Commit 69286e92 authored by DJ Mountney's avatar DJ Mountney

Merge remote-tracking branch 'origin/master' into dj-1258

parents 15bfa4dc 2d2675fe
Pipeline #55478625 passed with stages
in 48 minutes and 2 seconds
......@@ -20,17 +20,25 @@
.idea/
*.tmproj
# Project/CI/CD related items
.gitlab
.gitlab-ci.yml
.dockerignore
.helmignore
Dangerfile
Gemfile
Gemfile.lock
ci/
doc/
examples/
images/
certs/
scripts/
spec/
build/
*.md
CHANGELOG
changelogs/
# CHANGELOG.md
bin/
spec/
# dependencies.io
dependencies.yml
dependencies_io/
......@@ -2,6 +2,29 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 1.7.3 (2019-04-05)
### Fixed (2 changes)
- Mount object storage secrets related to external diffs to pods. !745
- Fix support for NGINX Ingress DaemonSets. !748
### Other (1 change)
- Update GitLab Version to 11.9.6.
## 1.7.2 (2019-04-02)
### Fixed (1 change)
- Application: use groups in componentKinds. !740
### Other (1 change)
- Update GitLab Version to 11.9.4.
## 1.7.1 (2019-03-25)
### Other (2 changes)
......
---
apiVersion: v1
name: gitlab
version: 1.7.1
version: 1.7.3
appVersion: master
description: Web-based Git-repository manager with wiki and issue-tracking features.
keywords:
......
---
title: Expose unicorn memory limits via chart values
merge_request: 738
author: Paul Nicholson
type: added
---
title: Ensure README present in helm package
merge_request: 752
author:
type: fixed
---
title: ElasticSearch is now available
merge_request: 746
author:
type: added
---
title: 'Application: use groups in componentKinds'
merge_request: 740
author:
type: fixed
---
apiVersion: v1
name: gitaly
version: 1.7.1
version: 1.7.3
appVersion: master
description: Git RPC service for handling all the git calls made by GitLab
keywords:
......
---
apiVersion: v1
name: gitlab-shell
version: 1.7.1
version: 1.7.3
appVersion: master
description: sshd for Gitlab
keywords:
......
---
apiVersion: v1
name: mailroom
version: 1.7.1
version: 1.7.3
appVersion: master
description: Handling incoming emails
keywords:
......
---
apiVersion: v1
name: migrations
version: 1.7.1
version: 1.7.3
appVersion: master
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
......
---
apiVersion: v1
name: operator
version: 1.7.1
version: 1.7.3
appVersion: master
description: Gitlab operator for managing upgrades
keywords:
......
---
apiVersion: v1
name: sidekiq
version: 1.7.1
version: 1.7.3
appVersion: master
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
......
......@@ -261,6 +261,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
---
apiVersion: v1
name: task-runner
version: 1.7.1
version: 1.7.3
appVersion: master
description: For manually running rake tasks through kubectl
keywords:
......
......@@ -149,6 +149,7 @@ spec:
{{- include "gitlab.minio.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
---
apiVersion: v1
name: unicorn
version: 1.7.1
version: 1.7.3
appVersion: master
description: HTTP server for Gitlab
keywords:
......
......@@ -57,8 +57,8 @@ data:
defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change
end
ENV['GITLAB_UNICORN_MEMORY_MIN'] = (400 * 1 << 20).to_s
ENV['GITLAB_UNICORN_MEMORY_MAX'] = (650 * 1 << 20).to_s
ENV['GITLAB_UNICORN_MEMORY_MIN'] = ({{ int .Values.memory.min }} * 1 << 20).to_s
ENV['GITLAB_UNICORN_MEMORY_MAX'] = ({{ int .Values.memory.max }} * 1 << 20).to_s
gitlab.yml.erb: |
production: &base
......
......@@ -276,6 +276,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
{{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }}
......
......@@ -38,6 +38,9 @@ ingress:
annotations: {}
workerProcesses: 2
workerTimeout: 60
memory:
min: 400
max: 650
hpa:
targetAverageValue: 1
workhorse:
......
......@@ -95,7 +95,7 @@ Parameter | Description | Default
`controller.publishService.pathOverride` | override of the default publish-service name | `""`
`controller.service.clusterIP` | internal controller cluster service IP | `""`
`controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]`
`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"`
`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Local"`
`controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""`
`global.hosts.externalIP` | IP address to assign to load balancer (if supported) | `""`
`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
......
......@@ -13,6 +13,11 @@ spec:
updateStrategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
selector:
matchLabels:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
template:
metadata:
annotations:
......
......@@ -47,11 +47,12 @@ Examples for [S3][storage-s3](any s3 compatible) and [GCS][storage-gcs] drivers
1. Follow [registry chart documentation on storage](../../charts/registry/index.md#storage) for creating the secret.
1. Configure the chart as documented.
## LFS, Artifacts, Uploads, Packages, Pseudonymizer
## LFS, Artifacts, Uploads, Packages, External Diffs, Pseudonymizer
Configuration of object storage for LFS, artifacts, uploads, and packages is done
via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.uploads`,
`global.appConfig.packages` and `global.appConfig.pseudonymizer` keys.
Configuration of object storage for LFS, artifacts, uploads, packages, external
diffs, and pseudonymizer is done via the `global.appConfig.lfs`,
`global.appConfig.artifacts`, `global.appConfig.uploads`,
`global.appConfig.packages`, `global.appConfig.externalDiffs` and `global.appConfig.pseudonymizer` keys.
```
--set global.appConfig.lfs.bucket=gitlab-lfs-storage
......@@ -70,6 +71,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
--set global.appConfig.packages.connection.secret=object-storage
--set global.appConfig.packages.connection.key=connection
--set global.appConfig.externalDiffs.bucket=gitlab-externaldiffs-storage
--set global.appConfig.externalDiffs.connection.secret=object-storage
--set global.appConfig.externalDiffs.connection.key=connection
--set global.appConfig.pseudonymizer.bucket=gitlab-pseudonymizer-storage
--set global.appConfig.pseudonymizer.connection.secret=object-storage
--set global.appConfig.pseudonymizer.connection.key=connection
......@@ -77,6 +82,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
> **Note**: Currently a different bucket is needed for each, otherwise performing a restore from backup will not properly function.
> **Note**: Storing MR diffs on external storage is not enabled by default. So,
> for the object storage settings for `externalDiffs` to take effect,
> `global.appConfig.externalDiffs.enabled` key should have a `true` value.
See the [charts/globals documentaion on appConfig](../../charts/globals.md#configure-appconfig-settings) for full details.
Create the secret(s) per the [connection details documentation](../../charts/globals.md#connection), and then configure the chart to use the provided secrets. Note, the same secret can be used for all of them.
......
......@@ -41,6 +41,8 @@ to the `helm install` command using the `--set` flags.
| `image.tag` | | Unicorn image tag |
| `init.image` | `busybox` | initContainer image |
| `init.tag` | `latest` | initContainer image tag |
| `memory.min` | `400` | The minimum memory threshold (in megabytes) for the Unicorn worker killer |
| `memory.max` | `650` | The maximum memory threshold (in megabytes) for the Unicorn worker killer |
| `metrics.enabled` | `true` | Toggle Prometheus metrics exporter |
| `minio.bucket` | `git-lfs` | Name of storage bucket, when using Minio |
| `minio.port` | `9000` | Port for Minio service |
......@@ -97,7 +99,7 @@ image:
```YAML
annotations:
kubernetes.io/example-annotation: annotation-value
```
```
## Using the Community Edition of this chart
......@@ -133,6 +135,12 @@ you can set the body size with either of the following two parameters too:
- `gitlab.unicorn.ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"`
- `global.ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"`
## Memory
Memory thresholds for the [unicorn-worker-killer](https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer)
can be customized using the `memory.min` and `memory.max` chart values. While the default values are sane, you can increase (or lower)
these values to fine-tune them for your environment or troubleshoot performance issues.
## External Services
### Redis
......
......@@ -518,6 +518,25 @@ Example `--set` configuration items, when using the global chart:
NOTE: **Note:** Commas are considered [special characters](https://github.com/kubernetes/helm/blob/master/docs/using_helm.md#the-format-and-limitations-of---set)
within Helm `--set` items. Be sure to escape commas in values such as `bind_dn`: `--set global.appConfig.ldap.servers.main.bind_dn='cn=administrator\,cn=Users\,dc=domain\,dc=net'`.
#### Using a custom CA or self signed LDAP certificates
If the LDAP server uses a custom CA or self-signed certificate, you must:
1. Ensure that the custom CA/Self-Signed certificate is created as a secret in the cluster/namespace:
```bash
kubectl -n gitlab create secret generic my-custom-ca --from-file=my-custom-ca.pem
```
1. Then, specify:
```bash
--set global.certificates.customCAs[0].secret=my-custom-ca.pem
--set global.appConfig.ldap.servers.main.ca_file=/etc/ssl/certs/ca-cert-my-custom-ca.pem
```
This will ensure that the CA is mounted in the relevant pods under `/etc/ssl/certs/ca-cert-my-custom-ca.pem` and specifies its use in the LDAP configuration.
### OmniAuth
GitLab can leverage OmniAuth to allow users to sign in using Twitter, GitHub, Google,
......
......@@ -26,7 +26,6 @@ Some features of GitLab are not currently available using the Helm chart:
- [GitLab Pages](https://gitlab.com/charts/gitlab/issues/37)
- [GitLab Geo](https://gitlab.com/charts/gitlab/issues/8)
- [No in-cluster HA database](https://gitlab.com/charts/gitlab/issues/48)
- [Elasticsearch support](https://gitlab.com/charts/gitlab/issues/976)
- [Smartcard authentication](https://gitlab.com/charts/gitlab/issues/988)
Database limitations:
......
......@@ -67,7 +67,6 @@ Tables below contain all the possible charts configurations that can be supplied
| global.appConfig.incomingEmail.mailbox | Mailbox where incoming mail will end up. | inbox |
| global.appConfig.incomingEmail.idleTimeout | The IDLE command timeout | 60 |
## GitLab Shell
| Parameter | Description | Default |
......@@ -289,3 +288,18 @@ See [nginx-ingress chart](../charts/nginx/index.md)
| gitlab-runner.resources.limits.cpu | runner resources | |
| gitlab-runner.resources.requests.memory | runner resources | |
| gitlab-runner.resources.requests.cpu | runner resources | |
## External Charts
GitLab makes use of several other charts. These are [treated as parent-child relationships](https://helm.sh/docs/developing_charts/#chart-dependencies).
Ensure that any properties you wish to configure are provided as `chart-name.property`.
## Prometheus
Prefix Prometheus values with `prometheus`. For example, set the persistence
storage value using `prometheus.server.persistentVolume.size`.
Refer to the [Prometheus chart documentation][prometheus-configuration] for the
exhaustive list of configuration options.
[prometheus-configuration]: https://github.com/helm/charts/tree/master/stable/prometheus#configuration
......@@ -111,6 +111,39 @@ This configuration should not be used in production.
You can read more about setting up your production-ready object storage in the [external object storage](../advanced/external-object-storage/index.md)
### Prometheus
We use the [upstream Prometheus chart][prometheus-configuration],
and do not override values from our own defaults.
We do, however, default disable `alertmanager`, `nodeExporter`, and
`pushgateway`.
Refer to the [Prometheus chart documentation][prometheus-configuration] for the
exhaustive list of configuration options and ensure they are sub-keys to
`prometheus`, as we use this as requirement chart.
For instance, the requests for persistent storage can be controlled with:
```yaml
prometheus:
alertmanager:
enabled: false
persistentVolume:
enabled: false
size: 2GiB
pushgateway:
enabled: false
persistentVolume:
enabled: false
size: 2GiB
server:
persistentVolume:
enabled: true
size: 8GiB
```
[prometheus-configuration]: https://github.com/helm/charts/tree/master/stable/prometheus#configuration
### Outgoing email
By default outgoing email is disabled. To enable it, provide details for your SMTP server
......
......@@ -4,6 +4,8 @@ The table below maps some of the key previous chart versions and GitLab versions
| Chart version | GitLab version |
|---------------|----------------|
| 1.7.3 | 11.9.6 |
| 1.7.2 | 11.9.4 |
| 1.7.1 | 11.9.1 |
| 1.7.0 | 11.9.0 |
| 1.6.3 | 11.8.3 |
......
......@@ -2,6 +2,9 @@ require 'spec_helper'
describe "Restoring a backup" do
before(:all) do
stdout, status = wait_for_dependencies
fail stdout unless status.success?
wait_until_app_ready
ensure_backups_on_object_storage
stdout, status = restore_from_backup
......
......@@ -112,6 +112,13 @@ module Gitlab
return [stdout, status]
end
def wait_for_dependencies
cmd = full_command("/scripts/wait-for-deps")
stdout, status = Open3.capture2e(cmd)
return [stdout, status]
end
def pod_name
filters = 'app=task-runner'
......
......@@ -82,7 +82,7 @@ spec:
kind: Role
- group: rbac.authorization.k8s.io
kind: RoleBinding
{{ if eq .Values.global.application.allowClusterRoles true -}}
{{- if eq .Values.global.application.allowClusterRoles true }}
- group: rbac.authorization.k8s.io
kind: ClusterRole
- group: rbac.authorization.k8s.io
......@@ -98,6 +98,10 @@ spec:
kind: PersistentVolumeClaim
- group: apps
kind: Deployment
{{- if eq (index .Values "nginx-ingress" "controller" "kind") "DaemonSet" }}
- group: apps
kind: DaemonSet
{{- end }}
- group: autoscaling
kind: HorizontalPodAutoscaler
- group: apps
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment