WIP: A new version of gitlab (13.3.0) is available
current diff:
--- current-deployment.yaml
+++ future-deployment.yaml
@@ -62,7 +62,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -433,7 +433,7 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.2.6
+ chart: gitlab-exporter-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -489,11 +489,11 @@
config_dir="/init-config"
secret_dir="/init-secrets"
- for secret in postgres ; do
+ for secret in ; do
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- for secret in redis ; do
+ for secret in redis postgres ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -512,7 +512,7 @@
labels:
gitlab_grafana_datasource: "true"
app: gitlab-grafana
- chart: gitlab-grafana-4.2.6
+ chart: gitlab-grafana-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -539,7 +539,7 @@
namespace: default
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.2.6
+ chart: gitlab-grafana-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -571,7 +571,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -656,6 +656,29 @@
+ # Consolidated object storage configuration
+ ## property local configuration will override object_store
+ object_store:
+ enabled: true
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ objects:
+ artifacts:
+ bucket: fdo-gitlab-artifacts
+ lfs:
+ bucket: fdo-gitlab-lfs
+ uploads:
+ bucket: fdo-gitlab-uploads
+ packages:
+ bucket: gitlab-packages
+ external_diffs:
+ bucket: gitlab-mr-diffs
+ terraform_state:
+ bucket: gitlab-terraform-state
+ dependency_proxy:
+ bucket: gitlab-dependency-proxy
+ # Individual object storage backed feature properties configuration
artifacts:
enabled: true
object_store:
@@ -685,29 +708,13 @@
connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %>
packages:
enabled: true
- object_store:
- enabled: true
- remote_directory: gitlab-packages
- direct_upload: true
- background_upload: false
- proxy_download: true
external_diffs:
enabled:
when:
- object_store:
- enabled: false
- remote_directory: gitlab-mr-diffs
- direct_upload: true
- background_upload: false
- proxy_download: true
terraform_state:
enabled: false
- object_store:
- enabled: false
- remote_directory: gitlab-terraform-state
- direct_upload: true
- background_upload: false
- proxy_download: true
+ dependency_proxy:
+ enabled: false
sentry:
enabled: false
@@ -786,11 +793,11 @@
config_dir="/init-config"
secret_dir="/init-secrets"
- for secret in shell gitaly registry postgres rails-secrets gitlab-workhorse ; do
+ for secret in shell gitaly registry rails-secrets gitlab-workhorse ; do
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- for secret in redis minio objectstorage ldap omniauth smtp ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -807,7 +814,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -817,6 +824,43 @@
[redis]
URL = "redis://gitlab-prod-redis-master:6379"
Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>"
+ <%
+ require 'yaml'
+
+ supported_providers = ['AWS']
+ provider = ''
+ aws_access_key_id = ''
+ aws_secret_access_key = ''
+
+ if File.exists? '/etc/gitlab/minio/accesskey'
+ provider = 'AWS'
+ aws_access_key_id = File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2]
+ aws_secret_access_key = File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2]
+ end
+
+ if File.exists? '/etc/gitlab/objectstorage/object_store'
+ connection = YAML.safe_load(File.read('/etc/gitlab/objectstorage/object_store'))
+ provider = connection['provider']
+ if connection.has_key? 'aws_access_key_id'
+ aws_access_key_id = connection['aws_access_key_id']
+ aws_secret_access_key = connection['aws_secret_access_key']
+ end
+ end
+
+ if supported_providers.include? provider
+ %>
+ [object_storage]
+ provider = "<%= provider %>"
+ <% if provider.eql? 'AWS' %>
+ # AWS / S3 object storage configuration.
+ [object_storage.s3]
+ # access/secret can be blank!
+ aws_access_key_id = "<%= aws_access_key_id %>"
+ aws_secret_access_key = "<%= aws_secret_access_key %>"
+ <%
+ end
+ end
+ %>
configure: |
set -e
mkdir -p /init-secrets-workhorse/gitlab-workhorse
@@ -1348,42 +1392,36 @@
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
- job_name: kubernetes-nodes
+ - job_name: kubernetes-pods
kubernetes_sd_configs:
- - role: node
+ - role: pod
relabel_configs:
- - action: labelmap
- regex: __meta_kubernetes_node_label_(.+)
- - replacement: kubernetes.default.svc:443
- target_label: __address__
- - regex: (.+)
- replacement: /api/v1/nodes/$1/proxy/metrics
+ - action: keep
+ regex: true
source_labels:
- - __meta_kubernetes_node_name
+ - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape
+ - action: replace
+ regex: (.+)
+ source_labels:
+ - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_path
target_label: __metrics_path__
- scheme: https
- tls_config:
- ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- insecure_skip_verify: true
- - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
- job_name: kubernetes-nodes-cadvisor
- kubernetes_sd_configs:
- - role: node
- relabel_configs:
- - action: labelmap
- regex: __meta_kubernetes_node_label_(.+)
- - replacement: kubernetes.default.svc:443
+ - action: replace
+ regex: ([^:]+)(?::\d+)?;(\d+)
+ replacement: $1:$2
+ source_labels:
+ - __address__
+ - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port
target_label: __address__
- - regex: (.+)
- replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+ - action: labelmap
+ regex: __meta_kubernetes_pod_label_(.+)
+ - action: replace
source_labels:
- - __meta_kubernetes_node_name
- target_label: __metrics_path__
- scheme: https
- tls_config:
- ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- insecure_skip_verify: true
+ - __meta_kubernetes_namespace
+ target_label: kubernetes_namespace
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_pod_name
+ target_label: kubernetes_pod_name
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: endpoints
@@ -1391,23 +1429,23 @@
- action: keep
regex: true
source_labels:
- - __meta_kubernetes_service_annotation_prometheus_io_scrape
+ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape
- action: replace
regex: (https?)
source_labels:
- - __meta_kubernetes_service_annotation_prometheus_io_scheme
+ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- - __meta_kubernetes_service_annotation_prometheus_io_path
+ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- - __meta_kubernetes_service_annotation_prometheus_io_port
+ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
@@ -1423,15 +1461,6 @@
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
- - honor_labels: true
- job_name: prometheus-pushgateway
- kubernetes_sd_configs:
- - role: service
- relabel_configs:
- - action: keep
- regex: pushgateway
- source_labels:
- - __meta_kubernetes_service_annotation_prometheus_io_probe
- job_name: kubernetes-services
kubernetes_sd_configs:
- role: service
@@ -1443,7 +1472,7 @@
- action: keep
regex: true
source_labels:
- - __meta_kubernetes_service_annotation_prometheus_io_probe
+ - __meta_kubernetes_service_annotation_gitlab_com_prometheus_probe
- source_labels:
- __address__
target_label: __param_target
@@ -1460,36 +1489,6 @@
- source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
- - job_name: kubernetes-pods
- kubernetes_sd_configs:
- - role: pod
- relabel_configs:
- - action: keep
- regex: true
- source_labels:
- - __meta_kubernetes_pod_annotation_prometheus_io_scrape
- - action: replace
- regex: (.+)
- source_labels:
- - __meta_kubernetes_pod_annotation_prometheus_io_path
- target_label: __metrics_path__
- - action: replace
- regex: ([^:]+)(?::\d+)?;(\d+)
- replacement: $1:$2
- source_labels:
- - __address__
- - __meta_kubernetes_pod_annotation_prometheus_io_port
- target_label: __address__
- - action: labelmap
- regex: __meta_kubernetes_pod_label_(.+)
- - action: replace
- source_labels:
- - __meta_kubernetes_namespace
- target_label: kubernetes_namespace
- - action: replace
- source_labels:
- - __meta_kubernetes_pod_name
- target_label: kubernetes_pod_name
recording_rules.yml: |
{}
@@ -1859,12 +1858,12 @@
namespace: default
labels:
app: gitlab
- chart: gitlab-4.2.6
+ chart: gitlab-4.3.0
release: gitlab-prod
heritage: Tiller
data:
- gitlabVersion: "13.2.6"
- gitlabChartVersion: "4.2.6"
+ gitlabVersion: "13.3.0"
+ gitlabChartVersion: "4.3.0"
---
# Source: helm-gitlab-omnibus/charts/gitlab/templates/initdb-configmap.yaml
@@ -1875,7 +1874,7 @@
namespace: default
labels:
app: gitlab
- chart: gitlab-4.2.6
+ chart: gitlab-4.3.0
release: gitlab-prod
heritage: Tiller
data:
@@ -10490,7 +10489,7 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.2.6
+ chart: gitlab-exporter-4.3.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -10516,7 +10515,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -10569,6 +10568,8 @@
name: gitlab-prod-nginx-ingress-controller-metrics
namespace: default
annotations:
+ gitlab.com/prometheus_port: "10254"
+ gitlab.com/prometheus_scrape: "true"
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
labels:
@@ -10958,14 +10959,14 @@
apiVersion: v1
kind: Pod
metadata:
- name: gitlab-prod-webservice-test-runner-6kzqs
+ name: gitlab-prod-webservice-test-runner-3gmqn
namespace: default
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: test-runner
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.0
command: ['sh', '/tests/test_login']
volumeMounts:
- name: tests
@@ -11017,7 +11018,7 @@
requests:
memory: "50Gi"
cpu: "12"
- image: gitlab/gitlab-ce:13.2.6-ce.0
+ image: gitlab/gitlab-ce:13.3.0-ce.0
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-c",
"sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]
@@ -11496,7 +11497,7 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.2.6
+ chart: gitlab-exporter-4.3.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -11512,8 +11513,12 @@
labels:
app: gitlab-exporter
release: gitlab-prod
+
annotations:
- checksum/config: 55ff7e8829c2202f6b26a9fdcb45f2e5f633206062ca61b1745b17c518c696c4
+ checksum/config: 8b6d6690b7a79c1dd0c793c871b320397acd3722a75f7131c871fbcc14f83706
+ gitlab.com/prometheus_path: /metrics
+ gitlab.com/prometheus_port: "9168"
+ gitlab.com/prometheus_scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "9168"
prometheus.io/scrape: "true"
@@ -11655,7 +11660,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -11671,9 +11676,13 @@
labels:
app: webservice
release: gitlab-prod
+
annotations:
- checksum/config: 506d5eea9452de368ed342c2cae6137292bd80c91a57f6652df2be3eff7350d7
+ checksum/config: 6d792c2e3c274edd998998c77da721c0e0ab4f98ade16ccdaddaa8c56e3ee4a9
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+ gitlab.com/prometheus_path: /-/metrics
+ gitlab.com/prometheus_port: "8080"
+ gitlab.com/prometheus_scrape: "true"
prometheus.io/path: /-/metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
@@ -11741,7 +11750,7 @@
cpu: 50m
- name: dependencies
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.0
args:
- /scripts/wait-for-deps
@@ -11775,7 +11784,7 @@
containers:
- name: webservice
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.0
ports:
- containerPort: 8080
@@ -11871,7 +11880,7 @@
memory: 1.5G
- name: gitlab-workhorse
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.2.6"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.3.0"
ports:
- containerPort: 8181
@@ -11883,6 +11892,8 @@
value: ""
- name: GITLAB_WORKHORSE_LISTEN_PORT
value: "8181"
+ - name: GITLAB_WORKHORSE_LOG_FORMAT
+ value: "json"
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab/templates'
- name: CONFIG_DIRECTORY
@@ -11988,6 +11999,7 @@
- key: "shared_secret"
path: gitlab-workhorse/secret
# mount secret for minio
+ # mount secret for object_store
# mount secret for artifacts
- secret:
name: gitlab-prod-freedesktop-legacy-gcs-key
@@ -12009,6 +12021,7 @@
# mount secret for packages
# mount secret for external_diffs
# mount secret for terraform_state
+ # mount secret for dependency_proxy
# mount secrets for LDAP
- secret:
@@ -12514,6 +12527,7 @@
labels:
app: registry
release: gitlab-prod
+
annotations:
checksum/configmap: 995b595fad4ea34daca78650a3e8cc6e708fa653f281cec08920ef627184287f
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
@@ -12561,7 +12575,7 @@
containers:
- name: registry
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.9.1-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.10.1-gitlab"
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: registry-server-config
@@ -12636,7 +12650,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.2.6
+ chart: webservice-4.3.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -13050,7 +13064,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-prod-shared-secrets.0-a4r
+ name: gitlab-prod-shared-secrets.0-my5
namespace: default
labels:
app: shared-secrets
@@ -13066,6 +13080,7 @@
labels:
app: shared-secrets
release: gitlab-prod
+
spec:
securityContext:
runAsUser: 65534
@@ -13643,7 +13658,7 @@
namespace: default
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.2.6
+ chart: gitlab-grafana-4.3.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -13881,6 +13896,9 @@
---
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/ingress.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/networkpolicy.yaml
---
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/pause_job.yaml