diff --git a/charts/gitlab/charts/gitaly/templates/statefulset.yml b/charts/gitlab/charts/gitaly/templates/statefulset.yml index d398816793ea426352ecdba3f8f476a16bf8c5a8..515330bad5673be016bf11706ff228195723dd99 100644 --- a/charts/gitlab/charts/gitaly/templates/statefulset.yml +++ b/charts/gitlab/charts/gitaly/templates/statefulset.yml @@ -95,6 +95,12 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name +{{- if .Values.global.tracing.enabled }} + - name: GITLAB_TRACING + value: opentracing://jaeger?http_endpoint=http%3A%2F%2F{{.Values.global.tracing.serviceName}}-collector%3A14268%2Fapi%2Ftraces&sampler=const&sampler_param=1 + - name: GITLAB_TRACING_URL + value: 'http://{{.Values.global.tracing.serviceName}}-query:16686/search?service={{ "{{" }} service {{ "}}" }}&tags=%7B"correlation_id"%3A"{{ "{{" }} correlation_id {{ "}}" }}"%7D"' +{{- end }} volumeMounts: {{ include "gitlab.extraVolumeMounts" . | indent 12 }} {{ include "gitlab.certificates.volumeMount" . | indent 12 }} diff --git a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml index 4a8c783596deb6cfafdd96abf78fd3ce5d7654f2..bed8cb5d007bfa88e073945d9622291a8eecea90 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml @@ -84,6 +84,12 @@ spec: value: '/srv/gitlab-shell' - name: KEYS_DIRECTORY value: '/etc/gitlab-secrets/ssh' +{{- if .Values.global.tracing.enabled }} + - name: GITLAB_TRACING + value: opentracing://jaeger?http_endpoint=http%3A%2F%2F{{.Values.global.tracing.serviceName}}-collector%3A14268%2Fapi%2Ftraces&sampler=const&sampler_param=1 + - name: GITLAB_TRACING_URL + value: 'http://{{.Values.global.tracing.serviceName}}-query:16686/search?service={{ "{{" }} service {{ "}}" }}&tags=%7B"correlation_id"%3A"{{ "{{" }} correlation_id {{ "}}" }}"%7D"' +{{- end }} volumeMounts: - name: shell-config mountPath: '/etc/gitlab-shell' diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 717dc39d67629b90af1c20cfa64f04971e66a671..779e94b3464debb7f13bd2ad1a5755e535b53eb7 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -167,6 +167,12 @@ spec: value: {{ int $.Values.memoryKiller.graceTime | quote }} - name: SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT value: {{ int $.Values.memoryKiller.shutdownWait | quote }} +{{- if $.Values.global.tracing.enabled }} + - name: GITLAB_TRACING + value: opentracing://jaeger?http_endpoint=http%3A%2F%2F{{$.Values.global.tracing.serviceName}}-collector%3A14268%2Fapi%2Ftraces&sampler=const&sampler_param=1 + - name: GITLAB_TRACING_URL + value: 'http://{{$.Values.global.tracing.serviceName}}-query:16686/search?service={{ "{{" }} service {{ "}}" }}&tags=%7B"correlation_id"%3A"{{ "{{" }} correlation_id {{ "}}" }}"%7D"' +{{- end }} {{- if $metricsEnabled }} ports: - containerPort: {{ $metricsPort }} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 90201a95657ddf71f90f81740ec8393c988457fa..145a426007b1b015d62364f691f6e837bc297527 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -39,7 +39,26 @@ data: pid "/home/git/unicorn.pid" preload_app true + require_relative "/srv/gitlab/lib/gitlab/cluster/lifecycle_events" + + before_exec do |server| + # Signal application hooks that we're about to restart + Gitlab::Cluster::LifecycleEvents.do_master_restart + end + before_fork do |server, worker| + # Signal application hooks that we're about to fork + Gitlab::Cluster::LifecycleEvents.do_before_fork + + # The following is only recommended for memory/DB-constrained + # installations. It is not needed if your system can house + # twice as many worker_processes as you have configured. + # + # This allows a new master process to incrementally + # phase out the old master process with SIGTTOU to avoid a + # thundering herd (especially in the "preload_app false" case) + # when doing a transparent upgrade. The last worker spawned + # will then kill off the old master process with a SIGQUIT. old_pid = "#{server.config[:pid]}.oldbin" if old_pid != server.pid begin @@ -48,13 +67,21 @@ data: rescue Errno::ENOENT, Errno::ESRCH end end - - ActiveRecord::Base.connection.disconnect! if defined?(ActiveRecord::Base) + # + # Throttle the master from forking too quickly by sleeping. Due + # to the implementation of standard Unix signal handlers, this + # helps (but does not completely) prevent identical, repeated signals + # from being lost when the receiving process is busy. + # sleep 1 end after_fork do |server, worker| - ActiveRecord::Base.establish_connection if defined?(ActiveRecord::Base) - defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change + # Signal application hooks of worker start + Gitlab::Cluster::LifecycleEvents.do_worker_start + + # per-process listener ports for debugging/admin/migrations + # addr = "127.0.0.1:#{9293 + worker.nr}" + # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) end ENV['GITLAB_UNICORN_MEMORY_MIN'] = ({{ int .Values.memory.min }} * 1 << 20).to_s diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index f24d853f23cb0b68d746eb188e330e3ea55b69be..39b5536fb5830f64f56354c7d3ba327c976667f3 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -131,6 +131,12 @@ spec: {{- if .Values.workhorse.sentryDSN }} - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .Values.workhorse.sentryDSN }} +{{- end }} +{{- if .Values.global.tracing.enabled }} + - name: GITLAB_TRACING + value: opentracing://jaeger?http_endpoint=http%3A%2F%2F{{.Values.global.tracing.serviceName}}-collector%3A14268%2Fapi%2Ftraces&sampler=const&sampler_param=1 + - name: GITLAB_TRACING_URL + value: 'http://{{.Values.global.tracing.serviceName}}-query:16686/search?service={{ "{{" }} service {{ "}}" }}&tags=%7B"correlation_id"%3A"{{ "{{" }} correlation_id {{ "}}" }}"%7D"' {{- end }} volumeMounts: {{- if .Values.metrics.enabled }} @@ -189,6 +195,12 @@ spec: value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' +{{- if .Values.global.tracing.enabled }} + - name: GITLAB_TRACING + value: opentracing://jaeger?http_endpoint=http%3A%2F%2F{{.Values.global.tracing.serviceName}}-collector%3A14268%2Fapi%2Ftraces&sampler=const&sampler_param=1 + - name: GITLAB_TRACING_URL + value: 'http://{{.Values.global.tracing.serviceName}}-query:16686/search?service={{ "{{" }} service {{ "}}" }}&tags=%7B"correlation_id"%3A"{{ "{{" }} correlation_id {{ "}}" }}"%7D"' +{{- end }} volumeMounts: - name: workhorse-config mountPath: '/var/opt/gitlab/templates' diff --git a/charts/gitlab/values.yaml b/charts/gitlab/values.yaml index 72d12591f20dc6a3b123fa0ceb7d69eda77470da..9b8542f73020dae3959bdccdff5c01bd52e53003 100644 --- a/charts/gitlab/values.yaml +++ b/charts/gitlab/values.yaml @@ -34,4 +34,4 @@ global: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce gitlab-runner: - enabled: false + enabled: false \ No newline at end of file diff --git a/charts/jaeger/.helmignore b/charts/jaeger/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..c13e3c8fbb2f5206619b022bd85687317045d7e4 --- /dev/null +++ b/charts/jaeger/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj \ No newline at end of file diff --git a/charts/jaeger/Chart.yaml b/charts/jaeger/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1bfb0d4c1565cd0251772d4a0362e713f4c00a46 --- /dev/null +++ b/charts/jaeger/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +name: jaeger +version: 0.1.0 +appVersion: master +description: Deployment of a Jaeger resource to be used with the Jaeger operator + features. +keywords: +- gitlab +home: https://about.gitlab.com/ +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg +sources: +- https://gitlab.com/charts/gitlab +maintainers: +- name: GitLab Inc. + email: support@gitlab.com diff --git a/charts/jaeger/templates/_helpers.tpl b/charts/jaeger/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..1793eae8f88d62c0c51ed619749609c7c0d2ad65 --- /dev/null +++ b/charts/jaeger/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{- define "jaeger.hostname" -}} +{{- coalesce .Values.global.hosts.jaeger.name (include "gitlab.assembleHost" (dict "name" "jaeger" "context" . )) -}} +{{- end -}} + +{{/* +Returns the secret name for the Secret containing the TLS certificate and key. +Uses `ingress.tls.secretName` first and falls back to `global.ingress.tls.secretName` +if there is a shared tls secret for all ingresses. +*/}} +{{- define "jaeger.tlsSecret" -}} +{{- $defaultName := (dict "secretName" "") -}} +{{- if .Values.global.ingress.configureCertmanager -}} +{{- $_ := set $defaultName "secretName" (printf "%s-jaeger-tls" .Release.Name) -}} +{{- else -}} +{{- $_ := set $defaultName "secretName" (include "gitlab.wildcard-self-signed-cert-name" .) -}} +{{- end -}} +{{- pluck "secretName" .Values.ingress.tls .Values.global.ingress.tls $defaultName | first -}} +{{- end -}} + +{{/* +Returns the nginx ingress class +*/}} +{{- define "jaeger.ingressclass" -}} +{{- pluck "class" .Values.global.ingress (dict "class" (printf "%s-nginx" .Release.Name)) | first -}} +{{- end -}} \ No newline at end of file diff --git a/charts/jaeger/templates/jaeger-cr.yml b/charts/jaeger/templates/jaeger-cr.yml new file mode 100644 index 0000000000000000000000000000000000000000..ef80c04d01cfefd2181642b9ace86c3705df613f --- /dev/null +++ b/charts/jaeger/templates/jaeger-cr.yml @@ -0,0 +1,12 @@ +{{- if and .Values.global.tracing.enabled .Values.global.tracing.install -}} +apiVersion: jaegertracing.io/v1 +kind: Jaeger +metadata: + name: {{ .Values.global.tracing.serviceName }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +## spec: +## ingress: +## enabled: false +{{- end }} \ No newline at end of file diff --git a/charts/jaeger/templates/jaeger-ingress.yml b/charts/jaeger/templates/jaeger-ingress.yml new file mode 100644 index 0000000000000000000000000000000000000000..f060c86805487804cd396054f6ded6f6f1783e1e --- /dev/null +++ b/charts/jaeger/templates/jaeger-ingress.yml @@ -0,0 +1,41 @@ +{{- if and .Values.global.tracing.enabled .Values.global.tracing.install -}} +{{- if eq (include "gitlab.ingress.enabled" $) "true" -}} +{{- $hostname := include "jaeger.hostname" . -}} +{{- $tlsSecret := include "jaeger.tlsSecret" . -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + kubernetes.io/ingress.class: "{{ template "jaeger.ingressclass" . }}" + kubernetes.io/ingress.provider: nginx + nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} + nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.ingress.proxyReadTimeout | quote }} + nginx.ingress.kubernetes.io/proxy-request-buffering: {{ .Values.ingress.proxyBuffering | quote }} + nginx.ingress.kubernetes.io/proxy-buffering: {{ .Values.ingress.proxyBuffering | quote }} + {{ include "gitlab.certmanager_annotations" . }} + {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ $hostname }} + http: + paths: + - path: / + backend: + serviceName: {{ .Values.global.tracing.serviceName }}-query + servicePort: 16686 + {{- if (and $tlsSecret (eq (include "gitlab.ingress.tls.enabled" $) "true" )) }} + tls: + - hosts: + - {{ $hostname }} + secretName: {{ $tlsSecret }} + {{- else }} + tls: [] + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/jaeger/values.yaml b/charts/jaeger/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..337d175fb08708520b3e19cf7989806dfc56aaf5 --- /dev/null +++ b/charts/jaeger/values.yaml @@ -0,0 +1,40 @@ +enabled: true + +ingress: + enabled: true + proxyReadTimeout: 900 + proxyBodySize: "0" + proxyBuffering: "off" + tls: {} + # secretName: + # enabled: true + annotations: {} + +global: + ingress: + enabled: true + annotations: {} + tls: {} + # secretName: + # enabled: true + hosts: + domain: example.com + hostSuffix: + https: true + tls: {} + # secretName: + gitlab: {} + #name: gitlab.example.com + #https: false + registry: {} + #name: registry.example.com + #https: false + minio: {} + #name: minio.example.com + #https: false + jaeger: {} + #name: jaeger.example.com + #https: false + tracing: + enabled: true + serviceName: gitlab-jaeger \ No newline at end of file diff --git a/charts/nginx/templates/clusterrolebinding.yaml b/charts/nginx/templates/clusterrolebinding.yaml index 20432ed00f1e60db191205c6d841a4cda82a180f..797d68e08e26315af984d10fe7a6f77e2c428570 100644 --- a/charts/nginx/templates/clusterrolebinding.yaml +++ b/charts/nginx/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.enabled -}} +{{- if and .Values.global.tracing.enabled .Values.global.tracing.install -}} {{- if and .Values.rbac.create (not .Values.controller.scope.enabled) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/values.yaml b/values.yaml index 0411c099a6e28445f71a9220e29e35c1d0d68651..77ba9720c36c06cb962f4740aaeb93cb77a58d59 100644 --- a/values.yaml +++ b/values.yaml @@ -298,6 +298,11 @@ global: customCAs: [] # - secret: custom-CA # - secret: more-custom-CAs + + tracing: + enabled: true + install: true + serviceName: jaeger-gitlab ## End of global ## Settings to for the Let's Encrypt ACME Issuer