WIP: A new version of gitlab (13.4.0) is available
current diff:
--- current-deployment.yaml
+++ future-deployment.yaml
@@ -62,7 +62,7 @@
namespace: default
labels:
app: gitaly
- chart: gitaly-4.3.5
+ chart: gitaly-4.4.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -80,7 +80,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -98,7 +98,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -469,7 +469,7 @@
namespace: default
labels:
app: gitaly
- chart: gitaly-4.3.5
+ chart: gitaly-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -491,7 +491,7 @@
# If metrics collection is enabled, inform gitaly about that
prometheus_listen_addr = "localhost:9236"
- <% @storages = [ "cnc", ] %>
+ <% @storages = [ "cnc", ] %>
<% @index=`echo ${HOSTNAME##*-}`.to_i %>
<% if @storages.length > @index %>
[[storage]]
@@ -547,7 +547,7 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.3.5
+ chart: gitlab-exporter-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -626,7 +626,7 @@
labels:
gitlab_grafana_datasource: "true"
app: gitlab-grafana
- chart: gitlab-grafana-4.3.5
+ chart: gitlab-grafana-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -653,7 +653,7 @@
namespace: default
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.3.5
+ chart: gitlab-grafana-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -685,7 +685,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -846,7 +846,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -859,7 +859,7 @@
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- for secret in redis minio objectstorage postgres ldap omniauth smtp ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -907,7 +907,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -921,7 +921,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -937,6 +937,7 @@
host: "gitlab-prod-postgresql-postgresql"
port: 5432
pool: 1
+ connect_timeout:
prepared_statements: false
@@ -1090,6 +1091,7 @@
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
+
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
@@ -1121,6 +1123,13 @@
api_url: http://gitlab-prod-registry:5000
key: /etc/gitlab/registry/gitlab-registry.key
issuer: omnibus-gitlab-issuer
+ smartcard:
+ enabled: false
+ ca_file: '/etc/gitlab/rails-secrets/smartcard-ca.crt'
+ client_certificate_required_host: smartcard.freedesktop.org
+ client_certificate_required_port: 443
+ san_extensions: false
+ required_for_git_access: false
configure: |
set -e
config_dir="/init-config"
@@ -1130,7 +1139,7 @@
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
- for secret in redis minio objectstorage postgres ldap omniauth smtp ; do
+ for secret in redis minio objectstorage postgres ldap omniauth smtp kas ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
@@ -1147,7 +1156,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -1160,11 +1169,14 @@
<%
require 'yaml'
- supported_providers = ['AWS']
+ supported_providers = %w(AWS AzureRM)
provider = ''
aws_access_key_id = ''
aws_secret_access_key = ''
+ azure_storage_account_name = ''
+ azure_storage_access_key = ''
+
if File.exists? '/etc/gitlab/minio/accesskey'
provider = 'AWS'
aws_access_key_id = File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2]
@@ -1177,6 +1189,9 @@
if connection.has_key? 'aws_access_key_id'
aws_access_key_id = connection['aws_access_key_id']
aws_secret_access_key = connection['aws_secret_access_key']
+ elsif connection.has_key? 'azure_storage_account_name'
+ azure_storage_account_name = connection['azure_storage_account_name']
+ azure_storage_access_key = connection['azure_storage_access_key']
end
end
@@ -1190,6 +1205,11 @@
# access/secret can be blank!
aws_access_key_id = "<%= aws_access_key_id %>"
aws_secret_access_key = "<%= aws_secret_access_key %>"
+ <% elsif provider.eql? 'AzureRM' %>
+ # Azure Blob storage configuration.
+ [object_storage.azurerm]
+ azure_storage_account_name = "<%= azure_storage_account_name %>"
+ azure_storage_access_key = "<%= azure_storage_access_key %>"
<%
end
end
@@ -1996,6 +2016,10 @@
fi
# Set to known path, to used ConfigMap
cat /config/certificate.crt > /registry/certificate.crt
+ # Copy the optional profiling keyfile to the expected location
+ if [ -f /config/profiling-key.json ]; then
+ cp /config/profiling-key.json /registry/profiling-key.json
+ fi
config.yml: |
version: 0.1
log:
@@ -2033,6 +2057,7 @@
validation:
disabled: true
+ profiling:
storage:
maintenance:
readonly:
@@ -2119,6 +2144,8 @@
# Gitlab runner secret
generate_secret_if_needed "gitlab-prod-gitlab-runner-secret" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token=""
+
+
# Registry certificates
mkdir -p certs
openssl req -new -newkey rsa:4096 -subj "/CN=gitlab-issuer" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650
@@ -2184,6 +2211,7 @@
+
---
---
@@ -2195,12 +2223,12 @@
namespace: default
labels:
app: gitlab
- chart: gitlab-4.3.5
+ chart: gitlab-4.4.0
release: gitlab-prod
heritage: Tiller
data:
- gitlabVersion: "13.3.5"
- gitlabChartVersion: "4.3.5"
+ gitlabVersion: "13.4.0"
+ gitlabChartVersion: "4.4.0"
---
# Source: helm-gitlab-omnibus/charts/gitlab/templates/initdb-configmap.yaml
@@ -2211,7 +2239,7 @@
namespace: default
labels:
app: gitlab
- chart: gitlab-4.3.5
+ chart: gitlab-4.4.0
release: gitlab-prod
heritage: Tiller
data:
@@ -10826,9 +10854,10 @@
namespace: default
labels:
app: gitaly
- chart: gitaly-4.3.5
+ chart: gitaly-4.4.0
release: gitlab-prod
heritage: Tiller
+
annotations:
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: "9236"
@@ -10857,9 +10886,10 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.3.5
+ chart: gitlab-exporter-4.4.0
release: gitlab-prod
heritage: Tiller
+
annotations:
spec:
@@ -10882,9 +10912,10 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
+
annotations:
spec:
@@ -10908,9 +10939,10 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
+
annotations:
spec:
@@ -11352,14 +11384,14 @@
apiVersion: v1
kind: Pod
metadata:
- name: gitlab-prod-webservice-test-runner-vuaf5
+ name: gitlab-prod-webservice-test-runner-u6l50
namespace: default
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: test-runner
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.5
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.4.0
command: ['sh', '/tests/test_login']
volumeMounts:
- name: tests
@@ -11411,7 +11443,7 @@
requests:
memory: "50Gi"
cpu: "12"
- image: gitlab/gitlab-ce:13.3.5-ce.0
+ image: gitlab/gitlab-ce:13.4.0-ce.0
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-c",
"sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]
@@ -11890,7 +11922,7 @@
namespace: default
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.3.5
+ chart: gitlab-exporter-4.4.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -11908,7 +11940,7 @@
release: gitlab-prod
annotations:
- checksum/config: 1adbf814fe04c73a5d473d47012321a571c8b720eb53380c755f8e0cf3765dc2
+ checksum/config: 913f152539564f7b7ed26bdbd0fbaebef3b6d07f428255d701493232e0c554d3
gitlab.com/prometheus_path: /metrics
gitlab.com/prometheus_port: "9168"
gitlab.com/prometheus_scrape: "true"
@@ -12052,7 +12084,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -12069,8 +12101,8 @@
release: gitlab-prod
annotations:
- checksum/config: a5d4c9c9fe004627a58993cb2078e14e81e7f30e1fbdfdb43a193879728289a0
- checksum/config-sshd: 9181d4a10031942f44e2828546d8e172315e113cf9cd9f9eec587e2f30f0c395
+ checksum/config: 4d2a4ebefd02a0cee24c1eae673346b6b1bd80674cb9f241350e3f10449a0091
+ checksum/config-sshd: 3d844ae4bebad62bbfa3f9699fd74216f10d43c23749c40ad1baa15a91c26eec
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
initContainers:
@@ -12128,7 +12160,7 @@
containers:
- name: gitlab-shell
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.6.0"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.7.0"
ports:
- containerPort: 2222
@@ -12228,7 +12260,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -12246,7 +12278,7 @@
release: gitlab-prod
annotations:
- checksum/config: 98ff633738e850fa837b52275dcbbdc2eb63b3c07b2d3385dec4e39da26adc4d
+ checksum/config: ec6e7fa12848b25414901ba0bc7d04e177783887ef615020fe894b6df0daccea
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
gitlab.com/prometheus_path: /-/metrics
gitlab.com/prometheus_port: "8080"
@@ -12318,7 +12350,7 @@
cpu: 50m
- name: dependencies
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.5
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.4.0
args:
- /scripts/wait-for-deps
@@ -12352,7 +12384,7 @@
containers:
- name: webservice
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.3.5
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.4.0
ports:
- containerPort: 8080
@@ -12389,6 +12421,8 @@
- name: GITLAB_TRACING_URL
value: ""
+ - name: WORKHORSE_ARCHIVE_CACHE_DISABLED
+ value: "true"
volumeMounts:
- name: webservice-metrics
@@ -12410,9 +12444,6 @@
- name: shared-upload-directory
mountPath: /srv/gitlab/public/uploads/tmp
readOnly: false
- - name: shared-artifact-directory
- mountPath: /srv/gitlab/shared
- readOnly: false
- name: shared-tmp
mountPath: '/tmp'
readOnly: false
@@ -12448,7 +12479,7 @@
memory: 1.5G
- name: gitlab-workhorse
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.3.5"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.4.0"
ports:
- containerPort: 8181
@@ -12477,9 +12508,6 @@
- name: shared-upload-directory
mountPath: /srv/gitlab/public/uploads/tmp
readOnly: false
- - name: shared-artifact-directory
- mountPath: /srv/gitlab/shared
- readOnly: false
- name: shared-tmp
mountPath: '/tmp'
readOnly: false
@@ -12540,6 +12568,7 @@
- key: "secret"
path: shell/.gitlab_shell_secret
- secret:
+
name: "gitlab-prod-gitaly-secret"
items:
- key: "token"
@@ -12566,6 +12595,7 @@
items:
- key: "shared_secret"
path: gitlab-workhorse/secret
+
# mount secret for minio
# mount secret for object_store
- secret:
@@ -12615,8 +12645,6 @@
medium: "Memory"
- name: shared-upload-directory
emptyDir: {}
- - name: shared-artifact-directory
- emptyDir: {}
- name: etc-ssl-certs
emptyDir:
@@ -13087,7 +13115,7 @@
release: gitlab-prod
annotations:
- checksum/configmap: 995b595fad4ea34daca78650a3e8cc6e708fa653f281cec08920ef627184287f
+ checksum/configmap: 1372396d4dcd61ebcf9b6300637847ae4049d2782d5e1480c87fb25486a05652
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
@@ -13133,7 +13161,7 @@
containers:
- name: registry
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.10.1-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.11.0-gitlab"
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: registry-server-config
@@ -13208,7 +13236,7 @@
namespace: default
labels:
app: gitlab-shell
- chart: gitlab-shell-4.3.5
+ chart: gitlab-shell-4.4.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -13232,7 +13260,7 @@
namespace: default
labels:
app: webservice
- chart: webservice-4.3.5
+ chart: webservice-4.4.0
release: gitlab-prod
heritage: Tiller
spec:
@@ -13299,7 +13327,7 @@
release: gitlab-prod
annotations:
- checksum/config: b0d8f5c896ef263eabd4ec2802d558f8c3e4a77af60f5cfc198f655b899ffae8
+ checksum/config: 4e332c006190bb93be734e8e32d0d7853f93b0ae7190c465a7c48b41f2750de2
spec:
terminationGracePeriodSeconds: 30
initContainers:
@@ -13357,7 +13385,7 @@
containers:
- name: gitaly
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.3.5"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.4.0"
ports:
- containerPort: 8075
@@ -13373,10 +13401,6 @@
value: '/etc/ssl/certs'
- name: GITALY_PROMETHEUS_LISTEN_ADDR
value: ':9236'
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
volumeMounts:
@@ -13506,7 +13530,7 @@
fsGroup: 1001
containers:
- name: gitlab-prod-postgresql-postgresql
- image: docker.io/bitnami/postgresql:11.7.0
+ image: docker.io/bitnami/postgresql:11.9.0
imagePullPolicy: "IfNotPresent"
resources:
requests:
@@ -13799,7 +13823,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-prod-issuer.0
+ name: gitlab-prod-issuer-0
namespace: default
labels:
app: certmanager-issuer
@@ -13842,7 +13866,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-prod-shared-secrets.0-gg6
+ name: gitlab-prod-shared-secrets-0-h9s
namespace: default
labels:
app: shared-secrets
@@ -14262,7 +14286,7 @@
namespace: default
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.3.5
+ chart: gitlab-grafana-4.4.0
release: gitlab-prod
heritage: Tiller
annotations:
@@ -14375,6 +14399,25 @@
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/gitlab-shell/templates/serviceaccount.yaml
---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/deployment.yaml
+
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/hpa.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/ingress.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/pdb.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/service.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/kas/templates/serviceaccount.yaml
+
+---
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/mailroom/templates/configmap.yaml
@@ -14460,6 +14503,9 @@
---
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/ingress.yaml
+
+---
+# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml
---
# Source: helm-gitlab-omnibus/charts/gitlab/charts/gitlab/charts/webservice/templates/networkpolicy.yaml