WIP: A new version of gitlab (15.0.2) is available
current diff:
--- current-deployment.yaml
+++ future-deployment.yaml
@@ -7,7 +7,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-6.11.8
+ chart: gitaly-6.0.2
release: gitlab-test
heritage: Helm
@@ -28,7 +28,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
@@ -47,7 +47,7 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
@@ -66,7 +66,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-6.11.8
+ chart: praefect-6.0.2
release: gitlab-test
heritage: Helm
@@ -85,7 +85,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-6.11.8
+ chart: sidekiq-6.0.2
release: gitlab-test
heritage: Helm
@@ -106,7 +106,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
gitlab.com/webservice-name: default
@@ -267,6 +267,25 @@
namespace: gitlab
automountServiceAccountToken: true
---
+# Source: gitlab/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: nginx-ingress
+ chart: nginx-ingress-4.0.6
+ release: gitlab-test
+ heritage: Helm
+
+ component: "controller"
+ helm.sh/chart: nginx-ingress-4.0.6
+ app.kubernetes.io/version: "1.0.4"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-backend
+ namespace: gitlab
+automountServiceAccountToken: true
+---
# Source: gitlab/charts/prometheus/templates/node-exporter/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
@@ -275,7 +294,7 @@
component: "node-exporter"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-node-exporter
namespace: gitlab
@@ -290,7 +309,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
namespace: gitlab
@@ -350,7 +369,7 @@
- selector: {}
http01:
ingress:
- class: nginx
+ class: "nginx"
---
# Source: gitlab/charts/gitlab/charts/gitaly/templates/configmap-with-praefect.yml
apiVersion: v1
@@ -360,7 +379,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-6.11.8
+ chart: gitaly-6.0.2
release: gitlab-test
heritage: Helm
@@ -404,11 +423,11 @@
[git]
use_bundled_binaries = true
- ignore_gitconfig = true
[gitaly-ruby]
# The directory where gitaly-ruby is installed
dir = "/srv/gitaly-ruby"
+ rugged_git_config_search_path = "/usr/local/etc"
[gitlab-shell]
# The directory where gitlab-shell is installed
@@ -426,6 +445,7 @@
# password = somepass
# ca_file = /etc/ssl/cert.pem
# ca_path = /etc/pki/tls/certs
+ self_signed_cert = false
[hooks]
# directory containing custom hooks
@@ -439,7 +459,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-6.11.8
+ chart: gitlab-exporter-6.0.2
release: gitlab-test
heritage: Helm
@@ -449,7 +469,6 @@
name: webrick
listen_address: 0.0.0.0
listen_port: 9168
-
probes:
db_common: &db_common
@@ -505,18 +524,21 @@
<<: *db_common
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # optional
- for secret in redis postgres gitlab-exporter ; do
+
+ for secret in ; do
+ mkdir -p "${secret_dir}/${secret}"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ done
+ for secret in redis postgres ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
- # END gitlab.scripts.configure.secrets
+
# Leave this here - This line denotes end of block to the parser.
---
# Source: gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
@@ -527,22 +549,26 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
data:
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # required
+
for secret in shell ; do
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- # END gitlab.scripts.configure.secrets
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom ; do
+ if [ -e "${config_dir}/${secret}" ]; then
+ mkdir -p "${secret_dir}/${secret}"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ fi
+ done
mkdir -p /${secret_dir}/ssh
cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/
chmod 0400 /${secret_dir}/ssh/ssh_host_*
@@ -555,6 +581,9 @@
secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret
+ http_settings:
+ self_signed_cert: false
+
# File used as authorized_keys for gitlab user
auth_file: "/home/git/.ssh/authorized_keys"
@@ -580,61 +609,14 @@
concurrent_sessions_limit: 100
# PROXY protocol support for correct IP address detection
proxy_protocol: false
- # PROXY protocol policy ("use", "require", "reject", "ignore"), "use" is the default value
proxy_policy: use
- # The maximum duration to wait for the PROXY protocol header. Defaults to 500ms
- proxy_header_timeout: 500ms
- # The server waits for this time (in seconds) for the ongoing connections to complete before shutting down
- # The period is 5 seconds smaller than the Kubernetes termination period in order to allow gitlab-sshd exit gracefully
- grace_period: 25
- # Sets an interval after which server will send keepalive message to a client
- client_alive_interval: 0
- # The ciphers allowed
- ciphers:
- - aes128-gcm@openssh.com
- - chacha20-poly1305@openssh.com
- - aes256-gcm@openssh.com
- - aes128-ctr
- - aes192-ctr
- - aes256-ctr
- # The key exchange (KEX) algorithms allowed
- kex_algorithms:
- - curve25519-sha256
- - curve25519-sha256@libssh.org
- - ecdh-sha2-nistp256
- - ecdh-sha2-nistp384
- - ecdh-sha2-nistp521
- - diffie-hellman-group14-sha256
- - diffie-hellman-group14-sha1
- # The message authentication code (MAC) algorithms allowed
- macs:
- - hmac-sha2-256-etm@openssh.com
- - hmac-sha2-512-etm@openssh.com
- - hmac-sha2-256
- - hmac-sha2-512
- - hmac-sha1
- # The server disconnects after this time if the user has not successfully logged in
- login_grace_time: 60
# SSH host key files.
- # - Walking {% env.Getenv "KEYS_DIRECTORY" "/etc/ssh" %} for keys.
host_key_files:
- {%- range file.Walk ( env.Getenv "KEYS_DIRECTORY" "/etc/ssh" ) %}
- {%- if filepath.Base . | filepath.Match "ssh_host_*_key" %}
+ {%- range file.Walk "/etc/ssh" %}
+ {%- if filepath.Match "/etc/ssh/ssh_host_*_key" . %}
- {%.%}
{%- end %}
{%- end %}
- # GSSAPI-related settings
- gssapi:
- # Enable the gssapi-with-mic authentication method. Defaults to false.
- enabled: false
- # Library path for gssapi shared library - defaults to libgssapi_krb5.so.2
- libpath: libgssapi_krb5.so.2
- # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab).
- keytab: "/etc/krb5.keytab"
- # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file.
- service_principal_name:
- krb5.conf: |
-
# Leave this here - This line denotes end of block to the parser.
---
# Source: gitlab/charts/gitlab/charts/gitlab-shell/templates/nginx-tcp-configmap.yml
@@ -645,7 +627,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
@@ -660,7 +642,7 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
@@ -682,14 +664,9 @@
gitlab:
address: http://gitlab-test-webservice-default.gitlab.svc:8181
authentication_secret_file: /etc/kas/.gitlab_kas_secret
- external_url: https://gitlab.test.freedesktop.org
observability:
listen:
address: :8151
- liveness_probe:
- url_path: /liveness
- readiness_probe:
- url_path: /readiness
private_api:
listen:
address: :8155
@@ -707,7 +684,7 @@
namespace: gitlab
labels:
app: migrations
- chart: migrations-6.11.8
+ chart: migrations-6.0.2
release: gitlab-test
heritage: Helm
@@ -745,7 +722,6 @@
-
cable.yml.erb: |
production:
url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-test-redis-master.gitlab.svc:6379
@@ -755,9 +731,6 @@
-
-
-
gitlab.yml.erb: |
production: &base
gitlab:
@@ -780,25 +753,23 @@
sidekiq:
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # required
+
for secret in rails-secrets migrations gitaly ; do
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- # optional
- for secret in redis minio objectstorage postgres ldap duo omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
- # END gitlab.scripts.configure.secrets
+
# Leave this here - This line denotes end of block to the parser.
---
# Source: gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml
@@ -809,7 +780,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-6.11.8
+ chart: praefect-6.0.2
release: gitlab-test
heritage: Helm
@@ -832,6 +803,7 @@
[failover]
enabled = true
+ election_strategy = 'sql'
read_only_after_failover = true
[auth]
@@ -872,7 +844,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-6.11.8
+ chart: sidekiq-6.0.2
release: gitlab-test
heritage: Helm
@@ -901,8 +873,6 @@
database_tasks: true
- krb5.conf: |
-
smtp_settings.rb: |
resque.yml.erb: |
@@ -913,7 +883,6 @@
-
cable.yml.erb: |
production:
url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-test-redis-master.gitlab.svc:6379
@@ -923,9 +892,6 @@
-
-
-
gitlab.yml.erb: |
production: &base
gitlab:
@@ -1089,23 +1055,6 @@
external_providers: []
kerberos:
enabled: false
- keytab: /etc/krb5.keytab
- use_dedicated_port: false
- port: 8443
- https: true
- simple_ldap_linking_allowed_realms: []
-
- duo_auth:
- enabled: false
- hostname:
- integration_key:
- secret_key:
-
- duo_auth:
- enabled: false
- hostname:
- integration_key:
- secret_key:
shared:
gitaly:
client_path: /home/git/gitaly/bin
@@ -1128,14 +1077,11 @@
secret_file: /etc/gitlab/kas/.gitlab_kas_secret
external_url: "wss://kas.test.freedesktop.org"
internal_url: "grpc://gitlab-test-kas.gitlab.svc:8153"
- suggested_reviewers:
- secret_file: /etc/gitlab/suggested_reviewers/.gitlab_suggested_reviewers_secret
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
upload_pack: true
receive_pack: true
- ssh_port: 22
workhorse:
git:
bin_path: /usr/bin/git
@@ -1147,31 +1093,28 @@
enabled: true
address: 0.0.0.0
port: 3807
- log_enabled: false
sidekiq_health_checks:
enabled: true
address: 0.0.0.0
port: 3808
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # required
+
for secret in gitaly registry rails-secrets ; do
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- # optional
- for secret in redis minio objectstorage postgres ldap duo omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
- # END gitlab.scripts.configure.secrets
+
# Leave this here - This line denotes end of block to the parser.
---
# Source: gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml
@@ -1182,7 +1125,7 @@
namespace: gitlab
labels:
app: toolbox
- chart: toolbox-6.11.8
+ chart: toolbox-6.0.2
release: gitlab-test
heritage: Helm
@@ -1209,8 +1152,6 @@
database_tasks: true
- krb5.conf: |
-
smtp_settings.rb: |
resque.yml.erb: |
@@ -1221,7 +1162,6 @@
-
cable.yml.erb: |
production:
url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-test-redis-master.gitlab.svc:6379
@@ -1231,9 +1171,6 @@
-
-
-
gitlab.yml.erb: |
production: &base
gitlab:
@@ -1381,17 +1318,6 @@
external_providers: []
kerberos:
enabled: false
- keytab: /etc/krb5.keytab
- use_dedicated_port: false
- port: 8443
- https: true
- simple_ldap_linking_allowed_realms: []
-
- duo_auth:
- enabled: false
- hostname:
- integration_key:
- secret_key:
shared:
gitaly:
client_path: /home/git/gitaly/bin
@@ -1414,14 +1340,11 @@
secret_file: /etc/gitlab/kas/.gitlab_kas_secret
external_url: "wss://kas.test.freedesktop.org"
internal_url: "grpc://gitlab-test-kas.gitlab.svc:8153"
- suggested_reviewers:
- secret_file: /etc/gitlab/suggested_reviewers/.gitlab_suggested_reviewers_secret
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
upload_pack: true
receive_pack: true
- ssh_port: 22
secret_file: /etc/gitlab/shell/.gitlab_shell_secret
workhorse:
git:
@@ -1433,25 +1356,23 @@
sidekiq_exporter:
extra:
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # required
+
for secret in shell gitaly registry rails-secrets ; do
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- # optional
- for secret in redis minio objectstorage postgres ldap duo omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
- # END gitlab.scripts.configure.secrets
+
configure-gsutil: |
# The following script is used to configure gsutil when creating backups
# It provides inputs to the `gsutil config -e` prompt as follows:
@@ -1469,7 +1390,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
@@ -1498,8 +1419,6 @@
database_tasks: true
- krb5.conf: |
-
smtp_settings.rb: |
resque.yml.erb: |
@@ -1510,7 +1429,6 @@
-
cable.yml.erb: |
production:
url: redis://:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/redis-password").strip) %>@gitlab-test-redis-master.gitlab.svc:6379
@@ -1520,9 +1438,6 @@
-
-
-
gitlab.yml.erb: |
production: &base
gitlab:
@@ -1633,9 +1548,6 @@
dsn:
clientside_dsn:
environment:
- gitlab_docs:
- enabled: false
- host: ""
sidekiq:
pages:
@@ -1680,17 +1592,6 @@
external_providers: []
kerberos:
enabled: false
- keytab: /etc/krb5.keytab
- use_dedicated_port: false
- port: 8443
- https: true
- simple_ldap_linking_allowed_realms: []
-
- duo_auth:
- enabled: false
- hostname:
- integration_key:
- secret_key:
shared:
gitaly:
client_path: /home/git/gitaly/bin
@@ -1713,8 +1614,6 @@
secret_file: /etc/gitlab/kas/.gitlab_kas_secret
external_url: "wss://kas.test.freedesktop.org"
internal_url: "grpc://gitlab-test-kas.gitlab.svc:8153"
- suggested_reviewers:
- secret_file: /etc/gitlab/suggested_reviewers/.gitlab_suggested_reviewers_secret
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
@@ -1755,23 +1654,20 @@
san_extensions: false
required_for_git_access: false
configure: |
- # BEGIN gitlab.scripts.configure.secrets
set -e
config_dir="/init-config"
secret_dir="/init-secrets"
- # required
+
for secret in shell gitaly registry rails-secrets gitlab-workhorse ; do
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- # optional
- for secret in redis minio objectstorage postgres ldap duo omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
- cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
+ cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
- # END gitlab.scripts.configure.secrets
---
# Source: gitlab/charts/gitlab/charts/webservice/templates/configmap.yml
apiVersion: v1
@@ -1781,7 +1677,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
@@ -1793,44 +1689,47 @@
[redis]
URL = "redis://gitlab-test-redis-master.gitlab.svc:6379"
Password = {% file.Read "/etc/gitlab/redis/redis-password" | strings.TrimSpace | data.ToJSON %}
- {%- $supported_providers := slice "AWS" "AzureRM" "Google" -%}
- {%- $connection := coll.Dict "provider" "" -%}
+ {%- $supported_providers := slice "AWS" "AzureRM" -%}
+ {%- $provider := "" -%}
+ {%- $aws_access_key_id := "" -%}
+ {%- $aws_secret_access_key := "" -%}
+ {%- $azure_storage_account_name := "" -%}
+ {%- $azure_storage_access_key := "" -%}
{%- if file.Exists "/etc/gitlab/minio/accesskey" %}
- {%- $aws_access_key_id := file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%}
- {%- $aws_secret_access_key := file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%}
- {%- $connection = coll.Dict "provider" "AWS" "aws_access_key_id" $aws_access_key_id "aws_secret_access_key" $aws_secret_access_key -%}
+ {%- $provider = "AWS" -%}
+ {%- $aws_access_key_id = file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%}
+ {%- $aws_secret_access_key = file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%}
{%- end %}
{%- if file.Exists "/etc/gitlab/objectstorage/object_store" %}
- {%- $connection = file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%}
+ {%- $connection := file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%}
+ {%- $provider = $connection.provider -%}
+ {%- if has $connection "aws_access_key_id" -%}
+ {%- $aws_access_key_id = $connection.aws_access_key_id -%}
+ {%- $aws_secret_access_key = $connection.aws_secret_access_key -%}
+ {%- else if has $connection "azure_storage_account_name" -%}
+ {%- $azure_storage_account_name = $connection.azure_storage_account_name -%}
+ {%- $azure_storage_access_key = $connection.azure_storage_access_key -%}
+ {%- end -%}
{%- end %}
- {%- if has $supported_providers $connection.provider %}
+ {%- if has $supported_providers $provider %}
[object_storage]
- provider = "{% $connection.provider %}"
- {%- if eq $connection.provider "AWS" %}
- {%- $connection = coll.Merge $connection (coll.Dict "aws_access_key_id" "" "aws_secret_access_key" "" ) %}
+ provider = "{% $provider %}"
+ {%- if eq $provider "AWS" %}
# AWS / S3 object storage configuration.
[object_storage.s3]
# access/secret can be blank!
- aws_access_key_id = {% $connection.aws_access_key_id | strings.TrimSpace | data.ToJSON %}
- aws_secret_access_key = {% $connection.aws_secret_access_key | strings.TrimSpace | data.ToJSON %}
- {%- else if eq $connection.provider "AzureRM" %}
- {%- $connection = coll.Merge $connection (coll.Dict "azure_storage_account_name" "" "azure_storage_account_name" "" ) %}
+ aws_access_key_id = "{% $aws_access_key_id %}"
+ aws_secret_access_key = "{% $aws_secret_access_key %}"
+ {%- else if eq $provider "AzureRM" %}
# Azure Blob storage configuration.
[object_storage.azurerm]
- azure_storage_account_name = {% $connection.azure_storage_account_name | strings.TrimSpace | data.ToJSON %}
- azure_storage_access_key = {% $connection.azure_storage_access_key | strings.TrimSpace | data.ToJSON %}
- {%- else if eq $connection.provider "Google" %}
- # Google storage configuration.
- [object_storage.google]
- {% $connection | coll.Omit "provider" | data.ToTOML %}
+ azure_storage_account_name = "{% $azure_storage_account_name %}"
+ azure_storage_access_key = "{% $azure_storage_access_key %}"
{%- end %}
{%- end %}
[image_resizer]
max_scaler_procs = 2
max_filesize = 250000
- [[listeners]]
- network = "tcp"
- addr = "0.0.0.0:8181"
configure: |
set -e
mkdir -p /init-secrets-workhorse/gitlab-workhorse
@@ -1841,7 +1740,6 @@
mkdir -p /init-secrets-workhorse/minio
cp -v -r -L /init-config/minio/* /init-secrets-workhorse/minio/
fi
-
# Leave this here - This line denotes end of block to the parser.
---
# Source: gitlab/charts/gitlab/charts/webservice/templates/tests/tests.yaml
@@ -1850,12 +1748,6 @@
metadata:
name: gitlab-test-webservice-tests
namespace: gitlab
- labels:
- app: webservice
- chart: webservice-6.11.8
- release: gitlab-test
- heritage: Helm
-
data:
test_login: |
set -e
@@ -2149,8 +2041,6 @@
allow-snippet-annotations: "true"
add-headers: gitlab/gitlab-test-nginx-ingress-custom-add-headers
- annotation-value-word-blocklist: "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\""
-
hsts: "true"
hsts-include-subdomains: "false"
@@ -2195,12 +2085,11 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
namespace: gitlab
data:
- allow-snippet-annotations: "false"
alerting_rules.yml: |
{}
alerts: |
@@ -2244,11 +2133,6 @@
source_labels:
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape
- action: replace
- regex: (https?)
- source_labels:
- - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scheme
- target_label: __scheme__
- - action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_path
@@ -2558,11 +2442,7 @@
if [ -f /config/database_password ] ; then
sed -i -e 's@DB_PASSWORD_FILE@'"$(cat /config/database_password)"'@' /registry/config.yml
fi
- # Insert Redis password, if enabled
- if [ -f /config/registry/redis-password ] ; then
- sed -i -e 's@REDIS_CACHE_PASSWORD@'"$(cat /config/registry/redis-password)"'@' /registry/config.yml
- fi
- # Insert import notification secret, if migration is enabled
+ # Insert import notification secret, if migration is enabled
if [ -f /config/registry/notificationSecret ] ; then
sed -i -e 's@NOTIFICATION_SECRET@'"$(cat /config/registry/notificationSecret | tr -d '[]"')"'@' /registry/config.yml
fi
@@ -2572,12 +2452,6 @@
chmod 700 /registry/ssl
chmod 600 /registry/ssl/*.pem
fi
- # Copy TLS certificates if present
- if [ -d /config/tls ]; then
- cp -r /config/tls/ /registry/tls
- chmod 700 /registry/tls
- chmod 600 /registry/tls/*
- fi
config.yml: |
version: 0.1
log:
@@ -2585,17 +2459,15 @@
service: registry
level: info
http:
- addr: :5000
- # `host` is not configurable
- # `prefix` is not configurable
debug:
- addr: :5001
+ addr: ':5001'
prometheus:
enabled: false
path: /metrics
draintimeout: 0
headers:
X-Content-Type-Options: [nosniff]
+ addr: :5000
secret: "HTTP_SECRET"
relativeurls: false
health:
@@ -2664,13 +2536,10 @@
disabled: false
migration:
enabled: true
+ testslowimport: 0s
rootdirectory: gitlab
importtimeout: 5m
preimporttimeout: 1h
- redis:
- cache:
- enabled: false
- addr: "gitlab-test-redis-master.gitlab.svc:6379"
# minimal configuration, in order to do database migrations
migrations-config.yml: |
@@ -2697,13 +2566,13 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
data:
- gitlabVersion: "v15.11.8"
- gitlabChartVersion: "6.11.8"
+ gitlabVersion: "15.0.2"
+ gitlabChartVersion: "6.0.2"
---
# Source: gitlab/templates/initdb-configmap.yaml
apiVersion: v1
@@ -2713,7 +2582,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -2757,7 +2626,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
namespace: gitlab
@@ -19297,7 +19166,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
rules:
@@ -19584,7 +19453,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
subjects:
@@ -19970,7 +19839,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-6.11.8
+ chart: gitaly-6.0.2
release: gitlab-test
heritage: Helm
@@ -19983,9 +19852,7 @@
clusterIP: "None"
ports:
- port: 8075
- # This port is NOT prefixed with `grpc` due to
- # https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3822
- name: tcp-gitaly
+ name: gitaly
targetPort: grpc-gitaly
- port: 9236
name: http-metrics
@@ -20003,7 +19870,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-6.11.8
+ chart: gitlab-exporter-6.0.2
release: gitlab-test
heritage: Helm
@@ -20029,7 +19896,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
@@ -20055,7 +19922,7 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
@@ -20068,15 +19935,15 @@
- port: 8150
targetPort: 8150
protocol: TCP
- name: grpc-kas-external-api
+ name: tcp-kas-external-api
- port: 8153
targetPort: 8153
protocol: TCP
- name: grpc-kas-internal-api
+ name: tcp-kas-internal-api
- port: 8154
targetPort: 8154
protocol: TCP
- name: grpc-kas-k8s-api
+ name: tcp-kas-k8s-api
- port: 8151
targetPort: http-metrics
protocol: TCP
@@ -20093,7 +19960,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-6.11.8
+ chart: praefect-6.0.2
release: gitlab-test
heritage: Helm
@@ -20108,7 +19975,7 @@
type: ClusterIP
clusterIP: None
ports:
- - name: grpc-praefect
+ - name: praefect
port: 8075
protocol: TCP
targetPort: 8075
@@ -20128,7 +19995,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
@@ -20178,7 +20045,7 @@
release: gitlab-test
component: app
ports:
- - name: http
+ - name: service
port: 9000
targetPort: 9000
protocol: TCP
@@ -20246,10 +20113,12 @@
port: 80
protocol: TCP
targetPort: http
+ appProtocol: http
- name: https
port: 443
protocol: TCP
targetPort: https
+ appProtocol: https
- name: gitlab-shell
port: 22
protocol: TCP
@@ -20259,6 +20128,36 @@
release: gitlab-test
component: "controller"
---
+# Source: gitlab/charts/nginx-ingress/templates/default-backend-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: nginx-ingress
+ chart: nginx-ingress-4.0.6
+ release: gitlab-test
+ heritage: Helm
+
+ component: "defaultbackend"
+ helm.sh/chart: nginx-ingress-4.0.6
+ app.kubernetes.io/version: "1.0.4"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-defaultbackend
+ namespace: gitlab
+spec:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ appProtocol: http
+ selector:
+ app: nginx-ingress
+ release: gitlab-test
+ component: "defaultbackend"
+---
# Source: gitlab/charts/postgresql/templates/metrics-svc.yaml
apiVersion: v1
kind: Service
@@ -20270,8 +20169,6 @@
release: "gitlab-test"
heritage: "Helm"
annotations:
- gitlab.com/prometheus_port: "9187"
- gitlab.com/prometheus_scrape: "true"
prometheus.io/port: "9187"
prometheus.io/scrape: "true"
spec:
@@ -20338,11 +20235,12 @@
component: "node-exporter"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-node-exporter
namespace: gitlab
spec:
+ clusterIP: None
ports:
- name: metrics
port: 9100
@@ -20362,7 +20260,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
namespace: gitlab
@@ -20467,7 +20365,7 @@
- port: 5000
targetPort: http
protocol: TCP
- name: http-registry
+ name: registry
selector:
app: registry
release: gitlab-test
@@ -20480,7 +20378,7 @@
component: "node-exporter"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-node-exporter
namespace: gitlab
@@ -20498,13 +20396,13 @@
component: "node-exporter"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
spec:
serviceAccountName: gitlab-test-prometheus-node-exporter
containers:
- name: prometheus-node-exporter
- image: "quay.io/prometheus/node-exporter:v1.3.1"
+ image: "quay.io/prometheus/node-exporter:v1.3.0"
imagePullPolicy: "IfNotPresent"
args:
- --path.procfs=/host/proc
@@ -20517,8 +20415,6 @@
hostPort: 9100
resources:
{}
- securityContext:
- allowPrivilegeEscalation: false
volumeMounts:
- name: proc
mountPath: /host/proc
@@ -20741,7 +20637,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-6.11.8
+ chart: gitlab-exporter-6.0.2
release: gitlab-test
heritage: Helm
@@ -20758,13 +20654,13 @@
metadata:
labels:
app: gitlab-exporter
- chart: gitlab-exporter-6.11.8
+ chart: gitlab-exporter-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: e203a42391fb654ecfff3bcf6c4e78e376739124e6e39c65492e7c3c9eab9570
+ checksum/config: 1ed18b29b372ced792b7c4c7dede9f830c91e39d752176f5fcedcb049b60cc74
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: "9168"
gitlab.com/prometheus_path: /metrics
@@ -20773,7 +20669,6 @@
prometheus.io/path: /metrics
spec:
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -20789,11 +20684,10 @@
release: gitlab-test
automountServiceAccountToken: false
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
- name: MALLOC_CONF
@@ -20809,15 +20703,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
- name: MALLOC_CONF
@@ -20847,9 +20738,7 @@
containers:
- name: gitlab-exporter
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:12.1.1"
- securityContext:
- runAsUser: 1000
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:11.15.0"
env:
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab-exporter/templates'
@@ -20879,9 +20768,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
livenessProbe:
exec:
command:
@@ -20923,8 +20809,6 @@
items:
- key: "secret"
path: redis/redis-password
-
-
- name: gitlab-exporter-secrets
emptyDir:
medium: "Memory"
@@ -20932,9 +20816,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml
apiVersion: apps/v1
@@ -20944,7 +20825,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
@@ -20960,21 +20841,20 @@
metadata:
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: ba4308ec4ff836dba12eb98dcc4479ffd66cfb38cdee3c650e9e04569f572086
+ checksum/config: 2a69b24d97e8c68bf63ed07cda6ed20343e28e5b0676eaa463cabe33336194aa
checksum/config-sshd: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -20982,15 +20862,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
@@ -21008,7 +20885,6 @@
resources:
requests:
cpu: 50m
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -21027,9 +20903,7 @@
containers:
- name: gitlab-shell
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v14.18.0"
- securityContext:
- runAsUser: 1000
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v14.3.0"
ports:
- containerPort: 2222
name: ssh
@@ -21052,17 +20926,10 @@
- name: shell-secrets
mountPath: '/etc/gitlab-secrets'
readOnly: true
- - name: shell-config
- mountPath: '/etc/krb5.conf'
- subPath: krb5.conf
- readOnly: true
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
livenessProbe:
httpGet:
port: 9122
@@ -21085,7 +20952,6 @@
requests:
cpu: 0
memory: 6M
- terminationGracePeriodSeconds: 30
volumes:
- name: shell-config
@@ -21110,9 +20976,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/kas/templates/deployment.yaml
apiVersion: apps/v1
@@ -21122,7 +20985,7 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
@@ -21138,13 +21001,12 @@
metadata:
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: 3351eb36c8812382695c99a3fcefda7f3f8b7fb1689d1d7a8872e6b0dd113ad6
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: "8151"
@@ -21154,7 +21016,6 @@
prometheus.io/path: /metrics
spec:
- automountServiceAccountToken: false
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@@ -21166,15 +21027,13 @@
app: kas
release: gitlab-test
-
securityContext:
runAsUser: 65532
runAsGroup: 65532
fsGroup: 65532
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -21182,29 +21041,22 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
containers:
- name: kas
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-kas:v15.11.0"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-kas:v15.0.0"
args:
- "--configuration-file=/etc/kas/config.yaml"
env:
- - name: OWN_PRIVATE_API_HOST
- value: gitlab-test-kas.gitlab.svc
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: OWN_PRIVATE_API_URL
value: "grpc://$(POD_IP):8155"
-
-
ports:
- containerPort: 8150
name: kas
@@ -21215,15 +21067,13 @@
- containerPort: 8151
name: http-metrics
readinessProbe:
- httpGet:
- path: /readiness
- port: 8151
+ tcpSocket:
+ port: 8150
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
- httpGet:
- path: /liveness
- port: 8151
+ tcpSocket:
+ port: 8150
initialDelaySeconds: 15
periodSeconds: 20
resources:
@@ -21238,19 +21088,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
- terminationGracePeriodSeconds: 300
volumes:
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
- name: init-etc-kas
projected:
defaultMode: 0440
@@ -21283,7 +21126,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-6.11.8
+ chart: sidekiq-6.0.2
release: gitlab-test
heritage: Helm
@@ -21301,14 +21144,14 @@
metadata:
labels:
app: sidekiq
- chart: sidekiq-6.11.8
+ chart: sidekiq-6.0.2
release: gitlab-test
heritage: Helm
queue-pod-name: native-chart
annotations:
- checksum/configmap: 2d021c072f559d40db8f42a74e412b0f814e67ef20093b04b6eb9383dbe28f5e
+ checksum/configmap: e543bed925d37221151b19d6d2f3b86a828421a1a8122656ddef849dfba660a7
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
@@ -21319,8 +21162,6 @@
prometheus.io/port: "3807"
prometheus.io/path: /metrics
spec:
-
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -21340,7 +21181,7 @@
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -21348,15 +21189,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
@@ -21378,7 +21216,7 @@
requests:
cpu: 50m
- name: dependencies
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v15.11.8"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v15.0.2"
args:
- /scripts/wait-for-deps
env:
@@ -21389,7 +21227,7 @@
- name: CONFIG_DIRECTORY
value: '/srv/gitlab/config'
- name: SIDEKIQ_CONCURRENCY
- value: "20"
+ value: "25"
- name: SIDEKIQ_TIMEOUT
value: "25"
- name: ENABLE_BOOTSNAP
@@ -21402,9 +21240,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
- name: sidekiq-config
mountPath: '/var/opt/gitlab/templates'
readOnly: true
@@ -21421,9 +21256,7 @@
containers:
- name: sidekiq
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v15.11.8"
- securityContext:
- runAsUser: 1000
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v15.0.2"
env:
- name: prometheus_multiproc_dir
value: /metrics
@@ -21436,7 +21269,7 @@
- name: SIDEKIQ_QUEUE_SELECTOR
value: ""
- name: SIDEKIQ_CONCURRENCY
- value: "20"
+ value: "25"
- name: SIDEKIQ_TIMEOUT
value: "25"
- name: SIDEKIQ_QUEUES
@@ -21457,7 +21290,6 @@
value: "1"
-
ports:
- containerPort: 3807
name: http-metrics
@@ -21476,10 +21308,6 @@
mountPath: /srv/gitlab/config/secrets.yml
subPath: rails-secrets/secrets.yml
- name: sidekiq-config
- mountPath: '/etc/krb5.conf'
- subPath: krb5.conf
-
- - name: sidekiq-config
mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb'
subPath: smtp_settings.rb
- name: sidekiq-config
@@ -21488,9 +21316,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
livenessProbe:
httpGet:
path: /liveness
@@ -21522,7 +21347,6 @@
-
- name: sidekiq-metrics
emptyDir:
medium: "Memory"
@@ -21584,12 +21408,6 @@
items:
- key: "kas_shared_secret"
path: kas/.gitlab_kas_secret
- # mount secret for suggested reviewers
- - secret:
- name: "gitlab-test-gitlab-suggested-reviewers"
- items:
- - key: "suggested_reviewers_secret"
- path: suggested_reviewers/.gitlab_suggested_reviewers_secret
# mount secret for minio
- secret:
name: "gitlab-test-minio-secret"
@@ -21610,8 +21428,6 @@
# mount secret for pages
# mount secrets for LDAP
-
- # mount secrets for microsoftGraphMailer
- name: sidekiq-secrets
emptyDir:
medium: "Memory"
@@ -21619,9 +21435,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml
apiVersion: apps/v1
@@ -21631,7 +21444,7 @@
namespace: gitlab
labels:
app: toolbox
- chart: toolbox-6.11.8
+ chart: toolbox-6.0.2
release: gitlab-test
heritage: Helm
@@ -21650,25 +21463,23 @@
metadata:
labels:
app: toolbox
- chart: toolbox-6.11.8
+ chart: toolbox-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: 3de1246558049e6b50624a2a5aa001f0f5944a6eb9054a9395b4bb29791fd339
+ checksum/config: 0e55e5071f00527169dd3b966293e1243e52a7c3a2bef1cd1299adbd5258d6a9
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
-
securityContext:
runAsUser: 1000
fsGroup: 1000
automountServiceAccountToken: false
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -21676,15 +21487,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
@@ -21721,9 +21529,7 @@
- /bin/bash
- -c
- sh /var/opt/gitlab/templates/configure-gsutil && while sleep 3600; do :; done
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v15.11.8"
- securityContext:
- runAsUser: 1000
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v15.0.2"
env:
- name: ARTIFACTS_BUCKET_NAME
value: gitlab-artifacts
@@ -21766,10 +21572,6 @@
- name: toolbox-config
mountPath: '/var/opt/gitlab/templates'
- name: toolbox-config
- mountPath: '/etc/krb5.conf'
- subPath: krb5.conf
-
- - name: toolbox-config
mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb'
subPath: smtp_settings.rb
- name: toolbox-secrets
@@ -21784,9 +21586,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
resources:
requests:
cpu: 50m
@@ -21795,7 +21594,6 @@
-
- name: toolbox-config
projected:
sources:
@@ -21853,6 +21651,11 @@
name: gitlab-test-freedesktop-backup-gcs-key
items:
- key: connection
+ path: objectstorage/.s3cfg
+ - secret:
+ name: gitlab-test-freedesktop-backup-gcs-key
+ items:
+ - key: connection
path: objectstorage/connection
- secret:
@@ -21866,12 +21669,6 @@
items:
- key: "kas_shared_secret"
path: kas/.gitlab_kas_secret
- # mount secret for suggested reviewers
- - secret:
- name: "gitlab-test-gitlab-suggested-reviewers"
- items:
- - key: "suggested_reviewers_secret"
- path: suggested_reviewers/.gitlab_suggested_reviewers_secret
# mount secret for minio
- secret:
name: "gitlab-test-minio-secret"
@@ -21892,8 +21689,6 @@
# mount secret for pages
# mount secrets for LDAP
-
- # mount secrets for microsoftGraphMailer
- name: toolbox-secrets
emptyDir:
medium: "Memory"
@@ -21901,9 +21696,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml
apiVersion: apps/v1
@@ -21913,7 +21705,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
gitlab.com/webservice-name: default
@@ -21934,7 +21726,7 @@
metadata:
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
gitlab.com/webservice-name: default
@@ -21942,7 +21734,7 @@
annotations:
- checksum/config: 7b6e092381609b3d3ce1eeba6308803606ed86413c47228cb23112c38407f3ee
+ checksum/config: 8f2b20cedc00f4a7bfdc697a547950fee283d280b78ae6027a0c0b610f962100
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
@@ -21954,8 +21746,6 @@
prometheus.io/path: /metrics
spec:
-
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -21975,7 +21765,7 @@
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -21983,16 +21773,13 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh']
args: [ '-c', 'sh -x /config-webservice/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
@@ -22022,7 +21809,7 @@
requests:
cpu: 50m
- name: dependencies
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.11.8
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.0.2
args:
- /scripts/wait-for-deps
env:
@@ -22043,9 +21830,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
- name: webservice-config
mountPath: '/var/opt/gitlab/templates'
- name: webservice-secrets
@@ -22061,9 +21845,7 @@
containers:
- name: webservice
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.11.8
- securityContext:
- runAsUser: 1000
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.0.2
ports:
- containerPort: 8080
name: http-webservice
@@ -22095,9 +21877,9 @@
- name: PUMA_THREADS_MAX
value: "4"
- name: PUMA_WORKER_MAX_MEMORY
- value: ""
+ value: "1024"
- name: DISABLE_PUMA_WORKER_KILLER
- value: "true"
+ value: "false"
- name: SHUTDOWN_BLACKOUT_SECONDS
value: "10"
@@ -22117,10 +21899,6 @@
mountPath: /srv/gitlab/config/secrets.yml
subPath: rails-secrets/secrets.yml
- name: webservice-config
- mountPath: '/etc/krb5.conf'
- subPath: krb5.conf
-
- - name: webservice-config
mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb'
subPath: smtp_settings.rb
- name: webservice-config
@@ -22135,9 +21913,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
livenessProbe:
httpGet:
@@ -22166,15 +21941,13 @@
cpu: 300m
memory: 2.5G
- name: gitlab-workhorse
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v15.11.8"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v15.0.2"
ports:
- containerPort: 8181
name: http-workhorse
env:
- name: TMPDIR
value: "/tmp/gitlab"
- - name: GITLAB_WORKHORSE_AUTH_BACKEND
- value: "http://localhost:8080"
- name: GITLAB_WORKHORSE_EXTRA_ARGS
value: ""
- name: GITLAB_WORKHORSE_LISTEN_PORT
@@ -22185,8 +21958,6 @@
value: '/var/opt/gitlab/templates'
- name: CONFIG_DIRECTORY
value: '/srv/gitlab/config'
- - name: SHUTDOWN_BLACKOUT_SECONDS
- value: "10"
@@ -22205,18 +21976,7 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
-
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/bash
- - -c
- - sleep $SHUTDOWN_BLACKOUT_SECONDS
livenessProbe:
exec:
command:
@@ -22243,7 +22003,6 @@
-
- name: shared-tmp
emptyDir: {}
- name: webservice-metrics
@@ -22269,7 +22028,6 @@
items:
- key: "secret"
path: shell/.gitlab_shell_secret
- # mount secrets for microsoftGraphMailer
# mount secrets for incomingEmail
# mount secrets for serviceDeskEmail
- secret:
@@ -22321,12 +22079,6 @@
items:
- key: "kas_shared_secret"
path: kas/.gitlab_kas_secret
- # mount secret for suggested reviewers
- - secret:
- name: "gitlab-test-gitlab-suggested-reviewers"
- items:
- - key: "suggested_reviewers_secret"
- path: suggested_reviewers/.gitlab_suggested_reviewers_secret
# mount secret for minio
- secret:
name: "gitlab-test-minio-secret"
@@ -22347,7 +22099,6 @@
# mount secret for pages
# mount secrets for LDAP
-
- name: webservice-secrets
emptyDir:
medium: "Memory"
@@ -22360,9 +22111,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/minio/templates/minio_deployment.yaml
apiVersion: apps/v1
@@ -22401,11 +22149,9 @@
spec:
automountServiceAccountToken: false
-
securityContext:
runAsUser: 1000
fsGroup: 1000
-
volumes:
- name: podinfo
downwardAPI:
@@ -22503,7 +22249,7 @@
dnsPolicy: ClusterFirst
containers:
- name: controller
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/ingress-nginx/controller:v1.0.4@sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef"
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -22512,6 +22258,7 @@
- /wait-shutdown
args:
- /nginx-ingress-controller
+ - --default-backend-service=$(POD_NAMESPACE)/gitlab-test-nginx-ingress-defaultbackend
- --publish-service=$(POD_NAMESPACE)/gitlab-test-nginx-ingress-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
@@ -22579,6 +22326,82 @@
serviceAccountName: gitlab-test-nginx-ingress
terminationGracePeriodSeconds: 300
---
+# Source: gitlab/charts/nginx-ingress/templates/default-backend-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: nginx-ingress
+ chart: nginx-ingress-4.0.6
+ release: gitlab-test
+ heritage: Helm
+
+ component: "defaultbackend"
+ helm.sh/chart: nginx-ingress-4.0.6
+ app.kubernetes.io/version: "1.0.4"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-defaultbackend
+ namespace: gitlab
+spec:
+ selector:
+ matchLabels:
+ app: nginx-ingress
+ release: gitlab-test
+ component: "defaultbackend"
+ replicas: 1
+ revisionHistoryLimit: 10
+ template:
+ metadata:
+ labels:
+ app: nginx-ingress
+ release: gitlab-test
+ component: "defaultbackend"
+
+ spec:
+ containers:
+ - name: nginx-ingress-default-backend
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/defaultbackend-amd64:1.5@sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7"
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ runAsUser: 65534
+ runAsNonRoot: true
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 6
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ resources:
+ requests:
+ cpu: 5m
+ memory: 5Mi
+ serviceAccountName: gitlab-test-nginx-ingress-backend
+ terminationGracePeriodSeconds: 60
+---
# Source: gitlab/charts/prometheus/templates/server/deploy.yaml
apiVersion: apps/v1
kind: Deployment
@@ -22587,7 +22410,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
name: gitlab-test-prometheus-server
namespace: gitlab
@@ -22607,7 +22430,7 @@
component: "server"
app: prometheus
release: gitlab-test
- chart: prometheus-15.18.0
+ chart: prometheus-15.0.4
heritage: Helm
spec:
enableServiceLinks: true
@@ -22627,7 +22450,7 @@
readOnly: true
- name: prometheus-server
- image: "quay.io/prometheus/prometheus:v2.38.0"
+ image: "quay.io/prometheus/prometheus:v2.31.1"
imagePullPolicy: "IfNotPresent"
args:
- --storage.tsdb.retention.time=15d
@@ -22668,6 +22491,7 @@
- name: storage-volume
mountPath: /data
subPath: ""
+ hostNetwork: false
dnsPolicy: ClusterFirst
securityContext:
fsGroup: 65534
@@ -22714,11 +22538,10 @@
annotations:
- checksum/configmap: 1a1635fcd1e2c7842784c825031c3e22b7265922b404073381b40c94ef9222ea
+ checksum/configmap: b3f150f83f1bdcf83f80af497bd6966d40bd37b0cc1fdaa61de4bdb73468120b
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -22733,10 +22556,9 @@
app: registry
release: gitlab-test
automountServiceAccountToken: false
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -22744,9 +22566,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
@@ -22765,7 +22584,7 @@
- name: dependencies
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.71.0-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.41.1-gitlab"
command: ["/scripts/wait-for-deps"]
volumeMounts:
- name: registry-server-config
@@ -22779,7 +22598,7 @@
containers:
- name: registry
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.71.0-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.41.1-gitlab"
env:
@@ -22790,9 +22609,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
ports:
- containerPort: 5000
name: http
@@ -22860,14 +22676,10 @@
items:
- key: "secret"
path: registry/notificationSecret
-
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/gitlab-shell/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
@@ -22877,7 +22689,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-6.11.8
+ chart: gitlab-shell-6.0.2
release: gitlab-test
heritage: Helm
@@ -22889,10 +22701,10 @@
minReplicas: 2
maxReplicas: 10
metrics:
- - type: Resource
- resource:
- name: cpu
- targetAverageValue: 100m
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageValue: 100m
---
# Source: gitlab/charts/gitlab/charts/kas/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
@@ -22902,7 +22714,7 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
@@ -22914,10 +22726,10 @@
minReplicas: 2
maxReplicas: 10
metrics:
- - type: Resource
- resource:
- name: cpu
- targetAverageValue: 100m
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageValue: 100m
---
# Source: gitlab/charts/gitlab/charts/sidekiq/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
@@ -22927,7 +22739,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-6.11.8
+ chart: sidekiq-6.0.2
release: gitlab-test
heritage: Helm
@@ -22939,10 +22751,10 @@
minReplicas: 1
maxReplicas: 10
metrics:
- - type: Resource
- resource:
- name: cpu
- targetAverageValue: 350m
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageValue: 350m
---
# Source: gitlab/charts/gitlab/charts/webservice/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
@@ -22952,7 +22764,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
gitlab.com/webservice-name: default
@@ -22965,10 +22777,10 @@
minReplicas: 16
maxReplicas: 16
metrics:
- - type: Resource
- resource:
- name: cpu
- targetAverageValue: 1
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageValue: 1
---
# Source: gitlab/charts/registry/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
@@ -23003,7 +22815,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-6.11.8
+ chart: gitaly-6.0.2
release: gitlab-test
heritage: Helm
@@ -23023,13 +22835,13 @@
labels:
storage: default
app: gitaly
- chart: gitaly-6.11.8
+ chart: gitaly-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: a906ff35453b8959937c71618fb2e7dbc0b85bd7de6252d68953e5884b239c4b
+ checksum/config: d5d6d0e3681c059a07a244f1f8ba417bd5012bcff5832c1b249c8c99713f703f
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
gitlab.com/prometheus_scrape: "true"
@@ -23039,12 +22851,11 @@
prometheus.io/port: "9236"
prometheus.io/path: /metrics
spec:
-
terminationGracePeriodSeconds: 30
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -23052,15 +22863,12 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
+ image: "registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox:latest"
env:
@@ -23078,7 +22886,6 @@
resources:
requests:
cpu: 50m
-
securityContext:
runAsUser: 1000
fsGroup: 1000
@@ -23098,9 +22905,7 @@
containers:
- name: gitaly
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v15.11.8"
- securityContext:
- runAsUser: 1000
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v15.0.2"
ports:
- containerPort: 8075
name: grpc-gitaly
@@ -23123,9 +22928,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
- name: gitaly-config
mountPath: '/etc/gitaly/templates'
- name: gitaly-secrets
@@ -23138,19 +22940,15 @@
command:
- /scripts/healthcheck
initialDelaySeconds: 30
- periodSeconds: 10
timeoutSeconds: 3
- successThreshold: 1
- failureThreshold: 3
+ periodSeconds: 10
readinessProbe:
exec:
command:
- /scripts/healthcheck
initialDelaySeconds: 10
- periodSeconds: 10
timeoutSeconds: 3
- successThreshold: 1
- failureThreshold: 3
+ periodSeconds: 10
resources:
requests:
cpu: 100m
@@ -23181,9 +22979,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
@@ -23212,7 +23007,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-6.11.8
+ chart: praefect-6.0.2
release: gitlab-test
heritage: Helm
@@ -23229,13 +23024,13 @@
metadata:
labels:
app: praefect
- chart: praefect-6.11.8
+ chart: praefect-6.0.2
release: gitlab-test
heritage: Helm
annotations:
- checksum/config: bec386c89fb3e7ed87d7e2e1f35bcb7eea24e231ab6a19bfe7af76a9854a0c43
+ checksum/config: 40323a4e0b1d50acda692f68afea3779f403fb04dcc627ee367f5d29df0c40a4
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: "9236"
gitlab.com/prometheus_path: /metrics
@@ -23255,11 +23050,10 @@
release: gitlab-test
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -23267,9 +23061,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
{}
- name: configure
@@ -23291,14 +23082,13 @@
readOnly: false
resources:
{}
-
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: praefect
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v15.11.8"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v15.0.2"
ports:
- containerPort: 8075
- containerPort: 9236
@@ -23318,8 +23108,6 @@
value: '1'
- name: PRAEFECT_AUTO_MIGRATE
value: '1'
- - name: NTP_HOST
- value: 'pool.ntp.org'
@@ -23334,9 +23122,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
- name: praefect-secrets
mountPath: /etc/gitlab-secrets
readOnly: true
@@ -23376,9 +23161,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/postgresql/templates/statefulset.yaml
apiVersion: apps/v1
@@ -23721,10 +23503,9 @@
fsGroup: 65534
serviceAccountName: gitlab-test-certmanager-issuer
restartPolicy: OnFailure
-
containers:
- name: create-issuer
- image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:1.18.20@sha256:8d27c191af306cafddba2f293c5613f8966363f779d79a5599ad0231e60069e4"
command: ['/bin/bash', '/scripts/create-issuer', '/scripts/issuer.yml']
volumeMounts:
- name: scripts
@@ -23745,7 +23526,7 @@
namespace: gitlab
labels:
app: migrations
- chart: migrations-6.11.8
+ chart: migrations-6.0.2
release: gitlab-test
heritage: Helm
@@ -23756,22 +23537,20 @@
metadata:
labels:
app: migrations
- chart: migrations-6.11.8
+ chart: migrations-6.0.2
release: gitlab-test
heritage: Helm
spec:
-
securityContext:
runAsUser: 1000
fsGroup: 1000
automountServiceAccountToken: false
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -23779,9 +23558,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
@@ -23811,7 +23587,7 @@
containers:
- name: migrations
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v15.11.8"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v15.0.2"
args:
- /scripts/wait-for-deps
- /scripts/db-migrate
@@ -23845,9 +23621,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
resources:
requests:
cpu: 250m
@@ -23908,9 +23681,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/minio/templates/create-buckets-job.yaml
apiVersion: batch/v1
@@ -23936,12 +23706,10 @@
heritage: Helm
-
spec:
automountServiceAccountToken: false
restartPolicy: OnFailure
-
volumes:
- name: minio-configuration
projected:
@@ -23994,11 +23762,10 @@
securityContext:
runAsUser: 1000
fsGroup: 1000
-
initContainers:
- name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9"
env:
@@ -24006,9 +23773,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: false
resources:
requests:
cpu: 50m
@@ -24031,7 +23795,7 @@
containers:
- name: migrations
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.71.0-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.41.1-gitlab"
imagePullPolicy: ""
args:
- /scripts/wait-for-deps
@@ -24043,9 +23807,6 @@
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
- - name: etc-pki-ca-trust-extracted-pem
- mountPath: /etc/pki/ca-trust/extracted/pem
- readOnly: true
resources:
requests:
cpu: 50m
@@ -24078,9 +23839,6 @@
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- - name: etc-pki-ca-trust-extracted-pem
- emptyDir:
- medium: "Memory"
---
# Source: gitlab/charts/gitlab/charts/kas/templates/ingress.yaml
apiVersion: extensions/v1beta1
@@ -24090,15 +23848,13 @@
namespace: gitlab
labels:
app: kas
- chart: kas-6.11.8
+ chart: kas-6.0.2
release: gitlab-test
heritage: Helm
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/ingress.provider: "nginx"
- nginx.ingress.kubernetes.io/proxy-buffering: "off"
- nginx.ingress.kubernetes.io/custom-http-errors: ""
cert-manager.io/issuer: "gitlab-test-issuer"
spec:
@@ -24106,14 +23862,14 @@
- host: kas.test.freedesktop.org
http:
paths:
- - path: "/k8s-proxy/"
- backend:
- serviceName: gitlab-test-kas
- servicePort: 8154
- path: "/"
backend:
serviceName: gitlab-test-kas
servicePort: 8150
+ - path: "/k8s-proxy/"
+ backend:
+ serviceName: gitlab-test-kas
+ servicePort: 8154
tls:
- hosts:
- kas.test.freedesktop.org
@@ -24127,7 +23883,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-6.11.8
+ chart: webservice-6.0.2
release: gitlab-test
heritage: Helm
gitlab.com/webservice-name: default
@@ -24388,7 +24144,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24405,7 +24161,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24445,7 +24201,7 @@
kubectl --namespace=$namespace label \
--overwrite \
- secret $secret_name app=gitlab chart=gitlab-6.11.8 release=gitlab-test heritage=Helm
+ secret $secret_name app=gitlab chart=gitlab-6.0.2 release=gitlab-test heritage=Helm
}
# Args: secretname, args
@@ -24524,13 +24280,10 @@
generate_secret_if_needed "gitlab-test-kas-private-api" --from-literal="kas_private_api_secret"=$(gen_random 'a-zA-Z0-9' 32 | base64)
- # Gitlab-suggested-reviewers secret
- generate_secret_if_needed "gitlab-test-gitlab-suggested-reviewers" --from-literal="suggested_reviewers_secret"=$(gen_random 'a-zA-Z0-9' 32 | base64)
-
# Registry certificates
mkdir -p certs
openssl req -new -newkey rsa:4096 -subj "/CN=gitlab-issuer" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650
@@ -24614,7 +24367,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24671,7 +24424,7 @@
if [ ! -f /chart-info/gitlabVersion ]; then
notify "It seems you are attempting an unsupported upgrade path."
- notify "Please follow the upgrade documentation at https://docs.gitlab.com/ee/update/#upgrade-paths"
+ notify "Please follow the upgrade documentation at https://docs.gitlab.com/ee/update/README.html#upgrade-paths"
exit 1
fi
@@ -24733,7 +24486,7 @@
namespace: gitlab
labels:
app: shared-secrets
- chart: shared-secrets-6.11.8
+ chart: shared-secrets-6.0.2
release: gitlab-test
heritage: Helm
@@ -24781,7 +24534,7 @@
namespace: gitlab
labels:
app: shared-secrets
- chart: shared-secrets-6.11.8
+ chart: shared-secrets-6.0.2
release: gitlab-test
heritage: Helm
@@ -24802,21 +24555,15 @@
apiVersion: v1
kind: Pod
metadata:
- name: gitlab-test-webservice-test-runner-a1pya
+ name: gitlab-test-webservice-test-runner-cojbm
namespace: gitlab
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
- labels:
- app: webservice
- chart: webservice-6.11.8
- release: gitlab-test
- heritage: Helm
-
spec:
containers:
- name: test-runner
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.11.8
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v15.0.2
command: ['sh', '/tests/test_login']
volumeMounts:
- name: tests
@@ -24887,11 +24634,11 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-test-shared-secrets-1-gg0
+ name: gitlab-test-shared-secrets-1-aqf
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24903,7 +24650,7 @@
metadata:
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24919,7 +24666,7 @@
containers:
- name: gitlab
- image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v15.11.8
+ image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:1.18.20@sha256:8d27c191af306cafddba2f293c5613f8966363f779d79a5599ad0231e60069e4"
command: ['/bin/bash', '/scripts/generate-secrets']
volumeMounts:
- name: scripts
@@ -24944,7 +24691,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-6.11.8
+ chart: gitlab-6.0.2
release: gitlab-test
heritage: Helm
@@ -24959,7 +24706,6 @@
labels:
app: gitlab
release: gitlab-test
-
spec:
securityContext:
@@ -24973,9 +24719,9 @@
command: ['/bin/sh', '/scripts/runcheck']
env:
- name: GITLAB_VERSION
- value: 'v15.11.8'
+ value: '15.0.2'
- name: CHART_VERSION
- value: '6.11.8'
+ value: '6.0.2'
volumeMounts:
- name: chart-info
mountPath: /chart-info
@@ -25704,13 +25450,13 @@
type: Opaque
data:
secretKey: "bm90LWEtc2VjdXJlLWtleQ=="
- secret: "blEzR3ZXU09kZGdrZlBtUw=="
+ secret: "UUF2eHdKbUhvbDJIRE5CRg=="
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUwekNDQXJ1Z0F3SUJBZ0lKQVBZL096TE1lVnEyTUEwR0NTcUdTSWIzRFFFQkN3VUFNQUF3SGhjTk1Ua3cKTkRFNE1ESXlOek0zV2hjTk1qa3dOREUxTURJeU56TTNXakFBTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBZzhBTUlJQ0NnS0NBZ0VBM3hsVUpzMmIvYUkyTkxveTRPSVErZG4veU1iL085OWlLRFJ5WktwSDhyU09tUytvCkY5dW5tU0F6TDY1WEEvdjZuWTBPTEkvZEFTRGprcWtCcElkVEd6b2dSNWY4VWlCNm9zdUVZN1Y3MVhaZHpXTHIKUGpuSnE2WkxBYW9LbXdHODBXNStXZDZWOFB5Z094NTJta3IxdzdJV0t6KzFaTEk1aXpicHBvbjdYVkdWUmFBVApSdk5aRGlKNkNlSnBjSjVINzIzbGtmNVJ2SldhdFpMQ1lJWURiUmZUaUtzeVEvU2xSY3Y1QlZmSGcvTEpTSDlRCkxHUmhQTUFSbGRsOXd5WkN3WlpESHhoZUk0YSsyNmFhOE1ZM3U5c3QvbDAvT282VkNUR3BNaUVoaUdGMkxWanAKVVdxLytCUDRTRkV2SmZxL0R1aW5JMTM5Vy81YVpaNy9Id1JQbG1ZVTZwWFRSTHlJZzdqZCsxOWZKd1I3WDM3cQp3MG84dDA2RmhqbXJDemFZQ1Vqb1JlcURtSGFObVpOL2Rkdkc3alpXQnUrak5oMFlhdnN5UXlDSVZtdjZ5cVNjCmpQaUQ5dWl2eHFUd2pKaWRJQlJmdVVyejNhRVJRN2NRZ2YwcWhxakl6Zmx6SGJGS2hJTG9jQldxN3p5Tmw5aHIKdlVHVC9XWmN3MHQvT3RNNzJTUGFwbG1UZ1ZiYlFSeGYyVkh6eXB0R0l2dHlkbFhLOHRoeE9NcFhvNGUrU2w4ZAoxZ2RRY0M0b2lzTjlGMjlvTnM4UDV5RlFQLy94WXV2OEM2MDduQ2oxRHpySWQ1YXZHL05WZktCL2ZiREtFRmdOCjJXaEhJblR6UExFY2pGNGZFcmNVQUV1V1cwYnVYLzZGSENHM2lUdHJxeUQ5MktUVkRmTjFKNTZycmNzQ0F3RUEKQWFOUU1FNHdIUVlEVlIwT0JCWUVGRmhOaFRvNFVBQzJQVXNmOGpZYVdqMTYwdkdFTUI4R0ExVWRJd1FZTUJhQQpGRmhOaFRvNFVBQzJQVXNmOGpZYVdqMTYwdkdFTUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0lCQU1Bc0V0VmxFTE13ZHRjaWZIZU9UMGtPbWY1d285SW4vZUZTZ3NjQ3pCTURhUngyQjNxMzZBb1MKSWw3WFdBWnBldmFSN1c3eWVBUkthQXNoQkxoeWdVcUxEMHpXYktsU045SHByZDF3ZHBNMGZmeVBwTjVkeE9ZQQplcjA0eTEyR1JuQ2JNWXFpNGN2enRQNFRpblhxcTJ5SFNZaExiTzlxa0k1Z2JXVnhrUnVJY01Ldml4ZGRsbE5ZClEzb2JKYURESG1vdk0zK2cvRysxWUZndDRxRVMzOFhuSjdCclNzaEhubjVFSVFoMjg2eGZKcml5cksyaEhiTEoKcXowWXVGNkczRFhQZVdHZ1h2ajBIaXBjMGY4VURaa0tray9lR0VJNnZFa3l0eXZvZXBvWkkyWGJBZi9aTXk1bgpLd3VoRW40aGhrRk13V2FTV3AvaDBRZE1DYXhrNEJWU09xbU5WYUxTQjcrRmpzSWo0Q2FzRm90WWl5SjJncFJCCk5mOFFhUzRiejBUbjFlQmJDOGtzaitlM1pXZVgyYjV3Vk1qcWw5alR0MlgxSUNzOEtLZTN2RUJranFUMkFVaTIKNTJUdEt6bTczYVdyei9HUHkvUTJMQ29yM0ZoOUZHVlNCT0JCRFhHeTZNSnBOSEpuWVZIOUVFTkZHT2g4NW9sMQoycEFET0JCNXZBVS9rTEI1TEhQajJrdWUvRk1pSGFObnJTWUlHck1sQlNYMmpqOUVZYTF1dVVIK3BkNE1CajFGCjV1SDhPUmlhUTZodDIrV0hrbHhpYzFSajV5VFlRd1ZsSDcwQ0JPbitxVkVkbzYzeVF3ekFNSktGSXdsR1VRRVgKamlsamdjODZxNGNadFVURnJjd01pZGJrKzhRNitKYkRWZzdIVi8rcG5DK3dudjE5N2t3ZQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBM3hsVUpzMmIvYUkyTkxveTRPSVErZG4veU1iL085OWlLRFJ5WktwSDhyU09tUytvCkY5dW5tU0F6TDY1WEEvdjZuWTBPTEkvZEFTRGprcWtCcElkVEd6b2dSNWY4VWlCNm9zdUVZN1Y3MVhaZHpXTHIKUGpuSnE2WkxBYW9LbXdHODBXNStXZDZWOFB5Z094NTJta3IxdzdJV0t6KzFaTEk1aXpicHBvbjdYVkdWUmFBVApSdk5aRGlKNkNlSnBjSjVINzIzbGtmNVJ2SldhdFpMQ1lJWURiUmZUaUtzeVEvU2xSY3Y1QlZmSGcvTEpTSDlRCkxHUmhQTUFSbGRsOXd5WkN3WlpESHhoZUk0YSsyNmFhOE1ZM3U5c3QvbDAvT282VkNUR3BNaUVoaUdGMkxWanAKVVdxLytCUDRTRkV2SmZxL0R1aW5JMTM5Vy81YVpaNy9Id1JQbG1ZVTZwWFRSTHlJZzdqZCsxOWZKd1I3WDM3cQp3MG84dDA2RmhqbXJDemFZQ1Vqb1JlcURtSGFObVpOL2Rkdkc3alpXQnUrak5oMFlhdnN5UXlDSVZtdjZ5cVNjCmpQaUQ5dWl2eHFUd2pKaWRJQlJmdVVyejNhRVJRN2NRZ2YwcWhxakl6Zmx6SGJGS2hJTG9jQldxN3p5Tmw5aHIKdlVHVC9XWmN3MHQvT3RNNzJTUGFwbG1UZ1ZiYlFSeGYyVkh6eXB0R0l2dHlkbFhLOHRoeE9NcFhvNGUrU2w4ZAoxZ2RRY0M0b2lzTjlGMjlvTnM4UDV5RlFQLy94WXV2OEM2MDduQ2oxRHpySWQ1YXZHL05WZktCL2ZiREtFRmdOCjJXaEhJblR6UExFY2pGNGZFcmNVQUV1V1cwYnVYLzZGSENHM2lUdHJxeUQ5MktUVkRmTjFKNTZycmNzQ0F3RUEKQVFLQ0FnRUFrOHE4czRQcnZZYnk3OVVWbFdKTktxY2V5a3dCa3hFMWZqcllPUldRMmhpQWlyeEdWNSs4bERULwprNnVqbTFFV3diNUswSHh4UktrYitQRWExSHFOTkhFNkp4TnBKS0s5ZXhEbFlBUSt4N2RGQnFWci8ybmF6bW80Ck1COE1MWWxtSXp0V1dvU1l3ZThvMm1FZzRxK2J4WXM1SW1kdTdBa2hFN2RKNjNobTIzZ0xNZmVNTGFsUnFvcHUKWEJQd0U1blhQNmFHdVVOSHRHMUs4dFFKRGxaWStMRWJBZU9mUmVOUWhUOU5kUnVrWVNXNTc5dmZLYmxKclN2egp1bGc4OXNWbTNjV0VLNXBCNnJqOXdKYks5NHZvS2Z0VnFiYnVCd1dqZDFhOXBpYktod1ZCZTJMMkZXaHBTWmM1CkYvY29DN25qVGFZVDZ0cjkxeTVWaGhKaElaUUNmL3Z2NFpsNVhoRkhzNVZUWk5iTS9PZnF5RlFMWVhWSk80OEsKRjd0bWF6QUVRUUJRd1ZacUg5QzlOUWR6UEhXbWMzOE9raHRjMXd6YXFuL3JnOSsxc2dBTUQ4aFdDdFFKVWU5NwpiOXltaDVBMFo0UVhLcHlGVDBiK3BYY0QxalJoYTA3VXRrWCsvekxKOUhwQVhjVW16a0crajVDWE5wbnhzSXE1CmZKRmVxM2hCajl3Nm40aCs1ME00VzBGc2U1WW9FVXNjM0IwZno4QmxRQmIrWUpMRkxOSDM0TUg4cDFsMFpEWUoKeWFlMHBzeGxCaWpnNE9QWitXQ0JhK2p0Rlc0TGlXZ0VjeHdnejh3K2hFT0FRcjJhMURjN3c4amQrWTRJSzhVbQpsVFZzNWRicDRtT21QTWxSdi9HTTdrRHVkRnFiTWczWUZ3WGczUWJxdVZxTFp6RXpqVmtDZ2dFQkFQSktaYkNXCllmTGVqa1MvZmtSeVYzVkliNTRtS3dRSG9NV3ViODh0UGdHdVh6anNKeWQ1UVRRNThQcFVqWHJMSG1uOGxTMisKdmlFOEdKeWxLd04xeU1sWnc0MCtrWmhwSFVwQ1d4LzJaS2pBcXZxQTlPT0tvMmZ2NkhkL3dPQW5VNEN0aW9DMQpwcmk3bEtGWVhvUDhEdFFWd0hZdkl6Q1JxRG5oYzRtd0pEcXpUQzl4ZHVJK3N2eHpsNHhIODJmeDBqclBpRlkrCi93T2RYanlmSVBqeWhIQzRqUFRXYmFpcndYUzlkQmpTbDEyOGFJUlQ1ODAveVhFL1NZQXVnZzA1akt0ZzV6UUEKU28xM01UZXpYUkhYZE8wZGkzdEVNSEdSRUVrRnBlVm5uUFF2Q0NlZEswRFYzNmlOd2lXYzhwd2RmTE1WbmVUdApES3daZWRDeCtvLzdldjBDZ2dFQkFPdTQ4REdFSkpKekh4VlI1bVkxSzJBbFp5WXRwVE9XZWhLMXpYNzRKdk0zCll4TjRuZCtaeDVuOXVTUG1tS3pxRjNUVSs0NFJWdGRKSzZlam9GRThkTURUTldhU0xXL1pEbU4xblQwbmp2T24KSVdKbjU5eW5PQ2hXV0taZ1haLzlVcUdSN1B0Nk94U2trZXg5Yy9mWUJzTVgveHVzZFhRaWdlb2dsMGlPWVZGVwpnWElpaUxSTEhwSEpzSy91TnhJaXpqMGhUWVluN3VEN1BSRU53RlJjQ1lmOEoxZVVGYmQ2RHVDVldlUUNLV2dmCk5kMnRTV29pMFZ5bGo0dVVYOEl3MHRqTE5NRDVDUkVKRWs0R1N2NEVEU212VWR2MUxpQktKQ0wybEVjZ29QZUMKb09EMmlDYzVLcWdubVFyYVJpbEZGazhSVlhBOVBXWkdZM0MwYjZUVm1tY0NnZ0VBTlpPMkFPS0FMbENBYlR0YgpGSStrUDA4UlA0dDVINThBTWpac2l3ZWFHbzBRaVduUERxK0ZkNk1JWXBLbjVtdGNBbHZVTVJWb3ZiaW9TSnROCmM2cHNCL3BOZjhKQ044Mm1xSEViN1dseXdNNDZBTUxiWkNXWUZMZThWQkJ2K2lFNEdkQkdQRWZ1NGhLNHZ5VG4KWVpBdlJ6NjRIR280QWRsenRiamc3NlYvbld0Z2dXMDV1TFhjcG01NUtKQVFodisyV1VMakJ3OVBIT0dEb1N3ZgpBbTIrVTU2N3JMaHQ3MHByc1FEajEwbGFKMlF1U0hTMVlYR2xmZUZjdzNlRlVwOVROK0pwdmRvQ29sMmxDSWdsCklIamdaajZPUldmQ3Zwb3hXN1JnQnVadWtxQ0QwUjYwSGRZdGF2eE4zanRpZXBzYXBBODNweE8wSmFwTWdaV1oKcnBVUmtRS0NBUUJPY0V2OUxpdTlUL0dYOXBqa2llelZJWjBoWnk4QjY2RFRlUXZZcEZyUnRDeVQzaDhxdU5GaQp2THRPNXYwSERSNmhFZjVqV0FHOXdldDA3VTM3dWxKZmwraTlLUWRWb0xUWkE5bys3MXJ5V1RzU3MrREQzQ0VqCnl4ZlV4VnhpVUxtZWFpQ2h6aHE2MDhoN0dZUHRoVVU2eGxGdHRBV2hqNW9MZnF6WXlBZzZPTDc2YStOeG0wMmcKMWF5bDNtOFU2ZUFYRjIza3BvVW0rSE5wcVZuR3VKbXpWb1VBNzVZS1orTnJlRWRoU0JiZlB3TjlzSnd0WlVpbAp1N0g0a0hjTTk1SXg4ZXlzQ2pLcUtJcWV6QmxJVGJEVG5qTnZMamNiSjVDKzBhNmx2SVhUMXZRUjUvZUdsYzlNCkJXRTM2MHBOa1YvTEQ4bU9mOUplcGkyUTQzb0RMOUVoQW9JQkFRRFRXSW1meTBLOWdHekEyclB5MTY5bVdZUUsKT2xjbkQzK2hRcTZ4NTFabjFlL3RleEZlVmxoSG40cnJuUmRDRk9BcDQ3dUZrSjJtNzJHQ1ZENzRFd1F1Y0s5eQpBRDVqb3JxZ1ZIcUNLWmRrSGpiMlY2ME16bTZnM3J0TDlXSlhGVkx2TkJiL1FHQjJ2Z0hWT08wenFpcUdaajRlCkV4N2wybS8vNVNFNERMdG43MEo5Q2dHMUh0WENTOGRXckdQTDFwekRuazhWWHRub1h6YjBMQ2hMVUZFZ1pSbWgKY1Y2QUZIRUsySDh3Qkh2aU55ZWhzUlFpRGtsMkFpV09jSk52a3pXNjhjazJuSmpSV3lQWUsxSkwzTkNLcEIzUQpPb2hyUDBmSGNXQVhNVzk3d0ZYWmhSZm5RZkR4eElPbGozTWNZVDBBbGFuWGQwRjROR2MyTnZtcGh4MDQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU="
POSTGRESQL_PASSWORD: "Y2hhbmdlaXQ="
REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk"
- CSRF_KEY: "M0xVeG03OVVYWld6SkRDcjZ6S0lNRk1DUlJOd0s5MnU="
+ CSRF_KEY: "U3J5emVTOTQzTGlsc3ZPMlROVGlYQzBTQzNOZlpuOUs="
---
# Source: harbor/templates/database/database-secret.yaml
apiVersion: v1
@@ -25738,9 +25484,9 @@
app: "harbor"
type: kubernetes.io/tls
data:
- tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWp1Z0F3SUJBZ0lSQUxON1Z6UFd1VmFySkM4SkVzNm16VE13RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEl6TURjd01UQXdNRE16TTFvWERUSTBNRFl6TURBdwpNRE16TTFvd0hURWJNQmtHQTFVRUF4TVNZMjl5WlM1b1lYSmliM0l1Wkc5dFlXbHVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzUGlxcmpRRlhrUEVRSk05Tk9ydHB4aStOMmFDdmpaMDlmTkIKQTE4WVhBV3NXL0lLZ0szTi9uUVFhTW0yZ2xpaTd6aFhHUERSWmY3eTZXWjh5NmwySy91RXRLQjJtRWNzTzRXUgpUWGJMRlBnS1pSMEY0WTlDQnNDZTk1Wkp5dnNRU3BrT0NnWkNMZFIwTGxsY2k1Qk9BRzRYeFdYZnNKdkRMZ1paCnBmcklzbVlBYityZUEzVTMyK1A5amdmM3J4TzBNU2JNWEJJK3BWbU0yYXZmYWZ6V2J0V0hlQWticy9FZVJROEcKWXJCaE44OWVJWTF3QXBubnE2QWptdWQvQXF1emt6Njg1aG1uU0Jjd3Y5bXFjREpGaHY3VEVTNXFQSUQ0OVFNYQpyeWFHeXFzSlE4YUhGYStBa3h5OTkrYnYrdVhVR2FTTDZtNVUydzFFK0M5UWw5bTAzUUlEQVFBQm80R1dNSUdUCk1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKREFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlJuTzRjVkFXS0RDemJzL1Q2cWsvQlJyallueHpBegpCZ05WSFJFRUxEQXFnaEpqYjNKbExtaGhjbUp2Y2k1a2IyMWhhVzZDRkc1dmRHRnllUzVvWVhKaWIzSXVaRzl0CllXbHVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJaZldsTmUvL2plNEc0bFk5WE9VK2xCa1FJN0RnN3ZpSDQKMDZHcDl3Tk9LRm9RZ2FJRlc5MVVVdUpsbEdSc3R6L0M1bU42dmRVYnNqeGtyREdpd0JPTUlZYkY1VU45RHhmMQp3NGhvQ1A0TXp0NEs3M09aU0NRM1kwSVlrcGEramlhMUh5Yys3bHNPZ3AyUHR3Mkc1WWNPUFZkR3N0ejBtUTliCjBsUUhaL1gyekFUYzFHSXpzUTQ3ay92L3lXN1BCYU1uR2NxaG1MYS9NbGl4d1RhaVZRNElHcmgxcm5obUhpWmgKdVlabmdpRzVJbnVvWFc2OU1ScXZHUUZ2YkJMb0tIUHhLb1h2cjE4NU5hTktYODBZOEVRYXR1bFk3aFB5dzhXbApMUmFOTDRUMUJ4N3NWUkdXVENlQ1Y4c3FKMktrZkRlcDV3Um1xUXM1SWo1amkxMHFUcE55Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
- tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc1BpcXJqUUZYa1BFUUpNOU5PcnRweGkrTjJhQ3ZqWjA5Zk5CQTE4WVhBV3NXL0lLCmdLM04vblFRYU1tMmdsaWk3emhYR1BEUlpmN3k2V1o4eTZsMksvdUV0S0IybUVjc080V1JUWGJMRlBnS1pSMEYKNFk5Q0JzQ2U5NVpKeXZzUVNwa09DZ1pDTGRSMExsbGNpNUJPQUc0WHhXWGZzSnZETGdaWnBmcklzbVlBYityZQpBM1UzMitQOWpnZjNyeE8wTVNiTVhCSStwVm1NMmF2ZmFmeldidFdIZUFrYnMvRWVSUThHWXJCaE44OWVJWTF3CkFwbm5xNkFqbXVkL0FxdXprejY4NWhtblNCY3d2OW1xY0RKRmh2N1RFUzVxUElENDlRTWFyeWFHeXFzSlE4YUgKRmErQWt4eTk5K2J2K3VYVUdhU0w2bTVVMncxRStDOVFsOW0wM1FJREFRQUJBb0lCQURmcWFldGV6bTlwVkFIZgpROUNMaGdsczNQVWVNNk1zQzZxR2NIMURONndqc3NEZWFna2NZV0RMaFQvR3RCN2RLS1lURkJueVJRZElGYkkvClNxRUM2eTZjYXVLemJLVlNuNXd5NktVa0txaDJjcnBlQURTemtmWVdPR1FjSFRiQU92YUhBNU9SUkttOFhmVWoKRVFXYjA3bDVENU8wUzRnK3Z0MjA3ZkJ1bTZrWjRQb0I0VUVwZUFyRTEzekNSbExocndOb1U3RHJERVJrSVdHKwpVQmtPd3k0OFoyd3kyMmwyaEFITXpKMy9STUV2eU9vYU1OY0RCQnI0eXFUK3Y5WTRRYll3SHZSaFIxWXl5Y2c3CjFzSXNrOXJSVWZJckxqbHkzdzBuOGlUbm5Vb25adUdseTFoN3lhdktzUkI4Rkp4eDhpZTlEK2Y4dG5hOGdLa2oKQVlHNnI0RUNnWUVBMVlZeE05VkxWNTlBM0JUUC9DejhEWFNpVWRZZGVHa2J5ak93RVlBclZQY3RBejVNSHdrUwp5MW9yZnpyK00xZmtzbEVHRThWYm5kYW0vQnk0TFNuLzFodEkwazhrSUZPa1dXS3ZSN1ZOM2wrL2VZZ2hvUHp0CmNQNURqKzRWbHpPM25wbUZTL2VhYzlPUlNlcEduZXVqaWNCVGVNNTdEcWkxZCs2bkdTUkZIUDBDZ1lFQTFDMEIKblMrek00WHplWHBpUFBHRkRYSmlpb0ZzRXlDbmtNREQvTTB2L2pLS3cxZnBxK3ZETit6ZWh6VC8vcXJQb2RCMwpNOThqWDI0Z2dxWFF6cEI3bWRad3cvTC9ubTBmT3hJdExnYkw4dG1YN3UrUDV5V0d2ZHFNWGpNcXYxUFdDclA5CkRKckdBdXpEbFQ3ZzUweUN0Tmp2MjAxWVZmMndnejlFQTdjNmJXRUNnWUVBaElQNHkwTm5zK1NaR3owcmEwVDcKMU5uNjF6RThMdnVFakxRUlpIc1g2VzVSbUQ2MGZWcGpPS01vZFpqR0pGVTdFTk9xSXVFTUgrUVUxRWg2b1VUOAppd041NlZQR2h1MkNCUnR5enQwZGk1SCt3azBUR2RkL0FPNDhQZm96bWhnMXNBOTFJNVZ5WE1vRDFFeTZNTTRLCk83YUoxMkxHQ20zMzJZdmFWb2NsQVgwQ2dZRUF4NWQyMXpqUjZIdnZwNnk2MFAyWjNpWm1FRWpqTTdNYUxnOUgKem4zdTBiOFZ6ZURiVGdEQWFkR0hHOFY5czBGWGhLNm9FOEdxY3RFVUFCS2Z0RkV5Rkdzbk5RMVg3TjVWN0ttUwptcU9HSTNNUmU1RWIyNkx2ZDVVcFNrdnp3SHZLODlLUkR0Umh4TXFZeWNLV3FyN01qZmNzMnkyTkZZZEtEb3pyCkhGdTJ1TUVDZ1lBNUlxRHB0by9pQVVxUGd1d2QwWmVycFYzcjNwbDR4bHF1bGNjbzhSZUdmUlE4NEdBTGpmQlgKVitEK0RMZGNVVnlVZytwaHZtV3oxNExjMzNhMW1IVkM0TC8rY1ZWc1lDcndvSVd6bTZCUDloUXZvQ3dZT1VNeApnM1pBejJ1SWo2MTVybUJ2bklvWEtNNTFnZVpoamg4Nlo0YlR5a1F3WjZyZEZiRVBuWXd6TWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
- ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUppM1poSTBSQnJDK3JtVmhsdHRmSW93RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEl6TURjd01UQXdNRE16TTFvWERUSTBNRFl6TURBdwpNRE16TTFvd0ZERVNNQkFHQTFVRUF4TUphR0Z5WW05eUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFwU2dsWWd5ZmRJdEVoRWlhYWpzZWcvM3FpeTRQWnlUMU5nc1hWc1FQSEpvbURvaSsKbTNyUEtlUW5xdGdqYjN0QmNBM3hHR24rRUhHUFFSanczWVdnRTZzQi9veTA3OXNxdXpVRjg0VVR6K1J5Qmc5cwppb2x4bTk4NFdwYmxFZmw2QlpnOG9ZZVEweXpZWDNnZWZSZzh0cnhmRngxZEtDeTRMbWFvWmxSdlVhdy9UWUdPCnFNc1d0MzB0TXcxVFNIK3BCSGEwWnZDYTNBUGtCbUYzcXFxaGF4UENOSXN0RGNITmc4YWlRU0V2am53Uy9ocFEKKyt3SnVwQkx5dUVGRHI0amFQOW9tMEhTY3Q1MGJPbnRoU1FNLzd6TGxKQkI5OG03TTk5c3o0c1lpcC9zSENGRQpQdUxLVzMzRTc0Y3VnWEZCS0t5eVBGYitkWnYzN1VCaC9wQVBnd0lEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGR2M3aHhVQllvTUxOdXo5UHFxVDhGR3VOaWZITUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlhRazJHazJpT3FJMVQyMjZSdUNuQlg5RFJsTGhMSDU0VzNETktIWXQ3dVhycm1oVy9TajlNClBwQWxpUS9HU203aTNZNTloTlFqU0tXd25DQkpQaFZIcmlsL05IanBZZ00vUzVJNHBpMnMxWkRpVFVlOWhDaysKeFVKbGhidHVuaHlOY3lQV3doZlRIc002NU9DdENHakxBZVV6ZmtCdURjdzY2TVZPYStzcDhyRUNjaUo3SzhTcwp3eFFweFJoYWs1d3RXOXM0a2VXZkVMU0lMS2R2UHAzb2J1TVdsYSszTG1kWVdkdDZSZmpKNTVMaFM2OVJXZDZDCk1UUTl0eE5aSWkvRVRzNlBkRnhLd0g2ano4THI4Qkk3MHRKQndSejNQM0FYa2Z3c2hsczJxdnQxbWFQNGRXdHcKVFFsWnd6MjFHWlJmaTdHZG9ZK1BEazBrdzQwb0krK3kKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
+ tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lRTkt2aC9XQ25XYzVud010YjdwcEc5ekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsb1lYSmliM0l0WTJFd0hoY05Nak13TnpBeE1EQXdNelUyV2hjTk1qUXdOak13TURBdwpNelUyV2pBZE1Sc3dHUVlEVlFRREV4SmpiM0psTG1oaGNtSnZjaTVrYjIxaGFXNHdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ29Fc2xzdU9xc3BRbHZVOW9uSzJkVHorUS94dW5JN0dXVytOdUkKOGtqVXZ1UXRTNUVGMWNmN3EwaG1FL2NmV0h4bE5xVWVsdVVGVkVZRHg0amxNWnlNc0xnWGRLL21HTUdreE1VMwpyNldFWDFGdTR6Q2xQdmZFSTRFNnRiY0RJTU1RUGtoQks3dmc2V3h2YnhtUW1LdWJTK0p6UWIwYkVRa2FISGhYCkQwUVZtMWlrNGsvV2U3a1Y4TnMwUmNQV1dCemFET2VzcnA4a09IRnZ6Zzc3bVVpKyszZkg0U2NlOG12Sk5ZcVQKMXlrMzlMOURZOG1uV0tZYzliYnpTMXlrK0VlUjZjaGZ4UFpmUUg5Tk1CSzJSNnkzZ1RCVWFGYU1mT0E0ZjNzbwpScE5JVklkc0hjTGl3RTlRc0FuR1FSNDdCRnlnYUdwVWJwZFdSa3VqWXBhNXhWaEJBZ01CQUFHamdaWXdnWk13CkRnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU0KQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGSC9aRTVqR2dLejVXNVI1TGZSN1FpaHFMY0JpTURNRwpBMVVkRVFRc01DcUNFbU52Y21VdWFHRnlZbTl5TG1SdmJXRnBib0lVYm05MFlYSjVMbWhoY21KdmNpNWtiMjFoCmFXNHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxXaWpFQVorR1RNQVlqbm9TY3hPTCs2YkNFTWdJdjRNNXAKdUtYRWwzby9mMjFCYUFFNFZGUFljZVViSlVWS1IzVTFEbkJsMmNRcVNCMkpjUHJqTWZEbDl1NStXcmtISVdrbwpKQ3Z2NXBnYVhybU1ML0hVQmRFZmFYVTlyazlnMm8vZDFBSGgyejVrWktzZndFZ3gxa0xGRWw3dEJERHN0dkRZClMwYStFVERoY0ZPZitxd2NyZXVnN2VFSjkxaUhZbncrbVdBVjlxbW8xR2NXbGIzLytsWk54cGNyMmplYjRYM3EKTy8yNndTcm93bHBwZURZaUVsYXRvaEYwZWJncHMveGcySjJacURHMzRKaldoWnRvTDhGYW9mQkJLa3J1VkpOTgpXalN3SEJNNmlEY3IvNm5WRHVYUTVZekRnczRSKzFvSkdyaHpXdFo4VlpwbS80UmJDM2M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+ tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcUJMSmJManFyS1VKYjFQYUp5dG5VOC9rUDhicHlPeGxsdmpiaVBKSTFMN2tMVXVSCkJkWEgrNnRJWmhQM0gxaDhaVGFsSHBibEJWUkdBOGVJNVRHY2pMQzRGM1N2NWhqQnBNVEZONitsaEY5UmJ1TXcKcFQ3M3hDT0JPclczQXlEREVENUlRU3U3NE9sc2IyOFprSmlybTB2aWMwRzlHeEVKR2h4NFZ3OUVGWnRZcE9KUAoxbnU1RmZEYk5FWEQxbGdjMmd6bnJLNmZKRGh4Yjg0Tys1bEl2dnQzeCtFbkh2SnJ5VFdLazljcE4vUy9RMlBKCnAxaW1IUFcyODB0Y3BQaEhrZW5JWDhUMlgwQi9UVEFTdGtlc3Q0RXdWR2hXakh6Z09IOTdLRWFUU0ZTSGJCM0MKNHNCUFVMQUp4a0VlT3dSY29HaHFWRzZYVmtaTG8yS1d1Y1ZZUVFJREFRQUJBb0lCQUFqTk13OG1mK09hb092YgprRWtNMU5SbXhxVXdYWDNRSTJITWxuS05mWkxtakR4ekFKMDFuTXRwSk5sem9qVmFCT21uK3UybktVY21LcVI0CkJvczZGZUNvUUh1NStKd3NIN2ZwTmdxOGdBWjJsMlVmTUtUMnJ6THVTUTR5QmV0OEE3c09CK3FoeDZ6M2pGNHAKaTBVdk9ZMWdZL04xTmRuOUFtVURxS21tZXdKR2twVVJVVkRIMW45MkNXbkkwQ0Zoc1k5czBjamROTDJvSjF0Swp5bnFINDk2L2hOaHBtcGNaaENxdWhSZHk1RlRCTjA0Y1lDOEtFQktTU0NXS0E1a015VjZBQVVZVGFieTRUUklYCk1BY25LdjQ4aXJQWE1qTWJmYjRxOHljYjVucjErWlNFM3IzTkxRR1ZIOHB3bDlxNDdweHdVZ012L2cwUTRBb0sKMCsyanVBRUNnWUVBeFQyK0JRMXcvV1VpTDRTSGdJVmdTS0lKRXkwcE13N3NZd3Qyc1dZRTdWSjRjTXZPa1pnSgpYU2ppMm5WM0RNUlRFVmF3WWMrMm94RXFYbGlVd2Vnc1lhbG5kRC9aU0xKTDJub1puQ0pMY2d5K0labjBxSjRYCklZQ0RvTUoyVnRTdjJrb0VlNEExdHU4TXl3Q1JpcUo5SHN0NkdERVZJeDB6TW5KN0JMZTNYQkVDZ1lFQTJpU2MKOUJvY3NHZXF6UjM1TW5HbkROTkpqdHBNNlM4d08zeWx0RStWcTN6M3VEaDFheHN4Qk1QdFFuaDc0RFVvUFRFTgpDeGZwcjhFRzBTaVRUK3EzYmJnU0tMVEJVdll6dzYwcyt5MW9GQktnK1RlZisrNlIxdytuQkp6SXFJdkc4c1B1CkVoTjYzdU9SUFp4N2ZVVHRMeHdGdFlnTVlmR0wydW10MXBrT0tURUNnWUJlZXhubno2MTlKQkhCRTBuWkxZcVcKb0UrYWlQcUFRN2pHSlBxaE5ZNU1wRUdmUG5GZjJxVTVvOWt1N2krdHhPbEpsKzM3bklVUERhenU3cDJyV096UgpoMVZRSVRtVEVoMDF0V0ZKSWtCampHa1RMVzA5ekNTbVhxb3V1cGYzTmdCYW56UVFlTFRDUVRZdWs4SWoxM3Y1CjRWeEY5RlQ4c2dNUk9qZGxaaCtHRVFLQmdRQ0p2c3JaSE0vMjJFOHpISFVwMURoZTBlQkY4elRUbmZkLzZMS2QKekE4L2JUYmpQY3R2S1lsbmIreVdwNHZaUk5lMjVBMVBidmNpQXVveUVzUUtsN1RoOUhTSy9iQ0JtWE9RWVA3aApVSWZDL1F4bXNpZzBwaTJ6Tm5BSmFwTU9Vc3o2cUp2aEVDbnJLcG1nNVBuWlhUZkVJcGE4VFQ4OGJaRVpWNnRzCnNkTU9VUUtCZ0J1WjFKcFJFYlY4UlNScHFtWnk4TXJmd0UxT2pEcndnVC8xVXlOa0k5ZFY1V2dtemFRa0ZHMlYKOGR6TFk0WVVQb3dTaGwzVHVZWnFHZ0cyK2UzR1U1RXYyS3BtSDJQSHV3dVF6c2FWdDhLQkZjZmVsU2pxNXBLdApqQ2FvOE5vVnpRWEVLcnNSS0diK1lpeUpQd21CTHhKUVFvM3RndEtuRTlmeXBPdUtudkRFCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="
+ ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUpramw1WjkrTE5OOUxBcGphUHpLMkl3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEl6TURjd01UQXdNRE0xTmxvWERUSTBNRFl6TURBdwpNRE0xTmxvd0ZERVNNQkFHQTFVRUF4TUphR0Z5WW05eUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF4cXROWVE4dlpCYlRLZkM1bkZubjdDbnpna21ERGZBUUgwdkQ1UUFwejEzR0RmczAKekpHZzExUVlNUWxMV0ZFNWpPQStqVk9VTzR5elpqMDg1TEVJeW96SEVZZ1hPMkZ4Nk10eW5leDdNNmtxUGRRSwoyZm5CdGJyNFcrR21MdndFTFZGMmFpWUZsYVJqdmlDK2dqQzRsUVBaYXlVOHJVdTBzcWdWTjJvR3NWRG5QVSsvCkF1M2pvQVFzdTlFeklicDVWVm5jaUxCN3haOW8zTmtwcnhFZnVEVFc3THd5aDY2cEpyZXd0SFB0c1lJak5FblYKb0hQZXZXLzlFdWtqaENMajVpZmNuMUZSOUt1dTZLSDlzeEZIdTM5L1FJS1pxMW5UVzRGbE5PQThkbWUzZ1RhcApCVEwxd3NwTjBWa0VWdzVURUhwY2VYbDVxTGxOWWU5SFVkMnltd0lEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGSC9aRTVqR2dLejVXNVI1TGZSN1FpaHFMY0JpTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQS9kUCs1aDdiQndLZm1ZY3BGQktyNWNHVjY2YWtFYjJrcndrR1RGR3dLNUpEUHkyb3M1WGNBCmdrM2J0K202ODkvaXM0MW1vSTd1ckRuNFpjblVvR1lhR2J3NWdHd3BaOTJNWXNKQjRhSzhOOXY2QUJhRHVUQkgKUWZTMGYrTEVBUmxVSVQ4Yld0TXIzRGpsa2tzVmY5R0MvV0d6cDBlamlaSnkwQmpVVWFLVnpRV0dCb3Bya3NMTQpMeDVBb2kwOHdCbjBxOXBucFFBeHh0UGgrRjhxVm9SbHBEUWVmMG45VTdsRHpUVURlU2JzTGF0VnE0Y3VrU3pxCmZvdVRiTTRFQkhGOFV0VDNCWjNkbUR2RnA0OExhTkpmL2E0VzNnT296aEVBaUpad092NW11Mzhlck9tbGpPUHMKWitVSC9sWFArM0VLbTA0TnpRUHZxanp2U0VBdFR2UEoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
---
# Source: harbor/templates/jobservice/jobservice-secrets.yaml
apiVersion: v1
@@ -25754,7 +25500,7 @@
app: "harbor"
type: Opaque
data:
- JOBSERVICE_SECRET: "dUFsbDJMTnhXZGFWUjhQcw=="
+ JOBSERVICE_SECRET: "c3RIR2pNb1NPQldhM1Nobw=="
REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk"
---
# Source: harbor/templates/registry/registry-secret.yaml
@@ -25769,7 +25515,7 @@
app: "harbor"
type: Opaque
data:
- REGISTRY_HTTP_SECRET: "bFV5b0g3U2lzWUI1NkdYYQ=="
+ REGISTRY_HTTP_SECRET: "d1lJaTlEenpmMGFEU2t5UQ=="
REGISTRY_REDIS_PASSWORD: ""
---
# Source: harbor/templates/registry/registry-secret.yaml
@@ -25784,7 +25530,7 @@
app: "harbor"
type: Opaque
data:
- REGISTRY_HTPASSWD: "aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJHp0c29ldnc1bUtkWGlGajA0NmZpZi5VdzhONkI2QnRWSE84VjVzdndlTkRkOHFod3BZZ291"
+ REGISTRY_HTPASSWD: "aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJEtjYUJta3pwMFRGTzBZLnFmeTVFNi44endwNFlwSGhmVlU2SmhGQTh6Mi9ST0NBcmpwQUhL"
---
# Source: harbor/templates/registry/registryctl-secret.yaml
apiVersion: v1
@@ -26274,8 +26020,8 @@
component: core
annotations:
checksum/configmap: 21005672f9f224c186fb8dbbad244e9d513fde4852b7e689a6eeaca943f911b3
- checksum/secret: 337026395e43cb0398eec6a24d81f34ce63c9c94a5a377da918459835ecef661
- checksum/secret-jobservice: 8229807eab015ef528c4f8f78440d2b9e0a6615b2f3ebbb8466d31deb6e94d56
+ checksum/secret: 5af9a6a9eaf93577f4bc8c3fc93b2011763529d76570b35aad8416175a340487
+ checksum/secret-jobservice: d67973f7ead9d60923500ed77cad38adc7f37564a38348b62c4ae3b072791322
spec:
securityContext:
runAsUser: 10000
@@ -26394,8 +26140,8 @@
annotations:
checksum/configmap: facb2cdb1c740b899a09412b3fb4a0b2938a3032e643ba775a3d2c3d3ad96bf7
checksum/configmap-env: cba2ae43ac7531289f25f4d019492420189f9bf471d865dcd32f19ad70dfaf34
- checksum/secret: 2e878179954393123b35fcaec726cd13b15ec49ffb9564266ded1bbef866b03f
- checksum/secret-core: 87f8aab7dab622b7f5114332afe9ae2e7d848eb52906cdd75d672ed029aea029
+ checksum/secret: 8f47cb087219cb564f5ef4db489249a215b0568aa75f64b0dda38900f585b074
+ checksum/secret-core: d7a459e7e95ebe0e0a2cbc98d564ff8a4e8cc610749f204908211fc849881148
spec:
securityContext:
runAsUser: 10000
@@ -26545,9 +26291,9 @@
component: registry
annotations:
checksum/configmap: ef3189aa2e8af6519bdd4b797a3b41a6fbcc957b7b0b0796c2754bca420b3729
- checksum/secret: 2b749059b9780cf0d372b79a11d2e9ae864baa369801d670e65cce621e9c3a96
- checksum/secret-jobservice: 056527e4a711068f9ecd2c9cd2f7f61415d2d1a5b494655c95d45414a5a69edc
- checksum/secret-core: 8c75d40ef134c5d816b89a628cc8fdeba65fb501469796447898b5290760fc65
+ checksum/secret: e2aa2b92eb6fb0c43f7d937f45d37b513b2a68e35ec3a6051ad7d45a0bb9d024
+ checksum/secret-jobservice: 6acf68f92e5b1077e2829bba607d0ad18ecc25a530186844a974d22b3e37e621
+ checksum/secret-core: 736daffabda09c33408a1622ed232eac0be65910bdafe3ec884d1dc1e89bd606
spec:
securityContext:
runAsUser: 10000