From 5427c1544f4c4c9a2476bf672fb49d26ddd8eb80 Mon Sep 17 00:00:00 2001 From: John Skarbek Date: Mon, 30 Jun 2025 12:21:19 +0000 Subject: [PATCH] Revert "Merge branch '2778-ipv6-support' into 'master'" This reverts merge request !4072 --- .../geo-logcursor/templates/configmap.yml | 3 +- .../gitaly/templates/_configmap_spec.yaml | 6 ++-- .../gitlab-exporter/templates/configmap.yaml | 2 +- .../gitlab/charts/gitlab-exporter/values.yaml | 2 -- .../gitlab-pages/templates/configmap.yml | 11 +++---- .../charts/kas/templates/deployment.yaml | 6 ++++ .../charts/praefect/templates/configmap.yaml | 6 ++-- .../charts/sidekiq/templates/configmap.yaml | 7 ++--- charts/gitlab/charts/sidekiq/values.yaml | 2 -- .../charts/spamcheck/templates/configmap.yaml | 5 +-- .../spamcheck/templates/deployment.yaml | 2 -- charts/gitlab/charts/spamcheck/values.yaml | 2 -- .../charts/webservice/templates/configmap.yml | 10 +++--- .../webservice/templates/deployment.yaml | 2 -- charts/gitlab/charts/webservice/values.yaml | 6 +--- doc/charts/gitlab/gitlab-exporter/_index.md | 1 - doc/charts/gitlab/sidekiq/_index.md | 2 -- doc/charts/gitlab/spamcheck/_index.md | 1 - doc/charts/gitlab/webservice/_index.md | 4 +-- spec/configuration/kas_spec.rb | 12 +++++++ spec/configuration/pages_spec.rb | 31 +++++++++---------- spec/configuration/sidekiq_spec.rb | 8 ++--- spec/configuration/webservice_metrics_spec.rb | 4 +-- spec/configuration/workhorse_spec.rb | 6 ++-- values.yaml | 3 -- 25 files changed, 66 insertions(+), 78 deletions(-) diff --git a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml index d389503538..57d353a951 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml +++ b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml @@ -94,8 +94,7 @@ data: path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) monitoring: ip_whitelist: - - "0.0.0.0/0" - - "::/0" + - 0.0.0.0/0 sidekiq_exporter: configure: | {{- include "gitlab.scripts.configure.secrets" (dict "required" "rails-secrets" "optional" "postgres redis redis-sentinel") | nindent 4 }} diff --git a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml index 3e275d3fc5..b9e40e5f10 100644 --- a/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml +++ b/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml @@ -16,19 +16,19 @@ data: bin_dir = "/usr/local/bin" # listen on a TCP socket. This is insecure (no authentication) - listen_addr = ":{{ coalesce .Values.service.internalPort .Values.global.gitaly.service.internalPort }}" + listen_addr = "0.0.0.0:{{ coalesce .Values.service.internalPort .Values.global.gitaly.service.internalPort }}" # Directory where internal sockets reside # note: no value will result in a `/tmp/gitlab-internal-*` path # internal_socket_dir = "/home/git" {{- if $.Values.global.gitaly.tls.enabled }} - tls_listen_addr = ":{{ coalesce .Values.service.tls.internalPort .Values.global.gitaly.service.tls.internalPort }}" + tls_listen_addr = "0.0.0.0:{{ coalesce .Values.service.tls.internalPort .Values.global.gitaly.service.tls.internalPort }}" {{- end }} # If metrics collection is enabled, inform gitaly about that {{- if .Values.metrics.enabled }} - prometheus_listen_addr = ":{{ default .Values.metrics.port .Values.metrics.metricsPort }}" + prometheus_listen_addr = "0.0.0.0:{{ default .Values.metrics.port .Values.metrics.metricsPort }}" {{- end }} # Graceful shutdown timeout, how long to wait for in-flight requests to complete diff --git a/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml b/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml index bb6761c3b9..fd2a38ef5a 100644 --- a/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml +++ b/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml @@ -12,7 +12,7 @@ data: gitlab-exporter.yml.erb: | server: name: webrick - listen_address: {{ .Values.listenAddr | quote }} + listen_address: 0.0.0.0 listen_port: {{ .Values.service.internalPort }} {{ if .Values.tls.enabled -}} tls_enabled: true diff --git a/charts/gitlab/charts/gitlab-exporter/values.yaml b/charts/gitlab/charts/gitlab-exporter/values.yaml index 3e62d55d90..87360ed231 100644 --- a/charts/gitlab/charts/gitlab-exporter/values.yaml +++ b/charts/gitlab/charts/gitlab-exporter/values.yaml @@ -7,8 +7,6 @@ image: # pullSecrets: [] # tag: master -listenAddr: '::' - service: name: gitlab-exporter type: ClusterIP diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 058c92aa4b..9e58facc51 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -37,17 +37,16 @@ data: {{- end }} {{- $externalAddresses := concat $.Values.global.pages.externalHttp $.Values.global.pages.externalHttps | uniq }} {{- if (empty ($externalAddresses)) }} - listen-proxy=:{{ .Values.service.internalPort | int }} - listen-http=:9090 + listen-proxy=0.0.0.0:{{ .Values.service.internalPort }} + listen-http=0.0.0.0:9090 {{- else }} - {{- $listen := .Values.useHTTPProxy | ternary "proxy" "http" }} {{- if not (empty $.Values.global.pages.externalHttp) }} - {{- printf "listen-%s=:%d" $listen (.Values.service.internalPort | int) | nindent 4 }} + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:{{ .Values.service.internalPort | int }} {{- else }} - {{- printf "listen-%s=:9090" $listen | nindent 4 }} + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:9090 {{- end }} {{- if not (empty $.Values.global.pages.externalHttps) }} - listen-https{{ if .Values.useProxyV2 }}-proxyv2{{ end }}=:{{ .Values.service.customDomains.internalHttpsPort | int }} + listen-https{{ if .Values.useProxyV2 }}-proxyv2{{ end }}=0.0.0.0:{{ .Values.service.customDomains.internalHttpsPort | int }} root-cert=/etc/gitlab-secrets/pages/{{ template "gitlab.pages.hostname" $ }}.crt root-key=/etc/gitlab-secrets/pages/{{ template "gitlab.pages.hostname" $ }}.key {{- end }} diff --git a/charts/gitlab/charts/kas/templates/deployment.yaml b/charts/gitlab/charts/kas/templates/deployment.yaml index ecb8dad3ff..1bd8976a41 100644 --- a/charts/gitlab/charts/kas/templates/deployment.yaml +++ b/charts/gitlab/charts/kas/templates/deployment.yaml @@ -72,6 +72,12 @@ spec: env: - name: OWN_PRIVATE_API_HOST value: {{ include "gitlab.kas.serviceHost" . }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: OWN_PRIVATE_API_URL + value: "{{ include "gitlab.kas.internal.scheme" . }}://$(POD_IP):{{ .Values.service.privateApiPort }}" {{- include "gitlab.extraEnv" . | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} {{- include "gitlab.timeZone.env" . | nindent 12 }} diff --git a/charts/gitlab/charts/praefect/templates/configmap.yaml b/charts/gitlab/charts/praefect/templates/configmap.yaml index 9588d796d4..6dd4ca7244 100644 --- a/charts/gitlab/charts/praefect/templates/configmap.yaml +++ b/charts/gitlab/charts/praefect/templates/configmap.yaml @@ -20,14 +20,14 @@ data: {{- end }} config.toml.tpl: | # TCP address to listen on - listen_addr = ':{{ include "gitlab.praefect.internalPort" . }}' + listen_addr = '0.0.0.0:{{ include "gitlab.praefect.internalPort" . }}' {{- if $.Values.global.praefect.tls.enabled }} - tls_listen_addr = ':{{ include "gitlab.praefect.tls.internalPort" . }}' + tls_listen_addr = '0.0.0.0:{{ include "gitlab.praefect.tls.internalPort" . }}' {{- end }} {{- if .Values.metrics.enabled }} - prometheus_listen_addr = ':{{ .Values.metrics.port }}' + prometheus_listen_addr = '0.0.0.0:{{ .Values.metrics.port }}' {{- end }} prometheus_exclude_database_from_default_metrics = {{ eq true .Values.metrics.separate_database_metrics }} diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index cb06af5489..6dfae7dc0c 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -132,12 +132,11 @@ data: webpack: monitoring: ip_whitelist: - - "127.0.0.0/8" - - "::1/128" + - 127.0.0.0/8 sidekiq_exporter: {{- if .Values.metrics.enabled }} enabled: true - address: {{ .Values.metrics.listenAddr | quote }} + address: 0.0.0.0 port: {{ .Values.metrics.port }} log_enabled: {{ .Values.metrics.log_enabled }} {{- if $.Values.metrics.tls.enabled }} @@ -148,7 +147,7 @@ data: {{- end }} sidekiq_health_checks: enabled: true - address: {{ .Values.health_checks.listenAddr | quote }} + address: 0.0.0.0 port: {{ .Values.health_checks.port }} {{- include "gitlab.appConfig.openbao.configuration" . | nindent 6 }} configure: | diff --git a/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/charts/sidekiq/values.yaml index c9eba3c6fd..ffdfe5290d 100644 --- a/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/charts/sidekiq/values.yaml @@ -52,7 +52,6 @@ networkpolicy: metrics: enabled: true - listenAddr: "*" port: 3807 path: /metrics log_enabled: false @@ -67,7 +66,6 @@ metrics: # secretName: health_checks: - listenAddr: "*" port: 3808 redis: diff --git a/charts/gitlab/charts/spamcheck/templates/configmap.yaml b/charts/gitlab/charts/spamcheck/templates/configmap.yaml index 5eb2f757b0..3799e86d43 100644 --- a/charts/gitlab/charts/spamcheck/templates/configmap.yaml +++ b/charts/gitlab/charts/spamcheck/templates/configmap.yaml @@ -8,12 +8,13 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} data: - # See https://gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck/-/blob/main/config/config.example.yml + # See https://gitlab.com/gitlab-org/spamcheck/-/blob/main/config/config.example.yml config.yaml: | - grpc_addr: {{ printf "%s:%d" .Values.listenAddr (.Values.service.internalPort | int) | quote }} + grpc_addr: {{ .Values.service.internalPort | quote }} log_level: {{ .Values.logging.level | quote }} filter: allowList: {} denyList: {} allowed_domains: {} + {{- end }} diff --git a/charts/gitlab/charts/spamcheck/templates/deployment.yaml b/charts/gitlab/charts/spamcheck/templates/deployment.yaml index 63d3b8ad97..ea92845774 100644 --- a/charts/gitlab/charts/spamcheck/templates/deployment.yaml +++ b/charts/gitlab/charts/spamcheck/templates/deployment.yaml @@ -60,8 +60,6 @@ spec: - name: grpc containerPort: {{ $.Values.service.internalPort }} env: - - name: SPAMCHECK_CONFIG - value: /app/config/config.yaml {{- include "gitlab.timeZone.env" . | nindent 12 }} {{- include "gitlab.extraEnv" . | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} diff --git a/charts/gitlab/charts/spamcheck/values.yaml b/charts/gitlab/charts/spamcheck/values.yaml index 5a82048b84..3ecb3381ab 100644 --- a/charts/gitlab/charts/spamcheck/values.yaml +++ b/charts/gitlab/charts/spamcheck/values.yaml @@ -45,8 +45,6 @@ image: repository: registry.gitlab.com/gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck # tag: -listenAddr: "[::]" - service: type: ClusterIP externalPort: 8001 diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 6f01c6a944..8d42a433ab 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -147,13 +147,11 @@ data: monitoring: ip_whitelist: {{- if kindIs "slice" .Values.monitoring.ipWhitelist }} - {{- range $ip := .Values.monitoring.ipWhitelist }} - - {{ $ip | trim | quote }} - {{- end }} + {{ toYaml .Values.monitoring.ipWhitelist | nindent 10 | trim }} {{- end }} web_exporter: enabled: {{ or .Values.monitoring.exporter.enabled (and .Values.metrics.enabled (eq .Values.metrics.port .Values.monitoring.exporter.port)) }} - address: {{ .Values.monitoring.exporter.listenAddr | quote }} + address: 0.0.0.0 port: {{ .Values.monitoring.exporter.port }} {{- if eq (include "webservice-metrics.tls.enabled" $) "true" }} tls_enabled: true @@ -226,7 +224,7 @@ data: max_filesize = {{ $.Values.workhorse.imageScaler.maxFileSizeBytes | int }} [[listeners]] network = "tcp" - addr = ":{{ default 8181 $.Values.service.workhorseInternalPort | int }}" + addr = "0.0.0.0:{{ default 8181 $.Values.service.workhorseInternalPort | int }}" {{- if $.Values.global.workhorse.tls.enabled }} [listeners.tls] certificate = "/etc/gitlab/gitlab-workhorse/tls.crt" @@ -235,7 +233,7 @@ data: {{- if or $.Values.workhorse.monitoring.exporter.enabled $.Values.workhorse.metrics.enabled }} [metrics_listener] network = "tcp" - addr = ":{{ $.Values.workhorse.monitoring.exporter.port }}" + addr = "0.0.0.0:{{ $.Values.workhorse.monitoring.exporter.port }}" {{- $workhorseExporterTlsEnabled := eq (include "workhorse.monitoring.exporter.tls.enabled" $ ) "true" }} {{- if $workhorseExporterTlsEnabled }} [metrics_listener.tls] diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index 039a504e6d..46e103ee08 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -243,8 +243,6 @@ spec: value: "{{ .puma.workerMaxMemory }}" - name: DISABLE_PUMA_WORKER_KILLER value: "{{ .puma.disableWorkerKiller }}" - - name: BIND_IP6 - value: {{ eq .puma.bindIp6 true | quote }} {{- end }} - name: SHUTDOWN_BLACKOUT_SECONDS value: "{{ .shutdown.blackoutSeconds }}" diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index a6d95525ae..0c251062a5 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -28,12 +28,10 @@ tolerations: [] monitoring: # Monitoring IP whitelist ipWhitelist: - - "0.0.0.0/0" - - "::/0" + - 0.0.0.0/0 exporter: enabled: false port: 8083 - listenAddr: '*' # Shutdown settings # Defines an interval to block healthcheck, @@ -66,7 +64,6 @@ sshHostKeys: metrics: enabled: true - listenAddr: '*' port: 8083 path: /metrics tls: {} @@ -151,7 +148,6 @@ puma: max: 4 disableWorkerKiller: true # workerMaxMemory: 1024 # in MB units - bindIp6: true hpa: # targetAverageValue: 1 # DEPRECATED: in favor of `hpa.cpu.targetAverageValue` below diff --git a/doc/charts/gitlab/gitlab-exporter/_index.md b/doc/charts/gitlab/gitlab-exporter/_index.md index 55bd5eee21..fc07064024 100644 --- a/doc/charts/gitlab/gitlab-exporter/_index.md +++ b/doc/charts/gitlab/gitlab-exporter/_index.md @@ -92,7 +92,6 @@ to the `helm install` command using the `--set` flags. | `psql.port` | | Set PostgreSQL server port. Takes precedence over `global.psql.port` | | `tls.enabled` | `false` | GitLab Exporter TLS enabled | | `tls.secretName` | `{Release.Name}-gitlab-exporter-tls` | GitLab Exporter TLS secret. Must point to a [Kubernetes TLS secret](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets). | -| `listenAddr` | `::` | GitLab Exporter listen address. | ## Chart configuration examples diff --git a/doc/charts/gitlab/sidekiq/_index.md b/doc/charts/gitlab/sidekiq/_index.md index 739fa8a480..1a34ad6dc8 100644 --- a/doc/charts/gitlab/sidekiq/_index.md +++ b/doc/charts/gitlab/sidekiq/_index.md @@ -60,7 +60,6 @@ to the `helm install` command using the `--set` flags: | `extraEnvFrom` | | List of extra environment variables from other data sources to expose | | `gitaly.serviceName` | `gitaly` | Gitaly service name | | `health_checks.port` | `3808` | Health check server port | -| `health_checks.listenAddr` | `*` | Health check listen address. | | `hpa.behaviour` | `{scaleDown: {stabilizationWindowSeconds: 300 }}` | Behavior contains the specifications for up- and downscaling behavior (requires `autoscaling/v2beta2` or higher) | | `hpa.customMetrics` | `[]` | Custom metrics contains the specifications for which to use to calculate the desired replica count (overrides the default use of Average CPU Utilization configured in `targetAverageUtilization`) | | `hpa.cpu.targetType` | `AverageValue` | Set the autoscaling CPU target type, must be either `Utilization` or `AverageValue` | @@ -97,7 +96,6 @@ to the `helm install` command using the `--set` flags: | `logging.format` | `json` | Set to `text` for non-JSON logs | | `metrics.enabled` | `true` | If a metrics endpoint should be made available for scraping | | `metrics.port` | `3807` | Metrics endpoint port | -| `metrics.listenAddr` | `*` | Metrics endpoint listen address. | | `metrics.path` | `/metrics` | Metrics endpoint path | | `metrics.log_enabled` | `false` | Enables or disables metrics server logs written to `sidekiq_exporter.log` | | `metrics.podMonitor.enabled` | `false` | If a PodMonitor should be created to enable Prometheus Operator to manage the metrics scraping | diff --git a/doc/charts/gitlab/spamcheck/_index.md b/doc/charts/gitlab/spamcheck/_index.md index 174529fcc1..4d4cd1e792 100644 --- a/doc/charts/gitlab/spamcheck/_index.md +++ b/doc/charts/gitlab/spamcheck/_index.md @@ -86,7 +86,6 @@ The table below contains all the possible charts configurations that can be supp | `keda.restoreToOriginalReplicaCount` | | Specifies whether the target resource should be scaled back to original replicas count after the `ScaledObject` is deleted | | `keda.behavior` | `hpa.behavior` | The specifications for up- and downscaling behavior. | | `keda.triggers` | | List of triggers to activate scaling of the target resource, defaults to triggers computed from `hpa.cpu` and `hpa.memory` | -| `listenAddr` | `[::]` | Internal listen address. | | `logging.level` | `info` | Log level | | `maxReplicas` | `10` | HPA `maxReplicas` | | `maxUnavailable` | `1` | HPA `maxUnavailable` | diff --git a/doc/charts/gitlab/webservice/_index.md b/doc/charts/gitlab/webservice/_index.md index 6e6b3e9254..845e51aa23 100644 --- a/doc/charts/gitlab/webservice/_index.md +++ b/doc/charts/gitlab/webservice/_index.md @@ -110,8 +110,7 @@ to the `helm install` command using the `--set` flags. | `minio.bucket` | `git-lfs` | Name of storage bucket, when using MinIO | | `minio.port` | `9000` | Port for MinIO service | | `minio.serviceName` | `minio-svc` | Name of MinIO service | -| `monitoring.ipWhitelist` | `[0.0.0.0/0, ::/0]` | List of IPs to whitelist for the monitoring endpoints | -| `monitoring.exporter.listenAddr` | `*` | Metrics listen address. | +| `monitoring.ipWhitelist` | `[0.0.0.0/0]` | List of IPs to whitelist for the monitoring endpoints | | `monitoring.exporter.enabled` | `false` | Enable webserver to expose Prometheus metrics, this is overridden by `metrics.enabled` if the metrics port is set to the monitoring exporter port | | `monitoring.exporter.port` | `8083` | Port number to use for the metrics exporter | | `psql.password.key` | `psql-password` | Key to psql password in psql secret | @@ -121,7 +120,6 @@ to the `helm install` command using the `--set` flags. | `puma.workerMaxMemory` | | The maximum memory (in megabytes) for the Puma worker killer | | `puma.threads.min` | `4` | The minimum amount of Puma threads | | `puma.threads.max` | `4` | The maximum amount of Puma threads | -| `puma.bindIp6` | `true` | Bind IPv6 addresses with Puma. | | `rack_attack.git_basic_auth` | `{}` | See [GitLab documentation](https://docs.gitlab.com/administration/settings/protected_paths/) for details | | `redis.serviceName` | `redis` | Redis service name | | `global.registry.api.port` | `5000` | Registry port | diff --git a/spec/configuration/kas_spec.rb b/spec/configuration/kas_spec.rb index 6f1dec0543..a2e435e37e 100644 --- a/spec/configuration/kas_spec.rb +++ b/spec/configuration/kas_spec.rb @@ -854,6 +854,12 @@ describe 'kas configuration' do context 'env' do let(:env) { deployment['spec']['template']['spec']['containers'].first['env'] } + it 'sets OWN_PRIVATE_API_URL to use grpc' do + expect(env).to include( + { "name" => "OWN_PRIVATE_API_URL", "value" => "grpc://$(POD_IP):8155" } + ) + end + it 'sets OWN_PRIVATE_API_HOST to use its service host' do expect(env).to include( { "name" => "OWN_PRIVATE_API_HOST", "value" => "test-kas.default.svc" } @@ -1012,6 +1018,12 @@ describe 'kas configuration' do ))) end + it 'sets OWN_PRIVATE_API_URL to use grpcs' do + expect(deployment['spec']['template']['spec']['containers'].first['env']).to include( + { "name" => "OWN_PRIVATE_API_URL", "value" => "grpcs://$(POD_IP):8155" } + ) + end + it 'creates the TLS secret volume' do init_etc_kas_volume = deployment['spec']['template']['spec']['volumes'].find do |volume| volume['name'] == 'init-etc-kas' diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index 1add0648ad..a2a9eaa721 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -268,7 +268,6 @@ describe 'GitLab Pages' do end it 'populates Pages configuration' do - expect(pages_enabled_template.exit_code).to eq(0), "Unexpected error code #{pages_enabled_template.exit_code} -- #{pages_enabled_template.stderr}" expect(config_yaml_data['production']['pages']).to eq( 'enabled' => true, 'access_control' => true, @@ -444,8 +443,8 @@ describe 'GitLab Pages' do it 'populates Pages config file' do default_content = <<~MSG - listen-proxy=:8090 - listen-http=:9090 + listen-proxy=0.0.0.0:8090 + listen-http=0.0.0.0:9090 pages-domain=pages.example.com pages-root=/srv/gitlab-pages log-format=json @@ -532,8 +531,8 @@ describe 'GitLab Pages' do default_content = <<~MSG gitlab-retrieval-retries=3 header=FOO: BAR;;BAZ: BAT - listen-proxy=:8090 - listen-http=:9090 + listen-proxy=0.0.0.0:8090 + listen-http=0.0.0.0:9090 pages-domain=pages.example.com pages-root=/srv/gitlab-pages log-format=text @@ -650,11 +649,11 @@ describe 'GitLab Pages' do end it 'exposes listen-proxy correctly' do - expect(pages_config_data).to match(/listen-proxy=:8090/) + expect(pages_config_data).to match(/listen-proxy=0.0.0.0:8090/) end it 'configures readiness probe correctly' do - expect(pages_config_data).to match(/listen-http=:9090/) + expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) expect(pages_config_data).to match(%r{pages-status=/-/readiness}) end end @@ -709,7 +708,7 @@ describe 'GitLab Pages' do end it 'exposes listen-http correctly' do - expect(pages_config_data).to match(/listen-http=:8090/) + expect(pages_config_data).to match(/listen-http=0.0.0.0:8090/) end end @@ -762,13 +761,13 @@ describe 'GitLab Pages' do describe 'pages configuration' do it 'exposes listen-https, root-cert, and root-key' do - expect(pages_config_data).to match(/listen-https=:8091/) + expect(pages_config_data).to match(/listen-https=0.0.0.0:8091/) expect(pages_config_data).to match(%r{root-cert=/etc/gitlab-secrets/pages/pages.example.com.crt}) expect(pages_config_data).to match(%r{root-key=/etc/gitlab-secrets/pages/pages.example.com.key}) end it 'configures readiness probe correctly' do - expect(pages_config_data).to match(/listen-http=:9090/) + expect(pages_config_data).to match(/listen-http=0.0.0.0:9090/) expect(pages_config_data).to match(%r{pages-status=/-/readiness}) end @@ -827,8 +826,8 @@ describe 'GitLab Pages' do describe 'pages configuration' do it 'exposes listen-http, listen-https, root-cert, and root-key' do - expect(pages_config_data).to match(/listen-http=:8090/) - expect(pages_config_data).to match(/listen-https=:8091/) + expect(pages_config_data).to match(/listen-http=0.0.0.0:8090/) + expect(pages_config_data).to match(/listen-https=0.0.0.0:8091/) expect(pages_config_data).to match(%r{root-cert=/etc/gitlab-secrets/pages/pages.example.com.crt}) expect(pages_config_data).to match(%r{root-key=/etc/gitlab-secrets/pages/pages.example.com.key}) end @@ -990,8 +989,8 @@ describe 'GitLab Pages' do describe 'pages configuration' do it 'exposes proper listeners' do - expect(pages_config_data).to match(/listen-https-proxyv2=:8091/) - expect(pages_config_data).not_to match(/listen-https=:8091/) + expect(pages_config_data).to match(/listen-https-proxyv2=0.0.0.0:8091/) + expect(pages_config_data).not_to match(/listen-https=0.0.0.0:8091/) end end end @@ -1014,8 +1013,8 @@ describe 'GitLab Pages' do describe 'pages configuration' do it 'exposes proper listeners' do - expect(pages_config_data).to match(/listen-proxy=:8090/) - expect(pages_config_data).not_to match(/listen-http=:8090/) + expect(pages_config_data).to match(/listen-proxy=0.0.0.0:8090/) + expect(pages_config_data).not_to match(/listen-http=0.0.0.0:8090/) end end end diff --git a/spec/configuration/sidekiq_spec.rb b/spec/configuration/sidekiq_spec.rb index ee62e0dcab..fc1fef57f9 100644 --- a/spec/configuration/sidekiq_spec.rb +++ b/spec/configuration/sidekiq_spec.rb @@ -354,7 +354,7 @@ describe 'Sidekiq configuration' do 'sidekiq_exporter' => { 'enabled' => true, 'log_enabled' => false, - 'address' => '*', + 'address' => '0.0.0.0', 'port' => 3807 } ) @@ -385,7 +385,6 @@ describe 'Sidekiq configuration' do enabled: true log_enabled: true port: 2222 - listenAddr: 0.0.0.0 )).deep_merge(default_values) end @@ -431,21 +430,20 @@ describe 'Sidekiq configuration' do expect(monitoring).to include( 'sidekiq_health_checks' => { 'enabled' => true, - 'address' => '*', + 'address' => '0.0.0.0', 'port' => 3808 } ) end end - context 'when custom port and listen address is set' do + context 'when custom port is set' do let(:values) do YAML.safe_load(%( gitlab: sidekiq: health_checks: port: 2222 - listenAddr: 0.0.0.0 )).deep_merge(default_values) end diff --git a/spec/configuration/webservice_metrics_spec.rb b/spec/configuration/webservice_metrics_spec.rb index 11093cfc62..3813966535 100644 --- a/spec/configuration/webservice_metrics_spec.rb +++ b/spec/configuration/webservice_metrics_spec.rb @@ -15,7 +15,7 @@ describe 'Webservice monitoring/metrics configuration' do expect(monitoring).to include( 'web_exporter' => { 'enabled' => true, - 'address' => '*', + 'address' => '0.0.0.0', 'port' => 8083 } ) @@ -36,7 +36,7 @@ describe 'Webservice monitoring/metrics configuration' do expect(monitoring).to include( 'web_exporter' => { 'enabled' => false, - 'address' => '*', + 'address' => '0.0.0.0', 'port' => 8083 } ) diff --git a/spec/configuration/workhorse_spec.rb b/spec/configuration/workhorse_spec.rb index 4085653bec..39945833e7 100644 --- a/spec/configuration/workhorse_spec.rb +++ b/spec/configuration/workhorse_spec.rb @@ -542,7 +542,7 @@ CFG it 'renders a TOML configuration file' do expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}" expect(raw_toml).to include %([[listeners]]\n) - expect(raw_toml).to include %(addr = ":8181"\n) + expect(raw_toml).to include %(addr = "0.0.0.0:8181"\n) expect(raw_toml).to include %([listeners.tls]\n) end it 'annotates Ingress for TLS backend' do @@ -555,7 +555,7 @@ CFG shared_examples 'monitoring TLS is enabled' do it 'renders a TOML configuration file' do expect(raw_toml).to include %([metrics_listener]\n) - expect(raw_toml).to include %(addr = ":9229"\n) + expect(raw_toml).to include %(addr = "0.0.0.0:9229"\n) expect(raw_toml).to include %([metrics_listener.tls]\n) end end @@ -622,7 +622,7 @@ CFG listeners = toml['listeners'] expect(listeners.count).to eq(1) expect(listeners.first.keys).to match_array(%w[network addr tls]) - expect(listeners.first['addr']).to eq(':8181') + expect(listeners.first['addr']).to eq('0.0.0.0:8181') end it 'does not annotate Ingress for TLS verify' do diff --git a/values.yaml b/values.yaml index fcd88b0fca..772ba9bb08 100644 --- a/values.yaml +++ b/values.yaml @@ -1003,9 +1003,6 @@ nginx-ingress: &nginx-ingress service: externalTrafficPolicy: "Local" - # Configure no IP families to delegate assignment to controller based on cluster config. - ipFamilies: [] - ipFamilyPolicy: "PreferDualStack" ingressClassByName: false ingressClassResource: name: '{{ include "ingress.class.name" $ | quote }}' -- GitLab