Skip to content

A new version of gitlab (13.3.1) is available

FDO helm bot requested to merge upgrade-to-13.3.1 into master

current diff:

--- current-deployment.yaml
+++ future-deployment.yaml
@@ -62,7 +62,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
 spec:
@@ -433,7 +433,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-4.2.6
+    chart: gitlab-exporter-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -489,11 +489,11 @@
     config_dir="/init-config"
     secret_dir="/init-secrets"
     
-    for secret in postgres ; do
+    for secret in   ; do
       mkdir -p "${secret_dir}/${secret}"
       cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
     done
-    for secret in redis ; do
+    for secret in redis postgres ; do
       if [ -e "${config_dir}/${secret}" ]; then
         mkdir -p "${secret_dir}/${secret}"
         cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -512,7 +512,7 @@
   labels:
     gitlab_grafana_datasource: "true"
     app: gitlab-grafana
-    chart: gitlab-grafana-4.2.6
+    chart: gitlab-grafana-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -539,7 +539,7 @@
   namespace: default
   labels:
     app: gitlab-grafana
-    chart: gitlab-grafana-4.2.6
+    chart: gitlab-grafana-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -571,7 +571,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -656,6 +656,29 @@
         
         
         
+      # Consolidated object storage configuration
+      ## property local configuration will override object_store
+      object_store:
+        enabled: true
+        direct_upload: true
+        background_upload: false
+        proxy_download: true
+        objects:
+          artifacts:
+            bucket: fdo-gitlab-artifacts
+          lfs:
+            bucket: fdo-gitlab-lfs
+          uploads:
+            bucket: fdo-gitlab-uploads
+          packages:
+            bucket: gitlab-packages
+          external_diffs:
+            bucket: gitlab-mr-diffs
+          terraform_state:
+            bucket: gitlab-terraform-state
+          dependency_proxy:
+            bucket: gitlab-dependency-proxy
+      # Individual object storage backed feature properties configuration
       artifacts:
         enabled: true
         object_store:
@@ -685,29 +708,13 @@
           connection: <%= YAML.load_file("/etc/gitlab/objectstorage/uploads").to_json() %>
       packages:
         enabled: true
-        object_store:
-          enabled: true
-          remote_directory: gitlab-packages
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
       external_diffs:
         enabled: 
         when: 
-        object_store:
-          enabled: false
-          remote_directory: gitlab-mr-diffs
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
       terraform_state:
         enabled: false
-        object_store:
-          enabled: false
-          remote_directory: gitlab-terraform-state
-          direct_upload: true
-          background_upload: false
-          proxy_download: true
+      dependency_proxy:
+        enabled: false
       
       sentry:
         enabled: false
@@ -786,11 +793,11 @@
     config_dir="/init-config"
     secret_dir="/init-secrets"
     
-    for secret in shell gitaly registry postgres rails-secrets gitlab-workhorse ; do
+    for secret in shell gitaly registry rails-secrets gitlab-workhorse ; do
       mkdir -p "${secret_dir}/${secret}"
       cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
     done
-    for secret in redis minio objectstorage ldap omniauth smtp ; do
+    for secret in redis minio objectstorage postgres ldap omniauth smtp ; do
       if [ -e "${config_dir}/${secret}" ]; then
         mkdir -p "${secret_dir}/${secret}"
         cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -807,7 +814,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -817,6 +824,43 @@
     [redis]
     URL = "redis://gitlab-prod-redis-master:6379"
     Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>"
+    <%
+      require 'yaml'
+    
+      supported_providers = ['AWS']
+      provider = ''
+      aws_access_key_id = ''
+      aws_secret_access_key = ''
+    
+      if File.exists? '/etc/gitlab/minio/accesskey'
+        provider = 'AWS'
+        aws_access_key_id = File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2]
+        aws_secret_access_key = File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2]
+      end
+    
+      if File.exists? '/etc/gitlab/objectstorage/object_store'
+        connection = YAML.safe_load(File.read('/etc/gitlab/objectstorage/object_store'))
+        provider = connection['provider']
+        if connection.has_key? 'aws_access_key_id'
+          aws_access_key_id = connection['aws_access_key_id']
+          aws_secret_access_key = connection['aws_secret_access_key']
+        end
+      end
+    
+      if supported_providers.include? provider
+    %>
+    [object_storage]
+    provider = "<%= provider %>"
+    <%   if provider.eql? 'AWS' %>
+    # AWS / S3 object storage configuration.
+    [object_storage.s3]
+    # access/secret can be blank!
+    aws_access_key_id = "<%= aws_access_key_id %>"
+    aws_secret_access_key = "<%= aws_secret_access_key %>"
+    <%
+        end
+      end
+    %>
   configure: |
       set -e
       mkdir -p /init-secrets-workhorse/gitlab-workhorse
@@ -1348,42 +1392,36 @@
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
         insecure_skip_verify: true
-    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      job_name: kubernetes-nodes
+    - job_name: kubernetes-pods
       kubernetes_sd_configs:
-      - role: node
+      - role: pod
       relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - replacement: kubernetes.default.svc:443
-        target_label: __address__
-      - regex: (.+)
-        replacement: /api/v1/nodes/$1/proxy/metrics
+      - action: keep
+        regex: true
         source_labels:
-        - __meta_kubernetes_node_name
+        - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape
+      - action: replace
+        regex: (.+)
+        source_labels:
+        - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_path
         target_label: __metrics_path__
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        insecure_skip_verify: true
-    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      job_name: kubernetes-nodes-cadvisor
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - replacement: kubernetes.default.svc:443
+      - action: replace
+        regex: ([^:]+)(?::\d+)?;(\d+)
+        replacement: $1:$2
+        source_labels:
+        - __address__
+        - __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port
         target_label: __address__
-      - regex: (.+)
-        replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
         source_labels:
-        - __meta_kubernetes_node_name
-        target_label: __metrics_path__
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        insecure_skip_verify: true
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: kubernetes_pod_name
     - job_name: kubernetes-service-endpoints
       kubernetes_sd_configs:
       - role: endpoints
@@ -1391,23 +1429,23 @@
       - action: keep
         regex: true
         source_labels:
-        - __meta_kubernetes_service_annotation_prometheus_io_scrape
+        - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape
       - action: replace
         regex: (https?)
         source_labels:
-        - __meta_kubernetes_service_annotation_prometheus_io_scheme
+        - __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme
         target_label: __scheme__
       - action: replace
         regex: (.+)
         source_labels:
-        - __meta_kubernetes_service_annotation_prometheus_io_path
+        - __meta_kubernetes_service_annotation_gitlab_com_prometheus_path
         target_label: __metrics_path__
       - action: replace
         regex: ([^:]+)(?::\d+)?;(\d+)
         replacement: $1:$2
         source_labels:
         - __address__
-        - __meta_kubernetes_service_annotation_prometheus_io_port
+        - __meta_kubernetes_service_annotation_gitlab_com_prometheus_port
         target_label: __address__
       - action: labelmap
         regex: __meta_kubernetes_service_label_(.+)
@@ -1423,15 +1461,6 @@
         source_labels:
         - __meta_kubernetes_pod_node_name
         target_label: kubernetes_node
-    - honor_labels: true
-      job_name: prometheus-pushgateway
-      kubernetes_sd_configs:
-      - role: service
-      relabel_configs:
-      - action: keep
-        regex: pushgateway
-        source_labels:
-        - __meta_kubernetes_service_annotation_prometheus_io_probe
     - job_name: kubernetes-services
       kubernetes_sd_configs:
       - role: service
@@ -1443,7 +1472,7 @@
       - action: keep
         regex: true
         source_labels:
-        - __meta_kubernetes_service_annotation_prometheus_io_probe
+        - __meta_kubernetes_service_annotation_gitlab_com_prometheus_probe
       - source_labels:
         - __address__
         target_label: __param_target
@@ -1460,36 +1489,6 @@
       - source_labels:
         - __meta_kubernetes_service_name
         target_label: kubernetes_name
-    - job_name: kubernetes-pods
-      kubernetes_sd_configs:
-      - role: pod
-      relabel_configs:
-      - action: keep
-        regex: true
-        source_labels:
-        - __meta_kubernetes_pod_annotation_prometheus_io_scrape
-      - action: replace
-        regex: (.+)
-        source_labels:
-        - __meta_kubernetes_pod_annotation_prometheus_io_path
-        target_label: __metrics_path__
-      - action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-        source_labels:
-        - __address__
-        - __meta_kubernetes_pod_annotation_prometheus_io_port
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - action: replace
-        source_labels:
-        - __meta_kubernetes_namespace
-        target_label: kubernetes_namespace
-      - action: replace
-        source_labels:
-        - __meta_kubernetes_pod_name
-        target_label: kubernetes_pod_name
     
   recording_rules.yml: |
     {}
@@ -1859,12 +1858,12 @@
   namespace: default
   labels:
     app: gitlab
-    chart: gitlab-4.2.6
+    chart: gitlab-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
-  gitlabVersion: "13.2.6"
-  gitlabChartVersion: "4.2.6"
+  gitlabVersion: "13.3.1"
+  gitlabChartVersion: "4.3.1"
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/templates/initdb-configmap.yaml
@@ -1875,7 +1874,7 @@
   namespace: default
   labels:
     app: gitlab
-    chart: gitlab-4.2.6
+    chart: gitlab-4.3.1
     release: gitlab-prod
     heritage: Tiller
 data:
@@ -10490,7 +10489,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-4.2.6
+    chart: gitlab-exporter-4.3.1
     release: gitlab-prod
     heritage: Tiller
   annotations:
@@ -10516,7 +10515,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
   annotations:
@@ -10569,6 +10568,8 @@
   name: gitlab-prod-nginx-ingress-controller-metrics
   namespace: default
   annotations:
+    gitlab.com/prometheus_port: "10254"
+    gitlab.com/prometheus_scrape: "true"
     prometheus.io/port: "10254"
     prometheus.io/scrape: "true"
   labels:
@@ -10958,14 +10959,14 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: gitlab-prod-webservice-test-runner-kray5
+  name: gitlab-prod-webservice-test-runner-qsp7f
   namespace: default
   annotations:
     "helm.sh/hook": test-success
 spec:
   containers:
   - name: test-runner
-    image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+    image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.1
     command: ['sh', '/tests/test_login']
     volumeMounts:
       - name: tests
@@ -11017,7 +11018,7 @@
           requests:
             memory: "50Gi"
             cpu: "12"
-        image: gitlab/gitlab-ce:13.2.6-ce.0
+        image: gitlab/gitlab-ce:13.3.1-ce.0
         imagePullPolicy: IfNotPresent
         command: ["/bin/bash", "-c",
           "sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]
@@ -11496,7 +11497,7 @@
   namespace: default
   labels:
     app: gitlab-exporter
-    chart: gitlab-exporter-4.2.6
+    chart: gitlab-exporter-4.3.1
     release: gitlab-prod
     heritage: Tiller
   annotations:
@@ -11512,8 +11513,12 @@
       labels:
         app: gitlab-exporter
         release: gitlab-prod
+        
       annotations:
-        checksum/config: 55ff7e8829c2202f6b26a9fdcb45f2e5f633206062ca61b1745b17c518c696c4
+        checksum/config: 93921bdb3fc8a55ce4c0851aa0739dcf5a78e1c3d68458ecaf4a2b48697f6ee4
+        gitlab.com/prometheus_path: /metrics
+        gitlab.com/prometheus_port: "9168"
+        gitlab.com/prometheus_scrape: "true"
         prometheus.io/path: /metrics
         prometheus.io/port: "9168"
         prometheus.io/scrape: "true"
@@ -11655,7 +11660,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
   annotations:
@@ -11671,9 +11676,13 @@
       labels:
         app: webservice
         release: gitlab-prod
+        
       annotations:
-        checksum/config: 506d5eea9452de368ed342c2cae6137292bd80c91a57f6652df2be3eff7350d7
+        checksum/config: efe508f77dae330b74a767cbd8159c0ee1864ec57aaaa138801a069b01f1a764
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+        gitlab.com/prometheus_path: /-/metrics
+        gitlab.com/prometheus_port: "8080"
+        gitlab.com/prometheus_scrape: "true"
         prometheus.io/path: /-/metrics
         prometheus.io/port: "8080"
         prometheus.io/scrape: "true"
@@ -11741,7 +11750,7 @@
               cpu: 50m
             
         - name: dependencies
-          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.1
           
           args:
             - /scripts/wait-for-deps
@@ -11775,7 +11784,7 @@
       containers:
         
         - name: webservice
-          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.2.6
+          image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.1
           
           ports:
             - containerPort: 8080
@@ -11871,7 +11880,7 @@
               memory: 1.5G
             
         - name: gitlab-workhorse
-          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.2.6"
+          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.3.1"
           
           ports:
             - containerPort: 8181
@@ -11883,6 +11892,8 @@
               value: ""
             - name: GITLAB_WORKHORSE_LISTEN_PORT
               value: "8181"
+            - name: GITLAB_WORKHORSE_LOG_FORMAT
+              value: "json"
             - name: CONFIG_TEMPLATE_DIRECTORY
               value: '/var/opt/gitlab/templates'
             - name: CONFIG_DIRECTORY
@@ -11988,6 +11999,7 @@
                 - key: "shared_secret"
                   path: gitlab-workhorse/secret
           # mount secret for minio
+          # mount secret for object_store
           # mount secret for artifacts
           - secret:
               name: gitlab-prod-freedesktop-legacy-gcs-key
@@ -12009,6 +12021,7 @@
           # mount secret for packages
           # mount secret for external_diffs
           # mount secret for terraform_state
+          # mount secret for dependency_proxy
           # mount secrets for LDAP
           
           - secret:
@@ -12514,6 +12527,7 @@
       labels:
         app: registry
         release: gitlab-prod
+        
       annotations:
         checksum/configmap: 995b595fad4ea34daca78650a3e8cc6e708fa653f281cec08920ef627184287f
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
@@ -12561,7 +12575,7 @@
                   
       containers:
         - name: registry
-          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.9.1-gitlab"
+          image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.10.1-gitlab"
           imagePullPolicy: "IfNotPresent"
           volumeMounts:
           - name: registry-server-config
@@ -12636,7 +12650,7 @@
   namespace: default
   labels:
     app: webservice
-    chart: webservice-4.2.6
+    chart: webservice-4.3.1
     release: gitlab-prod
     heritage: Tiller
 spec:
@@ -13050,7 +13064,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: gitlab-prod-shared-secrets.0-oe3
+  name: gitlab-prod-shared-secrets.0-jz1
   namespace: default
   labels:
     app: shared-secrets
@@ -13066,6 +13080,7 @@
       labels:
         app: shared-secrets
         release: gitlab-prod
+        
     spec:
       securityContext:
         runAsUser: 65534
@@ -13632,7 +13647,7 @@
   namespace: default
   labels:
     app: gitlab-grafana
-    chart: gitlab-grafana-4.2.6
+    chart: gitlab-grafana-4.3.1
     release: gitlab-prod
     heritage: Tiller
   annotations:
@@ -13870,6 +13885,9 @@
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/ingress.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/networkpolicy.yaml
 
 ---
 # Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/pause_job.yaml
Edited by Daniel Stone

Merge request reports

Loading