WIP: A new version of gitlab (13.7.0) is available
current diff:
--- current-deployment.yaml
+++ future-deployment.yaml
@@ -60,7 +60,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-4.6.3
+ chart: gitaly-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -78,7 +78,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -96,7 +96,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-4.6.3
+ chart: praefect-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -114,7 +114,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-4.6.3
+ chart: sidekiq-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -129,19 +129,22 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
- name: gitlab-test-webservice
+ name: gitlab-test-webservice-default
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
+ gitlab.com/webservice-name: default
spec:
maxUnavailable: 1
selector:
matchLabels:
app: webservice
release: gitlab-test
+
+ gitlab.com/webservice-name: default
---
# Source: gitlab/charts/minio/templates/pdb.yaml
apiVersion: policy/v1beta1
@@ -166,20 +169,25 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
- name: gitlab-test-nginx-ingress-controller-1
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-controller
spec:
selector:
matchLabels:
- app: nginx-ingress
- release: gitlab-test
- component: "controller"
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/component: controller
minAvailable: 1
---
# Source: gitlab/charts/registry/templates/pdb.yaml
@@ -252,17 +260,41 @@
name: gitlab-test-grafana
namespace: gitlab
---
-# Source: gitlab/charts/nginx-ingress/templates/serviceaccount.yaml
+# Source: gitlab/charts/nginx-ingress/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
+ labels:
+ app: nginx-ingress
+ chart: nginx-ingress-3.11.1
+ release: gitlab-test
+ heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
name: gitlab-test-nginx-ingress
- namespace: gitlab
+---
+# Source: gitlab/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-backend
---
# Source: gitlab/charts/prometheus/templates/node-exporter-serviceaccount.yaml
apiVersion: v1
@@ -350,7 +382,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-4.6.3
+ chart: gitaly-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -404,7 +436,7 @@
# location of shared secret for GitLab Shell / API interaction
secret_file = "/etc/gitlab-secrets/shell/.gitlab_shell_secret"
# URL of API
- url = "http://gitlab-test-webservice.gitlab.svc:8181/"
+ url = "http://gitlab-test-webservice-default.gitlab.svc:8181/"
[gitlab.http-settings]
# read_timeout = 300
@@ -427,7 +459,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.6.3
+ chart: gitlab-exporter-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -453,6 +485,9 @@
rows_count:
class_name: Database::RowCountProber
<<: *db_common
+ database_bloat:
+ class_name: Database::BloatProber
+ <<: *db_common
sidekiq: &sidekiq
methods:
@@ -505,7 +540,7 @@
labels:
gitlab_grafana_datasource: "true"
app: gitlab-grafana
- chart: gitlab-grafana-4.6.3
+ chart: gitlab-grafana-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -531,7 +566,7 @@
namespace: gitlab
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.6.3
+ chart: gitlab-grafana-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -561,7 +596,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -656,7 +691,6 @@
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
- UsePrivilegeSeparation no
PidFile /srv/sshd/sshd.pid
#PermitTunnel no
#ChrootDirectory none
@@ -721,7 +755,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -748,7 +782,7 @@
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
- gitlab_url: "http://gitlab-test-webservice.gitlab.svc:8181/"
+ gitlab_url: "http://gitlab-test-webservice-default.gitlab.svc:8181/"
secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret
@@ -779,11 +813,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: gitlab-test-nginx-ingress-tcp
+ name: gitlab-test-ingress-nginx-tcp
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -797,7 +831,7 @@
namespace: gitlab
labels:
app: migrations
- chart: migrations-4.6.3
+ chart: migrations-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -813,6 +847,7 @@
host: "gitlab-test-postgresql.gitlab.svc"
port: 5432
connect_timeout:
+ application_name:
prepared_statements: false
@@ -841,7 +876,7 @@
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
- gitaly_address: tcp://gitlab-test-praefect:8075
+ gitaly_address: tcp://gitlab-test-praefect.gitlab.svc:8075
configure: |
set -e
@@ -871,7 +906,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-4.6.3
+ chart: praefect-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -904,15 +939,15 @@
name = 'default'
[[virtual_storage.node]]
storage = 'gitlab-test-gitaly-0'
- address = 'tcp://gitlab-test-gitaly-0.gitlab-test-gitaly:8075'
+ address = 'tcp://gitlab-test-gitaly-0.gitlab-test-gitaly.gitlab.svc:8075'
token = "<%= gitaly_token %>"
[[virtual_storage.node]]
storage = 'gitlab-test-gitaly-1'
- address = 'tcp://gitlab-test-gitaly-1.gitlab-test-gitaly:8075'
+ address = 'tcp://gitlab-test-gitaly-1.gitlab-test-gitaly.gitlab.svc:8075'
token = "<%= gitaly_token %>"
[[virtual_storage.node]]
storage = 'gitlab-test-gitaly-2'
- address = 'tcp://gitlab-test-gitaly-2.gitlab-test-gitaly:8075'
+ address = 'tcp://gitlab-test-gitaly-2.gitlab-test-gitaly.gitlab.svc:8075'
token = "<%= gitaly_token %>"
[database]
@@ -931,7 +966,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-4.6.3
+ chart: praefect-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -951,7 +986,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-4.6.3
+ chart: sidekiq-4.7.0
release: gitlab-test
heritage: Helm
queue_pod_name: native-chart
@@ -976,7 +1011,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-4.6.3
+ chart: sidekiq-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -992,6 +1027,7 @@
host: "gitlab-test-postgresql.gitlab.svc"
port: 5432
connect_timeout:
+ application_name:
prepared_statements: false
@@ -1046,55 +1082,79 @@
-
- # Consolidated object storage configuration
- ## property local configuration will override object_store
- object_store:
- enabled: true
- direct_upload: true
- background_upload: false
- proxy_download: true
- connection:
- provider: AWS
- region: us-east-1
- host: minio.test.freedesktop.org
- endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
- path_style: true
- aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
- aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
- objects:
- artifacts:
- bucket: gitlab-artifacts
- lfs:
- bucket: git-lfs
- uploads:
- bucket: gitlab-uploads
- packages:
- bucket: gitlab-packages
- external_diffs:
- bucket: gitlab-mr-diffs
- terraform_state:
- bucket: gitlab-terraform-state
- dependency_proxy:
- bucket: gitlab-dependency-proxy
- pages:
- bucket: fdo-gitlab-pages
- # Individual object storage backed feature properties configuration
artifacts:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-artifacts
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
lfs:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: git-lfs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
uploads:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-uploads
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
packages:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-packages
+ direct_upload: true
+ background_upload: false
+ proxy_download: false
external_diffs:
- enabled:
+ enabled: false
when:
+ object_store:
+ enabled: false
+ remote_directory: gitlab-mr-diffs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
terraform_state:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-terraform-state
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
dependency_proxy:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-dependency-proxy
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
pseudonymizer:
manifest: config/pseudonymizer.yml
upload:
@@ -1159,7 +1219,7 @@
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
- gitaly_address: tcp://gitlab-test-praefect:8075
+ gitaly_address: tcp://gitlab-test-praefect.gitlab.svc:8075
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
@@ -1209,7 +1269,7 @@
namespace: gitlab
labels:
app: task-runner
- chart: task-runner-4.6.3
+ chart: task-runner-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -1223,6 +1283,7 @@
host: "gitlab-test-postgresql.gitlab.svc"
port: 5432
connect_timeout:
+ application_name:
prepared_statements: false
@@ -1270,55 +1331,79 @@
email_reply_to: "noreply@test.freedesktop.org"
email_subject_suffix: ""
-
- # Consolidated object storage configuration
- ## property local configuration will override object_store
- object_store:
- enabled: true
- direct_upload: true
- background_upload: false
- proxy_download: true
- connection:
- provider: AWS
- region: us-east-1
- host: minio.test.freedesktop.org
- endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
- path_style: true
- aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
- aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
- objects:
- artifacts:
- bucket: gitlab-artifacts
- lfs:
- bucket: git-lfs
- uploads:
- bucket: gitlab-uploads
- packages:
- bucket: gitlab-packages
- external_diffs:
- bucket: gitlab-mr-diffs
- terraform_state:
- bucket: gitlab-terraform-state
- dependency_proxy:
- bucket: gitlab-dependency-proxy
- pages:
- bucket: fdo-gitlab-pages
- # Individual object storage backed feature properties configuration
artifacts:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-artifacts
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
lfs:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: git-lfs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
uploads:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-uploads
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
packages:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-packages
+ direct_upload: true
+ background_upload: false
+ proxy_download: false
external_diffs:
- enabled:
+ enabled: false
when:
+ object_store:
+ enabled: false
+ remote_directory: gitlab-mr-diffs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
terraform_state:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-terraform-state
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
dependency_proxy:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-dependency-proxy
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
pseudonymizer:
manifest: config/pseudonymizer.yml
upload:
@@ -1378,7 +1463,7 @@
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
- gitaly_address: tcp://gitlab-test-praefect:8075
+ gitaly_address: tcp://gitlab-test-praefect.gitlab.svc:8075
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
@@ -1432,7 +1517,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -1448,6 +1533,7 @@
host: "gitlab-test-postgresql.gitlab.svc"
port: 5432
connect_timeout:
+ application_name:
prepared_statements: false
@@ -1502,54 +1588,79 @@
- # Consolidated object storage configuration
- ## property local configuration will override object_store
- object_store:
- enabled: true
- direct_upload: true
- background_upload: false
- proxy_download: true
- connection:
- provider: AWS
- region: us-east-1
- host: minio.test.freedesktop.org
- endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
- path_style: true
- aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
- aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
- objects:
- artifacts:
- bucket: gitlab-artifacts
- lfs:
- bucket: git-lfs
- uploads:
- bucket: gitlab-uploads
- packages:
- bucket: gitlab-packages
- external_diffs:
- bucket: gitlab-mr-diffs
- terraform_state:
- bucket: gitlab-terraform-state
- dependency_proxy:
- bucket: gitlab-dependency-proxy
- pages:
- bucket: fdo-gitlab-pages
- # Individual object storage backed feature properties configuration
artifacts:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-artifacts
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
lfs:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: git-lfs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
uploads:
enabled: true
+ object_store:
+ enabled: true
+ remote_directory: gitlab-uploads
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
+ connection:
+ provider: AWS
+ region: us-east-1
+ host: minio.test.freedesktop.org
+ endpoint: http://gitlab-test-minio-svc.gitlab.svc:9000
+ path_style: true
+ aws_access_key_id: "<%= File.read('/etc/gitlab/minio/accesskey').strip.dump[1..-2] %>"
+ aws_secret_access_key: "<%= File.read('/etc/gitlab/minio/secretkey').strip.dump[1..-2] %>"
packages:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-packages
+ direct_upload: true
+ background_upload: false
+ proxy_download: false
external_diffs:
- enabled:
+ enabled: false
when:
+ object_store:
+ enabled: false
+ remote_directory: gitlab-mr-diffs
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
terraform_state:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-terraform-state
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
dependency_proxy:
enabled: false
+ object_store:
+ enabled: false
+ remote_directory: gitlab-dependency-proxy
+ direct_upload: true
+ background_upload: false
+ proxy_download: true
sentry:
enabled: false
@@ -1595,7 +1706,7 @@
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
- gitaly_address: tcp://gitlab-test-praefect:8075
+ gitaly_address: tcp://gitlab-test-praefect.gitlab.svc:8075
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
@@ -1661,7 +1772,7 @@
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -1911,6 +2022,7 @@
createBucket gitlab-mr-diffs none false
createBucket gitlab-terraform-state none false
createBucket gitlab-dependency-proxy none false
+ createBucket gitlab-pages none false
configure: |-
sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.json > /minio/config.json
@@ -2040,22 +2152,47 @@
}
# Blank line to signal end of Block
---
+# Source: gitlab/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: nginx-ingress
+ chart: nginx-ingress-3.11.1
+ release: gitlab-test
+ heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-custom-add-headers
+data:
+ Referrer-Policy: strict-origin-when-cross-origin
+---
# Source: gitlab/charts/nginx-ingress/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
- name: gitlab-test-nginx-ingress-controller
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-controller
data:
- enable-vts-status: "true"
- proxy-set-headers: gitlab/gitlab-test-nginx-ingress-custom-headers
- enable-vts-status: "true"
+ add-headers: gitlab/gitlab-test-nginx-ingress-custom-add-headers
+
+ hsts: "false"
hsts-include-subdomains: "false"
log-format-stream: $remote_addr - [$time_local] TCP
log-format-upstream: $remote_addr - $remote_user [$time_local] "$request" $status
@@ -2064,25 +2201,10 @@
$upstream_response_time $upstream_status $req_id
server-name-hash-bucket-size: "256"
server-tokens: "false"
- ssl-ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
+ ssl-ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
ssl-protocols: TLSv1.3 TLSv1.2
use-http2: "true"
---
-# Source: gitlab/charts/nginx-ingress/templates/headers-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: gitlab-test-nginx-ingress-custom-headers
- namespace: gitlab
- labels:
- app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
- release: gitlab-test
- heritage: Helm
- component: "controller"
-data:
- Referrer-Policy: strict-origin-when-cross-origin
----
# Source: gitlab/charts/postgresql/templates/extended-config-configmap.yaml
apiVersion: v1
kind: ConfigMap
@@ -2477,12 +2599,12 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-4.6.3
+ chart: gitlab-4.7.0
release: gitlab-test
heritage: Helm
data:
- gitlabVersion: "13.6.3"
- gitlabChartVersion: "4.6.3"
+ gitlabVersion: "13.7.0"
+ gitlabChartVersion: "4.7.0"
---
# Source: gitlab/templates/initdb-configmap.yaml
apiVersion: v1
@@ -2492,7 +2614,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-4.6.3
+ chart: gitlab-4.7.0
release: gitlab-test
heritage: Helm
data:
@@ -10614,17 +10736,23 @@
verbs: ['use']
resourceNames: [gitlab-test-grafana]
---
-# Source: gitlab/charts/nginx-ingress/templates/role.yaml
+# Source: gitlab/charts/nginx-ingress/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- name: gitlab-test-nginx-ingress
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress
rules:
- apiGroups:
- ""
@@ -10654,6 +10782,7 @@
- watch
- apiGroups:
- extensions
+ - "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
@@ -10662,11 +10791,20 @@
- watch
- apiGroups:
- extensions
+ - "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
+ - "networking.k8s.io" # k8s 1.14+
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
- ""
resources:
- configmaps
@@ -10737,17 +10875,23 @@
name: gitlab-test-grafana
namespace: gitlab
---
-# Source: gitlab/charts/nginx-ingress/templates/rolebinding.yaml
+# Source: gitlab/charts/nginx-ingress/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: gitlab-test-nginx-ingress
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -10787,7 +10931,7 @@
namespace: gitlab
labels:
app: gitaly
- chart: gitaly-4.6.3
+ chart: gitaly-4.7.0
release: gitlab-test
heritage: Helm
@@ -10818,7 +10962,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.6.3
+ chart: gitlab-exporter-4.7.0
release: gitlab-test
heritage: Helm
@@ -10843,7 +10987,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
@@ -10868,10 +11012,13 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-4.6.3
+ chart: praefect-4.7.0
release: gitlab-test
heritage: Helm
+
annotations:
+ gitlab.com/prometheus_scrape: "true"
+ gitlab.com/prometheus_port: ""
prometheus.io/scrape: "true"
prometheus.io/port: ""
@@ -10879,7 +11026,7 @@
type: ClusterIP
clusterIP: None
ports:
- - name: gitlab-test-praefect
+ - name: praefect
port: 8075
protocol: TCP
targetPort: 8075
@@ -10895,14 +11042,15 @@
apiVersion: v1
kind: Service
metadata:
- name: gitlab-test-webservice
+ name: gitlab-test-webservice-default
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
+ gitlab.com/webservice-name: default
annotations:
spec:
@@ -10919,6 +11067,8 @@
selector:
app: webservice
release: gitlab-test
+
+ gitlab.com/webservice-name: default
---
# Source: gitlab/charts/grafana/templates/service.yaml
apiVersion: v1
@@ -10968,25 +11118,30 @@
targetPort: 9000
protocol: TCP
---
-# Source: gitlab/charts/nginx-ingress/templates/controller-metrics-service.yaml
+# Source: gitlab/charts/nginx-ingress/templates/controller-service-metrics.yaml
apiVersion: v1
kind: Service
metadata:
- name: gitlab-test-nginx-ingress-controller-metrics
- namespace: gitlab
- annotations:
+ annotations:
gitlab.com/prometheus_port: "10254"
gitlab.com/prometheus_scrape: "true"
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-controller-metrics
spec:
-
+ type: ClusterIP
ports:
- name: metrics
port: 9913
@@ -10995,23 +11150,28 @@
app: nginx-ingress
component: "controller"
release: gitlab-test
- type: "ClusterIP"
---
# Source: gitlab/charts/nginx-ingress/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
- name: gitlab-test-nginx-ingress-controller
- namespace: gitlab
+ annotations:
labels:
- component: "controller"
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
+ component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-controller
spec:
-
- externalTrafficPolicy: "Local"
+ type: LoadBalancer
+ externalTrafficPolicy: Local
ports:
- name: http
port: 80
@@ -11029,46 +11189,26 @@
app: nginx-ingress
component: "controller"
release: gitlab-test
- type: "LoadBalancer"
---
-# Source: gitlab/charts/nginx-ingress/templates/controller-stats-service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: gitlab-test-nginx-ingress-controller-stats
- namespace: gitlab
- labels:
- app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
- release: gitlab-test
- heritage: Helm
- component: "controller"
-spec:
-
- ports:
- - name: stats
- port: 18080
- targetPort: stats
- selector:
- app: nginx-ingress
- component: "controller"
- release: gitlab-test
- type: "ClusterIP"
----
# Source: gitlab/charts/nginx-ingress/templates/default-backend-service.yaml
apiVersion: v1
kind: Service
metadata:
- name: gitlab-test-nginx-ingress-default-backend
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "default-backend"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-default-backend
spec:
-
+ type: ClusterIP
ports:
- name: http
port: 80
@@ -11078,7 +11218,6 @@
app: nginx-ingress
component: "default-backend"
release: gitlab-test
- type: "ClusterIP"
---
# Source: gitlab/charts/postgresql/templates/metrics-svc.yaml
apiVersion: v1
@@ -11452,7 +11591,7 @@
namespace: gitlab
labels:
app: gitlab-exporter
- chart: gitlab-exporter-4.6.3
+ chart: gitlab-exporter-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -11470,7 +11609,7 @@
release: gitlab-test
annotations:
- checksum/config: 52ae736ec6da6c5ec7aadb9f20d2db9f5887fbc6e6bcfbf46fafdc48a579582c
+ checksum/config: 4975969dae5c8d0fb4b939f917b06c6792155c218e6adef9db3fd494740b7da8
gitlab.com/prometheus_path: /metrics
gitlab.com/prometheus_port: "9168"
gitlab.com/prometheus_scrape: "true"
@@ -11530,7 +11669,7 @@
containers:
- name: gitlab-exporter
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:7.0.6"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:7.1.2"
env:
- name: CONFIG_TEMPLATE_DIRECTORY
@@ -11609,7 +11748,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -11626,8 +11765,8 @@
release: gitlab-test
annotations:
- checksum/config: a327e229a91437a623be134acb3bde77ebf5b7f5afc469fdc1ec45ffed4342a5
- checksum/config-sshd: ce88b8f00a9271dc869dfc296a26ff75edb7472693a9a31d37fd60744c620063
+ checksum/config: 48426d836caef69f2353c71b2db9211041a8be95351e3b2517feea770143f0fe
+ checksum/config-sshd: b9fc175b0dee8b833637a0798270d7c12f42f6e0123db87088ed66562f041fad
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
initContainers:
@@ -11680,7 +11819,7 @@
containers:
- name: gitlab-shell
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.13.0"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.14.0"
ports:
- containerPort: 2222
@@ -11766,7 +11905,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-4.6.3
+ chart: sidekiq-4.7.0
release: gitlab-test
heritage: Helm
queue-pod-name: native-chart
@@ -11786,9 +11925,9 @@
queue-pod-name: native-chart
annotations:
- checksum/configmap: a6dbd36d4f347b60b9592542b4f9ba583c3ad0daf682228a7c48260c445c6abd
+ checksum/configmap: 86fd2be6211b76f61f8d8b70f0050f7528c07a8c3d695586cc282248c77f97b9
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
- checksum/configmap-pod: d82173817f4f43c2eb77862582fda5be5c38ffb71816a11eb394a69746d96737
+ checksum/configmap-pod: a250d2132340391751d888d17e46338faa2cbdfc93c97e3c576dcd3fe6f952a5
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
gitlab.com/prometheus_port: "3807"
@@ -11847,7 +11986,7 @@
requests:
cpu: 50m
- name: dependencies
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v13.7.0"
args:
- /scripts/wait-for-deps
@@ -11884,7 +12023,7 @@
containers:
- name: sidekiq
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v13.7.0"
env:
- name: prometheus_multiproc_dir
@@ -12045,6 +12184,7 @@
# mount secret for external_diffs
# mount secret for terraform_state
# mount secret for dependency_proxy
+ # mount secret for pages
# mount secret for pseudonymizer
# mount secrets for LDAP
@@ -12064,7 +12204,7 @@
namespace: gitlab
labels:
app: task-runner
- chart: task-runner-4.6.3
+ chart: task-runner-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -12085,7 +12225,7 @@
release: gitlab-test
annotations:
- checksum/config: ea3f8e3e89208bff01f0f25c9667fd2522858ab2fef19fda966c4d49f4b468c7
+ checksum/config: 6191de71356d55021142a9426d09a6a561f54971fab731f3620c13d89d345520
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
@@ -12144,7 +12284,7 @@
- /bin/bash
- -c
- sh /var/opt/gitlab/templates/configure-gsutil && while sleep 3600; do :; done
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v13.7.0"
env:
- name: ARTIFACTS_BUCKET_NAME
@@ -12282,6 +12422,7 @@
# mount secret for external_diffs
# mount secret for terraform_state
# mount secret for dependency_proxy
+ # mount secret for pages
# mount secret for pseudonymizer
# mount secrets for LDAP
@@ -12297,29 +12438,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: gitlab-test-webservice
+ name: gitlab-test-webservice-default
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
+ gitlab.com/webservice-name: default
annotations:
spec:
- replicas:
+ replicas: 2
selector:
matchLabels:
app: webservice
release: gitlab-test
+
+ gitlab.com/webservice-name: default
template:
metadata:
labels:
app: webservice
release: gitlab-test
+ gitlab.com/webservice-name: default
annotations:
- checksum/config: a1363ded74c225aa13fa8faa00b8bd5b149f0765cff6758f7d193ebbb6438998
+ checksum/config: 1311f743505f8071025bf34f5a7a26c9f8e955a434b566b4e5385999fd0c636d
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
@@ -12343,6 +12488,7 @@
matchLabels:
app: webservice
release: gitlab-test
+ gitlab.com/webservice-name: default
initContainers:
@@ -12363,7 +12509,7 @@
args: [ '-c', 'sh -x /config-webservice/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab']
image: "busybox:latest"
env:
-
+
volumeMounts:
@@ -12390,7 +12536,7 @@
requests:
cpu: 50m
- name: dependencies
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.6.3
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.7.0
args:
- /scripts/wait-for-deps
@@ -12423,7 +12569,7 @@
containers:
- name: webservice
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.6.3
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.7.0
ports:
- containerPort: 8080
@@ -12517,7 +12663,7 @@
cpu: 300m
memory: 2.5G
- name: gitlab-workhorse
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v13.7.0"
ports:
- containerPort: 8181
@@ -12655,6 +12801,7 @@
# mount secret for external_diffs
# mount secret for terraform_state
# mount secret for dependency_proxy
+ # mount secret for pages
# mount secrets for LDAP
- name: webservice-secrets
@@ -12913,27 +13060,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: gitlab-test-nginx-ingress-controller
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "controller"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: controller
+ name: gitlab-test-nginx-ingress-controller
annotations:
spec:
- replicas: 2
- revisionHistoryLimit: 10
- strategy:
- {}
- minReadySeconds: 0
selector:
matchLabels:
app: nginx-ingress
component: "controller"
release: gitlab-test
+ replicas: 2
+ revisionHistoryLimit: 10
+ minReadySeconds: 0
template:
metadata:
annotations:
@@ -12945,27 +13095,32 @@
spec:
dnsPolicy: ClusterFirst
containers:
- - name: nginx-ingress-controller
- image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0"
- imagePullPolicy: "IfNotPresent"
+ - name: controller
+ image: "k8s.gcr.io/ingress-nginx/controller:v0.41.2@sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de"
+ imagePullPolicy: IfNotPresent
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /wait-shutdown
args:
- /nginx-ingress-controller
- - --default-backend-service=gitlab/gitlab-test-nginx-ingress-default-backend
- - --publish-service=gitlab/gitlab-test-nginx-ingress-controller
+ - --default-backend-service=$(POD_NAMESPACE)/gitlab-test-nginx-ingress-default-backend
+ - --publish-service=$(POD_NAMESPACE)/gitlab-test-nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- - --configmap=gitlab/gitlab-test-nginx-ingress-controller
- - --tcp-services-configmap=gitlab/gitlab-test-nginx-ingress-tcp
- - --watch-namespace=gitlab
+ - --configmap=$(POD_NAMESPACE)/gitlab-test-nginx-ingress-controller
+ - --tcp-services-configmap=gitlab/gitlab-test-ingress-nginx-tcp
+ - --watch-namespace=$(POD_NAMESPACE)
- --enable-ssl-chain-completion=false
- - --force-namespace-isolation
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
- runAsUser: 33
+ runAsUser: 101
+ allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
@@ -12975,6 +13130,8 @@
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: LD_PRELOAD
+ value: /usr/local/lib/libmimalloc.so
livenessProbe:
httpGet:
path: /healthz
@@ -12984,6 +13141,16 @@
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
failureThreshold: 3
ports:
- name: http
@@ -12992,66 +13159,48 @@
- name: https
containerPort: 443
protocol: TCP
- - name: stats
- containerPort: 18080
- protocol: TCP
- name: metrics
containerPort: 10254
protocol: TCP
- name: gitlab-shell
containerPort: 22
protocol: TCP
- readinessProbe:
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
- successThreshold: 1
- failureThreshold: 3
- resources:
+ resources:
requests:
cpu: 100m
memory: 100Mi
- hostNetwork: false
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- topologyKey: kubernetes.io/hostname
- labelSelector:
- matchLabels:
- app: nginx-ingress
- component: controller
- release: gitlab-test
+ nodeSelector:
+ kubernetes.io/os: linux
serviceAccountName: gitlab-test-nginx-ingress
- terminationGracePeriodSeconds: 60
+ terminationGracePeriodSeconds: 300
---
# Source: gitlab/charts/nginx-ingress/templates/default-backend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
- name: gitlab-test-nginx-ingress-default-backend
- namespace: gitlab
labels:
app: nginx-ingress
- chart: nginx-ingress-0.30.0-1
+ chart: nginx-ingress-3.11.1
release: gitlab-test
heritage: Helm
component: "default-backend"
+ helm.sh/chart: nginx-ingress-3.11.1
+ app.kubernetes.io/name: nginx-ingress
+ app.kubernetes.io/instance: gitlab-test
+ app.kubernetes.io/version: "0.41.2"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: default-backend
+ name: gitlab-test-nginx-ingress-default-backend
annotations:
spec:
- replicas: 1
- revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx-ingress
component: "default-backend"
release: gitlab-test
+ replicas: 1
+ revisionHistoryLimit: 10
template:
metadata:
labels:
@@ -13061,24 +13210,45 @@
spec:
containers:
- name: nginx-ingress-default-backend
- image: "k8s.gcr.io/defaultbackend:1.4"
- imagePullPolicy: "IfNotPresent"
- args:
+ image: "k8s.gcr.io/defaultbackend-amd64:1.5"
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ runAsUser: 65534
+ runAsNonRoot: true
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
+ periodSeconds: 10
timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 6
ports:
- name: http
containerPort: 8080
protocol: TCP
- resources:
+ resources:
requests:
cpu: 5m
memory: 5Mi
+ serviceAccountName: gitlab-test-nginx-ingress-backend
terminationGracePeriodSeconds: 60
---
# Source: gitlab/charts/prometheus/templates/server-deployment.yaml
@@ -13245,7 +13415,7 @@
cpu: 50m
containers:
- name: registry
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.11.0-gitlab"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v2.12.0-gitlab"
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: registry-server-config
@@ -13314,7 +13484,7 @@
namespace: gitlab
labels:
app: gitlab-shell
- chart: gitlab-shell-4.6.3
+ chart: gitlab-shell-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -13338,7 +13508,7 @@
namespace: gitlab
labels:
app: sidekiq
- chart: sidekiq-4.6.3
+ chart: sidekiq-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -13358,18 +13528,19 @@
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
- name: gitlab-test-webservice
+ name: gitlab-test-webservice-default
namespace: gitlab
labels:
app: webservice
- chart: webservice-4.6.3
+ chart: webservice-4.7.0
release: gitlab-test
heritage: Helm
+ gitlab.com/webservice-name: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: gitlab-test-webservice
+ name: gitlab-test-webservice-default
minReplicas: 2
maxReplicas: 10
metrics:
@@ -13429,7 +13600,7 @@
release: gitlab-test
annotations:
- checksum/config: 202d42e3e550d44db35636ce5b0263eaa6d7adf4e3f729e805b3c24c5dead74a
+ checksum/config: 94f1310e00bbb0780cc9470d8099f3eb9a991abbb0721db8ee9c93b20aaf7d17
co.elastic.logs/json.add_error_key: "true"
co.elastic.logs/json.keys_under_root: "false"
spec:
@@ -13484,7 +13655,7 @@
containers:
- name: gitaly
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.7.0"
ports:
- containerPort: 8075
@@ -13582,7 +13753,7 @@
namespace: gitlab
labels:
app: praefect
- chart: praefect-4.6.3
+ chart: praefect-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -13600,7 +13771,7 @@
release: gitlab-test
annotations:
- checksum/config: 027a2068879083edb8dddec647021d695a9bafa97ad3dc9d607d6a4a6a4af5ba
+ checksum/config: d33f18ac366961270ba38e4da1e491ef63e085d13faabf304f179a54cb814ebc
spec:
affinity:
podAntiAffinity:
@@ -13650,7 +13821,7 @@
containers:
- name: praefect
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.7.0"
ports:
- containerPort: 8075
@@ -14094,7 +14265,7 @@
namespace: gitlab
labels:
app: migrations
- chart: migrations-4.6.3
+ chart: migrations-4.7.0
release: gitlab-test
heritage: Helm
spec:
@@ -14150,7 +14321,7 @@
containers:
- name: migrations
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v13.6.3"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ce:v13.7.0"
args:
- /scripts/wait-for-deps
- /scripts/db-migrate
@@ -14290,7 +14461,7 @@
namespace: gitlab
labels:
app: gitlab-grafana
- chart: gitlab-grafana-4.6.3
+ chart: gitlab-grafana-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -14504,6 +14675,7 @@
db_key_base=$(fetch_rails_value secrets.yml "${env}.db_key_base")
openid_connect_signing_key=$(fetch_rails_value secrets.yml "${env}.openid_connect_signing_key")
ci_jwt_signing_key=$(fetch_rails_value secrets.yml "${env}.ci_jwt_signing_key")
+ encrypted_settings_key_base=$(fetch_rails_value secrets.yml "${env}.encrypted_settings_key_base")
fi;
# Generate defaults for any unset secrets
@@ -14512,6 +14684,7 @@
db_key_base="${db_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64)
openid_connect_signing_key="${openid_connect_signing_key:-$(openssl genrsa 2048)}"
ci_jwt_signing_key="${ci_jwt_signing_key:-$(openssl genrsa 2048)}"
+ encrypted_settings_key_base="${encrypted_settings_key_base:-$(gen_random 'a-f0-9' 128)}" # equavilent to secureRandom.hex(64)
# Update the existing secret
cat << EOF > rails-secrets.yml
@@ -14526,6 +14699,7 @@
secret_key_base: $secret_key_base
otp_key_base: $otp_key_base
db_key_base: $db_key_base
+ encrypted_settings_key_base: $encrypted_settings_key_base
openid_connect_signing_key: |
$(echo "${openid_connect_signing_key}" | awk '{print " " $0}')
ci_jwt_signing_key: |
@@ -14566,7 +14740,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-4.6.3
+ chart: gitlab-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -14700,14 +14874,14 @@
apiVersion: v1
kind: Pod
metadata:
- name: gitlab-test-webservice-test-runner-kww4y
+ name: gitlab-test-webservice-test-runner-zjdx2
namespace: gitlab
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: test-runner
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.6.3
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v13.7.0
command: ['sh', '/tests/test_login']
volumeMounts:
- name: tests
@@ -14732,7 +14906,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: gitlab-test-shared-secrets-1-1vo
+ name: gitlab-test-shared-secrets-1-fq6
namespace: gitlab
labels:
app: shared-secrets
@@ -14784,7 +14958,7 @@
namespace: gitlab
labels:
app: gitlab
- chart: gitlab-4.6.3
+ chart: gitlab-4.7.0
release: gitlab-test
heritage: Helm
annotations:
@@ -14811,9 +14985,9 @@
env:
- name: GITLAB_VERSION
- value: '13.6.3'
+ value: '13.7.0'
- name: CHART_VERSION
- value: '4.6.3'
+ value: '4.7.0'
volumeMounts:
- name: chart-info
mountPath: /chart-info
@@ -15217,7 +15391,7 @@
requests:
memory: "1Gi"
cpu: "1"
- image: gitlab/gitlab-ce:13.6.3-ce.0
+ image: gitlab/gitlab-ce:13.7.0-ce.0
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-c",
"sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && exec /assets/wrapper"]