Skip to content

WIP: A new version of gitlab (13.0.0) is available

FDO helm bot requested to merge upgrade-to-13.0.0 into master

current diff:

--- current-deployment.yaml
+++ future-deployment.yaml
@@ -54,25 +54,6 @@
   readOnlyRootFilesystem: false
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/pdb.yaml
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-spec:
-  maxUnavailable: 1
-  selector:
-    matchLabels:
-      app: unicorn
-      release: gitlab-prod
----
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
@@ -421,7 +402,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-3.3.3
+    chart: gitlab-exporter-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -501,7 +482,7 @@
   labels:
     gitlab_grafana_datasource: "true"
     app: gitlab-grafana
-    chart: gitlab-grafana-3.3.3
+    chart: gitlab-grafana-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -529,7 +510,7 @@
   namespace: default
   labels:
     app: gitlab-grafana
-    chart: gitlab-grafana-3.3.3
+    chart: gitlab-grafana-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -554,450 +535,6 @@
     
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/configmap.yml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-data:
-  installation_type: |
-    gitlab-helm-chart
-  database.yml.erb: |
-    production:
-      adapter: postgresql
-      encoding: unicode
-      database: gitlab_production
-      username: gitlab
-      password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>"
-      host: "gitlab-prod-postgresql-postgresql"
-      port: 5432
-      pool: 10
-      prepared_statements: false
-      # load_balancing:
-      #   hosts:
-      #     - host1.example.com
-      #     - host2.example.com
-      
-  smtp_settings.rb: |
-    Rails.application.config.action_mailer.delivery_method = :smtp
-    
-    ActionMailer::Base.delivery_method = :smtp
-    ActionMailer::Base.smtp_settings = {
-      address: "gabe.freedesktop.org",
-      port: 5878,
-      ca_file: "/etc/ssl/certs/ca-certificates.crt",
-      domain: "gitlab.freedesktop.org",
-      
-      authentication: :login,
-      user_name: "gitlab@gitlab.freedesktop.org",
-      password: File.read("/etc/gitlab/smtp/smtp-password").strip,
-      enable_starttls_auto: true,
-      tls: false,
-      openssl_verify_mode: 'peer'
-    }
-  resque.yml.erb: |
-    production:
-      url: redis://:<%= URI.escape(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-prod-redis-master:6379
-      id:
-  
-  
-  
-  cable.yml.erb: |
-    production:
-      url: redis://:<%= URI.escape(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-prod-redis-master:6379
-      id:
-      adapter: redis
-  unicorn.rb: |
-    # This file should be equivalent to `unicorn.rb` from:
-    # * gitlab-foss: https://gitlab.com/gitlab-org/gitlab-foss/blob/master/config/unicorn.rb.example
-    # * omnibus: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb
-    worker_processes 2
-    working_directory "/srv/gitlab"
-    listen "0.0.0.0:8080", :tcp_nopush => true
-    timeout 60
-    pid "/home/git/unicorn.pid"
-    preload_app true
-
-    require_relative "/srv/gitlab/lib/gitlab/cluster/lifecycle_events"
-
-    before_exec do |server|
-      # Signal application hooks that we're about to restart
-      Gitlab::Cluster::LifecycleEvents.do_before_master_restart
-    end
-
-    run_once = true
-    before_fork do |server, worker|
-      if run_once
-        # There is a difference between Puma and Unicorn:
-        # - Puma calls before_fork once when booting up master process
-        # - Unicorn runs before_fork whenever new work is spawned
-        # To unify this behavior we call before_fork only once (we use
-        # this callback for deleting Prometheus files so for our purposes
-        # it makes sense to align behavior with Puma)
-        run_once = false
-
-        # Signal application hooks that we're about to fork
-        Gitlab::Cluster::LifecycleEvents.do_before_fork
-      end
-
-      # The following is only recommended for memory/DB-constrained
-      # installations.  It is not needed if your system can house
-      # twice as many worker_processes as you have configured.
-      #
-      # This allows a new master process to incrementally
-      # phase out the old master process with SIGTTOU to avoid a
-      # thundering herd (especially in the "preload_app false" case)
-      # when doing a transparent upgrade.  The last worker spawned
-      # will then kill off the old master process with a SIGQUIT.
-      old_pid = "#{server.config[:pid]}.oldbin"
-      if old_pid != server.pid
-        begin
-          sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
-          Process.kill(sig, File.read(old_pid).to_i)
-        rescue Errno::ENOENT, Errno::ESRCH
-        end
-      end
-      #
-      # Throttle the master from forking too quickly by sleeping.  Due
-      # to the implementation of standard Unix signal handlers, this
-      # helps (but does not completely) prevent identical, repeated signals
-      # from being lost when the receiving process is busy.
-      # sleep 1
-    end
-
-    after_fork do |server, worker|
-      # Signal application hooks of worker start
-      Gitlab::Cluster::LifecycleEvents.do_worker_start
-
-      # per-process listener ports for debugging/admin/migrations
-      # addr = "127.0.0.1:#{9293 + worker.nr}"
-      # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
-    end
-
-    ENV['GITLAB_UNICORN_MEMORY_MIN'] = (1024 * 1 << 20).to_s
-    ENV['GITLAB_UNICORN_MEMORY_MAX'] = (1280 * 1 << 20).to_s
-  puma.rb: |
-    # This file should be equivalent to `puma.rb` from:
-    # * gitlab-foss: https://gitlab.com/gitlab-org/gitlab-foss/blob/master/config/puma.rb.example
-    # * omnibus: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/puma.rb.erb
-    # frozen_string_literal: true
-
-    pidfile "/home/git/puma.pid"
-    state_path "/home/git/puma.pid"
-
-    stdout_redirect '/srv/gitlab/log/puma.stdout.log',
-      '/srv/gitlab/log/puma.stderr.log',
-      true
-
-    # Configure "min" to be the minimum number of threads to use to answer
-    # requests and "max" the maximum.
-    threads 4, 4
-
-    # By default, workers accept all requests and queue them to pass to handlers.
-    # When false, workers accept the number of simultaneous requests configured.
-    #
-    # Queueing requests generally improves performance, but can cause deadlocks if
-    # the app is waiting on a request to itself. See https://github.com/puma/puma/issues/612
-    #
-    # When set to false this may require a reverse proxy to handle slow clients and
-    # queue requests before they reach puma. This is due to disabling HTTP keepalive
-    queue_requests false
-
-    # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
-    # accepted protocols.
-    bind 'tcp://0.0.0.0:8080'
-
-    directory "/srv/gitlab"
-
-    workers 2
-
-    require_relative "/srv/gitlab/lib/gitlab/cluster/lifecycle_events"
-    require_relative "/srv/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer"
-
-    on_restart do
-      # Signal application hooks that we're about to restart
-      Gitlab::Cluster::LifecycleEvents.do_before_master_restart
-    end
-
-    options = { workers: 2 }
-
-    before_fork do
-      # Signal to the puma killer
-      Gitlab::Cluster::PumaWorkerKillerInitializer.start(options, puma_per_worker_max_memory_mb: 1024)
-
-      # Signal application hooks that we're about to fork
-      Gitlab::Cluster::LifecycleEvents.do_before_fork
-    end
-
-    Gitlab::Cluster::LifecycleEvents.set_puma_options options
-    on_worker_boot do
-      # Signal application hooks of worker start
-      Gitlab::Cluster::LifecycleEvents.do_worker_start
-    end
-
-    # Preload the application before starting the workers; this conflicts with
-    # phased restart feature. (off by default)
-
-    preload_app!
-
-    tag 'gitlab-puma-worker'
-
-    # Verifies that all workers have checked in to the master process within
-    # the given timeout. If not the worker process will be restarted. Default
-    # value is 60 seconds.
-    #
-    worker_timeout 60
-
-    # Use customised JSON formatter for Puma log
-    require_relative "/srv/gitlab/lib/gitlab/puma_logging/json_formatter"
-
-    json_formatter = Gitlab::PumaLogging::JSONFormatter.new
-    log_formatter do |str|
-        json_formatter.call(str)
-    end
-  gitlab.yml.erb: |
-    production: &base
-      gitlab:
-        host: gitlab.freedesktop.org
-        https: true
-        max_request_duration_seconds: 57
-        impersonation_enabled: 
-        usage_ping_enabled: true
-        seat_link_enabled: true
-        default_can_create_group: false
-        username_changing_enabled: true
-        issue_closing_pattern: 
-        default_theme: 
-        default_projects_features:
-          issues: true
-          merge_requests: true
-          wiki: true
-          snippets: true
-          builds: true
-          container_registry: true
-        webhook_timeout: 
-        trusted_proxies:
-        time_zone: "UTC"        
-        email_from: "gitlab@freedesktop.org"
-        email_display_name: "GitLab"
-        email_reply_to: "noreply@freedesktop.org"
-        email_subject_suffix: ""
-      
-      gravatar:
-        plain_url: 
-        ssl_url: 
-      extra:
-        
-        
-        
-      artifacts:
-        enabled: true
-        object_store:
-          enabled: true
-          remote_directory: fdo-gitlab-artifacts
-          direct_upload: true
-          background_upload: false
-          proxy_download: false
-          connection: <%= YAML.load_file("/etc/gitlab/objectstorage/artifacts").to_json() %>
-      lfs:
-        enabled: true
-        object_store:
-          enabled: true
-          remote_directory: fdo-gitlab-lfs
-          direct_upload: true
-          background_upload: false
-          proxy_download: false
-          connection: <%= YAML.load_file("/etc/gitlab/objectstorage/lfs").to_json() %>
-      uploads:
-        enabled: true
-        object_store:
-          enabled: true
-          remote_directory: fdo-gitlab-uploads
-          direct_upload: true
-          background_upload: false
-          proxy_download: false
-          connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %>
-      packages:
-        enabled: true
-        object_store:
-          enabled: true
-          remote_directory: gitlab-packages
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
-      external_diffs:
-        enabled: 
-        when: 
-        object_store:
-          enabled: false
-          remote_directory: gitlab-mr-diffs
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
-      terraform_state:
-        enabled: false
-        object_store:
-          enabled: false
-          remote_directory: gitlab-terraform-state
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
-      
-      pages:
-        enabled: false
-      mattermost:
-        enabled: false
-      gitlab_ci:
-      ldap:
-        enabled: false
-      
-      omniauth:
-        enabled: true
-        sync_profile_from_provider: []
-        sync_profile_attributes: ["email"]
-        allow_single_sign_on: true
-        block_auto_created_users: false
-        auto_link_ldap_user: false
-        auto_link_saml_user: false
-        external_providers: []
-        providers:
-          - <%= YAML.load_file("/etc/gitlab/omniauth/gitlab-prod-freedesktop-omniauth-providers/google").to_json() %>
-          - <%= YAML.load_file("/etc/gitlab/omniauth/gitlab-prod-freedesktop-omniauth-providers/gitlab").to_json() %>
-          - <%= YAML.load_file("/etc/gitlab/omniauth/gitlab-prod-freedesktop-omniauth-providers/github").to_json() %>
-          - <%= YAML.load_file("/etc/gitlab/omniauth/gitlab-prod-freedesktop-omniauth-providers/twitter").to_json() %>
-      kerberos:
-        enabled: false
-      shared:
-      gitaly:
-        client_path: /home/git/gitaly/bin
-        token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>"
-      repositories:
-        storages: # You must have at least a `default` storage path.
-          default:
-            path: /var/opt/gitlab/repo
-            gitaly_address: tcp://node1.git.example.com:8075
-          
-      backup:
-        path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
-      gitlab_shell:
-        path: /home/git/gitlab-shell/
-        hooks_path: /home/git/gitlab-shell/hooks/
-        upload_pack: true
-        receive_pack: true
-        ssh_port: 22
-        secret_file: /etc/gitlab/shell/.gitlab_shell_secret
-      workhorse:
-        secret_file: /etc/gitlab/gitlab-workhorse/secret
-      git:
-        bin_path: /usr/bin/git
-      webpack:
-      monitoring:
-        ip_whitelist:
-          - 0.0.0.0/0
-        web_exporter:
-          enabled: false
-          address: 0.0.0.0
-          port: 8083
-        sidekiq_exporter:
-      shutdown:
-        blackout_seconds: 10
-      rack_attack:
-        git_basic_auth:
-      ## Registry Integration
-      registry:
-        enabled: true
-        host: registry.freedesktop.org
-        api_url: http://gitlab-prod-registry:5000
-        key: /etc/gitlab/registry/gitlab-registry.key
-        issuer: gitlab-issuer
-  configure: |
-    set -e
-    config_dir="/init-config"
-    secret_dir="/init-secrets"
-    
-    for secret in shell gitaly registry postgres rails-secrets gitlab-workhorse ; do
-      mkdir -p "${secret_dir}/${secret}"
-      cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
-    done
-    for secret in redis minio objectstorage ldap omniauth smtp ; do
-      if [ -e "${config_dir}/${secret}" ]; then
-        mkdir -p "${secret_dir}/${secret}"
-        cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
-      fi
-    done
-    
-    
-    
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: gitlab-prod-workhorse-config
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-data:
-  installation_type: |
-    gitlab-helm-chart
-  workhorse-config.toml.erb: |
-    [redis]
-    URL = "redis://gitlab-prod-redis-master:6379"
-    Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>"
-  configure: |
-      set -e
-      mkdir -p /init-secrets-workhorse/gitlab-workhorse
-      cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
-      mkdir -p /init-secrets-workhorse/redis
-      cp -v -r -L /init-config/redis/redis-password /init-secrets-workhorse/redis/
-# Leave this here - This line denotes end of block to the parser.
-
----
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/tests/tests.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: gitlab-prod-unicorn-tests
-  namespace: default
-data:
-  test_login: |
-    set -e
-    echo 'Start Test'
-    endpoint="https://gitlab.freedesktop.org"
-    cookie_read="-c /tmp/test_login.cookie"
-    cookie_readwrite="$cookie_read -b /tmp/test_login.cookie"
-
-    signin_url="$endpoint/users/sign_in"
-    echo "Login to create a session: $signin_url"
-    csrf=$(curl $signin_url --fail -s $cookie_read | grep -Po '<meta.*name="csrf-token".*content="\K[a-zA-Z0-9\+=\-\/]*')
-    curl --fail -X POST $signin_url -s $cookie_readwrite -F "authenticity_token=$csrf" -F 'user[login]=root' -F "user[password]=$(cat /initial_root_password)"
-
-    profile_url="$endpoint/profile"
-    echo "Confirm session valid: $profile_url"
-    profile_status=$(curl -s -o /tmp/profile_output -w "%{http_code}" $cookie_readwrite $profile_url)
-
-    if [ "$profile_status" != "200" ]; then
-      echo "Error: Session Invalid"
-      cat /tmp/profile_output
-      exit 1
-    fi
-
-    echo 'Test Passed'
-    exit 0
-
-# Leave this here - This line denotes end of block to the parser.
-
----
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/grafana/templates/configmap-dashboard-provider.yaml
 
 apiVersion: v1
@@ -1082,7 +619,7 @@
   server-tokens: "false"
   ssl-ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
   ssl-protocols: TLSv1.3 TLSv1.2
-  use-http2: "false"
+  use-http2: "true"
   
 
 ---
@@ -1514,6 +1051,7 @@
         otp_key_base=$(fetch_rails_value secrets.yml "${env}.otp_key_base")
         db_key_base=$(fetch_rails_value secrets.yml "${env}.db_key_base")
         openid_connect_signing_key=$(fetch_rails_value secrets.yml "${env}.openid_connect_signing_key")
+        ci_jwt_signing_key=$(fetch_rails_value secrets.yml "${env}.ci_jwt_signing_key")
       fi;
     
       # Generate defaults for any unset secrets
@@ -1521,6 +1059,7 @@
       otp_key_base="${otp_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64)
       db_key_base="${db_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64)
       openid_connect_signing_key="${openid_connect_signing_key:-$(openssl genrsa 2048)}"
+      ci_jwt_signing_key="${ci_jwt_signing_key:-$(openssl genrsa 2048)}"
     
       # Update the existing secret
       cat << EOF > rails-secrets.yml
@@ -1537,6 +1076,8 @@
           db_key_base: $db_key_base
           openid_connect_signing_key: |
     $(echo "${openid_connect_signing_key}" | awk '{print "        " $0}')
+          ci_jwt_signing_key: |
+    $(echo "${ci_jwt_signing_key}" | awk '{print "        " $0}')
     EOF
       kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml
       label_secret $rails_secret
@@ -1570,13 +1111,13 @@
   namespace: default
   labels:
     app: gitlab
-    chart: gitlab-3.3.3
+    chart: gitlab-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
 data:
-  gitlabVersion: "12.10.3"
-  gitlabChartVersion: "3.3.3"
+  gitlabVersion: "13.0.0"
+  gitlabChartVersion: "4.0.0"
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/templates/initdb-configmap.yaml
@@ -1587,7 +1128,7 @@
   namespace: default
   labels:
     app: gitlab
-    chart: gitlab-3.3.3
+    chart: gitlab-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -10188,7 +9729,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-3.3.3
+    chart: gitlab-exporter-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -10206,37 +9747,6 @@
     release: gitlab-prod
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/service.yaml
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-  annotations:
-    
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: 8080
-      protocol: TCP
-      name: http-unicorn
-    - port: 8181
-      targetPort: 8181
-      protocol: TCP
-      name: http-workhorse
-  selector:
-    app: unicorn
-    release: gitlab-prod
-
----
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -10391,7 +9901,7 @@
   name: gitlab-prod-postgresql-postgresql-metrics
   labels:
     app: postgresql
-    chart: postgresql-7.7.3
+    chart: postgresql-8.9.4
     release: "gitlab-prod"
     heritage: "Tiller"
   annotations:
@@ -10401,9 +9911,9 @@
 spec:
   type: ClusterIP
   ports:
-    - name: metrics
+    - name: http-metrics
       port: 9187
-      targetPort: metrics
+      targetPort: http-metrics
   selector:
     app: postgresql
     release: gitlab-prod
@@ -10417,16 +9927,16 @@
   name: gitlab-prod-postgresql-postgresql-headless
   labels:
     app: postgresql
-    chart: postgresql-7.7.3
+    chart: postgresql-8.9.4
     release: "gitlab-prod"
     heritage: "Tiller"
 spec:
   type: ClusterIP
   clusterIP: None
   ports:
-    - name: postgresql
+    - name: tcp-postgresql
       port: 5432
-      targetPort: postgresql
+      targetPort: tcp-postgresql
   selector:
     app: postgresql
     release: "gitlab-prod"
@@ -10439,15 +9949,16 @@
   name: gitlab-prod-postgresql-postgresql
   labels:
     app: postgresql
-    chart: postgresql-7.7.3
+    chart: postgresql-8.9.4
     release: "gitlab-prod"
     heritage: "Tiller"
+  annotations:
 spec:
   type: ClusterIP
   ports:
-    - name: postgresql
+    - name: tcp-postgresql
       port: 5432
-      targetPort: postgresql
+      targetPort: tcp-postgresql
   selector:
     app: postgresql
     release: "gitlab-prod"
@@ -10545,39 +10056,6 @@
     role: master
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/tests/test-runner.yaml
-apiVersion: v1
-kind: Pod
-metadata:
-  name: gitlab-prod-unicorn-test-runner-dglq0
-  namespace: default
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-  - name: test-runner
-    image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v12.10.3
-    command: ['sh', '/tests/test_login']
-    volumeMounts:
-      - name: tests
-        mountPath: '/tests'
-      - name: root-password
-        readOnly: true
-        mountPath: /initial_root_password
-        subPath: initial_root_password
-  volumes:
-  - name: tests
-    configMap:
-      name: gitlab-prod-unicorn-tests
-  - name: root-password
-    secret:
-      secretName: "gitlab-prod-gitlab-initial-root-password"
-      items:
-        - key: "password"
-          path: initial_root_password
-  restartPolicy: Never
-
----
 # Source: helm-gitlab-omnibus/charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -10606,7 +10084,7 @@
           requests:
             memory: "36Gi"
             cpu: "12"
-        image: gitlab/gitlab-ce:12.10.3-ce.0
+        image: gitlab/gitlab-ce:13.0.0-ce.0
         imagePullPolicy: IfNotPresent
         command: ["/bin/bash", "-c",
           "sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]
@@ -11062,7 +10540,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-3.3.3
+    chart: gitlab-exporter-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -11078,7 +10556,7 @@
         app: gitlab-exporter
         release: gitlab-prod
       annotations:
-        checksum/config: ec491f6cfc0c7eea6b6c95103196ecdd046e78cf4cfda738121c5a6ac08cc399
+        checksum/config: 6613f6f043bf898e4763e889df04f723871ef40c53711460e408669cb798799e
         prometheus.io/path: /metrics
         prometheus.io/port: "9168"
         prometheus.io/scrape: "true"
@@ -11134,7 +10612,7 @@
       containers:
         
         - name: gitlab-exporter
-          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:7.0.1"
+          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:7.0.3"
           
           env:
             - name: CONFIG_TEMPLATE_DIRECTORY
@@ -11206,386 +10684,6 @@
           medium: "Memory"
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/deployment.yaml
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-spec:
-  replicas: 
-  selector:
-    matchLabels:
-      app: unicorn
-      release: gitlab-prod
-  template:
-    metadata:
-      labels:
-        app: unicorn
-        release: gitlab-prod
-      annotations:
-        checksum/config: e3bf5d077071e24c434c7b4f3656e170849fff33a37630294cf6a19fdb59dfd2
-        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
-        prometheus.io/path: /-/metrics
-        prometheus.io/port: "8080"
-        prometheus.io/scrape: "true"
-        
-    spec:
-      securityContext:
-        runAsUser: 1000
-        fsGroup: 1000
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 1
-            podAffinityTerm:
-              topologyKey: kubernetes.io/hostname
-              labelSelector:
-                matchLabels:
-                  app: unicorn
-                  release: gitlab-prod
-      initContainers:
-        
-        
-        - name: certificates
-          image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20171114-r3"
-          
-          volumeMounts:
-          - name: etc-ssl-certs
-            mountPath: /etc/ssl/certs
-            readOnly: false
-          resources:
-            requests:
-              cpu: 50m
-            
-        - name: configure
-          command: ['sh']
-          args: [ '-c', 'sh -x /config-unicorn/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab']
-          image: "busybox:latest"
-          volumeMounts:
-          
-          
-          
-          - name: unicorn-config
-            mountPath: /config-unicorn
-            readOnly: true
-          - name: workhorse-config
-            mountPath: /config-workhorse
-            readOnly: true
-          - name: init-unicorn-secrets
-            mountPath: /init-config
-            readOnly: true
-          - name: unicorn-secrets
-            mountPath: /init-secrets
-            readOnly: false
-          - name: workhorse-secrets
-            mountPath: /init-secrets-workhorse
-            readOnly: false
-          - name: shared-tmp
-            mountPath: /tmp
-            readOnly: false
-          resources:
-            requests:
-              cpu: 50m
-            
-        - name: dependencies
-          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v12.10.3
-          
-          args:
-            - /scripts/wait-for-deps
-          env:
-            - name: GITALY_FEATURE_DEFAULT_ON
-              value: "1"
-            - name: CONFIG_TEMPLATE_DIRECTORY
-              value: '/var/opt/gitlab/templates'
-            - name: CONFIG_DIRECTORY
-              value: '/srv/gitlab/config'
-            - name: WORKHORSE_ARCHIVE_CACHE_DISABLED
-              value: "1"
-            - name: ENABLE_BOOTSNAP
-              value: "1"
-          volumeMounts:
-            
-            - name: unicorn-config
-              mountPath: '/var/opt/gitlab/templates'
-            - name: unicorn-secrets
-              mountPath: '/etc/gitlab'
-              readOnly: true
-            - name: unicorn-secrets
-              mountPath: /srv/gitlab/config/secrets.yml
-              subPath: rails-secrets/secrets.yml
-              readOnly: true
-          resources:
-            requests:
-              cpu: 50m
-                  
-      containers:
-        
-        - name: unicorn
-          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v12.10.3
-          
-          ports:
-            - containerPort: 8080
-              name: unicorn
-          env:
-            - name: GITLAB_WEBSERVER
-              value: unicorn
-            - name: TMPDIR
-              value: "/tmp/gitlab"
-            - name: GITALY_FEATURE_DEFAULT_ON
-              value: "1"
-            - name: CONFIG_TEMPLATE_DIRECTORY
-              value: '/var/opt/gitlab/templates'
-            - name: CONFIG_DIRECTORY
-              value: '/srv/gitlab/config'
-            - name: prometheus_multiproc_dir
-              value: /metrics
-            - name: ENABLE_BOOTSNAP
-              value: "1"
-          volumeMounts:
-            - name: unicorn-metrics
-              mountPath: '/metrics'
-            - name: unicorn-config
-              mountPath: '/var/opt/gitlab/templates'
-            - name: unicorn-secrets
-              mountPath: '/etc/gitlab'
-              readOnly: true
-            - name: unicorn-secrets
-              mountPath: /srv/gitlab/config/secrets.yml
-              subPath: rails-secrets/secrets.yml
-            - name: unicorn-config
-              mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb'
-              subPath: smtp_settings.rb
-            - name: unicorn-config
-              mountPath: '/srv/gitlab/INSTALLATION_TYPE'
-              subPath: installation_type
-            - name: shared-upload-directory
-              mountPath: /srv/gitlab/public/uploads/tmp
-              readOnly: false
-            - name: shared-artifact-directory
-              mountPath: /srv/gitlab/shared
-              readOnly: false
-            - name: shared-tmp
-              mountPath: '/tmp'
-              readOnly: false
-            - name: etc-ssl-certs
-              mountPath: /etc/ssl/certs/
-              readOnly: true
-            
-          livenessProbe:
-            httpGet:
-              path: /-/liveness
-              port: 8080
-            initialDelaySeconds: 20
-            periodSeconds: 60
-            timeoutSeconds: 30
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /-/readiness
-              port: 8080
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            timeoutSeconds: 2
-            successThreshold: 1
-            failureThreshold: 3
-          lifecycle:
-            preStop:
-              exec:
-                command: ["/bin/bash", "-c", "pkill -SIGQUIT -f 'unicorn master'"]
-          resources:
-            requests:
-              cpu: 300m
-              memory: 1.5G
-            
-        - name: gitlab-workhorse
-          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v12.10.3"
-          
-          ports:
-            - containerPort: 8181
-              name: workhorse
-          env:
-            - name: TMPDIR
-              value: "/tmp/gitlab"
-            - name: GITLAB_WORKHORSE_EXTRA_ARGS
-              value: ""
-            - name: GITLAB_WORKHORSE_LISTEN_PORT
-              value: "8181"
-            - name: CONFIG_TEMPLATE_DIRECTORY
-              value: '/var/opt/gitlab/templates'
-            - name: CONFIG_DIRECTORY
-              value: '/srv/gitlab/config'
-          volumeMounts:
-            - name: workhorse-config
-              mountPath: '/var/opt/gitlab/templates'
-            - name: workhorse-secrets
-              mountPath: '/etc/gitlab'
-              readOnly: true
-            - name: shared-upload-directory
-              mountPath: /srv/gitlab/public/uploads/tmp
-              readOnly: false
-            - name: shared-artifact-directory
-              mountPath: /srv/gitlab/shared
-              readOnly: false
-            - name: shared-tmp
-              mountPath: '/tmp'
-              readOnly: false
-            - name: etc-ssl-certs
-              mountPath: /etc/ssl/certs/
-              readOnly: true
-            
-          livenessProbe:
-            exec:
-              command:
-              - /scripts/healthcheck
-            initialDelaySeconds: 20
-            periodSeconds: 60
-            timeoutSeconds: 30
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            exec:
-              command:
-              - /scripts/healthcheck
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            timeoutSeconds: 2
-            successThreshold: 1
-            failureThreshold: 3
-          resources:
-            requests:
-              cpu: 100m
-              memory: 100M
-            
-      volumes:
-      
-      
-      
-      - name: shared-tmp
-        emptyDir: {}
-      - name: unicorn-metrics
-        emptyDir:
-          medium: "Memory"
-      - name: unicorn-config
-        configMap:
-          name: gitlab-prod-unicorn
-      - name: workhorse-config
-        configMap:
-            name: gitlab-prod-workhorse-config
-      - name: init-unicorn-secrets
-        projected:
-          defaultMode: 0400
-          sources:
-          - secret:
-              name: "gitlab-prod-rails-secret"
-              items:
-                - key: secrets.yml
-                  path: rails-secrets/secrets.yml
-          - secret:
-              name: "gitlab-prod-gitlab-shell-secret"
-              items:
-                - key: "secret"
-                  path: shell/.gitlab_shell_secret
-          - secret:
-              name: "gitlab-prod-gitaly-secret"
-              items:
-                - key: "token"
-                  path: gitaly/gitaly_token
-          
-          
-          - secret:
-              name: "gitlab-prod-redis-secret"
-              items:
-                - key: "secret"
-                  path: redis/redis-password
-          - secret:
-              name: "gitlab-prod-postgresql-password"
-              items:
-                - key: "postgresql-password"
-                  path: postgres/psql-password
-          - secret:
-              name: "gitlab-prod-registry-secret"
-              items:
-                - key: registry-auth.key
-                  path: registry/gitlab-registry.key
-          - secret:
-              name: "gitlab-prod-gitlab-workhorse-secret"
-              items:
-                - key: "shared_secret"
-                  path: gitlab-workhorse/secret
-          # mount secret for minio
-          # mount secret for artifacts
-          - secret:
-              name: gitlab-prod-freedesktop-gcs-key
-              items:
-                - key: connection
-                  path: objectstorage/artifacts
-          # mount secret for lfs
-          - secret:
-              name: gitlab-prod-freedesktop-gcs-key
-              items:
-                - key: connection
-                  path: objectstorage/lfs
-          # mount secret for uploads
-          - secret:
-              name: gitlab-prod-freedesktop-gcs-key
-              items:
-                - key: connection
-                  path: objectstorage/uploads
-          # mount secret for packages
-          # mount secret for external_diffs
-          # mount secret for terraform_state
-          # mount secrets for LDAP
-          
-          - secret:
-              name: gitlab-prod-freedesktop-omniauth-providers
-              items:
-                - key: google
-                  path: "omniauth/gitlab-prod-freedesktop-omniauth-providers/google"
-          - secret:
-              name: gitlab-prod-freedesktop-omniauth-providers
-              items:
-                - key: gitlab
-                  path: "omniauth/gitlab-prod-freedesktop-omniauth-providers/gitlab"
-          - secret:
-              name: gitlab-prod-freedesktop-omniauth-providers
-              items:
-                - key: github
-                  path: "omniauth/gitlab-prod-freedesktop-omniauth-providers/github"
-          - secret:
-              name: gitlab-prod-freedesktop-omniauth-providers
-              items:
-                - key: twitter
-                  path: "omniauth/gitlab-prod-freedesktop-omniauth-providers/twitter"
-          - secret:
-              name: gitlab-prod-freedesktop-smtp-secret
-              items:
-                - key: password
-                  path: smtp/smtp-password
-      - name: unicorn-secrets
-        emptyDir:
-          medium: "Memory"
-      - name: workhorse-secrets
-        emptyDir:
-          medium: "Memory"
-      - name: shared-upload-directory
-        emptyDir: {}
-      - name: shared-artifact-directory
-        emptyDir: {}
-      
-      - name: etc-ssl-certs
-        emptyDir:
-          medium: "Memory"
-
----
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/grafana/templates/deployment.yaml
 
 apiVersion: apps/v1
@@ -12018,31 +11116,6 @@
           persistentVolumeClaim:
             claimName: gitlab-prod-prometheus-server
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/hpa.yaml
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: gitlab-prod-unicorn
-  minReplicas: 2
-  maxReplicas: 10
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      targetAverageValue: 1
----
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/statefulset.yaml
 apiVersion: apps/v1
 kind: StatefulSet
@@ -12050,9 +11123,10 @@
   name: gitlab-prod-postgresql
   labels:
     app: postgresql
-    chart: postgresql-7.7.3
+    chart: postgresql-8.9.4
     release: "gitlab-prod"
     heritage: "Tiller"
+  annotations:
 spec:
   serviceName: gitlab-prod-postgresql-postgresql-headless
   replicas: 1
@@ -12068,39 +11142,13 @@
       name: gitlab-prod-postgresql-postgresql
       labels:
         app: postgresql
-        chart: postgresql-7.7.3
+        chart: postgresql-8.9.4
         release: "gitlab-prod"
         heritage: "Tiller"
         role: master
     spec:      
       securityContext:
         fsGroup: 1001
-      initContainers:
-        - name: init-chmod-data
-          image: docker.io/bitnami/minideb:stretch
-          imagePullPolicy: "Always"
-          resources:
-            requests:
-              cpu: 250m
-              memory: 256Mi
-            
-          command:
-            - /bin/sh
-            - -c
-            - |
-              mkdir -p /bitnami/postgresql/data
-              chmod 700 /bitnami/postgresql/data
-              find /bitnami/postgresql -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
-                xargs chown -R 1001:1001
-              chmod -R 777 /dev/shm
-          securityContext:
-            runAsUser: 0
-          volumeMounts:
-            - name: data
-              mountPath: /bitnami/postgresql
-              subPath: 
-            - name: dshm
-              mountPath: /dev/shm
       containers:
         - name: gitlab-prod-postgresql-postgresql
           image: docker.io/bitnami/postgresql:11.7.0-debian-10-r9
@@ -12132,7 +11180,7 @@
             - name: POSTGRESQL_ENABLE_LDAP
               value: "no"
           ports:
-            - name: postgresql
+            - name: tcp-postgresql
               containerPort: 5432
           livenessProbe:
             exec:
@@ -12152,8 +11200,8 @@
                 - -c
                 - -e
                 - |
-                  pg_isready -U "gitlab" -d "gitlab_production" -h 127.0.0.1 -p 5432
-                  [ -f /opt/bitnami/postgresql/tmp/.initialized ]
+                  exec pg_isready -U "gitlab" -d "gitlab_production" -h 127.0.0.1 -p 5432
+                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
             initialDelaySeconds: 5
             periodSeconds: 10
             timeoutSeconds: 5
@@ -12170,7 +11218,7 @@
               mountPath: /bitnami/postgresql
               subPath: 
         - name: metrics
-          image: docker.io/bitnami/postgres-exporter:0.7.0-debian-9-r12
+          image: docker.io/bitnami/postgres-exporter:0.8.0-debian-10-r99
           imagePullPolicy: "IfNotPresent"
           env:
             - name: DATA_SOURCE_URI
@@ -12182,7 +11230,7 @@
           livenessProbe:
             httpGet:
               path: /
-              port: metrics
+              port: http-metrics
             initialDelaySeconds: 5
             periodSeconds: 10
             timeoutSeconds: 5
@@ -12191,7 +11239,7 @@
           readinessProbe:
             httpGet:
               path: /
-              port: metrics
+              port: http-metrics
             initialDelaySeconds: 5
             periodSeconds: 10
             timeoutSeconds: 5
@@ -12201,7 +11249,7 @@
             - name: postgresql-password
               mountPath: /opt/bitnami/postgresql/secrets/
           ports:
-            - name: metrics
+            - name: http-metrics
               containerPort: 9187
       volumes:
         - name: postgresql-password
@@ -12429,7 +11477,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: gitlab-prod-shared-secrets.0-l9l
+  name: gitlab-prod-shared-secrets.0-q7c
   namespace: default
   labels:
     app: shared-secrets
@@ -13015,7 +12063,7 @@
   namespace: default
   labels:
     app: gitlab-grafana
-    chart: gitlab-grafana-3.3.3
+    chart: gitlab-grafana-4.0.0
     release: gitlab-prod
     heritage: Tiller
     
@@ -13040,45 +12088,8 @@
   tls:
     - hosts:
       - gitlab.freedesktop.org
-      secretName: gitlab-prod-gitlab-tls
+      secretName: gitlab-tls
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/ingress.yaml
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: gitlab-prod-unicorn
-  namespace: default
-  labels:
-    app: unicorn
-    chart: unicorn-3.3.3
-    release: gitlab-prod
-    heritage: Tiller
-    
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    kubernetes.io/ingress.provider: nginx
-    nginx.ingress.kubernetes.io/proxy-body-size: "512m"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "15"
-    certmanager.k8s.io/issuer: "gitlab-prod-issuer"
-spec:
-  rules:
-    - host: gitlab.freedesktop.org
-      http:
-        paths:
-          - path: /
-            backend:
-              serviceName: gitlab-prod-unicorn
-              servicePort: 8181
-          - path: /admin/sidekiq
-            backend:
-              serviceName: gitlab-prod-unicorn
-              servicePort: 8080
-  tls:
-    - hosts:
-      - gitlab.freedesktop.org
-      secretName: gitlab-prod-gitlab-tls
----
 # Source: helm-gitlab-omnibus/charts/freedesktop/templates/epoch.yaml
 # Used to keep helm-gitlab-omnibus + helm-gitlab-config + helm-gitlab-secrets
 # in sync with each other during breaking changes
@@ -13236,10 +12247,39 @@
 
 
 ---
-# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/unicorn/templates/pause_job.yaml
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml
 
 
 ---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/hpa.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/ingress.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/pause_job.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/pdb.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/service.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/tests/test-runner.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/tests/tests.yaml
+
+
+---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/grafana/templates/dashboards-json-configmap.yaml
 
 
@@ -13368,14 +12408,27 @@
 
 
 ---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/podsecuritypolicy.yaml
+
+
+---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/prometheusrule.yaml
 
 
 ---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/role.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/rolebinding.yaml
+
+
+---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/secrets.yaml
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/serviceaccount.yaml
+
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/postgresql/templates/servicemonitor.yaml

Merge request reports

Loading