Getting closer to the maintained cloud native chart
I have been busy this week trying to create a path where we could move away from the omnibus installation to the cloud native chart.
There are 2 aspects in this MR:
- I created a new chart 'freedesktop' where we should eventually put all of our tweaks in
- I have ported quite some settings from the old chart to the native one
the end result is the following (with the newly created secrets for the new chart scrapped out):
# Source: helm-gitlab-omnibus/charts/certmanager-issuer/templates/cert-manager.yml
apiVersion: v1
@@ -800,7 +955,7 @@
heritage: Tiller
data:
- gitlabVersion: "master"
+ gitlabVersion: "12.9.3"
gitlabChartVersion: "3.2.2"
---
@@ -10036,9 +10191,9 @@
gitlab_rails['smtp_address'] = 'gabe.freedesktop.org'
gitlab_rails['smtp_port'] = 5878
gitlab_rails['smtp_user_name'] = 'gitlab@gitlab.freedesktop.org'
- gitlab_rails['smtp_domain'] = 'gitlab.freedesktop.org'
gitlab_rails['smtp_password'] = ENV['SMTP_PASSWORD']
gitlab_rails['smtp_authentication'] = 'login'
+ gitlab_rails['smtp_domain'] = 'gitlab.freedesktop.org'
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
@@ -10060,6 +10215,13 @@
# cf. https://gitlab.com/gitlab-org/gitlab-pages/issues/129
#gitlab_pages['inplace_chroot'] = true
+ registry['storage'] = {
+ 'gcs' => {
+ 'bucket' => 'fdo-gitlab-registry',
+ 'keyfile' => '/gitlab-ssh-keys/registry-gcs-key'
+ }
+ }
+
# Temporarily back up to the registry path, until we can stream tar
# directly to object storage.
gitlab_rails['backup_path'] = '/gitlab-registry'
@@ -10090,13 +10252,6 @@
#'google_json_key_location' => '/gitlab-ssh-keys/upload-gcs-key'
}
- registry['storage'] = {
- 'gcs' => {
- 'bucket' => 'fdo-gitlab-registry',
- 'keyfile' => '/gitlab-ssh-keys/registry-gcs-key'
- }
- }
-
gitlab_rails['artifacts_enabled'] = true
gitlab_rails['artifacts_object_store_enabled'] = true
gitlab_rails['artifacts_object_store_proxy_download'] = false
@@ -10850,7 +11005,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-prod-shared-secrets.0-n1x
+ name: gitlab-prod-shared-secrets.0-dp0
namespace: default
labels:
app: shared-secrets
So nothing harmful.
I am mostly sending this as an FYI because once this gets in, a new upgrade of the charts means that all config/omnibus/secrets repos will need to be updated.
Cc: @daniels