PATCH 058/253] Update gitlab-org/container-registry from 3.11.1-gitlab to 3.12.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 7eaee92ccb..92760769b5 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.11.1-gitlab' + tag: 'v3.12.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 2e60d7fed5..00b7739d2f 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.11.1-gitlab' + tag: 'v3.12.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -148,7 +148,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.11.1-gitlab` | Version of the image to use | +| `image.tag` | `v3.12.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -274,7 +274,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.11.1-gitlab'` +- `tag: 'v3.12.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 66060aff60b496beefd2a28a4aa0f7f62c618c52 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 12 Oct 2021 13:31:39 -0700 Subject: [PATCH 059/253] Pages: enable proper readiness probe Enable a proper readiness probe for the GitLab Pages chart. To do this, we've configured things such that `statusUri` defaults to `/-/readiness`, and expose `listen-http` on `9090` when not otherwise configured. We direct the readiness probe to the combination of these to, such that it can be seen as one of: - `0.0.0.0:8090` if `externalHttp` is present - `0.0.0.0:9090` if any other configuration (static default) Changelog: added --- .../charts/gitlab-pages/templates/configmap.yml | 3 +++ .../charts/gitlab-pages/templates/deployment.yaml | 11 +++++++++++ charts/gitlab/charts/gitlab-pages/values.yaml | 8 +++++++- spec/configuration/pages_spec.rb | 15 ++++++++++----- 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 7e55408723..7779dfeedd 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -38,9 +38,12 @@ data: {{- $externalAddresses := concat $.Values.global.pages.externalHttp $.Values.global.pages.externalHttps | uniq }} {{- if (empty ($externalAddresses)) }} listen-proxy=0.0.0.0:{{ .Values.service.internalPort }} + listen-http=0.0.0.0:9090 {{- else }} {{- if not (empty $.Values.global.pages.externalHttp) }} listen-http=0.0.0.0:{{ .Values.service.internalPort }} + {{- else }} + listen-http=0.0.0.0:9090 {{- end }} {{- if not (empty $.Values.global.pages.externalHttps) }} listen-https{{ if .Values.useProxyV2 }}-proxyv2{{ end }}=0.0.0.0:{{ .Values.service.customDomains.internalHttpsPort | int }} diff --git a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml index 276383222e..909fdf2aba 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml @@ -97,6 +97,17 @@ spec: - containerPort: {{ .Values.metrics.port | int }} name: metrics {{- end }} + # readinessProbe should always hit port used by `listen-http`, as k8s won't use TLS or ProxyV2 + {{- $externalHttp := $.Values.global.pages.externalHttp uniq }} + readinessProbe: + httpGet: + path: {{ $.Values.statusUri | quote }} + port: {{ if $externalHttp }}{{ $.Values.service.internalPort | int }}{{ else }}9090{{ end }} + initialDelaySeconds: {{ $.Values.deployment.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.deployment.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.deployment.readinessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.deployment.readinessProbe.successThreshold }} + failureThreshold: {{ $.Values.deployment.readinessProbe.failureThreshold }} volumes: {{- include "gitlab.extraVolumes" $ | nindent 6 }} - name: pages-config diff --git a/charts/gitlab/charts/gitlab-pages/values.yaml b/charts/gitlab/charts/gitlab-pages/values.yaml index 4ec4b5646d..6d941a7792 100644 --- a/charts/gitlab/charts/gitlab-pages/values.yaml +++ b/charts/gitlab/charts/gitlab-pages/values.yaml @@ -52,6 +52,12 @@ init: deployment: strategy: {} + readinessProbe: + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 ingress: annotations: {} @@ -133,7 +139,7 @@ sentry: enabled: false dsn: environment: -statusUri: +statusUri: '/-/readiness' tls: minVersion: maxVersion: diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 0795c4cc83..1ff713c69f 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -427,6 +427,7 @@ describe 'GitLab Pages' do it 'populates Pages config file' do default_content = <<~MSG listen-proxy=0.0.0.0:8090 + listen-http=0.0.0.0:9090 pages-domain=pages.example.com pages-root=/srv/gitlab-pages log-format=json @@ -441,6 +442,7 @@ describe 'GitLab Pages' do api-secret-key=/etc/gitlab-secrets/pages/secret domain-config-source=gitlab metrics-address=:9235 + pages-status=/-/readiness MSG expect(config_data).to eq default_content @@ -493,6 +495,7 @@ describe 'GitLab Pages' do gitlab-retrieval-retries=3 header=FOO: BAR;;BAZ: BAT listen-proxy=0.0.0.0:8090 + listen-http=0.0.0.0:9090 pages-domain=pages.example.com pages-root=/srv/gitlab-pages log-format=text @@ -512,6 +515,7 @@ describe 'GitLab Pages' do gitlab-client-jwt-expiry=35 sentry-dsn=foobar sentry-environment=qwerty + pages-status=/-/readiness tls-min-version=tls1.0 tls-max-version=tls1.2 auth-redirect-uri=https://projects.pages.example.com/auth @@ -546,7 +550,8 @@ describe 'GitLab Pages' do describe 'pages configuration' do it 'does not expose listen-http, listen-https, root-cert or root-key' do - expect(pages_config_data).not_to match(/listen-http=/) + # Disabled. Using this for `/-/readiness` via statusUri + # expect(pages_config_data).not_to match(/listen-http=/) expect(pages_config_data).not_to match(/listen-https=/) expect(pages_config_data).not_to match(/root-cert=/) expect(pages_config_data).not_to match(/root-key=/) @@ -662,10 +667,10 @@ describe 'GitLab Pages' do expect(pages_config_data).to match(%r{root-cert=/etc/gitlab-secrets/pages/pages.example.com.crt}) expect(pages_config_data).to match(%r{root-key=/etc/gitlab-secrets/pages/pages.example.com.key}) end - - it 'does not expose listen-http' do - expect(pages_config_data).not_to match(/listen-http=/) - end + # Disabled. Using this for `/-/readiness` via statusUri + # it 'does not expose listen-http' do + # expect(pages_config_data).not_to match(/listen-http=/) + # end it 'does not expose listen-proxy ' do expect(pages_config_data).not_to match(/listen-proxy=/) -- GitLab From 8b77810753710bf27fcf97a9cdf642ecd81a8bf1 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 12 Oct 2021 13:52:12 -0700 Subject: [PATCH 060/253] Pages: fix deployment, re: uniq --- charts/gitlab/charts/gitlab-pages/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml index 909fdf2aba..433b4c6f97 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml @@ -98,7 +98,7 @@ spec: name: metrics {{- end }} # readinessProbe should always hit port used by `listen-http`, as k8s won't use TLS or ProxyV2 - {{- $externalHttp := $.Values.global.pages.externalHttp uniq }} + {{- $externalHttp := $.Values.global.pages.externalHttp }} readinessProbe: httpGet: path: {{ $.Values.statusUri | quote }} -- GitLab From 8bf1b12bf32b8fb170441a5dfe2e7e8926bb1ad7 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Mon, 18 Oct 2021 15:31:52 -0500 Subject: [PATCH 061/253] Add tests for proper probe configuration Rather than commenting out the test ensuring that 'listen-http' is not configured, adds tests that confirm both 'listen-http' and 'pages-status' are configured properly for the readiness probe. --- spec/configuration/pages_spec.rb | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 1ff713c69f..a2f78e114b 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -549,9 +549,7 @@ describe 'GitLab Pages' do end describe 'pages configuration' do - it 'does not expose listen-http, listen-https, root-cert or root-key' do - # Disabled. Using this for `/-/readiness` via statusUri - # expect(pages_config_data).not_to match(/listen-http=/) + it 'does not expose listen-https, root-cert or root-key' do expect(pages_config_data).not_to match(/listen-https=/) expect(pages_config_data).not_to match(/root-cert=/) expect(pages_config_data).not_to match(/root-key=/) @@ -560,6 +558,11 @@ describe 'GitLab Pages' do it 'exposes listen-proxy correctly' do expect(pages_config_data).to match(/listen-proxy=0.0.0.0:8090/) end + + it 'configures readiness probe correctly' do + expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) + expect(pages_config_data).to match(/pages-status=\/-\/readiness/) + end end describe 'pages-custom-domain service' do @@ -667,10 +670,11 @@ describe 'GitLab Pages' do expect(pages_config_data).to match(%r{root-cert=/etc/gitlab-secrets/pages/pages.example.com.crt}) expect(pages_config_data).to match(%r{root-key=/etc/gitlab-secrets/pages/pages.example.com.key}) end - # Disabled. Using this for `/-/readiness` via statusUri - # it 'does not expose listen-http' do - # expect(pages_config_data).not_to match(/listen-http=/) - # end + + it 'configures readiness probe correctly' do + expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) + expect(pages_config_data).to match(/pages-status=\/-\/readiness/) + end it 'does not expose listen-proxy ' do expect(pages_config_data).not_to match(/listen-proxy=/) -- GitLab From 992a8aed3ec33024cd8ddde5aebb5e043cfd333e Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Mon, 18 Oct 2021 15:39:55 -0500 Subject: [PATCH 062/253] Use %r around regular expression (rubocop) --- spec/configuration/pages_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index a2f78e114b..bea955270e 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -561,7 +561,7 @@ describe 'GitLab Pages' do it 'configures readiness probe correctly' do expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) - expect(pages_config_data).to match(/pages-status=\/-\/readiness/) + expect(pages_config_data).to match(%r{pages-status=/-/readiness}) end end @@ -673,7 +673,7 @@ describe 'GitLab Pages' do it 'configures readiness probe correctly' do expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) - expect(pages_config_data).to match(/pages-status=\/-\/readiness/) + expect(pages_config_data).to match(%r{pages-status=/-/readiness}) end it 'does not expose listen-proxy ' do -- GitLab From 742f57a736ab99138217fc8e48bac1e1acccac55 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 21 Oct 2021 08:37:42 -0700 Subject: [PATCH 063/253] Pin mailroom to 0.0.14 To workaround the fact that we can't update it in the gitlab gemfile due to a ruby bug. Changelog: changed --- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index c12e8005ae..b8fcdcdac0 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: mailroom version: 5.3.3 -appVersion: master +appVersion: 0.0.14 description: Handling incoming emails keywords: - gitlab -- GitLab From 6f7dd0350e7f85cf046d644806f754e102493d99 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 21 Oct 2021 22:03:59 +0000 Subject: [PATCH 064/253] Update changelog for 5.4.0 [ci skip] --- CHANGELOG.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9288dc571d..64e80e52c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,33 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.4.0 (2021-10-21) + +### Added (2 changes) + +- [Pages: enable proper readiness probe](gitlab-org/charts/gitlab@9b4d367bc96a2430eca9cfb32b916f0860bdd7ff) ([merge request](gitlab-org/charts/gitlab!2225)) +- [Allow configuring redis instance for rate limiting](gitlab-org/charts/gitlab@349cb8056f484dde330589805076ba86e70306d5) ([merge request](gitlab-org/charts/gitlab!2187)) + +### Fixed (4 changes) + +- [Add certificate volumeMounts to Rails deployments](gitlab-org/charts/gitlab@7a1fbf603eca4d698c16275eb1f7dd8dbcfdb45b) ([merge request](gitlab-org/charts/gitlab!2219)) +- [Add missing namespace to default KAS internal URL](gitlab-org/charts/gitlab@582d9b2b3298da78dc7b6c826e7dd5ee705505dd) ([merge request](gitlab-org/charts/gitlab!2207)) +- [Add a preStop hook to registry to sleep for 5 seconds](gitlab-org/charts/gitlab@24efafe6276eb5ea5ae9bc82d670cf0529356dd5) ([merge request](gitlab-org/charts/gitlab!2199)) +- [Move 'global.kas.apiExternalPort' to parent chart](gitlab-org/charts/gitlab@d68096d019a01cf1ba1953fde6b26e6cfcdffa6b) ([merge request](gitlab-org/charts/gitlab!2201)) + +### Changed (5 changes) + +- [Pin mailroom to 0.0.14](gitlab-org/charts/gitlab@5befab88589e25b0b851e6f39432e2051d3628d2) ([merge request](gitlab-org/charts/gitlab!2236)) +- [Update gitlab-org/container-registry from 3.11.1-gitlab to 3.12.0-gitlab](gitlab-org/charts/gitlab@cc5af8331e1f3aef9eaaee88f366e516cfc80c3f) ([merge request](gitlab-org/charts/gitlab!2230)) +- [Update runner chart to v0.33.1](gitlab-org/charts/gitlab@c40f40aab0118470f1b18dd42bae86e85fe1d6e9) by @xasx ([merge request](gitlab-org/charts/gitlab!2206)) +- [Update gitlab-org/charts/gitlab-runner from 0.32.0 to 0.33.0](gitlab-org/charts/gitlab@ce87597fbd8881f1a711affd926c6a332daf9254) ([merge request](gitlab-org/charts/gitlab!2203)) +- [Update gitlab-org/container-registry from 3.11.0-gitlab to 3.11.1-gitlab](gitlab-org/charts/gitlab@3e6492bf41609054214308006289a9e638038e22) ([merge request](gitlab-org/charts/gitlab!2194)) + +### Other (2 changes) + +- [Remove reference to deprecated operator](gitlab-org/charts/gitlab@d03e3293fdfe698eb3b5defe0b919351ef9485eb) ([merge request](gitlab-org/charts/gitlab!2197)) +- [Add $PLATFORM to installation commands](gitlab-org/charts/gitlab@8e72a88fb391cb98f64e712b07e65d65db4ab8fd) ([merge request](gitlab-org/charts/gitlab!2190)) + ## 5.3.3 (2021-10-12) No changes. -- GitLab From 61b652e6ba858d44a9d2d8b00e218d41179cbde4 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 21 Oct 2021 22:04:16 +0000 Subject: [PATCH 065/253] Update Chart versions to 5.4.0 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/task-runner/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index fbb5db2ea2..d9b7ada122 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.3.3 +version: 5.4.0 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 986671f33b..18cb25ecf7 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.3.3 +version: 5.4.0 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 0609b3534b..14735ce19c 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.3.3 +version: 5.4.0 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 8f6852d8ad..117b4ee58e 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.3.3 +version: 5.4.0 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index ad0f4b1bf7..191df0b18a 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.3.3 +version: 5.4.0 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index eb5447b8c8..013fdcad55 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.3.3 +version: 5.4.0 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index b9b4afecea..0169ab2ef5 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.3.3 +version: 5.4.0 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 3f898f4d9b..5aa8696c8f 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.3.3 +version: 5.4.0 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index b8fcdcdac0..242545312c 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.3.3 +version: 5.4.0 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 4095fc1c34..790d757699 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.3.3 +version: 5.4.0 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 1769dabe4f..5fea0557e6 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.3.3 +version: 5.4.0 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 35b135f7a4..5574810fe2 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.3.3 +version: 5.4.0 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index ae8a2814ba..0f926374ca 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.3.3 +version: 5.4.0 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/task-runner/Chart.yaml index f6a388244d..22607f4250 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/task-runner/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: task-runner -version: 5.3.3 +version: 5.4.0 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 6c909d8809..1b14273256 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.3.3 +version: 5.4.0 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 5917e800e79b6816a66f7d5d634e21c2ba8026f6 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 21 Oct 2021 22:04:18 +0000 Subject: [PATCH 066/253] Update version mapping for 5.4.0 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index bd5b4b8a46..d986cfd40a 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.4.0 | 14.4.0 | | 5.3.3 | 14.3.3 | | 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | -- GitLab From 87928e5fca98b856d7857b3727cedd6b6a70a649 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 21 Oct 2021 04:01:58 +0000 Subject: [PATCH 067/253] Update gitlab-org/container-registry from 3.12.0-gitlab to 3.13.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 92760769b5..f754d9b760 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.12.0-gitlab' + tag: 'v3.13.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 00b7739d2f..71067e6341 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.12.0-gitlab' + tag: 'v3.13.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -148,7 +148,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.12.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.13.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -274,7 +274,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.12.0-gitlab'` +- `tag: 'v3.13.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 1665ec93fd99c1c1c700f999fd17813590088ce6 Mon Sep 17 00:00:00 2001 From: Kristof Kalocsai Date: Fri, 22 Oct 2021 18:37:33 +0000 Subject: [PATCH 068/253] GitLab Pages: replace ERB with gomplate Replace ERB with gomplate for the GitLab Pages chart Closes #2895 Changelog: changed --- .../gitlab/charts/gitlab-pages/templates/configmap.yml | 8 ++++---- spec/configuration/pages_spec.rb | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 7779dfeedd..ac983e5b7d 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -8,7 +8,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: data: - config.erb: | + config.tpl: | {{- with .Values.gitlabCache }} {{- if .cleanup }} gitlab-cache-cleanup={{ .cleanup }} @@ -98,9 +98,9 @@ data: {{- end }} {{- if eq $.Values.global.pages.accessControl true }} auth-redirect-uri={{ template "oauth.gitlab-pages.authRedirectUri" . }} - auth-client-id=<%= File.read('/etc/gitlab-secrets/pages/gitlab_appid').strip.dump[1..-2] %> - auth-client-secret=<%= File.read('/etc/gitlab-secrets/pages/gitlab_appsecret').strip.dump[1..-2] %> - auth-secret=<%= File.read('/etc/gitlab-secrets/pages/auth_secret').strip.dump[1..-2] %> + auth-client-id={% file.Read "/etc/gitlab-secrets/pages/gitlab_appid" %} + auth-client-secret={% file.Read "/etc/gitlab-secrets/pages/gitlab_appsecret" %} + auth-secret={% file.Read "/etc/gitlab-secrets/pages/auth_secret" %} {{- end }} {{- with .Values.zipCache }} {{- if .cleanup }} diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index bea955270e..e091895fea 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -412,7 +412,7 @@ describe 'GitLab Pages' do describe 'Pages configuration file' do subject(:config_data) do - pages_enabled_template.dig('ConfigMap/test-gitlab-pages', 'data', 'config.erb') + pages_enabled_template.dig('ConfigMap/test-gitlab-pages', 'data', 'config.tpl') end context 'default values with Pages enabled' do @@ -519,9 +519,9 @@ describe 'GitLab Pages' do tls-min-version=tls1.0 tls-max-version=tls1.2 auth-redirect-uri=https://projects.pages.example.com/auth - auth-client-id=<%= File.read('/etc/gitlab-secrets/pages/gitlab_appid').strip.dump[1..-2] %> - auth-client-secret=<%= File.read('/etc/gitlab-secrets/pages/gitlab_appsecret').strip.dump[1..-2] %> - auth-secret=<%= File.read('/etc/gitlab-secrets/pages/auth_secret').strip.dump[1..-2] %> + auth-client-id={% file.Read "/etc/gitlab-secrets/pages/gitlab_appid" %} + auth-client-secret={% file.Read "/etc/gitlab-secrets/pages/gitlab_appsecret" %} + auth-secret={% file.Read "/etc/gitlab-secrets/pages/auth_secret" %} zip-cache-refresh=60s MSG @@ -537,7 +537,7 @@ describe 'GitLab Pages' do end subject(:pages_config_data) do - pages_enabled_template.dig('ConfigMap/test-gitlab-pages', 'data', 'config.erb') + pages_enabled_template.dig('ConfigMap/test-gitlab-pages', 'data', 'config.tpl') end context 'when not enabled' do -- GitLab From 54e2b7d5d132a077819952c6c09bfffd0e3757a1 Mon Sep 17 00:00:00 2001 From: Kristof Kalocsai Date: Fri, 22 Oct 2021 18:39:06 +0000 Subject: [PATCH 069/253] GitLab Shell: replace ERB with gomplate Replace ERB with gomplate for GitLab Shell chart Closes #2894 Changelog: changed --- .../gitlab/charts/gitlab-shell/templates/configmap.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml index 9e3659c446..c3da936b4e 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml @@ -13,7 +13,7 @@ data: mkdir -p /${secret_dir}/ssh cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/ chmod 0400 /${secret_dir}/ssh/ssh_host_* - config.yml.erb: | + config.yml.tpl: | # GitLab user. git by default user: git @@ -58,9 +58,11 @@ data: concurrent_sessions_limit: {{ .Values.config.maxStartups.full }} # SSH host key files. host_key_files: - <% Dir["/etc/ssh/ssh_host_*_key"].each do |file| %> - <%= "- #{file}" %> - <% end %> + {%- range file.Walk "/etc/ssh" %} + {%- if filepath.Match "/etc/ssh/ssh_host_*_key" . %} + - {%.%} + {%- end %} + {%- end %} {{- end }} # Leave this here - This line denotes end of block to the parser. {{- end }} -- GitLab From e520ceb6c4b00171260de6bbad9bc23be60ea528 Mon Sep 17 00:00:00 2001 From: Kristof Kalocsai Date: Mon, 25 Oct 2021 16:44:06 +0000 Subject: [PATCH 070/253] Webservice: replace Workhorse ERB with gomplate --- .../charts/webservice/templates/_helpers.tpl | 74 ++++++++----------- .../charts/webservice/templates/configmap.yml | 4 +- .../webservice_deployments_spec.rb | 2 +- spec/configuration/workhorse_spec.rb | 4 +- 4 files changed, 37 insertions(+), 47 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/_helpers.tpl b/charts/gitlab/charts/webservice/templates/_helpers.tpl index 124390f649..25e1cb587f 100644 --- a/charts/gitlab/charts/webservice/templates/_helpers.tpl +++ b/charts/gitlab/charts/webservice/templates/_helpers.tpl @@ -95,54 +95,44 @@ If consolidated object storage is in use, read the connection YAML If provider is AWS, render enabled as true. */}} {{- define "workhorse.object_storage.config" -}} -<% - require 'yaml' - - supported_providers = %w(AWS AzureRM) - provider = '' - aws_access_key_id = '' - aws_secret_access_key = '' - - azure_storage_account_name = '' - azure_storage_access_key = '' - - if File.exists? '/etc/gitlab/minio/accesskey' - provider = 'AWS' - aws_access_key_id = File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] - aws_secret_access_key = File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] - end - - if File.exists? '/etc/gitlab/objectstorage/object_store' - connection = YAML.safe_load(File.read('/etc/gitlab/objectstorage/object_store')) - provider = connection['provider'] - if connection.has_key? 'aws_access_key_id' - aws_access_key_id = connection['aws_access_key_id'] - aws_secret_access_key = connection['aws_secret_access_key'] - elsif connection.has_key? 'azure_storage_account_name' - azure_storage_account_name = connection['azure_storage_account_name'] - azure_storage_access_key = connection['azure_storage_access_key'] - end - end - - if supported_providers.include? provider -%> +{%- $supported_providers := slice "AWS" "AzureRM" -%} +{%- $provider := "" -%} +{%- $aws_access_key_id := "" -%} +{%- $aws_secret_access_key := "" -%} +{%- $azure_storage_account_name := "" -%} +{%- $azure_storage_access_key := "" -%} +{%- if file.Exists "/etc/gitlab/minio/accesskey" -%} + {%- $provider = "AWS" -%} + {%- $aws_access_key_id = file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%} + {%- $aws_secret_access_key = file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%} +{%- end -%} +{%- if file.Exists "/etc/gitlab/objectstorage/object_store" -%} + {%- $connection := file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%} + {%- $provider = $connection.provider -%} + {%- if has $connection "aws_access_key_id" -%} + {%- $aws_access_key_id = $connection.aws_access_key_id -%} + {%- $aws_secret_access_key = $connection.aws_secret_access_key -%} + {%- else if has $connection "azure_storage_account_name" -%} + {%- $azure_storage_account_name = $connection.azure_storage_account_name -%} + {%- $azure_storage_access_key = $connection.azure_storage_access_key -%} + {%- end -%} +{%- end -%} +{%- if has $supported_providers $provider %} [object_storage] -provider = "<%= provider %>" -<% if provider.eql? 'AWS' %> +provider = "{% $provider %}" +{% if eq $provider "AWS" -%} # AWS / S3 object storage configuration. [object_storage.s3] # access/secret can be blank! -aws_access_key_id = "<%= aws_access_key_id %>" -aws_secret_access_key = "<%= aws_secret_access_key %>" -<% elsif provider.eql? 'AzureRM' %> +aws_access_key_id = "{% $aws_access_key_id %}" +aws_secret_access_key = "{% $aws_secret_access_key %}" +{% else if eq $provider "AzureRM" -%} # Azure Blob storage configuration. [object_storage.azurerm] -azure_storage_account_name = "<%= azure_storage_account_name %>" -azure_storage_access_key = "<%= azure_storage_access_key %>" -<% - end - end -%> +azure_storage_account_name = "{% $azure_storage_account_name %}" +azure_storage_access_key = "{% $azure_storage_access_key %}" +{%- end -%} +{%- end -%} {{- end -}} {{/* diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 5c68763111..8ab8a86476 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -169,7 +169,7 @@ metadata: data: installation_type: | gitlab-helm-chart - workhorse-config.toml.erb: | + workhorse-config.toml.tpl: | shutdown_timeout = "{{ template "gitlab.workhorse.shutdownTimeout" $ }}" {{- if $.Values.workhorse.trustedCIDRsForPropagation }} trusted_cidrs_for_propagation = {{ $.Values.workhorse.trustedCIDRsForPropagation | toStrings | toJson }} @@ -187,7 +187,7 @@ data: Sentinel = [ {{ template "gitlab.redis.workhorse.sentinel-list" $ }} ] {{- end }} {{- if $.Values.global.redis.password.enabled }} - Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>" + Password = "{% file.Read "/etc/gitlab/redis/redis-password" | strings.TrimSpace %}" {{- end }} {{- end }} {{- include "workhorse.object_storage.config" $ | nindent 4 }} diff --git a/spec/configuration/webservice_deployments_spec.rb b/spec/configuration/webservice_deployments_spec.rb index 5d8b4408ad..32043fc318 100644 --- a/spec/configuration/webservice_deployments_spec.rb +++ b/spec/configuration/webservice_deployments_spec.rb @@ -595,7 +595,7 @@ describe 'Webservice Deployments configuration' do configmaps = t.resources_by_kind('ConfigMap') workhorse_config = {} ['default', 'api', 'git'].each do |container| - workhorse_config[container] = configmaps.fetch("ConfigMap/test-workhorse-#{container}").fetch("data").fetch("workhorse-config.toml.erb") + workhorse_config[container] = configmaps.fetch("ConfigMap/test-workhorse-#{container}").fetch("data").fetch("workhorse-config.toml.tpl") end expect(workhorse_config['default']).not_to include("[redis]") diff --git a/spec/configuration/workhorse_spec.rb b/spec/configuration/workhorse_spec.rb index fb74cc7b7a..e3fc15a6f5 100644 --- a/spec/configuration/workhorse_spec.rb +++ b/spec/configuration/workhorse_spec.rb @@ -13,7 +13,7 @@ describe 'Workhorse configuration' do let(:template) { HelmTemplate.new(default_values) } it 'renders a TOML configuration file' do - raw_toml = template.dig('ConfigMap/test-workhorse-default', 'data', 'workhorse-config.toml.erb') + raw_toml = template.dig('ConfigMap/test-workhorse-default', 'data', 'workhorse-config.toml.tpl') expect(raw_toml).to match /^shutdown_timeout = "61s"/ expect(raw_toml).not_to include('trusted_cidrs_for_propagation') @@ -56,7 +56,7 @@ describe 'Workhorse configuration' do let(:template) { HelmTemplate.new(custom_values) } it 'renders a TOML configuration file' do - raw_toml = template.dig('ConfigMap/test-workhorse-default', 'data', 'workhorse-config.toml.erb') + raw_toml = template.dig('ConfigMap/test-workhorse-default', 'data', 'workhorse-config.toml.tpl') expect(raw_toml).to match /^shutdown_timeout = "30s"/ expect(raw_toml).to include(%(trusted_cidrs_for_propagation = ["127.0.0.1/32","192.168.0.1/32"]\n)) -- GitLab From cb9bd9addbb1707ed2c291ad8d1d8af6cbeb984a Mon Sep 17 00:00:00 2001 From: Matthias Kaeppler Date: Wed, 20 Oct 2021 14:23:17 +0200 Subject: [PATCH 071/253] Add config + docs for new redis-sessions See https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1311 --- .../charts/geo-logcursor/templates/configmap.yml | 1 + .../charts/migrations/templates/configmap.yaml | 1 + .../gitlab/charts/sidekiq/templates/configmap.yaml | 1 + .../charts/task-runner/templates/configmap.yaml | 1 + .../charts/webservice/templates/configmap.yml | 1 + charts/gitlab/templates/_rails.redis.tpl | 7 +++++++ charts/gitlab/templates/_redis.tpl | 2 +- doc/advanced/external-redis/index.md | 2 +- doc/charts/globals.md | 13 ++++++++++--- 9 files changed, 24 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml index 7b3423a5ee..6d7e7bedf5 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml +++ b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml @@ -23,6 +23,7 @@ data: {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} + {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index ed14f8d592..a3e26343a6 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -25,6 +25,7 @@ data: {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} + {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 3b60bfd72a..6949f8ee49 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -26,6 +26,7 @@ data: {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} + {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index 54370edb18..b05af442dd 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -24,6 +24,7 @@ data: {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} + {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 8ab8a86476..87d9b5e576 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -35,6 +35,7 @@ data: {{- include "gitlab.rails.redis.cable" . | nindent 2 }} {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} + {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 8162cbdc99..b4e87d0cc6 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -59,6 +59,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.sessions" -}} +{{- if .Values.global.redis.sessions -}} +{{- $_ := set $ "redisConfigName" "sessions" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.sessions") -}} +{{- end -}} +{{- end -}} + {{/* cable.yml configuration If no `global.redis.actioncable`, use `global.redis` diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index d72743bb83..a735376017 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -96,7 +96,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" -}} +{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "sessions" -}} {{- if index $.Values.global.redis $redis -}} {{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} diff --git a/doc/advanced/external-redis/index.md b/doc/advanced/external-redis/index.md index dfc9c44094..971efdcb7c 100644 --- a/doc/advanced/external-redis/index.md +++ b/doc/advanced/external-redis/index.md @@ -48,7 +48,7 @@ values for the `--set` flag. The index is zero based. GitLab supports splitting several of the resource intensive Redis operations across multiple Redis instances. This chart supports distributing -those persistence classes to other Redis instances: `cache`, `queues`, `sharedState`, `actioncable`, `traceChunks`, and `rateLimiting`. +those persistence classes to other Redis instances. More detailed information on configuring the chart for using multiple Redis instances can be found in the [globals](../../charts/globals.md#multiple-redis-support) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index a51fa6a258..449995af31 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -437,17 +437,17 @@ continue to apply with the Sentinel support unless re-specified in the table abo ### Multiple Redis support The GitLab chart includes support for running with separate Redis instances -for different persistence classes, currently: `cache`, `queues`, `sharedState`, -`actioncable`, `traceChunks`, and `rateLimiting`. +for different persistence classes, currently: | Instance | Purpose | |:---------------|:----------------------------------------------------------------| | `cache` | Store cached data | | `queues` | Store Sidekiq background jobs | -| `sharedState` | Store session-related and other persistent data | +| `sharedState` | Store various persistent data such as distributed locks | | `actioncable` | Pub/Sub queue backend for ActionCable | | `traceChunks` | Store job traces temporarily | | `rateLimiting` | Store rate-limiting usage for RackAttack and Application Limits | +| `sessions` | Store user session data | Any number of the instances may be specified. Any instances not specified will be handled by the primary Redis instance specified @@ -507,6 +507,13 @@ global: enabled: true secret: rateLimiting-secret key: rateLimiting-password + sessions: + host: sessions.redis.example + port: 6379 + password: + enabled: true + secret: sessions-secret + key: sessions-password ``` The following table describes the attributes for each dictionary of the -- GitLab From 2097dedce8c628ddfabeadb42ca0634186476bcc Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 27 Oct 2021 20:19:41 +0000 Subject: [PATCH 072/253] [Webservice] Support overriding ingress provider per Webservice deployment --- .../gitlab-grafana/templates/ingress.yaml | 5 +- .../gitlab-pages/templates/ingress.yaml | 5 +- .../gitlab/charts/kas/templates/ingress.yaml | 5 +- .../webservice/templates/_datamodel.tpl | 1 - .../charts/webservice/templates/ingress.yaml | 7 ++- .../templates/ingress_smartcard.yaml | 7 ++- charts/minio/templates/ingress.yaml | 5 +- charts/registry/templates/ingress.yaml | 5 +- .../webservice_deployments_spec.rb | 53 +++++++++++++++++++ templates/_helpers.tpl | 13 ++++- 10 files changed, 81 insertions(+), 25 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 47b4d8e74e..03ab2980ed 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -4,6 +4,7 @@ {{- $gitlabHostname = .Values.global.hosts.gitlab.hostnameOverride -}} {{- end -}} {{- $tlsSecret := include "webservice.tlsSecret" . -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress metadata: @@ -14,9 +15,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- if .Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ .Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.ingress.proxyReadTimeout | quote }} diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index 6bf16f7883..8c60c53ea4 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -2,6 +2,7 @@ {{- if and (empty ($externalAddresses)) (eq (include "gitlab.ingress.enabled" $) "true") -}} {{- $hostname := include "gitlab.pages.hostname" . -}} {{- $tlsSecret := include "pages.tlsSecret" . -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress metadata: @@ -12,9 +13,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- if .Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ .Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index 952c9595a2..3dead121c9 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -2,6 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "gitlab.kas.hostname" . -}} {{- $tlsSecret := include "kas.tlsSecret" . -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress metadata: @@ -12,9 +13,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- if .Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ .Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/charts/gitlab/charts/webservice/templates/_datamodel.tpl b/charts/gitlab/charts/webservice/templates/_datamodel.tpl index 11c99aa154..641ff45e4f 100644 --- a/charts/gitlab/charts/webservice/templates/_datamodel.tpl +++ b/charts/gitlab/charts/webservice/templates/_datamodel.tpl @@ -50,7 +50,6 @@ This is output as YAML, it can be read back in as a dict via `toYaml`. ingress: path: # intentionally not setting a value. User must set. pathType: Prefix - provider: nginx annotations: {{- .Values.ingress.annotations | toYaml | nindent 4 }} proxyConnectTimeout: {{ .Values.ingress.proxyConnectTimeout }} diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 72937aa9e6..683172f927 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -14,6 +14,7 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress -}} --- apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress @@ -26,10 +27,8 @@ metadata: {{- include "webservice.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" - {{- if default .ingress.provider $.Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ default .ingress.provider $.Values.global.ingress.provider }} - {{- end }} - {{- if eq "nginx" (default .ingress.provider $.Values.global.ingress.provider) }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" + {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .ingress.proxyReadTimeout | quote }} nginx.ingress.kubernetes.io/proxy-connect-timeout: {{ .ingress.proxyConnectTimeout | quote }} diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 211c5d1a1c..3c2aa7fc78 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -10,6 +10,7 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress -}} --- apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress @@ -21,9 +22,7 @@ metadata: {{- include "gitlab.commonLabels" $ | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" - {{- if $.Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ $.Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" $.Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ $.Values.ingress.proxyBodySize | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ $.Values.ingress.proxyReadTimeout | quote }} @@ -67,4 +66,4 @@ spec: {{- end -}} {{- end -}} {{- end -}}{{/* SET .ingress.path */}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 0c2590c584..340a533e64 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -2,6 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $minioHostname := include "gitlab.minio.hostname" . -}} {{- $tlsSecret := include "minio.tlsSecret" . -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress @@ -13,9 +14,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "minio.ingressclass" . }}" - {{- if .Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ .Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.ingress.proxyReadTimeout | quote }} diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index 3e176994c6..2370565011 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -2,6 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "registry.hostname" . -}} {{- $tlsSecret := include "registry.tlsSecret" . -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} apiVersion: {{ template "ingress.apiVersion" $}} kind: Ingress @@ -13,9 +14,7 @@ metadata: {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: kubernetes.io/ingress.class: "{{ template "registry.ingressclass" . }}" - {{- if .Values.global.ingress.provider }} - kubernetes.io/ingress.provider: {{ .Values.global.ingress.provider }} - {{- end }} + kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.ingress.proxyReadTimeout | quote }} diff --git a/spec/configuration/webservice_deployments_spec.rb b/spec/configuration/webservice_deployments_spec.rb index 32043fc318..b35611373e 100644 --- a/spec/configuration/webservice_deployments_spec.rb +++ b/spec/configuration/webservice_deployments_spec.rb @@ -508,6 +508,59 @@ describe 'Webservice Deployments configuration' do end end end + + context 'local ingress provider annotations' do + let(:deployments_values) do + YAML.safe_load(%( + gitlab: + webservice: + deployments: + default: + ingress: + path: / + second: + ingress: + path: /second + provider: second-provider + )).deep_merge(default_values) + end + + it 'properly sets the ingress providers' do + t = HelmTemplate.new(deployments_values) + expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" + + expect(t.annotations('Ingress/test-webservice-default')).to include('kubernetes.io/ingress.provider' => 'nginx') + expect(t.annotations('Ingress/test-webservice-second')).to include('kubernetes.io/ingress.provider' => 'second-provider') + end + end + + context 'global ingress provider annotations' do + let(:deployments_values) do + YAML.safe_load(%( + global: + ingress: + provider: global-provider + gitlab: + webservice: + deployments: + default: + ingress: + path: / + second: + ingress: + path: /second + provider: second-provider + )).deep_merge(default_values) + end + + it 'properly sets the ingress providers' do + t = HelmTemplate.new(deployments_values) + expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" + + expect(t.annotations('Ingress/test-webservice-default')).to include('kubernetes.io/ingress.provider' => 'global-provider') + expect(t.annotations('Ingress/test-webservice-second')).to include('kubernetes.io/ingress.provider' => 'second-provider') + end + end end context 'shutdown.blackoutSeconds' do diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 755837a7a3..dc7443e4c1 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -333,6 +333,17 @@ Returns the nginx ingress class {{- pluck "class" .Values.global.ingress (dict "class" (printf "%s-nginx" .Release.Name)) | first -}} {{- end -}} +{{/* +Returns the ingress provider + +It expects a dictionary with two entries: + - `global` which contains global ingress settings, e.g. .Values.global.ingress + - `local` which contains local ingress settings, e.g. .Values.ingress +*/}} +{{- define "gitlab.ingress.provider" -}} +{{- default .global.provider .local.provider -}} +{{- end -}} + {{/* Overrides the ingress-nginx template to make sure gitlab-shell name matches */}} @@ -578,4 +589,4 @@ emptyDir: {} {{- else -}} emptyDir: {{ toYaml $values | nindent 2 }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} -- GitLab From cc7dc6143e884b25ec64eb3f4fe2a5d46d0e0ab5 Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Thu, 28 Oct 2021 09:46:02 +0900 Subject: [PATCH 073/253] Clean up lists and grammar Fix spacing and punctuation in lists, and fix grammar highlighted by vale warnings. --- doc/.vale/gitlab/Acronyms.yml | 1 + .../external-object-storage/aws-iam-roles.md | 6 +- doc/advanced/external-object-storage/index.md | 7 +- .../external-redis/external-omnibus-redis.md | 8 +- doc/advanced/external-redis/index.md | 12 +- doc/advanced/geo/index.md | 192 +++++++++--------- 6 files changed, 116 insertions(+), 110 deletions(-) diff --git a/doc/.vale/gitlab/Acronyms.yml b/doc/.vale/gitlab/Acronyms.yml index 2d4d0c6909..9e4eb36b72 100644 --- a/doc/.vale/gitlab/Acronyms.yml +++ b/doc/.vale/gitlab/Acronyms.yml @@ -24,6 +24,7 @@ exceptions: - BSD - CAS - CDN + - CIDR - CLI - CNA - CNAME diff --git a/doc/advanced/external-object-storage/aws-iam-roles.md b/doc/advanced/external-object-storage/aws-iam-roles.md index 8d433fce5a..4a595397e0 100644 --- a/doc/advanced/external-object-storage/aws-iam-roles.md +++ b/doc/advanced/external-object-storage/aws-iam-roles.md @@ -85,9 +85,9 @@ Appropriate IRSA annotations for roles can be applied to ServiceAccounts through this Helm chart in one of two ways: 1. ServiceAccounts that have been pre-created as described in the above AWS documentation. -This will ensure the proper annotations on the ServiceAccount and the linked OIDC provider. + This ensures the proper annotations on the ServiceAccount and the linked OIDC provider. 1. Chart-generated ServiceAccounts with annotations defined. We allow for the configuration -of annotations on ServiceAccounts both globally and on a per-chart basis. + of annotations on ServiceAccounts both globally and on a per-chart basis. WARNING: Using the `backup-utility` as specified in the [backup documentation](../../backup-restore/backup.md) @@ -95,7 +95,7 @@ does not properly copy the backup file to the S3 bucket. The `backup-utility` us the `s3cmd` to perform the copy of the backup file and it has a known issue of [not supporting OIDC authentication](https://github.com/s3tools/s3cmd/issues/1075). There is a [pull request](https://github.com/s3tools/s3cmd/pull/1112) -to mitigate this issue, but it has yet to be accepted into the `s3cmd` code base. +to mitigate this issue, but it has yet to be accepted into the `s3cmd` codebase. #### Using pre-created service accounts diff --git a/doc/advanced/external-object-storage/index.md b/doc/advanced/external-object-storage/index.md index e76c995fbf..58e505396e 100644 --- a/doc/advanced/external-object-storage/index.md +++ b/doc/advanced/external-object-storage/index.md @@ -217,8 +217,9 @@ For Google Cloud Storage (GCS): See the [backup/restore object storage documentation](../../backup-restore/index.md#object-storage) for full details. -> **Note**: In order to backup/restore files from the other object storage locations, the configuration file needs to be -> configured to authenticate as a user with sufficient access to read/write to all GitLab buckets. +NOTE: +To backup or restore files from the other object storage locations, the configuration file needs to be +configured to authenticate as a user with sufficient access to read/write to all GitLab buckets. ### Backups storage example @@ -260,7 +261,7 @@ See the [backup/restore object storage documentation](../../backup-restore/index # Setup access keys # Access Key = Azure Storage Account name - access_key = BOGUS_ACCOUNT_NAME + access_key = BOGUS_ACCOUNT_NAME # Secret Key = Azure Storage Account Key secret_key = BOGUS_KEY diff --git a/doc/advanced/external-redis/external-omnibus-redis.md b/doc/advanced/external-redis/external-omnibus-redis.md index adbff66776..e583448d07 100644 --- a/doc/advanced/external-redis/external-omnibus-redis.md +++ b/doc/advanced/external-redis/external-omnibus-redis.md @@ -23,7 +23,8 @@ Follow the installation instructions for [Omnibus GitLab](https://about.gitlab.c Create a minimal `gitlab.rb` file to be placed at `/etc/gitlab/gitlab.rb`. Be _very_ explicit about what is enabled on this node, use the contents below. -*Note*: This example is not intended to provide [Redis for scaling](https://docs.gitlab.com/ee/administration/redis/index.html). +NOTE: +This example is not intended to provide [Redis for scaling](https://docs.gitlab.com/ee/administration/redis/index.html). - `REDIS_PASSWORD` should be replaced with the value in the [`gitlab-redis` secret](../../installation/secrets.md#redis-password). @@ -35,7 +36,6 @@ redis['port'] = 6379 # Set password, as in the secret `gitlab-redis` populated in Kubernetes redis['password'] = 'REDIS_PASSWORD' - ## Disable everything else gitlab_rails['enable'] = false sidekiq['enable'] = false @@ -48,7 +48,9 @@ prometheus_monitoring['enable'] = false postgresql['enable'] = false ``` -After creating `gitlab.rb`, we'll reconfigure the package with `gitlab-ctl reconfigure`. Once the task has completed, check the running processes with `gitlab-ctl status`. The output should appear as such: +After creating `gitlab.rb`, reconfigure the package with `gitlab-ctl reconfigure`. +After the task completes, check the running processes with `gitlab-ctl status`. +The output should appear similar to: ```plaintext # gitlab-ctl status diff --git a/doc/advanced/external-redis/index.md b/doc/advanced/external-redis/index.md index 971efdcb7c..e381c13adb 100644 --- a/doc/advanced/external-redis/index.md +++ b/doc/advanced/external-redis/index.md @@ -21,11 +21,11 @@ You must set the following parameters: - `global.redis.host`: Set to the hostname of the external Redis, can be a domain or an IP address. - `global.redis.password.enabled`: Set to `false` if the external Redis does not require a password. - `global.redis.password.secret`: The name of the [secret which contains the token for authentication](../../installation/secrets.md#redis-password). -- `global.redis.password.key`: The key within the secret, which contains the token content. +- `global.redis.password.key`: The key in the secret, which contains the token content. Items below can be further customized if you are not using the defaults: -- `global.redis.port`: The port the database is available on, defaults to `6379` +- `global.redis.port`: The port the database is available on, defaults to `6379`. For example, pass these values via Helm's `--set` flag while deploying: @@ -44,7 +44,7 @@ specified in the `sentinel.conf`. Sentinel servers can be referenced using the `global.redis.sentinels[0].host` and `global.redis.sentinels[0].port` values for the `--set` flag. The index is zero based. -## Using multiple Redis instances +## Use multiple Redis instances GitLab supports splitting several of the resource intensive Redis operations across multiple Redis instances. This chart supports distributing @@ -54,10 +54,10 @@ More detailed information on configuring the chart for using multiple Redis instances can be found in the [globals](../../charts/globals.md#multiple-redis-support) documentation. -## Specifying secure Redis scheme (SSL) +## Specify secure Redis scheme (SSL) -In order to connect to Redis using SSL, the `rediss` (note the double `s`) scheme parameter is required: +To connect to Redis using SSL, use the `rediss` (note the double `s`) scheme parameter: ```shell - --set global.redis.scheme=rediss +--set global.redis.scheme=rediss ``` diff --git a/doc/advanced/geo/index.md b/doc/advanced/geo/index.md index bc574dad34..ae2ed8b3ce 100644 --- a/doc/advanced/geo/index.md +++ b/doc/advanced/geo/index.md @@ -9,16 +9,16 @@ info: To determine the technical writer assigned to the Stage/Group associated w GitLab Geo provides the ability to have read-only, geographically distributed application deployments. -While external database services can be used, these documents currently focus on -the use of the [Omnibus GitLab](https://docs.gitlab.com/omnibus/) for PostgreSQL in order to provide the -most platform agnostic guide, and make use of the automation included within `gitlab-ctl`. +While external database services can be used, these documents focus on +the use of the [Omnibus GitLab](https://docs.gitlab.com/omnibus/) for PostgreSQL to provide the +most platform agnostic guide, and make use of the automation included in `gitlab-ctl`. ## Requirements -In order to use GitLab Geo with the GitLab Helm chart, the following requirements must be met: +To use GitLab Geo with the GitLab Helm chart, the following requirements must be met: - The use of [external PostgreSQL](../external-db/index.md) services, as the - PostgresSQL included with the chart is not exposed to outside networks, or currently + PostgresSQL included with the chart is not exposed to outside networks, and doesn't have WAL support required for replication. - The supplied database must: - Support replication. @@ -32,16 +32,16 @@ In order to use GitLab Geo with the GitLab Helm chart, the following requirement ## Overview -This guide will use 2 Omnibus GitLab instances, configuring only the PostgreSQL +This guide uses 2 Omnibus GitLab instances, configuring only the PostgreSQL services needed, and 2 deployments of the GitLab Helm chart. It is intended to be -the _minimal_ required configuration. This documentation does not currently +the _minimal_ required configuration. This documentation does not include SSL from application to database, support for other database providers, or promoting a secondary instance to primary. The outline below should be followed in order: -1. [Setup Omnibus instances](#setup-omnibus-instances) -1. [Setup Kubernetes clusters](#setup-kubernetes-clusters) +1. [Setup Omnibus instances](#set-up-omnibus-instances) +1. [Setup Kubernetes clusters](#set-up-kubernetes-clusters) 1. [Collect information](#collect-information) 1. [Configure Primary database](#configure-primary-database) 1. [Deploy chart as Geo Primary](#deploy-chart-as-geo-primary) @@ -52,9 +52,9 @@ The outline below should be followed in order: 1. [Add Secondary Geo instance via Primary](#add-secondary-geo-instance-via-primary) 1. [Confirm Operational Status](#confirm-operational-status) -## Setup Omnibus instances +## Set up Omnibus instances -For this process, two instances are required. One will be the Primary, the other +For this process, two instances are required. One is the Primary, the other the Secondary. You may use any provider of machine infrastructure, on-premise or from a cloud provider. @@ -62,19 +62,19 @@ Bear in mind that communication is required: - Between the two database instances for replication. - Between each database instance and their respective Kubernetes deployments: - - Primary will need to expose TCP port `5432`. - - Secondary will need to expose TCP ports `5432` & `5431`. + - The primary needs to expose TCP port `5432`. + - The secondary needs to expose TCP ports `5432` & `5431`. Install an [operating system supported by Omnibus GitLab](https://docs.gitlab.com/ee/install/requirements.html#operating-systems), and then [install the Omnibus GitLab](https://about.gitlab.com/install/) onto it. Do not provide the `EXTERNAL_URL` environment variable when installing, as we'll provide a minimal configuration file before reconfiguring the package. -Once you have installed the operating system, and the GitLab package, configuration +After you have installed the operating system, and the GitLab package, configuration can be created for the services that will be used. Before we do that, information must be collected. -## Setup Kubernetes clusters +## Set up Kubernetes clusters For this process, two Kubernetes clusters should be used. These can be from any provider, on-premise or from a cloud provider. @@ -90,9 +90,9 @@ Each cluster that is provisioned should have: - Enough resources to support a base-line installation of these charts. - Access to persistent storage: - - MinIO not required if using [external object storage](../external-object-storage/index.md) - - Gitaly not required if using [external Gitaly](../external-gitaly/index.md) - - Redis not required if using [external Redis](../external-redis/index.md) + - MinIO not required if using [external object storage](../external-object-storage/index.md). + - Gitaly not required if using [external Gitaly](../external-gitaly/index.md). + - Redis not required if using [external Redis](../external-redis/index.md). ## Collect information @@ -110,16 +110,16 @@ the rest of this documentation. - IP addresses of nodes - Secondary cluster: - IP addresses of nodes -- Database Passwords (_must pre-decide the password(s)_) +- Database Passwords (_must pre-decide the passwords_): - `gitlab` (used in `postgresql['sql_user_password']`, `global.psql.password`) - `gitlab_geo` (used in `geo_postgresql['sql_user_password']`, `global.geo.psql.password`) - `gitlab_replicator` (needed for replication) - Your GitLab license file -The `gitlab` and `gitlab_geo` database user passwords will need to exist in two +The `gitlab` and `gitlab_geo` database user passwords must exist in two forms: bare password, and PostgreSQL hashed password. To obtain the hashed form, -perform the following commands on one of the Omnibus instances, which will ask -you to enter, and confirm the password before outputting an appropriate hash +perform the following commands on one of the Omnibus instances, which asks +you to enter and confirm the password before outputting an appropriate hash value for you to make note of. 1. `gitlab-ctl pg-password-md5 gitlab` @@ -127,10 +127,10 @@ value for you to make note of. ## Configure Primary database -_This section will be performed on the Primary Omnibus GitLab instance._ +_This section is performed on the Primary Omnibus GitLab instance._ -To configure the Primary database instance's Omnibus GitLab, we'll work from -this example configuration. +To configure the Primary database instance's Omnibus GitLab, work from +this example configuration: ```ruby ### Geo Primary @@ -160,52 +160,54 @@ postgresql['sql_user_password'] = 'gitlab_user_password_hash' postgresql['md5_auth_cidr_addresses'] = ['0.0.0.0/0'] ``` -We need to replace several items: +We must replace several items: - `external_url` must be updated to reflect the host name of our Primary -instance. + instance. - `gitlab_rails['geo_node_name']` must be replaced with a unique name for your node. - `gitlab_user_password_hash` must be replaced with the hashed form of the -`gitlab` password. + `gitlab` password. - `postgresql['md5_auth_cidr_addresses']` can be update to be a list of -explicit IP addresses, or address blocks in CIDR notation. + explicit IP addresses, or address blocks in CIDR notation. The `md5_auth_cidr_addresses` should be in the form of `[ '127.0.0.1/24', '10.41.0.0/16']`. It is important to include `127.0.0.1` in -this list, as the automation within Omnibus GitLab will connect using this. The +this list, as the automation in Omnibus GitLab connects using this. The addresses in this list should include the IP address (not hostname) of your Secondary database, and all nodes of your primary Kubernetes cluster. This _can_ be left as `['0.0.0.0/0']`, however _it is not best practice_. -Once the configuration above is prepared: +After the configuration above is prepared: 1. Place the content into `/etc/gitlab/gitlab.rb` 1. Run `gitlab-ctl reconfigure`. If you experience any issues in regards to the -service not listening on TCP, try directly restarting it with -`gitlab-ctl restart postgresql`. -1. Run `gitlab-ctl set-replication-password` in order to set the password for -the `gitlab_replicator` user. -1. Retrieve the Primary database server's public certificate, this will be needed -for the Secondary database to be able to replicate. - 1. `cat ~gitlab-psql/data/server.crt` - 1. **Store this output.** + service not listening on TCP, try directly restarting it with + `gitlab-ctl restart postgresql`. +1. Run `gitlab-ctl set-replication-password` to set the password for + the `gitlab_replicator` user. +1. Retrieve the Primary database server's public certificate, this is needed + for the Secondary database to be able to replicate (save this output): + + ```shell + cat ~gitlab-psql/data/server.crt` + ``` ## Deploy chart as Geo Primary -_This section will be performed on the Primary Kubernetes cluster._ +_This section is performed on the Primary Kubernetes cluster._ -In order to deploy this chart as a Geo Primary, we'll start [from this example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/primary.yaml). +To deploy this chart as a Geo Primary, start [from this example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/primary.yaml): -1. We'll need to create a secret containing the database password, for the +1. Create a secret containing the database password for the chart to consume. Replace `PASSWORD` below with the password for the `gitlab` - database user. + database user: ```shell kubectl --namespace gitlab create secret generic geo --from-literal=postgresql-password=PASSWORD ``` 1. Create a `primary.yaml` file based on the [example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/primary.yaml) - and update the configuration to reflect the correct values: + and update the configuration to reflect the correct values: ```yaml ### Geo Primary @@ -238,21 +240,21 @@ In order to deploy this chart as a Geo Primary, we'll start [from this example c - [Using external Redis](../external-redis/index.md) - [using external Object Storage](../external-object-storage/index.md) -1. Deploy the chart using this configuration +1. Deploy the chart using this configuration: ```shell helm upgrade --install gitlab-geo gitlab/gitlab --namespace gitlab -f primary.yaml ``` NOTE: - This assumes you are using the `gitlab` namespace, if you want to use a different namespace, + This assumes you are using the `gitlab` namespace. If you want to use a different namespace, you should also replace it in `--namespace gitlab` throughout the rest of this document. -1. Wait for the deployment to complete, and the application to come online. Once -the application is reachable, login. +1. Wait for the deployment to complete, and the application to come online. When + the application is reachable, log in. -1. Login to GitLab, and upload your GitLab license file by navigating to -`/admin/license`. **This step is required for Geo to function.** +1. Log in to GitLab, and upload your GitLab license file by navigating to + `/admin/license`. **This step is required for Geo to function.** ## Set the Geo Primary instance @@ -265,13 +267,13 @@ this as the Primary instance. We will do this via the Task Runner Pod. kubectl --namespace gitlab get pods -lapp=task-runner ``` -1. Run `gitlab-rake geo:set_primary_node` with `kubectl exec` +1. Run `gitlab-rake geo:set_primary_node` with `kubectl exec`: ```shell kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- gitlab-rake geo:set_primary_node ``` -1. Check the status of Geo configuration +1. Check the status of Geo configuration: ```shell kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- gitlab-rake gitlab:geo:check @@ -307,17 +309,17 @@ this as the Primary instance. We will do this via the Task Runner Pod. Checking Geo ... Finished ``` - - Don't worry about `Exception: getaddrinfo: Servname not supported for ai_socktype`, as Kubernetes containers will not have access to the host clock. _This is OK_. + - Don't worry about `Exception: getaddrinfo: Servname not supported for ai_socktype`, as Kubernetes containers don't have access to the host clock. _This is OK_. - `OpenSSH configured to use AuthorizedKeysCommand ... no` _is expected_. This - Rake task is checking for a local SSH server, which is actually present in the - `gitlab-shell` chart, deployed elsewhere, and already configured appropriately. + Rake task is checking for a local SSH server, which is actually present in the + `gitlab-shell` chart, deployed elsewhere, and already configured appropriately. ## Configure Secondary database -_This section will be performed on the Secondary Omnibus GitLab instance._ +_This section is performed on the Secondary Omnibus GitLab instance._ -To configure the Secondary database instance's Omnibus GitLab, we'll work from -this example configuration. +To configure the Secondary database instance's Omnibus GitLab, work from +this example configuration: ```ruby ### Geo Secondary @@ -357,30 +359,30 @@ geo_postgresql['md5_auth_cidr_addresses'] = ['0.0.0.0/0'] gitlab_rails['db_password']='gitlab_user_password' ``` -We need to replace several items: +We must replace several items: - `external_url` must be updated to reflect the host name of our Secondary -instance. + instance. - `gitlab_rails['geo_node_name']` must be replaced with a unique name for your node. - `gitlab_user_password_hash` must be replaced with the hashed form of the -`gitlab` password. + `gitlab` password. - `postgresql['md5_auth_cidr_addresses']` should be updated to be a list of -explicit IP addresses, or address blocks in CIDR notation. + explicit IP addresses, or address blocks in CIDR notation. - `gitlab_geo_user_password_hash` must be replaced with the hashed form of the -`gitlab_geo` password. + `gitlab_geo` password. - `geo_postgresql['md5_auth_cidr_addresses']` should be updated to be a list of -explicit IP addresses, or address blocks in CIDR notation. + explicit IP addresses, or address blocks in CIDR notation. - `gitlab_user_password` must be updated, and is used here to allow Omnibus GitLab -to automate the PostgreSQL configuration. + to automate the PostgreSQL configuration. The `md5_auth_cidr_addresses` should be in the form of `[ '127.0.0.1/24', '10.41.0.0/16']`. It is important to include `127.0.0.1` in -this list, as the automation within Omnibus GitLab will connect using this. The +this list, as the automation in Omnibus GitLab connects using this. The addresses in this list should include the IP addresses of all nodes of your Secondary Kubernetes cluster. This _can_ be left as `['0.0.0.0/0']`, however _it is not best practice_. -Once the configuration above is prepared: +After configuration above is prepared: 1. Check TCP connectivity to the **primary** node's PostgreSQL server: @@ -404,8 +406,8 @@ Once the configuration above is prepared: 1. Place the content into `/etc/gitlab/gitlab.rb` 1. Run `gitlab-ctl reconfigure`. If you experience any issues in regards to the -service not listening on TCP, try directly restarting it with -`gitlab-ctl restart postgresql`. + service not listening on TCP, try directly restarting it with + `gitlab-ctl restart postgresql`. 1. Place the Primary database's certificate content from above into `primary.crt` 1. Set up PostgreSQL TLS verification on the **secondary** node: @@ -446,14 +448,14 @@ service not listening on TCP, try directly restarting it with match the contents of `~gitlab-psql/.postgresql/root.crt` on the **secondary** node. 1. Replicate the databases. Replace `PRIMARY_DATABASE_HOST` with the IP or hostname -of your Primary database instance. +of your Primary database instance: ```shell gitlab-ctl replicate-geo-database --slot-name=geo_2 --host=PRIMARY_DATABASE_HOST ``` 1. After replication has finished, we must reconfigure the Omnibus GitLab one last time - to ensure `pg_hba.conf` is correct for the secondary. + to ensure `pg_hba.conf` is correct for the secondary: ```shell gitlab-ctl reconfigure @@ -461,24 +463,24 @@ of your Primary database instance. ## Copy secrets from the primary cluster to the secondary cluster -We now need to copy a few secrets from the Primary Kubernetes deployment to the -Secondary Kubernetes deployment. +Now copy a few secrets from the Primary Kubernetes deployment to the +Secondary Kubernetes deployment: - `gitlab-geo-gitlab-shell-host-keys` - `gitlab-geo-rails-secret` - `gitlab-registry-secret`, if Registry replication is enabled. 1. Change your `kubectl` context to that of your Primary. -1. Collect these secrets from the Primary deployment +1. Collect these secrets from the Primary deployment: - ```shell - kubectl get --namespace gitlab -o yaml secret gitlab-geo-gitlab-shell-host-keys > ssh-host-keys.yaml - kubectl get --namespace gitlab -o yaml secret gitlab-geo-rails-secret > rails-secrets.yaml - kubectl get --namespace gitlab -o yaml secret gitlab-registry-secret > registry-secrets.yaml - ``` + ```shell + kubectl get --namespace gitlab -o yaml secret gitlab-geo-gitlab-shell-host-keys > ssh-host-keys.yaml + kubectl get --namespace gitlab -o yaml secret gitlab-geo-rails-secret > rails-secrets.yaml + kubectl get --namespace gitlab -o yaml secret gitlab-registry-secret > registry-secrets.yaml + ``` 1. Change your `kubectl` context to that of your Secondary. -1. Apply these secrets +1. Apply these secrets: ```shell kubectl --namespace gitlab apply -f ssh-host-keys.yaml @@ -486,8 +488,8 @@ Secondary Kubernetes deployment. kubectl --namespace gitlab apply -f registry-secrets.yaml ``` -We'll now need to create a secret containing the database passwords. Replace the -passwords below with the appropriate values. +Next create a secret containing the database passwords. Replace the +passwords below with the appropriate values: ```shell kubectl --namespace gitlab create secret generic geo \ @@ -497,12 +499,12 @@ kubectl --namespace gitlab create secret generic geo \ ## Deploy chart as Geo Secondary -_This section will be performed on the Secondary Kubernetes cluster._ +_This section is performed on the Secondary Kubernetes cluster._ -In order to deploy this chart as a Geo Secondary, we'll start [from this example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/secondary.yaml). +To deploy this chart as a Geo Secondary, start [from this example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/secondary.yaml). 1. Create a `secondary.yaml` file based on the [example configuration](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/geo/secondary.yaml) - and update the configuration to reflect the correct values: + and update the configuration to reflect the correct values: ```yaml ## Geo Secondary @@ -544,7 +546,7 @@ In order to deploy this chart as a Geo Secondary, we'll start [from this example - [using external Object Storage](../external-object-storage/index.md) - For external databases, `global.psql.host` is the secondary, read-only database, while `global.geo.psql.host` is the tracking database -1. Deploy the chart using this configuration +1. Deploy the chart using this configuration: ```shell helm upgrade --install gitlab-geo gitlab/gitlab --namespace gitlab -f secondary.yaml @@ -568,9 +570,9 @@ the Primary that the Secondary exists: **secondary** instance. Leave blank to replicate all. 1. Select **Add node**. -Once added to the admin panel, the **secondary** instance will automatically start -replicating missing data from the **primary** instance in a process known as **backfill**. -Meanwhile, the **primary** instance will start to notify each **secondary** instance of any changes, so +After the **secondary** instance is added to the administration panel, it automatically starts +replicating missing data from the **primary** instance. This process is known as "backfill". +Meanwhile, the **primary** instance starts to notify each **secondary** instance of any changes, so that the **secondary** instance can act on those notifications immediately. ## Confirm Operational Status @@ -578,19 +580,19 @@ that the **secondary** instance can act on those notifications immediately. The final step is to verify the Geo replication status on the secondary instance once fully configured, via the Task Runner Pod. -1. Find the Task Runner Pod +1. Find the Task Runner Pod: ```shell kubectl --namespace gitlab get pods -lapp=task-runner ``` -1. Attach to the Pod with `kubectl exec` +1. Attach to the Pod with `kubectl exec`: ```shell kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- bash -l ``` -1. Check the status of Geo configuration +1. Check the status of Geo configuration: ```shell gitlab-rake gitlab:geo:check @@ -628,7 +630,7 @@ configured, via the Task Runner Pod. ``` - Don't worry about `Exception: getaddrinfo: Servname not supported for ai_socktype`, - as Kubernetes containers will not have access to the host clock. _This is OK_. + as Kubernetes containers do not have access to the host clock. _This is OK_. - `OpenSSH configured to use AuthorizedKeysCommand ... no` _is expected_. This - Rake task is checking for a local SSH server, which is actually present in the - `gitlab-shell` chart, deployed elsewhere, and already configured appropriately. + Rake task is checking for a local SSH server, which is actually present in the + `gitlab-shell` chart, deployed elsewhere, and already configured appropriately. -- GitLab From 9bf0b631182f8e7fbe166e8818a7d3121fca798c Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 07:52:38 +0000 Subject: [PATCH 074/253] Update changelog for 5.4.1 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 64e80e52c5..85e4953956 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.4.1 (2021-10-28) + +No changes. + ## 5.4.0 (2021-10-21) ### Added (2 changes) -- GitLab From efdac04b516e6055c05a1cc4f41b6a926eb1d704 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 07:52:54 +0000 Subject: [PATCH 075/253] Update Chart versions to 5.4.1 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/task-runner/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index d9b7ada122..244b88fe09 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.4.0 +version: 5.4.1 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 18cb25ecf7..7b2772113e 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.4.0 +version: 5.4.1 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 14735ce19c..73486230c5 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.4.0 +version: 5.4.1 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 117b4ee58e..608bc6d927 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.4.0 +version: 5.4.1 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 191df0b18a..fb75082a2b 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.4.0 +version: 5.4.1 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 013fdcad55..604d49af8c 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.4.0 +version: 5.4.1 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 0169ab2ef5..2d64dcbb2e 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.4.0 +version: 5.4.1 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 5aa8696c8f..4dcbb357a6 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.4.0 +version: 5.4.1 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 242545312c..1b7d14f323 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.4.0 +version: 5.4.1 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 790d757699..178ce6b070 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.4.0 +version: 5.4.1 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 5fea0557e6..a896acee81 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.4.0 +version: 5.4.1 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 5574810fe2..39234c3b6d 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.4.0 +version: 5.4.1 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 0f926374ca..c4ff79925e 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.4.0 +version: 5.4.1 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/task-runner/Chart.yaml index 22607f4250..13b8ec1607 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/task-runner/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: task-runner -version: 5.4.0 +version: 5.4.1 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 1b14273256..123a8e1b24 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.4.0 +version: 5.4.1 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From ab988063de06effbfaa368503ca04630893c2032 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 07:52:57 +0000 Subject: [PATCH 076/253] Update version mapping for 5.4.1 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index d986cfd40a..4b9f4ea3b8 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | | 5.3.3 | 14.3.3 | | 5.3.2 | 14.3.2 | -- GitLab From 832b6ea606ae61372c150860cd7ba19488ffb6b0 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 08:09:02 +0000 Subject: [PATCH 077/253] Update changelog for 5.3.4 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85e4953956..4484f496b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,10 @@ No changes. - [Remove reference to deprecated operator](gitlab-org/charts/gitlab@d03e3293fdfe698eb3b5defe0b919351ef9485eb) ([merge request](gitlab-org/charts/gitlab!2197)) - [Add $PLATFORM to installation commands](gitlab-org/charts/gitlab@8e72a88fb391cb98f64e712b07e65d65db4ab8fd) ([merge request](gitlab-org/charts/gitlab!2190)) +## 5.3.4 (2021-10-28) + +No changes. + ## 5.3.3 (2021-10-12) No changes. -- GitLab From 3a8a96173d3a053501e902b6b8f1cbdc98bba9e0 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 08:09:15 +0000 Subject: [PATCH 078/253] Update version mapping for 5.3.4 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 4b9f4ea3b8..c34cb7ad48 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -12,6 +12,7 @@ The table below maps some of the key previous chart versions and GitLab versions |---------------|----------------| | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | +| 5.3.4 | 14.3.4 | | 5.3.3 | 14.3.3 | | 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | -- GitLab From e858b57874cb420820d205b1b30db1dd47db3bbe Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 08:28:50 +0000 Subject: [PATCH 079/253] Update changelog for 5.2.6 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4484f496b4..34033f6915 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,6 +71,10 @@ No changes. - [Update gitlab-org/charts/gitlab-runner from 0.31.0 to 0.32.0](gitlab-org/charts/gitlab@0665982645d842994a54bddb1269fbb694a743cb) ([merge request](gitlab-org/charts/gitlab!2149)) - [Adds pages local_store configuration](gitlab-org/charts/gitlab@426c34858876fe0d52cd4fe880f44771af17e19b) ([merge request](gitlab-org/charts/gitlab!2141)) +## 5.2.6 (2021-10-28) + +No changes. + ## 5.2.5 (2021-09-30) No changes. -- GitLab From dfda262d4bdf56e8fa6cc7d17d4aa4a4febde6fc Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 28 Oct 2021 08:29:05 +0000 Subject: [PATCH 080/253] Update version mapping for 5.2.6 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index c34cb7ad48..775bac00f1 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -17,6 +17,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | +| 5.2.6 | 14.2.6 | | 5.2.5 | 14.2.5 | | 5.2.4 | 14.2.4 | | 5.2.3 | 14.2.3 | -- GitLab From db42a8dd8fffcb3741f20057f1ffd8a1400b8da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=5B=E2=94=90=E2=88=B5=5D=E2=94=98GitLab=20Dependency=20Bot?= Date: Thu, 28 Oct 2021 19:11:30 +0000 Subject: [PATCH 081/253] Update gitlab-org/charts/gitlab-runner from 0.33.1 to 0.34.0 --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 52cb198c90..34de7b7003 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.33.1 + version: 0.34.0 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From 0ba101f1ee2a4a93219891b2d886e7cb3df47e79 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 28 Oct 2021 19:44:13 +0000 Subject: [PATCH 082/253] Replace references to "task-runner" with "toolbox" --- .gitlab-ci.yml | 4 +- .../{task-runner => toolbox}/Chart.yaml | 6 +- .../templates/backup-job.yaml | 22 ++--- .../templates/configmap.yaml | 0 .../templates/deployment.yaml | 24 +++--- .../templates/pvc.yaml | 0 .../templates/serviceaccount.yaml | 0 .../{task-runner => toolbox}/values.yaml | 4 +- charts/gitlab/values.yaml | 4 +- .../external-object-storage/aws-iam-roles.md | 16 ++-- doc/advanced/external-object-storage/index.md | 14 ++-- doc/advanced/geo/index.md | 18 ++-- doc/architecture/architecture.md | 2 +- doc/architecture/backup-restore.md | 16 ++-- doc/backup-restore/backup.md | 18 ++-- doc/backup-restore/index.md | 40 ++++----- doc/backup-restore/restore.md | 28 +++---- doc/charts/gitlab/gitaly/index.md | 4 +- doc/charts/gitlab/index.md | 2 +- doc/charts/gitlab/migrations/index.md | 4 +- doc/charts/gitlab/praefect/index.md | 4 +- .../gitlab/{task-runner => toolbox}/index.md | 58 ++++++------- doc/charts/globals.md | 2 +- doc/charts/index.md | 2 +- doc/charts/registry/index.md | 2 +- doc/index.md | 2 +- doc/installation/command-line-options.md | 82 +++++++++---------- doc/installation/database_upgrade.md | 8 +- doc/installation/migration/minio.md | 2 +- doc/installation/storage.md | 2 +- doc/installation/upgrade_old.md | 8 +- doc/troubleshooting/index.md | 2 +- examples/custom-images/values.yaml | 2 +- examples/i2p-values-minimal.yaml | 2 +- examples/ref/10k.yaml | 2 +- examples/ref/25k.yaml | 2 +- examples/ref/2k.yaml | 2 +- examples/ref/3k.yaml | 2 +- examples/ref/50k.yaml | 2 +- examples/ref/5k.yaml | 2 +- examples/ubi/values.yaml | 2 +- examples/values-external-objectstorage.yaml | 2 +- examples/values-gke-minimum.yaml | 4 +- scripts/ci/autodevops.sh | 8 +- scripts/ci/values-dev-images.yaml | 9 +- scripts/database-upgrade | 12 +-- spec/configuration/database_spec.rb | 4 +- spec/configuration/global_spec.rb | 2 +- spec/configuration/kas_spec.rb | 2 +- spec/configuration/objectstorage_spec.rb | 2 +- spec/configuration/redis_spec.rb | 4 +- spec/configuration/strategy_spec.rb | 2 +- spec/configuration/task_runner_spec.rb | 68 --------------- spec/configuration/toolbox_spec.rb | 68 +++++++++++++++ spec/fixtures/local-image-config.yaml | 8 +- spec/gitlab_test_helper.rb | 2 +- spec/integration/check_config_spec.rb | 10 +-- templates/NOTES.txt | 14 ++-- templates/_checkConfig.tpl | 18 ++-- templates/_deprecations.tpl | 24 ++++-- values.yaml | 4 +- 61 files changed, 349 insertions(+), 336 deletions(-) rename charts/gitlab/charts/{task-runner => toolbox}/Chart.yaml (76%) rename charts/gitlab/charts/{task-runner => toolbox}/templates/backup-job.yaml (96%) rename charts/gitlab/charts/{task-runner => toolbox}/templates/configmap.yaml (100%) rename charts/gitlab/charts/{task-runner => toolbox}/templates/deployment.yaml (96%) rename charts/gitlab/charts/{task-runner => toolbox}/templates/pvc.yaml (100%) rename charts/gitlab/charts/{task-runner => toolbox}/templates/serviceaccount.yaml (100%) rename charts/gitlab/charts/{task-runner => toolbox}/values.yaml (97%) rename doc/charts/gitlab/{task-runner => toolbox}/index.md (78%) delete mode 100644 spec/configuration/task_runner_spec.rb create mode 100644 spec/configuration/toolbox_spec.rb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 03eefb542e..5784f9b3aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -171,7 +171,7 @@ lint_package: - install_external_dns "${DNS_PROVIDER}" "${KUBE_INGRESS_BASE_DOMAIN}" - deploy - wait_for_deploy - - restart_task_runner + - restart_toolbox - echo "export QA_ENVIRONMENT_URL=gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export GITLAB_ROOT_DOMAIN=$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export GITLAB_URL=gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" @@ -330,7 +330,7 @@ stop_review_eks: - create_secret - deploy - wait_for_deploy - - restart_task_runner + - restart_toolbox - echo "export QA_ENVIRONMENT_URL=gitlab.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export GITLAB_ROOT_DOMAIN=$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export S3_ENDPOINT=https://minio.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" diff --git a/charts/gitlab/charts/task-runner/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml similarity index 76% rename from charts/gitlab/charts/task-runner/Chart.yaml rename to charts/gitlab/charts/toolbox/Chart.yaml index 13b8ec1607..bbb37f661a 100644 --- a/charts/gitlab/charts/task-runner/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v1 -name: task-runner +name: toolbox version: 5.4.1 appVersion: master description: For manually running rake tasks through kubectl @@ -10,8 +10,8 @@ keywords: home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg sources: -- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/task-runner -- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-task-runner +- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox +- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox maintainers: - name: GitLab Inc. email: support@gitlab.com diff --git a/charts/gitlab/charts/task-runner/templates/backup-job.yaml b/charts/gitlab/charts/toolbox/templates/backup-job.yaml similarity index 96% rename from charts/gitlab/charts/task-runner/templates/backup-job.yaml rename to charts/gitlab/charts/toolbox/templates/backup-job.yaml index db1f3192a6..987613b2db 100644 --- a/charts/gitlab/charts/task-runner/templates/backup-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/backup-job.yaml @@ -52,13 +52,13 @@ spec: volumeMounts: {{- include "gitlab.extraVolumeMounts" . | nindent 16 }} {{- include "gitlab.psql.ssl.volumeMount" . | nindent 16 }} - - name: task-runner-config + - name: toolbox-config mountPath: /config readOnly: true - - name: init-task-runner-secrets + - name: init-toolbox-secrets mountPath: /init-config readOnly: true - - name: task-runner-secrets + - name: toolbox-secrets mountPath: /init-secrets readOnly: false resources: @@ -113,15 +113,15 @@ spec: {{- end }} volumeMounts: {{- include "gitlab.extraVolumeMounts" . | nindent 16 }} - - name: task-runner-config + - name: toolbox-config mountPath: '/var/opt/gitlab/templates' - - name: task-runner-secrets + - name: toolbox-secrets mountPath: '/etc/gitlab' readOnly: true - - name: task-runner-secrets + - name: toolbox-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - - name: task-runner-tmp + - name: toolbox-tmp mountPath: '/srv/gitlab/tmp' {{- if and .Values.backups.cron.persistence.enabled .Values.backups.cron.persistence.subPath }} subPath: "{{ .Values.backups.cron.persistence.subPath }}" @@ -133,7 +133,7 @@ spec: volumes: {{- include "gitlab.extraVolumes" . | nindent 12 }} {{- include "gitlab.psql.ssl.volume" . | nindent 12 }} - - name: task-runner-config + - name: toolbox-config projected: sources: - configMap: @@ -142,14 +142,14 @@ spec: - configMap: name: {{ .Values.global.appConfig.pseudonymizer.configMap }} {{- end }} - - name: task-runner-tmp + - name: toolbox-tmp {{- if .Values.backups.cron.persistence.enabled }} persistentVolumeClaim: claimName: {{ template "fullname" . }}-backup-tmp {{- else }} emptyDir: {} {{- end }} - - name: init-task-runner-secrets + - name: init-toolbox-secrets projected: defaultMode: 0400 sources: @@ -203,7 +203,7 @@ spec: {{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 16 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 16 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 16 }} - - name: task-runner-secrets + - name: toolbox-secrets emptyDir: medium: "Memory" {{- include "gitlab.certificates.volumes" . | nindent 12 }} diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/toolbox/templates/configmap.yaml similarity index 100% rename from charts/gitlab/charts/task-runner/templates/configmap.yaml rename to charts/gitlab/charts/toolbox/templates/configmap.yaml diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/toolbox/templates/deployment.yaml similarity index 96% rename from charts/gitlab/charts/task-runner/templates/deployment.yaml rename to charts/gitlab/charts/toolbox/templates/deployment.yaml index 00cc13426b..e59bedc232 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -57,13 +57,13 @@ spec: {{- include "gitlab.extraVolumeMounts" . | nindent 10 }} {{- include "gitlab.psql.ssl.volumeMount" . | nindent 10 }} {{- include "gitlab.geo.psql.ssl.volumeMount" . | nindent 10 }} - - name: task-runner-config + - name: toolbox-config mountPath: /config readOnly: true - - name: init-task-runner-secrets + - name: init-toolbox-secrets mountPath: /init-config readOnly: true - - name: task-runner-secrets + - name: toolbox-secrets mountPath: /init-secrets readOnly: false resources: @@ -145,18 +145,18 @@ spec: {{- include "gitlab.extraEnv" . | nindent 12 }} volumeMounts: {{- include "gitlab.extraVolumeMounts" . | nindent 12 }} - - name: task-runner-config + - name: toolbox-config mountPath: '/var/opt/gitlab/templates' - - name: task-runner-config + - name: toolbox-config mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb' subPath: smtp_settings.rb - - name: task-runner-secrets + - name: toolbox-secrets mountPath: '/etc/gitlab' readOnly: true - - name: task-runner-secrets + - name: toolbox-secrets mountPath: /srv/gitlab/config/secrets.yml subPath: rails-secrets/secrets.yml - - name: task-runner-tmp + - name: toolbox-tmp mountPath: '/srv/gitlab/tmp' {{- if and .Values.persistence.enabled .Values.persistence.subPath }} subPath: "{{ .Values.persistence.subPath }}" @@ -174,7 +174,7 @@ spec: {{- include "gitlab.extraVolumes" . | nindent 6 }} {{- include "gitlab.psql.ssl.volume" . | nindent 6 }} {{- include "gitlab.geo.psql.ssl.volume" . | nindent 6 }} - - name: task-runner-config + - name: toolbox-config projected: sources: - configMap: @@ -183,14 +183,14 @@ spec: - configMap: name: {{ .Values.global.appConfig.pseudonymizer.configMap }} {{- end }} - - name: task-runner-tmp + - name: toolbox-tmp {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ template "fullname" . }}-tmp {{- else }} emptyDir: {} {{- end }} - - name: init-task-runner-secrets + - name: init-toolbox-secrets projected: defaultMode: 0400 sources: @@ -271,7 +271,7 @@ spec: - key: {{ .Values.global.email.smime.certName }} path: .gitlab_smime_cert {{- end }} - - name: task-runner-secrets + - name: toolbox-secrets emptyDir: medium: "Memory" {{- include "gitlab.certificates.volumes" . | nindent 6 }} diff --git a/charts/gitlab/charts/task-runner/templates/pvc.yaml b/charts/gitlab/charts/toolbox/templates/pvc.yaml similarity index 100% rename from charts/gitlab/charts/task-runner/templates/pvc.yaml rename to charts/gitlab/charts/toolbox/templates/pvc.yaml diff --git a/charts/gitlab/charts/task-runner/templates/serviceaccount.yaml b/charts/gitlab/charts/toolbox/templates/serviceaccount.yaml similarity index 100% rename from charts/gitlab/charts/task-runner/templates/serviceaccount.yaml rename to charts/gitlab/charts/toolbox/templates/serviceaccount.yaml diff --git a/charts/gitlab/charts/task-runner/values.yaml b/charts/gitlab/charts/toolbox/values.yaml similarity index 97% rename from charts/gitlab/charts/task-runner/values.yaml rename to charts/gitlab/charts/toolbox/values.yaml index 2eb2856830..b5a99dfb22 100644 --- a/charts/gitlab/charts/task-runner/values.yaml +++ b/charts/gitlab/charts/toolbox/values.yaml @@ -146,7 +146,7 @@ backups: memory: 350M persistence: enabled: false - ## task-runner temporarily Persistent Volume Storage Class + ## toolbox temporarily Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is @@ -215,7 +215,7 @@ resources: persistence: enabled: false - ## task-runner temporarily Persistent Volume Storage Class + ## toolbox temporarily Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is diff --git a/charts/gitlab/values.yaml b/charts/gitlab/values.yaml index 41977bcf14..03002c5f77 100644 --- a/charts/gitlab/values.yaml +++ b/charts/gitlab/values.yaml @@ -13,7 +13,7 @@ global: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee sidekiq: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee - task-runner: + toolbox: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee webservice: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee @@ -28,7 +28,7 @@ global: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce sidekiq: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce - task-runner: + toolbox: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce webservice: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce diff --git a/doc/advanced/external-object-storage/aws-iam-roles.md b/doc/advanced/external-object-storage/aws-iam-roles.md index 4a595397e0..939c6e4bb1 100644 --- a/doc/advanced/external-object-storage/aws-iam-roles.md +++ b/doc/advanced/external-object-storage/aws-iam-roles.md @@ -59,10 +59,10 @@ region: us-east-1 ### Backups -The Task Runner configuration allows for annotations to be set to upload backups to S3: +The Toolbox configuration allows for annotations to be set to upload backups to S3: ```shell ---set gitlab.task-runner.annotations."iam\.amazonaws\.com/role"= +--set gitlab.toolbox.annotations."iam\.amazonaws\.com/role"= ``` The [`s3cmd.config`](index.md#backups-storage-example) secret is to be created without the access and secret keys: @@ -126,10 +126,10 @@ gitlab: serviceAccount: create: false name: gitlab-sidekiq - task-runner: + toolbox: serviceAccount: create: false - name: gitlab-task-runner + name: gitlab-toolbox ``` #### Using chart-owned service accounts @@ -161,16 +161,16 @@ gitlab: serviceAccount: annotations: eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxxxxxx:role/gitlab - task-runner: + toolbox: serviceAccount: annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxxxxxx:role/gitlab-task-runner + eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxxxxxx:role/gitlab-toolbox ``` ## Troubleshooting You can test if the IAM role is correctly set up and that GitLab is accessing -S3 using the IAM role by logging into the `taskrunner` pod and installing the +S3 using the IAM role by logging into the `toolbox` pod and installing the `awscli` Python package: ```shell @@ -192,7 +192,7 @@ full path to execute the command. A normal response showing the temporary user ID, account number and IAM ARN (this will not be the IAM ARN for the role used to access S3) will be returned if connection to the AWS API was successful. An unsuccessful -connection will require more troubleshooting to determine why the `taskrunner` +connection will require more troubleshooting to determine why the `toolbox` pod is not able to communicate with the AWS APIs. If connecting to the AWS APIs is successful, then the following command diff --git a/doc/advanced/external-object-storage/index.md b/doc/advanced/external-object-storage/index.md index 58e505396e..5dc6477db5 100644 --- a/doc/advanced/external-object-storage/index.md +++ b/doc/advanced/external-object-storage/index.md @@ -192,7 +192,7 @@ use of two separate buckets. A bucket for storing backups (`global.appConfig.bac and a temporary bucket for preserving existing data during the restore process (`global.appConfig.backups.tmpBucket`). Currently AWS S3-compatible object storage systems and Google Cloud Storage are supported backends The backend type is configurable by setting `global.appConfig.backups.objectStorage.backend` to `s3` and `gcs` respectively. -A connection configuration through the `gitlab.task-runner.backups.objectStorage.config` key must also be provided. +A connection configuration through the `gitlab.toolbox.backups.objectStorage.config` key must also be provided. When using Google Cloud Storage, the GCP project must be set with the `global.appConfig.backups.objectStorage.config.gcpProject` value. For S3-compatible storage: @@ -200,8 +200,8 @@ For S3-compatible storage: ```shell --set global.appConfig.backups.bucket=gitlab-backup-storage --set global.appConfig.backups.tmpBucket=gitlab-tmp-storage ---set gitlab.task-runner.backups.objectStorage.config.secret=storage-config ---set gitlab.task-runner.backups.objectStorage.config.key=config +--set gitlab.toolbox.backups.objectStorage.config.secret=storage-config +--set gitlab.toolbox.backups.objectStorage.config.key=config ``` For Google Cloud Storage (GCS): @@ -209,10 +209,10 @@ For Google Cloud Storage (GCS): ```shell --set global.appConfig.backups.bucket=gitlab-backup-storage --set global.appConfig.backups.tmpBucket=gitlab-tmp-storage ---set gitlab.task-runner.backups.objectStorage.backend=gcs ---set gitlab.task-runner.backups.objectStorage.config.gcpProject=my-gcp-project-id ---set gitlab.task-runner.backups.objectStorage.config.secret=storage-config ---set gitlab.task-runner.backups.objectStorage.config.key=config +--set gitlab.toolbox.backups.objectStorage.backend=gcs +--set gitlab.toolbox.backups.objectStorage.config.gcpProject=my-gcp-project-id +--set gitlab.toolbox.backups.objectStorage.config.secret=storage-config +--set gitlab.toolbox.backups.objectStorage.config.key=config ``` See the [backup/restore object storage documentation](../../backup-restore/index.md#object-storage) for full details. diff --git a/doc/advanced/geo/index.md b/doc/advanced/geo/index.md index ae2ed8b3ce..54ea3a91b8 100644 --- a/doc/advanced/geo/index.md +++ b/doc/advanced/geo/index.md @@ -259,24 +259,24 @@ To deploy this chart as a Geo Primary, start [from this example configuration](h ## Set the Geo Primary instance Now that the chart has been deployed, and a license uploaded, we can configure -this as the Primary instance. We will do this via the Task Runner Pod. +this as the Primary instance. We will do this via the Toolbox Pod. -1. Find the Task Runner Pod +1. Find the Toolbox Pod ```shell - kubectl --namespace gitlab get pods -lapp=task-runner + kubectl --namespace gitlab get pods -lapp=toolbox ``` 1. Run `gitlab-rake geo:set_primary_node` with `kubectl exec`: ```shell - kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- gitlab-rake geo:set_primary_node + kubectl --namespace gitlab exec -ti gitlab-geo-toolbox-XXX -- gitlab-rake geo:set_primary_node ``` 1. Check the status of Geo configuration: ```shell - kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- gitlab-rake gitlab:geo:check + kubectl --namespace gitlab exec -ti gitlab-geo-toolbox-XXX -- gitlab-rake gitlab:geo:check ``` You should see output similar to below: @@ -578,18 +578,18 @@ that the **secondary** instance can act on those notifications immediately. ## Confirm Operational Status The final step is to verify the Geo replication status on the secondary instance once fully -configured, via the Task Runner Pod. +configured, via the Toolbox Pod. -1. Find the Task Runner Pod: +1. Find the Toolbox Pod: ```shell - kubectl --namespace gitlab get pods -lapp=task-runner + kubectl --namespace gitlab get pods -lapp=toolbox ``` 1. Attach to the Pod with `kubectl exec`: ```shell - kubectl --namespace gitlab exec -ti gitlab-geo-task-runner-XXX -- bash -l + kubectl --namespace gitlab exec -ti gitlab-geo-toolbox-XXX -- bash -l ``` 1. Check the status of Geo configuration: diff --git a/doc/architecture/architecture.md b/doc/architecture/architecture.md index d3bf2a847f..068d12f3df 100644 --- a/doc/architecture/architecture.md +++ b/doc/architecture/architecture.md @@ -38,7 +38,7 @@ The following GitLab components have images in the CNG repository. - GitLab Exporter - GitLab Shell - Sidekiq -- GitLab Task Runner +- GitLab Toolbox - Webservice - Workhorse diff --git a/doc/architecture/backup-restore.md b/doc/architecture/backup-restore.md index 30376fcf58..f56cf58ef6 100644 --- a/doc/architecture/backup-restore.md +++ b/doc/architecture/backup-restore.md @@ -8,20 +8,20 @@ info: To determine the technical writer assigned to the Stage/Group associated w This document explains the technical implementation of the backup and restore into/from CNG. -## Task runner pod +## Toolbox pod -The [task runner chart](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/task-runner) deploys a pod into the cluster. This pod will act as an entry point for interaction with other containers in the cluster. +The [toolbox chart](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox) deploys a pod into the cluster. This pod will act as an entry point for interaction with other containers in the cluster. Using this pod user can run commands using `kubectl exec -it -- ` -The Task Runner runs a container from the [Task Runner image](https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-task-runner). +The Toolbox runs a container from the [Toolbox image](https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox). -The image contains some custom scripts that are to be called as commands by the user, these scripts can be found [here](https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-task-runner/scripts). These scripts are for running Rake tasks, backup, restore, and some helper scripts for interacting with object storage. +The image contains some custom scripts that are to be called as commands by the user, these scripts can be found [here](https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox/scripts). These scripts are for running Rake tasks, backup, restore, and some helper scripts for interacting with object storage. ## Backup utility -[Backup utility](https://gitlab.com/gitlab-org/build/CNG/blob/master/gitlab-task-runner/scripts/bin/backup-utility) is one of the scripts -in the task runner container and as the name suggests it is a script used for doing backups but also handles restoring of an existing backup. +[Backup utility](https://gitlab.com/gitlab-org/build/CNG/blob/master/gitlab-toolbox/scripts/bin/backup-utility) is one of the scripts +in the toolbox container and as the name suggests it is a script used for doing backups but also handles restoring of an existing backup. ### Backups @@ -31,8 +31,8 @@ The backup utility script when run without any arguments creates a backup tar an Backups are made using the following steps, in order: -1. Backup the database (if not skipped) using the [GitLab backup Rake task](https://gitlab.com/gitlab-org/build/CNG/blob/74dc35d4b481e86330bf6b244f88e5dd8876cc0c/gitlab-task-runner/scripts/bin/backup-utility#L120) -1. Backup the repositories (if not skipped) using the [GitLab backup Rake task](https://gitlab.com/gitlab-org/build/CNG/blob/74dc35d4b481e86330bf6b244f88e5dd8876cc0c/gitlab-task-runner/scripts/bin/backup-utility#L123) +1. Backup the database (if not skipped) using the [GitLab backup Rake task](https://gitlab.com/gitlab-org/build/CNG/blob/74dc35d4b481e86330bf6b244f88e5dd8876cc0c/gitlab-toolbox/scripts/bin/backup-utility#L120) +1. Backup the repositories (if not skipped) using the [GitLab backup Rake task](https://gitlab.com/gitlab-org/build/CNG/blob/74dc35d4b481e86330bf6b244f88e5dd8876cc0c/gitlab-toolbox/scripts/bin/backup-utility#L123) 1. For each of the object storage backends 1. If the object storage backend is marked for skipping, skip this storage backend. 1. Tar the existing data in the corresponding object storage bucket naming it `.tar` diff --git a/doc/backup-restore/backup.md b/doc/backup-restore/backup.md index 73301cbc8c..673c1c5aad 100644 --- a/doc/backup-restore/backup.md +++ b/doc/backup-restore/backup.md @@ -6,26 +6,26 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Backing up a GitLab installation -GitLab backups are taken by running the `backup-utility` command in the Task Runner pod provided in the chart. Backups can also be automated by enabling the [Cron based backup](#cron-based-backup) functionality of this chart. +GitLab backups are taken by running the `backup-utility` command in the Toolbox pod provided in the chart. Backups can also be automated by enabling the [Cron based backup](#cron-based-backup) functionality of this chart. Before running the backup for the first time, you should ensure the -[Task Runner is properly configured](../charts/gitlab/task-runner/index.md#configuration) +[Toolbox is properly configured](../charts/gitlab/toolbox/index.md#configuration) for access to [object storage](index.md#object-storage) Follow these steps for backing up a GitLab Helm chart based installation ## Create the backup -1. Ensure the task runner pod is running, by executing the following command +1. Ensure the toolbox pod is running, by executing the following command ```shell - kubectl get pods -lrelease=RELEASE_NAME,app=task-runner + kubectl get pods -lrelease=RELEASE_NAME,app=toolbox ``` 1. Run the backup utility ```shell - kubectl exec -it -- backup-utility + kubectl exec -it -- backup-utility ``` 1. Visit the `gitlab-backups` bucket in the object storage service and ensure a tarball has been added. It will be named in `__gitlab_backup.tar` format. @@ -38,16 +38,16 @@ Cron based backups can be enabled in this chart to happen at regular intervals a You need to set the following parameters: -- `gitlab.task-runner.backups.cron.enabled`: Set to true to enable cron based backups -- `gitlab.task-runner.backups.cron.schedule`: Set as per the Kubernetes schedule docs -- `gitlab.task-runner.backups.cron.extraArgs`: Optionally set extra arguments for [backup-utility](https://gitlab.com/gitlab-org/build/CNG/blob/master/gitlab-task-runner/scripts/bin/backup-utility) (like `--skip db`) +- `gitlab.toolbox.backups.cron.enabled`: Set to true to enable cron based backups +- `gitlab.toolbox.backups.cron.schedule`: Set as per the Kubernetes schedule docs +- `gitlab.toolbox.backups.cron.extraArgs`: Optionally set extra arguments for [backup-utility](https://gitlab.com/gitlab-org/build/CNG/blob/master/gitlab-toolbox/scripts/bin/backup-utility) (like `--skip db`) ## Backup utility extra arguments The backup utility can take some extra arguments. See what those are with: ```shell -kubectl exec -it -- backup-utility --help +kubectl exec -it -- backup-utility --help ``` ## Backup the secrets diff --git a/doc/backup-restore/index.md b/doc/backup-restore/index.md index 7e9d720a33..ffa4bccfd8 100644 --- a/doc/backup-restore/index.md +++ b/doc/backup-restore/index.md @@ -6,31 +6,31 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Backup and restore a GitLab instance -GitLab Helm chart provides a utility pod from the Task Runner sub-chart that acts as an interface for the purpose of backing up and restoring GitLab instances. It is equipped with a `backup-utility` executable which interacts with other necessary pods for this task. +GitLab Helm chart provides a utility pod from the Toolbox sub-chart that acts as an interface for the purpose of backing up and restoring GitLab instances. It is equipped with a `backup-utility` executable which interacts with other necessary pods for this task. Technical details for how the utility works can be found in the [architecture documentation](../architecture/backup-restore.md). ## Prerequisites - Backup and Restore procedures described here have only been tested with S3 compatible APIs. Support for other object storage services, like Google Cloud Storage, will be tested in future revisions. -- During restoration, the backup tarball needs to be extracted to disk. This means the Task Runner pod should have disk of [necessary size available](../charts/gitlab/task-runner/index.md#restore-considerations). +- During restoration, the backup tarball needs to be extracted to disk. This means the Toolbox pod should have disk of [necessary size available](../charts/gitlab/toolbox/index.md#restore-considerations). - This chart relies on the use of [object storage](#object-storage) for `artifacts`, `uploads`, `packages`, `registry` and `lfs` objects, and does not currently migrate these for you during restore. If you are restoring a backup taken from another instance, you must migrate your existing instance to using object storage before taking the backup. See [issue 646](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/646). ## Object storage -We provide a MinIO instance out of the box when using this charts unless an [external object storage](../advanced/external-object-storage/index.md) is specified. The Task Runner connects to the included MinIO by default, unless specific settings are given. The Task Runner can also be configured to back up to Amazon S3 or Google Cloud Storage (GCS). +We provide a MinIO instance out of the box when using this charts unless an [external object storage](../advanced/external-object-storage/index.md) is specified. The Toolbox connects to the included MinIO by default, unless specific settings are given. The Toolbox can also be configured to back up to Amazon S3 or Google Cloud Storage (GCS). ### Backups to S3 -The Task Runner uses `s3cmd` to connect to object storage. In order to configure connectivity to external object storage `gitlab.task-runner.backups.objectStorage.config.secret` should be specified which points to a Kubernetes secret containing a `.s3cfg` file. `gitlab.task-runner.backups.objectStorage.config.key` should be specified if different from the default of `config`. This points to the key containing the contents of a `.s3cfg` file. +The Toolbox uses `s3cmd` to connect to object storage. In order to configure connectivity to external object storage `gitlab.toolbox.backups.objectStorage.config.secret` should be specified which points to a Kubernetes secret containing a `.s3cfg` file. `gitlab.toolbox.backups.objectStorage.config.key` should be specified if different from the default of `config`. This points to the key containing the contents of a `.s3cfg` file. It should look like this: ```shell helm install gitlab gitlab/gitlab \ - --set gitlab.task-runner.backups.objectStorage.config.secret=my-s3cfg \ - --set gitlab.task-runner.backups.objectStorage.config.key=config . + --set gitlab.toolbox.backups.objectStorage.config.secret=my-s3cfg \ + --set gitlab.toolbox.backups.objectStorage.config.key=config . ``` s3cmd `.s3cfg` file documentation can be found [here](https://s3tools.org/kb/item14.htm) @@ -45,8 +45,8 @@ when restoring a backup. ### Backups to Google Cloud Storage (GCS) -To backup to GCS you must set `gitlab.task-runner.backups.objectStorage.backend` to `gcs`. This ensures that the Task Runner uses the `gsutil` CLI when storing and retrieving -objects. Additionally you must set `gitlab.task-runner.backups.objectStorage.config.gcpProject` to the project ID of the GCP project that contains your storage buckets. +To backup to GCS you must set `gitlab.toolbox.backups.objectStorage.backend` to `gcs`. This ensures that the Toolbox uses the `gsutil` CLI when storing and retrieving +objects. Additionally you must set `gitlab.toolbox.backups.objectStorage.config.gcpProject` to the project ID of the GCP project that contains your storage buckets. You must create a Kubernetes secret with the contents of an active service account JSON key where the service account has the `storage.admin` role for the buckets you will use for backup. Below is an example of using the `gcloud` and `kubectl` to create the secret. @@ -62,10 +62,10 @@ Configure your Helm chart as follows to use the service account key to authentic ```shell helm install gitlab gitlab/gitlab \ - --set gitlab.task-runner.backups.objectStorage.config.secret=storage-config \ - --set gitlab.task-runner.backups.objectStorage.config.key=config \ - --set gitlab.task-runner.backups.objectStorage.config.gcpProject=my-gcp-project-id \ - --set gitlab.task-runner.backups.objectStorage.backend=gcs + --set gitlab.toolbox.backups.objectStorage.config.secret=storage-config \ + --set gitlab.toolbox.backups.objectStorage.config.key=config \ + --set gitlab.toolbox.backups.objectStorage.config.gcpProject=my-gcp-project-id \ + --set gitlab.toolbox.backups.objectStorage.backend=gcs ``` In addition, two bucket locations need to be configured, one for storing the backups, and one temporary bucket that is used @@ -86,17 +86,17 @@ when restoring a backup. ### Pod eviction issues As the backups are assembled locally outside of the object storage target, temporary disk space is needed. The required space might exceed the size of the actual backup archive. -The default configuration will use the Task Runner pod's file system to store the temporary data. If you find pod being evicted due to low resources, you should attach a persistent volume to the pod to hold the temporary data. +The default configuration will use the Toolbox pod's file system to store the temporary data. If you find pod being evicted due to low resources, you should attach a persistent volume to the pod to hold the temporary data. On GKE, add the following settings to your Helm command: ```shell ---set gitlab.task-runner.persistence.enabled=true +--set gitlab.toolbox.persistence.enabled=true ``` If your backups are being run as part of the included backup cron job, then you will want to enable persistence for the cron job as well: ```shell ---set gitlab.task-runner.backups.cron.persistence.enabled=true +--set gitlab.toolbox.backups.cron.persistence.enabled=true ``` For other providers, you may need to create a persistent volume. See our [Storage documentation](../installation/storage.md) for possible examples on how to do this. @@ -108,7 +108,7 @@ credentials are configured for your bucket. The command depends on the cloud service provider: -- For AWS S3, the credentials are stored on the task runner pod in `~/.s3cfg`. Run: +- For AWS S3, the credentials are stored on the toolbox pod in `~/.s3cfg`. Run: ```shell s3cmd ls @@ -130,16 +130,16 @@ usually happens during a backup or restore of a GitLab instance, because of miss The backup and restore operations use all buckets in the environment,so confirm that all buckets in your environment have been created, and that the GCP account can access (list, read, and write) all buckets: -1. Find your task-runner pod: +1. Find your toolbox pod: ```shell - kubectl get pods -lrelease=RELEASE_NAME,app=task-runner + kubectl get pods -lrelease=RELEASE_NAME,app=toolbox ``` -1. Get all buckets in the pod's environment. Replace `` with your actual task-runner pod name, but leave `"BUCKET_NAME"` as it is: +1. Get all buckets in the pod's environment. Replace `` with your actual toolbox pod name, but leave `"BUCKET_NAME"` as it is: ```shell - kubectl describe pod | grep "BUCKET_NAME" + kubectl describe pod | grep "BUCKET_NAME" ``` 1. Confirm that you have access to every bucket in the environment: diff --git a/doc/backup-restore/restore.md b/doc/backup-restore/restore.md index e54d64b77d..39afda5b42 100644 --- a/doc/backup-restore/restore.md +++ b/doc/backup-restore/restore.md @@ -12,16 +12,16 @@ info: To determine the technical writer assigned to the Stage/Group associated w It is recommended that you restore a backup to the same version of GitLab on which it was created. -GitLab backup restores are taken by running the `backup-utility` command on the Task Runner pod provided in the chart. +GitLab backup restores are taken by running the `backup-utility` command on the Toolbox pod provided in the chart. -Before running the restore for the first time, you should ensure the [Task Runner is properly configured](index.md) for +Before running the restore for the first time, you should ensure the [Toolbox is properly configured](index.md) for access to [object storage](index.md#object-storage) The backup utility provided by GitLab Helm chart supports restoring a tarball from any of the following locations 1. The `gitlab-backups` bucket in the object storage service associated to the instance. This is the default scenario. 1. A public URL that can be accessed from the pod. -1. A local file that you can copy to the Task Runner pod using `kubectl cp` +1. A local file that you can copy to the Toolbox pod using `kubectl cp` ## Restoring the secrets @@ -62,36 +62,36 @@ Once you have the secrets created as a local YAML file: ### Restart the pods -In order to use the new secrets, the Webservice, Sidekiq and Task Runner pods +In order to use the new secrets, the Webservice, Sidekiq and Toolbox pods need to be restarted. The safest way to restart those pods is to run: ```shell kubectl delete pods -lapp=sidekiq,release= kubectl delete pods -lapp=webservice,release= -kubectl delete pods -lapp=task-runner,release= +kubectl delete pods -lapp=toolbox,release= ``` ## Restoring the backup file The steps for restoring a GitLab installation are -1. Make sure you have a running GitLab instance by deploying the charts. Ensure the Task Runner pod is enabled and running by executing the following command +1. Make sure you have a running GitLab instance by deploying the charts. Ensure the Toolbox pod is enabled and running by executing the following command ```shell - kubectl get pods -lrelease=RELEASE_NAME,app=task-runner + kubectl get pods -lrelease=RELEASE_NAME,app=toolbox ``` 1. Get the tarball ready in any of the above locations. Make sure it is named in the `__gitlab_backup.tar` format. 1. Run the backup utility to restore the tarball ```shell - kubectl exec -it -- backup-utility --restore -t _ + kubectl exec -it -- backup-utility --restore -t _ ``` Here, `_` is from the name of the tarball stored in `gitlab-backups` bucket. In case you want to provide a public URL, use the following command ```shell - kubectl exec -it -- backup-utility --restore -f + kubectl exec -it -- backup-utility --restore -f ``` You can provide a local path as a URL as long as it's in the format: `file://` @@ -101,8 +101,8 @@ The steps for restoring a GitLab installation are NOTE: During restoration, the backup tarball needs to be extracted to disk. -This means the Task Runner pod should have disk of necessary size available. -For more details and configuration please see the [Task Runner documentation](../charts/gitlab/task-runner/index.md#persistence-configuration). +This means the Toolbox pod should have disk of necessary size available. +For more details and configuration please see the [Toolbox documentation](../charts/gitlab/toolbox/index.md#persistence-configuration). ### Restore the runner registration token @@ -114,16 +114,16 @@ Follow these [troubleshooting steps](../troubleshooting/index.md#included-gitlab If the restored backup was not from an existing installation of the chart, you will also need to enable some Kubernetes specific features after the restore. Such as [incremental CI job logging](https://docs.gitlab.com/ee/administration/job_logs.html#new-incremental-logging-architecture). -1. Find your Task Runner pod by executing the following command +1. Find your Toolbox pod by executing the following command ```shell - kubectl get pods -lrelease=RELEASE_NAME,app=task-runner + kubectl get pods -lrelease=RELEASE_NAME,app=toolbox ``` 1. Run the instance setup script to enable the necessary features ```shell - kubectl exec -it -- gitlab-rails runner -e production /scripts/custom-instance-setup + kubectl exec -it -- gitlab-rails runner -e production /scripts/custom-instance-setup ``` ## Restart the pods diff --git a/doc/charts/gitlab/gitaly/index.md b/doc/charts/gitlab/gitaly/index.md index 972abf8258..a19cd177be 100644 --- a/doc/charts/gitlab/gitaly/index.md +++ b/doc/charts/gitlab/gitaly/index.md @@ -276,11 +276,11 @@ Follow the steps to run Gitaly over TLS: added as a Subject Alternate Name (SAN) to the certificate. To know the hostnames to use, check the file `/srv/gitlab/config/gitlab.yml` - file in the Task Runner pod and check the various + file in the Toolbox pod and check the various `gitaly_address` fields specified under `repositories.storages` key within it. ```shell - kubectl exec -it -- grep gitaly_address /srv/gitlab/config/gitlab.yml + kubectl exec -it -- grep gitaly_address /srv/gitlab/config/gitlab.yml ``` NOTE: diff --git a/doc/charts/gitlab/index.md b/doc/charts/gitlab/index.md index 6c5d349d98..0365d0d5f5 100644 --- a/doc/charts/gitlab/index.md +++ b/doc/charts/gitlab/index.md @@ -20,5 +20,5 @@ service sub-charts: - [Migrations](migrations/index.md) - [Praefect](praefect/index.md) - [Sidekiq](sidekiq/index.md) -- [Task Runner](task-runner/index.md) +- [Toolbox](toolbox/index.md) - [Webservice](webservice/index.md) diff --git a/doc/charts/gitlab/migrations/index.md b/doc/charts/gitlab/migrations/index.md index 96f16de65c..62c9d4dba6 100644 --- a/doc/charts/gitlab/migrations/index.md +++ b/doc/charts/gitlab/migrations/index.md @@ -33,7 +33,7 @@ Table below contains all the possible charts configurations that can be supplied | Parameter | Description | Default | | --------------------------- | ---------------------------------------- | ---------------- | | `common.labels` | Supplemental labels that are applied to all objects created by this chart. | `{}` | -| `image.repository` | Migrations image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee` | +| `image.repository` | Migrations image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee` | | `image.tag` | Migrations image tag | | | `image.pullPolicy` | Migrations pull policy | `Always` | | `image.pullSecrets` | Secrets for the image repository | | @@ -103,7 +103,7 @@ image: By default, the Helm charts use the Enterprise Edition of GitLab. If desired, you can instead use the Community Edition. Learn more about the [difference between the two](https://about.gitlab.com/install/ce-or-ee/). -In order to use the Community Edition, set `image.repository` to `registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce` +In order to use the Community Edition, set `image.repository` to `registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce` ## External Services diff --git a/doc/charts/gitlab/praefect/index.md b/doc/charts/gitlab/praefect/index.md index f58fa29f0b..62ae41cd09 100644 --- a/doc/charts/gitlab/praefect/index.md +++ b/doc/charts/gitlab/praefect/index.md @@ -201,11 +201,11 @@ To run Praefect over TLS follow these steps: Subject Alternate Name (SAN) to the certificate or alternatively, you can use wildcards. To know the hostnames to use, check the file `/srv/gitlab/config/gitlab.yml` - file in the Task Runner Pod and check the various `gitaly_address` fields specified + file in the Toolbox Pod and check the various `gitaly_address` fields specified under `repositories.storages` key within it. ```shell - kubectl exec -it -- grep gitaly_address /srv/gitlab/config/gitlab.yml + kubectl exec -it -- grep gitaly_address /srv/gitlab/config/gitlab.yml ``` NOTE: diff --git a/doc/charts/gitlab/task-runner/index.md b/doc/charts/gitlab/toolbox/index.md similarity index 78% rename from doc/charts/gitlab/task-runner/index.md rename to doc/charts/gitlab/toolbox/index.md index a9bd5295a7..d5f00cb4e0 100644 --- a/doc/charts/gitlab/task-runner/index.md +++ b/doc/charts/gitlab/toolbox/index.md @@ -4,21 +4,21 @@ group: Distribution info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# Task Runner +# Toolbox -The Task Runner Pod is used to execute periodic housekeeping tasks within +The Toolbox Pod is used to execute periodic housekeeping tasks within the GitLab application. These tasks include backups, Sidekiq maintenance, and Rake tasks. ## Configuration The following configuration settings are the default settings provided by the -Task Runner chart: +Toolbox chart: ```yaml gitlab: - ## doc/charts/gitlab/task-runner - task-runner: + ## doc/charts/gitlab/toolbox + toolbox: enabled: true replicas: 1 backups: @@ -52,7 +52,7 @@ gitlab: | Parameter | Description | Default | |---------------------------------------------|----------------------------------------------|------------------------------| -| `annotations` | Annotations to add to the Task Runner Pods and Jobs | `{}` | +| `annotations` | Annotations to add to the Toolbox Pods and Jobs | `{}` | | `common.labels` | Supplemental labels that are applied to all objects created by this chart. | `{}` | | `antiAffinityLabels.matchLabels` | Labels for setting anti-affinity options | | | `backups.cron.concurrencyPolicy` | Kubernetes Job concurrency policy | `Replace` | @@ -77,34 +77,34 @@ gitlab: | `backups.objectStorage.config.secret` | Object storage credentials secret | "" | | `common.labels` | Supplemental labels that are applied to all objects created by this chart. | `{}` | | `deployment.strategy` | Allows one to configure the update strategy utilized by the deployment | { `type`: `Recreate` } | -| `enabled` | Task Runner enablement flag | true | +| `enabled` | Toolbox enablement flag | true | | `extra` | YAML block for [extra `gitlab.yml` configuration](https://gitlab.com/gitlab-org/gitlab/-/blob/8d2b59dbf232f17159d63f0359fa4793921896d5/config/gitlab.yml.example#L1193-1199) | {} | -| `image.pullPolicy` | Task Runner image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Task Runner image pull secrets | | -| `image.repository` | Task Runner image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee` | -| `image.tag` | Task Runner image tag | `master` | -| `init.image.repository` | Task Runner init image repository | | -| `init.image.tag` | Task Runner init image tag | | -| `init.resources` | Task Runner init container resource requirements | { `requests`: { `cpu`: `50m` }} | -| `nodeSelector` | Task Runner and backup job node selection | | -| `persistence.accessMode` | Task Runner persistence access mode | `ReadWriteOnce` | -| `persistence.enabled` | Task Runner enable persistence flag | false | +| `image.pullPolicy` | Toolbox image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Toolbox image pull secrets | | +| `image.repository` | Toolbox image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee` | +| `image.tag` | Toolbox image tag | `master` | +| `init.image.repository` | Toolbox init image repository | | +| `init.image.tag` | Toolbox init image tag | | +| `init.resources` | Toolbox init container resource requirements | { `requests`: { `cpu`: `50m` }} | +| `nodeSelector` | Toolbox and backup job node selection | | +| `persistence.accessMode` | Toolbox persistence access mode | `ReadWriteOnce` | +| `persistence.enabled` | Toolbox enable persistence flag | false | | `persistence.matchExpressions` | Label-expression matches to bind | | | `persistence.matchLabels` | Label-value matches to bind | | -| `persistence.size` | Task Runner persistence volume size | `10Gi` | +| `persistence.size` | Toolbox persistence volume size | `10Gi` | | `persistence.storageClass` | StorageClass name for provisioning | | -| `persistence.subPath` | Task Runner persistence volume mount path | | +| `persistence.subPath` | Toolbox persistence volume mount path | | | `persistence.volumeName` | Existing PersistentVolume name | | -| `podLabels` | Labels for running Task Runner Pods | {} | -| `replicas` | Number of Task Runner Pods to run | `1` | -| `resources.requests` | Task Runner minimum requested resources | { `cpu`: `50m`, `memory`: `350M` | +| `podLabels` | Labels for running Toolbox Pods | {} | +| `replicas` | Number of Toolbox Pods to run | `1` | +| `resources.requests` | Toolbox minimum requested resources | { `cpu`: `50m`, `memory`: `350M` | | `securityContext.fsGroup` | Group ID under which the pod should be started | `1000` | | `securityContext.runAsUser` | User ID under which the pod should be started | `1000` | | `serviceAccount.annotations` | Annotations for ServiceAccount | {} | | `serviceAccount.enabled` | Flag for using ServiceAccount | false | | `serviceAccount.create` | Flag for creating a ServiceAccount | false | | `serviceAccount.name` | Name of ServiceAccount to use | | -| `tolerations` | Tolerations to add to the Task Runner | | +| `tolerations` | Tolerations to add to the Toolbox | | ## Configuring backups @@ -139,7 +139,7 @@ using the `.volumeName` property or by using the selector `.matchLables` / `.matchExpressions` properties. In most cases the default value of `.accessMode` will provide adequate -controls for only Task Runner accessing the PersistentVolumes. Please consult +controls for only Toolbox accessing the PersistentVolumes. Please consult the documentation for the CSI driver installed in the Kubernetes cluster to ensure that the setting is correct. @@ -166,19 +166,19 @@ restoration disk space also needs to grow accordingly. In most cases the size of the restoration disk space should be the same size as the backup disk space. -## Task Runner included tools +## Toolbox included tools -The Task Runner container contains useful GitLab tools such as Rails console, +The Toolbox container contains useful GitLab tools such as Rails console, Rake tasks, etc. These commands allow one to check the status of the database migrations, execute Rake tasks for administrative tasks, interact with the Rails console: ```shell -# locate the Task Runner pod -kubectl get pods -lapp=task-runner +# locate the Toolbox pod +kubectl get pods -lapp=toolbox # Launch a shell inside the pod -kubectl exec -it -- bash +kubectl exec -it -- bash # open Rails console gitlab-rails console -e production diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 449995af31..d782bff96d 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1464,7 +1464,7 @@ sample [`gitlab.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/config/gi for more job examples. These settings are shared between Sidekiq, Webservice (for showing tooltips in UI) -and Task Runner (for debugging purposes) pods. +and Toolbox (for debugging purposes) pods. ```yaml global: diff --git a/doc/charts/index.md b/doc/charts/index.md index 6bd15b3988..5a1e10e282 100644 --- a/doc/charts/index.md +++ b/doc/charts/index.md @@ -35,5 +35,5 @@ There are some common global settings that apply to multiple charts. See the - GitLab/[Migrations](gitlab/migrations/index.md) - GitLab/[Praefect](gitlab/praefect/index.md) - GitLab/[Sidekiq](gitlab/sidekiq/index.md) -- GitLab/[Task Runner](gitlab/task-runner/index.md) +- GitLab/[Toolbox](gitlab/toolbox/index.md) - GitLab/[Webservice](gitlab/webservice/index.md) diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 71067e6341..56ac161e4c 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -817,7 +817,7 @@ helm upgrade mygitlab gitlab/gitlab -f mygitlab.yml --wait The administrative commands can be run against the Container Registry only from a Registry pod, where both the `registry` binary as well as necessary configuration is available. [Issue #2629](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2629) -is open to discuss how to provide this functionality from the task-runner pod. +is open to discuss how to provide this functionality from the toolbox pod. To run administrative commands: diff --git a/doc/index.md b/doc/index.md index 98ac93dd53..c07102ce62 100644 --- a/doc/index.md +++ b/doc/index.md @@ -31,7 +31,7 @@ can be installed separately. - GitLab/[Mailroom](charts/gitlab/mailroom/index.md) - GitLab/[Migrations](charts/gitlab/migrations/index.md) - GitLab/[Sidekiq](charts/gitlab/sidekiq/index.md) - - GitLab/[Task Runner](charts/gitlab/task-runner/index.md) + - GitLab/[Toolbox](charts/gitlab/toolbox/index.md) - GitLab/[Webservice](charts/gitlab/webservice/index.md) - Optional dependencies: - [PostgreSQL](https://artifacthub.io/packages/helm/bitnami/postgresql) diff --git a/doc/installation/command-line-options.md b/doc/installation/command-line-options.md index 48f3ca2745..de4f1e4dcf 100644 --- a/doc/installation/command-line-options.md +++ b/doc/installation/command-line-options.md @@ -324,7 +324,7 @@ GitLab external URL | | `gitlab.migrations.bootsnap.enabled` | Migrations Bootsnap enable flag | true | | `gitlab.migrations.enabled` | Migrations enable flag | true | | `gitlab.migrations.image.pullPolicy` | Migrations pull policy | | -| `gitlab.migrations.image.repository` | Migrations image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-task_runner-ee` | +| `gitlab.migrations.image.repository` | Migrations image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee` | | `gitlab.migrations.image.tag` | Migrations image tag | `master` | | `gitlab.migrations.psql.password.key` | key to psql password in psql secret | `psql-password` | | `gitlab.migrations.psql.password.secret` | psql secret | `gitlab-postgres` | @@ -348,46 +348,46 @@ GitLab external URL | | `gitlab.sidekiq.securityContext.fsGroup` | Group ID under which the pod should be started | `1000` | | `gitlab.sidekiq.securityContext.runAsUser` | User ID under which the pod should be started | `1000` | | `gitlab.sidekiq.timeout` | Sidekiq job timeout | `5` | -| `gitlab.task-runner.annotations` | Annotations to add to the task runner | {} | -| `gitlab.task-runner.backups.cron.enabled` | Backup CronJob enabled flag | false | -| `gitlab.task-runner.backups.cron.extraArgs` | String of arguments to pass to the backup utility | | -| `gitlab.task-runner.backups.cron.persistence.accessMode` | Backup cron persistence access mode | `ReadWriteOnce` | -| `gitlab.task-runner.backups.cron.persistence.enabled` | Backup cron enable persistence flag | false | -| `gitlab.task-runner.backups.cron.persistence.matchExpressions` | Label-expression matches to bind | | -| `gitlab.task-runner.backups.cron.persistence.matchLabels` | Label-value matches to bind | | -| `gitlab.task-runner.backups.cron.persistence.size` | Backup cron persistence volume size | `10Gi` | -| `gitlab.task-runner.backups.cron.persistence.storageClass` | storageClassName for provisioning | | -| `gitlab.task-runner.backups.cron.persistence.subPath` | Backup cron persistence volume mount path | | -| `gitlab.task-runner.backups.cron.persistence.volumeName` | Existing persistent volume name | | -| `gitlab.task-runner.backups.cron.resources.requests.cpu` | Backup cron minimum needed CPU | `50m` | -| `gitlab.task-runner.backups.cron.resources.requests.memory` | Backup cron minimum needed memory | `350M` | -| `gitlab.task-runner.backups.cron.schedule` | Cron style schedule string | `0 1 * * *` | -| `gitlab.task-runner.backups.objectStorage.backend` | Object storage provider to use (`s3` or `gcs`) | `s3` | -| `gitlab.task-runner.backups.objectStorage.config.gcpProject` | GCP Project to use when backend is `gcs` | "" | -| `gitlab.task-runner.backups.objectStorage.config.key` | key containing credentials in secret | "" | -| `gitlab.task-runner.backups.objectStorage.config.secret` | Object storage credentials secret | "" | -| `gitlab.task-runner.backups.objectStorage.config` | Authentication information for object storage | {} | -| `gitlab.task-runner.bootsnap.enabled` | Enable Bootsnap cache in Task runner | true | -| `gitlab.task-runner.enabled` | Task runner enabled flag | true | -| `gitlab.task-runner.image.pullPolicy` | Task runner image pull policy | `IfNotPresent` | -| `gitlab.task-runner.image.repository` | Task runner image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee` | -| `gitlab.task-runner.image.tag` | Task runner image tag | `master` | -| `gitlab.task-runner.init.image.repository` | Task runner init image repository | | -| `gitlab.task-runner.init.image.tag` | Task runner init image tag | | -| `gitlab.task-runner.init.resources.requests.cpu` | Task runner init minimum needed CPU | `50m` | -| `gitlab.task-runner.persistence.accessMode` | Task runner persistence access mode | `ReadWriteOnce` | -| `gitlab.task-runner.persistence.enabled` | Task runner enable persistence flag | false | -| `gitlab.task-runner.persistence.matchExpressions` | Label-expression matches to bind | | -| `gitlab.task-runner.persistence.matchLabels` | Label-value matches to bind | | -| `gitlab.task-runner.persistence.size` | Task runner persistence volume size | `10Gi` | -| `gitlab.task-runner.persistence.storageClass` | storageClassName for provisioning | | -| `gitlab.task-runner.persistence.subPath` | Task runner persistence volume mount path | | -| `gitlab.task-runner.persistence.volumeName` | Existing persistent volume name | | -| `gitlab.task-runner.psql.port` | Set PostgreSQL server port. Takes precedence over `global.psql.port` | | -| `gitlab.task-runner.resources.requests.cpu` | Task runner minimum needed CPU | `50m` | -| `gitlab.task-runner.resources.requests.memory` | Task runner minimum needed memory | `350M` | -| `gitlab.task-runner.securityContext.fsGroup` | Group ID under which the pod should be started | `1000` | -| `gitlab.task-runner.securityContext.runAsUser` | User ID under which the pod should be started | `1000` | +| `gitlab.toolbox.annotations` | Annotations to add to the toolbox | {} | +| `gitlab.toolbox.backups.cron.enabled` | Backup CronJob enabled flag | false | +| `gitlab.toolbox.backups.cron.extraArgs` | String of arguments to pass to the backup utility | | +| `gitlab.toolbox.backups.cron.persistence.accessMode` | Backup cron persistence access mode | `ReadWriteOnce` | +| `gitlab.toolbox.backups.cron.persistence.enabled` | Backup cron enable persistence flag | false | +| `gitlab.toolbox.backups.cron.persistence.matchExpressions` | Label-expression matches to bind | | +| `gitlab.toolbox.backups.cron.persistence.matchLabels` | Label-value matches to bind | | +| `gitlab.toolbox.backups.cron.persistence.size` | Backup cron persistence volume size | `10Gi` | +| `gitlab.toolbox.backups.cron.persistence.storageClass` | storageClassName for provisioning | | +| `gitlab.toolbox.backups.cron.persistence.subPath` | Backup cron persistence volume mount path | | +| `gitlab.toolbox.backups.cron.persistence.volumeName` | Existing persistent volume name | | +| `gitlab.toolbox.backups.cron.resources.requests.cpu` | Backup cron minimum needed CPU | `50m` | +| `gitlab.toolbox.backups.cron.resources.requests.memory` | Backup cron minimum needed memory | `350M` | +| `gitlab.toolbox.backups.cron.schedule` | Cron style schedule string | `0 1 * * *` | +| `gitlab.toolbox.backups.objectStorage.backend` | Object storage provider to use (`s3` or `gcs`) | `s3` | +| `gitlab.toolbox.backups.objectStorage.config.gcpProject` | GCP Project to use when backend is `gcs` | "" | +| `gitlab.toolbox.backups.objectStorage.config.key` | key containing credentials in secret | "" | +| `gitlab.toolbox.backups.objectStorage.config.secret` | Object storage credentials secret | "" | +| `gitlab.toolbox.backups.objectStorage.config` | Authentication information for object storage | {} | +| `gitlab.toolbox.bootsnap.enabled` | Enable Bootsnap cache in Toolbox | true | +| `gitlab.toolbox.enabled` | Toolbox enabled flag | true | +| `gitlab.toolbox.image.pullPolicy` | Toolbox image pull policy | `IfNotPresent` | +| `gitlab.toolbox.image.repository` | Toolbox image repository | `registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee` | +| `gitlab.toolbox.image.tag` | Toolbox image tag | `master` | +| `gitlab.toolbox.init.image.repository` | Toolbox init image repository | | +| `gitlab.toolbox.init.image.tag` | Toolbox init image tag | | +| `gitlab.toolbox.init.resources.requests.cpu` | Toolbox init minimum needed CPU | `50m` | +| `gitlab.toolbox.persistence.accessMode` | Toolbox persistence access mode | `ReadWriteOnce` | +| `gitlab.toolbox.persistence.enabled` | Toolbox enable persistence flag | false | +| `gitlab.toolbox.persistence.matchExpressions` | Label-expression matches to bind | | +| `gitlab.toolbox.persistence.matchLabels` | Label-value matches to bind | | +| `gitlab.toolbox.persistence.size` | Toolbox persistence volume size | `10Gi` | +| `gitlab.toolbox.persistence.storageClass` | storageClassName for provisioning | | +| `gitlab.toolbox.persistence.subPath` | Toolbox persistence volume mount path | | +| `gitlab.toolbox.persistence.volumeName` | Existing persistent volume name | | +| `gitlab.toolbox.psql.port` | Set PostgreSQL server port. Takes precedence over `global.psql.port` | | +| `gitlab.toolbox.resources.requests.cpu` | Toolbox minimum needed CPU | `50m` | +| `gitlab.toolbox.resources.requests.memory` | Toolbox minimum needed memory | `350M` | +| `gitlab.toolbox.securityContext.fsGroup` | Group ID under which the pod should be started | `1000` | +| `gitlab.toolbox.securityContext.runAsUser` | User ID under which the pod should be started | `1000` | | `gitlab.webservice.enabled` | webservice enabled flag | true | | `gitlab.webservice.gitaly.authToken.key` | Key to Gitaly token in Gitaly secret | `token` | | `gitlab.webservice.gitaly.authToken.secret` | Gitaly secret name | `{.Release.Name}-gitaly-secret` | diff --git a/doc/installation/database_upgrade.md b/doc/installation/database_upgrade.md index 2108a5dab2..8577e5cca2 100644 --- a/doc/installation/database_upgrade.md +++ b/doc/installation/database_upgrade.md @@ -38,7 +38,7 @@ Note the following: `kubectl config set-context --current --namespace=NAMESPACE`, or using [`kubens` from kubectx](https://github.com/ahmetb/kubectx). -The `pre` stage will create a backup of your database using the backup-utility script in the Task Runner, which gets saved to the configured s3 bucket (MinIO by default): +The `pre` stage will create a backup of your database using the backup-utility script in the Toolbox, which gets saved to the configured s3 bucket (MinIO by default): ```shell # GITLAB_RELEASE should be the version of the chart you are installing, starting with 'v': v5.0.0 @@ -77,13 +77,13 @@ Note the following: - You'll need to be using Bash 4.0 or above to run the script successfully as it requires the use of bash associative arrays. -1. Wait for the upgrade to complete for the Task Runner pod. RELEASE_NAME should be the name of the GitLab release from `helm list` +1. Wait for the upgrade to complete for the Toolbox pod. RELEASE_NAME should be the name of the GitLab release from `helm list` ```shell - kubectl rollout status -w deployment/RELEASE_NAME-task-runner + kubectl rollout status -w deployment/RELEASE_NAME-toolbox ``` -1. After the Task Runner pod is deployed successfully, run the `post` steps: +1. After the Toolbox pod is deployed successfully, run the `post` steps: ```shell # GITLAB_RELEASE should be the version of the chart you are installing, starting with 'v': v5.0.0 diff --git a/doc/installation/migration/minio.md b/doc/installation/migration/minio.md index 1e41ce4193..cf659af12d 100644 --- a/doc/installation/migration/minio.md +++ b/doc/installation/migration/minio.md @@ -14,7 +14,7 @@ for testing purposes. For production use, you are advised to set up an The easiest way to figure out the access details to built-in MinIO cluster is to look at the `gitlab.yml` file that is generated in Sidekiq, Webservice and -Task Runner pods. +Toolbox pods. To grab it from the Sidekiq pod: diff --git a/doc/installation/storage.md b/doc/installation/storage.md index 2c478193f4..9777de4571 100644 --- a/doc/installation/storage.md +++ b/doc/installation/storage.md @@ -162,4 +162,4 @@ See the [managing persistent volumes documentation](../advanced/persistent-volum ## Optional volumes -For larger installations, you may need to add persistent storage to the Task Runner to get backups/restores working. See our [troubleshooting documentation](../backup-restore/#pod-eviction-issues) for a guide on how to do this. +For larger installations, you may need to add persistent storage to the Toolbox to get backups/restores working. See our [troubleshooting documentation](../backup-restore/#pod-eviction-issues) for a guide on how to do this. diff --git a/doc/installation/upgrade_old.md b/doc/installation/upgrade_old.md index 9542f3cc01..1987ef2f95 100644 --- a/doc/installation/upgrade_old.md +++ b/doc/installation/upgrade_old.md @@ -39,7 +39,7 @@ Note the following: `kubectl config set-context --current --namespace=NAMESPACE`, or using [`kubens` from kubectx](https://github.com/ahmetb/kubectx). -The `pre` stage will create a backup of your database using the backup-utility script in the Task Runner, which gets saved to the configured s3 bucket (MinIO by default): +The `pre` stage will create a backup of your database using the backup-utility script in the Toolbox, which gets saved to the configured s3 bucket (MinIO by default): ```shell # GITLAB_RELEASE should be the version of the chart you are installing, starting with 'v': v3.0.0 @@ -108,13 +108,13 @@ Note the following: - You'll need to be using Bash 4.0 or above to run the script successfully as it requires the use of bash associative arrays. -1. Wait for the upgrade to complete for the Task Runner pod. RELEASE_NAME should be the name of the GitLab release from `helm list` +1. Wait for the upgrade to complete for the Toolbox pod. RELEASE_NAME should be the name of the GitLab release from `helm list` ```shell - kubectl rollout status -w deployment/RELEASE_NAME-task-runner + kubectl rollout status -w deployment/RELEASE_NAME-toolbox ``` -1. After the Task Runner pod is deployed successfully, run the `post` steps: +1. After the Toolbox pod is deployed successfully, run the `post` steps: This step will do the following: diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 41edc87502..3b036bca9b 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -232,7 +232,7 @@ You can find the full explanation and workaround in [Migrating from Helm v2 to H You may face this error when restoring a backup on your Helm chart instance. Use the following steps as a workaround: -1. Inside your `task-runner` pod open the DB console: +1. Inside your `toolbox` pod open the DB console: ```shell /srv/gitlab/bin/rails dbconsole -p diff --git a/examples/custom-images/values.yaml b/examples/custom-images/values.yaml index cca5090312..4b60127540 100644 --- a/examples/custom-images/values.yaml +++ b/examples/custom-images/values.yaml @@ -38,7 +38,7 @@ gitlab: sidekiq: <<: *custom init: *custom - task-runner: + toolbox: <<: *custom init: *custom webservice: diff --git a/examples/i2p-values-minimal.yaml b/examples/i2p-values-minimal.yaml index 4fcc9eaaec..8b0715cb57 100644 --- a/examples/i2p-values-minimal.yaml +++ b/examples/i2p-values-minimal.yaml @@ -58,7 +58,7 @@ gitlab: resources: requests: cpu: 10m - task-runner: + toolbox: resources: requests: cpu: 10m diff --git a/examples/ref/10k.yaml b/examples/ref/10k.yaml index de711a87d5..6cb5c35919 100644 --- a/examples/ref/10k.yaml +++ b/examples/ref/10k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ref/25k.yaml b/examples/ref/25k.yaml index 0a9cee74af..9a0b9d1717 100644 --- a/examples/ref/25k.yaml +++ b/examples/ref/25k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ref/2k.yaml b/examples/ref/2k.yaml index 1b97575642..e7734e759e 100644 --- a/examples/ref/2k.yaml +++ b/examples/ref/2k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ref/3k.yaml b/examples/ref/3k.yaml index 866286f5f1..222e60e699 100644 --- a/examples/ref/3k.yaml +++ b/examples/ref/3k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ref/50k.yaml b/examples/ref/50k.yaml index 1ac736b5df..c97585b55d 100644 --- a/examples/ref/50k.yaml +++ b/examples/ref/50k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ref/5k.yaml b/examples/ref/5k.yaml index ad632a23ce..219d777d7c 100644 --- a/examples/ref/5k.yaml +++ b/examples/ref/5k.yaml @@ -44,7 +44,7 @@ gitlab: requests: cpu: 900m # Assume single-process, 1 CPU memory: 2G - task-runner: + toolbox: backups: # Below, GCS is used an example for the ObjectStorage section. # All ObjectStorage options are documented here: diff --git a/examples/ubi/values.yaml b/examples/ubi/values.yaml index 480c97a9a0..55efbabee7 100644 --- a/examples/ubi/values.yaml +++ b/examples/ubi/values.yaml @@ -139,7 +139,7 @@ gitlab: image: tag: master-ubi8 - task-runner: + toolbox: image: tag: master-ubi8 diff --git a/examples/values-external-objectstorage.yaml b/examples/values-external-objectstorage.yaml index 65e4d85652..a2e7ec2d42 100644 --- a/examples/values-external-objectstorage.yaml +++ b/examples/values-external-objectstorage.yaml @@ -30,7 +30,7 @@ global: bucket: gitlab-backup-storage tmpBucket: gitlab-tmp-storage gitlab: - task-runner: + toolbox: backups: objectStorage: config: diff --git a/examples/values-gke-minimum.yaml b/examples/values-gke-minimum.yaml index ea7d88893d..01dd8dc144 100644 --- a/examples/values-gke-minimum.yaml +++ b/examples/values-gke-minimum.yaml @@ -4,7 +4,7 @@ # # - all pods start with a single replica, rather than their other highly available defaults # - resource requests are tuned down to the minimal requirements for a single user to fully use GitLab -# - prometheus, gitlab ci runner, and the gitlab task-runner (used for backups and maintenance) are disabled +# - prometheus, gitlab ci runner, and the gitlab toolbox (used for backups and maintenance) are disabled prometheus: install: false gitlab-runner: @@ -66,7 +66,7 @@ gitlab: memory: 625M gitlab-shell: minReplicas: 1 - task-runner: + toolbox: enabled: false registry: hpa: diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index 19e3c251ac..9827686330 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -158,7 +158,7 @@ CIYAML gitlab-shell: minReplicas: 1 # 2 maxReplicas: 2 # 10 - task-runner: + toolbox: enabled: true nginx-ingress: controller: @@ -257,13 +257,13 @@ function wait_for_deploy { echo "" } -function restart_task_runner() { - # restart the task-runner pods, by deleting them +function restart_toolbox() { + # restart the toolbox pods, by deleting them # the ReplicaSet of the Deployment will re-create them # this ensure we run up-to-date on tags like `master` when there # have been no changes to the configuration to warrant a restart # via metadata checksum annotations - kubectl -n ${NAMESPACE} delete pods -lapp=task-runner,release=${RELEASE_NAME} + kubectl -n ${NAMESPACE} delete pods -lapp=toolbox,release=${RELEASE_NAME} # always "succeed" so not to block. return 0 } diff --git a/scripts/ci/values-dev-images.yaml b/scripts/ci/values-dev-images.yaml index ecfe4adc3d..966b04464d 100644 --- a/scripts/ci/values-dev-images.yaml +++ b/scripts/ci/values-dev-images.yaml @@ -15,13 +15,16 @@ gitlab: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-shell migrations: image: - repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-task-runner-ee + repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-toolbox-ee + <<: *pullSecret sidekiq: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-sidekiq-ee - task-runner: + <<: *pullSecret + toolbox: image: - repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-task-runner-ee + repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-toolbox-ee + <<: *pullSecret webservice: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-webservice-ee diff --git a/scripts/database-upgrade b/scripts/database-upgrade index 62cd9fce07..42785327b2 100755 --- a/scripts/database-upgrade +++ b/scripts/database-upgrade @@ -18,9 +18,9 @@ selector() { echo "${base}" } -# Run command in the task-runner pod -in_task_runner() { - task_pod=$(kubectl ${namespace} get pods -l "$(selector task-runner)" --field-selector status.phase=Running -o custom-columns=N:.metadata.name --no-headers | grep -v backup | head -n 1) +# Run command in the toolbox pod +in_toolbox() { + task_pod=$(kubectl ${namespace} get pods -l "$(selector toolbox)" --field-selector status.phase=Running -o custom-columns=N:.metadata.name --no-headers | grep -v backup | head -n 1) kubectl ${namespace} exec -it "${task_pod}" -- "${@}" } @@ -36,7 +36,7 @@ patch_replicas() { } pre() { - in_task_runner backup-utility -t "${fake_timestamp}" --skip registry,uploads,artifacts,lfs,packages,external_diffs,terraform_state,repositories + in_toolbox backup-utility -t "${fake_timestamp}" --skip registry,uploads,artifacts,lfs,packages,external_diffs,terraform_state,repositories } post() { @@ -76,8 +76,8 @@ post() { done # Restore the database - in_task_runner backup-utility --restore -t "${fake_timestamp}" --skip registry,uploads,artifacts,lfs,packages,external_diffs,terraform_state,repositories - in_task_runner gitlab-rake db:migrate + in_toolbox backup-utility --restore -t "${fake_timestamp}" --skip registry,uploads,artifacts,lfs,packages,external_diffs,terraform_state,repositories + in_toolbox gitlab-rake db:migrate # Start the deployments back up diff --git a/spec/configuration/database_spec.rb b/spec/configuration/database_spec.rb index 98b0ee19c2..f17abc2f17 100644 --- a/spec/configuration/database_spec.rb +++ b/spec/configuration/database_spec.rb @@ -74,7 +74,7 @@ describe 'Database configuration' do it 'populates global database to all charts' do template = HelmTemplate.new(global_values) expect(database_yml(template,'webservice')).to include("database: testing") - expect(database_yml(template,'task-runner')).to include("database: testing") + expect(database_yml(template,'toolbox')).to include("database: testing") expect(database_yml(template,'sidekiq')).to include("database: testing") end @@ -91,7 +91,7 @@ describe 'Database configuration' do it 'populates local database to webservice, and global to others' do template = HelmTemplate.new(local_values) expect(database_yml(template,'webservice')).to include("database: local") - expect(database_yml(template,'task-runner')).to include("database: testing") + expect(database_yml(template,'toolbox')).to include("database: testing") expect(database_yml(template,'sidekiq')).to include("database: testing") end end diff --git a/spec/configuration/global_spec.rb b/spec/configuration/global_spec.rb index 12d451f1b3..18f991b84f 100644 --- a/spec/configuration/global_spec.rb +++ b/spec/configuration/global_spec.rb @@ -53,7 +53,7 @@ describe 'global configuration' do expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" expect(t.find_projected_secret('Deployment/test-sidekiq-all-in-1-v1', 'init-sidekiq-secrets', 'test-registry-notification')).to be true expect(t.find_projected_secret('Deployment/test-webservice-default', 'init-webservice-secrets', 'test-registry-notification')).to be true - expect(t.find_projected_secret('Deployment/test-task-runner', 'init-task-runner-secrets', 'test-registry-notification')).to be true + expect(t.find_projected_secret('Deployment/test-toolbox', 'init-toolbox-secrets', 'test-registry-notification')).to be true gitlab_config = t.dig('ConfigMap/test-sidekiq', 'data', 'gitlab.yml.erb') expect(gitlab_config).to include('notification_secret') diff --git a/spec/configuration/kas_spec.rb b/spec/configuration/kas_spec.rb index 2fa74d62cb..660fc7a30d 100644 --- a/spec/configuration/kas_spec.rb +++ b/spec/configuration/kas_spec.rb @@ -408,7 +408,7 @@ describe 'kas configuration' do )['production']['gitlab_kas'] end - %w[webservice task-runner sidekiq].each do |chart| + %w[webservice toolbox sidekiq].each do |chart| context "for #{chart}" do it 'has the correct defaults' do expect(gitlab_yml(chart)).to include(YAML.safe_load(%( diff --git a/spec/configuration/objectstorage_spec.rb b/spec/configuration/objectstorage_spec.rb index 0356d99823..e6324eb8f5 100644 --- a/spec/configuration/objectstorage_spec.rb +++ b/spec/configuration/objectstorage_spec.rb @@ -10,7 +10,7 @@ describe 'ObjectStorage configuration' do [ 'sidekiq', 'webservice', - 'task-runner' + 'toolbox' ] end diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index b10459ed13..e30d816900 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -293,7 +293,7 @@ describe 'Redis configuration' do expect(t.dig('Service/test-master')).to be_falsey expect(t.dig('Service/test-redis-master')).to be_truthy # check resque.yml - expect(t.dig('ConfigMap/test-task-runner','data','resque.yml.erb')).to include('test-redis-master') + expect(t.dig('ConfigMap/test-toolbox','data','resque.yml.erb')).to include('test-redis-master') end end @@ -306,7 +306,7 @@ describe 'Redis configuration' do expect(t.dig('Service/redis-test-master')).to be_truthy expect(t.dig('Service/redis-test-redis-master')).to be_falsey # check resque.yml is pointing to the right service. - expect(t.dig('ConfigMap/redis-test-task-runner','data','resque.yml.erb')).to include('redis-test-master') + expect(t.dig('ConfigMap/redis-test-toolbox','data','resque.yml.erb')).to include('redis-test-master') end end end diff --git a/spec/configuration/strategy_spec.rb b/spec/configuration/strategy_spec.rb index b636111529..5e495c0527 100644 --- a/spec/configuration/strategy_spec.rb +++ b/spec/configuration/strategy_spec.rb @@ -100,7 +100,7 @@ describe 'Strategy configuration' do 'Deployment/test-prometheus-server', 'Deployment/test-nginx-ingress-controller', 'Deployment/test-nginx-ingress-default-backend', - 'Deployment/test-task-runner', + 'Deployment/test-toolbox', 'Deployment/test-minio', 'Deployment/test-gitlab-runner', 'StatefulSet/test-redis-master', diff --git a/spec/configuration/task_runner_spec.rb b/spec/configuration/task_runner_spec.rb deleted file mode 100644 index 4f33e108a5..0000000000 --- a/spec/configuration/task_runner_spec.rb +++ /dev/null @@ -1,68 +0,0 @@ -require 'spec_helper' -require 'helm_template_helper' -require 'yaml' -require 'hash_deep_merge' - -describe 'task-runner configuration' do - let(:default_values) do - YAML.safe_load(%( - certmanager-issuer: - email: test@example.com - gitlab: - task-runner: - backups: - cron: - enabled: true - persistence: - enabled: true - enabled: true - persistence: - enabled: true - serviceAccount: - enabled: true - create: true - )) - end - - context 'When customer provides additional labels' do - let(:values) do - YAML.safe_load(%( - global: - common: - labels: - global: global - foo: global - pod: - labels: - global_pod: true - gitlab: - task-runner: - common: - labels: - global: task-runner - task-runner: task-runner - networkpolicy: - enabled: true - podLabels: - pod: true - global: pod - )).deep_merge(default_values) - end - it 'Populates the additional labels in the expected manner' do - t = HelmTemplate.new(values) - expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" - expect(t.dig('ConfigMap/test-task-runner', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('CronJob/test-task-runner-backup', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('CronJob/test-task-runner-backup', 'spec', 'jobTemplate', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('Deployment/test-task-runner', 'metadata', 'labels')).to include('foo' => 'global') - expect(t.dig('Deployment/test-task-runner', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('Deployment/test-task-runner', 'metadata', 'labels')).not_to include('global' => 'global') - expect(t.dig('Deployment/test-task-runner', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') - expect(t.dig('Deployment/test-task-runner', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') - expect(t.dig('Deployment/test-task-runner', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') - expect(t.dig('PersistentVolumeClaim/test-task-runner-tmp', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('PersistentVolumeClaim/test-task-runner-backup-tmp', 'metadata', 'labels')).to include('global' => 'task-runner') - expect(t.dig('ServiceAccount/test-task-runner', 'metadata', 'labels')).to include('global' => 'task-runner') - end - end -end diff --git a/spec/configuration/toolbox_spec.rb b/spec/configuration/toolbox_spec.rb new file mode 100644 index 0000000000..69ac38efe5 --- /dev/null +++ b/spec/configuration/toolbox_spec.rb @@ -0,0 +1,68 @@ +require 'spec_helper' +require 'helm_template_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'toolbox configuration' do + let(:default_values) do + YAML.safe_load(%( + certmanager-issuer: + email: test@example.com + gitlab: + toolbox: + backups: + cron: + enabled: true + persistence: + enabled: true + enabled: true + persistence: + enabled: true + serviceAccount: + enabled: true + create: true + )) + end + + context 'When customer provides additional labels' do + let(:values) do + YAML.safe_load(%( + global: + common: + labels: + global: global + foo: global + pod: + labels: + global_pod: true + gitlab: + toolbox: + common: + labels: + global: toolbox + toolbox: toolbox + networkpolicy: + enabled: true + podLabels: + pod: true + global: pod + )).deep_merge(default_values) + end + it 'Populates the additional labels in the expected manner' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" + expect(t.dig('ConfigMap/test-toolbox', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('CronJob/test-toolbox-backup', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('CronJob/test-toolbox-backup', 'spec', 'jobTemplate', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('Deployment/test-toolbox', 'metadata', 'labels')).to include('foo' => 'global') + expect(t.dig('Deployment/test-toolbox', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('Deployment/test-toolbox', 'metadata', 'labels')).not_to include('global' => 'global') + expect(t.dig('Deployment/test-toolbox', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') + expect(t.dig('Deployment/test-toolbox', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') + expect(t.dig('Deployment/test-toolbox', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') + expect(t.dig('PersistentVolumeClaim/test-toolbox-tmp', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('PersistentVolumeClaim/test-toolbox-backup-tmp', 'metadata', 'labels')).to include('global' => 'toolbox') + expect(t.dig('ServiceAccount/test-toolbox', 'metadata', 'labels')).to include('global' => 'toolbox') + end + end +end diff --git a/spec/fixtures/local-image-config.yaml b/spec/fixtures/local-image-config.yaml index dd43665f32..3e7869bd2c 100644 --- a/spec/fixtures/local-image-config.yaml +++ b/spec/fixtures/local-image-config.yaml @@ -100,14 +100,14 @@ gitlab: init: image: pullPolicy: pp-sidekiq-init - task-runner: + toolbox: image: - pullPolicy: pp-task-runner + pullPolicy: pp-toolbox pullSecrets: - - name: ps-task-runner + - name: ps-toolbox init: image: - pullPolicy: pp-task-runner-init + pullPolicy: pp-toolbox-init webservice: image: pullPolicy: pp-webservice diff --git a/spec/gitlab_test_helper.rb b/spec/gitlab_test_helper.rb index 4b39798394..a4a0d2c1b8 100644 --- a/spec/gitlab_test_helper.rb +++ b/spec/gitlab_test_helper.rb @@ -158,7 +158,7 @@ module Gitlab end def pod_name - filters = 'app=task-runner' + filters = 'app=toolbox' @pod ||= find_pod_name(filters) end diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 69064fe7e1..059c4e31ac 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -641,11 +641,11 @@ describe 'checkConfig template' do error_description: 'when Gitaly and Praefect are enabled and no storages are named "default"' end - describe 'gitaly.task-runner.replicas' do + describe 'gitaly.toolbox.replicas' do let(:success_values) do YAML.safe_load(%( gitlab: - task-runner: + toolbox: replicas: 1 persistence: enabled: true @@ -655,7 +655,7 @@ describe 'checkConfig template' do let(:error_values) do YAML.safe_load(%( gitlab: - task-runner: + toolbox: replicas: 2 persistence: enabled: true @@ -665,8 +665,8 @@ describe 'checkConfig template' do let(:error_output) { 'more than 1 replica, but also with a PersistentVolumeClaim' } include_examples 'config validation', - success_description: 'when task-runner has persistence enabled and one replica', - error_description: 'when task-runner has persistence enabled and more than one replica' + success_description: 'when toolbox has persistence enabled and one replica', + error_description: 'when toolbox has persistence enabled and more than one replica' end describe 'multipleRedis' do diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 68e684b2f9..0ab4250a16 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -69,12 +69,12 @@ The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileg chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runners {{- end }} -{{/* task-runner replicas */}} -{{ if eq (index $.Values.gitlab "task-runner" "replicas" | int) 0 }} -NOTICE: The GitLab task-runner is scaled to 0. - The `task-runner` Pod is very useful for administration and debugging of this application suite. You may configure `gitlab.task-runner.replicas=1` if you wish to leave a Pod running at all times, or you can scale the deployment up when needed: +{{/* toolbox replicas */}} +{{ if eq (index $.Values.gitlab "toolbox" "replicas" | int) 0 }} +NOTICE: The GitLab toolbox is scaled to 0. + The `toolbox` Pod is very useful for administration and debugging of this application suite. You may configure `gitlab.toolbox.replicas=1` if you wish to leave a Pod running at all times, or you can scale the deployment up when needed: - `kubectl scale --replicas=1 deployment/{{ .Release.Name }}-task-runner` + `kubectl scale --replicas=1 deployment/{{ .Release.Name }}-toolbox` {{ end }} @@ -104,8 +104,8 @@ Help us improve the installation experience, let us know how we did with a 1 min {{- $_ := set $envValues "gitlab.webservice" (default false .Values.gitlab.webservice.extraEnv.PAGES_UPDATE_LEGACY_STORAGE) }} {{- $_ := set $envValues "gitlab.sidekiq" (default false .Values.gitlab.sidekiq.extraEnv.PAGES_UPDATE_LEGACY_STORAGE) }} {{- $_ := set $envValues "global" (default false .Values.global.extraEnv.PAGES_UPDATE_LEGACY_STORAGE) }} -{{- $taskrunnerExtraEnv := index .Values.gitlab "task-runner" "extraEnv" }} -{{- $_ := set $envValues "gitlab.task-runner" (default false $taskrunnerExtraEnv.PAGES_UPDATE_LEGACY_STORAGE) }} +{{- $toolboxExtraEnv := index .Values.gitlab "toolbox" "extraEnv" }} +{{- $_ := set $envValues "gitlab.toolbox" (default false $toolboxExtraEnv.PAGES_UPDATE_LEGACY_STORAGE) }} {{- range $component, $value := $envValues }} {{- if eq $value true }} WARNING: GitLab Pages configured to use disk storage via `{{ $component }}.extraEnv.PAGES_UPDATE_LEGACY_STORAGE`. diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 2247c07d01..7b67f6ffb5 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -36,7 +36,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.extern.repos" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.database" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} -{{- $messages = append $messages (include "gitlab.task-runner.replicas" .) -}} +{{- $messages = append $messages (include "gitlab.toolbox.replicas" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.hostWhenNoInstall" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.postgresql.deprecatedVersion" .) -}} @@ -311,17 +311,17 @@ gitaly: {{/* END gitlab.checkConfig.gitaly.extern.repos */}} {{/* -Ensure that gitlab/task-runner is not configured with `replicas` > 1 if +Ensure that gitlab/toolbox is not configured with `replicas` > 1 if persistence is enabled. */}} -{{- define "gitlab.task-runner.replicas" -}} -{{- $replicas := index $.Values.gitlab "task-runner" "replicas" | int -}} -{{- if and (gt $replicas 1) (index $.Values.gitlab "task-runner" "persistence" "enabled") -}} -task-runner: replicas is greater than 1, with persistence enabled. - It appear that `gitlab/task-runner` has been configured with more than 1 replica, but also with a PersistentVolumeClaim. This is not supported. Please either reduce the replicas to 1, or disable persistence. +{{- define "gitlab.toolbox.replicas" -}} +{{- $replicas := index $.Values.gitlab "toolbox" "replicas" | int -}} +{{- if and (gt $replicas 1) (index $.Values.gitlab "toolbox" "persistence" "enabled") -}} +toolbox: replicas is greater than 1, with persistence enabled. + It appear that `gitlab/toolbox` has been configured with more than 1 replica, but also with a PersistentVolumeClaim. This is not supported. Please either reduce the replicas to 1, or disable persistence. {{- end -}} {{- end -}} -{{/* END gitlab.task-runner.replicas */}} +{{/* END gitlab.toolbox.replicas */}} {{/* Ensure that `redis.install: false` if configuring multiple Redis instances @@ -376,7 +376,7 @@ Ensure that if `psql.password.useSecret` is set to false, a path to the password */}} {{- define "gitlab.checkConfig.postgresql.noPasswordFile" -}} {{- $errorMsg := list -}} -{{- $subcharts := pick .Values.gitlab "geo-logcursor" "gitlab-exporter" "migrations" "sidekiq" "task-runner" "webservice" -}} +{{- $subcharts := pick .Values.gitlab "geo-logcursor" "gitlab-exporter" "migrations" "sidekiq" "toolbox" "webservice" -}} {{- range $name, $sub := $subcharts -}} {{- $useSecret := include "gitlab.boolean.local" (dict "local" (pluck "useSecret" (index $sub "psql" "password") | first) "global" $.Values.global.psql.password.useSecret "default" true) -}} {{- if and (not $useSecret) (not (pluck "file" (index $sub "psql" "password") ($.Values.global.psql.password) | first)) -}} diff --git a/templates/_deprecations.tpl b/templates/_deprecations.tpl index 5832028216..90fd18f6aa 100644 --- a/templates/_deprecations.tpl +++ b/templates/_deprecations.tpl @@ -53,6 +53,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $deprecated = append $deprecated (include "gitlab.deprecate.global.geo.registry.syncEnabled" .) -}} {{- $deprecated = append $deprecated (include "certmanager.createCustomResource" .) -}} {{- $deprecated = append $deprecated (include "gitlab.deprecate.global.imagePullPolicy" .) -}} +{{- $deprecated = append $deprecated (include "gitlab.deprecate.task-runner" .) -}} {{- /* prepare output */}} {{- $deprecated = without $deprecated "" -}} @@ -66,7 +67,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{/* Migration of rails shared lfs/artifacts/uploads blocks to globals */}} {{- define "gitlab.deprecate.rails.appConfig" -}} -{{- range $chart := list "webservice" "sidekiq" "task-runner" -}} +{{- range $chart := list "webservice" "sidekiq" "toolbox" -}} {{- if index $.Values.gitlab $chart -}} {{- range $i, $block := list "lfs" "artifacts" "uploads" -}} {{- if hasKey (index $.Values.gitlab $chart) $block }} @@ -114,10 +115,10 @@ gitlab.sidekiq: Chart-local configuration of Minio features has been moved to global. Please remove `gitlab.sidekiq.minio.enabled` from your properties, and set `global.minio.enabled` instead. {{- end -}} {{- end -}} -{{- if index .Values.gitlab "task-runner" "minio" -}} -{{- if ( hasKey ( index .Values.gitlab "task-runner" "minio" ) "enabled" ) }} -gitlab.task-runner: - Chart-local configuration of Minio features has been moved to global. Please remove `gitlab.task-runner.minio.enabled` from your properties, and set `global.minio.enabled` instead. +{{- if index .Values.gitlab "toolbox" "minio" -}} +{{- if ( hasKey ( index .Values.gitlab "toolbox" "minio" ) "enabled" ) }} +gitlab.toolbox: + Chart-local configuration of Minio features has been moved to global. Please remove `gitlab.toolbox.minio.enabled` from your properties, and set `global.minio.enabled` instead. {{- end -}} {{- end -}} {{- end -}} @@ -219,7 +220,7 @@ gitlab: {{/* Deprecation behavious for configuration of initContainer images of gitlab sub-charts */}} {{- define "gitlab.deprecate.initContainerImage" -}} -{{- range $chart:= list "geo-logcursor" "gitaly" "gitlab-exporter" "gitlab-shell" "mailroom" "migrations" "sidekiq" "task-runner" "webservice" }} +{{- range $chart:= list "geo-logcursor" "gitaly" "gitlab-exporter" "gitlab-shell" "mailroom" "migrations" "sidekiq" "toolbox" "webservice" }} {{- if hasKey (index $.Values.gitlab $chart) "init" -}} {{- with $config := index $.Values.gitlab $chart "init" -}} {{- if or (and (hasKey $config "image") (kindIs "string" $config.image)) (hasKey $config "tag") }} @@ -309,7 +310,7 @@ global.psql.pool: {{- end -}} {{- end -}} -{{- range $chart := list "webservice" "sidekiq" "task-runner" -}} +{{- range $chart := list "webservice" "sidekiq" "toolbox" -}} {{- if index $.Values.gitlab $chart -}} {{- if hasKey (index $.Values.gitlab $chart) "psql" -}} {{- with $localConfig := index $.Values.gitlab $chart "psql" -}} @@ -413,4 +414,13 @@ global.imagePullPolicy: {{- end -}} {{- end -}} + +{{/* Deprecation behaviors for task-runner rename to toolbox */}} +{{- define "gitlab.deprecate.task-runner" -}} +{{- if index .Values.gitlab "task-runner" }} +gitlab.task-runner: + The configuration of `gitlab.task-runner` has been renamed. Please use `gitlab.toolbox` instead. +{{- end -}} +{{- end -}} + {{/* END gitlab.deprecate.local.kubectl */}} diff --git a/values.yaml b/values.yaml index f53b8a6524..90ebe52865 100644 --- a/values.yaml +++ b/values.yaml @@ -1055,8 +1055,8 @@ grafana: ## Settings for individual sub-charts under GitLab ## Note: Many of these settings are configurable via globals gitlab: - ## https://docs.gitlab.com/charts/charts/gitlab/task-runner - task-runner: + ## https://docs.gitlab.com/charts/charts/gitlab/toolbox + toolbox: replicas: 1 antiAffinityLabels: matchLabels: -- GitLab From 0401462c2f1f9a351fa96ad1d04398122afa73a4 Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Fri, 29 Oct 2021 15:24:58 +0900 Subject: [PATCH 083/253] Add redirect for renamed task-runner doc --- doc/charts/gitlab/task-runner/index.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 doc/charts/gitlab/task-runner/index.md diff --git a/doc/charts/gitlab/task-runner/index.md b/doc/charts/gitlab/task-runner/index.md new file mode 100644 index 0000000000..54979b4676 --- /dev/null +++ b/doc/charts/gitlab/task-runner/index.md @@ -0,0 +1,9 @@ +--- +redirect_to: '../toolbox/index.md' +remove_date: '2022-01-29' +--- + +This file was moved to [another location](../toolbox/index.md). + + + -- GitLab From 4d30d12dc3e284d1887b653784ddccf67e09167a Mon Sep 17 00:00:00 2001 From: Hayley Swimelar Date: Fri, 29 Oct 2021 14:54:14 +0000 Subject: [PATCH 084/253] Registry: add manifests section to validation stanza --- charts/registry/templates/configmap.yaml | 13 ++++++++++++ charts/registry/values.yaml | 5 +++++ doc/charts/registry/index.md | 27 +++++++++++++++++++++++- 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index ce0387ce99..08bb77763e 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -49,6 +49,19 @@ data: {{- end }} validation: disabled: {{ eq true .Values.validation.disabled }} + {{- with .Values.validation.manifests }} + manifests: + referencelimit: {{ .referencelimit }} + urls: + allow: + {{- range .urls.allow }} + - {{ . }} + {{- end }} + deny: + {{- range .urls.deny }} + - {{ . }} + {{- end }} + {{- end }} {{- include "registry.notifications.config" $ | nindent 4 }} reporting: {{- if .Values.reporting.sentry.enabled }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index f754d9b760..0f6d06d18c 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -231,6 +231,11 @@ compatibility: # See https://github.com/docker/distribution/issues/2795 validation: disabled: true + manifests: + referencelimit: 0 + urls: + allow: [] + deny: [] # Configure the logging mechanism for the Container Registry as desired # See https://docs.docker.com/registry/configuration/#log diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 56ac161e4c..432a18d32c 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -99,6 +99,11 @@ registry: enabled: false validation: disabled: true + manifests: + referencelimit: 0 + urls: + allow: [] + deny: [] notifications: {} tolerations: [] ingress: @@ -477,12 +482,32 @@ If you _must_ support older versions of Docker clients, you can do so by setting The `validation` field is a map that controls the Docker image validation process in the registry. When image validation is enabled the registry rejects -windows images with foreign layers. +windows images with foreign layers, unless the `manifests.urls.allow` field +within the validation stanza is explicitly set to allow those layer urls. + +Validation only happens during manifest push, so images already present in the +registry are not affected by changes to the values in this section. The image validation is turned off by default. To enable image validation you need to explicitly set `registry.validation.disabled: false`. +#### manifests + +The `manifests` field allows configuration of validation policies particular to +manifests. + +The `urls` section contains both `allow` and `deny` fields. For manifest layers +which contain URLs to pass validation, that layer must match one of the regular +expressions in the `allow` field, while not matching any regular expression in +the `deny` field. + +| Name | Type | Default | Description | +| :---------------: | :----: | :------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | +| `referencelimit` | Int | `0` | The maximum number of references, such as layers, image configurations, and other manifests, that a single manifest may have. When set to `0` (default) this validation is disabled. | +| `urls.allow` | Array | `[]` | List of regular expressions that enables URLs in the layers of manifests. When left empty (default), layers with any URLs will be rejected. | +| `urls.deny` | Array | `[]` | List of regular expressions that restricts the URLs in the layers of manifests. When left empty (default), no layer with URLs which passed the `urls.allow` list will be rejected | + ### notifications The `notifications` field is used to configure [Registry notifications](https://docs.docker.com/registry/notifications/#configuration). -- GitLab From 910bd73a0c180adaac9052ffaa0d72f6cdace89d Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 29 Oct 2021 17:52:22 +0000 Subject: [PATCH 085/253] Update changelog for 4.12.13 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 34033f6915..fb78833b39 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -267,6 +267,10 @@ No changes. - [Remove the old resouce changes notices](gitlab-org/charts/gitlab@1755275b75dfe669c038e44dd2d218e3aa62c2e6) ([merge request](gitlab-org/charts/gitlab!2028)) - [Remove ability to disable cluster from sidekiq values](gitlab-org/charts/gitlab@0de93fe181cd8c514aec013bf7e1541e1b41660b) ([merge request](gitlab-org/charts/gitlab!2024)) +## 4.12.13 (2021-10-29) + +No changes. + ## 4.12.12 (2021-09-21) No changes. -- GitLab From c2f94a9adfb707ce555552445feecc34c9a7ced7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Axel=20Garc=C3=ADa?= Date: Thu, 14 Oct 2021 18:06:48 -0300 Subject: [PATCH 086/253] Add one_trust_id config Changelog: added --- charts/gitlab/charts/webservice/values.yaml | 1 + charts/gitlab/templates/_gitlab.yaml.tpl | 3 +++ doc/charts/globals.md | 2 ++ values.yaml | 1 + 4 files changed, 7 insertions(+) diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index c12414b90e..8eb9e38941 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -326,6 +326,7 @@ extra: {} # matomo_url: '_your_matomo_url' # matomo_site_id: '_your_matomo_site_id' # matomo_disable_cookies: false + # one_trust_id: '_your_one_trust_id' rack_attack: git_basic_auth: enabled: false diff --git a/charts/gitlab/templates/_gitlab.yaml.tpl b/charts/gitlab/templates/_gitlab.yaml.tpl index c0093d0b20..7bdce3ccbe 100644 --- a/charts/gitlab/templates/_gitlab.yaml.tpl +++ b/charts/gitlab/templates/_gitlab.yaml.tpl @@ -66,6 +66,9 @@ extra: {{- if .extra.matomoDisableCookies }} matomo_disable_cookies: {{ eq true .extra.matomoDisableCookies }} {{- end }} + {{ if .extra.oneTrustId }} + one_trust_id: {{ .extra.oneTrustId | quote }} + {{- end }} {{- end -}} {{- define "gitlab.appConfig.rackAttack" -}} diff --git a/doc/charts/globals.md b/doc/charts/globals.md index d782bff96d..9dad255c09 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -807,6 +807,7 @@ global: matomoUrl: matomoSiteId: matomoDisableCookies: + oneTrustId: object_store: enabled: false proxy_download: true @@ -984,6 +985,7 @@ under the `extra` key below `appConfig`: | `extra.matomoSiteId` | String | (empty) | Matomo Site ID. | | `extra.matomoUrl` | String | (empty) | Matomo URL. | | `extra.matomoDisableCookies`| Boolean | (empty) | Disable Matomo cookies (corresponds to `disableCookies` in the Matomo script) | +| `extra.oneTrustId` | String | (empty) | OneTrust ID. | ### Consolidated object storage diff --git a/values.yaml b/values.yaml index 90ebe52865..7a80bdac5b 100644 --- a/values.yaml +++ b/values.yaml @@ -277,6 +277,7 @@ global: matomoUrl: matomoSiteId: matomoDisableCookies: + oneTrustId: ## https://docs.gitlab.com/charts/charts/globals#lfs-artifacts-uploads-packages-external-mr-diffs-and-dependency-proxy object_store: -- GitLab From c29de41c687684d3f50e78ddbba18448e0d06404 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 28 Oct 2021 14:42:33 -0500 Subject: [PATCH 087/253] Add specs for oneTrustId - When set: populates key with value - When not set: does not populate key or value - When nil: does not populate key or value --- spec/configuration/gitlab-yml-erb_spec.rb | 39 +++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index f725f690dc..6e39bb2620 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -122,6 +122,45 @@ describe 'gitlab.yml.erb configuration' do end end + context 'oneTrustId' do + let(:required_values) do + YAML.safe_load(%( + global: + appConfig: + extra: + oneTrustId: #{value} + )).merge(default_values) + end + + context 'when configured' do + let(:value) { 'foo' } + + it 'populates the gitlab.yml.erb with id' do + t = HelmTemplate.new(required_values) + expect(t.dig( + 'ConfigMap/test-webservice', + 'data', + 'gitlab.yml.erb' + )).to include('one_trust_id: "foo"') + end + end + + context 'when not configured' do + let(:value) { nil } + + it 'does not populate the gitlab.yml.erb' do + t = HelmTemplate.new(required_values) + + expect(t.exit_code).to eq(0) + expect(t.dig( + 'ConfigMap/test-webservice', + 'data', + 'gitlab.yml.erb' + )).not_to include('one_trust_id') + end + end + end + context 'sidekiq.routingRules on web' do let(:required_values) do value.merge(default_values) -- GitLab From d180f004933f91673ec0bdd7c80c31a35cf46f8b Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 29 Oct 2021 10:51:16 -0700 Subject: [PATCH 088/253] Raise Sidekiq job timeout from 5 to 25 seconds As described in https://github.com/mperham/sidekiq/wiki/Signals#term, Sidekiq by default will wait 25 seconds for jobs to terminate after receiving a TERM signal. We found that the 5-second value set in Charts was too low. Some jobs were being prematurely killed, causing jobs to be marked in the deduplication middleware but not actually enqueued (https://gitlab.com/gitlab-org/gitlab/-/issues/344151#note_718793765). Note that the pod timeout is 30 seconds, so this value should still work with that. Changelog: fixed --- charts/gitlab/charts/sidekiq/values.yaml | 2 +- doc/charts/gitlab/sidekiq/index.md | 2 +- spec/integration/check_config_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index 08dac3f149..d9087d7e2f 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -250,7 +250,7 @@ deployment: hpa: targetAverageValue: 350m -timeout: 5 +timeout: 25 resources: # limits: # memory: 5G diff --git a/doc/charts/gitlab/sidekiq/index.md b/doc/charts/gitlab/sidekiq/index.md index f1c694bc9b..50096800c9 100644 --- a/doc/charts/gitlab/sidekiq/index.md +++ b/doc/charts/gitlab/sidekiq/index.md @@ -71,7 +71,7 @@ to the `helm install` command using the `--set` flags: | `resources.requests.cpu` | `900m` | Sidekiq minimum needed CPU | | `resources.requests.memory` | `2G` | Sidekiq minimum needed memory | | `resources.limits.memory` | | Sidekiq maximum allowed memory | -| `timeout` | `5` | Sidekiq job timeout | +| `timeout` | `25` | Sidekiq job timeout | | `tolerations` | `[]` | Toleration labels for pod assignment | | `memoryKiller.daemonMode` | `true` | If `false`, uses the legacy memory killer mode | | `memoryKiller.maxRss` | `2000000` | Maximum RSS before delayed shutdown triggered expressed in kilobytes | diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 059c4e31ac..bcce8aaf78 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -953,7 +953,7 @@ describe 'checkConfig template' do )).deep_merge(default_required_values) end - let(:error_output) { 'You must set `terminationGracePeriodSeconds` (1) longer than `timeout` (5) for pod `valid-1`.' } + let(:error_output) { 'You must set `terminationGracePeriodSeconds` (1) longer than `timeout` (25) for pod `valid-1`.' } include_examples 'config validation', success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', -- GitLab From 809393492b2141a4c5e8aa6caa456c67dabad7be Mon Sep 17 00:00:00 2001 From: Dustin Collins <714871-dustinmm80@users.noreply.gitlab.com> Date: Mon, 1 Nov 2021 15:20:17 +0000 Subject: [PATCH 089/253] Update certmanager chart to 1.5 for Kubernetes 1.22 support --- requirements.yaml | 2 +- spec/configuration/node_selector_spec.rb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 34de7b7003..96dcf0c4e4 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -8,7 +8,7 @@ dependencies: - name: registry version: '*.*.*' - name: cert-manager - version: 1.2.0 + version: 1.5.4 repository: https://charts.jetstack.io/ condition: certmanager.install alias: certmanager diff --git a/spec/configuration/node_selector_spec.rb b/spec/configuration/node_selector_spec.rb index fbeba83095..98b4791b6d 100644 --- a/spec/configuration/node_selector_spec.rb +++ b/spec/configuration/node_selector_spec.rb @@ -55,6 +55,7 @@ describe 'Node Selector configuration' do 'Deployment/test-certmanager-cainjector', 'Deployment/test-certmanager-webhook', 'Deployment/test-certmanager', + 'Job/test-certmanager-startupapicheck', 'Deployment/test-gitlab-runner', 'Deployment/test-prometheus-server', 'StatefulSet/test-postgresql', -- GitLab From b663e0b232c846e1b63b49a91576b696fcefbc0e Mon Sep 17 00:00:00 2001 From: Dmytro Makovey Date: Mon, 1 Nov 2021 16:35:59 +0000 Subject: [PATCH 090/253] [Sidekiq] Support for podAntiAffinity with match labels of deployment name --- .../charts/sidekiq/templates/deployment.yaml | 3 +- .../gitlab/charts/sidekiq/templates/hpa.yaml | 4 +- doc/troubleshooting/index.md | 4 +- spec/configuration/database_spec.rb | 6 +- spec/configuration/global_spec.rb | 2 +- spec/configuration/sidekiq_spec.rb | 78 +++++++++---------- 6 files changed, 50 insertions(+), 47 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index ba823bcb26..8ec49a2178 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -27,7 +27,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ printf "%s-v1" ($queueName | trunc 60) }} + name: {{ printf "%s-v2" ($queueName | trunc 60) }} namespace: {{ $.Release.Namespace }} labels: {{- include "gitlab.standardLabels" $ | nindent 4 }} @@ -81,6 +81,7 @@ spec: labelSelector: matchLabels: {{- include "gitlab.selectorLabels" $ | nindent 18 }} + queue-pod-name: {{ .name }} {{- else if eq (default $.Values.global.antiAffinity .antiAffinity) "soft" }} affinity: podAntiAffinity: diff --git a/charts/gitlab/charts/sidekiq/templates/hpa.yaml b/charts/gitlab/charts/sidekiq/templates/hpa.yaml index 0b2b1021b8..930c713b75 100644 --- a/charts/gitlab/charts/sidekiq/templates/hpa.yaml +++ b/charts/gitlab/charts/sidekiq/templates/hpa.yaml @@ -10,7 +10,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ printf "%s-v1" ($queueName | trunc 60) }} + name: {{ printf "%s-v2" ($queueName | trunc 60) }} namespace: {{ $.Release.Namespace }} labels: {{- include "gitlab.standardLabels" $ | nindent 4 }} @@ -19,7 +19,7 @@ spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ printf "%s-v1" ($queueName | trunc 60) }} + name: {{ printf "%s-v2" ($queueName | trunc 60) }} minReplicas: {{ default $.Values.minReplicas .minReplicas }} maxReplicas: {{ default $.Values.maxReplicas .maxReplicas }} metrics: diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 3b036bca9b..b9689fae00 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -178,7 +178,9 @@ Sidekiq pods did not receive a unique selector prior to chart release `3.0.0`. [The problems with this were documented in](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/663). Upgrades to `3.0.0` using Helm will automatically delete the old Sidekiq deployments and create new ones by appending `-v1` to the -name of the Sidekiq `Deployments`,`HPAs`, and `Pods`. +name of the Sidekiq `Deployments`,`HPAs`, and `Pods`. + +Starting from `5.5.0` Helm will delete old Sidekiq deployments from prior versions and will use `-v2` suffix for `Pods`, `Deployments` and `HPAs`. If you continue to run into this error on the Sidekiq deployment when installing `3.0.0`, resolve these with the following steps: diff --git a/spec/configuration/database_spec.rb b/spec/configuration/database_spec.rb index f17abc2f17..c2580e85da 100644 --- a/spec/configuration/database_spec.rb +++ b/spec/configuration/database_spec.rb @@ -266,7 +266,7 @@ describe 'Database configuration' do .and match(/keepalives_interval: $/) .and match(/keepalives_count: $/) .and match(/tcp_user_timeout: $/) - sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v1','init-sidekiq-secrets').select { |item| + sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v2','init-sidekiq-secrets').select { |item| item['secret']['name'] == 'test-postgresql-password' } expect(sidekiq_secret_mounts.length).to eq(1) @@ -320,7 +320,7 @@ describe 'Database configuration' do .and match(/keepalives_interval: $/) .and match(/keepalives_count: $/) .and match(/tcp_user_timeout: $/) - sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v1','init-sidekiq-secrets').select { |item| + sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v2','init-sidekiq-secrets').select { |item| item['secret']['name'] == 'test-postgresql-password' && item['secret']['items'][0]['key'] == 'postgresql-password' } expect(sidekiq_secret_mounts.length).to eq(1) @@ -366,7 +366,7 @@ describe 'Database configuration' do expect(t.exit_code).to eq(0) # sidekiq gets "global" expect(t.dig('ConfigMap/test-sidekiq','data','database.yml.erb')).to include('host: "psql.global"') - sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v1','init-sidekiq-secrets').select { |item| + sidekiq_secret_mounts = t.projected_volume_sources('Deployment/test-sidekiq-all-in-1-v2','init-sidekiq-secrets').select { |item| item['secret']['name'] == 'global-postgresql-password' && item['secret']['items'][0]['key'] == 'global-password' } expect(sidekiq_secret_mounts.length).to eq(1) diff --git a/spec/configuration/global_spec.rb b/spec/configuration/global_spec.rb index 18f991b84f..b0e6a8807b 100644 --- a/spec/configuration/global_spec.rb +++ b/spec/configuration/global_spec.rb @@ -51,7 +51,7 @@ describe 'global configuration' do it 'configures the notification endpoint' do t = HelmTemplate.new(registry_notifications) expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" - expect(t.find_projected_secret('Deployment/test-sidekiq-all-in-1-v1', 'init-sidekiq-secrets', 'test-registry-notification')).to be true + expect(t.find_projected_secret('Deployment/test-sidekiq-all-in-1-v2', 'init-sidekiq-secrets', 'test-registry-notification')).to be true expect(t.find_projected_secret('Deployment/test-webservice-default', 'init-webservice-secrets', 'test-registry-notification')).to be true expect(t.find_projected_secret('Deployment/test-toolbox', 'init-toolbox-secrets', 'test-registry-notification')).to be true gitlab_config = t.dig('ConfigMap/test-sidekiq', 'data', 'gitlab.yml.erb') diff --git a/spec/configuration/sidekiq_spec.rb b/spec/configuration/sidekiq_spec.rb index 9d2c28c8b9..e55022340a 100644 --- a/spec/configuration/sidekiq_spec.rb +++ b/spec/configuration/sidekiq_spec.rb @@ -22,7 +22,7 @@ describe 'Sidekiq configuration' do context 'when setting extraEnv' do def container_name(pod) - "Deployment/test-sidekiq-#{pod}-v1" + "Deployment/test-sidekiq-#{pod}-v2" end context 'when the global value is set' do @@ -172,7 +172,7 @@ describe 'Sidekiq configuration' do expect(t.exit_code).to eq(0) expect(t.env( - 'Deployment/test-sidekiq-all-in-1-v1', + 'Deployment/test-sidekiq-all-in-1-v2', 'sidekiq')).to include( { 'name' => 'SIDEKIQ_DAEMON_MEMORY_KILLER', 'value' => '1' }, { 'name' => 'SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL', 'value' => '3' }, @@ -182,7 +182,7 @@ describe 'Sidekiq configuration' do ) expect(t.env( - 'Deployment/test-sidekiq-all-in-1-v1', + 'Deployment/test-sidekiq-all-in-1-v2', 'sidekiq')).not_to include( { 'name' => 'SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS' } ) @@ -193,7 +193,7 @@ describe 'Sidekiq configuration' do expect(t.exit_code).to eq(0) expect(t.env( - 'Deployment/test-sidekiq-all-in-1-v1', + 'Deployment/test-sidekiq-all-in-1-v2', 'sidekiq')).to include( { 'name' => 'SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS', 'value' => '9000000' } ) @@ -237,7 +237,7 @@ describe 'Sidekiq configuration' do expect(t.exit_code).to eq(0) expect(t.env( - 'Deployment/test-sidekiq-s0-v1', + 'Deployment/test-sidekiq-s0-v2', 'sidekiq')).to include( { 'name' => 'SIDEKIQ_DAEMON_MEMORY_KILLER', 'value' => '1' }, { 'name' => 'SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL', 'value' => '3' }, @@ -247,7 +247,7 @@ describe 'Sidekiq configuration' do ) expect(t.env( - 'Deployment/test-sidekiq-s0-v1', + 'Deployment/test-sidekiq-s0-v2', 'sidekiq')).not_to include( { 'name' => 'SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS' } ) @@ -258,13 +258,13 @@ describe 'Sidekiq configuration' do expect(t.exit_code).to eq(0) expect(t.env( - 'Deployment/test-sidekiq-s0-v1', + 'Deployment/test-sidekiq-s0-v2', 'sidekiq')).not_to include( { 'name' => 'SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS' } ) expect(t.env( - 'Deployment/test-sidekiq-s1-v1', + 'Deployment/test-sidekiq-s1-v2', 'sidekiq')).to include( { 'name' => 'SIDEKIQ_MEMORY_KILLER_MAX_RSS', 'value' => '9' }, ) @@ -317,12 +317,12 @@ describe 'Sidekiq configuration' do t = HelmTemplate.new(default_values) expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" expect(t.dig('ConfigMap/test-sidekiq', 'metadata', 'labels')).to include('global' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'metadata', 'labels')).not_to include('global' => 'global') - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') - expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-all-in-1-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'metadata', 'labels')).not_to include('global' => 'global') + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'metadata', 'labels')).to include('global' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') + expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-all-in-1-v2', 'metadata', 'labels')).to include('global' => 'sidekiq') expect(t.dig('NetworkPolicy/test-sidekiq-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') expect(t.dig('PodDisruptionBudget/test-sidekiq-all-in-1-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') expect(t.dig('ServiceAccount/test-sidekiq', 'metadata', 'labels')).to include('global' => 'sidekiq') @@ -368,26 +368,26 @@ describe 'Sidekiq configuration' do t = HelmTemplate.new(default_values) expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" expect(t.dig('ConfigMap/test-sidekiq', 'metadata', 'labels')).to include('global' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'metadata', 'labels')).to include('foo' => 'global') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'metadata', 'labels')).to include('sidekiq' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'metadata', 'labels')).not_to include('global' => 'global') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') - expect(t.dig('Deployment/test-sidekiq-pod-2-v1', 'spec', 'template', 'metadata', 'labels')).to include('deployment' => 'negateQueues') - expect(t.dig('Deployment/test-sidekiq-pod-2-v1', 'spec', 'template', 'metadata', 'labels')).to include('sidekiq' => 'pod-2') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'spec', 'template', 'metadata', 'labels')).to include('deployment' => 'fooQueue') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'metadata', 'labels')).to include('sidekiq' => 'pod-common-3') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-label-3') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'spec', 'template', 'metadata', 'labels')).to include('sidekiq' => 'pod-label-3') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'spec', 'template', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-common-3') - expect(t.dig('Deployment/test-sidekiq-pod-3-v1', 'spec', 'template', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') - expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-1-v1', 'metadata', 'labels')).to include('global' => 'sidekiq') - expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v1', 'metadata', 'labels')).to include('sidekiq' => 'pod-common-3') - expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-label-3') - expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'metadata', 'labels')).to include('foo' => 'global') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'metadata', 'labels')).to include('sidekiq' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'metadata', 'labels')).not_to include('global' => 'global') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'metadata', 'labels')).to include('global' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('global' => 'pod') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('global_pod' => 'true') + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'spec', 'template', 'metadata', 'labels')).to include('pod' => 'true') + expect(t.dig('Deployment/test-sidekiq-pod-2-v2', 'spec', 'template', 'metadata', 'labels')).to include('deployment' => 'negateQueues') + expect(t.dig('Deployment/test-sidekiq-pod-2-v2', 'spec', 'template', 'metadata', 'labels')).to include('sidekiq' => 'pod-2') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'spec', 'template', 'metadata', 'labels')).to include('deployment' => 'fooQueue') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'metadata', 'labels')).to include('sidekiq' => 'pod-common-3') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-label-3') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'spec', 'template', 'metadata', 'labels')).to include('sidekiq' => 'pod-label-3') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'spec', 'template', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-common-3') + expect(t.dig('Deployment/test-sidekiq-pod-3-v2', 'spec', 'template', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') + expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-1-v2', 'metadata', 'labels')).to include('global' => 'sidekiq') + expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v2', 'metadata', 'labels')).to include('sidekiq' => 'pod-common-3') + expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v2', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-label-3') + expect(t.dig('HorizontalPodAutoscaler/test-sidekiq-pod-3-v2', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') expect(t.dig('PodDisruptionBudget/test-sidekiq-pod-3-v1', 'metadata', 'labels')).to include('sidekiq' => 'pod-common-3') expect(t.dig('PodDisruptionBudget/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'pod-label-3') expect(t.dig('PodDisruptionBudget/test-sidekiq-pod-3-v1', 'metadata', 'labels')).not_to include('sidekiq' => 'sidekiq') @@ -413,7 +413,7 @@ describe 'Sidekiq configuration' do context 'with default deployment-global value and no pod-local value' do it 'sets default deployment-global value for terminationGracePeriodSeconds in the Pod spec' do t = HelmTemplate.new(default_values) - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(30) + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(30) end end @@ -429,7 +429,7 @@ describe 'Sidekiq configuration' do it 'sets user specified deployment-global value for terminationGracePeriodSeconds in the Pod spec' do t = HelmTemplate.new(default_values.deep_merge(chart_values)) - expect(t.dig('Deployment/test-sidekiq-all-in-1-v1', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(60) + expect(t.dig('Deployment/test-sidekiq-all-in-1-v2', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(60) end end @@ -447,7 +447,7 @@ describe 'Sidekiq configuration' do it 'sets user specified pod-local value for terminationGracePeriodSeconds in the Pod spec' do t = HelmTemplate.new(default_values.deep_merge(chart_values)) - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(55) + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(55) end end @@ -469,12 +469,12 @@ describe 'Sidekiq configuration' do it 'sets user specified pod-local value for terminationGracePeriodSeconds in the Pod spec' do t = HelmTemplate.new(default_values.deep_merge(chart_values)) - expect(t.dig('Deployment/test-sidekiq-pod-1-v1', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(66) + expect(t.dig('Deployment/test-sidekiq-pod-1-v2', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(66) end it 'sets user specified deployment-global value for terminationGracePeriodSeconds in the Pod spec where pod-local value is not set' do t = HelmTemplate.new(default_values.deep_merge(chart_values)) - expect(t.dig('Deployment/test-sidekiq-pod-2-v1', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(77) + expect(t.dig('Deployment/test-sidekiq-pod-2-v2', 'spec', 'template', 'spec', 'terminationGracePeriodSeconds')).to eq(77) end end end -- GitLab From a86456f133221aeab24ba3ced5e42514c81256f5 Mon Sep 17 00:00:00 2001 From: Evan Read Date: Mon, 1 Nov 2021 23:00:55 +0000 Subject: [PATCH 091/253] Use newer docs linting images --- .gitlab-ci.yml | 4 ++-- doc/development/release.md | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5784f9b3aa..a5c1bd3a4f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -473,7 +473,7 @@ rubocop: # Perform documentation linting on Markdown files check_docs_markdown: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.10.4-markdownlint-0.28.1 + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.12.0-markdownlint-0.29.0 stage: prepare cache: {} dependencies: [] @@ -492,7 +492,7 @@ check_docs_markdown: # Perform link checks on published HTML files check_docs_links: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.4-db71f027 + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.4-0fae0f62 stage: prepare cache: {} dependencies: [] diff --git a/doc/development/release.md b/doc/development/release.md index 6327270fde..45b38917cb 100644 --- a/doc/development/release.md +++ b/doc/development/release.md @@ -10,13 +10,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w ### Major Releases -Major releases will be for breaking changes **and** significant milestones in the chart or GitLab release. We will start at 0, and bump it to 1 for our GA release of the charts. +Major releases are for breaking changes **and** significant milestones in the chart or GitLab release. -We will bump it for: +We bump the major version number for: -- significant additions/changes (let's say we add pages by default, or we drop NGINX completely) -- breaking changes in GitLab or in the charts (requiring manual interaction to your existing install to upgrade) -- Major updates in the GitLab image. (the release of 12.0.0) +- Significant additions or changes. For example, we add Pages by default or we drop NGINX completely. +- Breaking changes in GitLab or in the charts, requiring manual interaction to upgrade your existing install. +- Major updates in the GitLab image (for example, the release of 12.0.0). ### Minor Releases -- GitLab From 68e2a6eacd25fa6d316c58a04dbe8b8a6825a2a8 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Tue, 2 Nov 2021 16:03:46 +0000 Subject: [PATCH 092/253] [CI] Print expected file path when backup specs fail --- spec/features/backups_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/features/backups_spec.rb b/spec/features/backups_spec.rb index 7e720b34d8..aa104b17a9 100644 --- a/spec/features/backups_spec.rb +++ b/spec/features/backups_spec.rb @@ -110,7 +110,8 @@ describe "Restoring a backup" do expect(status.success?).to be(true), "Error unarchiving generated backup: #{stdout}" Dir.glob("/tmp/original_backup/*") do |file| - expect(File.exist?("/tmp/test_backup/#{File.basename(file)}")).to be_truthy + file_path = "/tmp/test_backup/#{File.basename(file)}" + expect(File.exist?(file_path)).to be_truthy, "#{File.basename(file)} exists in original backup but not in test ( #{file_path} )" # extract every tar file if File.extname(file) == 'tar' cmd = "tar -xf #{file} -C /tmp/original_backup" -- GitLab From 117282784a0695ffc5447b62f076134066e92b67 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 1 Nov 2021 04:03:45 +0000 Subject: [PATCH 093/253] Update gitlab-org/container-registry from 3.13.0-gitlab to 3.14.1-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 0f6d06d18c..17051cda52 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.13.0-gitlab' + tag: 'v3.14.1-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 432a18d32c..46be4da8cc 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.13.0-gitlab' + tag: 'v3.14.1-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.13.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.14.1-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.13.0-gitlab'` +- `tag: 'v3.14.1-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 258e3eac85b6753f5f7c78a92f3e8051d989347e Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Wed, 3 Nov 2021 10:56:54 -0400 Subject: [PATCH 094/253] Workhorse: remove excess trim from object_store In real-world use, we discovered that there are occasions where there are too many `-%}` trim lines in the `gomplate` within the workhorse `object_store` rendered configuration. Remove all end-line trims from `end` and `if` statements. Closes https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2967 --- .../charts/webservice/templates/_helpers.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/_helpers.tpl b/charts/gitlab/charts/webservice/templates/_helpers.tpl index 25e1cb587f..613455b36e 100644 --- a/charts/gitlab/charts/webservice/templates/_helpers.tpl +++ b/charts/gitlab/charts/webservice/templates/_helpers.tpl @@ -101,12 +101,12 @@ If consolidated object storage is in use, read the connection YAML {%- $aws_secret_access_key := "" -%} {%- $azure_storage_account_name := "" -%} {%- $azure_storage_access_key := "" -%} -{%- if file.Exists "/etc/gitlab/minio/accesskey" -%} +{%- if file.Exists "/etc/gitlab/minio/accesskey" %} {%- $provider = "AWS" -%} {%- $aws_access_key_id = file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%} {%- $aws_secret_access_key = file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%} -{%- end -%} -{%- if file.Exists "/etc/gitlab/objectstorage/object_store" -%} +{%- end %} +{%- if file.Exists "/etc/gitlab/objectstorage/object_store" %} {%- $connection := file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%} {%- $provider = $connection.provider -%} {%- if has $connection "aws_access_key_id" -%} @@ -116,23 +116,23 @@ If consolidated object storage is in use, read the connection YAML {%- $azure_storage_account_name = $connection.azure_storage_account_name -%} {%- $azure_storage_access_key = $connection.azure_storage_access_key -%} {%- end -%} -{%- end -%} +{%- end %} {%- if has $supported_providers $provider %} [object_storage] provider = "{% $provider %}" -{% if eq $provider "AWS" -%} +{%- if eq $provider "AWS" %} # AWS / S3 object storage configuration. [object_storage.s3] # access/secret can be blank! aws_access_key_id = "{% $aws_access_key_id %}" aws_secret_access_key = "{% $aws_secret_access_key %}" -{% else if eq $provider "AzureRM" -%} +{%- else if eq $provider "AzureRM" %} # Azure Blob storage configuration. [object_storage.azurerm] azure_storage_account_name = "{% $azure_storage_account_name %}" azure_storage_access_key = "{% $azure_storage_access_key %}" -{%- end -%} -{%- end -%} +{%- end %} +{%- end %} {{- end -}} {{/* -- GitLab From 52cfb36d7acaa414c6fcdf9cf0b7425421e665a5 Mon Sep 17 00:00:00 2001 From: Dmitry Makovey Date: Tue, 26 Oct 2021 08:13:28 -0600 Subject: [PATCH 095/253] DRY up configmap templates --- .../charts/geo-logcursor/templates/configmap.yml | 9 +-------- .../charts/migrations/templates/configmap.yaml | 9 +-------- .../gitlab/charts/sidekiq/templates/configmap.yaml | 9 +-------- .../gitlab/charts/toolbox/templates/configmap.yaml | 9 +-------- .../gitlab/charts/webservice/templates/configmap.yml | 9 +-------- charts/gitlab/templates/_rails.redis.tpl | 12 ++++++++++++ 6 files changed, 17 insertions(+), 40 deletions(-) diff --git a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml index 6d7e7bedf5..259e5fbbe0 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml +++ b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml @@ -16,14 +16,7 @@ data: {{- include "gitlab.geo.database.yml" . | nindent 4 }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - {{- include "gitlab.rails.redis.resque" . | nindent 2 }} - {{- include "gitlab.rails.redis.cache" . | nindent 2 }} - {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} - {{- include "gitlab.rails.redis.queues" . | nindent 2 }} - {{- include "gitlab.rails.redis.cable" . | nindent 2 }} - {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} - {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} - {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} + {{- include "gitlab.rails.redis.all" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index a3e26343a6..c6ff38f5fe 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -18,14 +18,7 @@ data: database_geo.yml.erb: | {{- include "gitlab.geo.database.yml" $ | nindent 4 }} {{- end }} - {{- include "gitlab.rails.redis.resque" . | nindent 2 }} - {{- include "gitlab.rails.redis.cache" . | nindent 2 }} - {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} - {{- include "gitlab.rails.redis.queues" . | nindent 2 }} - {{- include "gitlab.rails.redis.cable" . | nindent 2 }} - {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} - {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} - {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} + {{- include "gitlab.rails.redis.all" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 6949f8ee49..a159788ca9 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -19,14 +19,7 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - {{- include "gitlab.rails.redis.resque" . | nindent 2 }} - {{- include "gitlab.rails.redis.cache" . | nindent 2 }} - {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} - {{- include "gitlab.rails.redis.queues" . | nindent 2 }} - {{- include "gitlab.rails.redis.cable" . | nindent 2 }} - {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} - {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} - {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} + {{- include "gitlab.rails.redis.all" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/toolbox/templates/configmap.yaml b/charts/gitlab/charts/toolbox/templates/configmap.yaml index b05af442dd..414ff19495 100644 --- a/charts/gitlab/charts/toolbox/templates/configmap.yaml +++ b/charts/gitlab/charts/toolbox/templates/configmap.yaml @@ -17,14 +17,7 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - {{- include "gitlab.rails.redis.resque" . | nindent 2 }} - {{- include "gitlab.rails.redis.cache" . | nindent 2 }} - {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} - {{- include "gitlab.rails.redis.queues" . | nindent 2 }} - {{- include "gitlab.rails.redis.cable" . | nindent 2 }} - {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} - {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} - {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} + {{- include "gitlab.rails.redis.all" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 87d9b5e576..3952632658 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -28,14 +28,7 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - {{- include "gitlab.rails.redis.resque" . | nindent 2 }} - {{- include "gitlab.rails.redis.cache" . | nindent 2 }} - {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} - {{- include "gitlab.rails.redis.queues" . | nindent 2 }} - {{- include "gitlab.rails.redis.cable" . | nindent 2 }} - {{- include "gitlab.rails.redis.traceChunks" . | nindent 2 }} - {{- include "gitlab.rails.redis.rateLimiting" . | nindent 2 }} - {{- include "gitlab.rails.redis.sessions" . | nindent 2 }} + {{- include "gitlab.rails.redis.all" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index b4e87d0cc6..688bd6eb07 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -76,3 +76,15 @@ If no `global.redis.actioncable`, use `global.redis` {{- end -}} {{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "cable") -}} {{- end -}} + + +{{- define "gitlab.rails.redis.all" -}} +{{ include "gitlab.rails.redis.resque" . }} +{{ include "gitlab.rails.redis.cache" . }} +{{ include "gitlab.rails.redis.sharedState" . }} +{{ include "gitlab.rails.redis.queues" . }} +{{ include "gitlab.rails.redis.cable" . }} +{{ include "gitlab.rails.redis.traceChunks" . }} +{{ include "gitlab.rails.redis.rateLimiting" . }} +{{ include "gitlab.rails.redis.sessions" . }} +{{- end -}} \ No newline at end of file -- GitLab From a72802f022b1ca57a0d01143e0adb3660930d9db Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 3 Nov 2021 17:40:27 +0000 Subject: [PATCH 096/253] Document impact of 'it' blocks on test speed --- doc/development/rspec.md | 43 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/doc/development/rspec.md b/doc/development/rspec.md index ef9de084d2..e27abcb395 100644 --- a/doc/development/rspec.md +++ b/doc/development/rspec.md @@ -335,3 +335,46 @@ available, then the tests in the `features` directory will be skipped. At the start of an RSpec run `kubectl get nodes` will be checked for results and if it returns successfully the tests in the `features` directory will be included. + +## Optimizing test speed + +Each `it` block runs a Helm template, which is a time and resource intensive +operation. Given the high frequency of these blocks in our RSpec test suites, +we aim to reduce the number of `it` blocks where possible. + +The [RSpec docs](https://relishapp.com/rspec/rspec-core/v/3-10/docs/helper-methods/let-and-let) +provide further explanation: + +>>> +Use `let` to define a memoized helper method. The value will be cached +across multiple calls in the same example but not across examples. +>>> + +For example, consider this test refactor: + +Before: ~14 seconds to run + +```ruby +let(:template) { HelmTemplate.new(deployments_values) } + +it 'properly sets the global ingress provider when not specified' do + expect(template.annotations('Ingress/test-webservice-default')).to include('kubernetes.io/ingress.provider' => 'global-provider') +end + +it 'properly sets the local ingress provider when specified' do + expect(template.annotations('Ingress/test-webservice-second')).to include('kubernetes.io/ingress.provider' => 'second-provider') +end +``` + +After: ~5 seconds to run + +```ruby +let(:template) { HelmTemplate.new(deployments_values) } + +it 'properly sets the ingress provider' do + expect(template.annotations('Ingress/test-webservice-default')).to include('kubernetes.io/ingress.provider' => 'global-provider') + expect(template.annotations('Ingress/test-webservice-second')).to include('kubernetes.io/ingress.provider' => 'second-provider') +end +``` + +Consolidating two `it` blocks into one leads to significant time savings because it reduces the number of calls to `helm template`. -- GitLab From 41054d9f585646502fd63108314af76dafb9e3ff Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 3 Nov 2021 19:01:12 +0000 Subject: [PATCH 097/253] Update version mapping for 4.12.13 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 775bac00f1..06e91bc564 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -44,6 +44,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.0.2 | 14.0.2 | | 5.0.1 | 14.0.1 | | 5.0.0 | 14.0.0 | +| 4.12.13 | 13.12.15 | | 4.12.12 | 13.12.12 | | 4.12.11 | 13.12.11 | | 4.12.10 | 13.12.10 | -- GitLab From eef173d0d056af44d8178d0cd7f400d0ad8ea16c Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 2 Nov 2021 15:24:04 -0400 Subject: [PATCH 098/253] CI: switch and release to CI_COMMIT_REF_SLUG Fix pipeline issue, where `CI_COMMIT_REF_NAME` has `/` character, which causes failure due to invalid specification. Relates to #2952 --- .gitlab-ci.yml | 52 ++++++++++++++++++++-------------------- scripts/ci/autodevops.sh | 4 ++-- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a5c1bd3a4f..c849ce60d0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -198,11 +198,11 @@ review_gke: DNS_PROVIDER: "google" extends: .review_template environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke auto_stop_in: 4 days - resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" review_gke_dev: variables: @@ -210,11 +210,11 @@ review_gke_dev: HELM_EXTRA_ARGS: "-f scripts/ci/values-dev-images.yaml" extends: .review_template environment: - name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke_dev auto_stop_in: 4 days - resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" only: refs: - /.*-stable/@gitlab/charts/gitlab @@ -226,11 +226,11 @@ review_eks: DNS_PROVIDER: "aws" extends: .review_template environment: - name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks auto_stop_in: 4 days - resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" + resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" .stop_review_template: stage: review @@ -261,13 +261,13 @@ review_eks: stop_review_gke: extends: .stop_review_template environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG action: stop stop_review_gke_dev: extends: .stop_review_template environment: - name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG action: stop only: refs: @@ -278,7 +278,7 @@ stop_review_gke_dev: stop_review_eks: extends: .stop_review_template environment: - name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG action: stop # Keys that start with a dot (.) will not be processed by GitLab CI. @@ -368,7 +368,7 @@ stable_eks: review_helm_test: stage: qa environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke script: @@ -411,7 +411,7 @@ debug_review: paths: - variables environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke variables: @@ -544,8 +544,8 @@ review-docs-deploy: extends: - .review-docs environment: - name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME - url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} + name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG + url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} on_stop: review-docs-cleanup script: - ./trigger-build docs deploy @@ -555,7 +555,7 @@ review-docs-cleanup: extends: - .review-docs environment: - name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: review-docs/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG action: stop script: - ./trigger-build docs cleanup @@ -596,10 +596,10 @@ review_specs_gke: VARIABLES_FILE: "variables/review_gke" RSPEC_TAGS: type:feature environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_gke - resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" + resource_group: "gke-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" only: refs: - branches @@ -618,10 +618,10 @@ review_specs_gke: # VARIABLES_FILE: "variables/review_gke_dev" # RSPEC_TAGS: type:feature # environment: -# name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME +# name: dev_gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG # url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN # on_stop: stop_review_gke_dev -# resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" +# resource_group: "gke-review-app-dev-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" # only: # refs: # - /.*-stable/@gitlab/charts/gitlab @@ -634,10 +634,10 @@ review_specs_eks: VARIABLES_FILE: "variables/review_eks" RSPEC_TAGS: type:feature environment: - name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN on_stop: stop_review_eks - resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME}" + resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}" only: refs: - branches @@ -816,7 +816,7 @@ qa_gke: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG on_stop: stop_review_gke qa_eks: @@ -825,7 +825,7 @@ qa_eks: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG on_stop: stop_review_eks qa_gke_production: @@ -834,7 +834,7 @@ qa_gke_production: VARIABLES_FILE: "variables/stable_gke" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: gke_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG qa_eks_production: extends: .qa_production @@ -842,7 +842,7 @@ qa_eks_production: VARIABLES_FILE: "variables/stable_eks" TEST_SUITE: '--tag smoke --tag reliable' environment: - name: eks_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_production/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG # QA jobs for Full E2E suites @@ -853,7 +853,7 @@ qa_gke_manual_full_suite: VARIABLES_FILE: "variables/review_gke" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: gke_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG on_stop: stop_review_gke when: manual @@ -864,7 +864,7 @@ qa_eks_manual_full_suite: VARIABLES_FILE: "variables/review_eks" TEST_SUITE: '--tag ~smoke --tag ~reliable --tag ~orchestrated --tag ~transient' environment: - name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME + name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG on_stop: stop_review_eks when: manual diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index 9827686330..a24e7226fd 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -8,8 +8,8 @@ export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} # Derive the Helm RELEASE argument from CI_ENVIRONMENT_SLUG if [[ $CI_ENVIRONMENT_SLUG =~ ^.{3}-review ]]; then - # if a "review", use $REVIEW_REF_PREFIX$CI_COMMIT_REF_NAME - RELEASE_NAME=rvw-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_NAME} + # if a "review", use $REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG + RELEASE_NAME=rvw-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG} # Trim release name to leave room for prefixes/suffixes RELEASE_NAME=${RELEASE_NAME:0:30} # Trim any hyphens in the suffix -- GitLab From 4ac04658551ec83a77b3fc0966b94167552f369a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 5 Nov 2021 17:49:14 +0000 Subject: [PATCH 099/253] Update changelog for 5.0.12 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb78833b39..02558dedae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -182,6 +182,10 @@ No changes. - [Do not automount SA token when not needed](gitlab-org/charts/gitlab@108af40ae28e55c882feae66eaecd3a0d0f45996) ([merge request](gitlab-org/charts/gitlab!2093)) +## 5.0.12 (2021-11-05) + +No changes. + ## 5.0.11 (2021-09-23) No changes. -- GitLab From daa5e223a9dffe6d67c6aa120a9f5b13cf2183b3 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 5 Nov 2021 17:49:29 +0000 Subject: [PATCH 100/253] Update version mapping for 5.0.12 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 06e91bc564..2ff9d889ca 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -32,6 +32,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.1.2 | 14.1.2 | | 5.1.1 | 14.1.1 | | 5.1.0 | 14.1.0 | +| 5.0.12 | 14.0.12 | | 5.0.11 | 14.0.11 | | 5.0.10 | 14.0.10 | | 5.0.9 | 14.0.9 | -- GitLab From 06096ef2c0009d81cb6638075da455b0bab5edc7 Mon Sep 17 00:00:00 2001 From: "Balasankar \"Balu\" C" Date: Fri, 5 Nov 2021 08:54:21 +0530 Subject: [PATCH 101/253] Remove obsolete Rakefile Signed-off-by: Balasankar "Balu" C --- Rakefile | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 Rakefile diff --git a/Rakefile b/Rakefile deleted file mode 100644 index e5af9d1130..0000000000 --- a/Rakefile +++ /dev/null @@ -1,9 +0,0 @@ -require_relative 'scripts/update-docker-images.rb' - -namespace :images do - - desc 'Sync images between dev and com registries' - task :sync, [:edition] do |t, args| - CNGImageSync.execute(edition: args[:edition]) - end -end -- GitLab From 5a81b9f0240ae4464c11d5c3e30e9a90c03814dc Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 8 Nov 2021 12:02:33 +0000 Subject: [PATCH 102/253] Update changelog for 5.4.2 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02558dedae..b3fc1a0212 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.4.2 (2021-11-08) + +No changes. + ## 5.4.1 (2021-10-28) No changes. -- GitLab From 296450853fb64c074d26f50a691bc93741505520 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 8 Nov 2021 12:02:54 +0000 Subject: [PATCH 103/253] Update Chart versions to 5.4.2 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 244b88fe09..a22766f5e3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.4.1 +version: 5.4.2 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 7b2772113e..a8c4d2cc94 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.4.1 +version: 5.4.2 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 73486230c5..6b46298f45 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.4.1 +version: 5.4.2 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 608bc6d927..35bbe810bc 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.4.1 +version: 5.4.2 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index fb75082a2b..b7a54804f6 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.4.1 +version: 5.4.2 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 604d49af8c..622ac1b6a1 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.4.1 +version: 5.4.2 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 2d64dcbb2e..59e2183290 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.4.1 +version: 5.4.2 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 4dcbb357a6..83a0e7c6e7 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.4.1 +version: 5.4.2 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 1b7d14f323..f8a71c5747 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.4.1 +version: 5.4.2 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 178ce6b070..7553ce1855 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.4.1 +version: 5.4.2 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index a896acee81..9d5525ed75 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.4.1 +version: 5.4.2 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 39234c3b6d..bce2d5fd00 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.4.1 +version: 5.4.2 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index c4ff79925e..b3219c52bd 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.4.1 +version: 5.4.2 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index bbb37f661a..961e652343 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.4.1 +version: 5.4.2 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 123a8e1b24..46e23f3c3a 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.4.1 +version: 5.4.2 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 3c3009c53cfda178e3859d50668253747a3dce44 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 8 Nov 2021 12:02:57 +0000 Subject: [PATCH 104/253] Update version mapping for 5.4.2 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 2ff9d889ca..427447993f 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | | 5.3.4 | 14.3.4 | -- GitLab From 468faf18ced694c0135a3deebe09e09d8324f9c9 Mon Sep 17 00:00:00 2001 From: "Balasankar \"Balu\" C" Date: Mon, 25 Oct 2021 12:33:00 +0530 Subject: [PATCH 105/253] Add knapsack for parallelizing tests not run on a cluster Signed-off-by: Balasankar "Balu" C --- .gitignore | 1 + .gitlab-ci.yml | 7 +++---- Gemfile | 23 +++++++++++++---------- Gemfile.lock | 3 +++ Rakefile | 2 ++ scripts/ci/run_specs | 20 ++++++++++++++++++++ 6 files changed, 42 insertions(+), 14 deletions(-) create mode 100644 Rakefile create mode 100755 scripts/ci/run_specs diff --git a/.gitignore b/.gitignore index f2d41534c9..2208ad1abb 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ gems .bundle build spec/examples.txt +knapsack_rspec_report.json diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c849ce60d0..edc39ee20c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -575,10 +575,7 @@ review-docs-cleanup: S3_CONFIG_PATH: /etc/gitlab/minio script: - ./scripts/ci/install_spec_dependencies - - if [[ -n "${VARIABLES_FILE}" ]]; then source "${VARIABLES_FILE}"; ./scripts/ci/feature_spec_setup; else ./scripts/ci/integration_spec_setup; fi - - bundle config set path 'gems' - - bundle install -j $(nproc) - - bundle exec rspec -c -f d spec -t "${RSPEC_TAGS}" + - ./scripts/ci/run_specs artifacts: when: on_failure expire_in: 7d @@ -654,6 +651,7 @@ specs_without_cluster: variables: RSPEC_TAGS: ~type:feature needs: [] + parallel: 5 except: refs: - /(^docs[\/-].+|.+-docs$)/ @@ -671,6 +669,7 @@ production_specs_without_cluster: extends: .production_specs variables: RSPEC_TAGS: ~type:feature + parallel: 5 except: refs: - /(^docs[\/-].+|.+-docs$)/ diff --git a/Gemfile b/Gemfile index d6f88cf9bc..41f5a60643 100644 --- a/Gemfile +++ b/Gemfile @@ -1,15 +1,18 @@ source 'https://rubygems.org' -gem 'rspec' -gem 'rspec-retry' -gem 'rspec-parameterized', require: false -gem 'aws-sdk-s3' -gem 'capybara' -gem 'selenium-webdriver' -gem 'capybara-screenshot' -gem 'docker-api' -gem 'rake' -gem 'hash-deep-merge' +group :test do + gem 'rspec' + gem 'rspec-retry' + gem 'rspec-parameterized', require: false + gem 'aws-sdk-s3' + gem 'capybara' + gem 'selenium-webdriver' + gem 'capybara-screenshot' + gem 'docker-api' + gem 'rake' + gem 'hash-deep-merge' + gem 'knapsack' +end group :rubocop do gem 'gitlab-styles', '~> 6.1', require: false diff --git a/Gemfile.lock b/Gemfile.lock index c743950d12..7e8f7cb4c3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -68,6 +68,8 @@ GEM concurrent-ruby (~> 1.0) ice_nine (0.11.2) jmespath (1.4.0) + knapsack (4.0.0) + rake launchy (2.4.3) addressable (~> 2.3) memoizable (0.4.2) @@ -184,6 +186,7 @@ DEPENDENCIES docker-api gitlab-styles (~> 6.1) hash-deep-merge + knapsack pry rake rspec diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000000..c37d76c72c --- /dev/null +++ b/Rakefile @@ -0,0 +1,2 @@ +require 'knapsack' +Knapsack.load_tasks diff --git a/scripts/ci/run_specs b/scripts/ci/run_specs new file mode 100755 index 0000000000..dfb042042c --- /dev/null +++ b/scripts/ci/run_specs @@ -0,0 +1,20 @@ +#!/bin/bash + +if [[ -n "${VARIABLES_FILE}" ]]; then + source "${VARIABLES_FILE}" + ./scripts/ci/feature_spec_setup +else + ./scripts/ci/integration_spec_setup +fi + +bundle config set path 'gems' +bundle install -j $(nproc) + +# For tests not being run on a cluster, use knapsack for parallelizing +if [[ "${RSPEC_TAGS}" == "~type:feature" ]]; then + echo "Here" + echo "{}" > knapsack_rspec_report.json + bundle exec rake "knapsack:rspec[--color --format documentation --tag '${RSPEC_TAGS}']" +else + bundle exec rspec -c -f d spec -t "${RSPEC_TAGS}" +fi -- GitLab From 81a8c5e21f676b02ee6fe506aee5c63cf4140aa0 Mon Sep 17 00:00:00 2001 From: Ben Prescott Date: Tue, 20 Jul 2021 11:34:57 +0100 Subject: [PATCH 106/253] Docs: troubleshooting "the remote end hung up unexpectedly" --- doc/architecture/resource-usage.md | 11 +++++--- doc/troubleshooting/index.md | 40 ++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/doc/architecture/resource-usage.md b/doc/architecture/resource-usage.md index 57daf57be0..af4677d484 100644 --- a/doc/architecture/resource-usage.md +++ b/doc/architecture/resource-usage.md @@ -9,10 +9,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w ## Resource Requests All of our containers include predefined resource request values. By default we -have not put resource limits into place. But we recommend users set limits, particularly -on memory if they are running on nodes without a lot of excess memory capacity. -(You want to avoid running out of memory on any of your Kubernetes nodes, as the -Kernel memory killer may end essential Kube processes) +have not put resource limits into place. If your nodes do not have excess memory +capacity, one option is to apply memory limits, though adding more memory (or nodes) +would be preferable. (You want to avoid running out of memory on any of your +Kubernetes nodes, as the Kernel memory killer may end essential Kube processes) In order to come up with our default request values, we run the application, and come up with a way to generate various levels of load for each service. We monitor the @@ -88,6 +88,9 @@ In future tests we will try to include sustained concurrent load, to better matc - cpu: > `300m` (greater than stress task) - memory: > `20M` (greater than stress task) +Check the [troubleshooting documentation](../troubleshooting/index.md#git-over-ssh-the-remote-end-hung-up-unexpectedly) +for details on what might happen if `gitlab-shell.limits.memory` is set too low. + ### Webservice Webservice resources were analyzed during testing with the diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index b9689fae00..45b01d5277 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -309,3 +309,43 @@ thus causing the extra load in the `/api/v4/jobs/requests` endpoint. To fix this workhorse: keywatcher: true ``` + +## Git over SSH: `the remote end hung up unexpectedly` + +Git operations over SSH may fail intermittently with the following error: + +```plaintext +fatal: the remote end hung up unexpectedly +fatal: early EOF +fatal: index-pack failed +``` + +There are a number of potential causes for this. + +### Network timeouts + +Long running connections from Git clients doing things like compressing objects before sending might run +into timeouts such as [the haxproxy timeout_client](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy/-/blob/bac2c92cec052783b8d34244bb1e4afda95c5eb5/attributes/default.rb#L39) +setting. + +From [Chart 5.0 (GitLab 14.0)](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049) a +keepalive can be set in `sshd`: + +```yaml + gitlab-shell: + config: + clientAliveInterval: 15 +``` + +### `gitlab-shell` memory + +By default, the chart does not set a limit on GitLab Shell memory. +If `gitlab-shell.limits.memory` is set too low, Git operations over SSH may fail with these errors. + +Check with `kubectl describe nodes` to confirm that this is caused by memory limits rather than +timeouts over the network. + +```plaintext +System OOM encountered, victim process: gitlab-shell +Memory cgroup out of memory: Killed process 3141592 (gitlab-shell) +``` -- GitLab From a36a08e3c9c5f61d2c3ff4947c2222342998c3f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ben=20Prescott=20=40bprescott=5F=E2=86=99=20=E2=98=BA?= Date: Fri, 29 Oct 2021 06:18:59 +0000 Subject: [PATCH 107/253] Technical review of remote end hung up --- doc/architecture/resource-usage.md | 2 +- doc/troubleshooting/index.md | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/architecture/resource-usage.md b/doc/architecture/resource-usage.md index af4677d484..8424bc781e 100644 --- a/doc/architecture/resource-usage.md +++ b/doc/architecture/resource-usage.md @@ -89,7 +89,7 @@ In future tests we will try to include sustained concurrent load, to better matc - memory: > `20M` (greater than stress task) Check the [troubleshooting documentation](../troubleshooting/index.md#git-over-ssh-the-remote-end-hung-up-unexpectedly) -for details on what might happen if `gitlab-shell.limits.memory` is set too low. +for details on what might happen if `gitlab.gitlab-shell.resources.limits.memory` is set too low. ### Webservice diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 45b01d5277..4ea9b88be2 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -324,14 +324,14 @@ There are a number of potential causes for this. ### Network timeouts -Long running connections from Git clients doing things like compressing objects before sending might run -into timeouts such as [the haxproxy timeout_client](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy/-/blob/bac2c92cec052783b8d34244bb1e4afda95c5eb5/attributes/default.rb#L39) -setting. +Git clients sometimes open a connection and leave it idling, for example: while compressing objects. +Settings such as `timeout client` in HAProxy may cause these idle connections to get terminated. -From [Chart 5.0 (GitLab 14.0)](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049) a +In [GitLab 14.0 (chart version 5.0)](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049) and later a keepalive can be set in `sshd`: ```yaml +gitlab: gitlab-shell: config: clientAliveInterval: 15 @@ -340,7 +340,7 @@ keepalive can be set in `sshd`: ### `gitlab-shell` memory By default, the chart does not set a limit on GitLab Shell memory. -If `gitlab-shell.limits.memory` is set too low, Git operations over SSH may fail with these errors. +If `gitlab.gitlab-shell.resources.limits.memory` is set too low, Git operations over SSH may fail with these errors. Check with `kubectl describe nodes` to confirm that this is caused by memory limits rather than timeouts over the network. -- GitLab From 7d4f7a807de77cbf569fe19e5162b5a5ac745ddb Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Fri, 29 Oct 2021 09:03:53 +0000 Subject: [PATCH 108/253] TW review of remote end hung up --- doc/troubleshooting/index.md | 44 ++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 4ea9b88be2..1dafa73954 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -312,7 +312,7 @@ workhorse: ## Git over SSH: `the remote end hung up unexpectedly` -Git operations over SSH may fail intermittently with the following error: +Git operations over SSH might fail intermittently with the following error: ```plaintext fatal: the remote end hung up unexpectedly @@ -320,32 +320,32 @@ fatal: early EOF fatal: index-pack failed ``` -There are a number of potential causes for this. +There are a number of potential causes for this error: -### Network timeouts +- **Network timeouts**: -Git clients sometimes open a connection and leave it idling, for example: while compressing objects. -Settings such as `timeout client` in HAProxy may cause these idle connections to get terminated. + Git clients sometimes open a connection and leave it idling, like when compressing objects. + Settings like `timeout client` in HAProxy might cause these idle connections to be terminated. -In [GitLab 14.0 (chart version 5.0)](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049) and later a -keepalive can be set in `sshd`: + In [GitLab 14.0 (chart version 5.0)](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049) + and later, you can set a keepalive in `sshd`: -```yaml -gitlab: - gitlab-shell: - config: - clientAliveInterval: 15 -``` + ```yaml + gitlab: + gitlab-shell: + config: + clientAliveInterval: 15 + ``` -### `gitlab-shell` memory +- **`gitlab-shell` memory**: -By default, the chart does not set a limit on GitLab Shell memory. -If `gitlab.gitlab-shell.resources.limits.memory` is set too low, Git operations over SSH may fail with these errors. + By default, the chart does not set a limit on GitLab Shell memory. + If `gitlab.gitlab-shell.resources.limits.memory` is set too low, Git operations over SSH may fail with these errors. -Check with `kubectl describe nodes` to confirm that this is caused by memory limits rather than -timeouts over the network. + Run `kubectl describe nodes` to confirm that this is caused by memory limits rather than + timeouts over the network. -```plaintext -System OOM encountered, victim process: gitlab-shell -Memory cgroup out of memory: Killed process 3141592 (gitlab-shell) -``` + ```plaintext + System OOM encountered, victim process: gitlab-shell + Memory cgroup out of memory: Killed process 3141592 (gitlab-shell) + ``` -- GitLab From f471b6ae5697a11b6136b3d831d5e144ce8677c1 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Mon, 8 Nov 2021 10:28:38 +0000 Subject: [PATCH 109/253] Kernel OOM improvement --- doc/architecture/resource-usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/architecture/resource-usage.md b/doc/architecture/resource-usage.md index 8424bc781e..801417c49a 100644 --- a/doc/architecture/resource-usage.md +++ b/doc/architecture/resource-usage.md @@ -12,7 +12,7 @@ All of our containers include predefined resource request values. By default we have not put resource limits into place. If your nodes do not have excess memory capacity, one option is to apply memory limits, though adding more memory (or nodes) would be preferable. (You want to avoid running out of memory on any of your -Kubernetes nodes, as the Kernel memory killer may end essential Kube processes) +Kubernetes nodes, as the Linux kernel's [out of memory manager](https://www.kernel.org/doc/gorman/html/understand/understand016.html) may end essential Kube processes) In order to come up with our default request values, we run the application, and come up with a way to generate various levels of load for each service. We monitor the -- GitLab From 2f60553e6dab432c88febede1968c369335da4af Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 4 Nov 2021 04:02:21 +0000 Subject: [PATCH 110/253] Update gitlab-org/container-registry from 3.14.1-gitlab to 3.14.2-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 17051cda52..f1d9917072 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.14.1-gitlab' + tag: 'v3.14.2-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 46be4da8cc..6b0b6cc21c 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.14.1-gitlab' + tag: 'v3.14.2-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.14.1-gitlab` | Version of the image to use | +| `image.tag` | `v3.14.2-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.14.1-gitlab'` +- `tag: 'v3.14.2-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From d0eb5af19c50321d60fcc9b37fd926d2f772b9c7 Mon Sep 17 00:00:00 2001 From: Ben Prescott Date: Fri, 16 Jul 2021 17:13:34 +0100 Subject: [PATCH 111/253] Docs: TLS troublshooting --- doc/troubleshooting/index.md | 157 +++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 1dafa73954..20c0cb515d 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -349,3 +349,160 @@ There are a number of potential causes for this error: System OOM encountered, victim process: gitlab-shell Memory cgroup out of memory: Killed process 3141592 (gitlab-shell) ``` + +## TLS and certificates + +If your GitLab instance needs to trust a private TLS certificate authority, GitLab might +fail to handshake with other services like object storage, Elasticsearch, Jira, or Jenkins: + +```plaintext +error: certificate verify failed (unable to get local issuer certificate) +``` + +Partial trust of certificates signed by private certificate authorities can occur if: + +- The supplied certificates are not in separate files. +- The certificates init container doesn't perform all the required steps. + +Also, GitLab is mostly written in Ruby on Rails and Golang, and each language's +TLS libraries work differently. This difference can result in issues like job logs +failing to render in the GitLab UI but raw job logs downloading without issue. + +Additionally, depending on the `proxy_download` configuration, your browser is +redirected to the object storage with no issues if the trust store is correctly configured. +At the same time, TLS handshakes by one or more GitLab components could still fail. + +### Certificate trust setup and troubleshooting + +As part of troubleshooting certificate issues, be sure to: + +- Create secrets for each certificate you need to trust. +- Provide only one certificate per file. + + ```plaintext + kubectl create secret generic custom-ca --from-file=unique_name=/path/to/cert + ``` + + In this example, the certificate is stored using the key name `unique_name` + +If you supply a bundle or a chain, some GitLab components won't work. + +Query secrets with `kubectl get secrets` and `kubectl describe secrets/secretname`, +which shows the key name for the certificate under `Data`. + +Supply additional certificates to trust using `global.certificates.customCAs` +[in the chart globals](../charts/globals.md#custom-certificate-authorities). + +When a pod is deployed, an init container mounts the certificates and sets them up so the GitLab +components can use them. The init container is`registry.gitlab.com/gitlab-org/build/cng/alpine-certificates`. + +Additional certificates are mounted into the container at `/usr/local/share/ca-certificates`, +using the secret key name as the certificate filename. + +The init container runs `/scripts/bundle-certificates` ([source](https://gitlab.com/gitlab-org/build/CNG-mirror/-/blob/master/alpine-certificates/scripts/bundle-certificates)). +In that script, `update-ca-certificates`: + +1. Copies custom certificates from `/usr/local/share/ca-certificates` to `/etc/ssl/certs`. +1. Compiles a bundle `ca-certificates.crt`. +1. Generates hashes for each certificate and creates a symlink using the hash, + which is required for Rails. Certificate bundles are skipped with a warning: + + ```plaintext + WARNING: unique_name does not contain exactly one certificate or CRL: skipping + ``` + +[Troubleshoot the init container's status and logs](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-init-containers/#getting-details-about-init-containers). +For example, to view the logs for the certificates init container and check for warnings: + +```plaintext +kubectl logs gitlab-webservice-default-pod -c certificates +``` + +### Check on the Rails console + +Use the task runner pod to verify if Rails trusts the certificates you supplied. + +1. Start a rails console: + + ```shell + kubectl get pods | grep task-runner + kubectl exec -it -- bash + /srv/gitlab/bin/rails console + ``` + +1. Verify the location Rails checks for certificate authorities: + + ```ruby + OpenSSL::X509::DEFAULT_CERT_DIR + ``` + +1. Execute an HTTPS query in the Rails console: + + ```ruby + ## Configure a web server to connect to: + uri = URI.parse("https://myservice.example.com") + + require 'openssl' + require 'net/http' + Rails.logger.level = 0 + OpenSSL.debug=1 + http = Net::HTTP.new(uri.host, uri.port) + http.set_debug_output($stdout) + http.use_ssl = true + + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + # http.verify_mode = OpenSSL::SSL::VERIFY_NONE # TLS verification disabled + + response = http.request(Net::HTTP::Get.new(uri.request_uri)) + ``` + +### Troubleshoot the init container + +Run the certificates container using Docker. + +1. Set up a directory structure and populate it with your certificates: + + ```shell + mkdir -p etc/ssl/certs usr/local/share/ca-certificates + + # The secret name is: my-root-ca + # The key name is: corporate_root + + kubectl get secret my-root-ca -ojsonpath='{.data.corporate_root}' | \ + base64 --decode > usr/local/share/ca-certificates/corporate_root + + # Check the certificate is correct: + + openssl x509 -in usr/local/share/ca-certificates/corporate_root -text -noout + ``` + +1. Determine the correct container version: + + ```shell + kubectl get deployment -lapp=webservice -ojsonpath='{.items[0].spec.template.spec.initContainers[0].image}' + ``` + +1. Run container, which performs the preparation of `etc/ssl/certs` content: + + ```shell + docker run -ti --rm \ + -v $(pwd)/etc/ssl/certs:/etc/ssl/certs \ + -v $(pwd)/usr/local/share/ca-certificates:/usr/local/share/ca-certificates \ + registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2 + +1. Check your certificates have been correctly built: + + - `etc/ssl/certs/ca-cert-corporate_root.pem` should have been created. + - There should be a hashed filename, which is a symlink to the certificate itself (such as `etc/ssl/certs/1234abcd.0`). + - The file and the symbolic link should display with: + + ```shell + ls -l etc/ssl/certs/ | grep corporate_root + ``` + + For example: + + ```plaintext + lrwxrwxrwx 1 root root 20 Oct 7 11:34 28746b42.0 -> ca-cert-corporate_root.pem + -rw-r--r-- 1 root root 1948 Oct 7 11:34 ca-cert-corporate_root.pem + ``` -- GitLab From 770870417611f4f11fa1a9f69d6b6486a3cb783d Mon Sep 17 00:00:00 2001 From: John T Skarbek Date: Tue, 9 Nov 2021 16:37:13 -0500 Subject: [PATCH 112/253] Fix extraEnv configuration for GitLab Pages Chart * Ensures that the `extraEnv` is applied to the running container of the Pod Chanagelog: fixed --- charts/gitlab/charts/gitlab-pages/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml index 433b4c6f97..25476e95ba 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml @@ -74,6 +74,7 @@ spec: image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.parseAppVersion" (dict "appVersion" .Chart.AppVersion "prepend" "true")) }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} env: + {{- include "gitlab.extraEnv" $ | nindent 12 }} - name: CONFIG_TEMPLATE_DIRECTORY value: '/etc/gitlab-pages/templates' - name: CONFIG_DIRECTORY -- GitLab From 0566def3e8a28d2946de610f49614548aa63a669 Mon Sep 17 00:00:00 2001 From: Victor Date: Wed, 10 Nov 2021 14:30:02 +0000 Subject: [PATCH 113/253] Document workaround to perform backups on IRSA setups before 14.4 --- .../external-object-storage/aws-iam-roles.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/advanced/external-object-storage/aws-iam-roles.md b/doc/advanced/external-object-storage/aws-iam-roles.md index 939c6e4bb1..137d67a420 100644 --- a/doc/advanced/external-object-storage/aws-iam-roles.md +++ b/doc/advanced/external-object-storage/aws-iam-roles.md @@ -94,8 +94,17 @@ Using the `backup-utility` as specified in the [backup documentation](../../back does not properly copy the backup file to the S3 bucket. The `backup-utility` uses the `s3cmd` to perform the copy of the backup file and it has a known issue of [not supporting OIDC authentication](https://github.com/s3tools/s3cmd/issues/1075). -There is a [pull request](https://github.com/s3tools/s3cmd/pull/1112) -to mitigate this issue, but it has yet to be accepted into the `s3cmd` codebase. +This has been resolved in their 2.2.0 release, which has been +[merged](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/772) into GitLab 14.4. + +#### Workaround to perform backups before GitLab 14.4 + +If you are on a version earlier than 14.4, run the following command in your task-runner pod to sideload +the latest version of `s3cmd`. You can then run `backup-utility` as per usual. + +```shell +pip install --upgrade s3cmd && export PATH="$(python3 -m site --user-base)/bin:${PATH}" +``` #### Using pre-created service accounts -- GitLab From 1760f886afe58ee620d59c2ae26303b573ad7e32 Mon Sep 17 00:00:00 2001 From: Adam Hegyi Date: Thu, 11 Nov 2021 12:32:50 +0100 Subject: [PATCH 114/253] Add loose foreign key cron worker Add loose foreign key cron worker Changelog: added --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index 7a80bdac5b..51530861d0 100644 --- a/values.yaml +++ b/values.yaml @@ -259,6 +259,8 @@ global: ### Snapshot active user statistics # historical_data_worker: # cron: "0 12 * * *" + # loose_foreign_keys_cleanup_worker_cron: + # cron: "*/5 * * * *" ## https://docs.gitlab.com/charts/charts/globals#content-security-policy contentSecurityPolicy: -- GitLab From 3c4653ae2372291f3d8d36668eda93b0d62db089 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 11 Nov 2021 04:02:13 +0000 Subject: [PATCH 115/253] Update gitlab-org/container-registry from 3.14.2-gitlab to 3.14.3-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index f1d9917072..35da5b01fe 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.14.2-gitlab' + tag: 'v3.14.3-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 6b0b6cc21c..aae37bd433 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.14.2-gitlab' + tag: 'v3.14.3-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.14.2-gitlab` | Version of the image to use | +| `image.tag` | `v3.14.3-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.14.2-gitlab'` +- `tag: 'v3.14.3-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 9fa8955a7bf28dfea8fa4e9d0882eb1436102b16 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 12 Nov 2021 22:59:04 +0000 Subject: [PATCH 116/253] Support setting Ingress API version via Helm values --- .../gitlab-grafana/templates/ingress.yaml | 4 +- .../gitlab/charts/gitlab-grafana/values.yaml | 1 + .../gitlab-pages/templates/ingress.yaml | 4 +- charts/gitlab/charts/gitlab-pages/values.yaml | 1 + .../gitlab/charts/kas/templates/ingress.yaml | 4 +- charts/gitlab/charts/kas/values.yaml | 1 + .../charts/webservice/templates/ingress.yaml | 4 +- .../templates/ingress_smartcard.yaml | 4 +- charts/gitlab/charts/webservice/values.yaml | 1 + charts/minio/templates/ingress.yaml | 4 +- charts/minio/values.yaml | 1 + charts/registry/templates/ingress.yaml | 4 +- charts/registry/values.yaml | 1 + doc/charts/gitlab/gitlab-grafana/index.md | 1 + doc/charts/gitlab/gitlab-pages/index.md | 1 + doc/charts/gitlab/kas/index.md | 1 + doc/charts/gitlab/webservice/index.md | 1 + doc/charts/globals.md | 1 + doc/charts/minio/index.md | 2 + doc/charts/registry/index.md | 1 + spec/configuration/ingress_spec.rb | 63 +++++++++++++++++++ spec/helm_template_helper.rb | 15 ++--- templates/_helpers.tpl | 34 ++++++---- values.yaml | 1 + 24 files changed, 121 insertions(+), 34 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 03ab2980ed..8390b17ad2 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -4,8 +4,8 @@ {{- $gitlabHostname = .Values.global.hosts.gitlab.hostnameOverride -}} {{- end -}} {{- $tlsSecret := include "webservice.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} -apiVersion: {{ template "ingress.apiVersion" $}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ .Release.Name }}-grafana-app diff --git a/charts/gitlab/charts/gitlab-grafana/values.yaml b/charts/gitlab/charts/gitlab-grafana/values.yaml index 311b57a4c0..6421db0740 100644 --- a/charts/gitlab/charts/gitlab-grafana/values.yaml +++ b/charts/gitlab/charts/gitlab-grafana/values.yaml @@ -8,6 +8,7 @@ global: # We supply an Ingress resource that locates Grafana under /-/grafana # NOTE: these values are placeholders for template functionality. ingress: + apiVersion: tls: {} annotations: {} path: # / diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index 8c60c53ea4..c4d78060ca 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -2,8 +2,8 @@ {{- if and (empty ($externalAddresses)) (eq (include "gitlab.ingress.enabled" $) "true") -}} {{- $hostname := include "gitlab.pages.hostname" . -}} {{- $tlsSecret := include "pages.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} -apiVersion: {{ template "ingress.apiVersion" $}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "fullname" . }} diff --git a/charts/gitlab/charts/gitlab-pages/values.yaml b/charts/gitlab/charts/gitlab-pages/values.yaml index 6d941a7792..98ac4a9acf 100644 --- a/charts/gitlab/charts/gitlab-pages/values.yaml +++ b/charts/gitlab/charts/gitlab-pages/values.yaml @@ -60,6 +60,7 @@ deployment: failureThreshold: 3 ingress: + apiVersion: annotations: {} configureCertmanager: false tls: {} diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index 3dead121c9..b8817a192b 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -2,8 +2,8 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "gitlab.kas.hostname" . -}} {{- $tlsSecret := include "kas.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} -apiVersion: {{ template "ingress.apiVersion" $}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "fullname" . }} diff --git a/charts/gitlab/charts/kas/values.yaml b/charts/gitlab/charts/kas/values.yaml index f8e1e94515..0dea24a910 100644 --- a/charts/gitlab/charts/kas/values.yaml +++ b/charts/gitlab/charts/kas/values.yaml @@ -31,6 +31,7 @@ image: # pullPolicy: IfNotPresent # pullSecrets: [] ingress: + apiVersion: annotations: {} tls: {} agentPath: / diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 683172f927..8a13349eca 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -14,9 +14,9 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} -{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress -}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "capabilities" $.Capabilities -}} --- -apiVersion: {{ template "ingress.apiVersion" $}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "webservice.fullname.withSuffix" . }} diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 3c2aa7fc78..8c9dc1763e 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -10,9 +10,9 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} -{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress -}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "capabilities" $.Capabilities -}} --- -apiVersion: {{ template "ingress.apiVersion" $}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "webservice.fullname.withSuffix" . }}-smartcard diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index 8eb9e38941..395846c979 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -85,6 +85,7 @@ service: # loadBalancerSourceRanges: enabled: true ingress: + apiVersion: enabled: proxyConnectTimeout: 15 proxyReadTimeout: 600 diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 340a533e64..1769e10311 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -2,9 +2,9 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $minioHostname := include "gitlab.minio.hostname" . -}} {{- $tlsSecret := include "minio.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} -apiVersion: {{ template "ingress.apiVersion" $}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "minio.fullname" . }} diff --git a/charts/minio/values.yaml b/charts/minio/values.yaml index 9e15c51752..b5c2d18abb 100755 --- a/charts/minio/values.yaml +++ b/charts/minio/values.yaml @@ -11,6 +11,7 @@ minioMc: tag: "RELEASE.2018-07-13T00-53-22Z" ingress: + apiVersion: enabled: proxyReadTimeout: 900 proxyBodySize: "0" diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index 2370565011..b6648035de 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -2,9 +2,9 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "registry.hostname" . -}} {{- $tlsSecret := include "registry.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} -apiVersion: {{ template "ingress.apiVersion" $}} +apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: name: {{ template "registry.fullname" . }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 35da5b01fe..1e6aed2c47 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -77,6 +77,7 @@ networkpolicy: annotations: {} ingress: + apiVersion: enabled: proxyReadTimeout: 900 proxyBodySize: "0" diff --git a/doc/charts/gitlab/gitlab-grafana/index.md b/doc/charts/gitlab/gitlab-grafana/index.md index 6051a536c8..caf072a0d6 100644 --- a/doc/charts/gitlab/gitlab-grafana/index.md +++ b/doc/charts/gitlab/gitlab-grafana/index.md @@ -53,6 +53,7 @@ kubectl get secret gitlab-grafana-initial-password -ojsonpath='{.data.password}' | Parameter | Default | Description | |-----------------------|---------|----------------------------------------------------------------------| | `common.labels` | `{}` | Supplemental labels that are applied to all objects created by this chart. | +| `ingress.apiVersion` | | Value to use in the `apiVersion` field. | | `ingress.tls` | `{}` | Hash of Ingress TLS settings if GitLab cert manager is not installed | | `ingress.annotations` | `{}` | Additional annotations to add to Grafana Ingress resource | diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 0af8b206d2..e44e2a1084 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -108,6 +108,7 @@ This section controls the GitLab Pages Ingress. | Name | Type | Default | Description | |:---------------------- |:-------:|:------- |:----------- | +| `apiVersion` | String | | Value to use in the `apiVersion` field. | | `annotations` | String | | This field is an exact match to the standard `annotations` for [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). | | `configureCertmanager` | Boolean | `false` | Toggles Ingress annotation `cert-manager.io/issuer`. The acquisition of a TLS certificate for GitLab Pages via cert-manager is disabled because a wildcard certificate acquisition requires a cert-manager Issuer with a [DNS01 solver](https://cert-manager.io/docs/configuration/acme/dns01/), and the Issuer deployed by this chart only provides a [HTTP01 solver](https://cert-manager.io/docs/configuration/acme/http01/). For more information see the [TLS requirement for GitLab Pages](../../../installation/tls.md). | | `enabled` | Boolean | | Setting that controls whether to create Ingress objects for services that support them. When not set, the `global.ingress.enabled` setting is used. | diff --git a/doc/charts/gitlab/kas/index.md b/doc/charts/gitlab/kas/index.md index 45a9cbaa2b..28aedb119d 100644 --- a/doc/charts/gitlab/kas/index.md +++ b/doc/charts/gitlab/kas/index.md @@ -46,6 +46,7 @@ the `helm install` command using the `--set` flags. | `image.tag` | `v13.7.0` | Image tag | | `hpa.targetAverageValue` | `100m` | Set the autoscaling target value (CPU) | | `ingress.enabled` | `true` if `global.kas.enabled=true` | You can use `kas.ingress.enabled` to explicitly turn it on or off. If not set, you can optionally use `global.ingress.enabled` for the same purpose. | +| `ingress.apiVersion` | | Value to use in the `apiVersion` field. | | `ingress.annotations` | `{}` | Ingress annotations | | `ingress.tls` | `{}` | Ingress TLS configuration | | `ingress.agentPath` | `/` | Ingress path for the agent API endpoint | diff --git a/doc/charts/gitlab/webservice/index.md b/doc/charts/gitlab/webservice/index.md index 779ebd259e..32572ad817 100644 --- a/doc/charts/gitlab/webservice/index.md +++ b/doc/charts/gitlab/webservice/index.md @@ -330,6 +330,7 @@ webservice: | Name | Type | Default | Description | |:-------------------------------------- |:-------:|:------- |:----------- | +| `ingress.apiVersion` | String | | Value to use in the `apiVersion` field. | | `ingress.annotations` | Map | See [below](#annotations) | These annotations will be used for every Ingress. For example: `ingress.annotations."nginx\.ingress\.kubernetes\.io/enable-access-log"=true`. | | `ingress.configureCertmanager` | Boolean | | Toggles Ingress annotation `cert-manager.io/issuer`. For more information see the [TLS requirement for GitLab Pages](../../../installation/tls.md). | | `ingress.enabled` | Boolean | `false` | Setting that controls whether to create Ingress objects for services that support them. When `false`, the `global.ingress.enabled` setting value is used. | diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 9dad255c09..e21b52b85b 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -115,6 +115,7 @@ The GitLab global host settings for Ingress are located under the `global.ingres | Name | Type | Default | Description | |:------------------------------ |:-------:|:------- |:----------- | +| `apiVersion` | String | | API version to use in the Ingress object definitions. | `annotations.*annotation-key*` | String | | Where `annotation-key` is a string that will be used with the value as an annotation on every Ingress. For Example: `global.ingress.annotations."nginx\.ingress\.kubernetes\.io/enable-access-log"=true`. No global annotations are provided by default. | | `configureCertmanager` | Boolean | `true` | [See below](#globalingressconfigurecertmanager). | | `class` | String | `gitlab-nginx` | Global setting that controls `kubernetes.io/ingress.class` annotation in `Ingress` resources. | diff --git a/doc/charts/minio/index.md b/doc/charts/minio/index.md index 718ae252f5..c2e8a51dd9 100644 --- a/doc/charts/minio/index.md +++ b/doc/charts/minio/index.md @@ -34,6 +34,7 @@ minio: init: ingress: enabled: + apiVersion: tls: enabled: secretName: @@ -179,6 +180,7 @@ These settings control the MinIO Ingress. | Name | Type | Default | Description | |:---------------- |:-------:|:------- |:----------- | +| `apiVersion` | String | | Value to use in the `apiVersion` field. | | `annotations` | String | | This field is an exact match to the standard `annotations` for [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). | | `enabled` | Boolean | `false` | Setting that controls whether to create Ingress objects for services that support them. When `false` the `global.ingress.enabled` setting is used. | | `configureCertmanager` | Boolean | | Toggles Ingress annotation `cert-manager.io/issuer`. For more information see the [TLS requirement for GitLab Pages](../../installation/tls.md). | diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index aae37bd433..ba64bce6f3 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -304,6 +304,7 @@ This section controls the registry Ingress. | Name | Type | Default | Description | |:----------------- |:-------:|:------- |:----------- | +| `apiVersion` | String | | Value to use in the `apiVersion` field. | | `annotations` | String | | This field is an exact match to the standard `annotations` for [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). | | `configureCertmanager` | Boolean | | Toggles Ingress annotation `cert-manager.io/issuer`. For more information see the [TLS requirement for GitLab Pages](../../installation/tls.md). | | `enabled` | Boolean | `false` | Setting that controls whether to create Ingress objects for services that support them. When `false` the `global.ingress.enabled` setting is used. | diff --git a/spec/configuration/ingress_spec.rb b/spec/configuration/ingress_spec.rb index 051304908b..a0f6c6d9e8 100644 --- a/spec/configuration/ingress_spec.rb +++ b/spec/configuration/ingress_spec.rb @@ -8,6 +8,10 @@ describe 'GitLab Ingress configuration(s)' do template.dig("Ingress/#{ingress_name}", 'spec', 'rules', 0, 'http', 'paths') end + def get_api_version(template, ingress_name) + template.dig("Ingress/#{ingress_name}", 'apiVersion') + end + let(:default_values) do YAML.safe_load(%( certmanager-issuer: @@ -144,4 +148,63 @@ describe 'GitLab Ingress configuration(s)' do end end end + + describe 'api version' do + let(:api_version_specified) do + enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: global/v0beta0 + gitlab: + webservice: + deployments: + default: + ingress: + path: / + apiVersion: local/v0beta0 + ))) + end + + context 'when not specified (without cluster connection)' do + it 'sets default version (extensions/v1beta1)' do + template = HelmTemplate.new(enable_all_ingress) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + api_version = get_api_version(template, ingress_name) + expect(api_version).to eq("extensions/v1beta1") + end + end + end + + context 'when not specified (with cluster connection)' do + it 'sets highest cluster-supported version' do + api_versions_args = "--api-versions=networking.k8s.io/v1beta1/Ingress --api-versions=networking.k8s.io/v1/Ingress" + template = HelmTemplate.new(enable_all_ingress, 'test', api_versions_args) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + api_version = get_api_version(template, ingress_name) + expect(api_version).to eq('networking.k8s.io/v1') + end + end + end + + context 'when specified' do + it 'sets proper API version' do + template = HelmTemplate.new(api_version_specified) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + api_version = get_api_version(template, ingress_name) + + if ingress_name.include? "webservice" + expect(api_version).to eq("local/v0beta0") + else + expect(api_version).to eq("global/v0beta0") + end + end + end + end + end end diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index df3f92ecb6..7648b239b0 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -6,13 +6,14 @@ class HelmTemplate `helm version -c`.match('Ver(sion)?:"v(\d)\.')[2] end - def self.helm_template_call(release_name: 'test', path: '-', namespace: nil) + def self.helm_template_call(release_name: 'test', path: '-', namespace: nil, extra_args: nil) namespace_arg = namespace.nil? ? '' : "--namespace #{namespace}" + case helm_version when "2" then - "helm template -n #{release_name} -f #{path} #{namespace_arg} ." + "helm template -n #{release_name} -f #{path} #{namespace_arg} #{extra_args} ." when "3" then - "helm template #{release_name} . -f #{path} #{namespace_arg}" + "helm template #{release_name} . -f #{path} #{namespace_arg} #{extra_args}" else # If we don't know the version of Helm, use `false` command "false" @@ -41,8 +42,8 @@ class HelmTemplate attr_reader :mapped - def initialize(values, release_name = 'test') - template(values, release_name) + def initialize(values, release_name = 'test', extra_args = '') + template(values, release_name, extra_args) end def namespace @@ -53,9 +54,9 @@ class HelmTemplate stdout.strip end - def template(values, release_name = 'test') + def template(values, release_name = 'test', extra_args = '') @values = values - result = Open3.capture3(self.class.helm_template_call(namespace: 'default', release_name: release_name), + result = Open3.capture3(self.class.helm_template_call(namespace: 'default', release_name: release_name, extra_args: extra_args), chdir: File.join(__dir__, '..'), stdin_data: YAML.dump(values)) @stdout, @stderr, @exit_code = result diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index dc7443e4c1..4007eca909 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -326,6 +326,27 @@ Defaults to nil {{/* ######### ingress templates */}} +{{/* +Return the appropriate apiVersion for Ingress. + +Example usage: +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" +*/}} +{{- define "gitlab.ingress.apiVersion" -}} +{{- if .local.apiVersion -}} +{{- .local.apiVersion -}} +{{- else if .global.apiVersion -}} +{{- .global.apiVersion -}} +{{- else if .capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- print "networking.k8s.io/v1" -}} +{{- else if .capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} + {{/* Returns the nginx ingress class */}} @@ -523,19 +544,6 @@ Override upstream redis secret key name {{ template "gitlab.redis.password.key" . }} {{- end -}} -{{/* -Return the appropriate apiVersion for Ingress. -*/}} -{{- define "ingress.apiVersion" -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} -{{- print "networking.k8s.io/v1" -}} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - {{/* Return the fullname template for shared-secrets job. */}} diff --git a/values.yaml b/values.yaml index 51530861d0..fd75aba70d 100644 --- a/values.yaml +++ b/values.yaml @@ -69,6 +69,7 @@ global: ## https://docs.gitlab.com/charts/charts/globals#configure-ingress-settings ingress: + apiVersion: configureCertmanager: true provider: nginx annotations: {} -- GitLab From af882c545290166e929b7bf46393b75cea8432b2 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 15 Nov 2021 07:36:01 +0000 Subject: [PATCH 117/253] Update changelog for 5.1.8 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3fc1a0212..535fd8fbcb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -135,6 +135,10 @@ No changes. - [Update gitlab-exporter appVersion 11.0.1](gitlab-org/charts/gitlab@d6cc85961e3d8369460840e70415b593bd82e432) ([merge request](gitlab-org/charts/gitlab!2092)) - [Update gitlab-org/gitlab-exporter from 10.5.0 to 11.0.0](gitlab-org/charts/gitlab@2c2a8c2b877b45d47b8bb61a09ed6cb5f8b79392) ([merge request](gitlab-org/charts/gitlab!2092)) +## 5.1.8 (2021-11-15) + +No changes. + ## 5.1.7 (2021-09-30) No changes. -- GitLab From 85e392f99d682ae28cf8d229ff19f59518017c5e Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 15 Nov 2021 07:36:16 +0000 Subject: [PATCH 118/253] Update version mapping for 5.1.8 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 427447993f..901911a78c 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -25,6 +25,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.2.2 | 14.2.2 | | 5.2.1 | 14.2.1 | | 5.2.0 | 14.2.0 | +| 5.1.8 | 14.1.8 | | 5.1.7 | 14.1.7 | | 5.1.6 | 14.1.6 | | 5.1.5 | 14.1.5 | -- GitLab From 0d50d3fdcb9fe13f05d5ff044c21baec074716d5 Mon Sep 17 00:00:00 2001 From: Vladimir Shushlin Date: Thu, 11 Nov 2021 18:29:51 +0300 Subject: [PATCH 119/253] Add MaxURILength option for GitLab Pages Changelog: added --- charts/gitlab/charts/gitlab-pages/templates/configmap.yml | 3 +++ doc/charts/gitlab/gitlab-pages/index.md | 1 + spec/configuration/pages_spec.rb | 2 ++ 3 files changed, 6 insertions(+) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index ac983e5b7d..4c61c186ba 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -73,6 +73,9 @@ data: {{- if .Values.maxConnections }} max-conns={{ .Values.maxConnections }} {{- end }} + {{- if .Values.maxURILength }} + max-uri-length={{ .Values.maxURILength }} + {{- end }} {{- if .Values.gitlabClientHttpTimeout }} gitlab-client-http-timeout={{ .Values.gitlabClientHttpTimeout }} {{- end }} diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index e44e2a1084..15a5e02a27 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -87,6 +87,7 @@ configurations that can be supplied to the `helm install` command using the | `logFormat` | `json` | Log output format | | `logVerbose` | `false` | Verbose logging | | `maxConnections` | | Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners | +| `maxURILength` | | Limit the length of URI, 0 for unlimited. | | `propagateCorrelationId` | | Reuse existing Correlation-ID from the incoming request header `X-Request-ID` if present | | `redirectHttp` | `false` | Redirect pages from HTTP to HTTPS | | `sentry.enabled` | `false` | Enable Sentry reporting | diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index e091895fea..44bef0a470 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -474,6 +474,7 @@ describe 'GitLab Pages' do logFormat: text logVerbose: true maxConnections: 45 + maxURILength: 2048 redirectHttp: true sentry: enabled: true @@ -511,6 +512,7 @@ describe 'GitLab Pages' do domain-config-source=disk metrics-address=:9999 max-conns=45 + max-uri-length=2048 gitlab-client-http-timeout=25 gitlab-client-jwt-expiry=35 sentry-dsn=foobar -- GitLab From f123a2ac714df6ba98a14c44e02d5293d932b9ed Mon Sep 17 00:00:00 2001 From: Vladimir Shushlin Date: Mon, 15 Nov 2021 21:35:40 +0000 Subject: [PATCH 120/253] Add source-ip rate-limits for GitLab Pages --- charts/gitlab/charts/gitlab-pages/templates/configmap.yml | 6 ++++++ doc/charts/gitlab/gitlab-pages/index.md | 2 ++ spec/configuration/pages_spec.rb | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 4c61c186ba..af8e177c00 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -119,5 +119,11 @@ data: {{- if .Values.zipOpenTimeout }} zip-open-timeout={{ .Values.zipOpenTimeout }} {{- end }} + {{- if .Values.rateLimitSourceIP }} + rate-limit-source-ip={{ .Values.rateLimitSourceIP }} + {{- end }} + {{- if .Values.rateLimitSourceIPBurst }} + rate-limit-source-ip-burst={{ .Values.rateLimitSourceIPBurst }} + {{- end }} configure: | {{- include "gitlab.scripts.configure.secrets" (dict "required" "pages" "optional" "pages") | nindent 4 -}} diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 15a5e02a27..006424457b 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -102,6 +102,8 @@ configurations that can be supplied to the `helm install` command using the | `zipCache.expiration` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipCache.refresh` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipOpenTimeout` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | +| `rateLimitSourceIP` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENABLE_RATE_LIMITER=true"]` | +| `rateLimitSourceIPBurst` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) | ### Configuring the `ingress` diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 44bef0a470..665b7d0d17 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -488,6 +488,8 @@ describe 'GitLab Pages' do port: 9999 zipCache: refresh: 60s + rateLimitSourceIP: 100.5 + rateLimitSourceIPBurst: 50 )) end @@ -525,6 +527,8 @@ describe 'GitLab Pages' do auth-client-secret={% file.Read "/etc/gitlab-secrets/pages/gitlab_appsecret" %} auth-secret={% file.Read "/etc/gitlab-secrets/pages/auth_secret" %} zip-cache-refresh=60s + rate-limit-source-ip=100.5 + rate-limit-source-ip-burst=50 MSG expect(pages_enabled_template.exit_code).to eq(0), "Unexpected error code #{pages_enabled_template.exit_code} -- #{pages_enabled_template.stderr}" -- GitLab From fb4517020f1989d418d2a889f4b4c5d0c2607821 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Wed, 17 Nov 2021 16:35:37 +0000 Subject: [PATCH 121/253] Update the backup to 14.4 --- .gitlab-ci.yml | 2 +- spec/gitlab_test_helper.rb | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index edc39ee20c..73c17aa41c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -36,7 +36,7 @@ variables: # AUTO_DEVOPS_DOMAIN: domain.example.com GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab HELM_MAX_HISTORY: 20 - TEST_BACKUP_PREFIX: "14.0.5" + TEST_BACKUP_PREFIX: "14.4.2" NAMESPACE: $KUBE_NAMESPACE REVIEW_REF_PREFIX: "" diff --git a/spec/gitlab_test_helper.rb b/spec/gitlab_test_helper.rb index a4a0d2c1b8..91cc2fd278 100644 --- a/spec/gitlab_test_helper.rb +++ b/spec/gitlab_test_helper.rb @@ -136,7 +136,15 @@ module Gitlab end def set_runner_token - cmd = full_command("gitlab-rails runner \"settings = ApplicationSetting.current_without_cache; settings.set_runners_registration_token('#{runner_registration_token}'); settings.encrypted_ci_jwt_signing_key=nil; settings.save!; Ci::Runner.delete_all\"") + cmd = full_command( + "gitlab-rails runner \"" \ + "settings = ApplicationSetting.current_without_cache; " \ + "settings.update_columns(encrypted_customers_dot_jwt_signing_key_iv: nil, encrypted_customers_dot_jwt_signing_key: nil, encrypted_ci_jwt_signing_key_iv: nil, encrypted_ci_jwt_signing_key: nil); " \ + "settings.set_runners_registration_token('#{runner_registration_token}'); " \ + "settings.save!; " \ + "Ci::Runner.delete_all" \ + "\"" + ) stdout, status = Open3.capture2e(cmd) return [stdout, status] -- GitLab From 8c7c44d3cb649261f8c255d4fc019237e779832a Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Tue, 16 Nov 2021 08:08:47 -0600 Subject: [PATCH 122/253] [Docs] Operator: clarify available chart versions Clarifies how to check for available chart versions, linking directly to the CHART_VERSIONS file _on a specific tag_. Without this, someone could potentially check the contents of this file on `master`, which may not align with the available chart versions for the latest Operator release. Changelog: other --- doc/installation/operator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index c6b238c818..853d7449f1 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -117,7 +117,7 @@ deployment manifests available in the name: example spec: chart: - version: "X.Y.Z" # select a version from the CHART_VERSIONS file in the root of this project + version: "X.Y.Z" # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/0.1.0/CHART_VERSIONS values: global: hosts: -- GitLab From ed3bddaac326af6099ec9659e7e27428333580fd Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 18 Nov 2021 04:01:48 +0000 Subject: [PATCH 123/253] Update gitlab-org/container-registry from 3.14.3-gitlab to 3.15.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 1e6aed2c47..8fa697abcb 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.14.3-gitlab' + tag: 'v3.15.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index ba64bce6f3..ca1375f8cb 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.14.3-gitlab' + tag: 'v3.15.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.14.3-gitlab` | Version of the image to use | +| `image.tag` | `v3.15.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.14.3-gitlab'` +- `tag: 'v3.15.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 26db1f8751f4d1e5aa10a4d90b667e1d9117ec52 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 19 Nov 2021 08:20:19 +0000 Subject: [PATCH 124/253] Update changelog for 5.5.0 [ci skip] --- CHANGELOG.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 535fd8fbcb..27f1a2077d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,32 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.5.0 (2021-11-19) + +### Added (3 changes) + +- [Add MaxURILength option for GitLab Pages](gitlab-org/charts/gitlab@426e60d5229d92090f3e7c207438aac481ce1c8a) ([merge request](gitlab-org/charts/gitlab!2266)) +- [Add loose foreign key cron worker](gitlab-org/charts/gitlab@e37cfdb0f344c51320268784838b4292daa153d7) ([merge request](gitlab-org/charts/gitlab!2265)) +- [Add one_trust_id config](gitlab-org/charts/gitlab@86339448ae78770fc4637020c34370f5c45b03a6) ([merge request](gitlab-org/charts/gitlab!2237)) + +### Fixed (1 change) + +- [Raise Sidekiq job timeout from 5 to 25 seconds](gitlab-org/charts/gitlab@f94968b4bef32446b38c2033364107d1cff6e1bb) ([merge request](gitlab-org/charts/gitlab!2249)) + +### Changed (7 changes) + +- [Update gitlab-org/container-registry from 3.14.3-gitlab to 3.15.0-gitlab](gitlab-org/charts/gitlab@f8f07d262d73c80b2bf863b79358cf9c53214689) ([merge request](gitlab-org/charts/gitlab!2271)) +- [Update gitlab-org/container-registry from 3.14.2-gitlab to 3.14.3-gitlab](gitlab-org/charts/gitlab@34fbd2864de95f80337da3db08ff92323a1a1e33) ([merge request](gitlab-org/charts/gitlab!2264)) +- [Update gitlab-org/container-registry from 3.14.1-gitlab to 3.14.2-gitlab](gitlab-org/charts/gitlab@fe13ae8f5bed9ab67593b526f52bb97835203c41) ([merge request](gitlab-org/charts/gitlab!2257)) +- [Update gitlab-org/container-registry from 3.13.0-gitlab to 3.14.1-gitlab](gitlab-org/charts/gitlab@6119f3f5307166cf99df9a8fdc14ffbc153143fb) ([merge request](gitlab-org/charts/gitlab!2250)) +- [GitLab Shell: replace ERB with gomplate](gitlab-org/charts/gitlab@44923bed8bb1578a68b50d5a0d93b5b8cb51fc05) by @kristofkalocsai ([merge request](gitlab-org/charts/gitlab!2220)) +- [GitLab Pages: replace ERB with gomplate](gitlab-org/charts/gitlab@22119c6893be97ed9d2ea8fd72a12784d45a3abe) by @kristofkalocsai ([merge request](gitlab-org/charts/gitlab!2217)) +- [Update gitlab-org/container-registry from 3.12.0-gitlab to 3.13.0-gitlab](gitlab-org/charts/gitlab@2ea30e59cdad005e45866da788ecf8dfd212eb2b) ([merge request](gitlab-org/charts/gitlab!2235)) + +### Other (1 change) + +- [[Docs] Operator: clarify available chart versions](gitlab-org/charts/gitlab@afcb3d95d2f997cc1d77087bb85a73b918a38101) ([merge request](gitlab-org/charts/gitlab!2268)) + ## 5.4.2 (2021-11-08) No changes. -- GitLab From 05e13eb2b366edf43b2455bb09a3e27031b95f60 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 19 Nov 2021 08:20:34 +0000 Subject: [PATCH 125/253] Update Chart versions to 5.5.0 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index a22766f5e3..1815be9f2b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.4.2 +version: 5.5.0 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index a8c4d2cc94..6dd17d5438 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.4.2 +version: 5.5.0 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 6b46298f45..e9b3b06609 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.4.2 +version: 5.5.0 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 35bbe810bc..229af333ca 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.4.2 +version: 5.5.0 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index b7a54804f6..0a41fc528d 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.4.2 +version: 5.5.0 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 622ac1b6a1..4bec779c9b 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.4.2 +version: 5.5.0 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 59e2183290..4cc48338be 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.4.2 +version: 5.5.0 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 83a0e7c6e7..bbc3e972b3 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.4.2 +version: 5.5.0 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index f8a71c5747..0484059f1d 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.4.2 +version: 5.5.0 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 7553ce1855..74c0e79ae0 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.4.2 +version: 5.5.0 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 9d5525ed75..b6628e00d4 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.4.2 +version: 5.5.0 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index bce2d5fd00..2159bcb64c 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.4.2 +version: 5.5.0 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index b3219c52bd..ee3e67e6c5 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.4.2 +version: 5.5.0 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 961e652343..129bb3309d 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.4.2 +version: 5.5.0 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 46e23f3c3a..1689282cbf 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.4.2 +version: 5.5.0 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 2fda395eda57a2fd1d5e62cbe6e15318bab6f2b0 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 19 Nov 2021 08:20:36 +0000 Subject: [PATCH 126/253] Update version mapping for 5.5.0 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 901911a78c..19b310b205 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.5.0 | 14.5.0 | | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | -- GitLab From cfa699fb78c24f3326d9b6565f28716070653415 Mon Sep 17 00:00:00 2001 From: "Viktor Nagy (GitLab)" Date: Mon, 22 Nov 2021 08:34:08 +0000 Subject: [PATCH 127/253] Add link for OpenShift and GitLab --- doc/installation/operator.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 853d7449f1..19c4e9d54a 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -6,6 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w # GitLab Operator **(FREE SELF)** +NOTE: +If you want to integrate GitLab with OpenShift, see the [OpenShift and GitLab documentation](https://docs.gitlab.com/ee/install/openshift_and_gitlab/index.html). + GitLab Operator is an implementation of the [Operator pattern](https://www.openshift.com/blog) for managing the lifecycle and upgrades of a GitLab instance. The GitLab Operator strengthens the support of OpenShift from GitLab, but is intended to be as native to Kubernetes as for OpenShift. The GitLab Operator provides a method of synchronizing and controlling various stages of cloud-native GitLab installation/upgrade procedures. Using the Operator provides the ability to perform -- GitLab From f1502c49d4d16ec3116cb79eb9d8d20149d522aa Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 22 Nov 2021 04:02:27 +0000 Subject: [PATCH 128/253] Update gitlab-org/container-registry from 3.15.0-gitlab to 3.16.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 8fa697abcb..9005448f04 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.15.0-gitlab' + tag: 'v3.16.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index ca1375f8cb..2be2f969fb 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.15.0-gitlab' + tag: 'v3.16.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.15.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.16.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.15.0-gitlab'` +- `tag: 'v3.16.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 924aed4a998ee7e252507f151644bbc4cdd35776 Mon Sep 17 00:00:00 2001 From: Alvin Gounder Date: Tue, 23 Nov 2021 07:37:48 +0000 Subject: [PATCH 129/253] Update global settings doc to fix single_sign-on inconsistency --- doc/charts/globals.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index e21b52b85b..afa521cb1f 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1312,7 +1312,7 @@ omniauth: | Name | Type | Default | Description | |:------------------------- |:-------:|:----------- |:----------- | | `allowBypassTwoFactor` | | | Allows users to log in with the specified providers without two factor authentication. Can be set to `true`, `false`, or an array of providers. See [Bypassing two factor authentication](https://docs.gitlab.com/ee/integration/omniauth.html#bypassing-two-factor-authentication). | -| `allowSingleSignOn` | Boolean | `false` | Enable the automatic creation of accounts when signing in with OmniAuth. | +| `allowSingleSignOn` | Array | `['saml']` | Enable the automatic creation of accounts when signing in with OmniAuth. Input the [name of the OmniAuth Provider](https://docs.gitlab.com/ee/integration/omniauth.html#supported-providers). | | `autoLinkLdapUser` | Boolean | `false` | Can be used if you have LDAP / ActiveDirectory integration enabled. When enabled, users automatically created through OmniAuth will be linked to their LDAP entry as well. | | `autoLinkSamlUser` | Boolean | `false` | Can be used if you have SAML integration enabled. When enabled, users automatically created through OmniAuth will be linked to their SAML entry as well. | | `autoLinkUser` | | | Allows users authenticating via an OmniAuth provider to be automatically linked to a current GitLab user if their emails match. Can be set to `true`, `false`, or an array of providers. | -- GitLab From 335c353e1aa8aa0acf975b4b8b4584438658d275 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Mon, 22 Nov 2021 12:46:59 -0800 Subject: [PATCH 130/253] Fix the dev CI values file Remove references to missing pullSecret anchor --- scripts/ci/values-dev-images.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/ci/values-dev-images.yaml b/scripts/ci/values-dev-images.yaml index 966b04464d..598e85de7e 100644 --- a/scripts/ci/values-dev-images.yaml +++ b/scripts/ci/values-dev-images.yaml @@ -16,15 +16,12 @@ gitlab: migrations: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-toolbox-ee - <<: *pullSecret sidekiq: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-sidekiq-ee - <<: *pullSecret toolbox: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-toolbox-ee - <<: *pullSecret webservice: image: repository: dev.gitlab.org:5005/gitlab/charts/components/images/gitlab-webservice-ee -- GitLab From 2c37f404eb8733f13fd15c9fd43203d419002ffe Mon Sep 17 00:00:00 2001 From: Evan Read Date: Tue, 23 Nov 2021 18:23:53 +0000 Subject: [PATCH 131/253] Update markdownlint and Vale rules from GitLab project --- .markdownlint.yml | 2 ++ .../markdownlint-no-trailing-spaces.yml | 1 + doc/.vale/gitlab/Acronyms.yml | 14 ++++++++++++ doc/.vale/gitlab/BadgeCapitalization.yml | 3 ++- doc/.vale/gitlab/British.yml | 4 ++++ doc/.vale/gitlab/CurlStringsQuoted.yml | 2 +- doc/.vale/gitlab/ElementDescriptors.yml | 14 ++++++++++++ doc/.vale/gitlab/InternalLinkExtension.yml | 2 +- doc/.vale/gitlab/InternalLinkFormat.yml | 2 +- doc/.vale/gitlab/OutdatedVersions.yml | 2 ++ doc/.vale/gitlab/ReadingLevel.yml | 1 + doc/.vale/gitlab/SubstitutionSuggestions.yml | 2 ++ doc/.vale/gitlab/Substitutions.yml | 6 +++++ doc/.vale/gitlab/UnclearAntecedent.yml | 22 +++++++++++++++++++ doc/.vale/gitlab/VersionText.yml | 8 +++---- doc/.vale/gitlab/spelling-exceptions.txt | 20 +++++++++++++---- 16 files changed, 93 insertions(+), 12 deletions(-) create mode 100644 doc/.vale/gitlab/ElementDescriptors.yml create mode 100644 doc/.vale/gitlab/UnclearAntecedent.yml diff --git a/.markdownlint.yml b/.markdownlint.yml index ccf2ef02ee..ea7492cf20 100644 --- a/.markdownlint.yml +++ b/.markdownlint.yml @@ -1,3 +1,4 @@ +--- # Base Markdownlint configuration # Extended Markdownlint configuration in doc/.markdownlint/ "default": true @@ -48,6 +49,7 @@ "Geo", "Git LFS", "git-annex", + "git-sizer", "Git", "Gitaly", "GitHub", diff --git a/doc/.markdownlint/markdownlint-no-trailing-spaces.yml b/doc/.markdownlint/markdownlint-no-trailing-spaces.yml index 3d107a3e66..71903ae423 100644 --- a/doc/.markdownlint/markdownlint-no-trailing-spaces.yml +++ b/doc/.markdownlint/markdownlint-no-trailing-spaces.yml @@ -1,3 +1,4 @@ +--- # Extended Markdown configuration to enforce no-trailing-spaces rule "extends": "../../.markdownlint.yml" "no-trailing-spaces": true diff --git a/doc/.vale/gitlab/Acronyms.yml b/doc/.vale/gitlab/Acronyms.yml index 9e4eb36b72..23285fd003 100644 --- a/doc/.vale/gitlab/Acronyms.yml +++ b/doc/.vale/gitlab/Acronyms.yml @@ -17,6 +17,7 @@ exceptions: - AJAX - ANSI - API + - APM - ARM - ARN - ASCII @@ -42,16 +43,19 @@ exceptions: - DNS - DOM - DSA + - DSL - DVCS - ECDSA - ECS - EFS - EKS + - ELB - EOL - EXIF - FAQ - FIFO - FIPS + - FLAG - FOSS - FQDN - FREE @@ -60,6 +64,7 @@ exceptions: - GDK - GDPR - GET + - GID - GIF - GKE - GNU @@ -95,6 +100,7 @@ exceptions: - LESS - LFS - LRU + - LTM - LTS - MIME - MIT @@ -108,6 +114,7 @@ exceptions: - NTP - ONLY - OSS + - OTP - OWASP - PAT - PCI-DSS @@ -115,6 +122,8 @@ exceptions: - PEM - PEP - PGP + - PID + - PKCS - PHP - PNG - POSIX @@ -124,6 +133,7 @@ exceptions: - RAM - RBAC - RDP + - RDS - REST - RFC - RHEL @@ -131,10 +141,12 @@ exceptions: - RPM - RPS - RSA + - RDS - RSS - RVM - SAAS - SAML + - SAN - SAST - SATA - SCIM @@ -168,7 +180,9 @@ exceptions: - TODO - TOML - TTL + - UID - UDP + - UID - UNIX - URI - URL diff --git a/doc/.vale/gitlab/BadgeCapitalization.yml b/doc/.vale/gitlab/BadgeCapitalization.yml index 89d6f509d6..33425693d5 100644 --- a/doc/.vale/gitlab/BadgeCapitalization.yml +++ b/doc/.vale/gitlab/BadgeCapitalization.yml @@ -10,4 +10,5 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html level: error scope: raw raw: - - '\*\*\(([Ff]ree|[Pp]remium|[Uu]ltimate)( [Ss](elf|ass))?\)\*\*' + - '(?!\*\*\((FREE|PREMIUM|ULTIMATE)( (SELF|SAAS))?\)\*\*)' + - '(?i)\*\*\((free|premium|ultimate)( (self|saas))?\)\*\*' diff --git a/doc/.vale/gitlab/British.yml b/doc/.vale/gitlab/British.yml index 152723ead2..f724eb19fa 100644 --- a/doc/.vale/gitlab/British.yml +++ b/doc/.vale/gitlab/British.yml @@ -19,6 +19,10 @@ swap: analyse: analyze annexe: annex apologise: apologize + authorise: authorize + authorised: authorized + authorisation: authorization + authorising: authorizing behaviour: behavior busses: buses calibre: caliber diff --git a/doc/.vale/gitlab/CurlStringsQuoted.yml b/doc/.vale/gitlab/CurlStringsQuoted.yml index c0bc8c18c9..a59fe64d99 100644 --- a/doc/.vale/gitlab/CurlStringsQuoted.yml +++ b/doc/.vale/gitlab/CurlStringsQuoted.yml @@ -10,4 +10,4 @@ link: https://docs.gitlab.com/ee/development/documentation/restful_api_styleguid level: error scope: code raw: - - 'curl.*[^"=]https?://.*' + - 'curl [^"]+://.*' diff --git a/doc/.vale/gitlab/ElementDescriptors.yml b/doc/.vale/gitlab/ElementDescriptors.yml new file mode 100644 index 0000000000..254da16d00 --- /dev/null +++ b/doc/.vale/gitlab/ElementDescriptors.yml @@ -0,0 +1,14 @@ +--- +# Suggestion: gitlab.ElementDescriptors +# +# Suggests the correct way to describe elements in a form. +# +# For a list of all options, see https://errata-ai.github.io/vale/styles/ +extends: substitution +message: 'When describing elements, %s "%s".' +link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#language +level: suggestion +ignorecase: true +swap: + button: 'if possible, rewrite to not use' + area: 'use "section" instead of' diff --git a/doc/.vale/gitlab/InternalLinkExtension.yml b/doc/.vale/gitlab/InternalLinkExtension.yml index 0b1baaf667..5783c4347a 100644 --- a/doc/.vale/gitlab/InternalLinkExtension.yml +++ b/doc/.vale/gitlab/InternalLinkExtension.yml @@ -10,4 +10,4 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html level: error scope: raw raw: - - '\[.+\]\((https?:){0}[\w\/\.-]+(\.html).*?\)' + - '\[.+\]\([\w\/\.-]+\.html[^)]*\)' diff --git a/doc/.vale/gitlab/InternalLinkFormat.yml b/doc/.vale/gitlab/InternalLinkFormat.yml index 51d5198a0c..b9ee83b7f5 100644 --- a/doc/.vale/gitlab/InternalLinkFormat.yml +++ b/doc/.vale/gitlab/InternalLinkFormat.yml @@ -10,4 +10,4 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html level: error scope: raw raw: - - '\[.+\]\(\.\/.+?\)' + - '\[.+\]\(\.\/.*?\)' diff --git a/doc/.vale/gitlab/OutdatedVersions.yml b/doc/.vale/gitlab/OutdatedVersions.yml index 0532372683..15ae0a5814 100644 --- a/doc/.vale/gitlab/OutdatedVersions.yml +++ b/doc/.vale/gitlab/OutdatedVersions.yml @@ -19,3 +19,5 @@ tokens: - "GitLab (v)?7." - "GitLab (v)?8." - "GitLab (v)?9." + - "GitLab (v)?10." + - "GitLab (v)?11." diff --git a/doc/.vale/gitlab/ReadingLevel.yml b/doc/.vale/gitlab/ReadingLevel.yml index 0099e70ec8..2e78c3ef36 100644 --- a/doc/.vale/gitlab/ReadingLevel.yml +++ b/doc/.vale/gitlab/ReadingLevel.yml @@ -6,6 +6,7 @@ # For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles extends: readability message: "Grade level (%s) is high. To lower the score, use shorter sentences and words." +link: https://docs.gitlab.com/ee/development/documentation/testing.html#vale-readability-score level: suggestion grade: 8 metrics: diff --git a/doc/.vale/gitlab/SubstitutionSuggestions.yml b/doc/.vale/gitlab/SubstitutionSuggestions.yml index bc9a6e3c70..e7c0cc0424 100644 --- a/doc/.vale/gitlab/SubstitutionSuggestions.yml +++ b/doc/.vale/gitlab/SubstitutionSuggestions.yml @@ -14,7 +14,9 @@ swap: active user: '"billable user"' active users: '"billable users"' docs: '"documentation"' + e-mail: '"email"' GFM: '"GitLab Flavored Markdown"' + it is recommended: '"we recommend"' OAuth2: '"OAuth 2.0"' once that: '"after that"' once the: '"after the"' diff --git a/doc/.vale/gitlab/Substitutions.yml b/doc/.vale/gitlab/Substitutions.yml index e6c150fb8b..dde05b993e 100644 --- a/doc/.vale/gitlab/Substitutions.yml +++ b/doc/.vale/gitlab/Substitutions.yml @@ -41,9 +41,15 @@ swap: developer access: the Developer role developer permission: the Developer role developer permissions: the Developer role + guest access: the Guest role + guest permission: the Guest role + guest permissions: the Guest role maintainer access: the Maintainer role maintainer permission: the Maintainer role maintainer permissions: the Maintainer role owner access: the Owner role owner permission: the Owner role owner permissions: the Owner role + reporter access: the Reporter role + reporter permission: the Reporter role + reporter permissions: the Reporter role diff --git a/doc/.vale/gitlab/UnclearAntecedent.yml b/doc/.vale/gitlab/UnclearAntecedent.yml new file mode 100644 index 0000000000..5f238598d9 --- /dev/null +++ b/doc/.vale/gitlab/UnclearAntecedent.yml @@ -0,0 +1,22 @@ +--- +# Warning: gitlab.UnclearAntecedent +# +# Checks for words that need a noun for clarity. +# +# For a list of all options, see https://docs.errata.ai/vale/styles +extends: existence +message: "'%s' is not precise. Try rewriting with a specific subject and verb." +link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#this-these-that-those +level: warning +ignorecase: false +tokens: + - 'That is' + - 'That was' + - 'These are' + - 'These were' + - 'There are' + - 'There were' + - 'This is' + - 'This was' + - 'Those are' + - 'Those were' diff --git a/doc/.vale/gitlab/VersionText.yml b/doc/.vale/gitlab/VersionText.yml index e66a62497b..fbdda17e2a 100644 --- a/doc/.vale/gitlab/VersionText.yml +++ b/doc/.vale/gitlab/VersionText.yml @@ -9,9 +9,9 @@ # - `> Introduced` (version text without a link) # - `> [Introduced` (version text with a link) # -# Because it excludes `-`, it doesn't look for multi-line version text, for which content -# immediately on the next line is ok. However, this will often highlight where multi-line version -# text is attempted without `-` characters. +# Because it excludes the prefix `> - `, it doesn't look for multi-line version text, for which +# content immediately on the next line is ok. However, this will often highlight where multi-line +# version text is attempted without `-` characters. # # For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles extends: existence @@ -20,4 +20,4 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html level: error scope: raw raw: - - '> (- ){0}\[?Introduced.+\n[^\n`]' + - '> \[?Introduced.+\n[^\n]' diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt index 43ff584b55..5ed8dc9224 100644 --- a/doc/.vale/gitlab/spelling-exceptions.txt +++ b/doc/.vale/gitlab/spelling-exceptions.txt @@ -45,8 +45,8 @@ autoscales autoscaling awardable awardables -Ayoa Axios +Ayoa Azure B-tree backfilling @@ -90,11 +90,12 @@ callstack callstacks Camo canonicalized +captcha CentOS Certbot +chai changeset changesets -chai ChaosKube chatbot chatbots @@ -127,7 +128,7 @@ crosslinked crosslinking crosslinks Crossplane -CrowdIn +Crowdin CSV cybersecurity Dangerfile @@ -149,6 +150,7 @@ denormalized denormalizes denormalizing denylist +denylisted denylisting denylists deployer @@ -160,7 +162,12 @@ deprovisions dequarantine dequarantined dequarantining +deserialization +deserialize +deserializers +deserializes DevOps +Dhall disambiguates discoverability dismissable @@ -180,6 +187,7 @@ downvotes Dpl Dreamweaver Ecto +ElastiCache Elasticsearch enablement enqueued @@ -209,6 +217,7 @@ fixup Flawfinder Flowdock Fluentd +Flycheck Forgerock formatters Fugit @@ -469,6 +478,7 @@ queryable Quicktime Rackspace Raspbian +rbenv rbtrace Rdoc reachability @@ -675,8 +685,8 @@ triaged triages triaging Trivy -truthy Truststore +truthy Twilio Twitter TypeScript @@ -815,8 +825,10 @@ Worldline Xcode Xeon YouTrack +ytt Yubico Zeitwerk Zendesk +ZenTao zsh Zstandard -- GitLab From b520772ab691456e0d2f639923e623a2ec8be0b5 Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Wed, 24 Nov 2021 06:43:25 +0000 Subject: [PATCH 132/253] Remove unneeded quotes from markdownlint config --- .markdownlint.yml | 48 +++++++++---------- .../markdownlint-no-trailing-spaces.yml | 4 +- doc/index.md | 2 +- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.markdownlint.yml b/.markdownlint.yml index ea7492cf20..bb4c859e19 100644 --- a/.markdownlint.yml +++ b/.markdownlint.yml @@ -1,29 +1,29 @@ --- # Base Markdownlint configuration # Extended Markdownlint configuration in doc/.markdownlint/ -"default": true -"first-header-h1": true -"header-style": - "style": "atx" -"ul-style": - "style": "dash" -"no-trailing-spaces": false -"line-length": false -"no-duplicate-header": - "allow_different_nesting": true -"no-trailing-punctuation": - "punctuation": ".,;:!。,;:!?" -"ol-prefix": - "style": "one" -"no-inline-html": false -"hr-style": - "style": "---" -"no-emphasis-as-heading": false -"first-line-h1": false -"code-block-style": - "style": "fenced" -"proper-names": - "names": [ +default: true +first-header-h1: true +header-style: + style: "atx" +ul-style: + style: "dash" +no-trailing-spaces: false +line-length: false +no-duplicate-header: + allow_different_nesting: true +no-trailing-punctuation: + punctuation: ".,;:!。,;:!?" +ol-prefix: + style: "one" +no-inline-html: false +hr-style: + style: "---" +no-emphasis-as-heading: false +first-line-h1: false +code-block-style: + style: "fenced" +proper-names: + names: [ "Akismet", "Alertmanager", "API", @@ -139,4 +139,4 @@ "YAML", "YouTrack" ] - "code_blocks": false + code_blocks: false diff --git a/doc/.markdownlint/markdownlint-no-trailing-spaces.yml b/doc/.markdownlint/markdownlint-no-trailing-spaces.yml index 71903ae423..8720fbafcb 100644 --- a/doc/.markdownlint/markdownlint-no-trailing-spaces.yml +++ b/doc/.markdownlint/markdownlint-no-trailing-spaces.yml @@ -1,4 +1,4 @@ --- # Extended Markdown configuration to enforce no-trailing-spaces rule -"extends": "../../.markdownlint.yml" -"no-trailing-spaces": true +extends: "../../.markdownlint.yml" +no-trailing-spaces: true diff --git a/doc/index.md b/doc/index.md index c07102ce62..2178198a53 100644 --- a/doc/index.md +++ b/doc/index.md @@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w This is the official, recommended, and supported method to install GitLab on a cloud native environment. NOTE: -It is not necessary to have GitLab installed on Kubernetes in order to use +It is not necessary to have GitLab installed on Kubernetes to use the [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/). ## Introduction -- GitLab From 2ee99fadba22985ab227027796e33ca203db560f Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 24 Nov 2021 17:16:33 +0000 Subject: [PATCH 133/253] [Docs] [Operator] Update references to version 0.2.0 --- doc/installation/operator.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 19c4e9d54a..fdaeedc6dd 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -88,7 +88,7 @@ deployment manifests available in the 1. Deploy the GitLab Operator: ```shell - GL_OPERATOR_VERSION=0.1.0 + GL_OPERATOR_VERSION=0.2.0 # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases PLATFORM=kubernetes # or "openshift" kubectl create namespace gitlab-system kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml @@ -120,7 +120,7 @@ deployment manifests available in the name: example spec: chart: - version: "X.Y.Z" # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/0.1.0/CHART_VERSIONS + version: "X.Y.Z" # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/0.2.0/CHART_VERSIONS values: global: hosts: @@ -188,7 +188,7 @@ To remove the GitLab Operator and its associated resources: 1. Uninstall the GitLab Operator. ```shell - GL_OPERATOR_VERSION=0.1.0 + GL_OPERATOR_VERSION=0.2.0 # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases PLATFORM=kubernetes # or "openshift" kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml ``` -- GitLab From e659b2366ebb3e567add313889a208506134cd97 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 25 Nov 2021 04:02:16 +0000 Subject: [PATCH 134/253] Update gitlab-org/container-registry from 3.16.0-gitlab to 3.17.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 9005448f04..d9dd47016f 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.16.0-gitlab' + tag: 'v3.17.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 2be2f969fb..da8868e5b4 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.16.0-gitlab' + tag: 'v3.17.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.16.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.17.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.16.0-gitlab'` +- `tag: 'v3.17.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From aaddccf99c7bae492aa94d31e17ce9c35b33e736 Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Fri, 26 Nov 2021 15:28:32 +0000 Subject: [PATCH 135/253] Set cluster jobs to only run in main project --- .gitlab-ci.yml | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 73c17aa41c..88a0923a25 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -184,7 +184,7 @@ lint_package: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: <<: *deps_pipeline refs: @@ -219,7 +219,7 @@ review_gke_dev: refs: - /.*-stable/@gitlab/charts/gitlab variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" review_eks: variables: @@ -249,7 +249,7 @@ review_eks: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: <<: *deps_pipeline refs: @@ -273,7 +273,7 @@ stop_review_gke_dev: refs: - /.*-stable/@gitlab/charts/gitlab variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" stop_review_eks: extends: .stop_review_template @@ -312,7 +312,7 @@ stop_review_eks: refs: - master variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" # This job continuously deploys to production on every push to `master`. # To make this a manual process, either because you're enabling `staging` @@ -345,7 +345,7 @@ stop_review_eks: refs: - master variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" stable_gke: extends: .stable @@ -377,7 +377,7 @@ review_helm_test: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: <<: *deps_pipeline refs: @@ -398,7 +398,7 @@ production_helm_test: refs: - master@charts/gitlab variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" debug_review: @@ -421,7 +421,7 @@ debug_review: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: <<: *deps_pipeline refs: @@ -533,8 +533,14 @@ check_docs_links: # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project DOCS_BRANCH: main when: manual + only: + refs: + - branches + variables: + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: - triggers + - master - *com_auto_deploy_branch_ref # Trigger a docs build in gitlab-docs @@ -601,7 +607,7 @@ review_specs_gke: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: refs: - master @@ -623,7 +629,7 @@ review_specs_gke: # refs: # - /.*-stable/@gitlab/charts/gitlab # variables: -# - $KUBECONFIG +# - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" review_specs_eks: extends: .specs @@ -639,7 +645,7 @@ review_specs_eks: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" except: refs: - master @@ -663,7 +669,7 @@ specs_without_cluster: refs: - master variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" production_specs_without_cluster: extends: .production_specs @@ -730,7 +736,7 @@ production_specs_eks: refs: - branches variables: - - $KUBECONFIG + - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" retry: 1 allow_failure: true -- GitLab From 9201d95e8c94870419f6e65cc6d28a1b3e3000f4 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 26 Nov 2021 15:43:11 +0000 Subject: [PATCH 136/253] Update changelog for 5.2.7 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 27f1a2077d..eef04301a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -101,6 +101,10 @@ No changes. - [Update gitlab-org/charts/gitlab-runner from 0.31.0 to 0.32.0](gitlab-org/charts/gitlab@0665982645d842994a54bddb1269fbb694a743cb) ([merge request](gitlab-org/charts/gitlab!2149)) - [Adds pages local_store configuration](gitlab-org/charts/gitlab@426c34858876fe0d52cd4fe880f44771af17e19b) ([merge request](gitlab-org/charts/gitlab!2141)) +## 5.2.7 (2021-11-26) + +No changes. + ## 5.2.6 (2021-10-28) No changes. -- GitLab From a87a252955f508fd0c6ffd218ac494f15bfa0d39 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 26 Nov 2021 15:43:27 +0000 Subject: [PATCH 137/253] Update version mapping for 5.2.7 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 19b310b205..4e8063864a 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -19,6 +19,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.3.2 | 14.3.2 | | 5.3.1 | 14.3.1 | | 5.3.0 | 14.3.0 | +| 5.2.7 | 14.2.7 | | 5.2.6 | 14.2.6 | | 5.2.5 | 14.2.5 | | 5.2.4 | 14.2.4 | -- GitLab From 54ad7c8d69b96c636fbe8a4af0a0e60fe7c669b6 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Fri, 26 Nov 2021 08:27:44 -0800 Subject: [PATCH 138/253] Fixes an issue with reviews running on all dev branches --- .gitlab-ci.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 88a0923a25..5b879fe81a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -184,7 +184,7 @@ lint_package: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: <<: *deps_pipeline refs: @@ -219,7 +219,7 @@ review_gke_dev: refs: - /.*-stable/@gitlab/charts/gitlab variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") review_eks: variables: @@ -249,7 +249,7 @@ review_eks: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: <<: *deps_pipeline refs: @@ -273,7 +273,7 @@ stop_review_gke_dev: refs: - /.*-stable/@gitlab/charts/gitlab variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") stop_review_eks: extends: .stop_review_template @@ -312,7 +312,7 @@ stop_review_eks: refs: - master variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") # This job continuously deploys to production on every push to `master`. # To make this a manual process, either because you're enabling `staging` @@ -345,7 +345,7 @@ stop_review_eks: refs: - master variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") stable_gke: extends: .stable @@ -377,7 +377,7 @@ review_helm_test: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: <<: *deps_pipeline refs: @@ -398,7 +398,7 @@ production_helm_test: refs: - master@charts/gitlab variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") debug_review: @@ -421,7 +421,7 @@ debug_review: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: <<: *deps_pipeline refs: @@ -607,7 +607,7 @@ review_specs_gke: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: refs: - master @@ -629,7 +629,7 @@ review_specs_gke: # refs: # - /.*-stable/@gitlab/charts/gitlab # variables: -# - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" +# - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") review_specs_eks: extends: .specs @@ -645,7 +645,7 @@ review_specs_eks: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") except: refs: - master @@ -669,7 +669,7 @@ specs_without_cluster: refs: - master variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") production_specs_without_cluster: extends: .production_specs @@ -736,7 +736,7 @@ production_specs_eks: refs: - branches variables: - - $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab" + - $KUBECONFIG && ($CI_PROJECT_PATH == "gitlab-org/charts/gitlab" || $CI_PROJECT_PATH == "gitlab/charts/gitlab") retry: 1 allow_failure: true -- GitLab From 13e0a786e19b7d149657cc7201bde103196b1226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20K=C3=A4ppler?= Date: Fri, 26 Nov 2021 16:35:38 +0000 Subject: [PATCH 139/253] Add health-checks settings keys for Sidekiq --- .../charts/sidekiq/templates/configmap.yaml | 6 + .../charts/sidekiq/templates/deployment.yaml | 5 +- charts/gitlab/charts/sidekiq/values.yaml | 4 + spec/configuration/sidekiq_spec.rb | 133 ++++++++++++++++++ 4 files changed, 146 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index a159788ca9..d773d7dd81 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -118,6 +118,12 @@ data: enabled: true address: 0.0.0.0 port: {{ .Values.metrics.port }} +{{- end }} + sidekiq_health_checks: +{{- if .Values.health_checks.enabled }} + enabled: true + address: 0.0.0.0 + port: {{ .Values.health_checks.port | default .Values.metrics.port }} {{- end }} configure: | {{- include "gitlab.scripts.configure.secrets" (dict "required" "gitaly registry rails-secrets") | nindent 4 -}} diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 8ec49a2178..2768f96d84 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -17,6 +17,7 @@ {{- $railsSecretName := include "gitlab.rails-secrets.secret" . -}} {{- $metricsEnabled := .Values.metrics.enabled -}} {{- $metricsPort := .Values.metrics.port -}} +{{- $healthChecksPort := .Values.health_checks.port | default $metricsPort -}} {{- $metricsAnnotations := .Values.metrics.annotations -}} {{- $configMapChecksum := include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- range .Values.pods -}} @@ -249,7 +250,7 @@ spec: livenessProbe: httpGet: path: /liveness - port: {{ $.Values.metrics.port }} + port: {{ $healthChecksPort }} initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} @@ -258,7 +259,7 @@ spec: readinessProbe: httpGet: path: /readiness - port: {{ $.Values.metrics.port }} + port: {{ $healthChecksPort }} initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index d9087d7e2f..82eb57aebf 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -50,6 +50,10 @@ metrics: gitlab.com/prometheus_port: "3807" prometheus.io/scrape: "true" prometheus.io/port: "3807" + +health_checks: + enabled: true + redis: password: {} diff --git a/spec/configuration/sidekiq_spec.rb b/spec/configuration/sidekiq_spec.rb index e55022340a..4304ee834d 100644 --- a/spec/configuration/sidekiq_spec.rb +++ b/spec/configuration/sidekiq_spec.rb @@ -150,6 +150,139 @@ describe 'Sidekiq configuration' do end end + context 'when configuring monitoring' do + let(:values) { default_values } + let(:template) { HelmTemplate.new(values) } + let(:gitlab_yml) { YAML.safe_load(template.dig('ConfigMap/test-sidekiq', 'data', 'gitlab.yml.erb')) } + let(:monitoring) { gitlab_yml.dig('production', 'monitoring') } + + context 'sidekiq_exporter' do + context 'when not configured' do + it 'uses default settings' do + expect(monitoring).to include( + 'sidekiq_exporter' => { + 'enabled' => true, + 'address' => '0.0.0.0', + 'port' => 3807 + } + ) + end + end + + context 'when disabled' do + let(:values) do + YAML.safe_load(%( + gitlab: + sidekiq: + metrics: + enabled: false + )).deep_merge(default_values) + end + + it 'emits empty hash' do + expect(monitoring['sidekiq_exporter']).to be(nil) + end + end + + context 'when custom values are set' do + let(:values) do + YAML.safe_load(%( + gitlab: + sidekiq: + metrics: + enabled: true + port: 2222 + )).deep_merge(default_values) + end + + it 'uses these settings' do + expect(monitoring).to include( + 'sidekiq_exporter' => { + 'enabled' => true, + 'address' => '0.0.0.0', + 'port' => 2222 + } + ) + end + end + end + + context 'sidekiq_health_checks' do + context 'when not configured' do + it 'uses default settings' do + expect(monitoring).to include( + 'sidekiq_health_checks' => { + 'enabled' => true, + 'address' => '0.0.0.0', + 'port' => 3807 + } + ) + end + + context 'when sidekiq_exporter is configured' do + let(:values) do + YAML.safe_load(%( + gitlab: + sidekiq: + metrics: + enabled: true + port: 2222 + health_checks: + enabled: true + )).deep_merge(default_values) + end + + it 'inherits its settings' do + expect(monitoring).to include( + 'sidekiq_health_checks' => { + 'enabled' => true, + 'address' => '0.0.0.0', + 'port' => 2222 + } + ) + end + end + end + + context 'when disabled' do + let(:values) do + YAML.safe_load(%( + gitlab: + sidekiq: + health_checks: + enabled: false + )).deep_merge(default_values) + end + + it 'emits empty hash' do + expect(monitoring['sidekiq_health_checks']).to be(nil) + end + end + + context 'when custom values are set' do + let(:values) do + YAML.safe_load(%( + gitlab: + sidekiq: + health_checks: + enabled: true + port: 2222 + )).deep_merge(default_values) + end + + it 'uses these settings' do + expect(monitoring).to include( + 'sidekiq_health_checks' => { + 'enabled' => true, + 'address' => '0.0.0.0', + 'port' => 2222 + } + ) + end + end + end + end + context 'when configuring memoryKiller' do let(:default_values) do YAML.safe_load(%( -- GitLab From a5228a7f81fa6bf8d4788b06ccbed4ff9e3cbb74 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 26 Nov 2021 16:53:44 +0000 Subject: [PATCH 140/253] Update changelog for 5.3.5 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eef04301a7..16e1bf00d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,6 +63,10 @@ No changes. - [Remove reference to deprecated operator](gitlab-org/charts/gitlab@d03e3293fdfe698eb3b5defe0b919351ef9485eb) ([merge request](gitlab-org/charts/gitlab!2197)) - [Add $PLATFORM to installation commands](gitlab-org/charts/gitlab@8e72a88fb391cb98f64e712b07e65d65db4ab8fd) ([merge request](gitlab-org/charts/gitlab!2190)) +## 5.3.5 (2021-11-26) + +No changes. + ## 5.3.4 (2021-10-28) No changes. -- GitLab From af6eed9e4bbf69b7ed57aa0cd52e28eac4b754fb Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 26 Nov 2021 16:54:00 +0000 Subject: [PATCH 141/253] Update version mapping for 5.3.5 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 4e8063864a..f379f1b879 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -14,6 +14,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | +| 5.3.5 | 14.3.5 | | 5.3.4 | 14.3.4 | | 5.3.3 | 14.3.3 | | 5.3.2 | 14.3.2 | -- GitLab From 276ec7ed320cddf01500d035a4c42294884ea18a Mon Sep 17 00:00:00 2001 From: Catalin Irimie Date: Mon, 29 Nov 2021 08:24:27 +0000 Subject: [PATCH 142/253] Minor Geo Helm docs fixes --- doc/advanced/geo/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/advanced/geo/index.md b/doc/advanced/geo/index.md index 54ea3a91b8..fbefc80160 100644 --- a/doc/advanced/geo/index.md +++ b/doc/advanced/geo/index.md @@ -189,7 +189,7 @@ After the configuration above is prepared: for the Secondary database to be able to replicate (save this output): ```shell - cat ~gitlab-psql/data/server.crt` + cat ~gitlab-psql/data/server.crt ``` ## Deploy chart as Geo Primary @@ -468,7 +468,7 @@ Secondary Kubernetes deployment: - `gitlab-geo-gitlab-shell-host-keys` - `gitlab-geo-rails-secret` -- `gitlab-registry-secret`, if Registry replication is enabled. +- `gitlab-geo-registry-secret`, if Registry replication is enabled. 1. Change your `kubectl` context to that of your Primary. 1. Collect these secrets from the Primary deployment: @@ -476,7 +476,7 @@ Secondary Kubernetes deployment: ```shell kubectl get --namespace gitlab -o yaml secret gitlab-geo-gitlab-shell-host-keys > ssh-host-keys.yaml kubectl get --namespace gitlab -o yaml secret gitlab-geo-rails-secret > rails-secrets.yaml - kubectl get --namespace gitlab -o yaml secret gitlab-registry-secret > registry-secrets.yaml + kubectl get --namespace gitlab -o yaml secret gitlab-geo-registry-secret > registry-secrets.yaml ``` 1. Change your `kubectl` context to that of your Secondary. -- GitLab From d2f5f62d058e309bb80e544a6b62bcdaf42bdc41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Pereira?= Date: Tue, 30 Nov 2021 16:32:43 +0000 Subject: [PATCH 143/253] Fix container registry MinIO configuration example --- examples/objectstorage/registry.minio.yaml | 6 +++--- examples/objectstorage/registry.s3.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/objectstorage/registry.minio.yaml b/examples/objectstorage/registry.minio.yaml index 0978d07a7b..3354adaec6 100644 --- a/examples/objectstorage/registry.minio.yaml +++ b/examples/objectstorage/registry.minio.yaml @@ -3,11 +3,11 @@ # See https://docs.gitlab.com/ee/administration/job_artifacts.html#s3-compatible-connection-settings # See https://gitlab.com/gitlab-org/charts/gitlab/tree/master/doc/charts/registry/#storage # See https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/advanced/external-object-storage +# See https://gitlab.com/gitlab-org/container-registry/-/tree/master/docs-gitlab#additional-parameters s3: - aws_signature_version: 4 - host: storage.example.com + v4auth: true regionendpoint: "https://storage.example.com:9000" - path_style: true + pathstyle: true region: us-east-1 bucket: registry accesskey: ACCESSKEY diff --git a/examples/objectstorage/registry.s3.yaml b/examples/objectstorage/registry.s3.yaml index 54e247877f..f6aeaa592b 100644 --- a/examples/objectstorage/registry.s3.yaml +++ b/examples/objectstorage/registry.s3.yaml @@ -3,6 +3,7 @@ # See https://docs.docker.com/registry/storage-drivers/s3 # See https://gitlab.com/gitlab-org/charts/gitlab/tree/master/doc/charts/registry/#storage # See https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/advanced/external-object-storage +# See https://gitlab.com/gitlab-org/container-registry/-/tree/master/docs-gitlab#additional-parameters s3: bucket: gitlab-registry-storage accesskey: BOGUS_ACCESS_KEY -- GitLab From bad601e7256e118cd94a4bb95ed49f23ab50861b Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Tue, 30 Nov 2021 19:55:21 +0000 Subject: [PATCH 144/253] Update danger to use the new work classification labels --- scripts/support/changelog/Dangerfile | 2 +- scripts/support/metadata/Dangerfile | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/support/changelog/Dangerfile b/scripts/support/changelog/Dangerfile index 733a97d4a3..e1079b78a7 100644 --- a/scripts/support/changelog/Dangerfile +++ b/scripts/support/changelog/Dangerfile @@ -32,7 +32,7 @@ end NO_CHANGELOG_LABELS = [ 'documentation', - 'tooling', + 'type::tooling', 'tooling::pipelines', 'tooling::workflow', 'ci-build', diff --git a/scripts/support/metadata/Dangerfile b/scripts/support/metadata/Dangerfile index d88214703a..40fe9ca27b 100644 --- a/scripts/support/metadata/Dangerfile +++ b/scripts/support/metadata/Dangerfile @@ -1,12 +1,13 @@ WORKTYPE_LABELS = [ 'Community contribution', 'security', - 'bug', - 'feature', + 'type::bug', + 'type::feature', 'feature::addition', 'feature::enhancement', 'feature::maintenance', - 'tooling', + 'type::maintenance', + 'type::tooling', 'tooling::pipelines', 'tooling::workflow', 'documentation' -- GitLab From 08c6f4596493288cb20af337d851f522bcfda05d Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 30 Nov 2021 21:09:08 +0000 Subject: [PATCH 145/253] Refactor and document templating of passwords --- .../gitaly/templates/_configmap_spec.yaml | 2 +- .../charts/mailroom/templates/configmap.yaml | 8 +-- .../charts/praefect/templates/configmap.yaml | 10 +-- .../charts/webservice/templates/configmap.yml | 2 +- charts/gitlab/templates/_database.yml.tpl | 2 +- charts/gitlab/templates/_geo.tpl | 2 +- charts/gitlab/templates/_gitlab.yaml.tpl | 2 +- charts/gitlab/templates/_ldap.tpl | 2 +- charts/gitlab/templates/_objectStorage.tpl | 4 +- charts/gitlab/templates/_praefect.tpl | 2 +- charts/gitlab/templates/_pseudonymizer.tpl | 4 +- doc/development/style_guide.md | 68 +++++++++++++++++++ spec/configuration/mailroom_spec.rb | 8 +-- spec/configuration/pages_spec.rb | 4 +- 14 files changed, 94 insertions(+), 26 deletions(-) diff --git a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml index 15447fd4fe..1224025cd7 100644 --- a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml +++ b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml @@ -99,7 +99,7 @@ data: {{- end }} [auth] - token = "<%= File.read('/etc/gitlab-secrets/gitaly/gitaly_token').strip.dump[1..-2] %>" + token = <%= File.read('/etc/gitlab-secrets/gitaly/gitaly_token').strip.to_json %> [git] {{- with .Values.git }} diff --git a/charts/gitlab/charts/mailroom/templates/configmap.yaml b/charts/gitlab/charts/mailroom/templates/configmap.yaml index f82581ea5f..8afee38986 100644 --- a/charts/gitlab/charts/mailroom/templates/configmap.yaml +++ b/charts/gitlab/charts/mailroom/templates/configmap.yaml @@ -29,14 +29,14 @@ data: :inbox_options: :tenant_id: "{{ .tenantId }}" :client_id: "{{ .clientId }}" - :client_secret: "<%= File.read("/etc/gitlab/mailroom/client_id_incoming_email").strip.dump[1..-2] %>" + :client_secret: <%= File.read("/etc/gitlab/mailroom/client_id_incoming_email").strip.to_json %> :poll_interval: {{ .pollInterval }} {{- else }} :host: {{ .host }} :port: {{ .port }} :ssl: {{ .ssl }} :start_tls: {{ .startTls }} - :password: "<%= File.read("/etc/gitlab/mailroom/password_incoming_email").strip.dump[1..-2] %>" + :password: <%= File.read("/etc/gitlab/mailroom/password_incoming_email").strip.to_json %> :idle_timeout: {{ .idleTimeout }} {{- end }} {{- end }} @@ -68,14 +68,14 @@ data: :inbox_options: :tenant_id: "{{ .tenantId }}" :client_id: "{{ .clientId }}" - :client_secret: "<%= File.read("/etc/gitlab/mailroom/client_id_service_desk").strip.dump[1..-2] %>" + :client_secret: <%= File.read("/etc/gitlab/mailroom/client_id_service_desk").strip.to_json %> :poll_interval: {{ .pollInterval }} {{- else }} :host: {{ .host }} :port: {{ .port }} :ssl: {{ .ssl }} :start_tls: {{ .startTls }} - :password: "<%= File.read("/etc/gitlab/mailroom/password_service_desk").strip.dump[1..-2] %>" + :password: <%= File.read("/etc/gitlab/mailroom/password_service_desk").strip.to_json %> :idle_timeout: {{ .idleTimeout }} {{- end }} {{- end }} diff --git a/charts/gitlab/charts/praefect/templates/configmap.yaml b/charts/gitlab/charts/praefect/templates/configmap.yaml index 358354bb58..c0a9e5b1e2 100644 --- a/charts/gitlab/charts/praefect/templates/configmap.yaml +++ b/charts/gitlab/charts/praefect/templates/configmap.yaml @@ -19,8 +19,8 @@ data: cp -v -L /init-config/praefect.key /init-secrets/praefect/praefect.key {{- end }} config.toml.erb: | - <% gitaly_token = File.read('/etc/gitlab-secrets/praefect/gitaly_token').strip.dump[1..-2] %> - <% praefect_token = File.read('/etc/gitlab-secrets/praefect/praefect_token').strip.dump[1..-2] %> + <% gitaly_token = File.read('/etc/gitlab-secrets/praefect/gitaly_token').strip.to_json %> + <% praefect_token = File.read('/etc/gitlab-secrets/praefect/praefect_token').strip.to_json %> # TCP address to listen on listen_addr = '0.0.0.0:{{ include "gitlab.praefect.internalPort" . }}' @@ -44,7 +44,7 @@ data: read_only_after_failover = {{ .Values.failover.readonlyAfter }} [auth] - token = "<%= praefect_token %>" + token = <%= praefect_token %> transitioning = false [logging] @@ -84,7 +84,7 @@ data: {{- $podAddress := include "gitlab.praefect.gitaly.qualifiedServiceName" (dict "context" $globalContext "index" . "name" $storageName) }} storage = '{{ $serviceName }}-{{ . }}' address = '{{ printf "%s://%s.%s.svc:%s" $scheme $podAddress $globalContext.Release.Namespace $port }}' - token = "<%= gitaly_token %>" + token = <%= gitaly_token %> {{- end }} {{ end }} @@ -92,6 +92,6 @@ data: host = '{{ template "gitlab.praefect.psql.host" . }}' port = {{ template "gitlab.praefect.psql.port" . }} user = '{{ template "gitlab.praefect.psql.user" . }}' - password = '<%= File.read("/etc/gitlab-secrets/praefect/db_password") %>' + password = <%= File.read("/etc/gitlab-secrets/praefect/db_password").strip.to_json %> dbname = '{{ template "gitlab.praefect.psql.dbName" . }}' sslmode = '{{ $.Values.global.praefect.psql.sslMode }}' diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 3952632658..0a761a8c94 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -181,7 +181,7 @@ data: Sentinel = [ {{ template "gitlab.redis.workhorse.sentinel-list" $ }} ] {{- end }} {{- if $.Values.global.redis.password.enabled }} - Password = "{% file.Read "/etc/gitlab/redis/redis-password" | strings.TrimSpace %}" + Password = {% file.Read "/etc/gitlab/redis/redis-password" | strings.TrimSpace | data.ToJSON %} {{- end }} {{- end }} {{- include "workhorse.object_storage.config" $ | nindent 4 }} diff --git a/charts/gitlab/templates/_database.yml.tpl b/charts/gitlab/templates/_database.yml.tpl index a4b16beb1f..aea6f6f883 100644 --- a/charts/gitlab/templates/_database.yml.tpl +++ b/charts/gitlab/templates/_database.yml.tpl @@ -17,7 +17,7 @@ production: encoding: unicode database: {{ template "gitlab.psql.database" $context }} username: {{ template "gitlab.psql.username" $context }} - password: "<%= File.read({{ template "gitlab.psql.password.file" $context }}).strip.dump[1..-2] %>" + password: <%= File.read({{ template "gitlab.psql.password.file" $context }}).strip.to_json %> host: {{ include "gitlab.psql.host" $context | quote }} port: {{ template "gitlab.psql.port" $context }} connect_timeout: {{ template "gitlab.psql.connectTimeout" $context }} diff --git a/charts/gitlab/templates/_geo.tpl b/charts/gitlab/templates/_geo.tpl index 7ccb207ed2..74329a3eeb 100644 --- a/charts/gitlab/templates/_geo.tpl +++ b/charts/gitlab/templates/_geo.tpl @@ -33,7 +33,7 @@ production: encoding: unicode database: {{ template "gitlab.geo.psql.database" . }} username: {{ template "gitlab.geo.psql.username" . }} - password: "<%= File.read("/etc/gitlab/postgres/geo-psql-password").strip.dump[1..-2] %>" + password: <%= File.read("/etc/gitlab/postgres/geo-psql-password").strip.to_json %> host: {{ template "gitlab.geo.psql.host" . }} port: {{ template "gitlab.geo.psql.port" . }} # load_balancing: diff --git a/charts/gitlab/templates/_gitlab.yaml.tpl b/charts/gitlab/templates/_gitlab.yaml.tpl index 7bdce3ccbe..7ccc2422d1 100644 --- a/charts/gitlab/templates/_gitlab.yaml.tpl +++ b/charts/gitlab/templates/_gitlab.yaml.tpl @@ -1,7 +1,7 @@ {{- define "gitlab.appConfig.gitaly" -}} gitaly: client_path: /home/git/gitaly/bin - token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>" + token: <%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.to_json %> {{- end -}} {{- define "gitlab.appConfig.repositories" -}} diff --git a/charts/gitlab/templates/_ldap.tpl b/charts/gitlab/templates/_ldap.tpl index d1157ef0b4..be56c87b1e 100644 --- a/charts/gitlab/templates/_ldap.tpl +++ b/charts/gitlab/templates/_ldap.tpl @@ -26,7 +26,7 @@ Usage example: {{- $.name }}: {{- toYaml (omit $.config "password") | replace "\r\n" "\n" | trimSuffix "\n" | nindent 2 -}} {{- if and $.config.password (not (kindIs "string" $.config.password ))}} - password: "<%= File.read('/etc/gitlab/ldap/{{ $.name }}/password').strip.dump[1..-2] %>" + password: <%= File.read('/etc/gitlab/ldap/{{ $.name }}/password').strip.to_json %> {{- end -}} {{- end -}}{{/* gitlab.appConfig.ldap.servers.configuration */}} diff --git a/charts/gitlab/templates/_objectStorage.tpl b/charts/gitlab/templates/_objectStorage.tpl index 8523b349fa..58974e8fe1 100644 --- a/charts/gitlab/templates/_objectStorage.tpl +++ b/charts/gitlab/templates/_objectStorage.tpl @@ -51,8 +51,8 @@ connection: host: {{ template "gitlab.minio.hostname" .context }} endpoint: {{ template "gitlab.minio.endpoint" .context }} path_style: true - aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" - aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" + aws_access_key_id: <%= File.read('/etc/gitlab/minio/accesskey').strip.to_json %> + aws_secret_access_key: <%= File.read('/etc/gitlab/minio/secretkey').strip.to_json %> {{- end }} diff --git a/charts/gitlab/templates/_praefect.tpl b/charts/gitlab/templates/_praefect.tpl index 0a008a1ded..c0f9345c90 100644 --- a/charts/gitlab/templates/_praefect.tpl +++ b/charts/gitlab/templates/_praefect.tpl @@ -12,7 +12,7 @@ Return the default praefect storage line for gitlab.yml {{ .name }}: path: /var/opt/gitlab/repo gitaly_address: {{ printf "%s" $scheme }}://{{ template "gitlab.praefect.serviceName" $ }}.{{$.Release.Namespace}}.svc:{{ $port }} - gitaly_token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token_praefect').strip.dump[1..-2] %>" + gitaly_token: <%= File.read('/etc/gitlab/gitaly/gitaly_token_praefect').strip.to_json %> {{- end }} {{- end -}} diff --git a/charts/gitlab/templates/_pseudonymizer.tpl b/charts/gitlab/templates/_pseudonymizer.tpl index 49b9d0573f..7edce6b6d6 100644 --- a/charts/gitlab/templates/_pseudonymizer.tpl +++ b/charts/gitlab/templates/_pseudonymizer.tpl @@ -13,8 +13,8 @@ pseudonymizer: connection: provider: AWS region: us-east-1 - aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>" - aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" + aws_access_key_id: <%= File.read('/etc/gitlab/minio/accesskey').strip.to_json %> + aws_secret_access_key: <%= File.read('/etc/gitlab/minio/secretkey').strip.to_json %> host: {{ template "gitlab.minio.hostname" $ }} endpoint: {{ template "gitlab.minio.endpoint" $ }} path_style: true diff --git a/doc/development/style_guide.md b/doc/development/style_guide.md index 23b7867f74..a2a4067175 100644 --- a/doc/development/style_guide.md +++ b/doc/development/style_guide.md @@ -390,3 +390,71 @@ We make use of standard ERB, and you can expect [`json`](https://docs.ruby-lang. We make use of gomplate in order to remove the size and surface of Ruby within containers. We configure gomplate [syntax](https://docs.gomplate.ca/syntax/) with alternate delimiters of `{% %}`, so not to collide with Helm's use of `{{ }}`. + +### Templating sensitive content + +Secrets have the potential contain characters that could result invalid YAML if +not properly encoded or quoted. Especially for complex passwords, we must be +careful how these strings are added into various configuration formats. + +**Guidelines:** + +1. Quote in the ERB / Gomplate output, _not_ surrounding it. +1. Use a format-native encoder whenever possible. + - For rendered YAML, use JSON strings because YAML is a superset of JSON. + - For rendered TOML, use JSON strings because + [TOML strings](https://toml.io/en/v0.3.0#string) escape similarly. +1. Be wary of complexity, such as quoted strings _inside_ quoted stings such +as database connection strings. + +#### Example of encoding passwords + +Using Gitaly's client secret token as an example. This value is, `gitaly_token`, +is templated into both YAML and TOML. + +Let's use `my"$pec!@l"p#assword%'` as an example: + +```erb +# YAML +gitaly: + token: "<%= File.read('gitaly_token').strip =>" + +# TOML +[auth] +token = "<%= File.read('gitaly_token').strip %>" +``` + +Renders to be invalid YAML, and invalid TOML. + +```yaml +# YAML +gitaly: + token: "my"$pec!@l"p#assword%'" +``` + +> `(): did not find expected key while parsing a block mapping at line 3 column 3` + +```toml +[auth] +token = "my"$pec!@l"p#assword%'" +``` + +> `Error on line 2: Expected Comment, Newline, Whitespace, or end of input but "$" found.` + +This changed to `<%= File.read('gitaly_token').strip.to_json %>` results valid +content format for YAML and TOML. Note the removal of `"` from outside of `<% %>`. + +```yaml +gitaly: + token: "my\"$pec!@l\"p#assword%'" +``` + +This same can be done with gomplate: `{% file.Read "gitaly_token" | strings.TrimSpace | data.ToJSON %}` + +```yaml +gitaly: + # gomplate + token: {% file.Read "./token" | strings.TrimSpace | data.ToJSON %} + # ERB + token: <%= File.read('gitaly_token').strip.to_json %> +``` diff --git a/spec/configuration/mailroom_spec.rb b/spec/configuration/mailroom_spec.rb index 7b7e738342..2450ae023f 100644 --- a/spec/configuration/mailroom_spec.rb +++ b/spec/configuration/mailroom_spec.rb @@ -71,7 +71,7 @@ describe 'Mailroom configuration' do expect(t.exit_code).to eq(0) expect(mail_room_yml[:mailboxes].length).to eq(1) - expect(raw_mail_room_yml).to include(%(:password: "<%= File.read("/etc/gitlab/mailroom/password_incoming_email").strip.dump[1..-2] %>")) + expect(raw_mail_room_yml).to include(%(:password: <%= File.read("/etc/gitlab/mailroom/password_incoming_email").strip.to_json %>)) expect(mailbox[:email]).to eq('myusername') expect(mailbox[:name]).to eq('inbox') expect(mailbox[:delete_after_delivery]).to be true @@ -105,7 +105,7 @@ describe 'Mailroom configuration' do expect(t.exit_code).to eq(0) expect(mail_room_yml[:mailboxes].length).to eq(2) - expect(raw_mail_room_yml).to include(%(:password: "<%= File.read("/etc/gitlab/mailroom/password_service_desk").strip.dump[1..-2] %>")) + expect(raw_mail_room_yml).to include(%(:password: <%= File.read("/etc/gitlab/mailroom/password_service_desk").strip.to_json %>)) expect(mailbox[:email]).to eq('servicedesk') expect(mailbox[:name]).to eq('inbox') expect(mailbox[:delete_after_delivery]).to be true @@ -157,7 +157,7 @@ describe 'Mailroom configuration' do expect(t.exit_code).to eq(0) expect(mail_room_yml[:mailboxes].length).to eq(1) - expect(raw_mail_room_yml).to include(%(:client_secret: "<%= File.read("/etc/gitlab/mailroom/client_id_incoming_email").strip.dump[1..-2] %>")) + expect(raw_mail_room_yml).to include(%(:client_secret: <%= File.read("/etc/gitlab/mailroom/client_id_incoming_email").strip.to_json %>)) expect(mailbox[:inbox_options]).to be_a(Hash) expect(mailbox[:inbox_options][:tenant_id]).to eq('SOME-TENANT-ID') expect(mailbox[:inbox_options][:client_id]).to eq('SOME-CLIENT-ID') @@ -186,7 +186,7 @@ describe 'Mailroom configuration' do expect(t.exit_code).to eq(0) expect(mail_room_yml[:mailboxes].length).to eq(2) - expect(raw_mail_room_yml).to include(%(:client_secret: "<%= File.read("/etc/gitlab/mailroom/client_id_service_desk").strip.dump[1..-2] %>")) + expect(raw_mail_room_yml).to include(%(:client_secret: <%= File.read("/etc/gitlab/mailroom/client_id_service_desk").strip.to_json %>)) expect(mailbox[:inbox_options]).to be_a(Hash) expect(mailbox[:inbox_options][:tenant_id]).to eq('OTHER-TENANT-ID') expect(mailbox[:inbox_options][:client_id]).to eq('OTHER-CLIENT-ID') diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 665b7d0d17..b16cfa6f07 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -220,8 +220,8 @@ describe 'GitLab Pages' do 'host' => 'minio.example.com', 'endpoint' => 'http://test-minio-svc.default.svc:9000', 'path_style' => true, - 'aws_access_key_id' => "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>", - 'aws_secret_access_key' => "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>" + 'aws_access_key_id' => "<%= File.read('/etc/gitlab/minio/accesskey').strip.to_json %>", + 'aws_secret_access_key' => "<%= File.read('/etc/gitlab/minio/secretkey').strip.to_json %>" } }, 'local_store' => { -- GitLab From 3b9337454d8a8940857c94536873565980f08882 Mon Sep 17 00:00:00 2001 From: Jenn Power Date: Tue, 30 Nov 2021 21:56:44 +0000 Subject: [PATCH 146/253] Gitaly: Remove setting location of socket_path --- charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml index 1224025cd7..e9c69e3404 100644 --- a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml +++ b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml @@ -16,7 +16,8 @@ data: listen_addr = "0.0.0.0:{{ coalesce .Values.service.internalPort .Values.global.gitaly.service.internalPort }}" # Directory where internal sockets reside - internal_socket_dir = "/home/git" + # note: no value will result in a `/tmp/gitlab-internal-*` path + # internal_socket_dir = "/home/git" {{- if $.Values.global.gitaly.tls.enabled }} tls_listen_addr = "0.0.0.0:{{ coalesce .Values.service.tls.internalPort .Values.global.gitaly.service.tls.internalPort }}" -- GitLab From ba68860c7fe9fdc1bfa3648308e16b64b06b1d4f Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 1 Dec 2021 10:45:56 +0000 Subject: [PATCH 147/253] Update changelog for 5.5.1 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16e1bf00d6..72a58adc92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.5.1 (2021-12-01) + +No changes. + ## 5.5.0 (2021-11-19) ### Added (3 changes) -- GitLab From c8b999d063cf2defa7ad2c3e4d30aae0f08b4293 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 1 Dec 2021 10:46:15 +0000 Subject: [PATCH 148/253] Update Chart versions to 5.5.1 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 1815be9f2b..0639df9c7d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.5.0 +version: 5.5.1 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 6dd17d5438..b56ad6d8af 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.5.0 +version: 5.5.1 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index e9b3b06609..deb258dfb3 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.5.0 +version: 5.5.1 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 229af333ca..b062ca7242 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.5.0 +version: 5.5.1 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 0a41fc528d..fed85a6582 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.5.0 +version: 5.5.1 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 4bec779c9b..d4c3511d7d 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.5.0 +version: 5.5.1 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 4cc48338be..0dcf4af437 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.5.0 +version: 5.5.1 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index bbc3e972b3..d6b23b0397 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.5.0 +version: 5.5.1 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 0484059f1d..c2709412ad 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.5.0 +version: 5.5.1 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 74c0e79ae0..43fdf17f73 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.5.0 +version: 5.5.1 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index b6628e00d4..85e505af50 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.5.0 +version: 5.5.1 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 2159bcb64c..d346e81e31 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.5.0 +version: 5.5.1 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index ee3e67e6c5..1737ac3c0c 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.5.0 +version: 5.5.1 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 129bb3309d..05d8ae8b98 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.5.0 +version: 5.5.1 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 1689282cbf..b8b141af77 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.5.0 +version: 5.5.1 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 5d9f3ac2a2e958b827e4b715aae3e67c1525ca9e Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 1 Dec 2021 10:46:17 +0000 Subject: [PATCH 149/253] Update version mapping for 5.5.1 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index f379f1b879..dc1401dde7 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | -- GitLab From b0c23c28d9b6a50d0842074a6716cb24e88e0c50 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 1 Dec 2021 17:10:41 +0000 Subject: [PATCH 150/253] Update changelog for 5.4.3 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72a58adc92..0c01a71787 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,10 @@ No changes. - [[Docs] Operator: clarify available chart versions](gitlab-org/charts/gitlab@afcb3d95d2f997cc1d77087bb85a73b918a38101) ([merge request](gitlab-org/charts/gitlab!2268)) +## 5.4.3 (2021-12-01) + +No changes. + ## 5.4.2 (2021-11-08) No changes. -- GitLab From d330c6eeb93af0e0c8ab4016f2df262e3fc03db0 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Wed, 1 Dec 2021 17:10:58 +0000 Subject: [PATCH 151/253] Update version mapping for 5.4.3 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index dc1401dde7..42e69a2826 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -12,6 +12,7 @@ The table below maps some of the key previous chart versions and GitLab versions |---------------|----------------| | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | +| 5.4.3 | 14.4.3 | | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | -- GitLab From 80f8e261b0f1cbed40fe3aeb93d7fab80b612488 Mon Sep 17 00:00:00 2001 From: Nicolas Dular Date: Wed, 1 Dec 2021 20:52:14 +0000 Subject: [PATCH 152/253] Add google tag manager nonce config to gitlab chart --- charts/gitlab/charts/webservice/values.yaml | 1 + charts/gitlab/templates/_gitlab.yaml.tpl | 3 +++ doc/charts/globals.md | 2 ++ values.yaml | 1 + 4 files changed, 7 insertions(+) diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index 395846c979..96c9b08171 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -328,6 +328,7 @@ extra: {} # matomo_site_id: '_your_matomo_site_id' # matomo_disable_cookies: false # one_trust_id: '_your_one_trust_id' + # google_tag_manager_nonce_id: '_your_google_tag_manager_id' rack_attack: git_basic_auth: enabled: false diff --git a/charts/gitlab/templates/_gitlab.yaml.tpl b/charts/gitlab/templates/_gitlab.yaml.tpl index 7ccc2422d1..ca714a8458 100644 --- a/charts/gitlab/templates/_gitlab.yaml.tpl +++ b/charts/gitlab/templates/_gitlab.yaml.tpl @@ -69,6 +69,9 @@ extra: {{ if .extra.oneTrustId }} one_trust_id: {{ .extra.oneTrustId | quote }} {{- end }} + {{ if .extra.googleTagManagerNonceId }} + google_tag_manager_nonce_id: {{ .extra.googleTagManagerNonceId | quote }} + {{- end }} {{- end -}} {{- define "gitlab.appConfig.rackAttack" -}} diff --git a/doc/charts/globals.md b/doc/charts/globals.md index afa521cb1f..671c93c33f 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -809,6 +809,7 @@ global: matomoSiteId: matomoDisableCookies: oneTrustId: + googleTagManagerNonceId: object_store: enabled: false proxy_download: true @@ -987,6 +988,7 @@ under the `extra` key below `appConfig`: | `extra.matomoUrl` | String | (empty) | Matomo URL. | | `extra.matomoDisableCookies`| Boolean | (empty) | Disable Matomo cookies (corresponds to `disableCookies` in the Matomo script) | | `extra.oneTrustId` | String | (empty) | OneTrust ID. | +| `extra.googleTagManagerNonceId` | String | (empty) | Google Tag Manager ID. | ### Consolidated object storage diff --git a/values.yaml b/values.yaml index fd75aba70d..9cf812afef 100644 --- a/values.yaml +++ b/values.yaml @@ -281,6 +281,7 @@ global: matomoSiteId: matomoDisableCookies: oneTrustId: + googleTagManagerNonceId: ## https://docs.gitlab.com/charts/charts/globals#lfs-artifacts-uploads-packages-external-mr-diffs-and-dependency-proxy object_store: -- GitLab From e16cd1822eb5c50bae2b0a8fa8954938cd6ed27d Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 2 Dec 2021 14:28:08 +0000 Subject: [PATCH 153/253] Create Operator MR with `workflow::ready for review` label --- scripts/create_operator_mr.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/create_operator_mr.sh b/scripts/create_operator_mr.sh index 8016c5e7b2..2d1599cbe6 100644 --- a/scripts/create_operator_mr.sh +++ b/scripts/create_operator_mr.sh @@ -26,5 +26,6 @@ pushd /tmp/gitlab-operator || exit -o merge_request.label="devops::enablement" \ -o merge_request.label="section::enablement" \ -o merge_request.label="feature::maintenance" \ - -o merge_request.label="Category:Cloud Native Installation" + -o merge_request.label="Category:Cloud Native Installation" \ + -o merge_request.label="workflow::ready for review" popd || exit -- GitLab From e2a612f53cea9c50df28826d213947dd1c29cd45 Mon Sep 17 00:00:00 2001 From: Aleksei Lipniagov Date: Fri, 3 Dec 2021 15:52:55 +0000 Subject: [PATCH 154/253] Expand multiple-redis example to include 'sessions' --- examples/redis/multiple.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/examples/redis/multiple.yaml b/examples/redis/multiple.yaml index 66af2cab5a..1ea77edc60 100644 --- a/examples/redis/multiple.yaml +++ b/examples/redis/multiple.yaml @@ -45,3 +45,10 @@ global: enabled: true secret: cable-secret key: cable-password + sessions: + host: sessions.redis.example + port: 9005 + password: + enabled: true + secret: sessions-secret + key: sessions-password -- GitLab From 9cc61d8fae46067ca9ccd84075d839a677e77da3 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 22 Nov 2021 04:02:22 +0000 Subject: [PATCH 155/253] Update gitlab-org/charts/gitlab-runner from 0.34.0 to 0.35.0 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 96dcf0c4e4..fc3c703ae6 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.34.0 + version: 0.35.0 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From f43a151b2a0a14201c294fdc34b8e55f43fcdc82 Mon Sep 17 00:00:00 2001 From: Catalin Irimie Date: Mon, 6 Dec 2021 16:15:05 +0000 Subject: [PATCH 156/253] Add Geo secondary proxying section to Geo docs --- doc/advanced/geo/index.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/advanced/geo/index.md b/doc/advanced/geo/index.md index fbefc80160..6ea4bca481 100644 --- a/doc/advanced/geo/index.md +++ b/doc/advanced/geo/index.md @@ -575,6 +575,12 @@ replicating missing data from the **primary** instance. This process is known as Meanwhile, the **primary** instance starts to notify each **secondary** instance of any changes, so that the **secondary** instance can act on those notifications immediately. +## Use Geo proxying for secondary sites + +To serve read-write traffic by proxying to the primary site, you can +[enable Geo secondary proxying](https://docs.gitlab.com/ee/administration/geo/secondary_proxy/) +and use a single, unified URL for all Geo sites. + ## Confirm Operational Status The final step is to verify the Geo replication status on the secondary instance once fully -- GitLab From 925ec49d7ecc1f622f90e5f6b2f4d5ae116a6628 Mon Sep 17 00:00:00 2001 From: John Skarbek Date: Mon, 6 Dec 2021 20:38:37 +0000 Subject: [PATCH 157/253] Add option to configure http-proxy for Pages --- .../gitlab-pages/templates/configmap.yml | 4 ++-- charts/gitlab/charts/gitlab-pages/values.yaml | 1 + doc/charts/gitlab/gitlab-pages/index.md | 1 + spec/configuration/pages_spec.rb | 24 +++++++++++++++++++ 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index af8e177c00..6a059e5fa3 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -41,9 +41,9 @@ data: listen-http=0.0.0.0:9090 {{- else }} {{- if not (empty $.Values.global.pages.externalHttp) }} - listen-http=0.0.0.0:{{ .Values.service.internalPort }} + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:{{ .Values.service.internalPort | int }} {{- else }} - listen-http=0.0.0.0:9090 + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:9090 {{- end }} {{- if not (empty $.Values.global.pages.externalHttps) }} listen-https{{ if .Values.useProxyV2 }}-proxyv2{{ end }}=0.0.0.0:{{ .Values.service.customDomains.internalHttpsPort | int }} diff --git a/charts/gitlab/charts/gitlab-pages/values.yaml b/charts/gitlab/charts/gitlab-pages/values.yaml index 98ac4a9acf..9915aee931 100644 --- a/charts/gitlab/charts/gitlab-pages/values.yaml +++ b/charts/gitlab/charts/gitlab-pages/values.yaml @@ -144,6 +144,7 @@ statusUri: '/-/readiness' tls: minVersion: maxVersion: +useHTTPProxy: false useProxyV2: false useHttp2: true diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 006424457b..37fb727283 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -97,6 +97,7 @@ configurations that can be supplied to the `helm install` command using the | `tls.minVersion` | | Specifies the minimum SSL/TLS version | | `tls.maxVersion` | | Specifies the maximum SSL/TLS version | | `useHttp2` | `true` | Enable HTTP2 support | +| `useHTTPProxy` | `false` | Use this option when GitLab Pages is behind a Reverse Proxy. | | `useProxyV2` | `false` | Force HTTPS request to utilize the PROXYv2 protocol. | | `zipCache.cleanup` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipCache.expiration` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index b16cfa6f07..5b47f7a3e0 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -885,6 +885,30 @@ describe 'GitLab Pages' do end end end + + context 'when using HTTP Proxy' do + let(:pages_enabled_values) do + YAML.safe_load(%( + global: + pages: + enabled: true + externalHttp: + - 1.1.1.1 + externalHttps: + - 1.1.1.1 + gitlab: + gitlab-pages: + useHTTPProxy: true + )) + end + + describe 'pages configuration' do + it 'exposes proper listeners' do + expect(pages_config_data).to match(/listen-proxy=0.0.0.0:8090/) + expect(pages_config_data).not_to match(/listen-http=0.0.0.0:8090/) + end + end + end end end end -- GitLab From e6be164288f9df185893ba8fcca69845cc32f217 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:40:45 +0000 Subject: [PATCH 158/253] Update changelog for 5.5.2 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c01a71787..f1d747995e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.5.2 (2021-12-03) + +No changes. + ## 5.5.1 (2021-12-01) No changes. -- GitLab From 0f80c1664e7b9cf9afeda7b01b0bd8a4e5a573a7 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:41:02 +0000 Subject: [PATCH 159/253] Update Chart versions to 5.5.2 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 0639df9c7d..32d386534e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.5.1 +version: 5.5.2 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index b56ad6d8af..ae46fb64ca 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.5.1 +version: 5.5.2 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index deb258dfb3..9fdb088ee2 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.5.1 +version: 5.5.2 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index b062ca7242..fd4ce2ca92 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.5.1 +version: 5.5.2 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index fed85a6582..977dbca663 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.5.1 +version: 5.5.2 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index d4c3511d7d..5642f12872 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.5.1 +version: 5.5.2 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 0dcf4af437..a29b381656 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.5.1 +version: 5.5.2 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index d6b23b0397..1fbd2c76e8 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.5.1 +version: 5.5.2 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index c2709412ad..73bffee666 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.5.1 +version: 5.5.2 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 43fdf17f73..7a45f1c60e 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.5.1 +version: 5.5.2 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 85e505af50..bcdece56f5 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.5.1 +version: 5.5.2 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index d346e81e31..8d1e141d32 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.5.1 +version: 5.5.2 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 1737ac3c0c..215a033c72 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.5.1 +version: 5.5.2 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 05d8ae8b98..a88117dbfb 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.5.1 +version: 5.5.2 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index b8b141af77..5636c40a04 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.5.1 +version: 5.5.2 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 600fd8fe1821885503dbfe3f4c3428158d898df8 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:41:05 +0000 Subject: [PATCH 160/253] Update version mapping for 5.5.2 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 42e69a2826..399e08446f 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | | 5.4.3 | 14.4.3 | -- GitLab From 3fcbe97b260a3d39ea466ae973417fa5810ad390 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:47:56 +0000 Subject: [PATCH 161/253] Update changelog for 5.4.4 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1d747995e..626e07f535 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,10 @@ No changes. - [[Docs] Operator: clarify available chart versions](gitlab-org/charts/gitlab@afcb3d95d2f997cc1d77087bb85a73b918a38101) ([merge request](gitlab-org/charts/gitlab!2268)) +## 5.4.4 (2021-12-03) + +No changes. + ## 5.4.3 (2021-12-01) No changes. -- GitLab From 369cb75b36e70f836f6aeacd3d436c1b7562fe1f Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:48:11 +0000 Subject: [PATCH 162/253] Update version mapping for 5.4.4 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 399e08446f..4ed3261b18 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -13,6 +13,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | +| 5.4.4 | 14.4.4 | | 5.4.3 | 14.4.3 | | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | -- GitLab From 9c83ad519c719c909241e8a1723485527f1d5a5c Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 22:01:55 +0000 Subject: [PATCH 163/253] Update changelog for 5.3.6 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 626e07f535..3049dd38b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -79,6 +79,10 @@ No changes. - [Remove reference to deprecated operator](gitlab-org/charts/gitlab@d03e3293fdfe698eb3b5defe0b919351ef9485eb) ([merge request](gitlab-org/charts/gitlab!2197)) - [Add $PLATFORM to installation commands](gitlab-org/charts/gitlab@8e72a88fb391cb98f64e712b07e65d65db4ab8fd) ([merge request](gitlab-org/charts/gitlab!2190)) +## 5.3.6 (2021-12-03) + +No changes. + ## 5.3.5 (2021-11-26) No changes. -- GitLab From 0280ab315fdf0c675dcbcddb946e70d1e1a1a349 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 22:02:13 +0000 Subject: [PATCH 164/253] Update version mapping for 5.3.6 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 4ed3261b18..f3a26e29e0 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -18,6 +18,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | +| 5.3.6 | 14.3.6 | | 5.3.5 | 14.3.5 | | 5.3.4 | 14.3.4 | | 5.3.3 | 14.3.3 | -- GitLab From 81d7b25a9fcf0f3e9ac59edd7c6f2315b97e33a2 Mon Sep 17 00:00:00 2001 From: Harish Ramachandran Date: Wed, 8 Dec 2021 05:10:07 +0000 Subject: [PATCH 165/253] Document the rename from task-runner to toolbox --- doc/installation/upgrade.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/doc/installation/upgrade.md b/doc/installation/upgrade.md index b2850ebd50..97ad392ba0 100644 --- a/doc/installation/upgrade.md +++ b/doc/installation/upgrade.md @@ -95,6 +95,28 @@ The steps have been documented in the [5.0 upgrade steps](#upgrade-steps-for-50- As part of the `4.0.0` release of this chart, we upgraded the bundled [PostgreSQL chart](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) from `7.7.0` to `8.9.4`. This is not a drop in replacement. Manual steps need to be performed to upgrade the database. The steps have been documented in the [4.0 upgrade steps](#upgrade-steps-for-40-release). +## Upgrade steps for 5.5 release + +The `task-runner` chart [was renamed](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2099/diffs) +to `toolbox` and removed in `5.5.0`. As a result, any mention of `task-runner` +in your configuration should be renamed to `toolbox`. In version 5.5 and newer, +use the `toolbox` chart, and in version 5.4 and older, use the `task-runner` chart. + +### Missing object storage secret error + +Upgrading to 5.5 or newer might cause an error similar to the following: + +```shell +Error: UPGRADE FAILED: execution error at (gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml:227:23): A valid backups.objectStorage.config.secret is needed! +``` + +If the secret mentioned in the error already exists and is correct, then this error +is likely because there is an object storage configuration value that still references +`task-runner` instead of the new `toolbox`. Rename `task-runner` to `toolbox` in your +configuration to fix this. + +There is an [open issue about clarifying the error message](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3004). + ## Upgrade steps for 5.0 release The `5.0.0` release requires manual steps in order to perform the upgrade. If you're using the -- GitLab From 972be5d1ab0200385fe79ac66e95bd17bb75a753 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 8 Dec 2021 23:21:40 +0000 Subject: [PATCH 166/253] Ensure 'task-runner' -> 'toolbox' deprecation notice appears first --- .../charts/toolbox/templates/deployment.yaml | 4 +-- spec/integration/check_config_spec.rb | 32 +++++++++++++++++++ templates/_checkConfig.tpl | 15 +++++++++ templates/_deprecations.tpl | 1 + 4 files changed, 50 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/deployment.yaml b/charts/gitlab/charts/toolbox/templates/deployment.yaml index e59bedc232..94029bce66 100644 --- a/charts/gitlab/charts/toolbox/templates/deployment.yaml +++ b/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -224,14 +224,14 @@ spec: {{- include "gitlab.registry.notificationSecret.mount" $ | nindent 10 -}} {{- if or .Values.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) }} - secret: - name: {{ required "A valid backups.objectStorage.config.secret is needed!" .Values.backups.objectStorage.config.secret }} + name: {{ .Values.backups.objectStorage.config.secret }} items: - key: {{ default "config" .Values.backups.objectStorage.config.key }} path: objectstorage/.s3cfg {{- end }} {{- if eq .Values.backups.objectStorage.backend "gcs" }} - secret: - name: {{ required "A valid backups.objectStorage.config.secret is needed!" .Values.backups.objectStorage.config.secret }} + name: {{ .Values.backups.objectStorage.config.secret }} items: - key: {{ default "config" .Values.backups.objectStorage.config.key }} path: objectstorage/{{ default "config" .Values.backups.objectStorage.config.key }} diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index bcce8aaf78..78045dd9d4 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -669,6 +669,38 @@ describe 'checkConfig template' do error_description: 'when toolbox has persistence enabled and more than one replica' end + describe 'gitlab.toolbox.backups.objectStorage.config.secret' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + # secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_output) { 'A valid object storage config secret is needed for backups.' } + + include_examples 'config validation', + success_description: 'when toolbox has a valid object storage backup secret configured', + error_description: 'when toolbox does not have a valid object storage backup secret configured' + end + describe 'multipleRedis' do let(:success_values) do YAML.safe_load(%( diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 7b67f6ffb5..3f47ad7888 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -37,6 +37,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.geo.database" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} {{- $messages = append $messages (include "gitlab.toolbox.replicas" .) -}} +{{- $messages = append $messages (include "gitlab.toolbox.backups.objectStorage.config.secret" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.hostWhenNoInstall" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.postgresql.deprecatedVersion" .) -}} @@ -310,6 +311,20 @@ gitaly: {{- end -}} {{/* END gitlab.checkConfig.gitaly.extern.repos */}} +{{/* +Ensure that a valid object storage config secret is provided. +*/}} +{{- define "gitlab.toolbox.backups.objectStorage.config.secret" -}} +{{- if or .Values.gitlab.toolbox.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) (eq .Values.gitlab.toolbox.backups.objectStorage.backend "gcs") }} +{{- if not .Values.gitlab.toolbox.backups.objectStorage.config.secret -}} +toolbox: + A valid object storage config secret is needed for backups. + Please configure it via `gitlab.toolbox.backups.objectStorage.config.secret`. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.toolbox.backups.objectStorage.config.secret */}} + {{/* Ensure that gitlab/toolbox is not configured with `replicas` > 1 if persistence is enabled. diff --git a/templates/_deprecations.tpl b/templates/_deprecations.tpl index 90fd18f6aa..cfa360362a 100644 --- a/templates/_deprecations.tpl +++ b/templates/_deprecations.tpl @@ -420,6 +420,7 @@ global.imagePullPolicy: {{- if index .Values.gitlab "task-runner" }} gitlab.task-runner: The configuration of `gitlab.task-runner` has been renamed. Please use `gitlab.toolbox` instead. + If you have enabled persistence for `task-runner` and/or its CronJob for backups, you may need to manually bind the new `toolbox` PVC to the previous `task-runner` PV. {{- end -}} {{- end -}} -- GitLab From f149130075a08b3b9acbe8417719ca0ee4439347 Mon Sep 17 00:00:00 2001 From: Craig Norris Date: Thu, 9 Dec 2021 15:36:59 +0000 Subject: [PATCH 167/253] Add tier badge to Charts docs --- doc/backup-restore/backup.md | 4 ++-- doc/backup-restore/index.md | 4 ++-- doc/backup-restore/restore.md | 4 ++-- doc/charts/gitlab/gitaly/index.md | 4 ++-- doc/charts/gitlab/gitlab-exporter/index.md | 4 ++-- doc/charts/gitlab/gitlab-grafana/index.md | 4 ++-- doc/charts/gitlab/gitlab-pages/index.md | 4 ++-- doc/charts/gitlab/gitlab-runner/index.md | 4 ++-- doc/charts/gitlab/gitlab-shell/index.md | 4 ++-- doc/charts/gitlab/kas/index.md | 4 ++-- doc/charts/gitlab/mailroom/index.md | 4 ++-- doc/charts/gitlab/migrations/index.md | 4 ++-- doc/charts/gitlab/praefect/index.md | 4 ++-- doc/charts/gitlab/sidekiq/index.md | 4 ++-- doc/charts/gitlab/toolbox/index.md | 4 ++-- doc/charts/gitlab/webservice/index.md | 4 ++-- doc/charts/globals.md | 4 ++-- doc/charts/index.md | 4 ++-- doc/charts/minio/index.md | 4 ++-- doc/charts/nginx/fork.md | 4 ++-- doc/charts/nginx/index.md | 4 ++-- doc/charts/registry/index.md | 4 ++-- doc/charts/shared-secrets.md | 4 ++-- 23 files changed, 46 insertions(+), 46 deletions(-) diff --git a/doc/backup-restore/backup.md b/doc/backup-restore/backup.md index 673c1c5aad..96b9113bc5 100644 --- a/doc/backup-restore/backup.md +++ b/doc/backup-restore/backup.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Backing up a GitLab installation +# Backing up a GitLab installation **(FREE SELF)** GitLab backups are taken by running the `backup-utility` command in the Toolbox pod provided in the chart. Backups can also be automated by enabling the [Cron based backup](#cron-based-backup) functionality of this chart. diff --git a/doc/backup-restore/index.md b/doc/backup-restore/index.md index ffa4bccfd8..f352a81ce4 100644 --- a/doc/backup-restore/index.md +++ b/doc/backup-restore/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Backup and restore a GitLab instance +# Backup and restore a GitLab instance **(FREE SELF)** GitLab Helm chart provides a utility pod from the Toolbox sub-chart that acts as an interface for the purpose of backing up and restoring GitLab instances. It is equipped with a `backup-utility` executable which interacts with other necessary pods for this task. Technical details for how the utility works can be found in the [architecture documentation](../architecture/backup-restore.md). diff --git a/doc/backup-restore/restore.md b/doc/backup-restore/restore.md index 39afda5b42..bf2d8fd0c4 100644 --- a/doc/backup-restore/restore.md +++ b/doc/backup-restore/restore.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Restoring a GitLab installation +# Restoring a GitLab installation **(FREE SELF)** > To obtain a backup tarball of an existing GitLab instance that used other installation methods like an Omnibus GitLab package or Omnibus GitLab Helm chart, follow the instructions [given in documentation](https://docs.gitlab.com/ee/raketasks/backup_restore.html#creating-a-backup-of-the-gitlab-system) > diff --git a/doc/charts/gitlab/gitaly/index.md b/doc/charts/gitlab/gitaly/index.md index a19cd177be..8112f807f6 100644 --- a/doc/charts/gitlab/gitaly/index.md +++ b/doc/charts/gitlab/gitaly/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Gitaly chart +# Using the GitLab-Gitaly chart **(FREE SELF)** The `gitaly` sub-chart provides a configurable deployment of Gitaly Servers. diff --git a/doc/charts/gitlab/gitlab-exporter/index.md b/doc/charts/gitlab/gitlab-exporter/index.md index 4b2c5d8309..217a345824 100644 --- a/doc/charts/gitlab/gitlab-exporter/index.md +++ b/doc/charts/gitlab/gitlab-exporter/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Exporter chart +# Using the GitLab-Exporter chart **(FREE SELF)** The `gitlab-exporter` sub-chart provides Prometheus metrics for GitLab application-specific data. It talks to PostgreSQL directly to perform diff --git a/doc/charts/gitlab/gitlab-grafana/index.md b/doc/charts/gitlab/gitlab-grafana/index.md index caf072a0d6..a91ddcb1ed 100644 --- a/doc/charts/gitlab/gitlab-grafana/index.md +++ b/doc/charts/gitlab/gitlab-grafana/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Grafana chart +# Using the GitLab-Grafana chart **(FREE SELF)** The `gitlab-grafana` subchart adapts the [`grafana/grafana`](https://artifacthub.io/packages/helm/grafana/grafana) chart to operate correctly with the same level of configuration as the Omnibus diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 37fb727283..8ef140d2e2 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Pages chart +# Using the GitLab Pages chart **(FREE SELF)** The `gitlab-pages` subchart provides a daemon for serving static websites from GitLab projects. diff --git a/doc/charts/gitlab/gitlab-runner/index.md b/doc/charts/gitlab/gitlab-runner/index.md index bcec460ef3..b23164455d 100644 --- a/doc/charts/gitlab/gitlab-runner/index.md +++ b/doc/charts/gitlab/gitlab-runner/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Runner chart +# Using the GitLab Runner chart **(FREE SELF)** The GitLab Runner subchart provides a GitLab Runner for running CI jobs. It is enabled by default and should work out of the box with support for caching using s3 compatible object storage. diff --git a/doc/charts/gitlab/gitlab-shell/index.md b/doc/charts/gitlab/gitlab-shell/index.md index c97398c00f..7f11f158f4 100644 --- a/doc/charts/gitlab/gitlab-shell/index.md +++ b/doc/charts/gitlab/gitlab-shell/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Shell chart +# Using the GitLab Shell chart **(FREE SELF)** The `gitlab-shell` sub-chart provides an SSH server configured for Git SSH access to GitLab. diff --git a/doc/charts/gitlab/kas/index.md b/doc/charts/gitlab/kas/index.md index 28aedb119d..c5e0e1278d 100644 --- a/doc/charts/gitlab/kas/index.md +++ b/doc/charts/gitlab/kas/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Kas chart +# Using the GitLab-Kas chart **(FREE SELF)** The `kas` sub-chart provides a configurable deployment of the [Kubernetes Agent Server](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent#gitlab-kubernetes-agent-server-kas), which is the server-side component of the [GitLab Kubernetes Agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) implementation. diff --git a/doc/charts/gitlab/mailroom/index.md b/doc/charts/gitlab/mailroom/index.md index b67af142ee..e7b7060f03 100644 --- a/doc/charts/gitlab/mailroom/index.md +++ b/doc/charts/gitlab/mailroom/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Mailroom chart +# Using the Mailroom chart **(FREE SELF)** The Mailroom Pod handles the ingestion of email into the GitLab application. diff --git a/doc/charts/gitlab/migrations/index.md b/doc/charts/gitlab/migrations/index.md index 62c9d4dba6..8a2fe7137d 100644 --- a/doc/charts/gitlab/migrations/index.md +++ b/doc/charts/gitlab/migrations/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Migrations Chart +# Using the GitLab-Migrations Chart **(FREE SELF)** The `migrations` sub-chart provides a single migration [Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) that handles seeding/migrating the GitLab database. The chart runs using the GitLab Rails codebase. diff --git a/doc/charts/gitlab/praefect/index.md b/doc/charts/gitlab/praefect/index.md index 62ae41cd09..854cc97fe6 100644 --- a/doc/charts/gitlab/praefect/index.md +++ b/doc/charts/gitlab/praefect/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Praefect chart (alpha) +# Using the Praefect chart (alpha) **(FREE SELF)** WARNING: The Praefect chart is still under development. The alpha version is not yet suitable for production use. Upgrades may require significant manual intervention. diff --git a/doc/charts/gitlab/sidekiq/index.md b/doc/charts/gitlab/sidekiq/index.md index 50096800c9..a45ff49b92 100644 --- a/doc/charts/gitlab/sidekiq/index.md +++ b/doc/charts/gitlab/sidekiq/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Sidekiq chart +# Using the GitLab-Sidekiq chart **(FREE SELF)** The `sidekiq` sub-chart provides configurable deployment of Sidekiq workers, explicitly designed to provide separation of queues across multiple `Deployment`s with individual diff --git a/doc/charts/gitlab/toolbox/index.md b/doc/charts/gitlab/toolbox/index.md index d5f00cb4e0..eb572757d2 100644 --- a/doc/charts/gitlab/toolbox/index.md +++ b/doc/charts/gitlab/toolbox/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Toolbox +# Toolbox **(FREE SELF)** The Toolbox Pod is used to execute periodic housekeeping tasks within the GitLab application. These tasks include backups, Sidekiq maintenance, diff --git a/doc/charts/gitlab/webservice/index.md b/doc/charts/gitlab/webservice/index.md index 32572ad817..2589e3b838 100644 --- a/doc/charts/gitlab/webservice/index.md +++ b/doc/charts/gitlab/webservice/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Webservice Chart +# Using the GitLab Webservice Chart **(FREE SELF)** The `webservice` sub-chart provides the GitLab Rails webserver with two Webservice workers per pod. (The minimum necessary for a single pod to be able to serve any web request in GitLab) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 671c93c33f..8ad036b8c1 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Configure Charts using Globals +# Configure Charts using Globals **(FREE SELF)** To reduce configuration duplication when installing our wrapper Helm chart, several configuration settings are available to be set in the `global` section of `values.yaml`. diff --git a/doc/charts/index.md b/doc/charts/index.md index 5a1e10e282..5fbe7b792c 100644 --- a/doc/charts/index.md +++ b/doc/charts/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Chart documentation +# Chart documentation **(FREE SELF)** Documentation on a per-chart basis is listed here. Each chart is documented individually, and organized in a structure that matches the [charts](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts) diff --git a/doc/charts/minio/index.md b/doc/charts/minio/index.md index c2e8a51dd9..3f9a548773 100644 --- a/doc/charts/minio/index.md +++ b/doc/charts/minio/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using MinIO for Object storage +# Using MinIO for Object storage **(FREE SELF)** This chart is based on [`stable/minio`](https://github.com/helm/charts/tree/master/stable/minio) version [`0.4.3`](https://github.com/helm/charts/tree/aaaf98b5d25c26cc2d483925f7256f2ce06be080/stable/minio), diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 2a6539df31..265c8e2bc4 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Our NGINX fork +# Our NGINX fork **(FREE SELF)** Our [fork](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress) of the NGINX chart was pulled from [GitHub](https://github.com/kubernetes/ingress-nginx). diff --git a/doc/charts/nginx/index.md b/doc/charts/nginx/index.md index fe082b83e2..fc3354eac3 100644 --- a/doc/charts/nginx/index.md +++ b/doc/charts/nginx/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using NGINX +# Using NGINX **(FREE SELF)** We provide a complete NGINX deployment to be used as an Ingress Controller. Not all Kubernetes providers natively support the NGINX [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls), diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index da8868e5b4..276246ab95 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Container Registry +# Using the Container Registry **(FREE SELF)** The `registry` sub-chart provides the Registry component to a complete cloud-native GitLab deployment on Kubernetes. This sub-chart makes use of the upstream diff --git a/doc/charts/shared-secrets.md b/doc/charts/shared-secrets.md index b4776f7ae2..b17ff5b618 100644 --- a/doc/charts/shared-secrets.md +++ b/doc/charts/shared-secrets.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Shared-Secrets Job +# Using the Shared-Secrets Job **(FREE SELF)** The `shared-secrets` job is responsible for provisioning a variety of secrets used across the installation, unless otherwise manually specified. This includes: -- GitLab From 705d161eb0acf6281fc655d036ebb7760e128391 Mon Sep 17 00:00:00 2001 From: Kati Paizee Date: Thu, 9 Dec 2021 21:54:58 +0000 Subject: [PATCH 168/253] Update lint-html image for docs --- .gitlab-ci.yml | 2 +- doc/installation/cloud/oke.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b879fe81a..12146ab276 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -492,7 +492,7 @@ check_docs_markdown: # Perform link checks on published HTML files check_docs_links: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.4-0fae0f62 + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.5-08847baa stage: prepare cache: {} dependencies: [] diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index d580adbf53..72873e3a0a 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Preparing OKE resources **(FREE SELF)** -For a fully functional GitLab instance, you will need a few resources before +For a fully functional GitLab instance, you need a few resources before deploying the `gitlab` chart to [Oracle Container Engine for Kubernetes (OKE)](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm). Check how to [prepare](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengprerequisites.htm) your Oracle Cloud Infrastructure tenancy before creating the OKE cluster. ## Creating the OKE cluster @@ -18,7 +18,7 @@ A cluster with 4 OCPUs and 30GB of RAM is recommended. ### External access to GitLab -By default, the GitLab Chart will deploy an Ingress Controller which creates an +By default, the GitLab Chart deploys an Ingress Controller which creates an Oracle Cloud Infrastructure Public Load Balancer with 100Mbps shape. The Load Balancer service assigns a floating public IP address which doesn't come from the host subnet. -- GitLab From a0336b2e111d8d6cd876a102aea462eb3c24d758 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=5B=E2=94=90=E2=88=B5=5D=E2=94=98GitLab=20Dependency=20Bot?= Date: Mon, 13 Dec 2021 14:49:02 +0000 Subject: [PATCH 169/253] Update gitlab-org/container-registry from 3.17.0-gitlab to 3.18.1-gitlab --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index d9dd47016f..07476791c9 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.17.0-gitlab' + tag: 'v3.18.1-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 276246ab95..f0011a4163 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.17.0-gitlab' + tag: 'v3.18.1-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.17.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.18.1-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.17.0-gitlab'` +- `tag: 'v3.18.1-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 905f7bce6cb62786e46fb19635be671867f5938b Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 13 Dec 2021 04:02:18 +0000 Subject: [PATCH 170/253] Update gitlab-org/charts/gitlab-runner from 0.35.0 to 0.35.3 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index fc3c703ae6..939d459ed9 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.35.0 + version: 0.35.3 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From 3b87be100f533dac738d59d8120f8ea416315c72 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 14 Dec 2021 17:55:41 +0000 Subject: [PATCH 171/253] Docs: fix Registry notification secret docs --- doc/installation/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/secrets.md b/doc/installation/secrets.md index e155436da0..5e5e90c347 100644 --- a/doc/installation/secrets.md +++ b/doc/installation/secrets.md @@ -108,7 +108,7 @@ Consider the example where `registry-authorization-header` secret with value `RandomFooBar` is created. ```shell -kubectl create secret generic registry-authorization-header --from-literal="value=[RandomFooBar]" +kubectl create secret generic registry-authorization-header --from-literal=value="[RandomFooBar]" ``` By default, the key used within the secret is "value". However, users can use a -- GitLab From 774dd8daec1028666c965ba867b8ca0f8e7e4469 Mon Sep 17 00:00:00 2001 From: Emily Chang Date: Tue, 14 Dec 2021 22:01:02 +0000 Subject: [PATCH 172/253] Add configure google cloud memorystore setting --- doc/charts/globals.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 8ad036b8c1..3b812e5f75 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -547,6 +547,20 @@ global: --set global.redis.scheme=rediss ``` +### Password-less Redis Servers + +Some Redis services such as Google Cloud Memorystore do not make use of passwords and the associated `AUTH` command. The use and requirement for a password can be disabled via the following configuration setting: + +```yaml +global: + redis: + password: + enabled: false + host: ${REDIS_PRIVATE_IP} +redis: + enabled: false +``` + ## Configure Grafana integration The GitLab global Grafana settings are located under `global.grafana`. At this time, the only setting available is `global.grafana.enabled`. -- GitLab From d14230f0847386c0ed1ace855f07efa807c6bd7a Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 15 Dec 2021 20:28:11 +0000 Subject: [PATCH 173/253] [CI] Add job to run issue-bot on failure --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 12146ab276..f964e773b6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -52,6 +52,7 @@ stages: - staging-release - package - cleanup + - report before_script: - source scripts/ci/autodevops.sh @@ -890,3 +891,12 @@ create_operator_mr: when: manual - when: never needs: [] + +issue-bot: + stage: report + image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest + script: /issue-bot + rules: + # Only run when pipeline fails for the default branch on gitlab.com + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_SERVER_HOST == "gitlab.com"' + when: on_failure -- GitLab From 5c64fd41c2bffb80ff87f96b2a0b114e320bafc1 Mon Sep 17 00:00:00 2001 From: Dmytro Makovey Date: Wed, 15 Dec 2021 23:22:20 +0000 Subject: [PATCH 174/253] Publish 'devel' releases of the chart from master --- .gitlab-ci.yml | 47 ++++++++++++++++++++++++++++++-------- doc/development/release.md | 22 ++++++++++++++++++ 2 files changed, 59 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f964e773b6..adaec481ea 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -51,6 +51,7 @@ stages: - qa - staging-release - package + - release-package - cleanup - report @@ -64,7 +65,7 @@ before_script: - &stable_branch_ref /^[0-9]+-[0-9]+-stable$/ tag_auto_deploy: - stage: package + stage: staging-release rules: - if: $CI_PIPELINE_TRIGGERED && $TRIGGER_JOB == "tag_auto_deploy" && $AUTO_DEPLOY_TAG && $REPOSITORY_PAT script: @@ -759,22 +760,47 @@ wait_for_dev_images: refs: - /.*-stable/@gitlab/charts/gitlab -staging_release: - stage: staging-release +.publish_chart_package: + # publish chart into repo's Packages + stage: package image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3" variables: - CHANNEL: "stable" + # **Required** variable to set channel to which chart will be published: + # CHANNEL: "unstable" + VERSION_SUFFIX: "" script: - - if [[ $CI_COMMIT_REF_NAME =~ $AUTO_DEPLOY_TAG_REGEX ]]; then export CHANNEL="autodeploy"; fi - helm dependency update - - helm package . + - EXTRACTED_VERSION=$(awk '/^version/ {print $2}' Chart.yaml) + - VERSION=${VERSION:-${EXTRACTED_VERSION}} + - echo "Packaging ${VERSION}${VERSION_SUFFIX} for ${CHANNEL}" + - helm package --version=${VERSION}${VERSION_SUFFIX} . - chart_file=$(ls -l gitlab*.tgz | head -n 1 | awk '{print $NF}') - curl --request POST --user gitlab-ci-token:$CI_JOB_TOKEN --form "chart=@${chart_file}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/${CHANNEL}/charts" - only: - - tags@gitlab/charts/gitlab + +publish_tagged_package: + extends: .publish_chart_package + variables: + CHANNEL: "stable" + rules: + - if: '$CI_SERVER_HOST == "dev.gitlab.org" && $CI_PROJECT_PATH == "gitlab/charts/gitlab" && $CI_COMMIT_TAG' + +publish_audodeploy_package: + extends: .publish_chart_package + variables: + CHANNEL: "autodeploy" + rules: + - if: '$CI_SERVER_HOST == "dev.gitlab.org" && $CI_PROJECT_PATH == "gitlab/charts/gitlab" && $CI_COMMIT_TAG && $COMMIT_REF_NAME =~ /$AUTO_DEPLOY_TAG_REGEX/' + +publish_devel_package: + extends: .publish_chart_package + variables: + CHANNEL: "devel" + VERSION_SUFFIX: "-${CI_PIPELINE_ID}" + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' release_package: - stage: package + stage: release-package timeout: 2h image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker script: @@ -785,6 +811,7 @@ release_package: UNSTABLE="false" fi - bash scripts/wait_for_images.sh + # trigger pipeline for https://gitlab.com/charts/charts.gitlab.io - curl -fS --request POST --form "token=${COM_CHARTS_TRIGGER_TOKEN}" --form ref=master --form "variables[CHART_NAME]=$CI_PROJECT_NAME" --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME" @@ -875,7 +902,7 @@ qa_eks_manual_full_suite: when: manual create_operator_mr: - stage: package + stage: release-package timeout: 2h image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker allow_failure: true diff --git a/doc/development/release.md b/doc/development/release.md index 45b38917cb..0d48f49142 100644 --- a/doc/development/release.md +++ b/doc/development/release.md @@ -106,6 +106,28 @@ By default, this task will be automatically run from CI when a new release image > Currently the `helm-release-tools` branch from the release tools repository is used to release the chart +### Development builds + +Development chart versions are being built with every merge to `master`. + +It is possible to track current non-production "development" releases of Helm chart by using `devel` channel: + +```shell +helm repo add gitlab-devel https://gitlab.com/api/v4/projects/3828396/packages/helm/devel +``` + +and using `--devel` option for `helm` pointing to a specific release: + +```shell +helm install --devel --version 1.2.3-4567 gitlab-devel/gitlab +``` + +to list available `devel` versions: + +```shell +helm search repo gitlab-devel --devel +``` + ### Manually releasing the chart Before manually releasing the chart, ensure all the chart changes you want from `master` have been picked into the -- GitLab From b3c57c63edb8dedd845f4251773e110e41d62adf Mon Sep 17 00:00:00 2001 From: Evan Read Date: Thu, 16 Dec 2021 22:51:06 +0000 Subject: [PATCH 175/253] Add Vale rule updates from the GitLab project to this project --- doc/.vale/gitlab/ElementDescriptors.yml | 3 +-- doc/.vale/gitlab/HeaderGerunds.yml | 14 -------------- doc/.vale/gitlab/SubstitutionWarning.yml | 6 +++--- doc/.vale/gitlab/{Acronyms.yml => Uppercase.yml} | 8 ++++---- 4 files changed, 8 insertions(+), 23 deletions(-) delete mode 100644 doc/.vale/gitlab/HeaderGerunds.yml rename doc/.vale/gitlab/{Acronyms.yml => Uppercase.yml} (87%) diff --git a/doc/.vale/gitlab/ElementDescriptors.yml b/doc/.vale/gitlab/ElementDescriptors.yml index 254da16d00..36f1202aef 100644 --- a/doc/.vale/gitlab/ElementDescriptors.yml +++ b/doc/.vale/gitlab/ElementDescriptors.yml @@ -10,5 +10,4 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html level: suggestion ignorecase: true swap: - button: 'if possible, rewrite to not use' - area: 'use "section" instead of' + button: 'if possible, rewrite to remove' diff --git a/doc/.vale/gitlab/HeaderGerunds.yml b/doc/.vale/gitlab/HeaderGerunds.yml deleted file mode 100644 index 9e5fa19f86..0000000000 --- a/doc/.vale/gitlab/HeaderGerunds.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Suggestion: gitlab.HeaderGerunds -# -# Checks for headers that start with gerunds (ing words). -# Related to: https://docs.gitlab.com/ee/development/documentation/structure.html -# -# For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles -extends: substitution -message: 'Can this header start with an imperative verb, instead of a gerund (ing word)?' -link: https://docs.gitlab.com/ee/development/documentation/styleguide/#heading-titles -level: suggestion -scope: heading -swap: - - '^\w*ing.*': 'Troubleshooting' diff --git a/doc/.vale/gitlab/SubstitutionWarning.yml b/doc/.vale/gitlab/SubstitutionWarning.yml index 885b58cc93..fefc0f85cf 100644 --- a/doc/.vale/gitlab/SubstitutionWarning.yml +++ b/doc/.vale/gitlab/SubstitutionWarning.yml @@ -21,6 +21,6 @@ swap: repo: repository timezone: time zone utilize: use - administrator access: the Administrator role - administrator permission: the Administrator role - administrator permissions: the Administrator role + administrator permission: the administrator access level + administrator permissions: the administrator access level + administrator role: the administrator access level diff --git a/doc/.vale/gitlab/Acronyms.yml b/doc/.vale/gitlab/Uppercase.yml similarity index 87% rename from doc/.vale/gitlab/Acronyms.yml rename to doc/.vale/gitlab/Uppercase.yml index 23285fd003..ae01174874 100644 --- a/doc/.vale/gitlab/Acronyms.yml +++ b/doc/.vale/gitlab/Uppercase.yml @@ -1,11 +1,11 @@ --- -# Warning: gitlab.Acronyms +# Warning: gitlab.Uppercase # -# Checks for unexpanded acronyms. +# Checks for use of all uppercase letters with unknown reason. # -# For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles +# For a list of all options, see https://docs.errata.ai/vale/styles. extends: conditional -message: '"%s" has no definition.' +message: "'%s' is uppercase. Use lowercase or `backticks` if possible. Otherwise add this word to the rule's exception list." link: https://about.gitlab.com/handbook/marketing/growth-marketing/content/editorial-team/#acronyms level: warning ignorecase: false -- GitLab From 3017e65b9ac843e3f0ae4135a2e376f7c26b1970 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Fri, 17 Dec 2021 21:39:25 +0000 Subject: [PATCH 176/253] Upgrade nginx-ingress from 0.41.2 to 1.0.4 to support Kubernetes 1.22 --- .gitlab-ci.yml | 13 +- .../gitlab-grafana/templates/ingress.yaml | 5 +- .../gitlab-pages/templates/ingress.yaml | 5 +- .../gitlab/charts/kas/templates/ingress.yaml | 7 +- .../charts/webservice/templates/ingress.yaml | 5 +- .../templates/ingress_smartcard.yaml | 5 +- charts/minio/templates/ingress.yaml | 5 +- charts/nginx-ingress/.helmignore | 1 + charts/nginx-ingress/Chart.yaml | 42 ++-- charts/nginx-ingress/README.md | 60 ++--- charts/nginx-ingress/templates/NOTES.txt | 21 +- charts/nginx-ingress/templates/_helpers.tpl | 17 +- .../job-patch/clusterrole.yaml | 4 + .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/job-createSecret.yaml | 13 +- .../job-patch/job-patchWebhook.yaml | 13 +- .../admission-webhooks/job-patch/psp.yaml | 2 +- .../admission-webhooks/job-patch/role.yaml | 1 + .../job-patch/rolebinding.yaml | 3 +- .../job-patch/serviceaccount.yaml | 1 + .../validating-webhook.yaml | 7 +- .../nginx-ingress/templates/clusterrole.yaml | 10 +- .../templates/clusterrolebinding.yaml | 3 +- .../controller-configmap-addheaders.yaml | 2 + .../controller-configmap-proxyheaders.yaml | 2 + .../templates/controller-configmap-tcp.yaml | 3 +- .../templates/controller-configmap-udp.yaml | 2 + .../templates/controller-configmap.yaml | 11 +- .../templates/controller-daemonset.yaml | 71 +++--- .../templates/controller-deployment.yaml | 69 +++--- .../templates/controller-hpa.yaml | 12 +- .../templates/controller-ingressclass.yaml | 25 ++ .../templates/controller-keda.yaml | 10 +- .../controller-poddisruptionbudget.yaml | 5 +- .../templates/controller-prometheusrules.yaml | 2 +- .../templates/controller-psp.yaml | 4 +- .../templates/controller-role.yaml | 24 +- .../templates/controller-rolebinding.yaml | 3 +- .../controller-service-internal.yaml | 32 +++ .../templates/controller-service-metrics.yaml | 2 + .../templates/controller-service-webhook.yaml | 6 +- .../templates/controller-service.yaml | 23 +- .../templates/controller-serviceaccount.yaml | 2 + .../templates/controller-servicemonitor.yaml | 7 +- .../templates/default-backend-deployment.yaml | 19 +- .../templates/default-backend-hpa.yaml | 5 +- .../default-backend-poddisruptionbudget.yaml | 3 +- .../templates/default-backend-psp.yaml | 2 +- .../templates/default-backend-role.yaml | 5 + .../default-backend-rolebinding.yaml | 3 +- .../templates/default-backend-service.yaml | 4 + .../default-backend-serviceaccount.yaml | 2 + .../templates/dh-param-secret.yaml | 13 + charts/nginx-ingress/values.yaml | 226 ++++++++++++++---- charts/registry/templates/ingress.yaml | 5 +- doc/charts/nginx/fork.md | 7 +- doc/charts/nginx/index.md | 5 +- examples/custom-images/values.yaml | 2 +- spec/configuration/ingress_spec.rb | 68 ++++++ spec/configuration/strategy_spec.rb | 6 +- spec/helm_template_helper.rb | 1 + spec/integration/check_config_spec.rb | 24 ++ spec/integration/examples_spec.rb | 2 +- templates/NOTES.txt | 7 + templates/_checkConfig.tpl | 10 + templates/_helpers.tpl | 18 ++ values.yaml | 10 +- 67 files changed, 754 insertions(+), 255 deletions(-) create mode 100644 charts/nginx-ingress/templates/controller-ingressclass.yaml create mode 100644 charts/nginx-ingress/templates/dh-param-secret.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index adaec481ea..3b5426f417 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -137,7 +137,7 @@ lint_package: - helm repo add gitlab https://charts.gitlab.io - helm repo add jetstack https://charts.jetstack.io - helm dependencies update - - helm kubeval . --force-color --strict --set certmanager-issuer.email=support@gitlab.com --skip-kinds "CustomResourceDefinition" -v $KUBE_VERSION + - helm kubeval . --force-color --strict --set certmanager-issuer.email=support@gitlab.com $HELM_EXTRAS --skip-kinds "CustomResourceDefinition" -v $KUBE_VERSION except: <<: *deps_pipeline refs: @@ -146,10 +146,10 @@ lint_package: - /(^docs[\/-].+|.+-docs$)/ - *com_auto_deploy_branch_ref -"Validate 1.16.15": +"Validate 1.19.16": extends: .kubeval variables: - KUBE_VERSION: "1.16.15" + KUBE_VERSION: "1.19.16" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" "Validate 1.20.7": @@ -158,6 +158,13 @@ lint_package: KUBE_VERSION: "1.20.7" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" +"Validate 1.22.3": + extends: .kubeval + variables: + KUBE_VERSION: "1.22.3" + KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" + HELM_EXTRAS: "--set global.ingress.apiVersion=networking.k8s.io/v1" + .review_template: stage: review variables: diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 8390b17ad2..d6e67988d1 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: /-/grafana{{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index c4d78060ca..ff54a50455 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -12,19 +12,20 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: "*.{{ $hostname }}" http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index b8817a192b..4c91bc7048 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -12,19 +12,20 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $hostname }} http: paths: - path: "{{ trimSuffix "/" $.Values.ingress.agentPath }}{{ $.Values.global.ingress.path }}" - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: @@ -37,7 +38,7 @@ spec: servicePort: {{ .Values.service.externalPort }} {{- end }} - path: "{{ trimSuffix "/" $.Values.ingress.k8sApiPath }}{{ $.Values.global.ingress.path }}" - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 8a13349eca..72362ee02a 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -26,7 +26,7 @@ metadata: {{- include "webservice.labels" . | nindent 4 }} {{- include "webservice.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" + {{ include "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} @@ -38,12 +38,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default .ingress.pathType $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 8c9dc1763e..19e1b01953 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -21,7 +21,7 @@ metadata: {{- include "gitlab.standardLabels" $ | nindent 4 }} {{- include "gitlab.commonLabels" $ | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" + {{ include "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" $.Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ $.Values.ingress.proxyBodySize | quote }} @@ -38,12 +38,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $smartcardHostname }} http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default $.Values.global.ingress.pathType .ingress.pathType }} backend: service: diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 1769e10311..0d82992ed1 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "minio.ingressclass" . }}" + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $minioHostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/nginx-ingress/.helmignore b/charts/nginx-ingress/.helmignore index f0c1319444..50af031725 100644 --- a/charts/nginx-ingress/.helmignore +++ b/charts/nginx-ingress/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/charts/nginx-ingress/Chart.yaml b/charts/nginx-ingress/Chart.yaml index fbb938b97b..143526cf69 100644 --- a/charts/nginx-ingress/Chart.yaml +++ b/charts/nginx-ingress/Chart.yaml @@ -1,26 +1,24 @@ -apiVersion: v1 -# GitLab: changed name here from `ingress-nginx` to match the previous versions -# to avoid a breaking change for the time being. -name: nginx-ingress -# When the version is modified, make sure the artifacthub.io/changes list is updated -# Also update CHANGELOG.md -version: 3.11.1 -appVersion: 0.41.2 -home: https://github.com/kubernetes/ingress-nginx +annotations: + artifacthub.io/changes: | + - Disable builtin ssl_session_cache + - Print warning only instead of error if no IngressClass permission is available + - Bump internal libraries versions + - Fix documentations + artifacthub.io/prerelease: "false" +apiVersion: v2 +appVersion: 1.0.4 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer +home: https://github.com/kubernetes/ingress-nginx icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: - - ingress - - nginx -sources: - - https://github.com/kubernetes/ingress-nginx - - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress +- ingress +- nginx +kubeVersion: '>=1.19.0-0' maintainers: - - name: ChiefAlexander -engine: gotpl -kubeVersion: ">=1.16.0-0" -annotations: - # List of changes for the release in artifacthub.io - # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog - artifacthub.io/changes: | - - Reorder HPA resource list to work with GitOps tooling +- name: ChiefAlexander +name: nginx-ingress +sources: +- https://github.com/kubernetes/ingress-nginx +- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress +type: application +version: 4.0.6 diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md index 1a157d5785..fecbbcde2d 100644 --- a/charts/nginx-ingress/README.md +++ b/charts/nginx-ingress/README.md @@ -14,18 +14,15 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber ```console helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx -helm repo add stable https://charts.helm.sh/stable helm repo update ``` ## Install Chart -```console -# Helm 3 -$ helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +**Important:** only helm3 is supported -# Helm 2 -$ helm install --name [RELEASE_NAME] ingress-nginx/ingress-nginx +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx ``` The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. @@ -37,11 +34,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen ## Uninstall Chart ```console -# Helm 3 -$ helm uninstall [RELEASE_NAME] - -# Helm 2 -# helm delete --purge [RELEASE_NAME] +helm uninstall [RELEASE_NAME] ``` This removes all the Kubernetes components associated with the chart and deletes the release. @@ -51,8 +44,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## Upgrading Chart ```console -# Helm 3 or 2 -$ helm upgrade [RELEASE_NAME] [CHART] --install +helm upgrade [RELEASE_NAME] [CHART] --install ``` _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ @@ -80,11 +72,7 @@ Note that there are some different and upgraded configurations between the two c See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: ```console -# Helm 2 -$ helm inspect values ingress-nginx/ingress-nginx - -# Helm 3 -$ helm show values ingress-nginx/ingress-nginx +helm show values ingress-nginx/ingress-nginx ``` ### PodDisruptionBudget @@ -96,15 +84,16 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https: The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. -You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) ### ingress-nginx nginx\_status page/stats server Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: -- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed -- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server ### ExternalDNS Service Configuration @@ -119,7 +108,7 @@ controller: ### AWS L7 ELB with SSL Termination -Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml): +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml): ```yaml controller: @@ -171,7 +160,7 @@ controller: enabled: true annotations: # Create internal ELB - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 + service.beta.kubernetes.io/aws-load-balancer-internal: "true" # Any other annotation can be declared here. ``` @@ -183,9 +172,13 @@ controller: internal: enabled: true annotations: - # Create internal LB - cloud.google.com/load-balancer-type: "Internal" - # Any other annotation can be declared here. + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. ``` Example for Azure: @@ -199,8 +192,21 @@ controller: # Any other annotation can be declared here. ``` +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + ### Ingress Admission Webhooks With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. diff --git a/charts/nginx-ingress/templates/NOTES.txt b/charts/nginx-ingress/templates/NOTES.txt index 60fb2c1f62..29aeb113a4 100644 --- a/charts/nginx-ingress/templates/NOTES.txt +++ b/charts/nginx-ingress/templates/NOTES.txt @@ -29,27 +29,30 @@ Get the application URL by running these commands: An example Ingress that makes use of the controller: - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }} + kubernetes.io/ingress.class: {{ .Values.controller.ingressClassResource.name }} name: example namespace: foo spec: + ingressClassName: example-class rules: - host: www.example.com http: paths: - - backend: - serviceName: exampleService - servicePort: 80 - path: / + - path: / + pathType: Prefix + backend: + service: + name: exampleService + port: 80 # This section is only required if TLS is to be enabled for the Ingress tls: - - hosts: - - www.example.com - secretName: example-tls + - hosts: + - www.example.com + secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index bdfac406ad..8102f97c8b 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -1,4 +1,6 @@ {{/* vim: set filetype=mustache: */}} +{{/* GitLab additions included at end of file */}} + {{/* Expand the name of the chart. */}} @@ -35,7 +37,7 @@ Create a default fully qualified controller name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.controller.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "controller" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -58,7 +60,7 @@ Create a default fully qualified default backend name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "default-backend" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -66,6 +68,7 @@ Common labels */}} {{- define "ingress-nginx.labels" -}} helm.sh/chart: {{ include "ingress-nginx.chart" . }} +{{ include "ingress-nginx.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -128,6 +131,16 @@ Check the ingress controller version tag is at most three versions behind the la {{- end -}} {{- end -}} +{{/* +IngressClass parameters. +*/}} +{{- define "ingressClass.parameters" -}} + {{- if .Values.controller.ingressClassResource.parameters -}} + parameters: +{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} + {{ end }} +{{- end -}} + {{/* GitLab-provided partials starting below */}} {{- define "ingress-nginx.tcp-configmap" -}} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml index 7eb57388d2..fd762f9354 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -22,6 +22,10 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: + {{- with .Values.controller.admissionWebhooks.existingPsp }} + - {{ . }} + {{- else }} - {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 97931250ce..4990fb1c34 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -16,5 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml index 902815084c..2e4b2ca25f 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -3,10 +3,14 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-create + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: @@ -33,7 +37,7 @@ spec: containers: - name: create {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -46,12 +50,15 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 5f9bc422e6..210d6cfb88 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -3,10 +3,14 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-patch + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: @@ -33,7 +37,7 @@ spec: containers: - name: patch {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -48,12 +52,15 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml index e8c8da94ba..d2c7de6858 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml index fe1c2ee7f1..9b083ee6e3 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml index 391e5e9a33..edda07f5d9 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml index 5dfdd345a3..1ff0f7f0e5 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml b/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml index 731536bdd7..712f74fdd3 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml @@ -18,7 +18,7 @@ webhooks: - apiGroups: - networking.k8s.io apiVersions: - - v1beta1 + - v1 operations: - CREATE - UPDATE @@ -28,12 +28,11 @@ webhooks: sideEffects: None admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission - path: /networking/v1beta1/ingresses + path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} {{- end }} diff --git a/charts/nginx-ingress/templates/clusterrole.yaml b/charts/nginx-ingress/templates/clusterrole.yaml index f777b28a00..f290ad5386 100644 --- a/charts/nginx-ingress/templates/clusterrole.yaml +++ b/charts/nginx-ingress/templates/clusterrole.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} name: {{ include "ingress-nginx.fullname" . }} rules: @@ -42,11 +43,9 @@ rules: verbs: - get - list - - update - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses verbs: @@ -61,14 +60,13 @@ rules: - create - patch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingressclasses verbs: diff --git a/charts/nginx-ingress/templates/clusterrolebinding.yaml b/charts/nginx-ingress/templates/clusterrolebinding.yaml index 41df108a06..79253e2599 100644 --- a/charts/nginx-ingress/templates/clusterrolebinding.yaml +++ b/charts/nginx-ingress/templates/clusterrolebinding.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} name: {{ include "ingress-nginx.fullname" . }} roleRef: @@ -14,5 +15,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml b/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml index 8c94af1f4a..c05db451b1 100644 --- a/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if .Values.controller.addHeaders -}} apiVersion: v1 kind: ConfigMap @@ -9,5 +10,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers + namespace: {{ .Release.Namespace }} data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml b/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml index 02ed9cc209..dbc32a90be 100644 --- a/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} apiVersion: v1 kind: ConfigMap @@ -9,6 +10,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers + namespace: {{ .Release.Namespace }} data: {{- if .Values.controller.proxySetHeaders }} {{ toYaml .Values.controller.proxySetHeaders | indent 2 }} diff --git a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml index 45f5448cf4..cd299fa428 100644 --- a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if and .Values.tcp (not .Values.tcpExternalConfig) -}} apiVersion: v1 kind: ConfigMap @@ -12,6 +13,6 @@ metadata: annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} {{- end }} name: {{ template "ingress-nginx.tcp-configmap" . }} - namespace: {{ $.Release.Namespace }} + namespace: {{ .Release.Namespace }} data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-udp.yaml b/charts/nginx-ingress/templates/controller-configmap-udp.yaml index 4e01981f46..0ca58eab60 100644 --- a/charts/nginx-ingress/templates/controller-configmap-udp.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-udp.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if .Values.udp -}} apiVersion: v1 kind: ConfigMap @@ -12,5 +13,6 @@ metadata: annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-udp + namespace: {{ .Release.Namespace }} data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap.yaml b/charts/nginx-ingress/templates/controller-configmap.yaml index 500bb80340..c362b4d9c1 100644 --- a/charts/nginx-ingress/templates/controller-configmap.yaml +++ b/charts/nginx-ingress/templates/controller-configmap.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} apiVersion: v1 kind: ConfigMap metadata: @@ -11,13 +12,19 @@ metadata: annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} data: + allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" {{- if .Values.controller.addHeaders }} add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers {{- end }} {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers {{- end }} -{{- if .Values.controller.config }} - {{ toYaml .Values.controller.config | nindent 2 }} +{{- if .Values.dhParam }} + ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} {{- end }} +{{- range $key, $value := .Values.controller.config }} + {{ $key | nindent 2 }}: {{ $value | quote }} +{{- end }} + diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml index c9d38d87b7..c87a140397 100644 --- a/charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/nginx-ingress/templates/controller-daemonset.yaml @@ -1,4 +1,5 @@ {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -12,6 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.controller.annotations }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} {{- end }} @@ -34,15 +36,17 @@ spec: {{- end }} {{- end }} labels: - app: {{ template "ingress-nginx.name" . }} + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.controller.name }}" - release: {{ .Release.Name }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} spec: {{- if .Values.controller.dnsConfig }} dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- if .Values.imagePullSecrets }} @@ -65,9 +69,9 @@ spec: {{- end }} {{- end }} containers: - - name: controller + - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} @@ -76,22 +80,24 @@ spec: args: - /nginx-ingress-controller {{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ include "ingress-nginx.defaultBackend.fullname" . }} + - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} {{- end }} {{- if .Values.controller.publishService.enabled }} - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- end }} - --election-id={{ .Values.controller.electionID }} - - --ingress-class={{ template "ingress-nginx.controller.ingress-class" . }} - - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} - {{- if or .Values.tcp (include "gitlab.shell.port" $ ) }} + - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} + - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{ if include "gitlab.shell.port" $ }} - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "ingress-nginx.tcp-configmap" . }} + {{- else if .Values.tcp }} + - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp + - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} + - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} {{- end }} {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} @@ -101,12 +107,24 @@ spec: - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} {{- end }} + {{- if .Values.controller.maxmindMirror }} + - --maxmind-mirror={{ .Values.controller.maxmindMirror }} + {{- end}} {{- if .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} {{- end }} {{- if not (eq .Values.controller.healthCheckPath "/healthz") }} - --health-check-path={{ .Values.controller.healthCheckPath }} {{- end }} + {{- if .Values.controller.healthCheckHost }} + - --healthz-host={{ .Values.controller.healthCheckHost }} + {{- end }} + {{- if .Values.controller.ingressClassByName }} + - --ingress-class-by-name=true + {{- end }} + {{- if .Values.controller.watchIngressWithoutClass }} + - --watch-ingress-without-class=true + {{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} @@ -139,26 +157,11 @@ spec: {{- if .Values.controller.extraEnvs }} {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} @@ -178,9 +181,11 @@ spec: containerPort: {{ .Values.controller.admissionWebhooks.port }} protocol: TCP {{- end }} + {{- if include "gitlab.shell.port" . }} - name: gitlab-shell - containerPort: {{ include "gitlab.shell.port" $ | int }} + containerPort: {{ include "gitlab.shell.port" . | int }} protocol: TCP + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp containerPort: {{ $key }} @@ -227,8 +232,8 @@ spec: {{- end }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . -}} + {{- include "gitlab.nodeSelector" . | nindent 8 }} {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index ae956cea23..be5e290716 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -1,4 +1,5 @@ {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -12,11 +13,14 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} annotations: + {{- if include "gitlab.deploymentAnnotations" . }} {{- include "gitlab.deploymentAnnotations" . | nindent 4 }} - {{- if .Values.controller.annotations }} + {{- end }} + {{- if .Values.controller.annotations }} {{ toYaml .Values.controller.annotations | nindent 4 }} - {{- end }} + {{- end }} spec: selector: matchLabels: @@ -42,12 +46,16 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.controller.name }}" + {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} spec: {{- if .Values.controller.dnsConfig }} dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- if .Values.imagePullSecrets }} @@ -70,9 +78,9 @@ spec: {{- end }} {{- end }} containers: - - name: controller + - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} @@ -87,13 +95,15 @@ spec: - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- end }} - --election-id={{ .Values.controller.electionID }} - - --ingress-class={{ template "ingress-nginx.controller.ingress-class" . }} - - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }} - {{- if or .Values.tcp ( include "gitlab.shell.port" $ ) }} + - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} + - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{ if include "gitlab.shell.port" $ }} - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "ingress-nginx.tcp-configmap" . }} + {{- else if .Values.tcp }} + - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp + - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} @@ -109,9 +119,18 @@ spec: {{- if .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} {{- end }} + {{- if .Values.controller.healthCheckHost }} + - --healthz-host={{ .Values.controller.healthCheckHost }} + {{- end }} {{- if not (eq .Values.controller.healthCheckPath "/healthz") }} - --health-check-path={{ .Values.controller.healthCheckPath }} {{- end }} + {{- if .Values.controller.ingressClassByName }} + - --ingress-class-by-name=true + {{- end }} + {{- if .Values.controller.watchIngressWithoutClass }} + - --watch-ingress-without-class=true + {{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} @@ -144,26 +163,11 @@ spec: {{- if .Values.controller.extraEnvs }} {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} @@ -183,9 +187,11 @@ spec: containerPort: {{ .Values.controller.admissionWebhooks.port }} protocol: TCP {{- end }} + {{- if include "gitlab.shell.port" $ }} - name: gitlab-shell containerPort: {{ include "gitlab.shell.port" $ | int }} protocol: TCP + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp containerPort: {{ $key }} @@ -230,10 +236,11 @@ spec: {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} + {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.controller.nodeSelector }} - nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 */}} + {{- if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/controller-hpa.yaml b/charts/nginx-ingress/templates/controller-hpa.yaml index 01e2fb2de3..37e050d11a 100644 --- a/charts/nginx-ingress/templates/controller-hpa.yaml +++ b/charts/nginx-ingress/templates/controller-hpa.yaml @@ -4,6 +4,10 @@ apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: + annotations: + {{- with .Values.controller.autoscaling.annotations }} + {{- toYaml . | trimSuffix "\n" | nindent 4 }} + {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} @@ -11,6 +15,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: scaleTargetRef: apiVersion: apps/v1 @@ -36,7 +41,12 @@ spec: averageUtilization: {{ . }} {{- end }} {{- with .Values.controller.autoscalingTemplate }} -{{- toYaml . | nindent 2 }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.controller.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} {{- end }} + diff --git a/charts/nginx-ingress/templates/controller-ingressclass.yaml b/charts/nginx-ingress/templates/controller-ingressclass.yaml new file mode 100644 index 0000000000..f305fe32cf --- /dev/null +++ b/charts/nginx-ingress/templates/controller-ingressclass.yaml @@ -0,0 +1,25 @@ +{{- if .Values.controller.ingressClassResource.enabled -}} +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ tpl .Values.controller.ingressClassResource.name . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.controller.ingressClassResource.default }} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} +spec: + controller: {{ .Values.controller.ingressClassResource.controllerValue }} + {{ template "ingressClass.parameters" . }} +{{- end }} diff --git a/charts/nginx-ingress/templates/controller-keda.yaml b/charts/nginx-ingress/templates/controller-keda.yaml index 581f6ec772..f1beb5c12b 100644 --- a/charts/nginx-ingress/templates/controller-keda.yaml +++ b/charts/nginx-ingress/templates/controller-keda.yaml @@ -1,4 +1,4 @@ -{{- if .Values.controller.keda.enabled }} +{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} # https://keda.sh/docs/ apiVersion: {{ .Values.controller.keda.apiVersion }} @@ -11,10 +11,16 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} - + {{- if .Values.controller.keda.scaledObject.annotations }} + annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} + {{- end }} spec: scaleTargetRef: +{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }} deploymentName: {{ include "ingress-nginx.controller.fullname" . }} +{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }} + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- end }} pollingInterval: {{ .Values.controller.keda.pollingInterval }} cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }} minReplicaCount: {{ .Values.controller.keda.minReplicas }} diff --git a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml index a1ff64ca89..a9be4b87a2 100644 --- a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml @@ -1,5 +1,5 @@ -{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) -}} -apiVersion: policy/v1beta1 +{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: labels: @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: diff --git a/charts/nginx-ingress/templates/controller-prometheusrules.yaml b/charts/nginx-ingress/templates/controller-prometheusrules.yaml index 3d67c19aa5..4d31a4e158 100644 --- a/charts/nginx-ingress/templates/controller-prometheusrules.yaml +++ b/charts/nginx-ingress/templates/controller-prometheusrules.yaml @@ -4,7 +4,7 @@ kind: PrometheusRule metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.prometheusRule.namespace }} - namespace: {{ .Values.controller.metrics.prometheusRule.namespace }} + namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} diff --git a/charts/nginx-ingress/templates/controller-psp.yaml b/charts/nginx-ingress/templates/controller-psp.yaml index c70c0aedc8..2bf0c07238 100644 --- a/charts/nginx-ingress/templates/controller-psp.yaml +++ b/charts/nginx-ingress/templates/controller-psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -23,7 +23,7 @@ spec: # Allow core volume types. volumes: - 'configMap' - #- 'emptyDir' + - 'emptyDir' #- 'projected' - 'secret' #- 'downwardAPI' diff --git a/charts/nginx-ingress/templates/controller-role.yaml b/charts/nginx-ingress/templates/controller-role.yaml index 835f396acc..7e69d201da 100644 --- a/charts/nginx-ingress/templates/controller-role.yaml +++ b/charts/nginx-ingress/templates/controller-role.yaml @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -34,11 +35,9 @@ rules: verbs: - get - list - - update - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses verbs: @@ -46,14 +45,13 @@ rules: - list - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingressclasses verbs: @@ -65,7 +63,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }}-{{ template "ingress-nginx.controller.ingress-class" . }} + - {{ .Values.controller.electionID }} verbs: - get - update @@ -75,14 +73,6 @@ rules: - configmaps verbs: - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - "" resources: @@ -94,6 +84,10 @@ rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.controller.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}] + {{- end }} {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-rolebinding.yaml b/charts/nginx-ingress/templates/controller-rolebinding.yaml index df384e9bc4..ef6708f66e 100644 --- a/charts/nginx-ingress/templates/controller-rolebinding.yaml +++ b/charts/nginx-ingress/templates/controller-rolebinding.yaml @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-internal.yaml b/charts/nginx-ingress/templates/controller-service-internal.yaml index 0bd7b0a170..7548756c0e 100644 --- a/charts/nginx-ingress/templates/controller-service-internal.yaml +++ b/charts/nginx-ingress/templates/controller-service-internal.yaml @@ -16,8 +16,12 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal + namespace: {{ .Release.Namespace }} spec: type: "{{ .Values.controller.service.type }}" +{{- if .Values.controller.service.internal.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} +{{- end }} {{- if .Values.controller.service.internal.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} {{- end }} @@ -31,6 +35,9 @@ spec: port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} nodePort: {{ .Values.controller.service.nodePorts.http }} {{- end }} @@ -40,10 +47,35 @@ spec: port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} nodePort: {{ .Values.controller.service.nodePorts.https }} {{- end }} {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} component: "{{ .Values.controller.name }}" diff --git a/charts/nginx-ingress/templates/controller-service-metrics.yaml b/charts/nginx-ingress/templates/controller-service-metrics.yaml index a100559441..d785c632ae 100644 --- a/charts/nginx-ingress/templates/controller-service-metrics.yaml +++ b/charts/nginx-ingress/templates/controller-service-metrics.yaml @@ -15,6 +15,7 @@ metadata: {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.metrics.service.type }} {{- if .Values.controller.metrics.service.clusterIP }} @@ -35,6 +36,7 @@ spec: ports: - name: metrics port: {{ .Values.controller.metrics.service.servicePort }} + protocol: TCP targetPort: metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} diff --git a/charts/nginx-ingress/templates/controller-service-webhook.yaml b/charts/nginx-ingress/templates/controller-service-webhook.yaml index 91db703833..96ac60feb0 100644 --- a/charts/nginx-ingress/templates/controller-service-webhook.yaml +++ b/charts/nginx-ingress/templates/controller-service-webhook.yaml @@ -6,12 +6,13 @@ metadata: annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }} {{- end }} labels: - component: "{{ .Values.controller.name }}" {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }}-admission + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.admissionWebhooks.service.type }} {{- if .Values.controller.admissionWebhooks.service.clusterIP }} @@ -30,6 +31,9 @@ spec: - name: https-webhook port: 443 targetPort: webhook + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} component: "{{ .Values.controller.name }}" diff --git a/charts/nginx-ingress/templates/controller-service.yaml b/charts/nginx-ingress/templates/controller-service.yaml index 40e8942e76..7346c13cbd 100644 --- a/charts/nginx-ingress/templates/controller-service.yaml +++ b/charts/nginx-ingress/templates/controller-service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.service.type }} {{- if .Values.controller.service.clusterIP }} @@ -24,8 +25,8 @@ spec: {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} -{{- if .Values.global.hosts.externalIP }} - loadBalancerIP: {{ .Values.global.hosts.externalIP }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} @@ -38,6 +39,16 @@ spec: {{- end }} {{- if .Values.controller.service.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} +{{- end }} +{{- end }} +{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} +{{- end }} {{- end }} ports: {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} @@ -46,6 +57,9 @@ spec: port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} nodePort: {{ .Values.controller.service.nodePorts.http }} {{- end }} @@ -55,10 +69,14 @@ spec: port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} nodePort: {{ .Values.controller.service.nodePorts.https }} {{- end }} {{- end }} + {{- if include "gitlab.shell.port" $ }} - name: gitlab-shell port: {{ include "gitlab.shell.port" $ | int }} protocol: TCP @@ -67,6 +85,7 @@ spec: {{- if (and (eq .Values.controller.service.type "NodePort") (not (empty $nodePort))) }} nodePort: {{ $nodePort }} {{- end }} + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp port: {{ $key }} diff --git a/charts/nginx-ingress/templates/controller-serviceaccount.yaml b/charts/nginx-ingress/templates/controller-serviceaccount.yaml index ac9bb5319e..b811d01f1c 100644 --- a/charts/nginx-ingress/templates/controller-serviceaccount.yaml +++ b/charts/nginx-ingress/templates/controller-serviceaccount.yaml @@ -9,4 +9,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-servicemonitor.yaml b/charts/nginx-ingress/templates/controller-servicemonitor.yaml index 5bc0aa78f5..9705189a48 100644 --- a/charts/nginx-ingress/templates/controller-servicemonitor.yaml +++ b/charts/nginx-ingress/templates/controller-servicemonitor.yaml @@ -1,10 +1,10 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} @@ -25,6 +25,9 @@ spec: {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} {{ else }} diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index c671609fc6..d6dc636de3 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -9,8 +9,11 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + {{- if include "gitlab.deploymentAnnotations" . }} annotations: {{- include "gitlab.deploymentAnnotations" . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -28,6 +31,7 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.defaultBackend.name }}" + {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.defaultBackend.podLabels }} {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} {{- end }} @@ -44,7 +48,7 @@ spec: containers: - name: {{ template "ingress-nginx.name" . }}-default-backend {{- with .Values.defaultBackend.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} {{- if .Values.defaultBackend.extraArgs }} @@ -93,13 +97,17 @@ spec: - name: http containerPort: {{ .Values.defaultBackend.port }} protocol: TCP + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }} + {{- end }} {{- if .Values.defaultBackend.resources }} resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} {{- end }} + {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 */}} + {{- if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} {{- if .Values.defaultBackend.tolerations }} @@ -109,4 +117,7 @@ spec: affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} {{- end }} terminationGracePeriodSeconds: 60 + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-hpa.yaml b/charts/nginx-ingress/templates/default-backend-hpa.yaml index c024b8e51e..bcab496399 100644 --- a/charts/nginx-ingress/templates/default-backend-hpa.yaml +++ b/charts/nginx-ingress/templates/default-backend-hpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.defaultBackend.autoscaling.enabled }} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: @@ -9,9 +9,10 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: scaleTargetRef: - apiVersion: {{ template "deployment.apiVersion" . }} + apiVersion: apps/v1 kind: Deployment name: {{ template "ingress-nginx.defaultBackend.fullname" . }} minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} diff --git a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml index 1a9b82cf18..04590d2ed8 100644 --- a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml @@ -1,5 +1,5 @@ {{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} -apiVersion: policy/v1beta1 +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: labels: @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: diff --git a/charts/nginx-ingress/templates/default-backend-psp.yaml b/charts/nginx-ingress/templates/default-backend-psp.yaml index 624bbbc7a6..515106817b 100644 --- a/charts/nginx-ingress/templates/default-backend-psp.yaml +++ b/charts/nginx-ingress/templates/default-backend-psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/nginx-ingress/templates/default-backend-role.yaml b/charts/nginx-ingress/templates/default-backend-role.yaml index 030752c218..2c1b9546bd 100644 --- a/charts/nginx-ingress/templates/default-backend-role.yaml +++ b/charts/nginx-ingress/templates/default-backend-role.yaml @@ -9,9 +9,14 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.defaultBackend.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] + {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml index 66ab7e6f1b..6a7b4bae20 100644 --- a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml +++ b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-service.yaml b/charts/nginx-ingress/templates/default-backend-service.yaml index 6473012f41..9bbd8325d1 100644 --- a/charts/nginx-ingress/templates/default-backend-service.yaml +++ b/charts/nginx-ingress/templates/default-backend-service.yaml @@ -12,6 +12,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.defaultBackend.service.type }} {{- if .Values.defaultBackend.service.clusterIP }} @@ -31,6 +32,9 @@ spec: port: {{ .Values.defaultBackend.service.servicePort }} protocol: TCP targetPort: http + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} component: "{{ .Values.defaultBackend.name }}" diff --git a/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml b/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml index 02ed2c1aa5..c01f2c5479 100644 --- a/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml +++ b/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml @@ -9,4 +9,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/nginx-ingress/templates/dh-param-secret.yaml b/charts/nginx-ingress/templates/dh-param-secret.yaml new file mode 100644 index 0000000000..bed6f5e016 --- /dev/null +++ b/charts/nginx-ingress/templates/dh-param-secret.yaml @@ -0,0 +1,13 @@ +{{- with .Values.dhParam -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ingress-nginx.controller.fullname" $ }} + labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" + {{- include "ingress-nginx.labels" $ | nindent 4 }} +data: + dhparam.pem: {{ . }} +{{- end }} diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index d86bfe17ca..62a3546b0a 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -1,18 +1,30 @@ ## nginx configuration -## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/configuration.md +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md ## + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: + controller: - # Added by GitLab for parity with previous version. name: controller image: + registry: k8s.gcr.io repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/ingress-nginx/controller - tag: "v0.41.2" - digest: sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de + tag: "v1.0.4" + digest: sha256:a7fb797e0b1c919a49cf9b3f9bb90ebca39bc85d0edd11c9a5cf897da5eb5a3f pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 allowPrivilegeEscalation: true + # Use an existing PSP instead of creating one + existingPsp: "" + + # Configures the controller container name + containerName: controller + # Configures the ports the nginx-controller listens on containerPort: http: 80 @@ -25,7 +37,7 @@ controller: ## configAnnotations: {} - # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers + # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers proxySetHeaders: {} # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers @@ -34,6 +46,9 @@ controller: # Optionally customize the pod dnsConfig. dnsConfig: {} + # Optionally customize the pod hostname. + hostname: {} + # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. @@ -43,6 +58,20 @@ controller: # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false + # Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # Process IngressClass per name (additionally as per spec.controller) + ingressClassByName: false + + # This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # is merged @@ -61,9 +90,18 @@ controller: ## electionID: ingress-controller-leader - ## Name of the ingress class to route through this controller - ## - ingressClass: nginx + # This section refers to the creation of the IngressClass resource + # IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + name: nginx + enabled: true + default: false + controllerValue: "k8s.io/ingress-nginx" + + # Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} # labels to add to the pod container metadata podLabels: {} @@ -95,27 +133,31 @@ controller: ## scope: enabled: false - namespace: "" # defaults to .Release.Namespace + namespace: "" # defaults to $(POD_NAMESPACE) ## Allows customization of the configmap / nginx-configmap namespace ## - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Allows customization of the tcp-services-configmap ## tcp: - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Annotations to be added to the tcp config configmap annotations: {} ## Allows customization of the udp-services-configmap ## udp: - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Annotations to be added to the udp config configmap annotations: {} - ## Additional command line arguments to pass to ingress-nginx-controller + # Maxmind license key to download GeoLite2 Databases + # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + + ## Additional command line arguments to pass to nginx-ingress-controller ## E.g. to specify the default SSL certificate you can use ## extraArgs: ## default-ssl-certificate: "/" @@ -230,30 +272,56 @@ controller: ## Node labels for controller pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## + # startupProbe: + # httpGet: + # # should match container.healthCheckPath + # path: "/healthz" + # port: 10254 + # scheme: HTTP + # initialDelaySeconds: 5 + # periodSeconds: 5 + # timeoutSeconds: 2 + # successThreshold: 1 + # failureThreshold: 5 livenessProbe: - failureThreshold: 5 + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 - successThreshold: 1 timeoutSeconds: 1 - port: 10254 + successThreshold: 1 + failureThreshold: 5 readinessProbe: - failureThreshold: 3 + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 - successThreshold: 1 timeoutSeconds: 1 - port: 10254 + successThreshold: 1 + failureThreshold: 3 + # Path of the health check endpoint. All requests received on the port defined by # the healthz-port parameter are forwarded internally to this path. healthCheckPath: "/healthz" + # Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the hostNetwork: true mode. + healthCheckHost: "" + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -281,6 +349,19 @@ controller: maxReplicas: 11 targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 autoscalingTemplate: [] # Custom or additional autoscaling metrics @@ -305,6 +386,11 @@ controller: pollingInterval: 30 cooldownPeriod: 300 restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value triggers: [] # - type: prometheus # metadata: @@ -355,20 +441,31 @@ controller: enableHttp: true enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" - # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies # sessionAffinity: "" - # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - # the service controller allocates a port from your cluster’s NodePort range. - # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + ## Represents the dual-stack-ness requested or required by this Service. Possible values are + ## SingleStack, PreferDualStack or RequireDualStack. + ## The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + ## List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + ## based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + ports: http: 80 https: 443 @@ -397,6 +494,8 @@ controller: enabled: false annotations: {} + # loadBalancerIP: "" + ## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. loadBalancerSourceRanges: [] @@ -456,6 +555,9 @@ controller: namespaceSelector: {} objectSelector: {} + # Use an existing PSP instead of creating one + existingPsp: "" + service: annotations: {} # clusterIP: "" @@ -465,17 +567,35 @@ controller: servicePort: 443 type: ClusterIP + createSecretJob: + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + resources: {} + patch: enabled: true image: - repository: docker.io/jettech/kube-webhook-certgen - tag: v1.5.0 + registry: k8s.gcr.io + image: ingress-nginx/kube-webhook-certgen + # for backwards compatibility consider setting the full image url via the repository value below + # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + # repository: + tag: v1.1.1 + digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 pullPolicy: IfNotPresent ## Provide a priority class name to the webhook patching job ## priorityClassName: "" podAnnotations: {} - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux tolerations: [] runAsUser: 2000 @@ -498,7 +618,7 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] - servicePort: 9913 + servicePort: 10254 type: ClusterIP # externalTrafficPolicy: "" # nodePort: "" @@ -506,6 +626,8 @@ controller: serviceMonitor: enabled: false additionalLabels: {} + # The label to use to retrieve the job name from. + # jobLabel: "app.kubernetes.io/name" namespace: "" namespaceSelector: {} # Default: scrape .Release.Namespace only @@ -575,20 +697,17 @@ controller: ## revisionHistoryLimit: 10 -# Maxmind license key to download GeoLite2 Databases -# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases -maxmindLicenseKey: "" - ## Default 404 backend ## defaultBackend: ## enabled: false - name: default-backend + name: defaultbackend image: repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/defaultbackend-amd64 tag: "1.5" + digest: sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7 pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -596,11 +715,15 @@ defaultBackend: readOnlyRootFilesystem: true allowPrivilegeEscalation: false + # Use an existing PSP instead of creating one + existingPsp: "" + extraArgs: {} serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Additional environment variables to set for defaultBackend pods extraEnvs: [] @@ -646,7 +769,8 @@ defaultBackend: ## Node labels for default backend pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux ## Annotations to be added to default backend pods ## @@ -664,7 +788,18 @@ defaultBackend: # cpu: 10m # memory: 20Mi + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + autoscaling: + annotations: {} enabled: false minReplicas: 1 maxReplicas: 2 @@ -688,7 +823,7 @@ defaultBackend: priorityClassName: "" -## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 +## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: create: true scope: false @@ -700,7 +835,8 @@ podSecurityPolicy: serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -708,17 +844,21 @@ imagePullSecrets: [] # - name: secretName # TCP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp +# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## tcp: {} # 8080: "default/example-tcp-svc:9000" # UDP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp +# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## udp: {} # 53: "kube-system/kube-dns:53" +# A base64ed Diffie-Hellman parameter +# This can be generated with: openssl dhparam 4096 2> /dev/null | base64 +# Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param +dhParam: ## GitLab-provided values starting below @@ -732,4 +872,4 @@ udp: {} tcpExternalConfig: "" common: - labels: {} \ No newline at end of file + labels: {} diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index b6648035de..3734f86fc4 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "registry.ingressclass" . }}" + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $hostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 265c8e2bc4..1d233b1f36 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -19,6 +19,11 @@ The following adjustments were made to the NGINX fork: - GitLab chart overrides `ingress-nginx.tcp-configmap` so that `gitlab/gitlab-org/charts/gitlab-shell` can configure its TCP service - Ability to use a templated Ingress name based on the release name - `controller-deployment.yaml`: `.spec.template.spec.containers[0].args` uses `ingress-nginx.controller.ingress-class` - - `role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option +- `controller-deployment.yaml`: + - Disabled the use of `nginx-ingress.controller.nodeSelector` value + - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` +- `default-backend-deployment.yaml`: + - Disable the use of `nginx-ingress.defaultbackend.nodeSelector` value + - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` diff --git a/doc/charts/nginx/index.md b/doc/charts/nginx/index.md index fc3354eac3..3f0ad5a1b6 100644 --- a/doc/charts/nginx/index.md +++ b/doc/charts/nginx/index.md @@ -18,8 +18,9 @@ Our [fork](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx- [GitHub](https://github.com/kubernetes/ingress-nginx). See [Our NGINX fork](fork.md) for details on what was modified in our fork. NOTE: -The version of the NGINX Ingress Helm Chart bundled with the GitLab Helm Charts does not support Kubernetes 1.22. -See [#2852](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2852) for more information. +The version of the NGINX Ingress Helm Chart bundled with the GitLab Helm Charts +has been updated to support Kubernetes 1.22. As a result, the GitLab Helm +Chart can not longer support Kubernetes versions prior to 1.19. ## Configuring NGINX diff --git a/examples/custom-images/values.yaml b/examples/custom-images/values.yaml index 4b60127540..eea320b2bb 100644 --- a/examples/custom-images/values.yaml +++ b/examples/custom-images/values.yaml @@ -6,7 +6,7 @@ certmanager-issuer: .custom: &custom image: repository: custom-repository - tag: custom-tag + tag: 1.2.3-example # --- Global settings --- diff --git a/spec/configuration/ingress_spec.rb b/spec/configuration/ingress_spec.rb index a0f6c6d9e8..f48efabafb 100644 --- a/spec/configuration/ingress_spec.rb +++ b/spec/configuration/ingress_spec.rb @@ -206,5 +206,73 @@ describe 'GitLab Ingress configuration(s)' do end end end + + context 'when using ingress with networking.k8s.io/v1beta1 API' do + it 'does not set ingressClassName resource' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1beta1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + class_resource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(class_resource).to eq(nil) + end + end + + it 'sets ingress-class annotation' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1beta1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + annotation = template.dig("Ingress/#{ingress_name}", 'metadata', 'annotations', 'kubernetes.io/ingress.class') + expect(annotation).to eq('test-nginx') + end + end + end + + context 'when using ingress with networking.k8s.io/v1 API' do + it 'sets ingressClassName resource' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + class_resource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(class_resource).to eq('test-nginx') + end + end + + it 'does not set ingress-class annotation' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + annotation = template.dig("Ingress/#{ingress_name}", 'metadata', 'annotations', 'kubernetes.io/ingress.class') + expect(annotation).to eq(nil) + end + end + end end end diff --git a/spec/configuration/strategy_spec.rb b/spec/configuration/strategy_spec.rb index 5e495c0527..27f627574b 100644 --- a/spec/configuration/strategy_spec.rb +++ b/spec/configuration/strategy_spec.rb @@ -99,7 +99,7 @@ describe 'Strategy configuration' do 'Deployment/test-certmanager', 'Deployment/test-prometheus-server', 'Deployment/test-nginx-ingress-controller', - 'Deployment/test-nginx-ingress-default-backend', + 'Deployment/test-nginx-ingress-defaultbackend', 'Deployment/test-toolbox', 'Deployment/test-minio', 'Deployment/test-gitlab-runner', @@ -143,7 +143,9 @@ describe 'Strategy configuration' do resources_by_kind = local_template.resources_by_kind('Deployment').reject { |key, _| ignored_charts.include? key } resources_by_kind.each do |key, _| - expect(local_template.dig(key, 'spec', 'strategy')['type']).to eq('Recreate') + resource = local_template.dig(key, 'spec', 'strategy') + expect(resource).not_to be_nil, "Unable to find strategy for #{key}" + expect(resource['type']).to eq('Recreate'), "#{key} Deployment strategy: #{resource['type']}" end end diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index 7648b239b0..a9d21a3f67 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -65,6 +65,7 @@ class HelmTemplate when 256 fail "Chart dependencies not installed, run 'helm dependency update'" if @stderr.include? 'found in Chart.yaml, but missing in charts/ directory' end + # load the complete output's YAML documents into an array yaml = YAML.load_stream(@stdout) # filter out any empty YAML documents (nil) diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 78045dd9d4..0ba07db528 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -1354,4 +1354,28 @@ describe 'checkConfig template' do success_description: 'when Registry replication is enabled for Geo and primary API URL is specified', error_description: 'when Registry replication is enabled for Geo but no primary API URL is specified' end + + describe 'nginx-ingress.rbac.scope' do + let(:success_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: true + )).merge(default_required_values) + end + + let(:error_output) { 'Namespaced IngressClasses do not exist' } + + include_examples 'config validation', + success_description: 'when set to false', + error_description: 'when set to true' + end end diff --git a/spec/integration/examples_spec.rb b/spec/integration/examples_spec.rb index 4e90ae2139..dcafaf0556 100644 --- a/spec/integration/examples_spec.rb +++ b/spec/integration/examples_spec.rb @@ -10,7 +10,7 @@ describe 'example configurations' do stdout, stderr, exit_code = result - expect(exit_code.to_i).to eq(0) + expect(exit_code.to_i).to eq(0), "helm template generated error for #{path}" expect(stdout).to include('name: gitlab-examples-test') expect(stderr).to be_empty end diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 0ab4250a16..7bca46fca8 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -114,6 +114,13 @@ WARNING: GitLab Pages configured to use disk storage via `{{ $component }}.extra {{- end }} {{- end }} +{{/* In-chart NGINX Ingress Controller notices */}} +{{- if eq true (index $.Values "nginx-ingress").enabled -}} +NOTICE: The in-chart NGINX Ingress Controller has the following requirements: + - Kubernetes version must be 1.19 or newer. + - Ingress objects must be in group/version `networking.k8s.io/v1`. +{{ end }} + {{/* run deprecations */}} {{ include "gitlab.deprecations" . }} {{/* run checkConfig */}} diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 3f47ad7888..9897652877 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -56,6 +56,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.consolidatedConfig" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.typeSpecificConfig" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.nginx.controller.extraArgs" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.nginx.clusterrole.scope" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.loadBalancer" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.smtp.openssl_verify_mode" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" .) -}} @@ -665,6 +666,15 @@ nginx-ingress: {{- end -}} {{/* END "gitlab.checkConfig.nginx.controller" */}} +{{- define "gitlab.checkConfig.nginx.clusterrole.scope" -}} +{{- if (index $.Values "nginx-ingress").rbac.scope -}} +nginx-ingress: + 'rbac.scope' should be false. Namespaced IngressClasses do not exist. + See https://github.com/kubernetes/ingress-nginx/issues/7519 +{{- end -}} +{{- end -}} +{{/* END "gitlab.checkConfig.nginx.clusterrole" */}} + {{/* Ensure that when type is set to LoadBalancer that loadBalancerSourceRanges are set */}} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4007eca909..363e5a3e0d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -347,6 +347,24 @@ kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressC {{- end -}} {{- end -}} +{{/* +Return an ingressClassName field if the Ingress apiVersion allows it +*/}} +{{- define "gitlab.ingress.classnameField" -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} +ingressClassName: {{ include "gitlab.ingressclass" . }} +{{- end -}} +{{- end -}} + +{{/* +Return an ingress.class if the Ingress apiVersion allows it +*/}} +{{- define "gitlab.ingress.classAnnotation" -}} +{{- if and (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass")) (not (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1")) -}} +kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" +{{- end -}} +{{- end -}} + {{/* Returns the nginx ingress class */}} diff --git a/values.yaml b/values.yaml index 9cf812afef..7230c2038e 100644 --- a/values.yaml +++ b/values.yaml @@ -69,7 +69,7 @@ global: ## https://docs.gitlab.com/charts/charts/globals#configure-ingress-settings ingress: - apiVersion: + apiVersion: "" configureCertmanager: true provider: nginx annotations: {} @@ -744,6 +744,9 @@ nginx-ingress: server-tokens: "false" service: externalTrafficPolicy: "Local" + ingressClassByName: false + ingressClassResource: + name: "{{ .Release.Name }}-nginx" resources: requests: cpu: 100m @@ -774,7 +777,10 @@ nginx-ingress: memory: 5Mi rbac: create: true - scope: true + # Needed for k8s 1.20 and 1.21 + # https://github.com/kubernetes/ingress-nginx/issues/7510 + # https://github.com/kubernetes/ingress-nginx/issues/7519 + scope: false serviceAccount: create: true -- GitLab From 9228786fd77e314826d51594b91ff58536fad7c2 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Mon, 20 Dec 2021 18:18:02 +0000 Subject: [PATCH 177/253] [CI] Ensure NGINX instances do not collide --- scripts/ci/autodevops.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index a24e7226fd..e8afc7ae2d 100644 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -185,6 +185,9 @@ CIYAML --set global.ingress.tls.secretName=helm-charts-win-tls \ --set global.ingress.configureCertmanager=false \ --set global.appConfig.initialDefaults.signupEnabled=false \ + --set nginx-ingress.controller.electionID="$RELEASE_NAME" \ + --set nginx-ingress.controller.ingressClassByName=true \ + --set nginx-ingress.controller.ingressClassResource.controllerValue="ci.gitlab.com/$RELEASE_NAME" \ --set certmanager.install=false \ --set prometheus.install=$PROMETHEUS_INSTALL \ --set global.gitlab.license.secret="$RELEASE_NAME-gitlab-license" \ -- GitLab From b9887360bc75a2aaa835bcc555744f32ee10a1e5 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Mon, 20 Dec 2021 18:48:05 +0000 Subject: [PATCH 178/253] Clarify highest supported Kubernetes versions for Charts and Operator --- charts/nginx-ingress/README.md | 2 +- doc/installation/index.md | 12 ++++++++++-- doc/installation/operator.md | 8 +++++++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md index fecbbcde2d..2828f30277 100644 --- a/charts/nginx-ingress/README.md +++ b/charts/nginx-ingress/README.md @@ -8,7 +8,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber ## Prerequisites -- Kubernetes v1.16+ +- Kubernetes v1.19+ ## Get Repo Info diff --git a/doc/installation/index.md b/doc/installation/index.md index 78405292e1..ecddf746c1 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -15,10 +15,18 @@ To deploy GitLab on Kubernetes, the following are required: 1. kubectl `1.16` or higher, compatible with your cluster ([+/- 1 minor release from your cluster](https://kubernetes.io/docs/tasks/tools/)). 1. Helm v3 (3.3.1 or higher). -1. A Kubernetes cluster, version 1.16 or higher. 8vCPU and 30GB of RAM is recommended. +1. A Kubernetes cluster, version 1.16 through 1.21. 8vCPU and 30GB of RAM is recommended. - Please refer to our [Cloud Native Hybrid reference architectures](https://docs.gitlab.com/ee/administration/reference_architectures/#available-reference-architectures) for the cluster topology recommendations for the specific environment sizes. +NOTE: +If using the in-chart NGINX Ingress Controller (`nginx-ingress.enabled=true`), +then Kubernetes 1.19 or newer is required. + +NOTE: +Support for Kubernetes 1.22 is under active development - see +[&6883](https://gitlab.com/groups/gitlab-org/-/epics/6883) for more information. + NOTE: Helm v2 has reached end of lifecyle. If GitLab has been previously installed with Helm v2, you should use Helm v3 as soon as possible. Please consult @@ -35,7 +43,7 @@ Before proceeding to deploying GitLab, you need to prepare your environment. ### Cloud cluster preparation NOTE: -[Kubernetes 1.16 or higher is required](#requirements), due to the usage of certain +[Kubernetes 1.16 through 1.21 is required](#requirements), due to the usage of certain Kubernetes features. Follow the instructions to create and connect to the Kubernetes cluster of your diff --git a/doc/installation/operator.md b/doc/installation/operator.md index fdaeedc6dd..5cb7a2418d 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -43,8 +43,14 @@ Before you install GitLab with GitLab Operator, you must: 1. Create or use an existing Kubernetes or OpenShift cluster: - **Kubernetes:** To create a traditional Kubernetes cluster, consider using the [official tooling](https://kubernetes.io/docs/tasks/tools/) or your - preferred method of installation. + preferred method of installation. The GitLab Operator supports Kubernetes + 1.19 through 1.21. Support for Kubernetes 1.22 is under active development - see + [&6883](https://gitlab.com/groups/gitlab-org/-/epics/6883) for more information. - **OpenShift:** To create an OpenShift cluster, see the [OpenShift cluster setup docs](cloud/openshift.md). + The GitLab Operator supports OpenShift 4.6 through 4.9. Support for Kubernetes 1.22 + is under active development - see [&6883](https://gitlab.com/groups/gitlab-org/-/epics/6883) + for more information. + 1. Install the following services and software: - **Ingress controller** -- GitLab From 60f20eba310d712aed8637b843548a1c9d8dd808 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 20 Dec 2021 04:02:16 +0000 Subject: [PATCH 179/253] Update gitlab-org/container-registry from 3.18.1-gitlab to 3.19.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 07476791c9..8f88f7682e 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.18.1-gitlab' + tag: 'v3.19.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index f0011a4163..d82558b7d0 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.18.1-gitlab' + tag: 'v3.19.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.18.1-gitlab` | Version of the image to use | +| `image.tag` | `v3.19.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.18.1-gitlab'` +- `tag: 'v3.19.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 9a19c0cc36648f9dd72e43aaec1f2c53d83712fe Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 20 Dec 2021 04:02:20 +0000 Subject: [PATCH 180/253] Update gitlab-org/charts/gitlab-runner from 0.35.3 to 0.36.0 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 939d459ed9..0f991e4129 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.35.3 + version: 0.36.0 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From 45434826d28975464fd9be0b3e73f7fb34fc2479 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 21 Dec 2021 14:10:15 +0000 Subject: [PATCH 181/253] Update changelog for 5.6.0 [ci skip] --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3049dd38b0..734c7e79b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.6.0 (2021-12-21) + +### Changed (6 changes) + +- [Update gitlab-org/container-registry from 3.18.1-gitlab to 3.19.0-gitlab](gitlab-org/charts/gitlab@8c76c6594e07be584709112bd0ad6322bbe2b411) ([merge request](gitlab-org/charts/gitlab!2312)) +- [Update gitlab-org/charts/gitlab-runner from 0.35.3 to 0.36.0](gitlab-org/charts/gitlab@504aebed4b7ee63c73436d081392c531b29d7f6f) ([merge request](gitlab-org/charts/gitlab!2313)) +- [Update gitlab-org/charts/gitlab-runner from 0.35.0 to 0.35.3](gitlab-org/charts/gitlab@7017fda23b1a3788c9e6fb7a5e8f11027775c842) ([merge request](gitlab-org/charts/gitlab!2301)) +- [Update gitlab-org/container-registry from 3.16.0-gitlab to 3.17.0-gitlab](gitlab-org/charts/gitlab@e1b12db5cb630926ee76ce7684fba64263dc79af) ([merge request](gitlab-org/charts/gitlab!2285)) +- [Update gitlab-org/charts/gitlab-runner from 0.34.0 to 0.35.0](gitlab-org/charts/gitlab@12c4740147c25f788061176f124e5749eb9a7726) ([merge request](gitlab-org/charts/gitlab!2275)) +- [Update gitlab-org/container-registry from 3.15.0-gitlab to 3.16.0-gitlab](gitlab-org/charts/gitlab@3d2e013c2c37ee987fa064dacb8ae3f2f645aa4b) ([merge request](gitlab-org/charts/gitlab!2276)) + ## 5.5.2 (2021-12-03) No changes. -- GitLab From 604916fa4a6f9d59ef14bbcc58932b59fc70fe8c Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 21 Dec 2021 14:10:35 +0000 Subject: [PATCH 182/253] Update Chart versions to 5.6.0 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 32d386534e..637ac0d4ec 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.5.2 +version: 5.6.0 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index ae46fb64ca..9d09dfadbc 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.5.2 +version: 5.6.0 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 9fdb088ee2..3e050dc8cc 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.5.2 +version: 5.6.0 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index fd4ce2ca92..4717442984 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.5.2 +version: 5.6.0 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 977dbca663..93ba8769dc 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.5.2 +version: 5.6.0 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 5642f12872..75aebb8044 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.5.2 +version: 5.6.0 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index a29b381656..54d5949c83 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.5.2 +version: 5.6.0 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 1fbd2c76e8..b51706a297 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.5.2 +version: 5.6.0 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 73bffee666..bbc657bd3d 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.5.2 +version: 5.6.0 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 7a45f1c60e..67d79ad93f 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.5.2 +version: 5.6.0 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index bcdece56f5..6f2417ab67 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.5.2 +version: 5.6.0 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 8d1e141d32..2ca6ee2a03 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.5.2 +version: 5.6.0 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 215a033c72..ad3a28b711 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.5.2 +version: 5.6.0 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index a88117dbfb..cb32ddc3f8 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.5.2 +version: 5.6.0 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 5636c40a04..735bb1653f 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.5.2 +version: 5.6.0 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 2022f576f4d9004c2a794cebb040d3ef2fffe871 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 21 Dec 2021 14:10:38 +0000 Subject: [PATCH 183/253] Update version mapping for 5.6.0 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index f3a26e29e0..10f1d7c1ad 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.6.0 | 14.6.0 | | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | -- GitLab From ee0b96fe055c0880ba4e4756f7649814c78bcce2 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Tue, 21 Dec 2021 21:05:11 +0000 Subject: [PATCH 184/253] Restore `loadBalancerIP=global.hosts.externalIP` on NGINX Controller Service --- charts/nginx-ingress/templates/controller-service.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-service.yaml b/charts/nginx-ingress/templates/controller-service.yaml index 7346c13cbd..0dae26ab70 100644 --- a/charts/nginx-ingress/templates/controller-service.yaml +++ b/charts/nginx-ingress/templates/controller-service.yaml @@ -25,8 +25,8 @@ spec: {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} +{{- if or .Values.global.hosts.externalIP .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ coalesce .Values.global.hosts.externalIP .Values.controller.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} -- GitLab From 08f24bfc7f83ead9609e901133cb1be62698d44a Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Tue, 21 Dec 2021 21:17:05 +0000 Subject: [PATCH 185/253] [CI] Ensure scripts exit on failure --- scripts/ci/feature_spec_setup | 1 + scripts/ci/install_spec_dependencies | 1 + scripts/ci/integration_spec_setup | 1 + scripts/ci/run_specs | 1 + 4 files changed, 4 insertions(+) diff --git a/scripts/ci/feature_spec_setup b/scripts/ci/feature_spec_setup index 656fbcef64..2e816cfc49 100755 --- a/scripts/ci/feature_spec_setup +++ b/scripts/ci/feature_spec_setup @@ -1,4 +1,5 @@ #!/bin/bash +set -e mkdir -p /etc/gitlab/minio diff --git a/scripts/ci/install_spec_dependencies b/scripts/ci/install_spec_dependencies index 426a9601ae..c47bc43d1a 100755 --- a/scripts/ci/install_spec_dependencies +++ b/scripts/ci/install_spec_dependencies @@ -1,4 +1,5 @@ #!/bin/bash +set -e export DEBIAN_FRONTEND=noninteractive KUBECTL_VERSION=${KUBECTL_VERSION:-v1.16.15} diff --git a/scripts/ci/integration_spec_setup b/scripts/ci/integration_spec_setup index c6dc7e1158..608c68fc2d 100755 --- a/scripts/ci/integration_spec_setup +++ b/scripts/ci/integration_spec_setup @@ -1,3 +1,4 @@ #!/bin/bash +set -e helm dependency update diff --git a/scripts/ci/run_specs b/scripts/ci/run_specs index dfb042042c..254aab3446 100755 --- a/scripts/ci/run_specs +++ b/scripts/ci/run_specs @@ -1,4 +1,5 @@ #!/bin/bash +set -e if [[ -n "${VARIABLES_FILE}" ]]; then source "${VARIABLES_FILE}" -- GitLab From a1b1ac702e5a24254d1ca650c0d455592b89fbbd Mon Sep 17 00:00:00 2001 From: Adam Mulvany Date: Wed, 22 Dec 2021 03:23:51 +0000 Subject: [PATCH 186/253] Improve reading flow by replacing the slash with and --- doc/installation/operator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 5cb7a2418d..34d3e9aa1f 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -11,7 +11,7 @@ If you want to integrate GitLab with OpenShift, see the [OpenShift and GitLab do GitLab Operator is an implementation of the [Operator pattern](https://www.openshift.com/blog) for managing the lifecycle and upgrades of a GitLab instance. The GitLab Operator strengthens the support of OpenShift from GitLab, but is intended to be as native to Kubernetes as for OpenShift. The GitLab Operator provides a method of synchronizing and controlling various -stages of cloud-native GitLab installation/upgrade procedures. Using the Operator provides the ability to perform +stages of cloud-native GitLab installation and upgrade procedures. Using the Operator provides the ability to perform rolling upgrades with minimal down time. The first goal is to support OpenShift, the subsequent goal will be for automation of day 2 operations like upgrades as noted. The Operator offers the benefit of Day 2 operators to the GitLab installation, there are many automation benefits to utilizing the Operator vs Helm. The Operator utilizes the Helm Chart but the Operator will continuously run making upgrading, backups, and more, automatic. -- GitLab From c16f1a8fe25c7799ee4b5e4f7939d2a3803f269e Mon Sep 17 00:00:00 2001 From: Ahmad Tolba Date: Wed, 22 Dec 2021 16:18:25 +0000 Subject: [PATCH 187/253] Feature gate metrics port exposure, expose on Service - Adds metrics port definition to the Service object. - Feature gate port exposure based on `metrics.enabled` Changelog: added --- charts/gitlab/charts/gitlab-shell/templates/deployment.yaml | 4 ++++ charts/gitlab/charts/gitlab-shell/templates/service.yaml | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml index 15f583b7ac..23e5ecffe8 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml @@ -94,6 +94,10 @@ spec: image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.parseAppVersion" (dict "appVersion" .Chart.AppVersion "prepend" "true")) }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} ports: + {{- if .Values.metrics.enabled }} + - containerPort: {{ .Values.metrics.port }} + name: metrics + {{- end }} - containerPort: {{ .Values.service.internalPort }} name: ssh env: diff --git a/charts/gitlab/charts/gitlab-shell/templates/service.yaml b/charts/gitlab/charts/gitlab-shell/templates/service.yaml index 5e93ce4d1c..75351956f6 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/service.yaml +++ b/charts/gitlab/charts/gitlab-shell/templates/service.yaml @@ -13,6 +13,12 @@ metadata: spec: type: {{ .Values.service.type }} ports: + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.port }} + targetPort: {{ .Values.metrics.port }} + protocol: TCP + name: metrics + {{- end }} - port: {{ include "gitlab.shell.port" . | int }} targetPort: {{ .Values.service.internalPort }} protocol: TCP -- GitLab From cbc79eceeba428b19f1c278ba91f8343dddf87c8 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 22 Dec 2021 20:55:19 +0000 Subject: [PATCH 188/253] Fix duplicate NGINX labels --- charts/nginx-ingress/templates/_helpers.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index 8102f97c8b..2d2f9f6a8f 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -68,7 +68,6 @@ Common labels */}} {{- define "ingress-nginx.labels" -}} helm.sh/chart: {{ include "ingress-nginx.chart" . }} -{{ include "ingress-nginx.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -- GitLab From dc0fd115e7b13b3ee8307ab6d413f11785755ee9 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Thu, 23 Dec 2021 17:49:15 +0000 Subject: [PATCH 189/253] Registry: add payloadsizelimit to manifest validation stanza --- charts/registry/templates/configmap.yaml | 1 + charts/registry/values.yaml | 1 + doc/charts/registry/index.md | 2 ++ 3 files changed, 4 insertions(+) diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index 08bb77763e..c9c28c6840 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -52,6 +52,7 @@ data: {{- with .Values.validation.manifests }} manifests: referencelimit: {{ .referencelimit }} + payloadsizelimit: {{ .payloadsizelimit }} urls: allow: {{- range .urls.allow }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 8f88f7682e..1f78dbab2b 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -234,6 +234,7 @@ validation: disabled: true manifests: referencelimit: 0 + payloadsizelimit: 0 urls: allow: [] deny: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index d82558b7d0..45a324e2c0 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -101,6 +101,7 @@ registry: disabled: true manifests: referencelimit: 0 + payloadsizelimit: 0 urls: allow: [] deny: [] @@ -506,6 +507,7 @@ the `deny` field. | Name | Type | Default | Description | | :---------------: | :----: | :------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | `referencelimit` | Int | `0` | The maximum number of references, such as layers, image configurations, and other manifests, that a single manifest may have. When set to `0` (default) this validation is disabled. | +| `payloadsizelimit` | Int | `0` | The maximum data size in bytes of manifest payloads. When set to `0` (default) this validation is disabled. | | `urls.allow` | Array | `[]` | List of regular expressions that enables URLs in the layers of manifests. When left empty (default), layers with any URLs will be rejected. | | `urls.deny` | Array | `[]` | List of regular expressions that restricts the URLs in the layers of manifests. When left empty (default), no layer with URLs which passed the `urls.allow` list will be rejected | -- GitLab From e80b7f93443071f82113af800eb7cdabd8467ce5 Mon Sep 17 00:00:00 2001 From: Katrin Leinweber Date: Thu, 23 Dec 2021 18:15:46 +0000 Subject: [PATCH 190/253] Harmonize LDAP "main" server block with documented example --- values.yaml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/values.yaml b/values.yaml index 7230c2038e..239e3f944d 100644 --- a/values.yaml +++ b/values.yaml @@ -396,17 +396,7 @@ global: # prevent the use of LDAP for sign-in via web. preventSignin: false servers: {} - ## 'main' is the GitLab 'provider ID' of this LDAP server - # main: - # label: 'LDAP' - # host: '_your_ldap_server' - # port: 636 - # uid: 'sAMAccountName' - # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' - # password: - # secret: _the_secret_containing_your_ldap_password - # key: _the_key_which_holds_your_ldap_password - # encryption: 'plain' + ## See documentation for complete example of a configured LDAP server ## https://docs.gitlab.com/charts/charts/globals#kas-settings gitlab_kas: {} -- GitLab From ed636a833b929d86a839c8f5b8e879fc9fddaf1f Mon Sep 17 00:00:00 2001 From: Alexander Tanayno Date: Tue, 28 Dec 2021 13:16:39 +0000 Subject: [PATCH 191/253] Add config example for Pages with ACM --- doc/installation/tls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/doc/installation/tls.md b/doc/installation/tls.md index 7c5f7bf772..e693e87554 100644 --- a/doc/installation/tls.md +++ b/doc/installation/tls.md @@ -77,6 +77,20 @@ helm install gitlab gitlab/gitlab \ --set global.ingress.tls.secretName= ``` +### Use AWS ACM to manage certificates + +If you are using AWS ACM to create your wildcard certificate, it is not possible to specify it via secret because ACM certificates cannot be downloaded. +Instead, specify them via `nginx-ingress.controller.service.annotations`: + +```yaml +nginx-ingress: + controller: + service: + annotations: + ... + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:{region}:{user id}:certificate/{id} +``` + ## Option 3: Use individual certificate per service Add your full chain certificates to the cluster as secrets, and then pass those secret names to each Ingress. -- GitLab From 035192f3cb2a36365fd84e64d7ee40cc2c79938b Mon Sep 17 00:00:00 2001 From: Balasankar 'Balu' C Date: Thu, 30 Dec 2021 16:37:54 +0000 Subject: [PATCH 192/253] Fix sha256 digest of nginx-ingress controller image --- charts/nginx-ingress/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 62a3546b0a..f7900ffba6 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -13,7 +13,7 @@ controller: registry: k8s.gcr.io repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/ingress-nginx/controller tag: "v1.0.4" - digest: sha256:a7fb797e0b1c919a49cf9b3f9bb90ebca39bc85d0edd11c9a5cf897da5eb5a3f + digest: sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 -- GitLab From 5dffe140ed7f84ba3a829805b7ed447de2918f45 Mon Sep 17 00:00:00 2001 From: Dmytro Makovey Date: Thu, 30 Dec 2021 19:41:19 +0000 Subject: [PATCH 193/253] Prevent Dependency bot producing a devel "release" on master branch --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3b5426f417..f989b9a935 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -804,6 +804,8 @@ publish_devel_package: CHANNEL: "devel" VERSION_SUFFIX: "-${CI_PIPELINE_ID}" rules: + - if: $DEPS_PIPELINE || $TRIGGER_JOB + when: never - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' release_package: -- GitLab From 7e497cbdc131e9023e8c12c7671b3b202bb3ba24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Alexandre=20Cunha?= Date: Thu, 30 Dec 2021 19:46:53 +0000 Subject: [PATCH 194/253] Rename docs reference to GitLab Kubernetes Agent --- charts/gitlab/charts/kas/Chart.yaml | 4 ++-- doc/charts/gitlab/index.md | 2 +- doc/charts/gitlab/kas/index.md | 6 +++--- doc/index.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index b51706a297..10aabea26e 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v1 name: kas version: 5.6.0 appVersion: latest -description: GitLab Kubernetes Agent Server +description: GitLab Agent Server keywords: - agent - gitlab @@ -18,4 +18,4 @@ sources: - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent maintainers: - name: GitLab Inc. - email: support@gitlab.com + email: support@gitlab.com \ No newline at end of file diff --git a/doc/charts/gitlab/index.md b/doc/charts/gitlab/index.md index 0365d0d5f5..b93e47ec1c 100644 --- a/doc/charts/gitlab/index.md +++ b/doc/charts/gitlab/index.md @@ -15,7 +15,7 @@ service sub-charts: - [GitLab Pages](gitlab-pages/index.md) - [GitLab Runner](gitlab-runner/index.md) - [GitLab Shell](gitlab-shell/index.md) -- [Kubernetes Agent Server (KAS)](kas/index.md) +- [GitLab Agent Server (KAS)](kas/index.md) - [Mailroom](mailroom/index.md) - [Migrations](migrations/index.md) - [Praefect](praefect/index.md) diff --git a/doc/charts/gitlab/kas/index.md b/doc/charts/gitlab/kas/index.md index c5e0e1278d..2926c52f77 100644 --- a/doc/charts/gitlab/kas/index.md +++ b/doc/charts/gitlab/kas/index.md @@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Using the GitLab-Kas chart **(FREE SELF)** -The `kas` sub-chart provides a configurable deployment of the [Kubernetes Agent Server](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent#gitlab-kubernetes-agent-server-kas), which is the server-side component of the [GitLab Kubernetes Agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) implementation. +The `kas` sub-chart provides a configurable deployment of the [GitLab Agent Server](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent#gitlab-kubernetes-agent-server-kas), which is the server-side component of the [GitLab Agent for Kubernetes](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) implementation. ## Requirements @@ -18,7 +18,7 @@ The `kas` container used in this chart use a distroless image for minimal resour The route to access the service will depend on your [Ingress configuration](#ingress). -Follow the link for further information about the [GitLab Kubernetes Agent architecture](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/architecture.md). +Follow the link for further information about the [GitLab Agent for Kubernetes architecture](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/architecture.md). ## Configuration @@ -99,7 +99,7 @@ To install the chart: ``` 1. Use the GDK to run the process to configure and use the - [GitLab Kubernetes Agent](https://docs.gitlab.com/ee/user/clusters/agent/): + [GitLab Agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/): (You can also follow the steps to configure and use the Agent manually.) 1. From your GDK GitLab repository, move into the QA folder: `cd qa`. diff --git a/doc/index.md b/doc/index.md index 2178198a53..4cb8b969d1 100644 --- a/doc/index.md +++ b/doc/index.md @@ -43,7 +43,7 @@ can be installed separately. - [_Unprivileged_](https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runner) [GitLab Runner](https://docs.gitlab.com/runner/) using the Kubernetes executor - Automatically provisioned SSL via [Let's Encrypt](https://letsencrypt.org/), using [Jetstack](https://www.jetstack.io/)'s [cert-manager](https://cert-manager.io/docs/) - GitLab/[Praefect](charts/gitlab/praefect/index.md) - - GitLab/[Kubernetes Agent Server (KAS)](charts/gitlab/kas/index.md) + - GitLab/[GitLab Agent Server (KAS)](charts/gitlab/kas/index.md) ## GitLab Helm chart quick start guide -- GitLab From f7f791ab64d80d29e3c142e5f0ac8665ba85b2b5 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 30 Dec 2021 22:33:25 +0000 Subject: [PATCH 195/253] Unset namespace on NGINX IngressClass (cluster-scoped) --- charts/nginx-ingress/templates/controller-ingressclass.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/nginx-ingress/templates/controller-ingressclass.yaml b/charts/nginx-ingress/templates/controller-ingressclass.yaml index f305fe32cf..fce3eedccc 100644 --- a/charts/nginx-ingress/templates/controller-ingressclass.yaml +++ b/charts/nginx-ingress/templates/controller-ingressclass.yaml @@ -14,7 +14,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ tpl .Values.controller.ingressClassResource.name . }} - namespace: {{ .Release.Namespace }} {{- if .Values.controller.ingressClassResource.default }} annotations: ingressclass.kubernetes.io/is-default-class: "true" -- GitLab From 522506c36946653731cc062c5eaaf8d47a4fb9fa Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 4 Jan 2022 15:36:50 +0000 Subject: [PATCH 196/253] Update changelog for 5.6.1 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 734c7e79b3..0640e0a325 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.6.1 (2022-01-04) + +No changes. + ## 5.6.0 (2021-12-21) ### Changed (6 changes) -- GitLab From f487211c9e2d98769c413bb842b77f58ae2f2097 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 4 Jan 2022 15:37:09 +0000 Subject: [PATCH 197/253] Update Chart versions to 5.6.1 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 4 ++-- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 637ac0d4ec..c009aaf434 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.6.0 +version: 5.6.1 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 9d09dfadbc..61bcd79868 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.6.0 +version: 5.6.1 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 3e050dc8cc..119f7dc656 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.6.0 +version: 5.6.1 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 4717442984..e5c4ff8743 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.6.0 +version: 5.6.1 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 93ba8769dc..118bcfa39e 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.6.0 +version: 5.6.1 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 75aebb8044..3c9a8b7776 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.6.0 +version: 5.6.1 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 54d5949c83..ef8426a401 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.6.0 +version: 5.6.1 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 10aabea26e..304a3158d8 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.6.0 +version: 5.6.1 appVersion: latest description: GitLab Agent Server keywords: @@ -18,4 +18,4 @@ sources: - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent maintainers: - name: GitLab Inc. - email: support@gitlab.com \ No newline at end of file + email: support@gitlab.com diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index bbc657bd3d..a5f6ec4da7 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.6.0 +version: 5.6.1 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 67d79ad93f..af19a9e107 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.6.0 +version: 5.6.1 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 6f2417ab67..fcd7e5ff5a 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.6.0 +version: 5.6.1 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 2ca6ee2a03..cec7c90916 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.6.0 +version: 5.6.1 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index ad3a28b711..6924b36615 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.6.0 +version: 5.6.1 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index cb32ddc3f8..95ccbceb1e 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.6.0 +version: 5.6.1 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 735bb1653f..30ad88a8f6 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.6.0 +version: 5.6.1 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 373bcc22dc549b72ee6a80338b58c46ff8b7df98 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 4 Jan 2022 15:37:11 +0000 Subject: [PATCH 198/253] Update version mapping for 5.6.1 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 10f1d7c1ad..1374d5880f 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.6.1 | 14.6.1 | | 5.6.0 | 14.6.0 | | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | -- GitLab From ff6dfb6fead9fb2c3860ff31dcfb3e3b61feab08 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 3 Jan 2022 04:02:15 +0000 Subject: [PATCH 199/253] Update gitlab-org/container-registry from 3.19.0-gitlab to 3.20.0-gitlab Changelog: changed --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 1f78dbab2b..5d4d44cb2d 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.19.0-gitlab' + tag: 'v3.20.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 45a324e2c0..aa0c374fa8 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.19.0-gitlab' + tag: 'v3.20.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -154,7 +154,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.19.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.20.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -280,7 +280,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.19.0-gitlab'` +- `tag: 'v3.20.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From e68646f82a3a50dd264941c8fd562461bed5ec30 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 7 Jan 2022 16:59:12 +0000 Subject: [PATCH 200/253] Deps.io: add Registry appVersion in update Update the `Chart.yaml`'s `appVersion` field automatically when updating all other fields. [ci-skip] --- charts/registry/Chart.yaml | 2 +- deps.yml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 7b651b923a..4de1688283 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: registry version: 0.7.0 -appVersion: v3.8.0-gitlab +appVersion: 'v3.20.0-gitlab' description: Stateless, highly scalable application that stores and lets you distribute container images details: Container Registry component of GitLab diff --git a/deps.yml b/deps.yml index 9391c7c5f9..afb3ba370d 100644 --- a/deps.yml +++ b/deps.yml @@ -36,6 +36,10 @@ dependencies: pattern: '`v(\d+\.\d+\.\d+-gitlab)`' range: '>= 2.x.x' prereleases: true + - filename: charts/registry/Chart.yaml + pattern: "appVersion: 'v(\\S+)'" + range: '>= 2.x.x' + prereleases: true - filename: charts/registry/values.yaml pattern: "tag: 'v(\\S+)'" range: '>= 2.x.x' -- GitLab From c430b99033724881885569167bf39ff14a3c2cea Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 10 Jan 2022 04:02:53 +0000 Subject: [PATCH 201/253] Update gitlab-org/container-registry from 3.20.0-gitlab to 3.21.0-gitlab Changelog: changed --- charts/registry/Chart.yaml | 2 +- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 4de1688283..da1543e533 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: registry version: 0.7.0 -appVersion: 'v3.20.0-gitlab' +appVersion: 'v3.21.0-gitlab' description: Stateless, highly scalable application that stores and lets you distribute container images details: Container Registry component of GitLab diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 5d4d44cb2d..cfa58e9d95 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.20.0-gitlab' + tag: 'v3.21.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index aa0c374fa8..fc3f0a5851 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.20.0-gitlab' + tag: 'v3.21.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -154,7 +154,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.20.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.21.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -280,7 +280,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.20.0-gitlab'` +- `tag: 'v3.21.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From d6e6aa79fee0dbfb2beabaacb1fb1e63383838a0 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Mon, 10 Jan 2022 22:57:06 +0000 Subject: [PATCH 202/253] Registry: Add middleware.storage config ability Add the ability to configure the `middleware.storage` block of registry configuration. - Implements walk of List. - Template `privatekey:` from `privatekeySecret` & index in List. - Does _not_ validate any keys presence or required formats. - Does _not_ validate driver names. Changelog: added --- charts/registry/templates/configmap.yaml | 9 ++++ charts/registry/templates/deployment.yaml | 9 ++++ charts/registry/values.yaml | 27 ++++++++-- doc/charts/registry/index.md | 45 +++++++++++++++- spec/configuration/middleware_spec.rb | 66 +++++++++++++++++++++++ spec/helm_template_helper.rb | 33 ++++++++++-- 6 files changed, 180 insertions(+), 9 deletions(-) create mode 100644 spec/configuration/middleware_spec.rb diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index c9c28c6840..266ea4a151 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -125,6 +125,15 @@ data: {{- else }} {{- include (print $.Template.BasePath "/_storage_default.yaml") . | nindent 6}} {{- end }} + middleware: + {{- if .Values.middleware.storage }} + storage: + {{ range $index, $v := .Values.middleware.storage }} + - name: {{ $v.name }} + options: {{ omit $v.options "privatekeySecret" "privatekey" | toYaml | nindent 10 }} + privatekey: {{ printf "/etc/docker/registry/middleware.storage/%d/%s" $index $v.options.privatekeySecret.key }} + {{ end }} + {{- end }} {{- include "registry.database.config" $ | nindent 4 }} {{- include "registry.gc.config" $ | nindent 4 }} {{- include "registry.migration.config" $ | nindent 4 }} diff --git a/charts/registry/templates/deployment.yaml b/charts/registry/templates/deployment.yaml index 34fb24da61..08ae227767 100644 --- a/charts/registry/templates/deployment.yaml +++ b/charts/registry/templates/deployment.yaml @@ -181,6 +181,15 @@ spec: path: storage/{{ .Values.storage.extraKey }} {{- end }} {{- end }} + {{- if .Values.middleware.storage }} + {{- range $index, $v := .Values.middleware.storage }} + - secret: + name: {{ $v.options.privatekeySecret.secret }} + items: + - key: {{ $v.options.privatekeySecret.key }} + path: {{ printf "middleware.storage/%d/%s" $index $v.options.privatekeySecret.key }} + {{- end }} + {{- end }} {{- if .Values.profiling.stackdriver.credentials.secret }} - secret: name: {{ .Values.profiling.stackdriver.credentials.secret }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index cfa58e9d95..e2397e0c35 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -160,10 +160,14 @@ init: # Indent /registry/storage/config 2 spaces before inserting into config.yml sed -i 's/^/ /' /registry/storage/config # Insert into /registry/config.yml after `storage:` - sed -i '/storage:/ r /registry/storage/config' /registry/config.yml + sed -i '/^storage:/ r /registry/storage/config' /registry/config.yml # Remove the now extraneous `config` file rm /registry/storage/config fi + # Copy any middleware.storage if present + if [ -d /config/middleware.storage ]; then + cp -v -r -L /config/middleware.storage /registry/middleware.storage + fi # Set to known path, to used ConfigMap cat /config/certificate.crt > /registry/certificate.crt # Copy the optional profiling keyfile to the expected location @@ -216,10 +220,23 @@ hpa: customMetrics: [] storage: {} - # secret: - # redirect: - # disable: - # exceptions: [] +# secret: +# redirect: +# disable: +# exceptions: [] +middleware: + # See https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#middleware + storage: [] + ## EXAMPLE ONLY + # - name: cloudfront + # options: + # baseurl: cdn.registry.example.com + # # `privatekey` is auto-populated with the content from the privatekey Secret. + # privatekeySecret: + # secret: cdn-private-key + # key: private.pem + # keypairid: YOURKEYPAIRIDFORPRIVATEKEY + minio: redirect: false diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index fc3f0a5851..2728169bbd 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -129,7 +129,7 @@ registry: If you chose to deploy this chart as a standalone, remove the `registry` at the top level. -## Installation command line options +## Installation parameters | Parameter | Default | Description | |--------------------------------------------|----------------------------------------------|------------------------------------------------------------------------------------------------------| @@ -213,6 +213,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `tokenService` | `container_registry` | JWT token service | | `tokenIssuer` | `gitlab-issuer` | JWT token issuer | | `tolerations` | `[]` | Toleration labels for pod assignment | +| `middleware.storage` | | configuration layer for midleware storage ([s3 for instance](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#example-middleware-configuration)) ## Chart configuration examples @@ -611,6 +612,48 @@ by default if not specified by the user. This keeps expected behavior in line wi the default use of MinIO, as well as the Omnibus GitLab. Any user provided value will supersede this default. +### middleware.storage + +Configuration of `middleware.storage` follows [upstream convention](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#middleware): + +Configuration is fairly generic and follows similar pattern: + +```yaml +middleware: + # See https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#middleware + storage: + - name: cloudfront + options: + baseurl: https://abcdefghijklmn.cloudfront.net/ + # `privatekey` is auto-populated with the content from the privatekey Secret. + privatekeySecret: + secret: cloudfront-secret-name + # "key" value is going to be used to generate file name for PEM storage: + # /etc/docker/registry/middleware.storage// + key: private-key-ABC.pem + keypairid: ABCEDFGHIJKLMNOPQRST +``` + +Within above code `options.privatekeySecret` is a `generic` Kubernetes secret contents of which corresponds to PEM file contents: + +```shell +kubectl create secret generic cloudfront-secret-name --type=kubernetes.io/ssh-auth --from-file=private-key-ABC=pk-ABCEDFGHIJKLMNOPQRST.pem +``` + +`privatekey` used upstream is being auto-populated by chart from the privatekey Secret and will be **ignored** if specified. + +#### `keypairid` variants + +Various vendors use different field names for the same construct: + +| Vendor | field name | +| :----: | :--------: | +| Google CDN | `keyname` | +| CloudFront | `keypairid` | + +NOTE: +Only configuration of `middleware.storage` section is supported at this time. + ### debug The debug port is enabled by default and is used for the liveness/readiness diff --git a/spec/configuration/middleware_spec.rb b/spec/configuration/middleware_spec.rb new file mode 100644 index 0000000000..16e59cc0ce --- /dev/null +++ b/spec/configuration/middleware_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper' +require 'helm_template_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'middleware configuration' do + let(:default_values) do + YAML.safe_load(%( + certmanager-issuer: + email: test@example.com + global: {} + gitlab: + migrations: + networkpolicy: + enabled: true + serviceAccount: + enabled: true + create: true + )) + end + + context 'When customer provides middleware storage configuration' do + let(:values) do + YAML.safe_load(%( + registry: + middleware: + storage: + - name: cloudfront + options: + baseurl: cdn.registry.example.com + privatekeySecret: + secret: cdn-private-key + key: private.pem + keypairid: GIBBERISH + )).deep_merge(default_values) + end + + it 'Populates the middleware storage configuration in expected manner' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" + expect( + YAML.safe_load( + t.dig( + 'ConfigMap/test-registry', + 'data', + 'config.yml' + ), + [Symbol] + )['middleware']).to include(YAML.safe_load(%( + storage: + - name: cloudfront + options: + baseurl: cdn.registry.example.com + keypairid: "GIBBERISH" + privatekey: "/etc/docker/registry/middleware.storage/0/private.pem" + ))) + end + it 'Projects middleware storage secrets into deployment' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}" + projected_secret_key = t.find_projected_secret_key('Deployment/test-registry', 'registry-secrets', 'cdn-private-key', 'private.pem') + expect(projected_secret_key).to have_key('path') + expect(projected_secret_key['path']).to eq('middleware.storage/0/private.pem') if projected_secret_key + end + end +end diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index a9d21a3f67..859eb021a2 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -110,13 +110,40 @@ class HelmTemplate volumes[0] end - def find_projected_secret(item, mount, secret) + def get_projected_secret(item, mount, secret) + # locate first instance of projected secret by name secrets = find_volume(item,mount) secrets['projected']['sources'].keep_if do |s| - s['secret']['name'] == secret + s['secret']['name'] == secret if s.has_key?('secret') + end + + return unless secrets['projected']['sources'].length == 1 + + secrets['projected']['sources'][0]['secret'] + end + + def find_projected_secret(item, mount, secret) + secret = get_projected_secret(item,mount,secret) + !secret.nil? + end + + def find_projected_secret_key(item, mount, secret, key) + secret = get_projected_secret(item,mount,secret) + + result = nil + + if secret&.has_key?('items') + + secret['items'].each do |i| + if i['key'] == key + result = i + break + end + end + end - secrets['projected']['sources'].length == 1 + result end def find_volume_mount(item, container_name, volume_name, init = false) -- GitLab From 46499c70cec488f0f7306da6500a14e6e2683c29 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:07:25 +0000 Subject: [PATCH 203/253] Update changelog for 5.6.2 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0640e0a325..8b5b3e0f73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.6.2 (2022-01-11) + +No changes. + ## 5.6.1 (2022-01-04) No changes. -- GitLab From f6a5f898f1a4b147c44c9a5b5c3a11bed0bf57ff Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:07:43 +0000 Subject: [PATCH 204/253] Update Chart versions to 5.6.2 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index c009aaf434..e6f2bfb35a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.6.1 +version: 5.6.2 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 61bcd79868..5d77cd3e6b 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.6.1 +version: 5.6.2 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 119f7dc656..c7bcc3e5bc 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.6.1 +version: 5.6.2 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index e5c4ff8743..74569367d8 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.6.1 +version: 5.6.2 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 118bcfa39e..ed671b9245 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.6.1 +version: 5.6.2 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 3c9a8b7776..64a162aa62 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.6.1 +version: 5.6.2 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index ef8426a401..3b24fef2df 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.6.1 +version: 5.6.2 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index 304a3158d8..f1d5df5dde 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.6.1 +version: 5.6.2 appVersion: latest description: GitLab Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index a5f6ec4da7..23fc46fb4a 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.6.1 +version: 5.6.2 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index af19a9e107..9496379a1e 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.6.1 +version: 5.6.2 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index fcd7e5ff5a..465465f6cf 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.6.1 +version: 5.6.2 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index cec7c90916..1d2127ca20 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.6.1 +version: 5.6.2 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 6924b36615..a8d3b78d20 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.6.1 +version: 5.6.2 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 95ccbceb1e..1ffeae1f12 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.6.1 +version: 5.6.2 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 30ad88a8f6..9963a85659 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.6.1 +version: 5.6.2 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 53ad04b81d03a25cb5548b02d9e9051ae7153081 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:07:45 +0000 Subject: [PATCH 205/253] Update version mapping for 5.6.2 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 1374d5880f..3d2b124163 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.6.2 | 14.6.2 | | 5.6.1 | 14.6.1 | | 5.6.0 | 14.6.0 | | 5.5.2 | 14.5.2 | -- GitLab From 5de20746fe4b020228d2ca6dd5f0549e1c458c42 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:16:20 +0000 Subject: [PATCH 206/253] Update changelog for 5.5.3 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b5b3e0f73..fa52306de6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,10 @@ No changes. - [Update gitlab-org/charts/gitlab-runner from 0.34.0 to 0.35.0](gitlab-org/charts/gitlab@12c4740147c25f788061176f124e5749eb9a7726) ([merge request](gitlab-org/charts/gitlab!2275)) - [Update gitlab-org/container-registry from 3.15.0-gitlab to 3.16.0-gitlab](gitlab-org/charts/gitlab@3d2e013c2c37ee987fa064dacb8ae3f2f645aa4b) ([merge request](gitlab-org/charts/gitlab!2276)) +## 5.5.3 (2022-01-11) + +No changes. + ## 5.5.2 (2021-12-03) No changes. -- GitLab From 87e9c3b362f9977e2579c72618607283b59136d3 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:16:36 +0000 Subject: [PATCH 207/253] Update version mapping for 5.5.3 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 3d2b124163..051fd25c68 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -13,6 +13,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.6.2 | 14.6.2 | | 5.6.1 | 14.6.1 | | 5.6.0 | 14.6.0 | +| 5.5.3 | 14.5.3 | | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | -- GitLab From 1c28604fc47ac48f7acab6f314f729349b2194a2 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:24:27 +0000 Subject: [PATCH 208/253] Update changelog for 5.4.5 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa52306de6..62fce2b605 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -59,6 +59,10 @@ No changes. - [[Docs] Operator: clarify available chart versions](gitlab-org/charts/gitlab@afcb3d95d2f997cc1d77087bb85a73b918a38101) ([merge request](gitlab-org/charts/gitlab!2268)) +## 5.4.5 (2022-01-11) + +No changes. + ## 5.4.4 (2021-12-03) No changes. -- GitLab From 21c15c22a2dfb1d78d7c3d338bf2f51b9bd858aa Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 11 Jan 2022 00:24:42 +0000 Subject: [PATCH 209/253] Update version mapping for 5.4.5 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 051fd25c68..68c36afba9 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -17,6 +17,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | +| 5.4.5 | 14.4.5 | | 5.4.4 | 14.4.4 | | 5.4.3 | 14.4.3 | | 5.4.2 | 14.4.2 | -- GitLab From 2a83633e98f5c49c1b608167555c3f74f1c05b41 Mon Sep 17 00:00:00 2001 From: Vladimir Shushlin Date: Tue, 11 Jan 2022 16:33:29 +0300 Subject: [PATCH 210/253] Add domain rate-limiting options for GitLab Pages Changelog: added --- charts/gitlab/charts/gitlab-pages/templates/configmap.yml | 6 ++++++ doc/charts/gitlab/gitlab-pages/index.md | 4 +++- spec/configuration/pages_spec.rb | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 6a059e5fa3..86af78d295 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -125,5 +125,11 @@ data: {{- if .Values.rateLimitSourceIPBurst }} rate-limit-source-ip-burst={{ .Values.rateLimitSourceIPBurst }} {{- end }} + {{- if .Values.rateLimitDomain }} + rate-limit-domain={{ .Values.rateLimitDomain }} + {{- end }} + {{- if .Values.rateLimitDomainBurst }} + rate-limit-domain-burst={{ .Values.rateLimitDomainBurst }} + {{- end }} configure: | {{- include "gitlab.scripts.configure.secrets" (dict "required" "pages" "optional" "pages") | nindent 4 -}} diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 8ef140d2e2..c35356331b 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -103,8 +103,10 @@ configurations that can be supplied to the `helm install` command using the | `zipCache.expiration` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipCache.refresh` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipOpenTimeout` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | -| `rateLimitSourceIP` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENABLE_RATE_LIMITER=true"]` | +| `rateLimitSourceIP` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_IP_RATE_LIMITS=true"]` | | `rateLimitSourceIPBurst` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) | +| `rateLimitDomain` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_DOMAIN_RATE_LIMITS=true"]` | +| `rateLimitDomainBurst` | int | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) | ### Configuring the `ingress` diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 5b47f7a3e0..35cc3ff4f3 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -490,6 +490,8 @@ describe 'GitLab Pages' do refresh: 60s rateLimitSourceIP: 100.5 rateLimitSourceIPBurst: 50 + rateLimitDomain: 2000.5 + rateLimitDomainBurst: 20000 )) end @@ -529,6 +531,8 @@ describe 'GitLab Pages' do zip-cache-refresh=60s rate-limit-source-ip=100.5 rate-limit-source-ip-burst=50 + rate-limit-domain=2000.5 + rate-limit-domain-burst=20000 MSG expect(pages_enabled_template.exit_code).to eq(0), "Unexpected error code #{pages_enabled_template.exit_code} -- #{pages_enabled_template.stderr}" -- GitLab From 2d234093744bb2f72648b94fdbc40ccef044ac1d Mon Sep 17 00:00:00 2001 From: Evan Read Date: Thu, 13 Jan 2022 17:37:35 +1000 Subject: [PATCH 211/253] Remove trailing spaces for Jan 2022 TW monthly chores --- doc/charts/registry/index.md | 4 ++-- doc/installation/tls.md | 2 +- doc/troubleshooting/index.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 2728169bbd..e6dd0a15cb 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -640,7 +640,7 @@ Within above code `options.privatekeySecret` is a `generic` Kubernetes secret co kubectl create secret generic cloudfront-secret-name --type=kubernetes.io/ssh-auth --from-file=private-key-ABC=pk-ABCEDFGHIJKLMNOPQRST.pem ``` -`privatekey` used upstream is being auto-populated by chart from the privatekey Secret and will be **ignored** if specified. +`privatekey` used upstream is being auto-populated by chart from the privatekey Secret and will be **ignored** if specified. #### `keypairid` variants @@ -652,7 +652,7 @@ Various vendors use different field names for the same construct: | CloudFront | `keypairid` | NOTE: -Only configuration of `middleware.storage` section is supported at this time. +Only configuration of `middleware.storage` section is supported at this time. ### debug diff --git a/doc/installation/tls.md b/doc/installation/tls.md index e693e87554..49466e6ba6 100644 --- a/doc/installation/tls.md +++ b/doc/installation/tls.md @@ -77,7 +77,7 @@ helm install gitlab gitlab/gitlab \ --set global.ingress.tls.secretName= ``` -### Use AWS ACM to manage certificates +### Use AWS ACM to manage certificates If you are using AWS ACM to create your wildcard certificate, it is not possible to specify it via secret because ACM certificates cannot be downloaded. Instead, specify them via `nginx-ingress.controller.service.annotations`: diff --git a/doc/troubleshooting/index.md b/doc/troubleshooting/index.md index 20c0cb515d..cbe4eadbd1 100644 --- a/doc/troubleshooting/index.md +++ b/doc/troubleshooting/index.md @@ -178,7 +178,7 @@ Sidekiq pods did not receive a unique selector prior to chart release `3.0.0`. [The problems with this were documented in](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/663). Upgrades to `3.0.0` using Helm will automatically delete the old Sidekiq deployments and create new ones by appending `-v1` to the -name of the Sidekiq `Deployments`,`HPAs`, and `Pods`. +name of the Sidekiq `Deployments`,`HPAs`, and `Pods`. Starting from `5.5.0` Helm will delete old Sidekiq deployments from prior versions and will use `-v2` suffix for `Pods`, `Deployments` and `HPAs`. -- GitLab From 5ac7cd6efe6a289ad41151531297331f1c78dda0 Mon Sep 17 00:00:00 2001 From: John Jarvis Date: Fri, 14 Jan 2022 17:26:10 +0000 Subject: [PATCH 212/253] Fixes key name in Registry middleware example --- doc/charts/registry/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index e6dd0a15cb..2a2260d61b 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -621,7 +621,7 @@ Configuration is fairly generic and follows similar pattern: ```yaml middleware: # See https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#middleware - storage: + storage: - name: cloudfront options: baseurl: https://abcdefghijklmn.cloudfront.net/ @@ -637,7 +637,7 @@ middleware: Within above code `options.privatekeySecret` is a `generic` Kubernetes secret contents of which corresponds to PEM file contents: ```shell -kubectl create secret generic cloudfront-secret-name --type=kubernetes.io/ssh-auth --from-file=private-key-ABC=pk-ABCEDFGHIJKLMNOPQRST.pem +kubectl create secret generic cloudfront-secret-name --type=kubernetes.io/ssh-auth --from-file=private-key-ABC.pem=pk-ABCEDFGHIJKLMNOPQRST.pem ``` `privatekey` used upstream is being auto-populated by chart from the privatekey Secret and will be **ignored** if specified. -- GitLab From 233a84149099b327e5253f833dc759f5540620ab Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Fri, 14 Jan 2022 17:52:46 +0000 Subject: [PATCH 213/253] Add test specs Changelog: changed --- .../certmanager-issuer/templates/_issuer.yaml | 2 +- .../gitlab-grafana/templates/ingress.yaml | 6 ++-- .../gitlab-pages/templates/ingress.yaml | 6 ++-- .../gitlab/charts/kas/templates/ingress.yaml | 6 ++-- .../charts/sidekiq/templates/_helpers.tpl | 2 +- .../charts/sidekiq/templates/deployment.yaml | 2 +- .../charts/webservice/templates/_helpers.tpl | 2 +- .../charts/webservice/templates/ingress.yaml | 6 ++-- .../templates/ingress_smartcard.yaml | 6 ++-- charts/minio/templates/_helpers.tpl | 2 +- charts/minio/templates/ingress.yaml | 6 ++-- charts/registry/templates/_helpers.tpl | 2 +- charts/registry/templates/ingress.yaml | 6 ++-- spec/configuration/ingress_spec.rb | 28 ++++++++++++++-- templates/_helpers.tpl | 33 ++++++------------- templates/_ingress.tpl | 29 ++++++++++++++++ 16 files changed, 92 insertions(+), 52 deletions(-) create mode 100644 templates/_ingress.tpl diff --git a/charts/certmanager-issuer/templates/_issuer.yaml b/charts/certmanager-issuer/templates/_issuer.yaml index 377d86dc99..f9e75c4b7b 100644 --- a/charts/certmanager-issuer/templates/_issuer.yaml +++ b/charts/certmanager-issuer/templates/_issuer.yaml @@ -21,5 +21,5 @@ spec: - selector: {} http01: ingress: - class: {{ template "gitlab.ingressclass" . }} + class: {{ template "gitlab.ingress.className" . }} {{ end }} diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index d6e67988d1..40362278f8 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -4,7 +4,7 @@ {{- $gitlabHostname = .Values.global.hosts.gitlab.hostnameOverride -}} {{- end -}} {{- $tlsSecret := include "webservice.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: @@ -14,7 +14,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" . }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,7 +26,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $gitlabHostname }} http: diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index ff54a50455..c7a02dee9f 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -2,7 +2,7 @@ {{- if and (empty ($externalAddresses)) (eq (include "gitlab.ingress.enabled" $) "true") -}} {{- $hostname := include "gitlab.pages.hostname" . -}} {{- $tlsSecret := include "pages.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: @@ -12,14 +12,14 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" . }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: "*.{{ $hostname }}" http: diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index 4c91bc7048..ec7e09b5e8 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -2,7 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "gitlab.kas.hostname" . -}} {{- $tlsSecret := include "kas.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress metadata: @@ -12,14 +12,14 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" . }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $hostname }} http: diff --git a/charts/gitlab/charts/sidekiq/templates/_helpers.tpl b/charts/gitlab/charts/sidekiq/templates/_helpers.tpl index e3e9801f26..1ab51fffa9 100644 --- a/charts/gitlab/charts/sidekiq/templates/_helpers.tpl +++ b/charts/gitlab/charts/sidekiq/templates/_helpers.tpl @@ -11,7 +11,7 @@ Pod values take precedence, then chart values, and finally global values. */}} {{- define "sidekiq.podExtraEnv" -}} -{{- $allExtraEnv := merge (default (dict) .local.extraEnv) (default (dict) .parent.Values.extraEnv) .parent.Values.global.extraEnv -}} +{{- $allExtraEnv := merge (default (dict) .local.extraEnv) (default (dict) .context.Values.extraEnv) .context.Values.global.extraEnv -}} {{- range $key, $value := $allExtraEnv }} - name: {{ $key }} value: {{ $value | quote }} diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 2768f96d84..c64b44b794 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -213,7 +213,7 @@ spec: value: "1" {{- end }} {{- include "gitlab.tracing.env" $ | nindent 12 }} - {{- include "sidekiq.podExtraEnv" (dict "local" . "parent" $) | nindent 12 }} + {{- include "sidekiq.podExtraEnv" (dict "local" . "context" $) | nindent 12 }} {{- if $metricsEnabled }} ports: - containerPort: {{ $metricsPort }} diff --git a/charts/gitlab/charts/webservice/templates/_helpers.tpl b/charts/gitlab/charts/webservice/templates/_helpers.tpl index 613455b36e..e1dbf1fb69 100644 --- a/charts/gitlab/charts/webservice/templates/_helpers.tpl +++ b/charts/gitlab/charts/webservice/templates/_helpers.tpl @@ -146,7 +146,7 @@ Pod values take precedence, then chart values, and finally global values. */}} {{- define "webservice.podExtraEnv" -}} -{{- $allExtraEnv := merge (default (dict) .local.extraEnv) (default (dict) .parent.Values.extraEnv) .parent.Values.global.extraEnv -}} +{{- $allExtraEnv := merge (default (dict) .local.extraEnv) (default (dict) .context.Values.extraEnv) .context.Values.global.extraEnv -}} {{- range $key, $value := $allExtraEnv }} - name: {{ $key }} value: {{ $value | quote }} diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 72362ee02a..55718d6750 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -14,7 +14,7 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} -{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "capabilities" $.Capabilities -}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "context" $ -}} --- apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress @@ -26,7 +26,7 @@ metadata: {{- include "webservice.labels" . | nindent 4 }} {{- include "webservice.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" $ }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} @@ -38,7 +38,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $gitlabHostname }} http: diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 19e1b01953..9a7a9b3b17 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -10,7 +10,7 @@ From here on: - `.` is `.deployments.xyz` value - `.name` is the key (xyz) */}} -{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "capabilities" $.Capabilities -}} +{{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "context" $ -}} --- apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress @@ -21,7 +21,7 @@ metadata: {{- include "gitlab.standardLabels" $ | nindent 4 }} {{- include "gitlab.commonLabels" $ | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" $ }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" $.Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ $.Values.ingress.proxyBodySize | quote }} @@ -38,7 +38,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $smartcardHostname }} http: diff --git a/charts/minio/templates/_helpers.tpl b/charts/minio/templates/_helpers.tpl index b3bdadb6b6..0d8dd9fde0 100755 --- a/charts/minio/templates/_helpers.tpl +++ b/charts/minio/templates/_helpers.tpl @@ -56,6 +56,6 @@ if there is a shared tls secret for all ingresses. {{/* Returns the nginx ingress class */}} -{{- define "minio.ingressclass" -}} +{{- define "minio.ingress.className" -}} {{- pluck "class" .Values.global.ingress (dict "class" (printf "%s-nginx" .Release.Name)) | first -}} {{- end -}} diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 0d82992ed1..8002ba3e96 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -2,7 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $minioHostname := include "gitlab.minio.hostname" . -}} {{- $tlsSecret := include "minio.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" . }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,7 +26,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $minioHostname }} http: diff --git a/charts/registry/templates/_helpers.tpl b/charts/registry/templates/_helpers.tpl index 8884844b5d..d9834583f9 100644 --- a/charts/registry/templates/_helpers.tpl +++ b/charts/registry/templates/_helpers.tpl @@ -62,7 +62,7 @@ hostname part of the url. {{/* Returns the nginx ingress class */}} -{{- define "registry.ingressclass" -}} +{{- define "registry.ingress.className" -}} {{- pluck "class" .Values.global.ingress (dict "class" (printf "%s-nginx" .Release.Name)) | first -}} {{- end -}} diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index 3734f86fc4..7bfc9aebe1 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -2,7 +2,7 @@ {{- if eq (include "gitlab.ingress.enabled" $) "true" -}} {{- $hostname := include "registry.hostname" . -}} {{- $tlsSecret := include "registry.tlsSecret" . -}} -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} apiVersion: {{ template "gitlab.ingress.apiVersion" $ingressCfg }} kind: Ingress @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{ include "gitlab.ingress.classAnnotation" . }} + {{ include "ingress.class.annotation" $ingressCfg }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,7 +26,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "gitlab.ingress.classnameField" $ }} + {{ include "ingress.class.field" $ingressCfg }} rules: - host: {{ $hostname }} http: diff --git a/spec/configuration/ingress_spec.rb b/spec/configuration/ingress_spec.rb index f48efabafb..01b4196ad8 100644 --- a/spec/configuration/ingress_spec.rb +++ b/spec/configuration/ingress_spec.rb @@ -12,6 +12,14 @@ describe 'GitLab Ingress configuration(s)' do template.dig("Ingress/#{ingress_name}", 'apiVersion') end + def get_ingress_class_annotation(template, ingress_name) + template.dig("Ingress/#{ingress_name}", 'metadata', 'annotations', 'kubernetes.io/ingress.class') + end + + def get_ingress_class_spec(template, ingress_name) + template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + end + let(:default_values) do YAML.safe_load(%( certmanager-issuer: @@ -150,6 +158,14 @@ describe 'GitLab Ingress configuration(s)' do end describe 'api version' do + let(:ingress_class_specified) do + enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + class: fakeclass + ))) + end + let(:api_version_specified) do enable_all_ingress.deep_merge(YAML.safe_load(%( global: @@ -167,12 +183,16 @@ describe 'GitLab Ingress configuration(s)' do context 'when not specified (without cluster connection)' do it 'sets default version (extensions/v1beta1)' do - template = HelmTemplate.new(enable_all_ingress) + template = HelmTemplate.new(ingress_class_specified) expect(template.exit_code).to eq(0) ingress_names.each do |ingress_name| api_version = get_api_version(template, ingress_name) + ingress_class_annotation = get_ingress_class_annotation(template, ingress_name) + ingress_class_spec = get_ingress_class_spec(template, ingress_name) expect(api_version).to eq("extensions/v1beta1") + expect(ingress_class_annotation).to eq('fakeclass') + expect(ingress_class_spec).to be_nil end end end @@ -180,12 +200,16 @@ describe 'GitLab Ingress configuration(s)' do context 'when not specified (with cluster connection)' do it 'sets highest cluster-supported version' do api_versions_args = "--api-versions=networking.k8s.io/v1beta1/Ingress --api-versions=networking.k8s.io/v1/Ingress" - template = HelmTemplate.new(enable_all_ingress, 'test', api_versions_args) + template = HelmTemplate.new(ingress_class_specified, 'test', api_versions_args) expect(template.exit_code).to eq(0) ingress_names.each do |ingress_name| api_version = get_api_version(template, ingress_name) + ingress_class_annotation = get_ingress_class_annotation(template, ingress_name) + ingress_class_spec = get_ingress_class_spec(template, ingress_name) expect(api_version).to eq('networking.k8s.io/v1') + expect(ingress_class_annotation).to be_nil + expect(ingress_class_spec).to eq('fakeclass') end end end diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 363e5a3e0d..a8126d4853 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -329,8 +329,13 @@ Defaults to nil {{/* Return the appropriate apiVersion for Ingress. +It expects a dictionary with three entries: + - `global` which contains global ingress settings, e.g. .Values.global.ingress + - `local` which contains local ingress settings, e.g. .Values.ingress + - `context` which is the parent context (either `.` or `$`) + Example usage: -{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "capabilities" .Capabilities -}} +{{- $ingressCfg := dict "global" .Values.global.ingress "local" .Values.ingress "context" . -}} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" */}} {{- define "gitlab.ingress.apiVersion" -}} @@ -338,37 +343,19 @@ kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressC {{- .local.apiVersion -}} {{- else if .global.apiVersion -}} {{- .global.apiVersion -}} -{{- else if .capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- else if .context.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} {{- print "networking.k8s.io/v1" -}} -{{- else if .capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} +{{- else if .context.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "extensions/v1beta1" -}} {{- end -}} {{- end -}} -{{/* -Return an ingressClassName field if the Ingress apiVersion allows it -*/}} -{{- define "gitlab.ingress.classnameField" -}} -{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} -ingressClassName: {{ include "gitlab.ingressclass" . }} -{{- end -}} -{{- end -}} - -{{/* -Return an ingress.class if the Ingress apiVersion allows it -*/}} -{{- define "gitlab.ingress.classAnnotation" -}} -{{- if and (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass")) (not (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1")) -}} -kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" -{{- end -}} -{{- end -}} - {{/* Returns the nginx ingress class */}} -{{- define "gitlab.ingressclass" -}} +{{- define "gitlab.ingress.className" -}} {{- pluck "class" .Values.global.ingress (dict "class" (printf "%s-nginx" .Release.Name)) | first -}} {{- end -}} @@ -394,7 +381,7 @@ Overrides the ingress-nginx template to make sure gitlab-shell name matches Overrides the ingress-nginx template to make sure our ingresses match */}} {{- define "ingress-nginx.controller.ingress-class" -}} -{{ template "gitlab.ingressclass" . }} +{{ template "gitlab.ingress.className" . }} {{- end -}} {{/* ######### annotations */}} diff --git a/templates/_ingress.tpl b/templates/_ingress.tpl new file mode 100644 index 0000000000..35b2ddc3b1 --- /dev/null +++ b/templates/_ingress.tpl @@ -0,0 +1,29 @@ +{{/* +Adds `ingress.class` annotation based on the API version of Ingress. + +It expects a dictionary with two entries: + - `global` which contains global ingress settings, e.g. .Values.global.ingress + - `context` which is the parent context (either `.` or `$`) +*/}} +{{- define "ingress.class.annotation" -}} +{{- $apiVersion := include "gitlab.ingress.apiVersion" . -}} +{{- $className := .global.class | default (printf "%s-nginx" .context.Release.Name) -}} +{{- if not (eq $apiVersion "networking.k8s.io/v1") -}} +kubernetes.io/ingress.class: {{ $className }} +{{- end -}} +{{- end -}} + +{{/* +Sets `ingressClassName` based on the API version of Ingress. + +It expects a dictionary with two entries: + - `global` which contains global ingress settings, e.g. .Values.global.ingress + - `context` which is the parent context (either `.` or `$`) +*/}} +{{- define "ingress.class.field" -}} +{{- $apiVersion := include "gitlab.ingress.apiVersion" . -}} +{{- $className := .global.class | default (printf "%s-nginx" .context.Release.Name) -}} +{{- if eq $apiVersion "networking.k8s.io/v1" -}} +ingressClassName: {{ $className }} +{{- end -}} +{{- end -}} -- GitLab From 5bd04e83fa7e6711fa67e976fb519468460d62ce Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 14 Jan 2022 19:35:22 +0000 Subject: [PATCH 214/253] Update Operator docs for 0.3.0 Updates the Operator docs to reflect that version 0.3.0 is available. Changelog: changed --- doc/installation/operator.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/installation/operator.md b/doc/installation/operator.md index 34d3e9aa1f..e29f9bfd5f 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -94,7 +94,9 @@ deployment manifests available in the 1. Deploy the GitLab Operator: ```shell - GL_OPERATOR_VERSION=0.2.0 # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases + # Use latest version of operator released at + # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases + GL_OPERATOR_VERSION=0.3.0 PLATFORM=kubernetes # or "openshift" kubectl create namespace gitlab-system kubectl apply -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml @@ -126,7 +128,11 @@ deployment manifests available in the name: example spec: chart: - version: "X.Y.Z" # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/0.2.0/CHART_VERSIONS + # Provided is the released version from + # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases + # obtain list of available chart versions from: + # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob//CHART_VERSIONS + version: "X.Y.Z" values: global: hosts: @@ -194,7 +200,9 @@ To remove the GitLab Operator and its associated resources: 1. Uninstall the GitLab Operator. ```shell - GL_OPERATOR_VERSION=0.2.0 # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases + # Use latest version of operator released at + # https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/releases + GL_OPERATOR_VERSION=0.3.0 PLATFORM=kubernetes # or "openshift" kubectl delete -f https://gitlab.com/api/v4/projects/18899486/packages/generic/gitlab-operator/${GL_OPERATOR_VERSION}/gitlab-operator-${PLATFORM}-${GL_OPERATOR_VERSION}.yaml ``` -- GitLab From 4c6c22ee1d578a25fdd48490f0a30512495ff636 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 14 Jan 2022 20:01:50 +0000 Subject: [PATCH 215/253] Revert "Favor GitLab's nodeSelectors instead nginx-ingress" This reverts commit 785d893d691ebe67c869c6e922b5232ca9477aa3. Changelog: fixed --- .../templates/controller-deployment.yaml | 5 ++--- .../templates/default-backend-deployment.yaml | 5 ++--- charts/nginx-ingress/values.yaml | 15 +++++++++------ doc/charts/nginx/fork.md | 3 +-- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index be5e290716..ade5f53eb4 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -236,10 +236,9 @@ spec: {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} - {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.controller.nodeSelector }} - nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 */}} - {{- if include "gitlab.nodeSelector" . }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- else if include "gitlab.nodeSelector" . }} {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.tolerations }} diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index d6dc636de3..2f35854a7c 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -103,10 +103,9 @@ spec: {{- if .Values.defaultBackend.resources }} resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} {{- end }} - {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 */}} - {{- if include "gitlab.nodeSelector" . }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} + {{- else if include "gitlab.nodeSelector" . }} {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index f7900ffba6..ba7a74751a 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -272,8 +272,9 @@ controller: ## Node labels for controller pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: - kubernetes.io/os: linux + ## GitLab change: disable default nodeSelector + # nodeSelector: + # kubernetes.io/os: linux ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes @@ -594,8 +595,9 @@ controller: ## priorityClassName: "" podAnnotations: {} - nodeSelector: - kubernetes.io/os: linux + ## GitLab change: disable default nodeSelector + # nodeSelector: + # kubernetes.io/os: linux tolerations: [] runAsUser: 2000 @@ -769,8 +771,9 @@ defaultBackend: ## Node labels for default backend pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: - kubernetes.io/os: linux + ## GitLab change: disable default nodeSelector + # nodeSelector: + # kubernetes.io/os: linux ## Annotations to be added to default backend pods ## diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 1d233b1f36..4ac9619d10 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -22,8 +22,7 @@ The following adjustments were made to the NGINX fork: - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option - `controller-deployment.yaml`: - - Disabled the use of `nginx-ingress.controller.nodeSelector` value - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` - `default-backend-deployment.yaml`: - - Disable the use of `nginx-ingress.defaultbackend.nodeSelector` value - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` +- Disable NGINX's default nodeSelectors. -- GitLab From b04ce03fe448e40a83ce823035b91f9fc9477ac9 Mon Sep 17 00:00:00 2001 From: Evan Read Date: Mon, 17 Jan 2022 14:30:28 +1000 Subject: [PATCH 216/253] Fix links to external sites --- doc/charts/globals.md | 2 +- doc/development/style_guide.md | 4 ++-- doc/installation/cloud/openshift.md | 8 ++++---- doc/installation/tools.md | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 3b812e5f75..b54694deaf 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -929,7 +929,7 @@ application are described below: | `contentSecurityPolicy` | Struct | | [See below](#content-security-policy). | | `enableUsagePing` | Boolean | `true` | A flag to disable the [usage ping support](https://docs.gitlab.com/ee/user/admin_area/settings/usage_statistics.html). | | `enableSeatLink` | Boolean | `true` | A flag to disable the [seat link support](https://docs.gitlab.com/ee/subscriptions/#seat-link). | -| `enableImpersonation` | | `nil` | A flag to disable [user impersonation by Administrators](https://docs.gitlab.com/ee/api/README.html#disable-impersonation). | +| `enableImpersonation` | | `nil` | A flag to disable [user impersonation by Administrators](https://docs.gitlab.com/ee/api/index.html#disable-impersonation). | | `applicationSettingsCacheSeconds` | Integer | 60 | An interval value (in seconds) to invalidate the [application settings cache](https://docs.gitlab.com/ee/administration/application_settings_cache.html). | | `defaultCanCreateGroup` | Boolean | `true` | A flag to decide if users are allowed to create groups. | | `usernameChangingEnabled` | Boolean | `true` | A flag to decide if users are allowed to change their username. | diff --git a/doc/development/style_guide.md b/doc/development/style_guide.md index a2a4067175..31276d7f3c 100644 --- a/doc/development/style_guide.md +++ b/doc/development/style_guide.md @@ -267,7 +267,7 @@ minimize their own configuration files without it being cumbersome. A charts template helpers are located in `templates/_helpers.tpl`. These contain the [named templates](https://helm.sh/docs/chart_template_guide/named_templates/) used within the chart. -When using these templates, there a few things to keep in mind regarding the [golang templating syntax](https://golang.org/pkg/text/template/). +When using these templates, there a few things to keep in mind regarding the [golang templating syntax](https://pkg.go.dev/text/template). ### Trapping non-printed values from actions @@ -290,7 +290,7 @@ template would try to output the result of `set` (which returns the Map it modif ### Passing variables between control structures -The go templating syntax [strongly differentiates between initialization (`:=`) and assignment (`=`)](https://golang.org/pkg/text/template/#hdr-Variables), and this is impacted by scope. +The go templating syntax [strongly differentiates between initialization (`:=`) and assignment (`=`)](https://pkg.go.dev/text/template#hdr-Variables), and this is impacted by scope. As a result you can re-initialize a variable that existed outside your control structure (if/with/range), but know that variables declared within your control structure are not available outside. diff --git a/doc/installation/cloud/openshift.md b/doc/installation/cloud/openshift.md index f4dc23a09b..9b1b407065 100644 --- a/doc/installation/cloud/openshift.md +++ b/doc/installation/cloud/openshift.md @@ -29,7 +29,7 @@ Copy the pull secret to your clipboard and write the content to a file `pull_sec ### Create a Google Cloud (GCP) Service Account -Follow [these instructions](https://docs.openshift.com/container-platform/4.6/installing/installing_gcp/installing-gcp-account.html#installation-gcp-service-account_installing-gcp-account) to create a Service Account in the Google Cloud `cloud-native` project. Attach all roles marked as Required in that document. +Follow [these instructions](https://docs.openshift.com/container-platform/4.9/installing/installing_gcp/installing-gcp-account.html#installation-gcp-service-account_installing-gcp-account) to create a Service Account in the Google Cloud `cloud-native` project. Attach all roles marked as Required in that document. Once the Service Account is created, generate a JSON key and save it as `gcloud.json` in the root of this repository. This file is gitignored. ## Create your OpenShift cluster @@ -118,6 +118,6 @@ When the cluster is up and running, you can continue [installing GitLab](../oper - [`openshift-installer` source code](https://github.com/openshift/installer) - [`oc` source code](https://github.com/openshift/oc) - [`openshift-installer` and `oc` packages](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/) -- [OpenShift Container Project (OCP) architecture docs](https://access.redhat.com/documentation/en-us/openshift_container_platform/latest/html/architecture/architecture) -- [OpenShift GCP docs](https://docs.openshift.com/container-platform/4.8/installing/installing_gcp/installing-gcp-account.html) -- [OpenShift troubleshooting guide](https://docs.openshift.com/container-platform/4.8/support/troubleshooting/troubleshooting-installations.html) +- [OpenShift Container Project (OCP) architecture docs](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/architecture/architecture) +- [OpenShift GCP docs](https://docs.openshift.com/container-platform/4.9/installing/installing_gcp/installing-gcp-account.html) +- [OpenShift troubleshooting guide](https://docs.openshift.com/container-platform/4.9/support/troubleshooting/troubleshooting-installations.html) diff --git a/doc/installation/tools.md b/doc/installation/tools.md index 714a436f98..b37242a2d9 100644 --- a/doc/installation/tools.md +++ b/doc/installation/tools.md @@ -66,7 +66,7 @@ The Distribution Team has a [training presentation for Helm Charts](https://docs ### Templates -Templating in Helm is done via golang's [text/template](https://golang.org/pkg/text/template/) +Templating in Helm is done via golang's [text/template](https://pkg.go.dev/text/template) and [sprig](https://pkg.go.dev/github.com/Masterminds/sprig?utm_source=godoc%27). Some information on how all the inner workings behave: -- GitLab From 3ab1c2d7c98657c4447e1c2ac096c05da83aa4af Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 17 Jan 2022 04:03:28 +0000 Subject: [PATCH 217/253] Update gitlab-org/container-registry from 3.21.0-gitlab to 3.22.0-gitlab Changelog: changed --- charts/registry/Chart.yaml | 2 +- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index da1543e533..87e7361c9b 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: registry version: 0.7.0 -appVersion: 'v3.21.0-gitlab' +appVersion: 'v3.22.0-gitlab' description: Stateless, highly scalable application that stores and lets you distribute container images details: Container Registry component of GitLab diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index e2397e0c35..23922f6869 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.21.0-gitlab' + tag: 'v3.22.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 2a2260d61b..2ae833fd70 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.21.0-gitlab' + tag: 'v3.22.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -154,7 +154,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.21.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.22.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -281,7 +281,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.21.0-gitlab'` +- `tag: 'v3.22.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From b1b05fe7c34b70cc8bf8e522a74dcda37e0e9695 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 18 Jan 2022 10:09:49 +0000 Subject: [PATCH 218/253] Update changelog for 5.6.3 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62fce2b605..a60a7f1eec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.6.3 (2022-01-18) + +No changes. + ## 5.6.2 (2022-01-11) No changes. -- GitLab From ec154283dbeb01c9146d40787c56b610e113723a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 18 Jan 2022 10:10:05 +0000 Subject: [PATCH 219/253] Update Chart versions to 5.6.3 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index e6f2bfb35a..5cc4cab4e8 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.6.2 +version: 5.6.3 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 5d77cd3e6b..049c95276b 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.6.2 +version: 5.6.3 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index c7bcc3e5bc..3ac35ab664 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.6.2 +version: 5.6.3 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 74569367d8..b1e87308d7 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.6.2 +version: 5.6.3 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index ed671b9245..7a87179a8b 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.6.2 +version: 5.6.3 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index 64a162aa62..cbb08b418a 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.6.2 +version: 5.6.3 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 3b24fef2df..4739f0ff25 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.6.2 +version: 5.6.3 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index f1d5df5dde..ff359b8efe 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.6.2 +version: 5.6.3 appVersion: latest description: GitLab Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 23fc46fb4a..6f208ce63b 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.6.2 +version: 5.6.3 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 9496379a1e..5e7cd2ac04 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.6.2 +version: 5.6.3 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 465465f6cf..4a65cacf59 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.6.2 +version: 5.6.3 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 1d2127ca20..2f29f34889 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.6.2 +version: 5.6.3 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index a8d3b78d20..6a68b4b078 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.6.2 +version: 5.6.3 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 1ffeae1f12..05bd2f6367 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.6.2 +version: 5.6.3 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 9963a85659..4ab74580e9 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.6.2 +version: 5.6.3 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 5ce375226fa3ee2691c7982940e2d5c94c35c496 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 18 Jan 2022 10:10:08 +0000 Subject: [PATCH 220/253] Update version mapping for 5.6.3 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 68c36afba9..bdd3784f29 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.6.3 | 14.6.3 | | 5.6.2 | 14.6.2 | | 5.6.1 | 14.6.1 | | 5.6.0 | 14.6.0 | -- GitLab From 03e3ad9311eeb6879179af23453264192a85e1c1 Mon Sep 17 00:00:00 2001 From: Jason Young Date: Tue, 18 Jan 2022 19:03:16 +0000 Subject: [PATCH 221/253] [Docs] Add note about GKE Autopilot and the CronJob eviction annotation --- doc/backup-restore/backup.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/backup-restore/backup.md b/doc/backup-restore/backup.md index 96b9113bc5..cdd77b46c0 100644 --- a/doc/backup-restore/backup.md +++ b/doc/backup-restore/backup.md @@ -34,6 +34,13 @@ Follow these steps for backing up a GitLab Helm chart based installation ## Cron based backup +NOTE: +The Kubernetes CronJob created by the Helm Chart +sets the `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` +annotation on the jobTemplate. Some Kubernetes environments, such as +GKE Autopilot, don't allow this annotation to be set and will not create +Job Pods for the backup. + Cron based backups can be enabled in this chart to happen at regular intervals as defined by the [Kubernetes schedule](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule). You need to set the following parameters: -- GitLab From 59b34fca6394740d0f8f15812c62098a74f61d1a Mon Sep 17 00:00:00 2001 From: Benoit BERAUD Date: Tue, 28 Dec 2021 17:13:40 +0100 Subject: [PATCH 222/253] Add missing backup cronjob parameters --- charts/gitlab/charts/toolbox/templates/backup-job.yaml | 2 ++ charts/gitlab/charts/toolbox/values.yaml | 2 ++ doc/charts/gitlab/toolbox/index.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/charts/gitlab/charts/toolbox/templates/backup-job.yaml b/charts/gitlab/charts/toolbox/templates/backup-job.yaml index 987613b2db..ae81422f1b 100644 --- a/charts/gitlab/charts/toolbox/templates/backup-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/backup-job.yaml @@ -14,7 +14,9 @@ spec: concurrencyPolicy: {{ .Values.backups.cron.concurrencyPolicy }} failedJobsHistoryLimit: {{ .Values.backups.cron.failedJobsHistoryLimit }} schedule: {{ .Values.backups.cron.schedule | quote }} + startingDeadlineSeconds: {{ .Values.backups.cron.startingDeadlineSeconds }} successfulJobsHistoryLimit: {{ .Values.backups.cron.successfulJobsHistoryLimit }} + suspend: {{ .Values.backups.cron.suspend }} jobTemplate: spec: template: diff --git a/charts/gitlab/charts/toolbox/values.yaml b/charts/gitlab/charts/toolbox/values.yaml index b5a99dfb22..fbae479998 100644 --- a/charts/gitlab/charts/toolbox/values.yaml +++ b/charts/gitlab/charts/toolbox/values.yaml @@ -135,7 +135,9 @@ backups: concurrencyPolicy: Replace failedJobsHistoryLimit: 1 schedule: "0 1 * * *" + startingDeadlineSeconds: null successfulJobsHistoryLimit: 3 + suspend: false extraArgs: "" resources: # limits: diff --git a/doc/charts/gitlab/toolbox/index.md b/doc/charts/gitlab/toolbox/index.md index eb572757d2..82cf622b82 100644 --- a/doc/charts/gitlab/toolbox/index.md +++ b/doc/charts/gitlab/toolbox/index.md @@ -70,7 +70,9 @@ gitlab: | `backups.cron.resources.requests.cpu` | Backup cron minimum needed CPU | `50m` | | `backups.cron.resources.requests.memory` | Backup cron minimum needed memory | `350M` | | `backups.cron.schedule` | Cron style schedule string | `0 1 * * *` | +| `backups.cron.startingDeadlineSeconds` | Backup cron job starting deadline, in seconds (if null, no starting deadline is applied) | `null` | | `backups.cron.successfulJobsHistoryLimit` | Number of successful backup jobs list in history | `3` | +| `backups.cron.suspend` | Backup cron job is suspended | `false` | | `backups.objectStorage.backend` | Object storage provider to use (`s3` or `gcs`) | `s3` | | `backups.objectStorage.config.gcpProject` | GCP Project to use when backend is `gcs` | "" | | `backups.objectStorage.config.key` | Key containing credentials in secret | "" | -- GitLab From 99c1a5d0bfae9345aad2ae67e75bbbd2b69a194e Mon Sep 17 00:00:00 2001 From: Evan Read Date: Wed, 19 Jan 2022 01:13:18 +0000 Subject: [PATCH 223/253] Updating documentation linting images for project Also make minor documentation updates to trigger jobs to test new images --- .gitlab-ci.yml | 4 ++-- doc/quickstart/index.md | 39 +++++++++++++++++++-------------------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f989b9a935..3c2bf4e13e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -482,7 +482,7 @@ rubocop: # Perform documentation linting on Markdown files check_docs_markdown: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.12.0-markdownlint-0.29.0 + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.14.0-markdownlint-0.30.0 stage: prepare cache: {} dependencies: [] @@ -501,7 +501,7 @@ check_docs_markdown: # Perform link checks on published HTML files check_docs_links: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.5-08847baa + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.15-ruby-2.7.5-cee62c13 stage: prepare cache: {} dependencies: [] diff --git a/doc/quickstart/index.md b/doc/quickstart/index.md index c2b8363b2f..2b64a2e14e 100644 --- a/doc/quickstart/index.md +++ b/doc/quickstart/index.md @@ -6,9 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Quick Start Guide -This guide services as a concise but complete documentation on how to install the +This guide serves as a concise but complete documentation about how to install the Cloud Native GitLab chart with default values onto Google Kubernetes Engine (GKE). -We'll be focusing exclusively on GKE in order to keep it as direct and simple as possible. +For clarity, we focus exclusively on GKE. ## Requirements @@ -23,39 +23,38 @@ In order to complete this guide, you _must have_ the following: No folks, you can not use `example.com`. -You'll need to have access to a internet accessible domain to which you can add +You must have access to an internet-accessible domain to which you can add a DNS record. This _can be a sub-domain_ such as `poc.domain.com`, but the Let's Encrypt servers have to be able to resolve the addresses to be able to issue certificates. -For the sake of this guide, we'll assume this is in Google's Cloud DNS. Other +For the sake of this guide, we assume this is in Google's Cloud DNS. Other services can be used, but are not covered here. ### Getting a Kubernetes cluster This guide is not intended to cover how to create or obtain a Kubernetes cluster. -We'll instead refer to Google's own [GKE cluster creation guide](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster). +We instead refer to the Google [GKE cluster creation guide](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster). NOTE: A cluster with a total of 8vCPU and 30GB of RAM, or more is recommended. ### Installing kubectl -We'll point right to the official Kubernetes documentation for -[installing kubectl](https://kubernetes.io/docs/tasks/tools/). -It is simple, covers most operating systems and also covers Google +To install kubectl, see the [Kubernetes installation documentation](https://kubernetes.io/docs/tasks/tools/). +The documentation covers most operating systems and the Google Cloud SDK, which you may have installed during the previous step. Be sure to configure your `kubectl` to talk to your newly minted cluster, per Google's documentation: -> After you create a cluster, you need to [configure kubectl](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#generate_kubeconfig_entry) before you can interact with the cluster from the command line. +NOTE: +After you create a cluster, you must [configure kubectl](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#generate_kubeconfig_entry) before you can interact with the cluster from the command line. ### Installing Helm v3 -For this guide, we'll make use of the latest release of Helm v3 (v3.3.1 or newer). -[Official installation instructions](https://helm.sh/docs/intro/install/) -exist, and are sound, so we'll let you follow those. +For this guide, we use the latest release of Helm v3 (v3.3.1 or later). +To install Helm, see the [Helm installation instructions](https://helm.sh/docs/intro/install/). ## Adding the GitLab Helm repository @@ -71,12 +70,12 @@ helm repo add gitlab https://charts.gitlab.io/ Here's the beauty of what this chart is capable of. One command. Poof! All of GitLab installed, and configured with SSL. -In order to properly configure the chart, we'll need two things: +To configure the chart, you need: -1. The domain or subdomain GitLab will operate under. -1. Your email address, so Let's Encrypt can issue a certificate. +- The domain or subdomain for GitLab to operate under. +- Your email address, so Let's Encrypt can issue a certificate. -In order to install the chart, we'll issue the install command, with two +To install the chart, run the install command with two `--set` arguments: ```shell @@ -111,8 +110,8 @@ gitlab-registry registry.domain.tld 35.239.27.235 80, 443 118m gitlab-webservice gitlab.domain.tld 35.239.27.235 80, 443 118m ``` -You'll notice there are 3 entries, and they all have the same IP address. -You'll need to take this IP address, and add it to your DNS for the domain +Notice there are three entries and they all have the same IP address. +Take this IP address and add it to your DNS for the domain you have chosen to use. You can add 3 separate records of type `A`, but we suggest adding a single "wildcard" record for simplicity. In Google Cloud DNS, this is done by creating an `A` record, but with the name being `*`. We also @@ -123,7 +122,7 @@ suggest you set the TTL to `1` minute instead of `5` minutes. You can access GitLab at `gitlab.domain.tld`. For example, if you set `global.hosts.domain=my.domain.tld`, then you would visit `gitlab.my.domain.tld`. -In order to sign in, we'll need to collect the password for the `root` user. +To sign in, you must collect the password for the `root` user. This is automatically generated at installation time, and stored in a Kubernetes Secret. Let's fetch that password from the secret, and decode it: @@ -144,7 +143,7 @@ be sure are working: 1. The `gitlab.my.domain.tld` resolves to the IP address of the Ingress you retrieved. 1. If you get a certificate warning, there has been a problem with Let's Encrypt, -usually related to DNS, or the need to retry. + usually related to DNS, or the requirement to retry. For further troubleshooting tips, see our [troubleshooting](../troubleshooting/index.md) guide. -- GitLab From 3b3d6f765d0fee9c37cf8c90a2083e22d1320c87 Mon Sep 17 00:00:00 2001 From: deps Date: Thu, 20 Jan 2022 04:02:16 +0000 Subject: [PATCH 224/253] Update gitlab-org/charts/gitlab-runner from 0.36.0 to 0.37.0 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 0f991e4129..0ef2a2262c 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.36.0 + version: 0.37.0 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From bc0e51b9f279665844585e81777e421dc7a83f9d Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 21 Jan 2022 10:27:14 +0000 Subject: [PATCH 225/253] Update changelog for 5.7.0 [ci skip] --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a60a7f1eec..13529d15ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,27 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.7.0 (2022-01-21) + +### Added (3 changes) + +- [Add domain rate-limiting options for GitLab Pages](gitlab-org/charts/gitlab@b61174649493db72d15fce4334a3fd14e58d58e6) ([merge request](gitlab-org/charts/gitlab!2338)) +- [Registry: Add middleware.storage config ability](gitlab-org/charts/gitlab@d11b891716f870823150c11cadcf68155300c6a5) ([merge request](gitlab-org/charts/gitlab!2328)) +- [Feature gate metrics port exposure, expose on Service](gitlab-org/charts/gitlab@29644d37ebee555b5171f2a26dccbe6fd2bfc43f) ([merge request](gitlab-org/charts/gitlab!2311)) + +### Fixed (1 change) + +- [Revert "Favor GitLab's nodeSelectors instead nginx-ingress"](gitlab-org/charts/gitlab@c01708c7b0be1f4f64663d66f2659664a5ece67f) ([merge request](gitlab-org/charts/gitlab!2342)) + +### Changed (6 changes) + +- [Update gitlab-org/charts/gitlab-runner from 0.36.0 to 0.37.0](gitlab-org/charts/gitlab@f4d6e7ae413cf7a1a010b65c75fa050c8b656b22) ([merge request](gitlab-org/charts/gitlab!2352)) +- [Update gitlab-org/container-registry from 3.21.0-gitlab to 3.22.0-gitlab](gitlab-org/charts/gitlab@af098951c8f43cb27e6e5f865771041044f4bae0) ([merge request](gitlab-org/charts/gitlab!2346)) +- [Update Operator docs for 0.3.0](gitlab-org/charts/gitlab@3c8e8c4dc79796bf1cb5df256d379929b044e2c2) ([merge request](gitlab-org/charts/gitlab!2343)) +- [Add test specs](gitlab-org/charts/gitlab@0777257463d3f6169d7fbc47e2931a3347698630) ([merge request](gitlab-org/charts/gitlab!2304)) +- [Update gitlab-org/container-registry from 3.20.0-gitlab to 3.21.0-gitlab](gitlab-org/charts/gitlab@52b9f0d5b6ae45cbf578dffd94cd1e544938a093) ([merge request](gitlab-org/charts/gitlab!2337)) +- [Update gitlab-org/container-registry from 3.19.0-gitlab to 3.20.0-gitlab](gitlab-org/charts/gitlab@4ae9e795d2ae3ceec5f2d75a9c5c9ecefb88f707) ([merge request](gitlab-org/charts/gitlab!2334)) + ## 5.6.3 (2022-01-18) No changes. -- GitLab From da506272918b52a1eda6c5b11a50e615891c2f1d Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 21 Jan 2022 11:12:40 +0000 Subject: [PATCH 226/253] Update Chart versions to 5.7.0 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 5cc4cab4e8..8a3e667b4f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.6.3 +version: 5.7.0 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index 049c95276b..d97c3e2030 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.6.3 +version: 5.7.0 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index 3ac35ab664..2098c171b0 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.6.3 +version: 5.7.0 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index b1e87308d7..49eba9f779 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.6.3 +version: 5.7.0 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 7a87179a8b..71cef869d1 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.6.3 +version: 5.7.0 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index cbb08b418a..00d6fee52e 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.6.3 +version: 5.7.0 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 4739f0ff25..e7f1de4dec 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.6.3 +version: 5.7.0 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index ff359b8efe..357627311f 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.6.3 +version: 5.7.0 appVersion: latest description: GitLab Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index 6f208ce63b..6e2c239e77 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.6.3 +version: 5.7.0 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 5e7cd2ac04..a5f30db43a 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.6.3 +version: 5.7.0 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 4a65cacf59..4a6ef4d9cd 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.6.3 +version: 5.7.0 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index 2f29f34889..c34f12e9c0 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.6.3 +version: 5.7.0 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 6a68b4b078..c9b0521f4d 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.6.3 +version: 5.7.0 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 05bd2f6367..554d354a33 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.6.3 +version: 5.7.0 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index 4ab74580e9..c31b6ce7cb 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.6.3 +version: 5.7.0 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From d842ecd5279b03962e147a887cf93f917daa514a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 21 Jan 2022 11:12:43 +0000 Subject: [PATCH 227/253] Update version mapping for 5.7.0 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index bdd3784f29..dc28d31c88 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.7.0 | 14.7.0 | | 5.6.3 | 14.6.3 | | 5.6.2 | 14.6.2 | | 5.6.1 | 14.6.1 | -- GitLab From 22863379c02e0b35f2b4f0e19b3879e294100565 Mon Sep 17 00:00:00 2001 From: Evan Read Date: Fri, 21 Jan 2022 14:45:51 +1000 Subject: [PATCH 228/253] Update linting configuration from GitLab project --- .markdownlint.yml | 5 +- doc/.vale/gitlab/Dropdown.yml | 14 ++++++ doc/.vale/gitlab/ReadingLevel.yml | 12 ++--- doc/.vale/gitlab/SubstitutionWarning.yml | 1 + doc/.vale/gitlab/Uppercase.yml | 2 + doc/.vale/gitlab/spelling-exceptions.txt | 4 +- .../external-db/external-omnibus-psql.md | 2 +- doc/development/environment_setup.md | 2 +- doc/development/kind/index.md | 2 +- doc/development/minikube/index.md | 46 +++++++++---------- doc/installation/deployment.md | 4 +- doc/installation/tools.md | 2 +- 12 files changed, 59 insertions(+), 37 deletions(-) create mode 100644 doc/.vale/gitlab/Dropdown.yml diff --git a/.markdownlint.yml b/.markdownlint.yml index bb4c859e19..e1e2b24631 100644 --- a/.markdownlint.yml +++ b/.markdownlint.yml @@ -26,6 +26,7 @@ proper-names: names: [ "Akismet", "Alertmanager", + "AlmaLinux", "API", "Asana", "Auth0", @@ -91,7 +92,7 @@ proper-names: "markdownlint", "Mattermost", "Microsoft", - "Minikube", + "minikube", "MinIO", "ModSecurity", "NGINX Ingress", @@ -103,6 +104,7 @@ proper-names: "OpenID", "OpenShift", "PgBouncer", + "Postfix", "PostgreSQL", "Praefect", "Prometheus", @@ -117,6 +119,7 @@ proper-names: "runit", "Salesforce", "SAML", + "Sendmail", "Sentry", "Sidekiq", "Shibboleth", diff --git a/doc/.vale/gitlab/Dropdown.yml b/doc/.vale/gitlab/Dropdown.yml new file mode 100644 index 0000000000..691d44d1a4 --- /dev/null +++ b/doc/.vale/gitlab/Dropdown.yml @@ -0,0 +1,14 @@ +--- +# Suggestion: gitlab.Dropdown +# +# Catches many ways the phrase 'dropdown list' can be fumbled. +# +# For a list of all options, see https://errata-ai.github.io/vale/styles/ +extends: existence +message: 'Use "dropdown list".' +link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#dropdown-list +level: suggestion +ignorecase: true +tokens: + - drop-down( [\w]*)? + - dropdown(?! list) diff --git a/doc/.vale/gitlab/ReadingLevel.yml b/doc/.vale/gitlab/ReadingLevel.yml index 2e78c3ef36..cd7597ee8d 100644 --- a/doc/.vale/gitlab/ReadingLevel.yml +++ b/doc/.vale/gitlab/ReadingLevel.yml @@ -3,11 +3,11 @@ # # Checks the Flesch-Kincaid reading level. # -# For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles -extends: readability -message: "Grade level (%s) is high. To lower the score, use shorter sentences and words." +# https://docs.errata.ai/vale/styles#metric +extends: metric +message: "The grade level - %s - refers to how hard the content is to understand. Aim for 8th grade or lower by using shorter sentences and words." link: https://docs.gitlab.com/ee/development/documentation/testing.html#vale-readability-score level: suggestion -grade: 8 -metrics: - - Flesch-Kincaid +formula: | + (0.39 * (words / sentences)) + (11.8 * (syllables / words)) - 15.59 +condition: "> 1" diff --git a/doc/.vale/gitlab/SubstitutionWarning.yml b/doc/.vale/gitlab/SubstitutionWarning.yml index fefc0f85cf..8000328a20 100644 --- a/doc/.vale/gitlab/SubstitutionWarning.yml +++ b/doc/.vale/gitlab/SubstitutionWarning.yml @@ -11,6 +11,7 @@ link: https://about.gitlab.com/handbook/communication/#top-misused-terms level: warning ignorecase: true swap: + click: select code base: codebase config: configuration distro: distribution diff --git a/doc/.vale/gitlab/Uppercase.yml b/doc/.vale/gitlab/Uppercase.yml index ae01174874..c9021dc862 100644 --- a/doc/.vale/gitlab/Uppercase.yml +++ b/doc/.vale/gitlab/Uppercase.yml @@ -53,6 +53,7 @@ exceptions: - EOL - EXIF - FAQ + - FIDO - FIFO - FIPS - FLAG @@ -179,6 +180,7 @@ exceptions: - TLS - TODO - TOML + - TOTP - TTL - UID - UDP diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt index 5ed8dc9224..98254c2259 100644 --- a/doc/.vale/gitlab/spelling-exceptions.txt +++ b/doc/.vale/gitlab/spelling-exceptions.txt @@ -9,6 +9,7 @@ allowlist allowlisted allowlisting allowlists +AlmaLinux anonymization anonymized Ansible @@ -220,6 +221,7 @@ Fluentd Flycheck Forgerock formatters +Fortinet Fugit fuzzer Gantt @@ -364,7 +366,7 @@ Microsoft middleware middlewares migratus -Minikube +minikube MinIO misconfiguration misconfigurations diff --git a/doc/advanced/external-db/external-omnibus-psql.md b/doc/advanced/external-db/external-omnibus-psql.md index b8eb348621..bd97644c18 100644 --- a/doc/advanced/external-db/external-omnibus-psql.md +++ b/doc/advanced/external-db/external-omnibus-psql.md @@ -30,7 +30,7 @@ _**NOTE**: The values below should be replaced_ - `DB_USERNAME` default username is `gitlab` - `DB_PASSSWORD` unencoded value - `DB_ENCODED_PASSWORD` encoded value of `DB_PASSWORD`. Can be generated by replacing `DB_USERNAME` and `DB_PASSWORD` with real values in: `echo -n 'DB_PASSSWORDDB_USERNAME' | md5sum - | cut -d' ' -f1` -- `AUTH_CIDR_ADDRESS` configure the CIDRs for MD5 authentication, should be the smallest possible subnets of your cluster or it's gateway. For Minikube this value is `192.168.100.0/12` +- `AUTH_CIDR_ADDRESS` configure the CIDRs for MD5 authentication, should be the smallest possible subnets of your cluster or it's gateway. For minikube, this value is `192.168.100.0/12` ```ruby # Change the address below if you do not want PG to listen on all available addresses diff --git a/doc/development/environment_setup.md b/doc/development/environment_setup.md index 7a5959bcac..5b1a6e30d3 100644 --- a/doc/development/environment_setup.md +++ b/doc/development/environment_setup.md @@ -40,7 +40,7 @@ When dealing with networking, storage, or other complex issues, a cloud Kubernet The following local cluster options are supported: -- [Minikube](minikube/index.md) - Cluster in virtual machines +- [minikube](minikube/index.md) - Cluster in virtual machines - [KinD (Kubernetes in Docker)](kind/index.md) - Cluster in Docker containers ### Cloud cluster diff --git a/doc/development/kind/index.md b/doc/development/kind/index.md index d4e501ed71..841b7682c2 100644 --- a/doc/development/kind/index.md +++ b/doc/development/kind/index.md @@ -122,7 +122,7 @@ If you need to log into the registry with `docker login`, you will need to tell ### Handling DNS -This guide assumes you have network access to [nip.io](https://nip.io). If this is not available to you, please refer to the [handling DNS](../minikube/index.md#handling-dns) section in the Minikube documentation which will also work for KinD. +This guide assumes you have network access to [nip.io](https://nip.io). If this is not available to you, please refer to the [handling DNS](../minikube/index.md#handling-dns) section in the minikube documentation which will also work for KinD. NOTE: When editing **/etc/hosts**, remember to use the [host computer's IP address](#required-information) rather than the output of `$(minikube ip)`. diff --git a/doc/development/minikube/index.md b/doc/development/minikube/index.md index 52beca672a..675f56206e 100644 --- a/doc/development/minikube/index.md +++ b/doc/development/minikube/index.md @@ -4,17 +4,17 @@ group: Distribution info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# Developing for Kubernetes with Minikube +# Developing for Kubernetes with minikube This guide is meant to serve as a cross-plaform resource for setting up a local Kubernetes development environment. In this guide, we'll be using -[Minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/) as it is the accepted standard. +[minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/) as it is the accepted standard. -## Getting Started with Minikube +## Getting Started with minikube We'll extract and expound on the official documentation from the [Kubernetes project](https://kubernetes.io/), -[Running Kubernetes Locally with Minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/). +[Running Kubernetes Locally with minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/). ### Installing kubectl @@ -40,7 +40,7 @@ can do one of three things: - [macOS](https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/#install-with-homebrew-on-macos) - [Windows](https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/#install-on-windows-using-chocolatey-or-scoop) -### Installing Minikube +### Installing minikube See the [Kubernetes documentation](https://minikube.sigs.k8s.io/docs/start/) where they suggest directly installing from the [releases on GitHub](https://github.com/kubernetes/minikube/releases). @@ -50,18 +50,18 @@ where they suggest directly installing from the [releases on GitHub](https://git For the purposes of cross-platform compatibility in this guide, we'll stick with VirtualBox, however there are drivers for VMware Fusion, HyperV, KVM, and Xhyve. -### Starting / Stopping Minikube +### Starting / Stopping minikube -Minikube resource requests must be set higher than the default for developing +minikube resource requests must be set higher than the default for developing the GitLab chart. The key configuration items can be found with `minikube start --help`. A selection is provided below, for what we may want to change according to the pieces being tested, and the requirements as listed: -- `--cpus int`: Number of CPUs allocated to the Minikube VM (default `2`). +- `--cpus int`: Number of CPUs allocated to the minikube VM (default `2`). The absolute minimum necessary CPU is `3`. Deploying the _complete_ chart requires `4`. -- `--memory int`: Amount of RAM allocated to the Minikube VM (default `2048`). +- `--memory int`: Amount of RAM allocated to the minikube VM (default `2048`). The absolute same minimum is `6144` (6 GB). Recommendation is `10240` (10 GB). -- `--disk-size string`: Disk size allocated to the Minikube VM (format: `[]`, +- `--disk-size string`: Disk size allocated to the minikube VM (format: `[]`, where unit = `b`, `k`, `m` or `g`) (default `20g`). See the GitLab [storage](https://docs.gitlab.com/ee/install/requirements.html#storage) and [database](https://docs.gitlab.com/ee/install/requirements.html#database) @@ -70,7 +70,7 @@ change according to the pieces being tested, and the requirements as listed: NOTE: This is created in your home directory under `~/.minikube/machines/minikube/`. -- `--kubernetes-version string`: The Kubernetes version that the Minikube VM will use (e.g., `v1.2.3`). +- `--kubernetes-version string`: The Kubernetes version that the minikube VM will use (e.g., `v1.2.3`). - `--registry-mirror stringSlice`: Registry mirrors to pass to the Docker daemon. NOTE: @@ -78,7 +78,7 @@ Changing these values in a second `start` command, requires to first delete the existing instance with `minikube delete`, or manually you can alter the properties with VirtualBox Manager. -Once you have all the tools installed and configured, starting at stopping Minikube +Once you have all the tools installed and configured, starting at stopping minikube can be done with: ```shell @@ -108,11 +108,11 @@ Machine stopped. Take note of the result from running the `minikube ip` command. If the output is not `192.168.99.100`, the output IP will be needed later. -## Using Minikube +## Using minikube -Minikube can be used directly as a Kubernetes installation, and treated as a +minikube can be used directly as a Kubernetes installation, and treated as a single node cluster. There are some behaviors that are slightly different between -Minikube and full-fledged Kubernetes clusters, such as [Google Container Engine (GKE)](https://cloud.google.com/). +minikube and full-fledged Kubernetes clusters, such as [Google Container Engine (GKE)](https://cloud.google.com/). Different: @@ -125,16 +125,16 @@ Unavailable: ### Gotcha: Persistent Volumes -Minikube supports [PersistentVolumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) -of the `hostPath` type, which are mapped to directories inside the VM. As Minikube +minikube supports [PersistentVolumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) +of the `hostPath` type, which are mapped to directories inside the VM. As minikube boots into a `tmpfs`, most directories will not persist across reboots via `minikube stop`. Further details and listings of directories that do persist, can be found -in the [Minikube getting started guide](https://kubernetes.io/docs/setup/learning-environment/minikube/#persistent-volumes). +in the [minikube getting started guide](https://kubernetes.io/docs/setup/learning-environment/minikube/#persistent-volumes). ### Enable Add-ons -Minikube handles some features apart from the base configuration. For the +minikube handles some features apart from the base configuration. For the development of this project, we'll need access to `Ingress`: ```shell @@ -151,20 +151,20 @@ minikube dashboard --url ## Deploying the chart -When deploying this chart into Minikube, some chart resources need to be reduced or disabled. +When deploying this chart into minikube, some chart resources need to be reduced or disabled. It is not possible to use the `nginx-ingress` chart to provide ports `22`, `80`, `443`. It's best to disable it and set the Ingress class by setting `nginx-ingress.enabled=false,global.ingress.class="nginx"`. -The `certmanager` chart can not be used with Minikube. You must disable this by +The `certmanager` chart can not be used with minikube. You must disable this by setting `certmanager.install=false,global.ingress.configureCertmanager=false`. As a result, if you don't provide your own SSL certificates, self-signed certificates will be generated. The `gitlab-runner` chart will accept the self-signed certificates via `gitlab-runner.certsSecretName`. Assuming your release name is `gitlab`, the certificate name will be `gitlab-wildcard-tls-chain`. -The `gitlab-shell` chart can be used with Minikube, but requires mapping to a port other -than 22 as it used by Minikube already. You can configure `gitlab.gitlab-shell.service.type=NodePort` +The `gitlab-shell` chart can be used with minikube, but requires mapping to a port other +than 22 as it used by minikube already. You can configure `gitlab.gitlab-shell.service.type=NodePort` and `gitlab.gitlab-shell.service.nodePort=`, which will allow cloning a repository via the specified port. To ensure this port is reflected in the clone link in the UI, configure `global.shell.port=`. diff --git a/doc/installation/deployment.md b/doc/installation/deployment.md index e3b13deb45..78d7b42762 100644 --- a/doc/installation/deployment.md +++ b/doc/installation/deployment.md @@ -220,8 +220,8 @@ a smaller cluster. The [minimal GKE example values file](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/values-gke-minimum.yaml) provides an example of tuning the resources to fit within a 3vCPU 12gb cluster. -The [minimal Minikube example values file](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/values-minikube-minimum.yaml) provides an example of tuning the -resources to fit within a 2vCPU, 4gb Minikube instance. +The [minimal minikube example values file](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/values-minikube-minimum.yaml) provides an example of tuning the +resources to fit within a 2vCPU, 4gb minikube instance. ## Deploy using Helm diff --git a/doc/installation/tools.md b/doc/installation/tools.md index b37242a2d9..edf338bc38 100644 --- a/doc/installation/tools.md +++ b/doc/installation/tools.md @@ -41,7 +41,7 @@ gcloud container clusters get-credentials --zone --project For the most up to date instructions, follow the Amazon EKS documentation on [connecting to a cluster](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#eks-configure-kubectl). -#### Minikube +#### minikube If you are doing local development, you can use `minikube` as your local cluster. If `kubectl cluster-info` is not showing `minikube` as the current -- GitLab From 6bcf62edd18c0fd3ce0e33ab7f56a3dec4d4e574 Mon Sep 17 00:00:00 2001 From: Nikhil George Date: Fri, 21 Jan 2022 19:46:14 +0000 Subject: [PATCH 229/253] Enable dependency and secret detection scans in project CI --- .gitlab-ci.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3c2bf4e13e..a2ef3aa3fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,6 +42,7 @@ variables: stages: - prepare + - test - preflight - review - staging @@ -55,6 +56,16 @@ stages: - cleanup - report +include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml +dependency_scanning: + needs: [] + before_script: [] +secret_detection: + needs: [] + before_script: [] + before_script: - source scripts/ci/autodevops.sh -- GitLab From d07b82adb2b6a38f7e0a1b90a970969ae279a97d Mon Sep 17 00:00:00 2001 From: Quang-Minh Nguyen Date: Fri, 14 Jan 2022 17:09:41 +0700 Subject: [PATCH 230/253] Extract _checkConfig.tpl into smaller files Issue: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2676 Changelog: other --- spec/check_config_helper.rb | 46 + spec/integration/check_config/geo_spec.rb | 109 ++ spec/integration/check_config/gitaly_spec.rb | 265 ++++ .../integration/check_config/mailroom_spec.rb | 88 ++ spec/integration/check_config/nginx_spec.rb | 29 + .../check_config/postgresql_spec.rb | 175 +++ .../integration/check_config/registry_spec.rb | 193 +++ spec/integration/check_config/sidekiq_spec.rb | 363 +++++ spec/integration/check_config/toolbox_spec.rb | 65 + .../check_config/webservice_spec.rb | 63 + spec/integration/check_config_spec.rb | 1339 +---------------- templates/_checkConfig.tpl | 658 +------- templates/_checkConfig_geo.tpl | 49 + templates/_checkConfig_gitaly.tpl | 97 ++ templates/_checkConfig_mailroom.tpl | 60 + templates/_checkConfig_nginx.tpl | 20 + templates/_checkConfig_object_storage.tpl | 38 + templates/_checkConfig_postgresql.tpl | 82 + templates/_checkConfig_registry.tpl | 76 + templates/_checkConfig_sidekiq.tpl | 75 + templates/_checkConfig_toolbox.tpl | 26 + templates/_checkConfig_webservice.tpl | 50 + 22 files changed, 2022 insertions(+), 1944 deletions(-) create mode 100644 spec/check_config_helper.rb create mode 100644 spec/integration/check_config/geo_spec.rb create mode 100644 spec/integration/check_config/gitaly_spec.rb create mode 100644 spec/integration/check_config/mailroom_spec.rb create mode 100644 spec/integration/check_config/nginx_spec.rb create mode 100644 spec/integration/check_config/postgresql_spec.rb create mode 100644 spec/integration/check_config/registry_spec.rb create mode 100644 spec/integration/check_config/sidekiq_spec.rb create mode 100644 spec/integration/check_config/toolbox_spec.rb create mode 100644 spec/integration/check_config/webservice_spec.rb create mode 100644 templates/_checkConfig_geo.tpl create mode 100644 templates/_checkConfig_gitaly.tpl create mode 100644 templates/_checkConfig_mailroom.tpl create mode 100644 templates/_checkConfig_nginx.tpl create mode 100644 templates/_checkConfig_object_storage.tpl create mode 100644 templates/_checkConfig_postgresql.tpl create mode 100644 templates/_checkConfig_registry.tpl create mode 100644 templates/_checkConfig_sidekiq.tpl create mode 100644 templates/_checkConfig_toolbox.tpl create mode 100644 templates/_checkConfig_webservice.tpl diff --git a/spec/check_config_helper.rb b/spec/check_config_helper.rb new file mode 100644 index 0000000000..746dfae286 --- /dev/null +++ b/spec/check_config_helper.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true +# frozen_string_literal: true + +require 'helm_template_helper' + +RSpec.shared_context "check config setup", shared_context: :metadata do + let(:check) do + Open3.capture3(HelmTemplate.helm_template_call(release_name: 'gitlab-checkconfig-test'), + chdir: File.join(__dir__, '..'), + stdin_data: YAML.dump(values)) + end + + let(:stdout) { check[0] } + let(:stderr) { check[1] } + let(:exit_code) { check[2].to_i } + + let(:default_required_values) do + YAML.safe_load(%( + certmanager-issuer: + email: test@example.com + )) + end +end + +RSpec.shared_examples 'config validation' do |success_description: '', error_description: ''| + include_context 'check config setup' + context success_description do + let(:values) { success_values } + + it 'succeeds', :aggregate_failures do + expect(exit_code).to eq(0) + expect(stdout).to include('name: gitlab-checkconfig-test') + expect(stderr).to be_empty + end + end + + context error_description do + let(:values) { error_values } + + it 'returns an error', :aggregate_failures do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end +end diff --git a/spec/integration/check_config/geo_spec.rb b/spec/integration/check_config/geo_spec.rb new file mode 100644 index 0000000000..2f995ba981 --- /dev/null +++ b/spec/integration/check_config/geo_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper' +require 'check_config_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'checkConfig geo' do + describe 'geo.database' do + let(:success_values) do + YAML.safe_load(%( + global: + geo: + enabled: true + psql: + host: foo + password: + secret: bar + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + geo: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'Geo was configured but no database was provided' } + + include_examples 'config validation', + success_description: 'when Geo is enabled with a database', + error_description: 'when Geo is enabled without a database' + end + + describe 'geo.secondary.database' do + let(:success_values) do + YAML.safe_load(%( + global: + geo: + enabled: true + psql: + host: foo + password: + secret: bar + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + geo: + enabled: true + role: secondary + psql: + host: foo + password: + secret: bar + )).merge(default_required_values) + end + + let(:error_output) { 'Geo was configured with `role: secondary`, but no database was provided' } + + include_examples 'config validation', + success_description: 'when Geo is enabled with a database', + error_description: 'when Geo is enabled without a database' + end + + describe 'geo.replication.primaryApiUrl' do + let(:success_values) do + { + 'global' => { + 'geo' => { + 'enabled' => true, + 'registry' => { + 'replication' => { + 'enabled' => true, + 'primaryApiUrl' => 'http://registry.foobar.com' + } + } + }, + 'psql' => { 'host' => 'foo', 'password' => { 'secret' => 'bar' } } + } + }.merge(default_required_values) + end + + let(:error_values) do + { + 'global' => { + 'geo' => { + 'enabled' => true, + 'role' => 'secondary', + 'registry' => { + 'replication' => { + 'enabled' => true + } + } + }, + 'psql' => { 'host' => 'foo', 'password' => { 'secret' => 'bar' } } + } + }.merge(default_required_values) + end + + let(:error_output) { 'Registry replication is enabled for GitLab Geo, but no primary API URL is specified.' } + + include_examples 'config validation', + success_description: 'when Registry replication is enabled for Geo and primary API URL is specified', + error_description: 'when Registry replication is enabled for Geo but no primary API URL is specified' + end +end diff --git a/spec/integration/check_config/gitaly_spec.rb b/spec/integration/check_config/gitaly_spec.rb new file mode 100644 index 0000000000..1c75404799 --- /dev/null +++ b/spec/integration/check_config/gitaly_spec.rb @@ -0,0 +1,265 @@ +require 'spec_helper' +require 'check_config_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'checkConfig gitaly' do + describe 'gitaly.tls without Praefect' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + enabled: true + tls: + enabled: true + secretName: example-tls + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + enabled: true + tls: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'global.gitaly.tls.secretName not specified' } + + include_examples 'config validation', + success_description: 'when TLS is enabled correctly', + error_description: 'when TLS is enabled but there is no certificate' + end + + describe 'gitaly.tls with Praefect' do + let(:success_values) do + YAML.safe_load(%( + global: + praefect: + enabled: true + virtualStorages: + - name: default + gitalyReplicas: 3 + maxUnavailable: 2 + tlsSecretName: gitaly-default-tls + - name: vs1 + gitalyReplicas: 2 + maxUnavailable: 1 + tlsSecretName: gitaly-vs2-tls + gitaly: + enabled: true + tls: + enabled: true + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + praefect: + enabled: true + virtualStorages: + - name: default + gitalyReplicas: 3 + maxUnavailable: 2 + tlsSecretName: gitaly-default-tls + - name: vs2 + gitalyReplicas: 2 + maxUnavailable: 1 + gitaly: + enabled: true + tls: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'global.praefect.virtualStorages[1].tlsSecretName not specified (\'vs2\')' } + + include_examples 'config validation', + success_description: 'when TLS is enabled correctly', + error_description: 'when TLS is enabled but there is no certificate' + end + + describe 'gitaly.extern.repos' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + enabled: false + external: + - name: default + hostname: bar + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + enabled: false + external: [] + )).merge(default_required_values) + end + + let(:error_output) { 'external Gitaly repos needs to be specified if global.gitaly.enabled is not set' } + + include_examples 'config validation', + success_description: 'when Gitaly is disabled and external repos are enabled', + error_description: 'when Gitaly and external repos are disabled' + end + + describe 'gitaly.duplicate.repos' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + external: + - name: foo + hostname: bar + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + - foo + external: + - name: foo + hostname: bar + )).merge(default_required_values) + end + + let(:error_output) { 'Each storage name must be unique.' } + + include_examples 'config validation', + success_description: 'when Gitaly is enabled and storage names are unique', + error_description: 'when Gitaly is enabled and storage names are not unique' + end + + describe 'gitaly.duplicate.repos with praefect' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + - foo + praefect: + enabled: true + replaceInternalGitaly: false + virtualStorages: + - name: defaultPraefect + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + - foo + praefect: + enabled: true + replaceInternalGitaly: false + virtualStorages: + - name: foo + )).merge(default_required_values) + end + + let(:error_output) { 'Each storage name must be unique.' } + + include_examples 'config validation', + success_description: 'when Gitaly and Praefect are enabled and storage names are unique', + error_description: 'when Gitaly and Praefect are enabled and storage names are not unique' + end + + describe 'gitaly.default.repo' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + external: + - name: external1 + hostname: foo + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - foo + external: + - name: bar + hostname: baz + )).merge(default_required_values) + end + + let(:error_output) { 'There must be one (and only one) storage named \'default\'.' } + + include_examples 'config validation', + success_description: 'when Gitaly is enabled and one storage is named "default"', + error_description: 'when Gitaly is enabled and no storages are named "default"' + end + + describe 'gitaly.default.repo with praefect' do + let(:success_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - default + external: + - name: external1 + hostname: foo + praefect: + enabled: true + replaceInternalGitaly: false + virtualStorages: + - name: praefect1 + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + gitaly: + internal: + names: + - internal1 + external: + - name: external1 + hostname: baz + praefect: + enabled: true + replaceInternalGitaly: false + virtualStorages: + - name: praefect1 + )).merge(default_required_values) + end + + let(:error_output) { 'There must be one (and only one) storage named \'default\'.' } + + include_examples 'config validation', + success_description: 'when Gitaly and Praefect are enabled and one storage is named "default"', + error_description: 'when Gitaly and Praefect are enabled and no storages are named "default"' + end +end diff --git a/spec/integration/check_config/mailroom_spec.rb b/spec/integration/check_config/mailroom_spec.rb new file mode 100644 index 0000000000..6b6b86cc3f --- /dev/null +++ b/spec/integration/check_config/mailroom_spec.rb @@ -0,0 +1,88 @@ +require 'spec_helper' +require 'check_config_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'checkConfig mailroom' do + describe 'incomingEmail.microsoftGraph' do + let(:success_values) do + YAML.safe_load(%( + global: + appConfig: + incomingEmail: + enabled: true + inboxMethod: microsoft_graph + tenantId: MY-TENANT-ID + clientId: MY-CLIENT-ID + clientSecret: + secret: secret + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + appConfig: + incomingEmail: + enabled: true + inboxMethod: microsoft_graph + clientSecret: + secret: secret + )).merge(default_required_values) + end + + let(:error_output) { 'be sure to specify the tenant ID' } + + include_examples 'config validation', + success_description: 'when incomingEmail is configured with Microsoft Graph', + error_description: 'when incomingEmail is missing required Microsoft Graph settings' + end + + describe 'serviceDesk.microsoftGraph' do + let(:success_values) do + YAML.safe_load(%( + global: + appConfig: + incomingEmail: + enabled: true + inboxMethod: microsoft_graph + tenantId: MY-TENANT-ID + clientId: MY-CLIENT-ID + clientSecret: + secret: secret + serviceDesk: + enabled: true + inboxMethod: microsoft_graph + tenantId: MY-TENANT-ID + clientId: MY-CLIENT-ID + clientSecret: + secret: secret + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + appConfig: + incomingEmail: + enabled: true + inboxMethod: microsoft_graph + tenantId: MY-TENANT-ID + clientId: MY-CLIENT-ID + clientSecret: + secret: secret + serviceDesk: + enabled: true + inboxMethod: microsoft_graph + clientSecret: + secret: secret + )).merge(default_required_values) + end + + let(:error_output) { 'be sure to specify the tenant ID' } + + include_examples 'config validation', + success_description: 'when serviceDesk is configured with Microsoft Graph', + error_description: 'when serviceDesk is missing required Microsoft Graph settings' + end +end diff --git a/spec/integration/check_config/nginx_spec.rb b/spec/integration/check_config/nginx_spec.rb new file mode 100644 index 0000000000..f02007f67a --- /dev/null +++ b/spec/integration/check_config/nginx_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' +require 'check_config_helper' +require 'hash_deep_merge' + +describe 'checkConfig nginx' do + describe 'nginx-ingress.rbac.scope' do + let(:success_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: true + )).merge(default_required_values) + end + + let(:error_output) { 'Namespaced IngressClasses do not exist' } + + include_examples 'config validation', + success_description: 'when set to false', + error_description: 'when set to true' + end +end diff --git a/spec/integration/check_config/postgresql_spec.rb b/spec/integration/check_config/postgresql_spec.rb new file mode 100644 index 0000000000..539d364993 --- /dev/null +++ b/spec/integration/check_config/postgresql_spec.rb @@ -0,0 +1,175 @@ +require 'spec_helper' +require 'check_config_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'checkConfig postgresql' do + describe 'database.externaLoadBalancing' do + let(:success_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + hosts: [a, b, c] + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + hosts: [a, b, c] + postgresql: + install: true + )).merge(default_required_values) + end + + let(:error_output) { 'PostgreSQL is set to install, but database load balancing is also enabled' } + + include_examples 'config validation', + success_description: 'when database load balancing is configured, with PostgrSQL disabled', + error_description: 'when database load balancing is configured, with PostgrSQL enabled' + + describe 'database.externaLoadBalancing missing required elements' do + let(:success_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + hosts: [a, b, c] + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + invalid: item + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_output) { 'You must specify `load_balancing.hosts` or `load_balancing.discover`' } + + include_examples 'config validation', + success_description: 'when database load balancing is configured per requirements', + error_description: 'when database load balancing is missing required elements' + end + + describe 'database.externaLoadBalancing.hosts' do + let(:success_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + hosts: [a, b, c] + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + hosts: a + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_output) { 'Database load balancing using `hosts` is configured, but does not appear to be a list' } + + include_examples 'config validation', + success_description: 'when database load balancing is configured for hosts, with an array', + error_description: 'when database load balancing is configured for hosts, without an array' + end + + describe 'database.externaLoadBalancing.discover' do + let(:success_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + discover: + record: secondary + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + psql: + host: primary + password: + secret: bar + load_balancing: + discover: true + postgresql: + install: false + )).merge(default_required_values) + end + + let(:error_output) { 'Database load balancing using `discover` is configured, but does not appear to be a map' } + + include_examples 'config validation', + success_description: 'when database load balancing is configured for discover, with a map', + error_description: 'when database load balancing is configured for discover, without a map' + end + end + + describe 'PostgreSQL version' do + let(:success_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 11 + )).merge(default_required_values) + end + + let(:error_output) { 'The minimum required version is PostgreSQL 12.' } + + include_examples 'config validation', + success_description: 'when postgresql.image.tag is >= 12', + error_description: 'when postgresql.image.tag is < 12' + end +end diff --git a/spec/integration/check_config/registry_spec.rb b/spec/integration/check_config/registry_spec.rb new file mode 100644 index 0000000000..dec0542157 --- /dev/null +++ b/spec/integration/check_config/registry_spec.rb @@ -0,0 +1,193 @@ +require 'spec_helper' +require 'check_config_helper' +require 'yaml' +require 'hash_deep_merge' + +describe 'checkConfig registry' do + describe 'registry.database (PG version)' do + let(:success_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + database: + enabled: true + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 11 + + registry: + database: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'PostgreSQL 12 is the minimum required version' } + + include_examples 'config validation', + success_description: 'when postgresql.image.tag is >= 12', + error_description: 'when postgresql.image.tag is < 12' + end + + describe 'registry.database (sslmode)' do + let(:success_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + database: + enabled: true + sslmode: disable + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + database: + enabled: true + sslmode: testing + )).merge(default_required_values) + end + + let(:error_output) { 'Invalid SSL mode' } + + include_examples 'config validation', + success_description: 'when database.sslmode is valid', + error_description: 'when when database.sslmode is not valid' + end + + describe 'registry.migration (disablemirrorfs)' do + let(:success_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + database: + enabled: true + migration: + disablemirrorfs: true + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + migration: + disablemirrorfs: true + )).merge(default_required_values) + end + + let(:error_output) { 'Disabling filesystem metadata requires the metadata database to be enabled' } + + include_examples 'config validation', + success_description: 'when migration disablemirrorfs is true, with database enabled', + error_description: 'when migration disablemirrorfs is true, with database disabled' + end + + describe 'registry.migration (enabled)' do + let(:success_values) do + YAML.safe_load(%( + registry: + database: + enabled: true + migration: + enabled: true + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + registry: + migration: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'Enabling migration mode requires the metadata database to be enabled' } + + include_examples 'config validation', + success_description: 'when migration enabled is true, with database enabled', + error_description: 'when migration enabled is true, with database disabled' + end + + describe 'registry.gc (disabled)' do + let(:success_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + database: + enabled: true + gc: + disabled: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + postgresql: + image: + tag: 12 + + registry: + gc: + disabled: false + )).merge(default_required_values) + end + + let(:error_output) { 'Enabling online garbage collection requires the metadata database to be enabled' } + + include_examples 'config validation', + success_description: 'when gc disabled is false, with database enabled', + error_description: 'when gc disabled is false, with database disabled' + end + + describe 'gitlab.checkConfig.registry.sentry.dsn' do + let(:success_values) do + YAML.safe_load(%( + registry: + reporting: + sentry: + enabled: true + dsn: somedsn + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + registry: + reporting: + sentry: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'When enabling sentry, you must configure at least one DSN.' } + + include_examples 'config validation', + success_description: 'when Sentry is enabled and DSN is defined', + error_description: 'when Sentry is enabled but DSN is undefined' + end +end diff --git a/spec/integration/check_config/sidekiq_spec.rb b/spec/integration/check_config/sidekiq_spec.rb new file mode 100644 index 0000000000..4f403404fa --- /dev/null +++ b/spec/integration/check_config/sidekiq_spec.rb @@ -0,0 +1,363 @@ +require 'spec_helper' +require 'check_config_helper' +require 'hash_deep_merge' + +describe 'checkConfig sidekiq' do + describe 'sidekiq.queues.mixed' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: valid-1 + queues: merge + - name: valid-2 + negateQueues: post_receive + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: invalid-1 + queues: merge + negateQueues: post_receive + - name: invalid-2 + queues: merge + negateQueues: post_receive + )).merge(default_required_values) + end + + let(:error_output) { '`negateQueues` is not usable if `queues` is provided' } + + include_examples 'config validation', + success_description: 'when Sidekiq pods use either queues or negateQueues', + error_description: 'when Sidekiq pods use both queues and negateQueues' + end + + describe 'sidekiq.queues' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: valid-1 + queues: merge,post_receive + - name: valid-2 + negateQueues: merge,post_receive + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: invalid-1 + queues: [merge] + - name: invalid-2 + negateQueues: [merge] + )).merge(default_required_values) + end + + let(:error_output) { 'not a string' } + + include_examples 'config validation', + success_description: 'when Sidekiq pods use cluster with string queues', + error_description: 'when Sidekiq pods use cluster with array queues' + end + + describe 'sidekiq.timeout' do + context 'with deployment-global values specified for both timeout and terminationGracePeriodSeconds and no pod-local values specified for either' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + deployment: + terminationGracePeriodSeconds: 30 + timeout: 10 + )).deep_merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + deployment: + terminationGracePeriodSeconds: 30 + timeout: 40 + )).deep_merge(default_required_values) + end + + let(:error_output) { 'You must set `terminationGracePeriodSeconds` (30) longer than `timeout` (40) for pod `all-in-1`.' } + + include_examples 'config validation', + success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', + error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' + end + + context 'with pod-local value specified for only timeout' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + timeout: 10 + )).deep_merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + timeout: 50 + )).deep_merge(default_required_values) + end + + let(:error_output) { 'You must set `terminationGracePeriodSeconds` (30) longer than `timeout` (50) for pod `valid-1`.' } + + include_examples 'config validation', + success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', + error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' + end + + context 'with pod-local value specified for only terminationGracePeriodSeconds' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + terminationGracePeriodSeconds: 50 + )).deep_merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + terminationGracePeriodSeconds: 1 + )).deep_merge(default_required_values) + end + + let(:error_output) { 'You must set `terminationGracePeriodSeconds` (1) longer than `timeout` (25) for pod `valid-1`.' } + + include_examples 'config validation', + success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', + error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' + end + + context 'with pod-local value specified for both terminationGracePeriodSeconds and timeout' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + terminationGracePeriodSeconds: 50 + timeout: 10 + )).deep_merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + sidekiq: + pods: + - name: 'valid-1' + terminationGracePeriodSeconds: 50 + timeout: 60 + )).deep_merge(default_required_values) + end + + let(:error_output) { 'You must set `terminationGracePeriodSeconds` (50) longer than `timeout` (60) for pod `valid-1`.' } + + include_examples 'config validation', + success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', + error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' + end + end + + describe 'sidekiq.routingRules' do + include_context 'check config setup' + + let(:error_output) { 'The Sidekiq\'s routing rules list must be an ordered array of tuples of query and corresponding queue.' } + + context 'with an empty routingRules setting' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: [] + )).deep_merge(default_required_values) + end + + it 'succeeds' do + expect(exit_code).to eq(0) + expect(stdout).to include('name: gitlab-checkconfig-test') + expect(stderr).to be_empty + end + end + + context 'with a valid routingRules setting' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - ["feature_category=pages", null] + - ["feature_category=search", "search"] + - ["feature_category=memory|resource_boundary=memory", "memory-bound"] + - ["*", "default"] + )).deep_merge(default_required_values) + end + + it 'succeeds' do + expect(exit_code).to eq(0) + expect(stdout).to include('name: gitlab-checkconfig-test') + expect(stderr).to be_empty + end + end + + context 'a string routingRules setting is a string' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: 'hello' + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context 'one rule is a string' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - "feature_category=pages" + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context 'one rule has 0 elements' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - [] + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context 'one rule has 1 element' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - ["hello"] + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context 'one rule has 3 elements' do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - ["resource_boundary=cpu", "cpu_boundary", "something"] + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context "one rule's queue is invalid" do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - ["rule", 123] + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + + context "one rule's query is invalid" do + let(:values) do + YAML.safe_load(%( + global: + appConfig: + sidekiq: + routingRules: + - ["resource_boundary=cpu", "cpu_boundary"] + - [123, 'valid-queue'] + )).deep_merge(default_required_values) + end + + it 'returns an error' do + expect(exit_code).to be > 0 + expect(stdout).to be_empty + expect(stderr).to include(error_output) + end + end + end +end diff --git a/spec/integration/check_config/toolbox_spec.rb b/spec/integration/check_config/toolbox_spec.rb new file mode 100644 index 0000000000..dde0a86998 --- /dev/null +++ b/spec/integration/check_config/toolbox_spec.rb @@ -0,0 +1,65 @@ +require 'spec_helper' +require 'check_config_helper' +require 'hash_deep_merge' + +describe 'checkConfig toolbox' do + describe 'gitaly.toolbox.replicas' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + toolbox: + replicas: 1 + persistence: + enabled: true + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + toolbox: + replicas: 2 + persistence: + enabled: true + )).merge(default_required_values) + end + + let(:error_output) { 'more than 1 replica, but also with a PersistentVolumeClaim' } + + include_examples 'config validation', + success_description: 'when toolbox has persistence enabled and one replica', + error_description: 'when toolbox has persistence enabled and more than one replica' + end + + describe 'gitlab.toolbox.backups.objectStorage.config.secret' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + # secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_output) { 'A valid object storage config secret is needed for backups.' } + + include_examples 'config validation', + success_description: 'when toolbox has a valid object storage backup secret configured', + error_description: 'when toolbox does not have a valid object storage backup secret configured' + end +end diff --git a/spec/integration/check_config/webservice_spec.rb b/spec/integration/check_config/webservice_spec.rb new file mode 100644 index 0000000000..265301f930 --- /dev/null +++ b/spec/integration/check_config/webservice_spec.rb @@ -0,0 +1,63 @@ +require 'spec_helper' +require 'check_config_helper' +require 'hash_deep_merge' + +describe 'checkConfig webservice' do + describe 'appConfig.maxRequestDurationSeconds' do + let(:success_values) do + YAML.safe_load(%( + global: + appConfig: + maxRequestDurationSeconds: 50 + webservice: + workerTimeout: 60 + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + global: + appConfig: + maxRequestDurationSeconds: 70 + webservice: + workerTimeout: 60 + )).merge(default_required_values) + end + + let(:error_output) { 'global.appConfig.maxRequestDurationSeconds (70) is greater than or equal to global.webservice.workerTimeout (60)' } + + include_examples 'config validation', + success_description: 'when maxRequestDurationSeconds is less than workerTimeout', + error_description: 'when maxRequestDurationSeconds is greater than or equal to workerTimeout' + end + + describe 'webserviceTermination' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + webservice: + deployment: + terminationGracePeriodSeconds: 50 + shutdown: + blackoutSeconds: 10 + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + webservice: + deployment: + terminationGracePeriodSeconds: 5 + shutdown: + blackoutSeconds: 20 + )).merge(default_required_values) + end + + let(:error_output) { 'fail' } + + include_examples 'config validation', + success_description: 'when terminationGracePeriodSeconds is >= blackoutSeconds', + error_description: 'when terminationGracePeriodSeconds is < blackoutSeconds' + end +end diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 0ba07db528..372e0cd443 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -1,48 +1,9 @@ require 'spec_helper' -require 'helm_template_helper' +require 'check_config_helper' require 'yaml' require 'hash_deep_merge' describe 'checkConfig template' do - let(:check) do - Open3.capture3(HelmTemplate.helm_template_call(release_name: 'gitlab-checkconfig-test'), - chdir: File.join(__dir__, '..', '..'), - stdin_data: YAML.dump(values)) - end - - let(:stdout) { check[0] } - let(:stderr) { check[1] } - let(:exit_code) { check[2].to_i } - - let(:default_required_values) do - YAML.safe_load(%( - certmanager-issuer: - email: test@example.com - )) - end - - shared_examples 'config validation' do |success_description: '', error_description: ''| - context success_description do - let(:values) { success_values } - - it 'succeeds', :aggregate_failures do - expect(exit_code).to eq(0) - expect(stdout).to include('name: gitlab-checkconfig-test') - expect(stderr).to be_empty - end - end - - context error_description do - let(:values) { error_values } - - it 'returns an error', :aggregate_failures do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - end - # This is not actually in _checkConfig.tpl, but it uses `required`, so # acts in a similar way describe 'certmanager-issuer.email' do @@ -55,652 +16,6 @@ describe 'checkConfig template' do error_description: 'when unset' end - describe 'gitaly.tls without Praefect' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - enabled: true - tls: - enabled: true - secretName: example-tls - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - enabled: true - tls: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'global.gitaly.tls.secretName not specified' } - - include_examples 'config validation', - success_description: 'when TLS is enabled correctly', - error_description: 'when TLS is enabled but there is no certificate' - end - - describe 'gitaly.tls with Praefect' do - let(:success_values) do - YAML.safe_load(%( - global: - praefect: - enabled: true - virtualStorages: - - name: default - gitalyReplicas: 3 - maxUnavailable: 2 - tlsSecretName: gitaly-default-tls - - name: vs1 - gitalyReplicas: 2 - maxUnavailable: 1 - tlsSecretName: gitaly-vs2-tls - gitaly: - enabled: true - tls: - enabled: true - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - praefect: - enabled: true - virtualStorages: - - name: default - gitalyReplicas: 3 - maxUnavailable: 2 - tlsSecretName: gitaly-default-tls - - name: vs2 - gitalyReplicas: 2 - maxUnavailable: 1 - gitaly: - enabled: true - tls: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'global.praefect.virtualStorages[1].tlsSecretName not specified (\'vs2\')' } - - include_examples 'config validation', - success_description: 'when TLS is enabled correctly', - error_description: 'when TLS is enabled but there is no certificate' - end - - describe 'sidekiq.queues.mixed' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: valid-1 - queues: merge - - name: valid-2 - negateQueues: post_receive - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: invalid-1 - queues: merge - negateQueues: post_receive - - name: invalid-2 - queues: merge - negateQueues: post_receive - )).merge(default_required_values) - end - - let(:error_output) { '`negateQueues` is not usable if `queues` is provided' } - - include_examples 'config validation', - success_description: 'when Sidekiq pods use either queues or negateQueues', - error_description: 'when Sidekiq pods use both queues and negateQueues' - end - - describe 'sidekiq.queues' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: valid-1 - queues: merge,post_receive - - name: valid-2 - negateQueues: merge,post_receive - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: invalid-1 - queues: [merge] - - name: invalid-2 - negateQueues: [merge] - )).merge(default_required_values) - end - - let(:error_output) { 'not a string' } - - include_examples 'config validation', - success_description: 'when Sidekiq pods use cluster with string queues', - error_description: 'when Sidekiq pods use cluster with array queues' - end - - describe 'database.externaLoadBalancing' do - let(:success_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - hosts: [a, b, c] - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - hosts: [a, b, c] - postgresql: - install: true - )).merge(default_required_values) - end - - let(:error_output) { 'PostgreSQL is set to install, but database load balancing is also enabled' } - - include_examples 'config validation', - success_description: 'when database load balancing is configured, with PostgrSQL disabled', - error_description: 'when database load balancing is configured, with PostgrSQL enabled' - - describe 'database.externaLoadBalancing missing required elements' do - let(:success_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - hosts: [a, b, c] - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - invalid: item - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_output) { 'You must specify `load_balancing.hosts` or `load_balancing.discover`' } - - include_examples 'config validation', - success_description: 'when database load balancing is configured per requirements', - error_description: 'when database load balancing is missing required elements' - end - - describe 'database.externaLoadBalancing.hosts' do - let(:success_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - hosts: [a, b, c] - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - hosts: a - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_output) { 'Database load balancing using `hosts` is configured, but does not appear to be a list' } - - include_examples 'config validation', - success_description: 'when database load balancing is configured for hosts, with an array', - error_description: 'when database load balancing is configured for hosts, without an array' - end - - describe 'database.externaLoadBalancing.discover' do - let(:success_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - discover: - record: secondary - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - psql: - host: primary - password: - secret: bar - load_balancing: - discover: true - postgresql: - install: false - )).merge(default_required_values) - end - - let(:error_output) { 'Database load balancing using `discover` is configured, but does not appear to be a map' } - - include_examples 'config validation', - success_description: 'when database load balancing is configured for discover, with a map', - error_description: 'when database load balancing is configured for discover, without a map' - end - end - - describe 'geo.database' do - let(:success_values) do - YAML.safe_load(%( - global: - geo: - enabled: true - psql: - host: foo - password: - secret: bar - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - geo: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'Geo was configured but no database was provided' } - - include_examples 'config validation', - success_description: 'when Geo is enabled with a database', - error_description: 'when Geo is enabled without a database' - end - - describe 'geo.secondary.database' do - let(:success_values) do - YAML.safe_load(%( - global: - geo: - enabled: true - psql: - host: foo - password: - secret: bar - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - geo: - enabled: true - role: secondary - psql: - host: foo - password: - secret: bar - )).merge(default_required_values) - end - - let(:error_output) { 'Geo was configured with `role: secondary`, but no database was provided' } - - include_examples 'config validation', - success_description: 'when Geo is enabled with a database', - error_description: 'when Geo is enabled without a database' - end - - describe 'appConfig.maxRequestDurationSeconds' do - let(:success_values) do - YAML.safe_load(%( - global: - appConfig: - maxRequestDurationSeconds: 50 - webservice: - workerTimeout: 60 - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - appConfig: - maxRequestDurationSeconds: 70 - webservice: - workerTimeout: 60 - )).merge(default_required_values) - end - - let(:error_output) { 'global.appConfig.maxRequestDurationSeconds (70) is greater than or equal to global.webservice.workerTimeout (60)' } - - include_examples 'config validation', - success_description: 'when maxRequestDurationSeconds is less than workerTimeout', - error_description: 'when maxRequestDurationSeconds is greater than or equal to workerTimeout' - end - - describe 'appConfig.sentry.dsn' do - let(:success_values) do - YAML.safe_load(%( - registry: - reporting: - sentry: - enabled: true - dsn: somedsn - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - registry: - reporting: - sentry: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'When enabling sentry, you must configure at least one DSN.' } - - include_examples 'config validation', - success_description: 'when Sentry is enabled and DSN is defined', - error_description: 'when Sentry is enabled but DSN is undefined' - end - - describe 'gitaly.extern.repos' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - enabled: false - external: - - name: default - hostname: bar - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - enabled: false - external: [] - )).merge(default_required_values) - end - - let(:error_output) { 'external Gitaly repos needs to be specified if global.gitaly.enabled is not set' } - - include_examples 'config validation', - success_description: 'when Gitaly is disabled and external repos are enabled', - error_description: 'when Gitaly and external repos are disabled' - end - - describe 'gitaly.duplicate.repos' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - external: - - name: foo - hostname: bar - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - - foo - external: - - name: foo - hostname: bar - )).merge(default_required_values) - end - - let(:error_output) { 'Each storage name must be unique.' } - - include_examples 'config validation', - success_description: 'when Gitaly is enabled and storage names are unique', - error_description: 'when Gitaly is enabled and storage names are not unique' - end - - describe 'gitaly.duplicate.repos with praefect' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - - foo - praefect: - enabled: true - replaceInternalGitaly: false - virtualStorages: - - name: defaultPraefect - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - - foo - praefect: - enabled: true - replaceInternalGitaly: false - virtualStorages: - - name: foo - )).merge(default_required_values) - end - - let(:error_output) { 'Each storage name must be unique.' } - - include_examples 'config validation', - success_description: 'when Gitaly and Praefect are enabled and storage names are unique', - error_description: 'when Gitaly and Praefect are enabled and storage names are not unique' - end - - describe 'gitaly.default.repo' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - external: - - name: external1 - hostname: foo - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - foo - external: - - name: bar - hostname: baz - )).merge(default_required_values) - end - - let(:error_output) { 'There must be one (and only one) storage named \'default\'.' } - - include_examples 'config validation', - success_description: 'when Gitaly is enabled and one storage is named "default"', - error_description: 'when Gitaly is enabled and no storages are named "default"' - end - - describe 'gitaly.default.repo with praefect' do - let(:success_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - default - external: - - name: external1 - hostname: foo - praefect: - enabled: true - replaceInternalGitaly: false - virtualStorages: - - name: praefect1 - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - gitaly: - internal: - names: - - internal1 - external: - - name: external1 - hostname: baz - praefect: - enabled: true - replaceInternalGitaly: false - virtualStorages: - - name: praefect1 - )).merge(default_required_values) - end - - let(:error_output) { 'There must be one (and only one) storage named \'default\'.' } - - include_examples 'config validation', - success_description: 'when Gitaly and Praefect are enabled and one storage is named "default"', - error_description: 'when Gitaly and Praefect are enabled and no storages are named "default"' - end - - describe 'gitaly.toolbox.replicas' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - toolbox: - replicas: 1 - persistence: - enabled: true - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - toolbox: - replicas: 2 - persistence: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'more than 1 replica, but also with a PersistentVolumeClaim' } - - include_examples 'config validation', - success_description: 'when toolbox has persistence enabled and one replica', - error_description: 'when toolbox has persistence enabled and more than one replica' - end - - describe 'gitlab.toolbox.backups.objectStorage.config.secret' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - toolbox: - backups: - objectStorage: - config: - secret: s3cmd-config - key: config - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - toolbox: - backups: - objectStorage: - config: - # secret: s3cmd-config - key: config - )).merge(default_required_values) - end - - let(:error_output) { 'A valid object storage config secret is needed for backups.' } - - include_examples 'config validation', - success_description: 'when toolbox has a valid object storage backup secret configured', - error_description: 'when toolbox does not have a valid object storage backup secret configured' - end - describe 'multipleRedis' do let(:success_values) do YAML.safe_load(%( @@ -726,656 +41,4 @@ describe 'checkConfig template' do success_description: 'when Redis is set to install with a single Redis instance', error_description: 'when Redis is set to install with multiple Redis instances' end - - describe 'webserviceTermination' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - webservice: - deployment: - terminationGracePeriodSeconds: 50 - shutdown: - blackoutSeconds: 10 - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - webservice: - deployment: - terminationGracePeriodSeconds: 5 - shutdown: - blackoutSeconds: 20 - )).merge(default_required_values) - end - - let(:error_output) { 'fail' } - - include_examples 'config validation', - success_description: 'when terminationGracePeriodSeconds is >= blackoutSeconds', - error_description: 'when terminationGracePeriodSeconds is < blackoutSeconds' - end - - describe 'PostgreSQL version' do - let(:success_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 11 - )).merge(default_required_values) - end - - let(:error_output) { 'The minimum required version is PostgreSQL 12.' } - - include_examples 'config validation', - success_description: 'when postgresql.image.tag is >= 12', - error_description: 'when postgresql.image.tag is < 12' - end - - describe 'registry.database (PG version)' do - let(:success_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - database: - enabled: true - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 11 - - registry: - database: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'PostgreSQL 12 is the minimum required version' } - - include_examples 'config validation', - success_description: 'when postgresql.image.tag is >= 12', - error_description: 'when postgresql.image.tag is < 12' - end - - describe 'registry.database (sslmode)' do - let(:success_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - database: - enabled: true - sslmode: disable - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - database: - enabled: true - sslmode: testing - )).merge(default_required_values) - end - - let(:error_output) { 'Invalid SSL mode' } - - include_examples 'config validation', - success_description: 'when database.sslmode is valid', - error_description: 'when when database.sslmode is not valid' - end - - describe 'registry.migration (disablemirrorfs)' do - let(:success_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - database: - enabled: true - migration: - disablemirrorfs: true - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - migration: - disablemirrorfs: true - )).merge(default_required_values) - end - - let(:error_output) { 'Disabling filesystem metadata requires the metadata database to be enabled' } - - include_examples 'config validation', - success_description: 'when migration disablemirrorfs is true, with database enabled', - error_description: 'when migration disablemirrorfs is true, with database disabled' - end - - describe 'registry.migration (enabled)' do - let(:success_values) do - YAML.safe_load(%( - registry: - database: - enabled: true - migration: - enabled: true - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - registry: - migration: - enabled: true - )).merge(default_required_values) - end - - let(:error_output) { 'Enabling migration mode requires the metadata database to be enabled' } - - include_examples 'config validation', - success_description: 'when migration enabled is true, with database enabled', - error_description: 'when migration enabled is true, with database disabled' - end - - describe 'sidekiq.timeout' do - context 'with deployment-global values specified for both timeout and terminationGracePeriodSeconds and no pod-local values specified for either' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - deployment: - terminationGracePeriodSeconds: 30 - timeout: 10 - )).deep_merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - deployment: - terminationGracePeriodSeconds: 30 - timeout: 40 - )).deep_merge(default_required_values) - end - - let(:error_output) { 'You must set `terminationGracePeriodSeconds` (30) longer than `timeout` (40) for pod `all-in-1`.' } - - include_examples 'config validation', - success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', - error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' - end - - context 'with pod-local value specified for only timeout' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - timeout: 10 - )).deep_merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - timeout: 50 - )).deep_merge(default_required_values) - end - - let(:error_output) { 'You must set `terminationGracePeriodSeconds` (30) longer than `timeout` (50) for pod `valid-1`.' } - - include_examples 'config validation', - success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', - error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' - end - - context 'with pod-local value specified for only terminationGracePeriodSeconds' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - terminationGracePeriodSeconds: 50 - )).deep_merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - terminationGracePeriodSeconds: 1 - )).deep_merge(default_required_values) - end - - let(:error_output) { 'You must set `terminationGracePeriodSeconds` (1) longer than `timeout` (25) for pod `valid-1`.' } - - include_examples 'config validation', - success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', - error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' - end - - context 'with pod-local value specified for both terminationGracePeriodSeconds and timeout' do - let(:success_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - terminationGracePeriodSeconds: 50 - timeout: 10 - )).deep_merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - gitlab: - sidekiq: - pods: - - name: 'valid-1' - terminationGracePeriodSeconds: 50 - timeout: 60 - )).deep_merge(default_required_values) - end - - let(:error_output) { 'You must set `terminationGracePeriodSeconds` (50) longer than `timeout` (60) for pod `valid-1`.' } - - include_examples 'config validation', - success_description: 'when Sidekiq timeout is less than terminationGracePeriodSeconds', - error_description: 'when Sidekiq timeout is more than terminationGracePeriodSeconds' - end - end - - describe 'sidekiq.routingRules' do - let(:error_output) { 'The Sidekiq\'s routing rules list must be an ordered array of tuples of query and corresponding queue.' } - - context 'with an empty routingRules setting' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: [] - )).deep_merge(default_required_values) - end - - it 'succeeds' do - expect(exit_code).to eq(0) - expect(stdout).to include('name: gitlab-checkconfig-test') - expect(stderr).to be_empty - end - end - - context 'with a valid routingRules setting' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - ["feature_category=pages", null] - - ["feature_category=search", "search"] - - ["feature_category=memory|resource_boundary=memory", "memory-bound"] - - ["*", "default"] - )).deep_merge(default_required_values) - end - - it 'succeeds' do - expect(exit_code).to eq(0) - expect(stdout).to include('name: gitlab-checkconfig-test') - expect(stderr).to be_empty - end - end - - context 'a string routingRules setting is a string' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: 'hello' - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context 'one rule is a string' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - "feature_category=pages" - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context 'one rule has 0 elements' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - [] - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context 'one rule has 1 element' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - ["hello"] - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context 'one rule has 3 elements' do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - ["resource_boundary=cpu", "cpu_boundary", "something"] - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context "one rule's queue is invalid" do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - ["rule", 123] - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - - context "one rule's query is invalid" do - let(:values) do - YAML.safe_load(%( - global: - appConfig: - sidekiq: - routingRules: - - ["resource_boundary=cpu", "cpu_boundary"] - - [123, 'valid-queue'] - )).deep_merge(default_required_values) - end - - it 'returns an error' do - expect(exit_code).to be > 0 - expect(stdout).to be_empty - expect(stderr).to include(error_output) - end - end - end - - describe 'registry.gc (disabled)' do - let(:success_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - database: - enabled: true - gc: - disabled: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - postgresql: - image: - tag: 12 - - registry: - gc: - disabled: false - )).merge(default_required_values) - end - - let(:error_output) { 'Enabling online garbage collection requires the metadata database to be enabled' } - - include_examples 'config validation', - success_description: 'when gc disabled is false, with database enabled', - error_description: 'when gc disabled is false, with database disabled' - end - - describe 'incomingEmail.microsoftGraph' do - let(:success_values) do - YAML.safe_load(%( - global: - appConfig: - incomingEmail: - enabled: true - inboxMethod: microsoft_graph - tenantId: MY-TENANT-ID - clientId: MY-CLIENT-ID - clientSecret: - secret: secret - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - appConfig: - incomingEmail: - enabled: true - inboxMethod: microsoft_graph - clientSecret: - secret: secret - )).merge(default_required_values) - end - - let(:error_output) { 'be sure to specify the tenant ID' } - - include_examples 'config validation', - success_description: 'when incomingEmail is configured with Microsoft Graph', - error_description: 'when incomingEmail is missing required Microsoft Graph settings' - end - - describe 'serviceDesk.microsoftGraph' do - let(:success_values) do - YAML.safe_load(%( - global: - appConfig: - incomingEmail: - enabled: true - inboxMethod: microsoft_graph - tenantId: MY-TENANT-ID - clientId: MY-CLIENT-ID - clientSecret: - secret: secret - serviceDesk: - enabled: true - inboxMethod: microsoft_graph - tenantId: MY-TENANT-ID - clientId: MY-CLIENT-ID - clientSecret: - secret: secret - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - global: - appConfig: - incomingEmail: - enabled: true - inboxMethod: microsoft_graph - tenantId: MY-TENANT-ID - clientId: MY-CLIENT-ID - clientSecret: - secret: secret - serviceDesk: - enabled: true - inboxMethod: microsoft_graph - clientSecret: - secret: secret - )).merge(default_required_values) - end - - let(:error_output) { 'be sure to specify the tenant ID' } - - include_examples 'config validation', - success_description: 'when serviceDesk is configured with Microsoft Graph', - error_description: 'when serviceDesk is missing required Microsoft Graph settings' - end - - describe 'geo.replication.primaryApiUrl' do - let(:success_values) do - { - 'global' => { - 'geo' => { - 'enabled' => true, - 'registry' => { - 'replication' => { - 'enabled' => true, - 'primaryApiUrl' => 'http://registry.foobar.com' - } - } - }, - 'psql' => { 'host' => 'foo', 'password' => { 'secret' => 'bar' } } - } - }.merge(default_required_values) - end - - let(:error_values) do - { - 'global' => { - 'geo' => { - 'enabled' => true, - 'role' => 'secondary', - 'registry' => { - 'replication' => { - 'enabled' => true - } - } - }, - 'psql' => { 'host' => 'foo', 'password' => { 'secret' => 'bar' } } - } - }.merge(default_required_values) - end - - let(:error_output) { 'Registry replication is enabled for GitLab Geo, but no primary API URL is specified.' } - - include_examples 'config validation', - success_description: 'when Registry replication is enabled for Geo and primary API URL is specified', - error_description: 'when Registry replication is enabled for Geo but no primary API URL is specified' - end - - describe 'nginx-ingress.rbac.scope' do - let(:success_values) do - YAML.safe_load(%( - nginx-ingress: - rbac: - scope: false - )).merge(default_required_values) - end - - let(:error_values) do - YAML.safe_load(%( - nginx-ingress: - rbac: - scope: true - )).merge(default_required_values) - end - - let(:error_output) { 'Namespaced IngressClasses do not exist' } - - include_examples 'config validation', - success_description: 'when set to false', - error_description: 'when set to true' - end end diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 9897652877..fa177da3c7 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -3,9 +3,17 @@ Template for checking configuration The messages templated here will be combined into a single `fail` call. This creates a means for the user to receive all messages at one time, instead of a frustrating iterative approach. +- Pick a location for the new check. + + Checks of a group reside in a sub file, `_checkConfig_xxx.tpl`. + + If there isn't a group for that check yet, put it at the end of this file + + If there are more than 1 check of a same group, extract those checks into a new + file following the above format. Don't forget to extract the tests too. - `define` a new template, prefixed `gitlab.checkConfig.` - Check for known problems in configuration, and directly output messages (see message format below) - Add a line to `gitlab.checkConfig` to include the new template. +- Add tests for the newly created check. + + Tests for checks of a group are put in `spec/integration/check_config/xxx_spec.rb` + + Tests for other miscellaneous checks are put in `spec/integration/check_config_spec.rb` Message format: @@ -24,42 +32,64 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- define "gitlab.checkConfig" -}} {{- $messages := list -}} {{/* add templates here */}} -{{- $messages = append $messages (include "gitlab.checkConfig.contentSecurityPolicy" .) -}} + +{{/* _checkConfig_mailroom.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.incomingEmail.microsoftGraph" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.serviceDesk" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.serviceDesk.microsoftGraph" .) -}} + +{{/* _checkConfig_geo.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.geo.database" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" .) -}} + +{{/* _checkConfig_gitaly.tpl*/}} {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.storageNames" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.praefect.storageNames" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.tls" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.queues.mixed" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.queues" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.timeout" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.routingRules" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.appConfig.maxRequestDurationSeconds" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.extern.repos" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.geo.database" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} -{{- $messages = append $messages (include "gitlab.toolbox.replicas" .) -}} -{{- $messages = append $messages (include "gitlab.toolbox.backups.objectStorage.config.secret" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.hostWhenNoInstall" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.praefect.storageNames" .) -}} + +{{/* _checkConfig_nginx.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.nginx.controller.extraArgs" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.nginx.clusterrole.scope" .) -}} + +{{/* _checkConfig_object_storage.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.consolidatedConfig" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.typeSpecificConfig" .) -}} + +{{/* _checkConfig_postgresql.tpl*/}} {{- $messages = append $messages (include "gitlab.checkConfig.postgresql.deprecatedVersion" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.postgresql.noPasswordFile" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.database.externalLoadBalancing" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.incomingEmail.microsoftGraph" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.serviceDesk" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.serviceDesk.microsoftGraph" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.sentry" .) -}} + +{{/* _checkConfig_registry.tpl*/}} {{- $messages = append $messages (include "gitlab.checkConfig.registry.sentry.dsn" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.registry.notifications" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.registry.database" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.registry.gc" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.registry.migration" .) -}} + +{{/* _checkConfig_sidekiq.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.queues.mixed" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.queues" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.timeout" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.sidekiq.routingRules" .) -}} + +{{/* _checkConfig_toolbox.tpl*/}} +{{- $messages = append $messages (include "gitlab.toolbox.replicas" .) -}} +{{- $messages = append $messages (include "gitlab.toolbox.backups.objectStorage.config.secret" .) -}} + +{{/* _checkConfig_webservice.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.appConfig.maxRequestDurationSeconds" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.gracePeriod" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.consolidatedConfig" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.typeSpecificConfig" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.nginx.controller.extraArgs" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.nginx.clusterrole.scope" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.loadBalancer" .) -}} + +{{/* other checks */}} +{{- $messages = append $messages (include "gitlab.checkConfig.contentSecurityPolicy" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.hostWhenNoInstall" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.sentry" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.smtp.openssl_verify_mode" .) -}} -{{- $messages = append $messages (include "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" .) -}} {{- /* prepare output */}} {{- $messages = without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -85,260 +115,6 @@ contentSecurityPolicy: {{- end -}} {{/* END gitlab.checkConfig.contentSecurityPolicy */}} -{{/* -Protect against problems in storage names within repositories configuration. -- Ensure that one (and only one) storage is named 'default'. -- Ensure no duplicates - -Collects the list of storage names by rendering the 'gitlab.appConfig.repositories' -template, and grabbing any lines that start with exactly 4 spaces. -*/}} -{{- define "gitlab.checkConfig.gitaly.storageNames" -}} -{{- $errorMsg := list -}} -{{- $config := include "gitlab.appConfig.repositories" $ -}} -{{- $storages := list }} -{{- range (splitList "\n" $config) -}} -{{- if (regexMatch "^ [^ ]" . ) -}} -{{- $storages = append $storages (trim . | trimSuffix ":") -}} -{{- end }} -{{- end }} -{{- if gt (len $storages) (len (uniq $storages)) -}} -{{- $errorMsg = append $errorMsg (printf "Each storage name must be unique. Current storage names: %s" $storages | sortAlpha | join ", ") -}} -{{- end -}} -{{- if not (has "default" $storages) -}} -{{- $errorMsg = append $errorMsg ("There must be one (and only one) storage named 'default'.") -}} -{{- end }} -{{- if not (empty $errorMsg) }} -gitaly: -{{- range $msg := $errorMsg }} - {{ $msg }} -{{- end }} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.gitaly.storageNames -}} - -{{/* -Ensure that if a user is migrating to Praefect, none of the Praefect virtual storage -names are 'default', as it should already be used by the non-Praefect storage configuration. -*/}} -{{- define "gitlab.checkConfig.praefect.storageNames" -}} -{{- if and $.Values.global.gitaly.enabled $.Values.global.praefect.enabled (not $.Values.global.praefect.replaceInternalGitaly) -}} -{{- range $i, $vs := $.Values.global.praefect.virtualStorages -}} -{{- if eq $vs.name "default" -}} -praefect: - Praefect is enabled, but `global.praefect.replaceInternalGitaly=false`. In this scenario, - none of the Praefect virtual storage names can be 'default'. Please modify - `global.praefect.virtualStorages[{{ $i }}].name`. -{{- end }} -{{- end }} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.praefect.storageNames" -}} - -{{/* -Ensure a certificate is provided when Gitaly is enabled and is instructed to -listen over TLS */}} -{{- define "gitlab.checkConfig.gitaly.tls" -}} -{{- $errorMsg := list -}} -{{- if and $.Values.global.gitaly.enabled $.Values.global.gitaly.tls.enabled -}} -{{- if $.Values.global.praefect.enabled -}} -{{- range $i, $vs := $.Values.global.praefect.virtualStorages -}} -{{- if not $vs.tlsSecretName }} -{{- $errorMsg = append $errorMsg (printf "global.praefect.virtualStorages[%d].tlsSecretName not specified ('%s')" $i $vs.name) -}} -{{- end }} -{{- end }} -{{- else }} -{{- if not $.Values.global.gitaly.tls.secretName -}} -{{- $errorMsg = append $errorMsg ("global.gitaly.tls.secretName not specified") -}} -{{- end }} -{{- end }} -{{- end }} -{{- if not (empty $errorMsg) }} -gitaly: -{{- range $msg := $errorMsg }} - {{ $msg }} -{{- end }} - This configuration is not supported. -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.gitaly.tls */}} - -{{/* -Ensure a certificate is provided when Praefect is enabled and is instructed to listen over TLS -*/}} -{{- define "gitlab.checkConfig.praefect.tls" -}} -{{- if and (and $.Values.global.praefect.enabled $.Values.global.praefect.tls.enabled) (not $.Values.global.praefect.tls.secretName) }} -praefect: server enabled with TLS, no TLS certificate provided - It appears Praefect is specified to listen over TLS, but no certificate was specified. -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.praefect.tls */}} - -{{/* Check configuration of Sidekiq - don't supply queues and negateQueues */}} -{{- define "gitlab.checkConfig.sidekiq.queues.mixed" -}} -{{- if .Values.gitlab.sidekiq.pods -}} -{{- range $pod := .Values.gitlab.sidekiq.pods -}} -{{- if and (hasKey $pod "queues") (hasKey $pod "negateQueues") }} -sidekiq: mixed queues - It appears you've supplied both `queues` and `negateQueues` for the pod definition of `{{ $pod.name }}`. `negateQueues` is not usable if `queues` is provided. Please use only one. -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.sidekiq.queues.mixed */}} - -{{/* Check configuration of Sidekiq - queues must be a string */}} -{{- define "gitlab.checkConfig.sidekiq.queues" -}} -{{- if .Values.gitlab.sidekiq.pods -}} -{{- range $pod := .Values.gitlab.sidekiq.pods -}} -{{- if and (hasKey $pod "queues") (ne (kindOf $pod.queues) "string") }} -sidekiq: - The `queues` in pod definition `{{ $pod.name }}` is not a string. -{{- else if and (hasKey $pod "negateQueues") (ne (kindOf $pod.negateQueues) "string") }} -sidekiq: - The `negateQueues` in pod definition `{{ $pod.name }}` is not a string. -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.sidekiq.queues */}} - -{{/* -Ensure that Sidekiq timeout is less than terminationGracePeriodSeconds -*/}} -{{- define "gitlab.checkConfig.sidekiq.timeout" -}} -{{- range $i, $pod := $.Values.gitlab.sidekiq.pods -}} -{{- $activeTimeout := int (default $.Values.gitlab.sidekiq.timeout $pod.timeout) }} -{{- $activeTerminationGracePeriodSeconds := int (default $.Values.gitlab.sidekiq.deployment.terminationGracePeriodSeconds $pod.terminationGracePeriodSeconds) }} -{{- if gt $activeTimeout $activeTerminationGracePeriodSeconds }} -sidekiq: - You must set `terminationGracePeriodSeconds` ({{ $activeTerminationGracePeriodSeconds }}) longer than `timeout` ({{ $activeTimeout }}) for pod `{{ $pod.name }}`. -{{- end }} -{{- end }} -{{- end -}} -{{/* END gitlab.checkConfig.sidekiq.timeout */}} - -{{/* -Ensure that Sidekiq routingRules configuration is in a valid format -*/}} -{{- define "gitlab.checkConfig.sidekiq.routingRules" -}} -{{- $validRoutingRules := true -}} -{{- with $.Values.global.appConfig.sidekiq.routingRules }} -{{- if not (kindIs "slice" .) }} -{{- $validRoutingRules = false }} -{{- else -}} -{{- range $rule := . }} -{{- if (not (kindIs "slice" $rule)) }} -{{- $validRoutingRules = false }} -{{- else if (ne (len $rule) 2) }} -{{- $validRoutingRules = false }} -{{/* The first item (routing query) must be a string */}} -{{- else if not (kindIs "string" (index $rule 0)) }} -{{- $validRoutingRules = false }} -{{/* The second item (queue name) must be either a string or null */}} -{{- else if not (or (kindIs "invalid" (index $rule 1)) (kindIs "string" (index $rule 1))) -}} -{{- $validRoutingRules = false }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- if eq false $validRoutingRules }} -sidekiq: - The Sidekiq's routing rules list must be an ordered array of tuples of query and corresponding queue. - See https://docs.gitlab.com/charts/charts/globals.html#sidekiq-routing-rules-settings -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.sidekiq.routingRules */}} - -{{/* -Ensure a database is configured when using Geo -listen over TLS */}} -{{- define "gitlab.checkConfig.geo.database" -}} -{{- with $.Values.global -}} -{{- if eq true .geo.enabled -}} -{{- if not .psql.host }} -geo: no database provided - It appears Geo was configured but no database was provided. Geo behaviors require external databases. Ensure `global.psql.host` is set. -{{ end -}} -{{- if not .psql.password.secret }} -geo: no database password provided - It appears Geo was configured, but no database password was provided. Geo behaviors require external databases. Ensure `global.psql.password.secret` is set. -{{ end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.geo.database */}} - -{{/* -Ensure a database is configured when using Geo secondary -listen over TLS */}} -{{- define "gitlab.checkConfig.geo.secondary.database" -}} -{{- with $.Values.global.geo -}} -{{- if include "gitlab.geo.secondary" $ }} -{{- if not .psql.host }} -geo: no secondary database provided - It appears Geo was configured with `role: secondary`, but no database was provided. Geo behaviors require external databases. Ensure `global.geo.psql.host` is set. -{{ end -}} -{{- if not .psql.password.secret }} -geo: no secondary database password provided - It appears Geo was configured with `role: secondary`, but no database password was provided. Geo behaviors require external databases. Ensure `global.geo.psql.password.secret` is set. -{{ end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.geo.secondary.database */}} - -{{/* -Ensure the provided global.appConfig.maxRequestDurationSeconds value is smaller than -webservice's worker timeout */}} -{{- define "gitlab.checkConfig.appConfig.maxRequestDurationSeconds" -}} -{{- $maxDuration := $.Values.global.appConfig.maxRequestDurationSeconds }} -{{- if $maxDuration }} -{{- $workerTimeout := $.Values.global.webservice.workerTimeout }} -{{- if not (lt $maxDuration $workerTimeout) }} -gitlab: maxRequestDurationSeconds should be smaller than Webservice's worker timeout - The current value of global.appConfig.maxRequestDurationSeconds ({{ $maxDuration }}) is greater than or equal to global.webservice.workerTimeout ({{ $workerTimeout }}) while it should be a lesser value. -{{- end }} -{{- end }} -{{- end }} -{{/* END gitlab.checkConfig.appConfig.maxRequestDurationSeconds */}} - -{{/* Check configuration of Gitaly external repos*/}} -{{- define "gitlab.checkConfig.gitaly.extern.repos" -}} -{{- if (and (not .Values.global.gitaly.enabled) (not .Values.global.gitaly.external) ) }} -gitaly: - external Gitaly repos needs to be specified if global.gitaly.enabled is not set -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.gitaly.extern.repos */}} - -{{/* -Ensure that a valid object storage config secret is provided. -*/}} -{{- define "gitlab.toolbox.backups.objectStorage.config.secret" -}} -{{- if or .Values.gitlab.toolbox.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) (eq .Values.gitlab.toolbox.backups.objectStorage.backend "gcs") }} -{{- if not .Values.gitlab.toolbox.backups.objectStorage.config.secret -}} -toolbox: - A valid object storage config secret is needed for backups. - Please configure it via `gitlab.toolbox.backups.objectStorage.config.secret`. -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.toolbox.backups.objectStorage.config.secret */}} - -{{/* -Ensure that gitlab/toolbox is not configured with `replicas` > 1 if -persistence is enabled. -*/}} -{{- define "gitlab.toolbox.replicas" -}} -{{- $replicas := index $.Values.gitlab "toolbox" "replicas" | int -}} -{{- if and (gt $replicas 1) (index $.Values.gitlab "toolbox" "persistence" "enabled") -}} -toolbox: replicas is greater than 1, with persistence enabled. - It appear that `gitlab/toolbox` has been configured with more than 1 replica, but also with a PersistentVolumeClaim. This is not supported. Please either reduce the replicas to 1, or disable persistence. -{{- end -}} -{{- end -}} -{{/* END gitlab.toolbox.replicas */}} - {{/* Ensure that `redis.install: false` if configuring multiple Redis instances */}} @@ -368,150 +144,6 @@ redis: {{- end -}} {{/* END gitlab.checkConfig.hostWhenNoInstall */}} -{{/* -Ensure that `postgresql.image.tag` meets current requirements -*/}} -{{- define "gitlab.checkConfig.postgresql.deprecatedVersion" -}} -{{- $imageTag := .Values.postgresql.image.tag -}} -{{- $majorVersion := (split "." (split "-" ($imageTag | toString))._0)._0 | int -}} -{{- if or (eq $majorVersion 0) (lt $majorVersion 12) -}} -postgresql: - Image tag is "{{ $imageTag }}". -{{- if (eq $majorVersion 0) }} - Image tag is malformed. It should begin with the numeric major version. -{{- else if (lt $majorVersion 12) }} - PostgreSQL 11 and earlier is not supported in GitLab 14. The minimum required version is PostgreSQL 12. -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.postgresql.deprecatedVersion */}} - - -{{/* -Ensure that if `psql.password.useSecret` is set to false, a path to the password file is provided -*/}} -{{- define "gitlab.checkConfig.postgresql.noPasswordFile" -}} -{{- $errorMsg := list -}} -{{- $subcharts := pick .Values.gitlab "geo-logcursor" "gitlab-exporter" "migrations" "sidekiq" "toolbox" "webservice" -}} -{{- range $name, $sub := $subcharts -}} -{{- $useSecret := include "gitlab.boolean.local" (dict "local" (pluck "useSecret" (index $sub "psql" "password") | first) "global" $.Values.global.psql.password.useSecret "default" true) -}} -{{- if and (not $useSecret) (not (pluck "file" (index $sub "psql" "password") ($.Values.global.psql.password) | first)) -}} -{{- $errorMsg = append $errorMsg (printf "%s: If `psql.password.useSecret` is set to false, you must specify a value for `psql.password.file`." $name) -}} -{{- end -}} -{{- if and (not $useSecret) ($.Values.postgresql.install) -}} -{{- $errorMsg = append $errorMsg (printf "%s: PostgreSQL can not be deployed with this chart when using `psql.password.useSecret` is false." $name) -}} -{{- end -}} -{{- end -}} -{{- if not (empty $errorMsg) }} -postgresql: -{{- range $msg := $errorMsg }} - {{ $msg }} -{{- end }} - This configuration is not supported. -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.postgresql.noPasswordFile */}} - -{{/* -Ensure that `postgresql.install: false` when `global.psql.load_balancing` defined -*/}} -{{- define "gitlab.checkConfig.database.externalLoadBalancing" -}} -{{- if hasKey .Values.global.psql "load_balancing" -}} -{{- with .Values.global.psql.load_balancing -}} -{{- if and $.Values.postgresql.install (kindIs "map" .) }} -postgresql: - It appears PostgreSQL is set to install, but database load balancing is also enabled. This configuration is not supported. - See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings -{{- end -}} -{{- if not (kindIs "map" .) }} -postgresql: - It appears database load balancing is desired, but the current configuration is not supported. - See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings -{{- end -}} -{{- if and (not (hasKey . "discover") ) (not (hasKey . "hosts") ) }} -postgresql: - It appears database load balancing is desired, but the current configuration is not supported. - You must specify `load_balancing.hosts` or `load_balancing.discover`. - See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings -{{- end -}} -{{- if and (hasKey . "hosts") (not (kindIs "slice" .hosts) ) }} -postgresql: - Database load balancing using `hosts` is configured, but does not appear to be a list. - See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings - Current format: {{ kindOf .hosts }} -{{- end -}} -{{- if and (hasKey . "discover") (not (kindIs "map" .discover)) }} -postgresql: - Database load balancing using `discover` is configured, but does not appear to be a map. - See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings - Current format: {{ kindOf .discover }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.database.externalLoadBalancing */}} - -{{/* -Ensure that tenantId and clientId are set if Microsoft Graph settings are used in incomingEmail -*/}} -{{- define "gitlab.checkConfig.incomingEmail.microsoftGraph" -}} -{{- with $.Values.global.appConfig.incomingEmail }} -{{- if (and .enabled (eq .inboxMethod "microsoft_graph")) }} -{{- if not .tenantId }} -incomingEmail: - When configuring incoming email with Microsoft Graph, be sure to specify the tenant ID. - See https://docs.gitlab.com/ee/administration/incoming_email.html#microsoft-graph -{{- end -}} -{{- if not .clientId }} -incomingEmail: - When configuring incoming email with Microsoft Graph, be sure to specify the client ID. - See https://docs.gitlab.com/ee/administration/incoming_email.html#microsoft-graph -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.incomingEmail.microsoftGraph */}} - -{{/* -Ensure that incomingEmail is enabled too if serviceDesk is enabled -*/}} -{{- define "gitlab.checkConfig.serviceDesk" -}} -{{- if $.Values.global.appConfig.serviceDeskEmail.enabled }} -{{- if not $.Values.global.appConfig.incomingEmail.enabled }} -serviceDesk: - When configuring Service Desk email, you must also configure incoming email. - See https://docs.gitlab.com/charts/charts/globals#incoming-email-settings -{{- end -}} -{{- if (not (and (contains "+%{key}@" $.Values.global.appConfig.incomingEmail.address) (contains "+%{key}@" $.Values.global.appConfig.serviceDeskEmail.address))) }} -serviceDesk: - When configuring Service Desk email, both incoming email and Service Desk email address must contain the "+%{key}" tag. - See https://docs.gitlab.com/ee/user/project/service_desk.html#using-custom-email-address -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.serviceDesk */}} - -{{/* -Ensure that tenantId and clientId are set if Microsoft Graph settings are used in serviceDesk -*/}} -{{- define "gitlab.checkConfig.serviceDesk.microsoftGraph" -}} -{{- with $.Values.global.appConfig.serviceDesk }} -{{- if (and .enabled (eq .inboxMethod "microsoft_graph")) }} -{{- if not .tenantId }} -incomingEmail: - When configuring Service Desk with Microsoft Graph, be sure to specify the tenant ID. - See https://docs.gitlab.com/ee/user/project/service_desk.html#microsoft-graph -{{- end -}} -{{- if not .clientId }} -incomingEmail: - When configuring Service Desk with Microsoft Graph, be sure to specify the client ID. - See https://docs.gitlab.com/ee/user/project/service_desk.html#microsoft-graph -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.serviceDesk.microsoftGraph */}} - {{/* Ensure that sentry has a DSN configured if enabled */}} @@ -526,179 +158,6 @@ sentry: {{- end -}} {{/* END gitlab.checkConfig.sentry */}} -{{/* -Ensure that registry's sentry has a DSN configured if enabled -*/}} -{{- define "gitlab.checkConfig.registry.sentry.dsn" -}} -{{- if $.Values.registry.reporting.sentry.enabled }} -{{- if not $.Values.registry.reporting.sentry.dsn }} -registry: - When enabling sentry, you must configure at least one DSN. - See https://docs.gitlab.com/charts/charts/registry#reporting -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.registry.sentry.dsn */}} - -{{/* -Ensure Registry notifications settings are in global scope -*/}} -{{- define "gitlab.checkConfig.registry.notifications" }} -{{- if hasKey $.Values.registry "notifications" }} -Registry: Notifications should be defined in the global scope. Use `global.registry.notifications` setting instead of `registry.notifications`. -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.registry.notifications */}} - -{{/* -Ensure Registry database is configured properly and dependencies are met -*/}} -{{- define "gitlab.checkConfig.registry.database" -}} -{{- if $.Values.registry.database.enabled }} -{{- $validSSLModes := list "require" "disable" "allow" "prefer" "require" "verify-ca" "verify-full" -}} -{{- if not (has $.Values.registry.database.sslmode $validSSLModes) }} -registry: - Invalid SSL mode "{{ .Values.registry.database.sslmode }}". - Valid values are: {{ join ", " $validSSLModes }}. - See https://docs.gitlab.com/charts/charts/registry#database -{{- end -}} -{{- $pgImageTag := .Values.postgresql.image.tag -}} -{{- $pgMajorVersion := (split "." (split "-" ($pgImageTag | toString))._0)._0 | int -}} -{{- if lt $pgMajorVersion 12 -}} -registry: - Invalid PostgreSQL version "{{ $pgImageTag }}". - PostgreSQL 12 is the minimum required version for the registry database. - See https://docs.gitlab.com/charts/charts/registry#database -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.registry.database */}} - -{{/* -Ensure Registry migration is configured properly and dependencies are met -*/}} -{{- define "gitlab.checkConfig.registry.migration" -}} -{{- if and $.Values.registry.migration.enabled (not $.Values.registry.database.enabled) }} -registry: - Enabling migration mode requires the metadata database to be enabled. - See https://docs.gitlab.com/charts/charts/registry#migration -{{- end -}} -{{- if and $.Values.registry.migration.disablemirrorfs (not $.Values.registry.database.enabled) }} -registry: - Disabling filesystem metadata requires the metadata database to be enabled. - See https://docs.gitlab.com/charts/charts/registry#migration -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.registry.migration */}} - -{{/* -Ensure Registry online garbage collection is configured properly and dependencies are met -*/}} -{{- define "gitlab.checkConfig.registry.gc" -}} -{{- if not (or $.Values.registry.gc.disabled $.Values.registry.database.enabled) }} -registry: - Enabling online garbage collection requires the metadata database to be enabled. - See https://docs.gitlab.com/charts/charts/registry#gc -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.registry.gc */}} - -{{/* -Ensure terminationGracePeriodSeconds is longer than blackoutSeconds -*/}} -{{- define "gitlab.checkConfig.webservice.gracePeriod" -}} -{{- $terminationGracePeriodSeconds := default 30 .Values.gitlab.webservice.deployment.terminationGracePeriodSeconds | int -}} -{{- $blackoutSeconds := .Values.gitlab.webservice.shutdown.blackoutSeconds | int -}} -{{- if lt $terminationGracePeriodSeconds $blackoutSeconds }} -You must set terminationGracePeriodSeconds ({{ $terminationGracePeriodSeconds }}) longer than blackoutSeconds ({{ $blackoutSeconds }}) -{{ end -}} -{{- end -}} -{{/* END gitlab.checkConfig.webservice.gracePeriod */}} - -{{/* -Ensure consolidate and type-specific object store configuration are not mixed. -*/}} -{{- define "gitlab.checkConfig.objectStorage.consolidatedConfig" -}} -{{- if $.Values.global.appConfig.object_store.enabled -}} -{{- $problematicTypes := list -}} -{{- range $objectTypes := list "artifacts" "lfs" "uploads" "packages" "externalDiffs" "terraformState" "pseudonymizer" "dependencyProxy" -}} -{{- if hasKey $.Values.global.appConfig . -}} -{{- $objectProps := index $.Values.global.appConfig . -}} -{{- if (and (index $objectProps "enabled") (or (not (empty (index $objectProps "connection"))) (empty (index $objectProps "bucket")))) -}} -{{- $problematicTypes = append $problematicTypes . -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- if not (empty $problematicTypes) -}} -When consolidated object storage is enabled, for each item `bucket` must be specified and the `connection` must be empty. Check the following object storage configuration(s): {{ join "," $problematicTypes }} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.objectStorage.consolidatedConfig */}} - -{{- define "gitlab.checkConfig.objectStorage.typeSpecificConfig" -}} -{{- if and (not $.Values.global.minio.enabled) (not $.Values.global.appConfig.object_store.enabled) -}} -{{- $problematicTypes := list -}} -{{- range $objectTypes := list "artifacts" "lfs" "uploads" "packages" "externalDiffs" "terraformState" "pseudonymizer" "dependencyProxy" -}} -{{- if hasKey $.Values.global.appConfig . -}} -{{- $objectProps := index $.Values.global.appConfig . -}} -{{- if and (index $objectProps "enabled") (empty (index $objectProps "connection")) -}} -{{- $problematicTypes = append $problematicTypes . -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- if not (empty $problematicTypes) -}} -When type-specific object storage is enabled the `connection` property can not be empty. Check the following object storage configuration(s): {{ join "," $problematicTypes }} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.objectStorage.typeSpecificConfig */}} - -{{- define "gitlab.checkConfig.nginx.controller.extraArgs" -}} -{{- if (index $.Values "nginx-ingress").enabled -}} -{{- if hasKey (index $.Values "nginx-ingress").controller.extraArgs "force-namespace-isolation" -}} -nginx-ingress: - `nginx-ingress.controller.extraArgs.force-namespace-isolation` was previously set by default in the GitLab chart's values.yaml file, - but has since been deprecated upon the upgrade to NGINX 0.41.2 (upstream chart version 3.11.1). - Please remove the `force-namespace-isolation` key. -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END "gitlab.checkConfig.nginx.controller" */}} - -{{- define "gitlab.checkConfig.nginx.clusterrole.scope" -}} -{{- if (index $.Values "nginx-ingress").rbac.scope -}} -nginx-ingress: - 'rbac.scope' should be false. Namespaced IngressClasses do not exist. - See https://github.com/kubernetes/ingress-nginx/issues/7519 -{{- end -}} -{{- end -}} -{{/* END "gitlab.checkConfig.nginx.clusterrole" */}} - -{{/* -Ensure that when type is set to LoadBalancer that loadBalancerSourceRanges are set -*/}} -{{- define "gitlab.checkConfig.webservice.loadBalancer" -}} -{{- if .Values.gitlab.webservice.enabled -}} -{{- $serviceType := .Values.gitlab.webservice.service.type -}} -{{- $numDeployments := len .Values.gitlab.webservice.deployments -}} -{{- if (and (eq $serviceType "LoadBalancer") (gt $numDeployments 1)) }} -webservice: - It is not currently recommended to set a service type of `LoadBalancer` with multiple deployments defined. - Instead, use a global `service.type` of `ClusterIP` and override `service.type` in each deployment. -{{- end -}} -{{- range $name, $deployment := .Values.gitlab.webservice.deployments -}} -{{- $serviceType := $deployment.service.type -}} -{{- $loadBalancerSourceRanges := $deployment.service.loadBalancerSourceRanges -}} -{{- if (and (eq $serviceType "LoadBalancer") (empty ($loadBalancerSourceRanges))) }} -webservice: - It is not currently recommended to set a service type of `{{ $serviceType }}` on a public exposed network without restrictions, please add `service.loadBalancerSourceRanges` to limit access to the service of the `{{ $name }}` deployment. -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* END gitlab.checkConfig.webservice.loadBalancer */}} - {{/* Ensure that a correct value is provided for `global.smtp.openssl_verify_mode`. @@ -714,16 +173,3 @@ smtp: {{- end }} {{- end -}} {{/* END gitlab.checkConfig.smtp.openssl_verify_mode */}} - - -{{/* -Ensure that when Registry replication is enabled for Geo, a primary API URL is specified. -*/}} -{{- define "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" -}} -{{- if and (eq true .Values.global.geo.enabled) (and (eq .Values.global.geo.role "secondary") (eq true .Values.global.geo.registry.replication.enabled)) -}} -{{- if not .Values.global.geo.registry.replication.primaryApiUrl }} -geo: - Registry replication is enabled for GitLab Geo, but no primary API URL is specified. Please specify a value for `global.geo.registry.replication.primaryApiUrl`. -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/templates/_checkConfig_geo.tpl b/templates/_checkConfig_geo.tpl new file mode 100644 index 0000000000..43211d4f45 --- /dev/null +++ b/templates/_checkConfig_geo.tpl @@ -0,0 +1,49 @@ +{{/* +Ensure a database is configured when using Geo +listen over TLS */}} +{{- define "gitlab.checkConfig.geo.database" -}} +{{- with $.Values.global -}} +{{- if eq true .geo.enabled -}} +{{- if not .psql.host }} +geo: no database provided + It appears Geo was configured but no database was provided. Geo behaviors require external databases. Ensure `global.psql.host` is set. +{{ end -}} +{{- if not .psql.password.secret }} +geo: no database password provided + It appears Geo was configured, but no database password was provided. Geo behaviors require external databases. Ensure `global.psql.password.secret` is set. +{{ end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.geo.database */}} + +{{/* +Ensure a database is configured when using Geo secondary +listen over TLS */}} +{{- define "gitlab.checkConfig.geo.secondary.database" -}} +{{- with $.Values.global.geo -}} +{{- if include "gitlab.geo.secondary" $ }} +{{- if not .psql.host }} +geo: no secondary database provided + It appears Geo was configured with `role: secondary`, but no database was provided. Geo behaviors require external databases. Ensure `global.geo.psql.host` is set. +{{ end -}} +{{- if not .psql.password.secret }} +geo: no secondary database password provided + It appears Geo was configured with `role: secondary`, but no database password was provided. Geo behaviors require external databases. Ensure `global.geo.psql.password.secret` is set. +{{ end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.geo.secondary.database */}} + +{{/* +Ensure that when Registry replication is enabled for Geo, a primary API URL is specified. +*/}} +{{- define "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" -}} +{{- if and (eq true .Values.global.geo.enabled) (and (eq .Values.global.geo.role "secondary") (eq true .Values.global.geo.registry.replication.enabled)) -}} +{{- if not .Values.global.geo.registry.replication.primaryApiUrl }} +geo: + Registry replication is enabled for GitLab Geo, but no primary API URL is specified. Please specify a value for `global.geo.registry.replication.primaryApiUrl`. +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/templates/_checkConfig_gitaly.tpl b/templates/_checkConfig_gitaly.tpl new file mode 100644 index 0000000000..232d14fcdf --- /dev/null +++ b/templates/_checkConfig_gitaly.tpl @@ -0,0 +1,97 @@ +{{/* +Protect against problems in storage names within repositories configuration. +- Ensure that one (and only one) storage is named 'default'. +- Ensure no duplicates + +Collects the list of storage names by rendering the 'gitlab.appConfig.repositories' +template, and grabbing any lines that start with exactly 4 spaces. +*/}} +{{- define "gitlab.checkConfig.gitaly.storageNames" -}} +{{- $errorMsg := list -}} +{{- $config := include "gitlab.appConfig.repositories" $ -}} +{{- $storages := list }} +{{- range (splitList "\n" $config) -}} +{{- if (regexMatch "^ [^ ]" . ) -}} +{{- $storages = append $storages (trim . | trimSuffix ":") -}} +{{- end }} +{{- end }} +{{- if gt (len $storages) (len (uniq $storages)) -}} +{{- $errorMsg = append $errorMsg (printf "Each storage name must be unique. Current storage names: %s" $storages | sortAlpha | join ", ") -}} +{{- end -}} +{{- if not (has "default" $storages) -}} +{{- $errorMsg = append $errorMsg ("There must be one (and only one) storage named 'default'.") -}} +{{- end }} +{{- if not (empty $errorMsg) }} +gitaly: +{{- range $msg := $errorMsg }} + {{ $msg }} +{{- end }} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.gitaly.storageNames -}} + +{{/* +Ensure that if a user is migrating to Praefect, none of the Praefect virtual storage +names are 'default', as it should already be used by the non-Praefect storage configuration. +*/}} +{{- define "gitlab.checkConfig.praefect.storageNames" -}} +{{- if and $.Values.global.gitaly.enabled $.Values.global.praefect.enabled (not $.Values.global.praefect.replaceInternalGitaly) -}} +{{- range $i, $vs := $.Values.global.praefect.virtualStorages -}} +{{- if eq $vs.name "default" -}} +praefect: + Praefect is enabled, but `global.praefect.replaceInternalGitaly=false`. In this scenario, + none of the Praefect virtual storage names can be 'default'. Please modify + `global.praefect.virtualStorages[{{ $i }}].name`. +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.praefect.storageNames" -}} + +{{/* +Ensure a certificate is provided when Gitaly is enabled and is instructed to +listen over TLS */}} +{{- define "gitlab.checkConfig.gitaly.tls" -}} +{{- $errorMsg := list -}} +{{- if and $.Values.global.gitaly.enabled $.Values.global.gitaly.tls.enabled -}} +{{- if $.Values.global.praefect.enabled -}} +{{- range $i, $vs := $.Values.global.praefect.virtualStorages -}} +{{- if not $vs.tlsSecretName }} +{{- $errorMsg = append $errorMsg (printf "global.praefect.virtualStorages[%d].tlsSecretName not specified ('%s')" $i $vs.name) -}} +{{- end }} +{{- end }} +{{- else }} +{{- if not $.Values.global.gitaly.tls.secretName -}} +{{- $errorMsg = append $errorMsg ("global.gitaly.tls.secretName not specified") -}} +{{- end }} +{{- end }} +{{- end }} +{{- if not (empty $errorMsg) }} +gitaly: +{{- range $msg := $errorMsg }} + {{ $msg }} +{{- end }} + This configuration is not supported. +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.gitaly.tls */}} + +{{/* +Ensure a certificate is provided when Praefect is enabled and is instructed to listen over TLS +*/}} +{{- define "gitlab.checkConfig.praefect.tls" -}} +{{- if and (and $.Values.global.praefect.enabled $.Values.global.praefect.tls.enabled) (not $.Values.global.praefect.tls.secretName) }} +praefect: server enabled with TLS, no TLS certificate provided + It appears Praefect is specified to listen over TLS, but no certificate was specified. +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.praefect.tls */}} + +{{/* Check configuration of Gitaly external repos*/}} +{{- define "gitlab.checkConfig.gitaly.extern.repos" -}} +{{- if (and (not .Values.global.gitaly.enabled) (not .Values.global.gitaly.external) ) }} +gitaly: + external Gitaly repos needs to be specified if global.gitaly.enabled is not set +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.gitaly.extern.repos */}} diff --git a/templates/_checkConfig_mailroom.tpl b/templates/_checkConfig_mailroom.tpl new file mode 100644 index 0000000000..29ef87055f --- /dev/null +++ b/templates/_checkConfig_mailroom.tpl @@ -0,0 +1,60 @@ +{{/* +Ensure that tenantId and clientId are set if Microsoft Graph settings are used in incomingEmail +*/}} +{{- define "gitlab.checkConfig.incomingEmail.microsoftGraph" -}} +{{- with $.Values.global.appConfig.incomingEmail }} +{{- if (and .enabled (eq .inboxMethod "microsoft_graph")) }} +{{- if not .tenantId }} +incomingEmail: + When configuring incoming email with Microsoft Graph, be sure to specify the tenant ID. + See https://docs.gitlab.com/ee/administration/incoming_email.html#microsoft-graph +{{- end -}} +{{- if not .clientId }} +incomingEmail: + When configuring incoming email with Microsoft Graph, be sure to specify the client ID. + See https://docs.gitlab.com/ee/administration/incoming_email.html#microsoft-graph +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.incomingEmail.microsoftGraph */}} + +{{/* +Ensure that incomingEmail is enabled too if serviceDesk is enabled +*/}} +{{- define "gitlab.checkConfig.serviceDesk" -}} +{{- if $.Values.global.appConfig.serviceDeskEmail.enabled }} +{{- if not $.Values.global.appConfig.incomingEmail.enabled }} +serviceDesk: + When configuring Service Desk email, you must also configure incoming email. + See https://docs.gitlab.com/charts/charts/globals#incoming-email-settings +{{- end -}} +{{- if (not (and (contains "+%{key}@" $.Values.global.appConfig.incomingEmail.address) (contains "+%{key}@" $.Values.global.appConfig.serviceDeskEmail.address))) }} +serviceDesk: + When configuring Service Desk email, both incoming email and Service Desk email address must contain the "+%{key}" tag. + See https://docs.gitlab.com/ee/user/project/service_desk.html#using-custom-email-address +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.serviceDesk */}} + +{{/* +Ensure that tenantId and clientId are set if Microsoft Graph settings are used in serviceDesk +*/}} +{{- define "gitlab.checkConfig.serviceDesk.microsoftGraph" -}} +{{- with $.Values.global.appConfig.serviceDesk }} +{{- if (and .enabled (eq .inboxMethod "microsoft_graph")) }} +{{- if not .tenantId }} +incomingEmail: + When configuring Service Desk with Microsoft Graph, be sure to specify the tenant ID. + See https://docs.gitlab.com/ee/user/project/service_desk.html#microsoft-graph +{{- end -}} +{{- if not .clientId }} +incomingEmail: + When configuring Service Desk with Microsoft Graph, be sure to specify the client ID. + See https://docs.gitlab.com/ee/user/project/service_desk.html#microsoft-graph +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.serviceDesk.microsoftGraph */}} diff --git a/templates/_checkConfig_nginx.tpl b/templates/_checkConfig_nginx.tpl new file mode 100644 index 0000000000..89e1f66807 --- /dev/null +++ b/templates/_checkConfig_nginx.tpl @@ -0,0 +1,20 @@ +{{- define "gitlab.checkConfig.nginx.controller.extraArgs" -}} +{{- if (index $.Values "nginx-ingress").enabled -}} +{{- if hasKey (index $.Values "nginx-ingress").controller.extraArgs "force-namespace-isolation" -}} +nginx-ingress: + `nginx-ingress.controller.extraArgs.force-namespace-isolation` was previously set by default in the GitLab chart's values.yaml file, + but has since been deprecated upon the upgrade to NGINX 0.41.2 (upstream chart version 3.11.1). + Please remove the `force-namespace-isolation` key. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END "gitlab.checkConfig.nginx.controller" */}} + +{{- define "gitlab.checkConfig.nginx.clusterrole.scope" -}} +{{- if (index $.Values "nginx-ingress").rbac.scope -}} +nginx-ingress: + 'rbac.scope' should be false. Namespaced IngressClasses do not exist. + See https://github.com/kubernetes/ingress-nginx/issues/7519 +{{- end -}} +{{- end -}} +{{/* END "gitlab.checkConfig.nginx.clusterrole" */}} diff --git a/templates/_checkConfig_object_storage.tpl b/templates/_checkConfig_object_storage.tpl new file mode 100644 index 0000000000..292944e340 --- /dev/null +++ b/templates/_checkConfig_object_storage.tpl @@ -0,0 +1,38 @@ +{{/* +Ensure consolidate and type-specific object store configuration are not mixed. +*/}} +{{- define "gitlab.checkConfig.objectStorage.consolidatedConfig" -}} +{{- if $.Values.global.appConfig.object_store.enabled -}} +{{- $problematicTypes := list -}} +{{- range $objectTypes := list "artifacts" "lfs" "uploads" "packages" "externalDiffs" "terraformState" "pseudonymizer" "dependencyProxy" -}} +{{- if hasKey $.Values.global.appConfig . -}} +{{- $objectProps := index $.Values.global.appConfig . -}} +{{- if (and (index $objectProps "enabled") (or (not (empty (index $objectProps "connection"))) (empty (index $objectProps "bucket")))) -}} +{{- $problematicTypes = append $problematicTypes . -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if not (empty $problematicTypes) -}} +When consolidated object storage is enabled, for each item `bucket` must be specified and the `connection` must be empty. Check the following object storage configuration(s): {{ join "," $problematicTypes }} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.objectStorage.consolidatedConfig */}} + +{{- define "gitlab.checkConfig.objectStorage.typeSpecificConfig" -}} +{{- if and (not $.Values.global.minio.enabled) (not $.Values.global.appConfig.object_store.enabled) -}} +{{- $problematicTypes := list -}} +{{- range $objectTypes := list "artifacts" "lfs" "uploads" "packages" "externalDiffs" "terraformState" "pseudonymizer" "dependencyProxy" -}} +{{- if hasKey $.Values.global.appConfig . -}} +{{- $objectProps := index $.Values.global.appConfig . -}} +{{- if and (index $objectProps "enabled") (empty (index $objectProps "connection")) -}} +{{- $problematicTypes = append $problematicTypes . -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if not (empty $problematicTypes) -}} +When type-specific object storage is enabled the `connection` property can not be empty. Check the following object storage configuration(s): {{ join "," $problematicTypes }} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.objectStorage.typeSpecificConfig */}} diff --git a/templates/_checkConfig_postgresql.tpl b/templates/_checkConfig_postgresql.tpl new file mode 100644 index 0000000000..0a2060b190 --- /dev/null +++ b/templates/_checkConfig_postgresql.tpl @@ -0,0 +1,82 @@ +{{/* +Ensure that `postgresql.image.tag` meets current requirements +*/}} +{{- define "gitlab.checkConfig.postgresql.deprecatedVersion" -}} +{{- $imageTag := .Values.postgresql.image.tag -}} +{{- $majorVersion := (split "." (split "-" ($imageTag | toString))._0)._0 | int -}} +{{- if or (eq $majorVersion 0) (lt $majorVersion 12) -}} +postgresql: + Image tag is "{{ $imageTag }}". +{{- if (eq $majorVersion 0) }} + Image tag is malformed. It should begin with the numeric major version. +{{- else if (lt $majorVersion 12) }} + PostgreSQL 11 and earlier is not supported in GitLab 14. The minimum required version is PostgreSQL 12. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.postgresql.deprecatedVersion */}} + + +{{/* +Ensure that if `psql.password.useSecret` is set to false, a path to the password file is provided +*/}} +{{- define "gitlab.checkConfig.postgresql.noPasswordFile" -}} +{{- $errorMsg := list -}} +{{- $subcharts := pick .Values.gitlab "geo-logcursor" "gitlab-exporter" "migrations" "sidekiq" "toolbox" "webservice" -}} +{{- range $name, $sub := $subcharts -}} +{{- $useSecret := include "gitlab.boolean.local" (dict "local" (pluck "useSecret" (index $sub "psql" "password") | first) "global" $.Values.global.psql.password.useSecret "default" true) -}} +{{- if and (not $useSecret) (not (pluck "file" (index $sub "psql" "password") ($.Values.global.psql.password) | first)) -}} +{{- $errorMsg = append $errorMsg (printf "%s: If `psql.password.useSecret` is set to false, you must specify a value for `psql.password.file`." $name) -}} +{{- end -}} +{{- if and (not $useSecret) ($.Values.postgresql.install) -}} +{{- $errorMsg = append $errorMsg (printf "%s: PostgreSQL can not be deployed with this chart when using `psql.password.useSecret` is false." $name) -}} +{{- end -}} +{{- end -}} +{{- if not (empty $errorMsg) }} +postgresql: +{{- range $msg := $errorMsg }} + {{ $msg }} +{{- end }} + This configuration is not supported. +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.postgresql.noPasswordFile */}} + +{{/* +Ensure that `postgresql.install: false` when `global.psql.load_balancing` defined +*/}} +{{- define "gitlab.checkConfig.database.externalLoadBalancing" -}} +{{- if hasKey .Values.global.psql "load_balancing" -}} +{{- with .Values.global.psql.load_balancing -}} +{{- if and $.Values.postgresql.install (kindIs "map" .) }} +postgresql: + It appears PostgreSQL is set to install, but database load balancing is also enabled. This configuration is not supported. + See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings +{{- end -}} +{{- if not (kindIs "map" .) }} +postgresql: + It appears database load balancing is desired, but the current configuration is not supported. + See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings +{{- end -}} +{{- if and (not (hasKey . "discover") ) (not (hasKey . "hosts") ) }} +postgresql: + It appears database load balancing is desired, but the current configuration is not supported. + You must specify `load_balancing.hosts` or `load_balancing.discover`. + See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings +{{- end -}} +{{- if and (hasKey . "hosts") (not (kindIs "slice" .hosts) ) }} +postgresql: + Database load balancing using `hosts` is configured, but does not appear to be a list. + See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings + Current format: {{ kindOf .hosts }} +{{- end -}} +{{- if and (hasKey . "discover") (not (kindIs "map" .discover)) }} +postgresql: + Database load balancing using `discover` is configured, but does not appear to be a map. + See https://docs.gitlab.com/charts/charts/globals#configure-postgresql-settings + Current format: {{ kindOf .discover }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.database.externalLoadBalancing */}} diff --git a/templates/_checkConfig_registry.tpl b/templates/_checkConfig_registry.tpl new file mode 100644 index 0000000000..609c0d33ea --- /dev/null +++ b/templates/_checkConfig_registry.tpl @@ -0,0 +1,76 @@ +{{/* +Ensure that registry's sentry has a DSN configured if enabled +*/}} +{{- define "gitlab.checkConfig.registry.sentry.dsn" -}} +{{- if $.Values.registry.reporting.sentry.enabled }} +{{- if not $.Values.registry.reporting.sentry.dsn }} +registry: + When enabling sentry, you must configure at least one DSN. + See https://docs.gitlab.com/charts/charts/registry#reporting +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.registry.sentry.dsn */}} + +{{/* +Ensure Registry notifications settings are in global scope +*/}} +{{- define "gitlab.checkConfig.registry.notifications" }} +{{- if hasKey $.Values.registry "notifications" }} +Registry: Notifications should be defined in the global scope. Use `global.registry.notifications` setting instead of `registry.notifications`. +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.registry.notifications */}} + +{{/* +Ensure Registry database is configured properly and dependencies are met +*/}} +{{- define "gitlab.checkConfig.registry.database" -}} +{{- if $.Values.registry.database.enabled }} +{{- $validSSLModes := list "require" "disable" "allow" "prefer" "require" "verify-ca" "verify-full" -}} +{{- if not (has $.Values.registry.database.sslmode $validSSLModes) }} +registry: + Invalid SSL mode "{{ .Values.registry.database.sslmode }}". + Valid values are: {{ join ", " $validSSLModes }}. + See https://docs.gitlab.com/charts/charts/registry#database +{{- end -}} +{{- $pgImageTag := .Values.postgresql.image.tag -}} +{{- $pgMajorVersion := (split "." (split "-" ($pgImageTag | toString))._0)._0 | int -}} +{{- if lt $pgMajorVersion 12 -}} +registry: + Invalid PostgreSQL version "{{ $pgImageTag }}". + PostgreSQL 12 is the minimum required version for the registry database. + See https://docs.gitlab.com/charts/charts/registry#database +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.registry.database */}} + +{{/* +Ensure Registry migration is configured properly and dependencies are met +*/}} +{{- define "gitlab.checkConfig.registry.migration" -}} +{{- if and $.Values.registry.migration.enabled (not $.Values.registry.database.enabled) }} +registry: + Enabling migration mode requires the metadata database to be enabled. + See https://docs.gitlab.com/charts/charts/registry#migration +{{- end -}} +{{- if and $.Values.registry.migration.disablemirrorfs (not $.Values.registry.database.enabled) }} +registry: + Disabling filesystem metadata requires the metadata database to be enabled. + See https://docs.gitlab.com/charts/charts/registry#migration +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.registry.migration */}} + +{{/* +Ensure Registry online garbage collection is configured properly and dependencies are met +*/}} +{{- define "gitlab.checkConfig.registry.gc" -}} +{{- if not (or $.Values.registry.gc.disabled $.Values.registry.database.enabled) }} +registry: + Enabling online garbage collection requires the metadata database to be enabled. + See https://docs.gitlab.com/charts/charts/registry#gc +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.registry.gc */}} diff --git a/templates/_checkConfig_sidekiq.tpl b/templates/_checkConfig_sidekiq.tpl new file mode 100644 index 0000000000..5e507dcf60 --- /dev/null +++ b/templates/_checkConfig_sidekiq.tpl @@ -0,0 +1,75 @@ +{{/* Check configuration of Sidekiq - don't supply queues and negateQueues */}} +{{- define "gitlab.checkConfig.sidekiq.queues.mixed" -}} +{{- if .Values.gitlab.sidekiq.pods -}} +{{- range $pod := .Values.gitlab.sidekiq.pods -}} +{{- if and (hasKey $pod "queues") (hasKey $pod "negateQueues") }} +sidekiq: mixed queues + It appears you've supplied both `queues` and `negateQueues` for the pod definition of `{{ $pod.name }}`. `negateQueues` is not usable if `queues` is provided. Please use only one. +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.sidekiq.queues.mixed */}} + +{{/* Check configuration of Sidekiq - queues must be a string */}} +{{- define "gitlab.checkConfig.sidekiq.queues" -}} +{{- if .Values.gitlab.sidekiq.pods -}} +{{- range $pod := .Values.gitlab.sidekiq.pods -}} +{{- if and (hasKey $pod "queues") (ne (kindOf $pod.queues) "string") }} +sidekiq: + The `queues` in pod definition `{{ $pod.name }}` is not a string. +{{- else if and (hasKey $pod "negateQueues") (ne (kindOf $pod.negateQueues) "string") }} +sidekiq: + The `negateQueues` in pod definition `{{ $pod.name }}` is not a string. +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.sidekiq.queues */}} + +{{/* +Ensure that Sidekiq timeout is less than terminationGracePeriodSeconds +*/}} +{{- define "gitlab.checkConfig.sidekiq.timeout" -}} +{{- range $i, $pod := $.Values.gitlab.sidekiq.pods -}} +{{- $activeTimeout := int (default $.Values.gitlab.sidekiq.timeout $pod.timeout) }} +{{- $activeTerminationGracePeriodSeconds := int (default $.Values.gitlab.sidekiq.deployment.terminationGracePeriodSeconds $pod.terminationGracePeriodSeconds) }} +{{- if gt $activeTimeout $activeTerminationGracePeriodSeconds }} +sidekiq: + You must set `terminationGracePeriodSeconds` ({{ $activeTerminationGracePeriodSeconds }}) longer than `timeout` ({{ $activeTimeout }}) for pod `{{ $pod.name }}`. +{{- end }} +{{- end }} +{{- end -}} +{{/* END gitlab.checkConfig.sidekiq.timeout */}} + +{{/* +Ensure that Sidekiq routingRules configuration is in a valid format +*/}} +{{- define "gitlab.checkConfig.sidekiq.routingRules" -}} +{{- $validRoutingRules := true -}} +{{- with $.Values.global.appConfig.sidekiq.routingRules }} +{{- if not (kindIs "slice" .) }} +{{- $validRoutingRules = false }} +{{- else -}} +{{- range $rule := . }} +{{- if (not (kindIs "slice" $rule)) }} +{{- $validRoutingRules = false }} +{{- else if (ne (len $rule) 2) }} +{{- $validRoutingRules = false }} +{{/* The first item (routing query) must be a string */}} +{{- else if not (kindIs "string" (index $rule 0)) }} +{{- $validRoutingRules = false }} +{{/* The second item (queue name) must be either a string or null */}} +{{- else if not (or (kindIs "invalid" (index $rule 1)) (kindIs "string" (index $rule 1))) -}} +{{- $validRoutingRules = false }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if eq false $validRoutingRules }} +sidekiq: + The Sidekiq's routing rules list must be an ordered array of tuples of query and corresponding queue. + See https://docs.gitlab.com/charts/charts/globals.html#sidekiq-routing-rules-settings +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.sidekiq.routingRules */}} diff --git a/templates/_checkConfig_toolbox.tpl b/templates/_checkConfig_toolbox.tpl new file mode 100644 index 0000000000..71c806a7e5 --- /dev/null +++ b/templates/_checkConfig_toolbox.tpl @@ -0,0 +1,26 @@ +{{/* +Ensure that a valid object storage config secret is provided. +*/}} +{{- define "gitlab.toolbox.backups.objectStorage.config.secret" -}} +{{- if or .Values.gitlab.toolbox.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) (eq .Values.gitlab.toolbox.backups.objectStorage.backend "gcs") }} +{{- if not .Values.gitlab.toolbox.backups.objectStorage.config.secret -}} +toolbox: + A valid object storage config secret is needed for backups. + Please configure it via `gitlab.toolbox.backups.objectStorage.config.secret`. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.toolbox.backups.objectStorage.config.secret */}} + +{{/* +Ensure that gitlab/toolbox is not configured with `replicas` > 1 if +persistence is enabled. +*/}} +{{- define "gitlab.toolbox.replicas" -}} +{{- $replicas := index $.Values.gitlab "toolbox" "replicas" | int -}} +{{- if and (gt $replicas 1) (index $.Values.gitlab "toolbox" "persistence" "enabled") -}} +toolbox: replicas is greater than 1, with persistence enabled. + It appear that `gitlab/toolbox` has been configured with more than 1 replica, but also with a PersistentVolumeClaim. This is not supported. Please either reduce the replicas to 1, or disable persistence. +{{- end -}} +{{- end -}} +{{/* END gitlab.toolbox.replicas */}} diff --git a/templates/_checkConfig_webservice.tpl b/templates/_checkConfig_webservice.tpl new file mode 100644 index 0000000000..3cf280547e --- /dev/null +++ b/templates/_checkConfig_webservice.tpl @@ -0,0 +1,50 @@ +{{/* +Ensure the provided global.appConfig.maxRequestDurationSeconds value is smaller than +webservice's worker timeout */}} +{{- define "gitlab.checkConfig.appConfig.maxRequestDurationSeconds" -}} +{{- $maxDuration := $.Values.global.appConfig.maxRequestDurationSeconds }} +{{- if $maxDuration }} +{{- $workerTimeout := $.Values.global.webservice.workerTimeout }} +{{- if not (lt $maxDuration $workerTimeout) }} +gitlab: maxRequestDurationSeconds should be smaller than Webservice's worker timeout + The current value of global.appConfig.maxRequestDurationSeconds ({{ $maxDuration }}) is greater than or equal to global.webservice.workerTimeout ({{ $workerTimeout }}) while it should be a lesser value. +{{- end }} +{{- end }} +{{- end }} +{{/* END gitlab.checkConfig.appConfig.maxRequestDurationSeconds */}} + +{{/* +Ensure terminationGracePeriodSeconds is longer than blackoutSeconds +*/}} +{{- define "gitlab.checkConfig.webservice.gracePeriod" -}} +{{- $terminationGracePeriodSeconds := default 30 .Values.gitlab.webservice.deployment.terminationGracePeriodSeconds | int -}} +{{- $blackoutSeconds := .Values.gitlab.webservice.shutdown.blackoutSeconds | int -}} +{{- if lt $terminationGracePeriodSeconds $blackoutSeconds }} +You must set terminationGracePeriodSeconds ({{ $terminationGracePeriodSeconds }}) longer than blackoutSeconds ({{ $blackoutSeconds }}) +{{ end -}} +{{- end -}} +{{/* END gitlab.checkConfig.webservice.gracePeriod */}} + +{{/* +Ensure that when type is set to LoadBalancer that loadBalancerSourceRanges are set +*/}} +{{- define "gitlab.checkConfig.webservice.loadBalancer" -}} +{{- if .Values.gitlab.webservice.enabled -}} +{{- $serviceType := .Values.gitlab.webservice.service.type -}} +{{- $numDeployments := len .Values.gitlab.webservice.deployments -}} +{{- if (and (eq $serviceType "LoadBalancer") (gt $numDeployments 1)) }} +webservice: + It is not currently recommended to set a service type of `LoadBalancer` with multiple deployments defined. + Instead, use a global `service.type` of `ClusterIP` and override `service.type` in each deployment. +{{- end -}} +{{- range $name, $deployment := .Values.gitlab.webservice.deployments -}} +{{- $serviceType := $deployment.service.type -}} +{{- $loadBalancerSourceRanges := $deployment.service.loadBalancerSourceRanges -}} +{{- if (and (eq $serviceType "LoadBalancer") (empty ($loadBalancerSourceRanges))) }} +webservice: + It is not currently recommended to set a service type of `{{ $serviceType }}` on a public exposed network without restrictions, please add `service.loadBalancerSourceRanges` to limit access to the service of the `{{ $name }}` deployment. +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.webservice.loadBalancer */}} -- GitLab From b2f736b083aefe47479bf94c243f9cbc25ef67bd Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 24 Jan 2022 04:02:27 +0000 Subject: [PATCH 231/253] Update gitlab-org/container-registry from 3.22.0-gitlab to 3.23.0-gitlab Changelog: changed --- charts/registry/Chart.yaml | 2 +- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 87e7361c9b..d1fcda1073 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: registry version: 0.7.0 -appVersion: 'v3.22.0-gitlab' +appVersion: 'v3.23.0-gitlab' description: Stateless, highly scalable application that stores and lets you distribute container images details: Container Registry component of GitLab diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 23922f6869..6d5c2b80da 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.22.0-gitlab' + tag: 'v3.23.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 2ae833fd70..4611de06f6 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.22.0-gitlab' + tag: 'v3.23.0-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -154,7 +154,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.22.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.23.0-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -281,7 +281,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.22.0-gitlab'` +- `tag: 'v3.23.0-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From a49fc5ff17ed7f5f0fd767e1a7850d8d7f6f3e64 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 24 Jan 2022 04:02:31 +0000 Subject: [PATCH 232/253] Update gitlab-org/charts/gitlab-runner from 0.37.0 to 0.37.2 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index 0ef2a2262c..4241eab788 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.37.0 + version: 0.37.2 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From 696196501fc80510a0b68043a07ddc112eb6a699 Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Sat, 22 Jan 2022 22:58:44 +0000 Subject: [PATCH 233/253] Fixed typo --- doc/charts/gitlab/gitlab-pages/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index c35356331b..3ea0520bc6 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -118,8 +118,8 @@ This section controls the GitLab Pages Ingress. | `annotations` | String | | This field is an exact match to the standard `annotations` for [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). | | `configureCertmanager` | Boolean | `false` | Toggles Ingress annotation `cert-manager.io/issuer`. The acquisition of a TLS certificate for GitLab Pages via cert-manager is disabled because a wildcard certificate acquisition requires a cert-manager Issuer with a [DNS01 solver](https://cert-manager.io/docs/configuration/acme/dns01/), and the Issuer deployed by this chart only provides a [HTTP01 solver](https://cert-manager.io/docs/configuration/acme/http01/). For more information see the [TLS requirement for GitLab Pages](../../../installation/tls.md). | | `enabled` | Boolean | | Setting that controls whether to create Ingress objects for services that support them. When not set, the `global.ingress.enabled` setting is used. | -| `tls.enabled` | Boolean | | When set to `false`, you disable TLS for the Registry subchart. This is mainly useful for cases in which you cannot use TLS termination at `ingress-level`, like when you have a TLS-terminating proxy before the Ingress Controller. | -| `tls.secretName` | String | | The name of the Kubernetes TLS Secret that contains a valid certificate and key for the registry URL. When not set, the `global.ingress.tls.secretName` is used instead. Defaults to not being set. | +| `tls.enabled` | Boolean | | When set to `false`, you disable TLS for the Pages subchart. This is mainly useful for cases in which you cannot use TLS termination at `ingress-level`, like when you have a TLS-terminating proxy before the Ingress Controller. | +| `tls.secretName` | String | | The name of the Kubernetes TLS Secret that contains a valid certificate and key for the pages URL. When not set, the `global.ingress.tls.secretName` is used instead. Defaults to not being set. | ## Chart configuration examples -- GitLab From 8ecefa77ba3c3e956a05debe24c68744fef207fd Mon Sep 17 00:00:00 2001 From: Dmytro Makovey Date: Wed, 12 Jan 2022 14:48:03 +0000 Subject: [PATCH 234/253] add customization to annotations Changelog: fixed --- .../charts/gitlab-exporter/templates/deployment.yaml | 8 ++++++-- charts/gitlab/charts/gitlab-exporter/values.yaml | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml index 2853a9f5e4..afed61ac0b 100644 --- a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml @@ -28,9 +28,13 @@ spec: {{- include "gitlab.podLabels" . | nindent 8 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.metrics.enabled }} + {{- if .Values.metrics.enabled }} {{- toYaml .Values.metrics.annotations | nindent 8 }} -{{- end }} + {{- end }} + {{- range $key, $value := .Values.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} diff --git a/charts/gitlab/charts/gitlab-exporter/values.yaml b/charts/gitlab/charts/gitlab-exporter/values.yaml index e8a69277ab..d8c2ed0204 100644 --- a/charts/gitlab/charts/gitlab-exporter/values.yaml +++ b/charts/gitlab/charts/gitlab-exporter/values.yaml @@ -28,6 +28,8 @@ enabled: true # Tolerations for pod scheduling tolerations: [] +annotations: {} + podLabels: {} common: labels: {} -- GitLab From 791111b35dbc695e959133a506379289e835bace Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Wed, 26 Jan 2022 15:08:07 +0000 Subject: [PATCH 235/253] Warn helm charts create poc --- doc/installation/index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/installation/index.md b/doc/installation/index.md index ecddf746c1..b76cafcf27 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -8,6 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w Install GitLab on Kubernetes with the cloud native GitLab Helm chart. +## Helm chart only deployment creates a POC configuration +Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLabs Cloud Native Hybrid Reference Architectures specify that the stateful Git Repository Storage dataplane known as Gitaly must run on instance compute in order to scale and service the many varieties of Git workloads found in production environements. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. + +## Getting started for production Cloud Native Hybrid +The reference architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. + +## GitLab deployment with Infrastructure as Code (IaC) +GitLab develops Infrastructure as Code IaC that is capable of configuring the combination of helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) + ## Requirements To deploy GitLab on Kubernetes, the following are required: -- GitLab From 862afd9793fc6a3f43a2c5b7a41af56a1088624e Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Wed, 26 Jan 2022 15:25:02 +0000 Subject: [PATCH 236/253] Markdown fixup --- doc/installation/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/installation/index.md b/doc/installation/index.md index b76cafcf27..94f940913b 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -9,12 +9,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration + Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLabs Cloud Native Hybrid Reference Architectures specify that the stateful Git Repository Storage dataplane known as Gitaly must run on instance compute in order to scale and service the many varieties of Git workloads found in production environements. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Getting started for production Cloud Native Hybrid + The reference architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. ## GitLab deployment with Infrastructure as Code (IaC) + GitLab develops Infrastructure as Code IaC that is capable of configuring the combination of helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) ## Requirements -- GitLab From 6642d197eb868c46c3d55af2e4e6cf6b531f7dce Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Wed, 26 Jan 2022 15:38:39 +0000 Subject: [PATCH 237/253] Correct capitalization of Helm --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 94f940913b..eb3139fd7c 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -18,7 +18,7 @@ The reference architecture for deploying GitLab instances to Kubernetes is calle ## GitLab deployment with Infrastructure as Code (IaC) -GitLab develops Infrastructure as Code IaC that is capable of configuring the combination of helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) +GitLab develops Infrastructure as Code IaC that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) ## Requirements -- GitLab From c46e0785379f284b612752890f0f056335d253ed Mon Sep 17 00:00:00 2001 From: Grant Young Date: Wed, 26 Jan 2022 16:42:05 +0000 Subject: [PATCH 238/253] Apply Grants suggestions --- doc/installation/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index eb3139fd7c..96638108e4 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -10,11 +10,11 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration -Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLabs Cloud Native Hybrid Reference Architectures specify that the stateful Git Repository Storage dataplane known as Gitaly must run on instance compute in order to scale and service the many varieties of Git workloads found in production environements. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. +Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) instance compute in order to scale and service the many varieties of Git workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Getting started for production Cloud Native Hybrid -The reference architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. +The Reference Architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. ## GitLab deployment with Infrastructure as Code (IaC) -- GitLab From 77325fc3c3f425dd55754d340f936049413b8939 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Wed, 26 Jan 2022 16:45:31 +0000 Subject: [PATCH 239/253] Clarifications for Postgres to state store --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 96638108e4..40161f7201 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -10,7 +10,7 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration -Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) instance compute in order to scale and service the many varieties of Git workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. +Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Getting started for production Cloud Native Hybrid -- GitLab From a5571f1f7f2757030c1f8348078b576e88a581b1 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 12:10:32 +0000 Subject: [PATCH 240/253] Helm charts config for external state storage --- doc/installation/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/installation/index.md b/doc/installation/index.md index 40161f7201..a8346d0ad9 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -12,6 +12,9 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. +## Helm charts are configurable to externalize stateful components +These Helm charts can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below do exactly that using these same charts. If you are doing a production-grade implementation by hand build or via custom IaC, these chart parameters should be used to point to prebuilt, externalized state stores. + ## Getting started for production Cloud Native Hybrid The Reference Architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. -- GitLab From 93e8c66fb1ac143456863f7100d98deb7446205a Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 12:19:52 +0000 Subject: [PATCH 241/253] Clarify helm parameters --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index a8346d0ad9..c3b826f605 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -13,7 +13,7 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Helm charts are configurable to externalize stateful components -These Helm charts can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below do exactly that using these same charts. If you are doing a production-grade implementation by hand build or via custom IaC, these chart parameters should be used to point to prebuilt, externalized state stores. +There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the choosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures). ## Getting started for production Cloud Native Hybrid -- GitLab From 05dddb1d17c9ab7ab512e7d428018ccb75a3f3b2 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 12:44:12 +0000 Subject: [PATCH 242/253] Fixing possessive GitLab reference --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index c3b826f605..03bde244e0 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -10,7 +10,7 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration -Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab's Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. +Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Helm charts are configurable to externalize stateful components There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the choosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures). -- GitLab From f0295dd9a148098f55ca8be83bbeea34c7e650ea Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 13:16:44 +0000 Subject: [PATCH 243/253] Fix heading spacing --- doc/installation/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/index.md b/doc/installation/index.md index 03bde244e0..82f629055f 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -13,6 +13,7 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. ## Helm charts are configurable to externalize stateful components + There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the choosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures). ## Getting started for production Cloud Native Hybrid -- GitLab From 2226513b16e126754d73a010cf88f9f9d32fbbf2 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 13:55:38 +0000 Subject: [PATCH 244/253] Cross reference from higher level in docs --- doc/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/index.md b/doc/index.md index 4cb8b969d1..fa57ed65b3 100644 --- a/doc/index.md +++ b/doc/index.md @@ -12,6 +12,9 @@ NOTE: It is not necessary to have GitLab installed on Kubernetes to use the [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/). +NOTE: +Please note that a charts-only installation of a GitLab instance places stateful services into the cluster - this is provided for the convenience of conducting POCs - but is not GitLab Reference Architecture compliant. Read more about details about how to deploy GitLab to Kubernetes for production-grade implementations in [Installing GitLab using Helm](installation/index.md). + ## Introduction The `gitlab/gitlab` chart is the best way to operate GitLab on Kubernetes. This chart -- GitLab From ed5999d3a43cd9a5b079bdb4b2b98eaf88ca6e4d Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 27 Jan 2022 14:00:41 +0000 Subject: [PATCH 245/253] Remove extra wod --- doc/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/index.md b/doc/index.md index fa57ed65b3..e85fa551fb 100644 --- a/doc/index.md +++ b/doc/index.md @@ -13,7 +13,7 @@ It is not necessary to have GitLab installed on Kubernetes to use the [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/). NOTE: -Please note that a charts-only installation of a GitLab instance places stateful services into the cluster - this is provided for the convenience of conducting POCs - but is not GitLab Reference Architecture compliant. Read more about details about how to deploy GitLab to Kubernetes for production-grade implementations in [Installing GitLab using Helm](installation/index.md). +Please note that a charts-only installation of a GitLab instance places stateful services into the cluster - this is provided for the convenience of conducting POCs - but is not GitLab Reference Architecture compliant. Read more details about how to deploy GitLab to Kubernetes for production-grade implementations in [Installing GitLab using Helm](installation/index.md). ## Introduction -- GitLab From a585749863809abbcd3f578113ac242732b4765d Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Tue, 1 Feb 2022 17:57:02 +0000 Subject: [PATCH 246/253] Applying several suggestions --- doc/index.md | 2 +- doc/installation/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/index.md b/doc/index.md index e85fa551fb..4c6785fec7 100644 --- a/doc/index.md +++ b/doc/index.md @@ -13,7 +13,7 @@ It is not necessary to have GitLab installed on Kubernetes to use the [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/). NOTE: -Please note that a charts-only installation of a GitLab instance places stateful services into the cluster - this is provided for the convenience of conducting POCs - but is not GitLab Reference Architecture compliant. Read more details about how to deploy GitLab to Kubernetes for production-grade implementations in [Installing GitLab using Helm](installation/index.md). +A charts-only installation of a GitLab instance places stateful services into the cluster. This is provided for the convenience of conducting proof of concepts, but is not GitLab [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/) compliant. Read more about details about how to deploy GitLab to Kubernetes for production-grade implementations in the [GitLab Helm chart documentation](installation/index.md). ## Introduction diff --git a/doc/installation/index.md b/doc/installation/index.md index 82f629055f..5c2df3225b 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -10,11 +10,11 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration -Installing GitLab using only the Helm charts creates a POC implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as Postgres or Gitaly (Git Repository Storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis and Object storage for all non Git Repository storages. +Installing GitLab using only the Helm charts creates a proof of concept (POC) implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as PostgreSQL or Gitaly (Git repository storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis, and object storage for all non Git repository storages. ## Helm charts are configurable to externalize stateful components -There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the choosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures). +There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). ## Getting started for production Cloud Native Hybrid @@ -22,7 +22,7 @@ The Reference Architecture for deploying GitLab instances to Kubernetes is calle ## GitLab deployment with Infrastructure as Code (IaC) -GitLab develops Infrastructure as Code IaC that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) +GitLab develops Infrastructure as Code that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS, a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS-specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) ## Requirements -- GitLab From a96eefbc96fd215d25eb7765d9769d81c66704da Mon Sep 17 00:00:00 2001 From: Dustin Collins <714871-dustinmm80@users.noreply.gitlab.com> Date: Thu, 17 Feb 2022 13:44:36 +0000 Subject: [PATCH 247/253] Applying requested suggestions --- doc/installation/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 5c2df3225b..a9edad5c25 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -10,11 +10,11 @@ Install GitLab on Kubernetes with the cloud native GitLab Helm chart. ## Helm chart only deployment creates a POC configuration -Installing GitLab using only the Helm charts creates a proof of concept (POC) implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as PostgreSQL or Gitaly (Git repository storage dataplane) run outside the cluster on PaaS or instance compute. This is required in order to scale and reliably service the many varieties of workloads found in production environments. Additionally, it is allowable, and generally preferable to take advantage of Cloud PaaS for PostgreSQL, Redis, and object storage for all non Git repository storages. +Installing GitLab using only the Helm charts creates a proof of concept (POC) implementation where all GitLab services are placed into the cluster. GitLab Cloud Native Hybrid Reference Architectures specify that the stateful components such as PostgreSQL or Gitaly (Git repository storage dataplane) run outside the cluster on PaaS or compute instances. This is required in order to scale and reliably service the many varieties of workloads found in production GitLab environments. Additionally it is allowable, and generally preferable, to take advantage of Cloud PaaS for PostgreSQL, Redis, and object storage for all non-Git repository storages. ## Helm charts are configurable to externalize stateful components -There in only one set of GitLab Helm charts and they can be parameterized to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation by hand build or via custom IaC, the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). +The GitLab Helm charts [can be configured](https://docs.gitlab.com/charts/charts/) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). ## Getting started for production Cloud Native Hybrid -- GitLab From c79094515adbd9912931942f860d7bed487b470b Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 17 Feb 2022 13:55:07 +0000 Subject: [PATCH 248/253] Update resources section --- doc/installation/index.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index a9edad5c25..1ff4392f52 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -20,9 +20,12 @@ The GitLab Helm charts [can be configured](https://docs.gitlab.com/charts/charts The Reference Architecture for deploying GitLab instances to Kubernetes is called Cloud Native Hybrid specifically because not all GitLab services can run in the cluster for production-grade implementations. Each Cloud Native Hybrid Reference Architecture is detailed within the overall architecture page. For instance, here is the [Cloud Native Hybrid reference architecture](https://docs.gitlab.com/ee/administration/reference_architectures/3k_users.html#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) alternative for the 3,000 user count. -## GitLab deployment with Infrastructure as Code (IaC) +## GitLab Cloud Native Hybrid deployment with Infrastructure as Code (IaC) and builder resources -GitLab develops Infrastructure as Code that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure via the [GitLab Environment Toolkit](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). For AWS, a second option is the [AWS Quick Start](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid). Regardless of how you are building Cloud Native Hybrid, there is AWS-specific guidance and bills of materials in the implementation pattern [Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) +GitLab develops Infrastructure as Code that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure: +- [GitLab Environment Toolkit IaC](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). +- [AWS Quick Start for GitLab Cloud Native Hybrid on EKS IaC](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid) - this tooling is under development, for GA status please follow this issue: [AWS Quick Start for GitLab Cloud Native Hybrid on EKS Status](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/11) +- [Implementation Pattern: Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) - regardless of how you are building Cloud Native Hybrid, this resource provides a Bill of Materials tested with GitLab Performance Toolkit and budgets using AWS Cost Calculator. ## Requirements -- GitLab From b0ca3c856fcdb13805ed135bbe70e2d1ae3a6392 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 17 Feb 2022 14:07:48 +0000 Subject: [PATCH 249/253] Fix relative link --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 1ff4392f52..57ea2f0c80 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -14,7 +14,7 @@ Installing GitLab using only the Helm charts creates a proof of concept (POC) im ## Helm charts are configurable to externalize stateful components -The GitLab Helm charts [can be configured](https://docs.gitlab.com/charts/charts/) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). +The GitLab Helm charts [can be configured](../charts/charts/) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). ## Getting started for production Cloud Native Hybrid -- GitLab From 1bf1dcc7587e07cc0f2acff93a631cd954498748 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 17 Feb 2022 14:15:37 +0000 Subject: [PATCH 250/253] Fixing linting problems --- doc/installation/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 57ea2f0c80..48d5fc2ffc 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -14,7 +14,7 @@ Installing GitLab using only the Helm charts creates a proof of concept (POC) im ## Helm charts are configurable to externalize stateful components -The GitLab Helm charts [can be configured](../charts/charts/) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). +The GitLab Helm charts [can be configured](../charts/charts/index.md) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). ## Getting started for production Cloud Native Hybrid @@ -23,6 +23,7 @@ The Reference Architecture for deploying GitLab instances to Kubernetes is calle ## GitLab Cloud Native Hybrid deployment with Infrastructure as Code (IaC) and builder resources GitLab develops Infrastructure as Code that is capable of configuring the combination of Helm charts and supplemental cloud infrastructure: + - [GitLab Environment Toolkit IaC](https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit). - [AWS Quick Start for GitLab Cloud Native Hybrid on EKS IaC](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html#available-infrastructure-as-code-for-gitlab-cloud-native-hybrid) - this tooling is under development, for GA status please follow this issue: [AWS Quick Start for GitLab Cloud Native Hybrid on EKS Status](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/11) - [Implementation Pattern: Provision GitLab Cloud Native Hybrid on AWS EKS](https://docs.gitlab.com/ee/install/aws/gitlab_hybrid_on_aws.html) - regardless of how you are building Cloud Native Hybrid, this resource provides a Bill of Materials tested with GitLab Performance Toolkit and budgets using AWS Cost Calculator. -- GitLab From 23335cd7eeb0a1ddbfe3a4a75fd0da7ba5bd0db1 Mon Sep 17 00:00:00 2001 From: DarwinJS Date: Thu, 17 Feb 2022 14:18:42 +0000 Subject: [PATCH 251/253] Fixing relative link --- doc/installation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/index.md b/doc/installation/index.md index 48d5fc2ffc..81c5dc6df8 100644 --- a/doc/installation/index.md +++ b/doc/installation/index.md @@ -14,7 +14,7 @@ Installing GitLab using only the Helm charts creates a proof of concept (POC) im ## Helm charts are configurable to externalize stateful components -The GitLab Helm charts [can be configured](../charts/charts/index.md) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). +The GitLab Helm charts [can be configured](../charts/) to point to external stateful storage for items such as the PostgreSQL, Redis, all Non-Git repository storage as well as Git repository storage (Gitaly). The Infrastructure as Code (IaC) options below use this approach. For production-grade implementation the appropriate chart parameters should be used to point to prebuilt, externalized state stores that align with the chosen [Reference Architecture](https://docs.gitlab.com/ee/administration/reference_architectures/). ## Getting started for production Cloud Native Hybrid -- GitLab From 137f61056f8d448602cd2d6db5dd08887eb2095e Mon Sep 17 00:00:00 2001 From: Dustin Collins Date: Thu, 17 Feb 2022 14:06:19 -0600 Subject: [PATCH 252/253] mergefix1 --- CHANGELOG.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01350ce380..bad5c4e423 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,13 +35,10 @@ No changes. - [Update gitlab-org/container-registry from 3.20.0-gitlab to 3.21.0-gitlab](gitlab-org/charts/gitlab@52b9f0d5b6ae45cbf578dffd94cd1e544938a093) ([merge request](gitlab-org/charts/gitlab!2337)) - [Update gitlab-org/container-registry from 3.19.0-gitlab to 3.20.0-gitlab](gitlab-org/charts/gitlab@4ae9e795d2ae3ceec5f2d75a9c5c9ecefb88f707) ([merge request](gitlab-org/charts/gitlab!2334)) -<<<<<<< HEAD -======= ## 5.6.4 (2022-02-03) No changes. ->>>>>>> master ## 5.6.3 (2022-01-18) No changes. @@ -65,13 +62,10 @@ No changes. - [Update gitlab-org/charts/gitlab-runner from 0.34.0 to 0.35.0](gitlab-org/charts/gitlab@12c4740147c25f788061176f124e5749eb9a7726) ([merge request](gitlab-org/charts/gitlab!2275)) - [Update gitlab-org/container-registry from 3.15.0-gitlab to 3.16.0-gitlab](gitlab-org/charts/gitlab@3d2e013c2c37ee987fa064dacb8ae3f2f645aa4b) ([merge request](gitlab-org/charts/gitlab!2276)) -<<<<<<< HEAD -======= ## 5.5.4 (2022-02-03) No changes. ->>>>>>> master ## 5.5.3 (2022-01-11) No changes. -- GitLab From 39fa9f06067c7a0de35ef866750e094ce98687fd Mon Sep 17 00:00:00 2001 From: Dustin Collins Date: Thu, 17 Feb 2022 14:09:19 -0600 Subject: [PATCH 253/253] mergefix2 --- doc/advanced/geo/index.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/advanced/geo/index.md b/doc/advanced/geo/index.md index 9b980be061..fbc91bc7f2 100644 --- a/doc/advanced/geo/index.md +++ b/doc/advanced/geo/index.md @@ -593,12 +593,6 @@ replicating missing data from the **primary** site. This process is known as "ba Meanwhile, the **primary** site starts to notify each **secondary** site of any changes, so that the **secondary** site can replicate those changes promptly. -## Use Geo proxying for secondary sites - -To serve read-write traffic by proxying to the primary site, you can -[enable Geo secondary proxying](https://docs.gitlab.com/ee/administration/geo/secondary_proxy/) -and use a single, unified URL for all Geo sites. - ## Confirm Operational Status The final step is to double check the Geo configuration on the secondary site once fully -- GitLab