From ce8cb69873d04def5ba9c2e0a47774533b542f4b Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Tue, 10 Jul 2018 14:44:13 -0400 Subject: [PATCH 1/6] minio: make `enabled` a global flag in all charts Expand the use of `global.minio.enabled` to all charts in the repository. Also, actually set the default of `true` for `global.minio.enabled`. --- charts/gitlab/charts/sidekiq/templates/configmap.yaml | 6 +++--- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 2 +- charts/gitlab/charts/sidekiq/values.yaml | 2 ++ .../gitlab/charts/task-runner/templates/configmap.yaml | 4 ++-- .../charts/task-runner/templates/deployment.yaml | 4 +++- charts/gitlab/charts/task-runner/values.yaml | 2 ++ charts/gitlab/charts/unicorn/templates/configmap.yml | 6 +++--- charts/gitlab/charts/unicorn/templates/deployment.yaml | 2 +- charts/gitlab/charts/unicorn/values.yaml | 2 ++ charts/gitlab/templates/_minio.tpl | 10 ---------- charts/registry/templates/configmap.yaml | 2 +- values.yaml | 1 + 12 files changed, 21 insertions(+), 22 deletions(-) delete mode 100644 charts/gitlab/templates/_minio.tpl diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 01848bd671..1c8236fb7c 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -57,7 +57,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.artifacts.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 @@ -78,7 +78,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 @@ -99,7 +99,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.uploads.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 07316d3f06..1682919895 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -9,7 +9,7 @@ {{- $timeout := .Values.timeout -}} {{- $resources := .Values.resources -}} {{- $nodeSelector := .Values.nodeSelector -}} -{{- $minioEnabled := .Values.minio.enabled -}} +{{- $minioEnabled := .Values.global.minio.enabled -}} {{- $minioSecret := include "gitlab.minio.credentials.secret" . -}} {{- $redisSecret := include "gitlab.redis.password.secret" . -}} {{- $redisKey := include "gitlab.redis.password.key" . -}} diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index 1d269215a4..343db041c5 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -53,6 +53,8 @@ global: password: {} gitaly: authToken: {} + minio: + enabled: gitaly: # host: '0.0.0.0' # port: 8075 diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index c164f14537..ea8306d752 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -49,7 +49,7 @@ data: enabled: {{ eq .Values.lfs.enabled true }} object_store: enabled: true - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} remote_directory: {{ .Values.minio.bucket }} {{- else }} remote_directory: {{ .Values.lfs.bucket }} @@ -57,7 +57,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index ac49a56935..f1e2098e98 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -56,10 +56,12 @@ spec: value: {{ .Values.backups.bucketNames.lfs }} - name: BACKUP_BUCKET_NAME value: {{ .Values.backups.bucketNames.backups }} + {{- if .Values.global.minio.enabled }} - name: S3_CONFIG_DIR value: "/etc/gitlab/minio" - name: S3_ENDPOINT value: {{ template "gitlab.minio.endpoint" .}} + {{- end }} - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY @@ -115,7 +117,7 @@ spec: items: - key: registry-auth.key path: registry/gitlab-registry.key - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} - secret: name: {{ template "gitlab.minio.credentials.secret" . }} items: diff --git a/charts/gitlab/charts/task-runner/values.yaml b/charts/gitlab/charts/task-runner/values.yaml index d1bc20d1a4..828a12ef88 100644 --- a/charts/gitlab/charts/task-runner/values.yaml +++ b/charts/gitlab/charts/task-runner/values.yaml @@ -31,6 +31,8 @@ global: password: {} gitaly: authToken: {} + minio: + enabled: backups: bucketNames: backups: gitlab-backups diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 94264cf076..679a3c1c5f 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -91,7 +91,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.artifacts.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 @@ -112,7 +112,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 @@ -133,7 +133,7 @@ data: direct_upload: true background_upload: false proxy_download: {{ eq .Values.uploads.proxy_download true }} - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} connection: provider: AWS region: us-east-1 diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 429bfe9ac4..085b07f787 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -186,7 +186,7 @@ spec: items: - key: registry-auth.key path: registry/gitlab-registry.key - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} - secret: name: {{ template "gitlab.minio.credentials.secret" . }} items: diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index 63e84fb6e0..1e8c548259 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -96,6 +96,8 @@ global: password: {} gitaly: authToken: {} + minio: + enabled: redis: password: {} gitaly: diff --git a/charts/gitlab/templates/_minio.tpl b/charts/gitlab/templates/_minio.tpl deleted file mode 100644 index 8f49c92a97..0000000000 --- a/charts/gitlab/templates/_minio.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{/* ######### Minio related templates */}} - -{{/* -Return the minio service endpoint -*/}} -{{- define "gitlab.minio.endpoint" -}} -{{- $name := default "minio-svc" .Values.minio.serviceName -}} -{{- $port := default 9000 .Values.minio.port | int -}} -{{- printf "http://%s-%s:%d" .Release.Name $name $port -}} -{{- end -}} diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index 53d74e1aef..c6ac0a7ed6 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -39,7 +39,7 @@ data: storage: {{- if .Values.storage }} {{ toYaml .Values.storage | indent 6}} - {{- else if .Values.minio.enabled }} + {{- else if .Values.global.minio.enabled }} s3: accesskey: "ACCESS_KEY" secretkey: "SECRET_KEY" diff --git a/values.yaml b/values.yaml index f6326d5b57..c710ddd37e 100644 --- a/values.yaml +++ b/values.yaml @@ -25,6 +25,7 @@ global: gitaly: authToken: {} minio: + enabled: true credentials: {} shell: authToken: {} -- GitLab From 38dbd5e8d0524ed98d010296582e556a5db97b54 Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Tue, 10 Jul 2018 17:59:12 -0400 Subject: [PATCH 2/6] object storage: global-ize settings for bucket name and connections Move settings for bucket names and what will be `connection` entries to the `global` section of configuration. Provide templates for backwards compatibility as a path forward for upgrades. --- charts/gitlab/charts/sidekiq/values.yaml | 16 +++-- charts/gitlab/charts/task-runner/values.yaml | 9 ++- charts/gitlab/charts/unicorn/values.yaml | 16 +++-- charts/gitlab/templates/_objectstorage.tpl | 76 ++++++++++++++++++++ values.yaml | 16 +++++ 5 files changed, 119 insertions(+), 14 deletions(-) create mode 100644 charts/gitlab/templates/_objectstorage.tpl diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index 343db041c5..65b875203d 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -55,6 +55,16 @@ global: authToken: {} minio: enabled: + objectStorage: + lfs: + bucket: + connection: {} + artifacts: + bucket: + connection: {} + uploads: + bucket: + connection: {} gitaly: # host: '0.0.0.0' # port: 8075 @@ -65,18 +75,12 @@ gitaly: artifacts: enabled: true proxy_download: true - bucket: gitlab-artifacts - # connection: {} lfs: enabled: true proxy_download: true - bucket: git-lfs - # connection: {} uploads: enabled: true proxy_download: true - bucket: gitlab-uploads - # connection: {} minio: enabled: true credentials: diff --git a/charts/gitlab/charts/task-runner/values.yaml b/charts/gitlab/charts/task-runner/values.yaml index 828a12ef88..9cac6a2d31 100644 --- a/charts/gitlab/charts/task-runner/values.yaml +++ b/charts/gitlab/charts/task-runner/values.yaml @@ -33,6 +33,13 @@ global: authToken: {} minio: enabled: + objectStorage: + lfs: + connection: {} + artifacts: + connection: {} + uploads: + connection: {} backups: bucketNames: backups: gitlab-backups @@ -67,8 +74,6 @@ gitaly: lfs: enabled: true proxy_download: true - # bucket: - # connection: {} minio: enabled: true bucket: git-lfs diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index 1e8c548259..a0d2c2bc46 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -98,6 +98,16 @@ global: authToken: {} minio: enabled: + objectStorage: + lfs: + bucket: + connection: {} + artifacts: + bucket: + connection: {} + uploads: + bucket: + connection: {} redis: password: {} gitaly: @@ -110,18 +120,12 @@ gitaly: artifacts: enabled: true proxy_download: true - bucket: gitlab-artifacts - # connection: {} lfs: enabled: true proxy_download: true - bucket: git-lfs - # connection: {} uploads: enabled: true proxy_download: true - bucket: gitlab-uploads - # connection: {} minio: enabled: true serviceName: 'minio-svc' diff --git a/charts/gitlab/templates/_objectstorage.tpl b/charts/gitlab/templates/_objectstorage.tpl new file mode 100644 index 0000000000..9f97fa71f9 --- /dev/null +++ b/charts/gitlab/templates/_objectstorage.tpl @@ -0,0 +1,76 @@ +{{/* ######### object storage related templates */}} + +{{/* +Return the minio service endpoint +*/}} +{{- define "gitlab.minio.endpoint" -}} +{{- $name := default "minio-svc" .Values.minio.serviceName -}} +{{- $port := default 9000 .Values.minio.port | int -}} +{{- printf "http://%s-%s:%d" .Release.Name $name $port -}} +{{- end -}} + +{{/* +Return the secret for lfs storage connection +*/}} +{{- define "gitlab.objectstorage.lfs.secret" -}} +{{- .Values.global.objectStorage.lfs.connection.secret -}} +{{- end -}} + +{{/* +Return the key for lfs storage connection +*/}} +{{- define "gitlab.objectstorage.lfs.key" -}} +{{- coalesce .Values.global.objectStorage.lfs.connection.key "connection" -}} +{{- end -}} + +{{/* +Return the key for lfs storage bucket +- This template presents an upgrade path from local->global +*/}} +{{- define "gitlab.objectstorage.lfs.bucket" -}} +{{- coalesce .Values.global.objectStorage.lfs.bucket .Values.lfs.bucket -}} +{{- end -}} + +{{/* +Return the secret for artifacts storage connection +*/}} +{{- define "gitlab.objectstorage.artifacts.secret" -}} +{{- .Values.global.objectStorage.artifacts.connection.secret -}} +{{- end -}} + +{{/* +Return the key for artifacts storage connection +*/}} +{{- define "gitlab.objectstorage.artifacts.key" -}} +{{- coalesce .Values.global.objectStorage.artifacts.connection.key "connection" -}} +{{- end -}} + +{{/* +Return the key for artifacts storage bucket +- This template presents an upgrade path from local->global +*/}} +{{- define "gitlab.objectstorage.artifacts.bucket" -}} +{{- coalesce .Values.global.objectStorage.artifacts.bucket .Values.artifacts.bucket -}} +{{- end -}} + +{{/* +Return the secret for uploads storage connection +*/}} +{{- define "gitlab.objectstorage.uploads.secret" -}} +{{- .Values.global.objectStorage.uploads.connection.secret -}} +{{- end -}} + +{{/* +Return the key for uploads storage connection +*/}} +{{- define "gitlab.objectstorage.uploads.key" -}} +{{- coalesce .Values.global.objectStorage.uploads.connection.key "connection" -}} +{{- end -}} + +{{/* +Return the key for uploads storage bucket +- This template presents an upgrade path from local->global +*/}} +{{- define "gitlab.objectstorage.uploads.bucket" -}} +{{- coalesce .Values.global.objectStorage.uploads.bucket .Values.uploads.bucket -}} +{{- end -}} diff --git a/values.yaml b/values.yaml index c710ddd37e..47d64fbaeb 100644 --- a/values.yaml +++ b/values.yaml @@ -27,6 +27,22 @@ global: minio: enabled: true credentials: {} + objectStorage: + lfs: + bucket: git-lfs + connection: {} + artifacts: + bucket: gitlab-artifacts + connection: {} + uploads: + bucket: gitlab-uploads + connection: {} + registry: + bucket: registry + storage: {} + backups: + bucket: gitlab-backups + # `gitlab-runner` objectStorage configured at `gitlab-runner.runners.cache` below. shell: authToken: {} hostKeys: {} -- GitLab From d3c5323d514917bc18925b2d44c7d014a3de543b Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Tue, 10 Jul 2018 18:04:32 -0400 Subject: [PATCH 3/6] object storage: make use of new globalized settings (1) Update `unicorn`, `sidekiq`, `task-runnner` to make use of newly globalized settings for buckets/credentials. --- .../charts/sidekiq/templates/configmap.yaml | 25 +++++++------- .../charts/sidekiq/templates/deployment.yaml | 22 +++++++++++++ charts/gitlab/charts/sidekiq/values.yaml | 3 ++ .../task-runner/templates/configmap.yaml | 15 ++++----- .../task-runner/templates/deployment.yaml | 33 ++++++++++++++++--- charts/gitlab/charts/task-runner/values.yaml | 19 +++++++---- .../charts/unicorn/templates/configmap.yml | 25 +++++++------- .../charts/unicorn/templates/deployment.yaml | 21 ++++++++++++ charts/gitlab/charts/unicorn/values.yaml | 3 ++ 9 files changed, 122 insertions(+), 44 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 1c8236fb7c..fce2198bd8 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -53,7 +53,7 @@ data: enabled: {{ eq .Values.artifacts.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.artifacts.bucket }} + remote_directory: {{ template "gitlab.objectstorage.artifacts.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.artifacts.proxy_download true }} @@ -66,15 +66,14 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.artifacts.connection}} - connection: -{{ toYaml .Values.artifacts.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.artifacts.secret" .) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/artifacts").to_json() %> {{- end }} lfs: enabled: {{ eq .Values.lfs.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.lfs.bucket }} + remote_directory: {{ template "gitlab.objectstorage.lfs.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} @@ -87,15 +86,14 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.lfs.connection}} - connection: -{{ toYaml .Values.lfs.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.lfs.secret" .) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} uploads: enabled: {{ eq .Values.uploads.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.uploads.bucket }} + remote_directory: {{ template "gitlab.objectstorage.uploads.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.uploads.proxy_download true }} @@ -108,9 +106,8 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.uploads.connection}} - connection: -{{ toYaml .Values.uploads.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.uploads.secret" .) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %> {{- end }} pages: enabled: false @@ -179,6 +176,10 @@ data: mkdir -p /sidekiq-secrets/minio cp /init-secrets/minio/* /sidekiq-secrets/minio/ fi + if [ -e /init-secrets/objectstorage ]; then + mkdir -p /sidekiq-secrets/objectstorage + cp /init-secrets/objectstorage/* /sidekiq-secrets/objectstorage/ + fi if [ -e /init-secrets/smtp/smtp-password ]; then mkdir -p /sidekiq-secrets/smtp cp /init-secrets/smtp/smtp-password /sidekiq-secrets/smtp/ diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 1682919895..ba0f1140e4 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -216,6 +216,28 @@ spec: items: - key: {{ template "gitlab.psql.password.key" $ }} path: postgres/psql-password + + {{- if ( include "gitlab.objectstorage.lfs.secret" $ ) }} + - secret: + name: {{ template "gitlab.objectstorage.lfs.secret" $ }} + items: + - key: {{ template "gitlab.objectstorage.lfs.key" $ }} + path: objectstorage/lfs + {{- end }} + {{- if ( include "gitlab.objectstorage.artifacts.secret" $ ) }} + - secret: + name: {{ template "gitlab.objectstorage.artifacts.secret" $ }} + items: + - key: {{ template "gitlab.objectstorage.artifacts.key" $ }} + path: objectstorage/artifacts + {{- end }} + {{- if ( include "gitlab.objectstorage.uploads.secret" $ ) }} + - secret: + name: {{ template "gitlab.objectstorage.uploads.secret" $ }} + items: + - key: {{ template "gitlab.objectstorage.uploads.key" $ }} + path: objectstorage/uploads + {{- end }} {{- if $minioEnabled }} - secret: name: {{ $minioSecret }} diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index 65b875203d..fcd19e4850 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -75,12 +75,15 @@ gitaly: artifacts: enabled: true proxy_download: true + bucket: lfs: enabled: true proxy_download: true + bucket: uploads: enabled: true proxy_download: true + bucket: minio: enabled: true credentials: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index ea8306d752..811084bfa5 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -49,11 +49,7 @@ data: enabled: {{ eq .Values.lfs.enabled true }} object_store: enabled: true - {{- if .Values.global.minio.enabled }} - remote_directory: {{ .Values.minio.bucket }} - {{- else }} - remote_directory: {{ .Values.lfs.bucket }} - {{- end }} + remote_directory: {{ template "gitlab.objectstorage.lfs.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} @@ -66,9 +62,8 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.lfs.connection}} - connection: -{{ toYaml .Values.lfs.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.lfs.secret" .) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} pages: enabled: false @@ -129,6 +124,10 @@ data: mkdir /init-secrets/minio cp /init-config/minio/* /init-secrets/minio/ fi + if [ -e /init-config/objectstorage ]; then + mkdir -p /init-secrets/objectstorage + cp /init-config/objectstorage/* /init-secrets/objectstorage/ + fi cat << EOF > /init-secrets/.s3cfg [default] diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index f1e2098e98..a00673028b 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -49,13 +49,15 @@ spec: {{ template "gitlab.imagePullPolicy" . }} env: - name: ARTIFACTS_BUCKET_NAME - value: {{ .Values.backups.bucketNames.artifacts }} - - name: REGISTRY_BUCKET_NAME - value: {{ .Values.backups.bucketNames.registry }} + value: {{ template "gitlab.objectstorage.artifacts.bucket" . }} - name: LFS_BUCKET_NAME - value: {{ .Values.backups.bucketNames.lfs }} + value: {{ template "gitlab.objectstorage.lfs.bucket" . }} + - name: UPLOADS_BUCKET_NAME + value: {{ template "gitlab.objectstorage.uploads.bucket" . }} + - name: REGISTRY_BUCKET_NAME + value: {{ .Values.global.objectStorage.registry.bucket }} - name: BACKUP_BUCKET_NAME - value: {{ .Values.backups.bucketNames.backups }} + value: {{ .Values.global.objectStorage.backups.bucket }} {{- if .Values.global.minio.enabled }} - name: S3_CONFIG_DIR value: "/etc/gitlab/minio" @@ -117,6 +119,27 @@ spec: items: - key: registry-auth.key path: registry/gitlab-registry.key + {{- if ( include "gitlab.objectstorage.lfs.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.lfs.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.lfs.key" . }} + path: objectstorage/lfs + {{- end }} + {{- if ( include "gitlab.objectstorage.artifacts.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.artifacts.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.artifacts.key" . }} + path: objectstorage/artifacts + {{- end }} + {{- if ( include "gitlab.objectstorage.uploads.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.uploads.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.uploads.key" . }} + path: objectstorage/uploads + {{- end }} {{- if .Values.global.minio.enabled }} - secret: name: {{ template "gitlab.minio.credentials.secret" . }} diff --git a/charts/gitlab/charts/task-runner/values.yaml b/charts/gitlab/charts/task-runner/values.yaml index 9cac6a2d31..55a1e5560d 100644 --- a/charts/gitlab/charts/task-runner/values.yaml +++ b/charts/gitlab/charts/task-runner/values.yaml @@ -40,13 +40,9 @@ global: connection: {} uploads: connection: {} -backups: - bucketNames: - backups: gitlab-backups - artifacts: gitlab-artifacts - uploads: gitlab-uploads - registry: registry - lfs: git-lfs + registry: {} + backups: {} + extra: {} rack_attack: @@ -71,9 +67,18 @@ gitaly: authToken: {} # secret: gitaly-secret # key: token +artifacts: + enabled: true + proxy_download: true + bucket: lfs: enabled: true proxy_download: true + bucket: +uploads: + enabled: true + proxy_download: true + bucket: minio: enabled: true bucket: git-lfs diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 679a3c1c5f..6b0e46e956 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -87,7 +87,7 @@ data: enabled: {{ eq .Values.artifacts.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.artifacts.bucket }} + remote_directory: {{ template "gitlab.objectstorage.artifacts.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.artifacts.proxy_download true }} @@ -100,15 +100,14 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.artifacts.connection}} - connection: -{{ toYaml .Values.artifacts.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.artifacts.secret" . ) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/artifacts").to_json() %> {{- end }} lfs: enabled: {{ eq .Values.lfs.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.lfs.bucket }} + remote_directory: {{ template "gitlab.objectstorage.lfs.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.lfs.proxy_download true }} @@ -121,15 +120,14 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.lfs.connection}} - connection: -{{ toYaml .Values.lfs.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.lfs.secret" . ) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} uploads: enabled: {{ eq .Values.uploads.enabled true }} object_store: enabled: true - remote_directory: {{ .Values.uploads.bucket }} + remote_directory: {{ template "gitlab.objectstorage.uploads.bucket" . }} direct_upload: true background_upload: false proxy_download: {{ eq .Values.uploads.proxy_download true }} @@ -142,9 +140,8 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if .Values.uploads.connection}} - connection: -{{ toYaml .Values.uploads.connection | indent 12}} + {{- else if (include "gitlab.objectstorage.uploads.secret" . ) }} + connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %> {{- end }} pages: enabled: false @@ -236,6 +233,10 @@ data: mkdir -p /init-secrets/minio cp /init-config/minio/* /init-secrets/minio/ fi + if [ -e /init-config/objectstorage ]; then + mkdir -p /init-secrets/objectstorage + cp /init-config/objectstorage/* /init-secrets/objectstorage/ + fi if [ -e /init-config/omniauth ]; then mkdir -p /init-secrets/omniauth cp -r /init-config/omniauth/* /init-secrets/omniauth/ diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 085b07f787..a09f285095 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -195,6 +195,27 @@ spec: - key: secretkey path: minio/secretkey {{- end }} + {{- if ( include "gitlab.objectstorage.lfs.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.lfs.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.lfs.key" . }} + path: objectstorage/lfs + {{- end }} + {{- if ( include "gitlab.objectstorage.artifacts.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.artifacts.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.artifacts.key" . }} + path: objectstorage/artifacts + {{- end }} + {{- if ( include "gitlab.objectstorage.uploads.secret" . ) }} + - secret: + name: {{ template "gitlab.objectstorage.uploads.secret" . }} + items: + - key: {{ template "gitlab.objectstorage.uploads.key" . }} + path: objectstorage/uploads + {{- end }} {{- if .Values.omniauth.providers }} {{- range $index, $entry := .Values.omniauth.providers }} - secret: diff --git a/charts/gitlab/charts/unicorn/values.yaml b/charts/gitlab/charts/unicorn/values.yaml index a0d2c2bc46..d0fe5d59cc 100644 --- a/charts/gitlab/charts/unicorn/values.yaml +++ b/charts/gitlab/charts/unicorn/values.yaml @@ -120,12 +120,15 @@ gitaly: artifacts: enabled: true proxy_download: true + bucket: lfs: enabled: true proxy_download: true + bucket: uploads: enabled: true proxy_download: true + bucket: minio: enabled: true serviceName: 'minio-svc' -- GitLab From 79694b6a3f50ee7d3701ca8bb585cf4d18c9a1a5 Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Tue, 10 Jul 2018 20:29:31 -0400 Subject: [PATCH 4/6] object storage: make use of new globalized settings (2) registry: use global object storage configuration, convert storage to secret Modify to use the `global.objectStorage.registry` settings for the configuration. Convert the `storage` block into an external secret, and place the configuration of such into the global configuration block for objectStorage (because most will be using object storage backed registry). Of note: Additional key named `extraKey` added to `global.objectStorage.registry.storage` for the ability to configure the path of google credentials JSON file. Providing this key name will result in that key also being mounted and passed into the `registry` container under `/etc/docker/registry/storage/${extraKey}`. The `storage` block can then specify `keyfile: /etc/docker/registry/storage/${extraKey}` as the path. --- charts/registry/templates/configmap.yaml | 3 +-- charts/registry/templates/deployment.yaml | 13 ++++++++++++- charts/registry/values.yaml | 11 +++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index c6ac0a7ed6..de95d2bc61 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -37,8 +37,7 @@ data: # This is provided from the initContainer execution, at a known path. rootcertbundle: /etc/docker/registry/certificate.crt storage: - {{- if .Values.storage }} -{{ toYaml .Values.storage | indent 6}} + {{- if .Values.global.objectStorage.registry.storage.secret }} {{- else if .Values.global.minio.enabled }} s3: accesskey: "ACCESS_KEY" diff --git a/charts/registry/templates/deployment.yaml b/charts/registry/templates/deployment.yaml index ff12a55f40..f0507cfabf 100644 --- a/charts/registry/templates/deployment.yaml +++ b/charts/registry/templates/deployment.yaml @@ -80,8 +80,19 @@ spec: items: - key: registry-auth.crt path: certificate.crt - {{- if .Values.minio.enabled }} + {{- if .Values.global.minio.enabled }} - secret: name: {{ template "gitlab.minio.credentials.secret" . }} {{- end }} + {{- if .Values.global.objectStorage.registry.storage.secret }} + - secret: + name: {{ .Values.global.objectStorage.registry.storage.secret }} + items: + - key: {{ default "config" .Values.global.objectStorage.registry.storage.key }} + path: storage/config + {{- if .Values.global.objectStorage.registry.storage.extraKey }} + - key: {{ .Values.global.objectStorage.registry.storage.extraKey }} + path: storage/{{ .Values.global.objectStorage.registry.storage.extraKey }} + {{- end }} + {{- end }} {{- end -}} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 87c01645a0..82ebbf5069 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -58,6 +58,17 @@ init: else cp /config/config.yml /registry/config.yml fi + if [ -d /config/storage ]; then + # copy the contents of /config/storage to /registry/storage. + mkdir -p /registry/storage/ + cp /config/storage/* /registry/storage/ + # Indent /registry/storage/config 2 spaces to place into /registry/config.yml + sed -i 's/^/ /' /registry/storage/config + # Insert into /registry/config.yml after `storage:` + sed -i '/storage:/ r /registry/storage/config' /registry/config.yml + # remove extra file + rm /registry/storage/config + fi # Set to known path, to used ConfigMap cat /config/certificate.crt > /registry/certificate.crt -- GitLab From 1d0c446051c21f856757ead130a25300cf79d2bc Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Wed, 11 Jul 2018 11:18:58 -0400 Subject: [PATCH 5/6] object storage: fix templating of secrets/maps The use of `if ( include "gitlab.objectstorage.x.secret" . ) ` did not function as expected. Remove this, and replace with `if .Values.global.objectStorage.x.connection`. The `charts/gitlab/templates/_objectstorage.tpl` still contains `gitlab.objectstorage.x.secret`, but it is possible that we may remove this in the future. --- charts/gitlab/charts/sidekiq/templates/configmap.yaml | 6 +++--- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 7 +++---- charts/gitlab/charts/task-runner/templates/configmap.yaml | 2 +- charts/gitlab/charts/task-runner/templates/deployment.yaml | 6 +++--- charts/gitlab/charts/unicorn/templates/configmap.yml | 6 +++--- charts/gitlab/charts/unicorn/templates/deployment.yaml | 6 +++--- 6 files changed, 16 insertions(+), 17 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index fce2198bd8..684ae7f38b 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -66,7 +66,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.artifacts.secret" .) }} + {{- else if .Values.global.objectStorage.artifacts.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/artifacts").to_json() %> {{- end }} lfs: @@ -86,7 +86,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.lfs.secret" .) }} + {{- else if .Values.global.objectStorage.lfs.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} uploads: @@ -106,7 +106,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.uploads.secret" .) }} + {{- else if .Values.global.objectStorage.uploads.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %> {{- end }} pages: diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index ba0f1140e4..98e8054e63 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -216,22 +216,21 @@ spec: items: - key: {{ template "gitlab.psql.password.key" $ }} path: postgres/psql-password - - {{- if ( include "gitlab.objectstorage.lfs.secret" $ ) }} + {{- if $.Values.global.objectStorage.lfs.connection }} - secret: name: {{ template "gitlab.objectstorage.lfs.secret" $ }} items: - key: {{ template "gitlab.objectstorage.lfs.key" $ }} path: objectstorage/lfs {{- end }} - {{- if ( include "gitlab.objectstorage.artifacts.secret" $ ) }} + {{- if $.Values.global.objectStorage.artifacts.connection }} - secret: name: {{ template "gitlab.objectstorage.artifacts.secret" $ }} items: - key: {{ template "gitlab.objectstorage.artifacts.key" $ }} path: objectstorage/artifacts {{- end }} - {{- if ( include "gitlab.objectstorage.uploads.secret" $ ) }} + {{- if $.Values.global.objectStorage.uploads.connection }} - secret: name: {{ template "gitlab.objectstorage.uploads.secret" $ }} items: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index 811084bfa5..c1a10301ab 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -62,7 +62,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.lfs.secret" .) }} + {{- else if .Values.global.objectStorage.lfs.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} pages: diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index a00673028b..8102e27d10 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -119,21 +119,21 @@ spec: items: - key: registry-auth.key path: registry/gitlab-registry.key - {{- if ( include "gitlab.objectstorage.lfs.secret" . ) }} + {{- if .Values.global.objectStorage.lfs.connection }} - secret: name: {{ template "gitlab.objectstorage.lfs.secret" . }} items: - key: {{ template "gitlab.objectstorage.lfs.key" . }} path: objectstorage/lfs {{- end }} - {{- if ( include "gitlab.objectstorage.artifacts.secret" . ) }} + {{- if .Values.global.objectStorage.artifacts.connection }} - secret: name: {{ template "gitlab.objectstorage.artifacts.secret" . }} items: - key: {{ template "gitlab.objectstorage.artifacts.key" . }} path: objectstorage/artifacts {{- end }} - {{- if ( include "gitlab.objectstorage.uploads.secret" . ) }} + {{- if .Values.global.objectStorage.uploads.connection }} - secret: name: {{ template "gitlab.objectstorage.uploads.secret" . }} items: diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 6b0e46e956..510111ec8a 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -100,7 +100,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.artifacts.secret" . ) }} + {{- else if .Values.global.objectStorage.artifacts.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/artifacts").to_json() %> {{- end }} lfs: @@ -120,7 +120,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.lfs.secret" . ) }} + {{- else if .Values.global.objectStorage.lfs.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %> {{- end }} uploads: @@ -140,7 +140,7 @@ data: host: {{ template "gitlab.minio.hostname" . }} endpoint: {{ template "gitlab.minio.endpoint" . }} path_style: true - {{- else if (include "gitlab.objectstorage.uploads.secret" . ) }} + {{- else if .Values.global.objectStorage.uploads.connection }} connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %> {{- end }} pages: diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index a09f285095..b338d84f4c 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -195,21 +195,21 @@ spec: - key: secretkey path: minio/secretkey {{- end }} - {{- if ( include "gitlab.objectstorage.lfs.secret" . ) }} + {{- if .Values.global.objectStorage.lfs.connection }} - secret: name: {{ template "gitlab.objectstorage.lfs.secret" . }} items: - key: {{ template "gitlab.objectstorage.lfs.key" . }} path: objectstorage/lfs {{- end }} - {{- if ( include "gitlab.objectstorage.artifacts.secret" . ) }} + {{- if .Values.global.objectStorage.artifacts.connection }} - secret: name: {{ template "gitlab.objectstorage.artifacts.secret" . }} items: - key: {{ template "gitlab.objectstorage.artifacts.key" . }} path: objectstorage/artifacts {{- end }} - {{- if ( include "gitlab.objectstorage.uploads.secret" . ) }} + {{- if .Values.global.objectStorage.uploads.connection }} - secret: name: {{ template "gitlab.objectstorage.uploads.secret" . }} items: -- GitLab From e3deba2b5e9ddd6c8d136f5be0fb1380d178586a Mon Sep 17 00:00:00 2001 From: helm-charts-win-ci Date: Tue, 17 Jul 2018 14:48:03 -0400 Subject: [PATCH 6/6] object storage: fix preference of local over global for bucket names Prefer the chart-local values of bucket names over the global values, using coalesce. --- charts/gitlab/templates/_objectstorage.tpl | 6 +++--- charts/registry/templates/configmap.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/templates/_objectstorage.tpl b/charts/gitlab/templates/_objectstorage.tpl index 9f97fa71f9..92c17f9ce0 100644 --- a/charts/gitlab/templates/_objectstorage.tpl +++ b/charts/gitlab/templates/_objectstorage.tpl @@ -28,7 +28,7 @@ Return the key for lfs storage bucket - This template presents an upgrade path from local->global */}} {{- define "gitlab.objectstorage.lfs.bucket" -}} -{{- coalesce .Values.global.objectStorage.lfs.bucket .Values.lfs.bucket -}} +{{- coalesce .Values.lfs.bucket .Values.global.objectStorage.lfs.bucket -}} {{- end -}} {{/* @@ -50,7 +50,7 @@ Return the key for artifacts storage bucket - This template presents an upgrade path from local->global */}} {{- define "gitlab.objectstorage.artifacts.bucket" -}} -{{- coalesce .Values.global.objectStorage.artifacts.bucket .Values.artifacts.bucket -}} +{{- coalesce .Values.artifacts.bucket .Values.global.objectStorage.artifacts.bucket -}} {{- end -}} {{/* @@ -72,5 +72,5 @@ Return the key for uploads storage bucket - This template presents an upgrade path from local->global */}} {{- define "gitlab.objectstorage.uploads.bucket" -}} -{{- coalesce .Values.global.objectStorage.uploads.bucket .Values.uploads.bucket -}} +{{- coalesce .Values.uploads.bucket .Values.global.objectStorage.uploads.bucket -}} {{- end -}} diff --git a/charts/registry/templates/configmap.yaml b/charts/registry/templates/configmap.yaml index de95d2bc61..e16acaee55 100644 --- a/charts/registry/templates/configmap.yaml +++ b/charts/registry/templates/configmap.yaml @@ -44,7 +44,7 @@ data: secretkey: "SECRET_KEY" region: us-east-1 regionendpoint: {{ template "registry.minio.url" . }} - bucket: {{ .Values.minio.bucket }} + bucket: {{ coalesce .Values.minio.bucket .Values.global.objectStorage.registry.bucket }} secure: true v4auth: true rootdirectory: / -- GitLab