diff --git a/changelogs/unreleased/658-add-gitlab-operator.yml b/changelogs/unreleased/658-add-gitlab-operator.yml new file mode 100644 index 0000000000000000000000000000000000000000..294ee7bcd948dccd18312bbba7f3e5b9d2749a84 --- /dev/null +++ b/changelogs/unreleased/658-add-gitlab-operator.yml @@ -0,0 +1,5 @@ +--- +title: Add Gitlab operator to run upgrades of Gitlab +merge_request: 435 +author: +type: added diff --git a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml index 1295d5e98cc1ccab3e3e636b8a7f94e063933b31..c8f3fbad0221430cefa7e7a9ef005e0979157e98 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: {{ include "gitlab.standardLabels" . | indent 4 }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} selector: matchLabels: app: {{ template "name" . }} diff --git a/charts/gitlab/charts/migrations/templates/_jobspec.yaml b/charts/gitlab/charts/migrations/templates/_jobspec.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5eb30bd2616773f337f45e7993bc0aee050d7ef5 --- /dev/null +++ b/charts/gitlab/charts/migrations/templates/_jobspec.yaml @@ -0,0 +1,107 @@ +{{- if .Values.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "migrations.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + initContainers: +{{ include "gitlab.certificates.initContainer" . | indent 8 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false + resources: +{{ toYaml .Values.init.resources | indent 12 }} + restartPolicy: OnFailure +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + - name: BYPASS_SCHEMA_VERSION + value: 'true' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password +{{ include "gitlab.certificates.volumeMount" . | indent 12 }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: migrations-config + configMap: + name: {{ template "fullname" . }} + - name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password + - name: migrations-secrets + emptyDir: + medium: "Memory" +{{ include "gitlab.certificates.volumes" . | indent 6 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 2c5abca5e8a2ecf1019a675126de45fccd18f104..0dbe9f6a63752f605be604c9f68adb993ee1d74f 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -39,5 +39,17 @@ data: cp /init-config/postgres/psql-password /init-secrets/postgres/psql-password cp /init-config/rails-secrets/secrets.yml /init-secrets/rails-secrets/secrets.yml cp /init-config/migrations/initial_root_password /init-secrets/migrations/initial_root_password +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-migrations-jobspec + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +data: + template: |- +{{ include (print $.Template.BasePath "/_jobspec.yaml") . | indent 4 }} +{{- end }} # Leave this here - This line denotes end of block to the parser. {{- end }} diff --git a/charts/gitlab/charts/migrations/templates/job.yaml b/charts/gitlab/charts/migrations/templates/job.yaml index 0e7a898811c493422298ae73039b7d64cebc5afb..7a5d804888658daa8bda9a7ee1fbfc246414db44 100644 --- a/charts/gitlab/charts/migrations/templates/job.yaml +++ b/charts/gitlab/charts/migrations/templates/job.yaml @@ -1,105 +1,3 @@ -{{- if .Values.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "migrations.jobname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 1000 - fsGroup: 1000 - initContainers: -{{ include "gitlab.certificates.initContainer" . | indent 8 }} - - name: configure - command: ['sh', '/config/configure'] - image: {{ .Values.init.image }}:{{ .Values.init.tag }} - volumeMounts: - - name: migrations-config - mountPath: /config - readOnly: true - - name: init-migrations-secrets - mountPath: /init-config - readOnly: true - - name: migrations-secrets - mountPath: /init-secrets - readOnly: false - restartPolicy: OnFailure -{{- include "pullsecrets" .Values.image | indent 6}} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" - args: - - /scripts/wait-for-deps - - /scripts/db-migrate - {{ template "gitlab.imagePullPolicy" . }} - env: - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} - key: runner-registration-token - - name: CONFIG_TEMPLATE_DIRECTORY - value: '/var/opt/gitlab/templates' - - name: CONFIG_DIRECTORY - value: '/var/opt/gitlab/config/gitlab/' - - name: BYPASS_SCHEMA_VERSION - value: 'true' - volumeMounts: - - name: migrations-config - mountPath: '/var/opt/gitlab/templates' - - name: migrations-secrets - mountPath: '/etc/gitlab' - readOnly: true - - name: migrations-secrets - mountPath: /srv/gitlab/config/secrets.yml - subPath: rails-secrets/secrets.yml - - name: migrations-secrets - mountPath: /srv/gitlab/config/initial_root_password - subPath: migrations/initial_root_password -{{ include "gitlab.certificates.volumeMount" . | indent 12 }} - resources: -{{ toYaml .Values.resources | indent 12 }} - volumes: - - name: migrations-config - configMap: - name: {{ template "fullname" . }} - - name: init-migrations-secrets - projected: - defaultMode: 0400 - sources: - - secret: - name: {{ template "gitlab.rails-secrets.secret" . }} - items: - - key: secrets.yml - path: rails-secrets/secrets.yml - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - - secret: - name: {{ template "gitlab.psql.password.secret" . }} - items: - - key: {{ template "gitlab.psql.password.key" . }} - path: postgres/psql-password - - secret: - name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} - items: - - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} - path: migrations/initial_root_password - - name: migrations-secrets - emptyDir: - medium: "Memory" -{{ include "gitlab.certificates.volumes" . | indent 6 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} +{{ include (print $.Template.BasePath "/_jobspec.yaml") . }} {{- end }} diff --git a/charts/gitlab/charts/operator/.helmignore b/charts/gitlab/charts/operator/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..f0c13194444163d1cba5c67d9e79231a62bc8f44 --- /dev/null +++ b/charts/gitlab/charts/operator/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f0163c37c7025e08df181b6a2861a1d9f18f0ed2 --- /dev/null +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +name: operator +version: 0.0.1 +appVersion: master +description: Gitlab operator for managing upgrades +keywords: +- gitlab +- operator +home: https://about.gitlab.com/ +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg +sources: +- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/operator +- https://gitlab.com/gitlab-org/distribution/gitlab-operator +maintainers: +- name: GitLab Inc. + email: support@gitlab.com diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..57e1adcb3818f7518e7c61fd227ba9676f3c9ae8 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -0,0 +1,212 @@ +{{- if and .Values.global.operator.enabled .Values.install.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + crd.yaml: | + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: gitlabs.gitlab.com + spec: + group: gitlab.com + names: + kind: GitLab + plural: gitlabs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + helmRelease: + type: string + templates: + type: object + properties: + sharedSecretsTemplate: + type: object + properties: + configMapName: + type: string + configMapKey: + type: string + roleKey: + type: string + roleBindingKey: + type: string + serviceAccountKey: + type: string + required: + - configMapKey + - configMapName + - roleKey + - roleKey + - serviceAccountKey + migrationsTemplate: + type: object + properties: + configMapName: + type: string + configMapKey: + type: string + required: + - configMapName + - configMapKey + required: + - migrationsTemplate + - sharedSecretsTemplate + version: + type: string + required: + - version + - templates + - helmRelease + type: object + status: + type: object + version: v1beta1 + status: + acceptedNames: + kind: "" + plural: "" + conditions: null + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + creationTimestamp: null + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + rules: + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - watch + - patch + - delete + - apiGroups: + - "" + resources: + - pods + - configmaps + - serviceaccounts + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }} + subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace | quote }} + --- + apiVersion: apps/v1beta2 + kind: Deployment + metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 8 }} + spec: + replicas: 1 + selector: + matchLabels: + component: operator +{{ include "gitlab.standardLabels" . | indent 10 }} + template: + metadata: + labels: + component: operator +{{ include "gitlab.standardLabels" . | indent 12 }} + spec: + serviceAccountName: {{ template "fullname" . }} + containers: + - name: {{ .Chart.Name }} + image: ahmadposten/gitlaboperator + # image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + {{ template "gitlab.imagePullPolicy" . }} + resources: +{{ toYaml .Values.resources | indent 16 }} +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-job.yaml b/charts/gitlab/charts/operator/templates/crd-job.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9148f88b95d182d1097dcbd9b997790fd813619f --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd-job.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.global.operator.enabled .Values.install.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-3" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-crd-installer + restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} + containers: + - name: hyperkube + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: {{ template "fullname" . }}-crd-installer +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-rbac.yaml b/charts/gitlab/charts/operator/templates/crd-rbac.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8c20a28ec7a3f41977c0d073a3aa37f82f68a9c8 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd-rbac.yaml @@ -0,0 +1,88 @@ +{{- if and .Values.global.operator.enabled .Values.install.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - "*" +- apiGroups: + - "" + resources: + - serviceaccounts + - pods + - configmaps + - secrets + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - "*" +- apiGroups: + - batch + resources: + - jobs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-crd-installer +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-crd-installer + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0ad41ffd18581fec38f517a9bf87294ec06b8ff5 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -0,0 +1,36 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + gitlab.yaml: | + apiVersion: gitlab.com/v1beta1 + kind: GitLab + metadata: + labels: + controller-tools.k8s.io: "1.0" + revision: "{{ .Release.Revision }}" +{{ include "gitlab.standardLabels" $ | indent 8 }} + name: gitlab-{{ .Release.Name }} + spec: + version: {{ include "gitlab.operator.gitlabVersion" . | quote }} + helmRelease: {{ .Release.Name }} + templates: + migrationsTemplate: + configMapName: {{ .Release.Name }}-migrations-jobspec + configMapKey: template + sharedSecretsTemplate: + configMapName: {{ .Release.Name }}-shared-secrets-jobspec + configMapKey: template + roleKey: role + roleBindingKey: roleBinding + serviceAccountKey: serviceAccount +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-job.yaml b/charts/gitlab/charts/operator/templates/gitlab-job.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6ab1115f716e01f9e583f078fbae50fd33bfdf8a --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-job.yaml @@ -0,0 +1,38 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-1" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-set-gitlab + restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} + containers: + - name: hyperkube + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} + command: + - ./kubectl + - apply + - -f + - /gitlab/gitlab.yaml + volumeMounts: + - name: gitlab + mountPath: /gitlab + volumes: + - name: gitlab + configMap: + name: {{ template "fullname" . }}-set-gitlab +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml new file mode 100644 index 0000000000000000000000000000000000000000..61fcf80bd6e7bd6bf31382285b0e3e25c6457343 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml @@ -0,0 +1,50 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-set-gitlab +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-set-gitlab + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a19c291e77376d848abc2b1a36c8b5aede5dc3a2 --- /dev/null +++ b/charts/gitlab/charts/operator/values.yaml @@ -0,0 +1,30 @@ +# Default values for sidekiq. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: registry.gitlab.com/gitlab-org/distribution/gitlab-operator + tag: latest + pullSecrets: [] + pullPolicy: Always + +init: + resources: + requests: + cpu: 50m + +install: + # Install the operator as well + enabled: true + image: + repository: gcr.io/google_containers/hyperkube + tag: v1.9.0 + pullSecrets: [] + #pullPolicy: IfNotPresent + +resources: + # limits: + # cpu: 1 + # memory: 2G + requests: + cpu: 100m + memory: 64M diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 3a506d2bb0b64bfe5f0045d12ba3a2be00aaf86c..df1e81723198bccbb48d211bbff3b46d83328139 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -10,6 +10,7 @@ {{- $resources := .Values.resources -}} {{- $nodeSelector := .Values.nodeSelector -}} {{- $minioEnabled := .Values.global.minio.enabled -}} +{{- $operatorEnabled := .Values.global.operator.enabled -}} {{- $minioSecret := include "gitlab.minio.credentials.secret" . -}} {{- $redisSecret := include "gitlab.redis.password.secret" . -}} {{- $redisKey := include "gitlab.redis.password.key" . -}} @@ -42,6 +43,9 @@ metadata: {{ include "gitlab.standardLabels" $ | indent 4 }} queue-pod-name: {{ .name }} spec: + {{- if $operatorEnabled }} + paused: true + {{- end }} selector: matchLabels: app: {{ $name }} @@ -115,6 +119,10 @@ spec: value: {{ default $concurrency .concurrency | quote }} - name: SIDEKIQ_TIMEOUT value: {{ default $timeout .timeout | quote }} +{{- if $.Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' +{{- end }} volumeMounts: - name: sidekiq-config mountPath: '/var/opt/gitlab/templates' diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index e9bc5fc6e31be22be96a9c6175664fd1b729cc0d..2332f8d2a7e2049c7d2d956f1af70ff6ec21570d 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: {{ include "gitlab.standardLabels" . | indent 4 }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} replicas: 1 selector: matchLabels: diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index b27b78936f4a2ae825a7e7bce14ba11a0f84cd70..220f0423ddeedfb7bbc9642b40092e200a695064 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -5,7 +5,14 @@ metadata: name: {{ template "fullname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} + {{- if .Values.global.operator.enabled }} + annotations: + gitlab.com/version: {{ include "gitlab.operator.gitlabVersion" . }} + {{- end }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} replicas: {{ .Values.replicaCount }} selector: matchLabels: @@ -17,6 +24,9 @@ spec: app: {{ template "name" . }} release: {{ .Release.Name }} annotations: + {{- if .Values.global.operator.enabled }} + gitlab.com/version: {{ include "gitlab.operator.gitlabVersion" . }} + {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yml") . | sha256sum }} {{- if .Values.metrics.enabled }} {{ toYaml .Values.metrics.annotations | indent 8 }} @@ -84,6 +94,10 @@ spec: value: '/var/opt/gitlab/config/gitlab/' - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "1" +{{- if .Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' +{{- end }} volumeMounts: - name: unicorn-config mountPath: '/var/opt/gitlab/templates' diff --git a/charts/gitlab/templates/_operator.tpl b/charts/gitlab/templates/_operator.tpl new file mode 100644 index 0000000000000000000000000000000000000000..7d88756e54b01dc55372cb6f77db9a5e0aa166d4 --- /dev/null +++ b/charts/gitlab/templates/_operator.tpl @@ -0,0 +1,26 @@ +{{/* +Return the version used of Gitlab +Defaults to using the information from the chart appVersion field, but can be +overridden using the global.gitlabVersion field in values. +*/}} +{{- define "gitlab.operator.gitlabVersion" -}} +{{- template "gitlab.operator.parseAppVersion" (coalesce .Values.global.gitlabVersion .Chart.AppVersion) -}} +{{- end -}} + +{{/* +Returns a Gitlab version from the passed in app version or branchname + +If the version is 'master' we use the 'latest' image tag. +Else if the version is a semver version, we use the 'x.x.x' semver notation. +Else we just use the version passed as the image tag +*/}} +{{- define "gitlab.operator.parseAppVersion" -}} +{{- $appVersion := coalesce . "master" -}} +{{- if eq $appVersion "master" -}} +latest +{{- else if regexMatch "^\\d+\\.\\d+\\.\\d+(-rc\\d+)?(-pre)?$" $appVersion -}} +{{- printf "%s" $appVersion -}} +{{- else -}} +{{- $appVersion -}} +{{- end -}} +{{- end -}} diff --git a/charts/shared-secrets/templates/_jobspec.yaml b/charts/shared-secrets/templates/_jobspec.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e4e72f6bca1b35a239fc1f4f4d11f97a83e0a282 --- /dev/null +++ b/charts/shared-secrets/templates/_jobspec.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "shared-secrets.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + {{- if .Values.rbac.create }} + serviceAccountName: {{ template "fullname" . }} + {{- end }} + restartPolicy: Never +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ['/bin/bash', '/scripts/generate-secrets'] + {{ template "gitlab.imagePullPolicy" . }} + volumeMounts: + - name: scripts + mountPath: /scripts + volumes: + - name: scripts + configMap: + name: {{ template "fullname" . }} diff --git a/charts/shared-secrets/templates/_rbac-role.yaml b/charts/shared-secrets/templates/_rbac-role.yaml new file mode 100644 index 0000000000000000000000000000000000000000..918f9e524fdb9d45642d939c82db1fd31f3012f8 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-role.yaml @@ -0,0 +1,19 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "create", "patch"] diff --git a/charts/shared-secrets/templates/_rbac-rolebinding.yaml b/charts/shared-secrets/templates/_rbac-rolebinding.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3bf3147cc7399d884722e4bd8f822ce3e11dd379 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-rolebinding.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/shared-secrets/templates/_rbac-serviceaccount.yaml b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..39445ecff8d1d195005d8d6be3ede56ef024fff7 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} diff --git a/charts/shared-secrets/templates/_self-signed-cert-job.yml b/charts/shared-secrets/templates/_self-signed-cert-job.yml new file mode 100644 index 0000000000000000000000000000000000000000..dee5bc9e3b3212baedf1e7c84f542dc67f09cef2 --- /dev/null +++ b/charts/shared-secrets/templates/_self-signed-cert-job.yml @@ -0,0 +1,78 @@ +{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "shared-secrets.jobname" . }}-selfsign + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +{{- if not .Values.global.operator.enabled }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "fullname" . }} + restartPolicy: Never +{{- include "pullsecrets" .Values.image | indent 6}} + initContainers: + - name: cfssl-self-sign + image: "{{ .Values.selfsign.image.repository }}:{{ .Values.selfsign.image.tag }}" + env: + - name: CA_SUBJECT + value: {{ .Values.selfsign.caSubject | quote }} # defaults to GitLab in container + - name: CA_ORG + value: {{ .Release.Namespace | quote }} # defaults to GitLab in container + - name: CA_ORG_UNIT + value: {{ .Release.Name | quote }} # defaults to Cloud Native in container + - name: CERT_SUBJECT + value: {{ .Values.global.hosts.domain | quote }} # defaults to GitLab in container + - name: CERT_DOMAIN + value: {{ .Values.global.hosts.domain | quote }} # defaults to example.com in container + - name: EXPIRY + value: {{ .Values.selfsign.expiry | quote }} # defaults to 8076h in container + - name: ALGORITHM + value: {{ .Values.selfsign.keyAlgorithm | quote }} # defaults to ecdsa in container + - name: KEY_SIZE + value: {{ .Values.selfsign.keySize | quote }} # defaults to 256 inside container + volumeMounts: + - name: certs-path + mountPath: /output + containers: + - name: kubectl + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: + - /bin/bash + - -exc + - | + certname={{ template "gitlab.wildcard-self-signed-cert-name" . }} + # create wildcard certificate secret + kubectl create secret tls $certname \ + --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true +{{- if not .Values.global.application.create }} + kubectl --namespace=$namespace label \ + secret $certname $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- end }} + kubectl --namespace=$namespace label --overwrite \ + secret $certname {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} + # create CA certificate secret + kubectl create secret generic ${certname}-ca \ + --from-file=cfssl_ca=/output/ca.pem || true +{{- if not .Values.global.application.create }} + kubectl --namespace=$namespace label \ + secret ${certname}-ca $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- end }} + kubectl --namespace=$namespace label --overwrite \ + secret ${certname}-ca {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} + volumeMounts: + - name: certs-path + mountPath: /output + volumes: + - name: certs-path + emptyDir: {} +{{- end -}} diff --git a/charts/shared-secrets/templates/configmap.yaml b/charts/shared-secrets/templates/configmap.yaml index adcf182a55d825158d2daa0e52d068760c1313ca..284d3775a843996855ae1b7171f1eca71a479120 100644 --- a/charts/shared-secrets/templates/configmap.yaml +++ b/charts/shared-secrets/templates/configmap.yaml @@ -4,10 +4,24 @@ metadata: name: {{ template "fullname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": hook-succeeded data: generate-secrets: | {{ include (print $.Template.BasePath "/_generate_secrets.sh") . | indent 4 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-shared-secrets-jobspec + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +data: + template: |- +{{ include (print $.Template.BasePath "/_jobspec.yaml") . | indent 4 }} + role: |- +{{ include (print $.Template.BasePath "/_rbac-role.yaml") . | indent 4}} + serviceAccount: |- +{{ include (print $.Template.BasePath "/_rbac-serviceaccount.yaml") . | indent 4 }} + roleBinding: |- +{{ include (print $.Template.BasePath "/_rbac-rolebinding.yaml") . | indent 4 }} + selfSignedCertTemplate: |- +{{ include (print $.Template.BasePath "/_self-signed-cert-job.yml") . | indent 4 }} diff --git a/charts/shared-secrets/templates/job.yaml b/charts/shared-secrets/templates/job.yaml index dcbe1615e4b5f8fc28cfef6bb916ca7174ccc972..87751c8c8c9961fc5e0c619c649a9151d7127ae7 100644 --- a/charts/shared-secrets/templates/job.yaml +++ b/charts/shared-secrets/templates/job.yaml @@ -1,33 +1,5 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "shared-secrets.jobname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ template "fullname" . }} - {{- end }} - restartPolicy: Never -{{- include "pullsecrets" .Values.image | indent 6}} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: ['/bin/bash', '/scripts/generate-secrets'] - {{ template "gitlab.imagePullPolicy" . }} - volumeMounts: - - name: scripts - mountPath: /scripts - volumes: - - name: scripts - configMap: - name: {{ template "fullname" . }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} +{{ include (print $.Template.BasePath "/_jobspec.yaml") . }} +{{- end }} + + diff --git a/charts/shared-secrets/templates/rbac-config.yaml b/charts/shared-secrets/templates/rbac-config.yaml index 19b15a1b4fa4e54a716b53910dfa21b739ac1e27..c289716408317cb1c6fa37bbd8c1339e76b0f0ed 100644 --- a/charts/shared-secrets/templates/rbac-config.yaml +++ b/charts/shared-secrets/templates/rbac-config.yaml @@ -1,52 +1,7 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded +{{- if and .Values.enabled .Values.rbac.create (not .Values.global.operatorenabled) -}} +{{ include (print $.Template.BasePath "/_rbac-serviceaccount.yaml") . }} --- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create", "patch"] +{{ include (print $.Template.BasePath "/_rbac-role.yaml") . }} --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} +{{ include (print $.Template.BasePath "/_rbac-rolebinding.yaml") . }} +{{- end}} diff --git a/charts/shared-secrets/templates/self-signed-cert-job.yml b/charts/shared-secrets/templates/self-signed-cert-job.yml index 62e6058a3f46bce50017c4b02b56fef3fcda8839..e368158af044c4bf0b327330bd631ae0bd3ed6d6 100644 --- a/charts/shared-secrets/templates/self-signed-cert-job.yml +++ b/charts/shared-secrets/templates/self-signed-cert-job.yml @@ -1,76 +1,3 @@ -{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "shared-secrets.jobname" . }}-selfsign - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "fullname" . }} - restartPolicy: Never -{{- include "pullsecrets" .Values.image | indent 6}} - initContainers: - - name: cfssl-self-sign - image: "{{ .Values.selfsign.image.repository }}:{{ .Values.selfsign.image.tag }}" - env: - - name: CA_SUBJECT - value: {{ .Values.selfsign.caSubject | quote }} # defaults to GitLab in container - - name: CA_ORG - value: {{ .Release.Namespace | quote }} # defaults to GitLab in container - - name: CA_ORG_UNIT - value: {{ .Release.Name | quote }} # defaults to Cloud Native in container - - name: CERT_SUBJECT - value: {{ .Values.global.hosts.domain | quote }} # defaults to GitLab in container - - name: CERT_DOMAIN - value: {{ .Values.global.hosts.domain | quote }} # defaults to example.com in container - - name: EXPIRY - value: {{ .Values.selfsign.expiry | quote }} # defaults to 8076h in container - - name: ALGORITHM - value: {{ .Values.selfsign.keyAlgorithm | quote }} # defaults to ecdsa in container - - name: KEY_SIZE - value: {{ .Values.selfsign.keySize | quote }} # defaults to 256 inside container - volumeMounts: - - name: certs-path - mountPath: /output - containers: - - name: kubectl - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: - - /bin/bash - - -exc - - | - certname={{ template "gitlab.wildcard-self-signed-cert-name" . }} - # create wildcard certificate secret - kubectl create secret tls $certname \ - --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true -{{- if not .Values.global.application.create }} - kubectl --namespace=$namespace label \ - secret $certname $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- if not .Values.global.operator.enabled }} +{{ include (print $.Template.BasePath "/_self-signed-cert-job.yaml") . }} {{- end }} - kubectl --namespace=$namespace label --overwrite \ - secret $certname {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} - # create CA certificate secret - kubectl create secret generic ${certname}-ca \ - --from-file=cfssl_ca=/output/ca.pem || true -{{- if not .Values.global.application.create }} - kubectl --namespace=$namespace label \ - secret ${certname}-ca $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') -{{- end }} - kubectl --namespace=$namespace label --overwrite \ - secret ${certname}-ca {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} - volumeMounts: - - name: certs-path - mountPath: /output - volumes: - - name: certs-path - emptyDir: {} -{{- end -}} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index b44d02a24280e226130cf0a1618e943121f31272..691585023e132198a7c17b0f2b5a345e54f7c8f4 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -15,6 +15,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "fullnameFor" -}} +{{- printf "%s-%s" .Context.Release.Name .Chart | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* ######### Hostname templates */}} {{/* diff --git a/values.yaml b/values.yaml index 0d3295083d879d6c5e12201811dd4f88e343cb28..1194da37952117e143af4a289e66e69d69b44832 100644 --- a/values.yaml +++ b/values.yaml @@ -3,6 +3,8 @@ global: # gitlabVersion: master + operator: + enabled: false application: create: false links: [] @@ -235,4 +237,3 @@ gitlab-runner: # enabled: false # gitlab-shell: # enabled: false -