Follow GitLab Upstream on GKE Marketplace

- Remove all references to submodules and follow the upstream GitLab Cloud Native Chart instead of a special forked repository - Create a wrapper chart for the Google GKE Marketplace named gitlab-mp allowing special configuration unique to the marketplace to be passed in without having to change the upstream chart - Add env-doctor script allowing users to quickly verify that their environment is ready to produce a GKE Marketplace update - Fortify supporting scripts to work when invoked from any path - Remove deprecated scripts - Move the Dockerfile definition and build context into the container directory and simplify it to use deployer_helm_tiller from Google Marketplace Tools - Insert schema.yaml and requirements.yaml to the build context by copying templates rather than running substitutions on the originals - Support RBAC entries inserted dynamically to the schema.yaml required by the Google Marketplace - Add tooling to build the deployer container, push it and supporting containers to the marketplace, and test and tear down the latest deployer images - Tooling is configurable via the environment to avoid the need to alter scripts during regular release cycles - Updated documentation; moved original README to doc/installing and split documentation into user versus developer Resolves: charts/gitlab#1041 Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

Follow GitLab Upstream on GKE Marketplace
cd6eba15 · Robert Marshall · 3982b71c · cd6eba15 · cd6eba15 · cd6eba15
Commit cd6eba15 authored 6 years ago by Robert Marshall
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,11 @@ build-scripts/rbac-exporter/bin/*
 build-scripts/rbac-exporter/.ruby-version
 build-scripts/rbac-exporter/.bundle/
 build-scripts/rbac-exporter/.rspec
+container/schema.yaml
+container/schema.yaml-e
+.scratch/*
+container/chart/gitlab-mp/charts/*
+container/chart/gitlab-mp/requirements.lock
+container/chart/gitlab-mp/requirements.yaml-e
+container/chart/gitlab-mp/requirements.yaml
+conf/user_env
--- a/.gitlab_gke_marketplace_build_env
+++ b/.gitlab_gke_marketplace_build_env
+# vim: set filetype=bash:
+#!/usr/bin/env bash
+################################################################################
+# Functions
+################################################################################
+# function to display progress on stderror so it doesn't interfere with
+# scripts that rely on reading output from stdout
+display_progress() {
+    msg=$1
+    if [ -n "${msg}" ]; then
+        echo "PROGRESS: ${msg}" >&2
+    fi
+}
+display_failure() {
+    msg=$1
+    if [ -n "${msg}" ]; then
+        display_progress "${msg}"
+        exit 1
+    fi
+}
+verify_registry_defined() {
+    if [ -z "${GL_MP_REGISTRY}" ]; then
+        display_failure "GL_MP_REGISTRY is not defined in the environment"
+    fi
+    if [ -z "${GL_MP_APP_NAME}" ]; then
+        display_failure "GL_MP_APP_NAME is not defined in the environment"
+    fi
+}
+################################################################################
+# Directory Paths
+################################################################################
+GL_MP_REPO="$(git rev-parse --show-toplevel)"
+GL_MP_SCRIPTS="${GL_MP_REPO}/build-scripts"
+GL_MP_SCRIPT_LIBS="${GL_MP_SCRIPTS}/lib"
+GL_MP_CHART="${GL_MP_REPO}/container/chart/gitlab-mp"
+GL_MP_SCRATCH="${GL_MP_REPO}/.scratch"
+GL_MP_CONTAINER_CONTEXT="${GL_MP_REPO}/container"
+GL_MP_TEMPLATES="${GL_MP_REPO}/templates"
+GL_MP_CONF="${GL_MP_REPO}/conf"
+################################################################################
+# Config Files
+################################################################################
+export GL_MP_SA_MAPPING_YAML="${GL_MP_CONF}/mapping.yaml"
+export GL_MP_USER_ENV="${GL_MP_CONF}/user_env"
+################################################################################
+# Template Files
+################################################################################
+export GL_MP_SCHEMA_TEMPLATE="${GL_MP_TEMPLATES}/schema.yaml.template"
+export GL_MP_REQUIREMENTS_TEMPLATE="${GL_MP_TEMPLATES}/requirements.yaml.template"
+################################################################################
+# Script Paths
+################################################################################
+export GL_MP_UPDATE_REQUIREMENTS="${GL_MP_SCRIPT_LIBS}/update-requirements-yml.sh"
+export GL_MP_UPDATE_SCHEMA="${GL_MP_SCRIPT_LIBS}/update-schema-yml.sh"
+export GL_MP_RBAC_EXPORTER="${GL_MP_SCRIPTS}/rbac-exporter/convert_chart_roles_to_schema.rb"
+export GL_MP_LIST_IMAGES="${GL_MP_SCRIPT_LIBS}/list-helm-images.sh"
+################################################################################
+# Files Created During Build Process
+################################################################################
+export GL_MP_SCHEMA_FILE="${GL_MP_CONTAINER_CONTEXT}/schema.yaml"
+export GL_MP_REQUIREMENTS_FILE="${GL_MP_CHART}/requirements.yaml"
+################################################################################
+# Read User Environment Data
+################################################################################
+if [ -f "${GL_MP_USER_ENV}" ]; then
+    . "${GL_MP_USER_ENV}"
+fi
+################################################################################
+# Configure the Environment
+################################################################################
+if [ "${GL_MP_DEBUG}" = "yes" ]; then
+    set -x
+fi
+verify_registry_defined
+export GCR_REGISTRY="${GL_MP_REGISTRY}/${GL_MP_APP_NAME}"
--- a/.gitmodules
+++ b/.gitmodules
-[submodule "gitlab"]
-	path = gitlab
-	url = https://gitlab.com/charts/gitlab-marketplace-app.git
-[submodule "deployer/source/s3cmd"]
-	path = deployer/source/s3cmd
-	url = https://github.com/s3tools/s3cmd.git
-[submodule "deployer/source/sidekiq"]
-	path = deployer/source/sidekiq
-	url = https://github.com/mperham/sidekiq.git
-[submodule "deployer/source/ruby-gpgme"]
-	path = deployer/source/ruby-gpgme
-	url = https://github.com/ueno/ruby-gpgme.git
-[submodule "deployer/source/device_detector"]
-	path = deployer/source/device_detector
-	url = https://github.com/podigee/device_detector.git
-[submodule "deployer/source/krb5-auth"]
-	path = deployer/source/krb5-auth
-	url = https://github.com/timfel/krb5-auth.git
-[submodule "deployer/source/raindrops"]
-	path = deployer/source/raindrops
-	url = https://bogomips.org/raindrops.git
-[submodule "deployer/source/licensee"]
-	path = deployer/source/licensee
-	url = https://github.com/benbalter/licensee.git
-[submodule "deployer/source/kgio"]
-	path = deployer/source/kgio
-	url = https://bogomips.org/kgio.git
-[submodule "deployer/source/gitlab-workhorse"]
-	path = deployer/source/gitlab-workhorse
-	url = https://gitlab.com/gitlab-org/gitlab-workhorse.git
-[submodule "deployer/source/gitlab-shell"]
-	path = deployer/source/gitlab-shell
-	url = https://gitlab.com/gitlab-org/gitlab-shell.git
-[submodule "deployer/source/gitaly"]
-	path = deployer/source/gitaly
-	url = https://gitlab.com/gitlab-org/gitaly.git
--- a/README.md
+++ b/README.md
-# Deploying GitLab to GKE via Google Cloud Marketplace
+# GitLab Chart for Google GKE Marketplace
-[GitLab](https://about.gitlab.com) is a single application for the complete DevOps lifecycle from project planning and source code management to CI/CD and monitoring.
+## For Developers
-The [Google Cloud Marketplace](https://cloud.google.com/launcher/) is a easy way to deploy apps like GitLab to a [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) cluster, with just a few clicks.
+Developers should consult
+[the instructions for building and testing](doc/building-deployer.md) for
+more information about how to use the included build tooling.
-> **Note:** For production deployments, we recommend using the [`gitlab` Helm chart](https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html) and configuring [external PostgreSQL, Redis, and object storage services](https://gitlab.com/charts/gitlab/tree/master/doc/advanced).
+## For Users and Administrators
-# Installation
+Consult the [documentation about installing GitLab from the Marketplace](doc/installing.md).
-## Quick install with Google Cloud Marketplace
-Deploy GitLab to Google Kubernetes Engine using Google Cloud Marketplace, by following the [on-screen instructions](https://console.cloud.google.com/marketplace/details/gitlab-public/gitlab).
-## Command line instructions
-### Prerequisites
-#### Set up command-line tools
-You'll need the following tools in your development environment:
- [gcloud](https://cloud.google.com/sdk/gcloud/)
- [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
- [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md)
- [docker](https://docs.docker.com/install/)
- [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
-Configure `gcloud` as a Docker credential helper:
-```shell
-gcloud auth configure-docker
-```
-#### Create a Google Kubernetes Engine cluster
-Create a new cluster from the command-line.
-```shell
-export CLUSTER=marketplace-cluster
-export ZONE=us-west1-a
-gcloud container clusters create "$CLUSTER" --zone "$ZONE"
-```
-Configure `kubectl` to talk to the new cluster.
-```shell
-gcloud container clusters get-credentials "$CLUSTER" --zone "$ZONE"
-```
-#### Clone this repo
-Clone this repo and the associated tools repo.
-```shell
-git clone --recurse-submodules https://gitlab.com/charts/deploy-image-helm-base.git
-gcloud source repos clone google-marketplace-k8s-app-tools --project=k8s-marketplace-eap
-```
-#### Install the Application resource definition
-Do a one-time setup for your cluster to understand Application resources.
-```shell
-kubectl apply -f google-marketplace-k8s-app-tools/crd/*
-```
-The Application resource is defined by the
-[Kubernetes SIG-apps](https://github.com/kubernetes/community/tree/master/sig-apps)
-community. The source code can be found on
-[github.com/kubernetes-sigs/application](https://github.com/kubernetes-sigs/application).
-#### Configure the app
-Open and edit `deploy-image-helm-base/gitlab/values.yaml` to customize the settings and desired container images. Additional information on the available settings is available in the `deploy-image-helm-base/gitlab/docs/` folder.
-#### Expand the manifest template and apply to Kubernetes
-```shell
-helm template gitlab --set APP_INSTANCE_NAME=$APP_INSTANCE_NAME,NAMESPACE=$NAMESPACE > expanded.yaml
-kubectl apply -f expanded.yaml
-```
-### Setting up DNS
-Retrieve the IP address GitLab is available at, note it may take a few minutes for the IP address to populate:
-```shell
-kubectl get \
--namespace <namespace> \
-ing <name>-unicorn \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}'
-```
-Then configure a DNS record for the domain you provided during installation, resolving to the IP address you retrieved above.
-### Signing in
-Browse to https://`gitlab.<yourdomain>`.
-GitLab is provisioned with a randomly generated administrator password. To retrieve it: 
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl get secret -n $NAMESPACE $APP_INSTANCE_NAME-gitlab-initial-root-password -ojsonpath={.data.password} | base64 --decode
-```
-# Administration of GitLab
-GitLab offers a number of different options to customize the behavior to your needs. More information is available in our [administration documentation](https://docs.gitlab.com/ee/administration/index.html#configuring-gitlab).
-## Configuring a valid TLS certificate
-By default GitLab will utilize self-signed certificates. To utilize your own certificate:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl create secret tls -n $NAMESPACE $APP_INSTANCE_NAME-wildcard-tls --cert=<path/to-full-chain.crt> --key=<path/to.key> --dry-run -o json | kubectl apply -f -
-```
-## Update GitLab
-GitLab is made up of multiple containers, each with their own images. These individual containers should be updated together, to ensure proper functionality. Database migrations also need to be run, to update the schema and any required data.
-Because of this, the best way to perform an upgrade is to clone this repo: 
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-git clone --recurse-submodules https://gitlab.com/charts/deploy-image-helm-base.git
-```
-Next, edit `gitlab/values.yaml` and be sure that any changes made during installation, or after, have been applied. Once complete, expand the Helm chart and apply it:
-```shell
-helm template gitlab --set APP_INSTANCE_NAME=$APP_INSTANCE_NAME,NAMESPACE=$NAMESPACE > expanded.yaml
-kubectl apply -f expanded.yaml
-```
-## Backup and Restore
-Detailed documentation on backup and restore is available [here](https://gitlab.com/charts/gitlab/tree/master/doc/backup-restore).
-## Scaling
-To make it easier to scale GitLab we include [horizontal pod autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/), which add additional replicas as load increases.
-By default, these are limited to single replica. To view the current scaling status:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl get hpa \
-  --namespace $NAMESPACE
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
-You can then change the parameters by deleting the autoscaler and recreating it. For example, to change the minimum pods to 2 and maximum pods to 10 for `gitlab-unicorn`:
-```shell
-kubectl patch hpa -n $NAMESPACE $APP_INSTANCE_NAME-unicorn --patch '{"spec":{"maxReplicas":10}}'
-kubectl patch hpa -n $NAMESPACE $APP_INSTANCE_NAME-unicorn --patch '{"spec":{"minReplicas":2}}'
-```
-# Uninstall the Application
-## Using GKE UI
-Navigate to `GKE > Applications` in GCP console. From the list of applications, click on the one that you wish to uninstall.
-On the new screen, click on the `Delete` button located in the top menu. It will remove
-the resources attached to this application.
-## Using the command line
-### Prepare the environment
-Set your installation name and Kubernetes namespace:
-```shell
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-```
-### Delete the resources
-> **NOTE:** Please keep in mind that `kubectl` guarantees support for Kubernetes server in +/- 1 versions.
-> It means that for instance if you have `kubectl` in version 1.10.&ast; and Kubernetes 1.8.&ast;,
-> you may experience incompatibility issues, like not removing the StatefulSets with
-> apiVersion of apps/v1beta2.
-If you still have the expanded manifest file used for the installation, you can use it to delete the resources.
-Run `kubectl` on expanded manifest file matching your installation:
-```shell
-kubectl delete -f $APP_INSTANCE_NAME_manifest.yaml --namespace $NAMESPACE
-```
-Otherwise, delete the resources by indication of types and a label:
-```shell
-kubectl delete configmap,ingress,hpa,pdb,deployment,job,statefulset,secret,service \
-  --namespace $NAMESPACE \
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
-### Delete the persistent volumes of your installation
-By design, removal of resources in Kubernetes does not remove the PersistentVolumeClaims that
-were attached to their Pods. It protects your installations from mistakenly deleting important data.
-If you wish to remove the PersistentVolumeClaims with their attached persistent disks, run the
-following `kubectl` commands:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl delete persistentvolumeclaims \
-  --namespace $NAMESPACE
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
\ No newline at end of file
--- a/build-scripts/.gitkeep
+++ b/build-scripts/.gitkeep
--- a/build-scripts/build-marketplace-release.sh
+++ b/build-scripts/build-marketplace-release.sh
+#!/usr/bin/env bash
+# build-release.sh
+#
+# Builds a release for GKE Marketplace
+# expects no arguments
+# Import Environment Setup
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+################################################################################
+# Validate Build Variables from Environment
+################################################################################
+[ -z "${GL_RELEASE_VERSION}" ] && display_failure "GL_RELEASE_VERSION is not defined in the environment."
+[ ! -f "${GL_MP_REQUIREMENTS_TEMPLATE}" ] && display_failure "${GL_MP_REQUIREMENTS_TEMPLATE} is missing"
+[ ! -f "${GL_MP_SCHEMA_TEMPLATE}" ] && display_failure "${GL_MP_SCHEMA_TEMPLATE} is missing"
+[ ! -d "${GL_MP_CONTAINER_CONTEXT}" ] && display_failure "${GL_MP_CHART} does not exist"
+[ ! -d "${GL_MP_CHART}" ] && display_failure "${GL_MP_CHART} does not exist"
+################################################################################
+# Update requirements.yaml
+################################################################################
+display_progress "Copying template to operational requirements file"
+if cp -a "${GL_MP_REQUIREMENTS_TEMPLATE}" "${GL_MP_REQUIREMENTS_FILE}"; then
+    display_progress "...completed"
+else
+    display_failure "...failed"
+fi
+display_progress "Updating GitLab Release Version in requirements.yaml"
+if "${GL_MP_UPDATE_REQUIREMENTS}"; then
+    display_progress "...requirements.yaml updated using GitLab Chart v${GL_RELEASE_VERSION}"
+else
+    display_failure "...requirements.yaml update failed"
+fi
+################################################################################
+# Update schema.yaml
+################################################################################
+display_progress "Copying template to operational schema file"
+if cp -a "${GL_MP_SCHEMA_TEMPLATE}" "${GL_MP_SCHEMA_FILE}"; then
+    display_progress "...completed"
+else
+    display_failure "...failed"
+fi
+display_progress "Updating image tags and RBAC configurations in schema.yaml"
+if "${GL_MP_UPDATE_SCHEMA}"; then
+    display_progress "...schema.yaml update complete"
+else
+    display_failure "...schema.yaml updating failed"
+fi
+################################################################################
+# Add tarball with charts to gitlab-mp
+################################################################################
+display_progress "Updating GitLab Marketplace helm chart dependencies"
+if helm dependency build "${GL_MP_CHART}"; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+################################################################################
+# Build the Deployer Container
+################################################################################
+# We are not using $TAG and $REGISTRY in the same way as defined in the
+# Google GKE Marketplace documentation so we don't pass it here. If we
+# were to pass it, it would also have to be in the schema.yaml
+display_progress "Attempting to build GitLab Marketplace deployer container"
+if docker build -t "${GCR_REGISTRY}/deployer" "${GL_MP_CONTAINER_CONTEXT}"; then
+    display_progress "...deployer container build complete"
+else
+    display_failure "...deployer container build failed"
+fi
+################################################################################
+# Post Build Cleanup
+################################################################################
+# sed leaves copies of the pre-replacement file
+dead_files="${GL_MP_SCHEMA_FILE}-e ${GL_MP_REQUIREMENTS_FILE}-e"
+display_progress "Post Build Cleanup"
+for file in $dead_files; do
+    if [ -f "${file}" ]; then
+        display_progress "Detected ${file}"
+        if rm "${file}"; then
+            display_progress "...${file} has been removed automatically"
+        else
+            display_progress "...${file} was not automatically removed"
+        fi
+    fi
+done
+display_progress "Build Complete!"
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
-function major_version_number() {
-  echo "$1" | cut -d"." -f 1
-}
\ No newline at end of file
--- a/build-scripts/env-doctor.sh
+++ b/build-scripts/env-doctor.sh
+#!/usr/bin/env bash
+# Check the environment to be sure the user can actually build and use the
+# tooling included with this repository.
+display_error() {
+    echo "[PROBLEM] $1"
+    final_exit=1
+}
+final_exit=0
+REQUIRED_COMMANDS="git gcloud kubectl helm mpdev podman docker ruby"
+# environment configuration must exist
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+if [ ! -f "${GL_MP_ENV_CONFIG}" ]; then
+    display_error "Missing ${GL_MP_ENV_CONFIG}"
+fi
+echo "[START] Checking environment for tools necessary to build a GitLab GKE Marketplace release..."
+found_runtime="no"
+for app in $REQUIRED_COMMANDS; do
+    found_it="Found"
+    if ! command -v "${app}" > /dev/null 2>&1; then
+        found_it="Not Found"
+        if [ "${app}" != "docker" ] && [ "${app}" != "podman" ]; then
+            final_exit=1
+        fi
+    else
+        if [ "${app}" != "docker" ] && [ "${app}" != "podman" ]; then
+            found_runtime="yes"
+        fi
+    fi
+    echo "Checking for ${app}...${found_it}"
+done
+# container runtime is required
+if [ "${found_runtime}" = "no" ]; then
+    display_error "Missing a container runtime"
+    final_exit=1
+fi
+if kubectl get crd --all-namespaces|grep -q 'applications.app.k8s.io' > /dev/null 2>&1; then
+    echo "The GKE Marketplace Application CRD has been applied"
+else
+    display_error "The GKE Marketplace Application CRD has not been applied"
+    final_exit=1
+fi
+if [ $final_exit = 0 ]; then
+    echo "[SUCCESS] Environment is ready to build GitLab GKE Marketplace"
+else
+    echo "[FAILURE] Resolve above issues to build GitLab GKE Marketplace"
+fi
+exit $final_exit
--- a/build-scripts/lib/list-helm-images.sh
+++ b/build-scripts/lib/list-helm-images.sh
+#!/usr/bin/env bash
+set -eo pipefail
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+[ ! -d "${GL_MP_CHART}" ] && display_failure "Cannot find ${GL_MP_CHART}"
+pushd "${GL_MP_CHART}" > /dev/null
+display_progress "Configure helm for templating"
+if helm init --client-only > /dev/null; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+display_progress "Adding GitLab charts helm repository"
+if helm repo add gitlab https://charts.gitlab.io/ > /dev/null; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+display_progress "Updating helm repository"
+if helm repo update > /dev/null; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+display_progress "Updating helm chart dependencies"
+if helm dep update > /dev/null; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+display_progress "Generating list of container images"
+if helm template . --set certmanager-issuer.email=none@none.com | \
+        yq -r ". | select( .kind == \"Job\" or .kind == \"Deployment\" or .kind == \"StatefulSet\" or .kind == \"DaemonSet\" ) | .spec.template.spec | [.containers,.initContainers] | .[] | select(.!=null) | .[].image" | \
+   sort | uniq; then
+    display_progress "...complete"
+else
+    display_failure "...failed"
+fi
+popd > /dev/null
--- a/build-scripts/lib/update-requirements-yml.sh
+++ b/build-scripts/lib/update-requirements-yml.sh
+#!/usr/bin/env bash
+# update-requirements-yml
+# Script to update the GitLab version number in the requirements.yaml
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+[ -f "${GL_MP_REQUIREMENTS_FILE}" ] || display_failure "${GL_MP_REQUIREMENTS_FILE} missing!"
+[ -z "${GL_RELEASE_VERSION}" ] && display_failure "GL_RELEASE_VERSION is not defined in the environment."
+pattern="s/\$GL_RELEASE_VERSION/${GL_RELEASE_VERSION}/"
+sed -i -e "${pattern}" "${GL_MP_REQUIREMENTS_FILE}"
--- a/build-scripts/lib/update-schema-yml.sh
+++ b/build-scripts/lib/update-schema-yml.sh
+#!/usr/bin/env bash
+# update-schema-yml
+# Script to update the image tags of schema.yml based on the image tags
+# of the rendered helm template.
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+function findImage() {
+    grep -q "default: [\"]\{0,1\}\$REGISTRY/$1" "${GL_MP_SCHEMA_FILE}"
+}
+function replaceTagOnImage() {
+    IMAGE=$1
+    TAG=$2
+    pattern="s/[\"]\{0,1\}\$REGISTRY\/${IMAGE}:.*[\"]\{0,1\}$/\"\$REGISTRY\/${IMAGE}:${TAG}\"/"
+    sed -i -e $pattern $GL_MP_SCHEMA_FILE
+}
+if [ ! -f "${GL_MP_SCHEMA_FILE}" ]; then
+  display_failure "Unable to find file: ${GL_MP_SCHEMA_FILE}"
+fi
+display_progress "Resetting old scratch environment"
+if [ -e "${GL_MP_SCRATCH}" ]; then
+   if [ -d "${GL_MP_SCRATCH}" ]; then
+       if rm -Rf "${GL_MP_SCRATCH}"; then
+           display_progress "...old scratch files removed"
+       else
+           display_failure "...failed to remove old scratch files"
+       fi
+   else
+       display_failure "...${GL_MP_SCRATCH} exists and is not a directory"
+   fi
+fi
+if mkdir -p "${GL_MP_SCRATCH}"; then
+    display_progress "...scratch reset complete"
+else
+    display_failure "...scratch reset failed"
+fi
+export GL_MP_HELM_RBAC_TEMPLATE="${GL_MP_SCRATCH}/helm_template_with_rbac.yaml"
+export GL_MP_SCHEMA_HEAD="${GL_MP_SCRATCH}/.schema.head.yaml"
+export GL_MP_SCHEMA_RBAC_ENTRIES="${GL_MP_SCRATCH}/.rbac_entries.yaml"
+export GL_MP_SCHEMA_TAIL="${GL_MP_SCRATCH}/.schema.tail.yaml"
+has_failed_image="no"
+for image in $("${GL_MP_SCRIPT_LIBS}"/list-helm-images.sh); do
+    sourceImageName="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
+    sourceImageTag="${image//*:}"
+    image_msg="Image: ${sourceImageName}"
+    if ! findImage "${sourceImageName}"; then
+        image_msg="${image_msg} !! NOT FOUND"
+        has_failed_image="yes"
+    else
+        replaceTagOnImage "${sourceImageName}" "${sourceImageTag}"
+    fi
+    display_progress "${image_msg}"
+done
+if [ ${has_failed_image} = "yes" ]; then
+    display_failure "Failed to locate some images, review logs above"
+fi
+pushd "${GL_MP_CHART}" > /dev/null
+display_progress "Generating helm template containing RBAC entries"
+if helm template . --set certmanager-issuer.email=none@none.com,gitlab.nginx-ingress.serviceAccount.create=true,gitlab.shared-secrets.serviceAccount.create=true \
+    --name "${GL_MP_APP_INSTANCE_NAME}" > "${GL_MP_HELM_RBAC_TEMPLATE}" ; then
+    display_progress "...generated yaml from helm template invocation"
+else
+    display_failure "...failed to generate yaml from helm template invocation"
+fi
+popd > /dev/null
+display_progress "Exporting RBAC schema entries from Helm Template"
+if "${GL_MP_RBAC_EXPORTER}" -t "${GL_MP_HELM_RBAC_TEMPLATE}" -i 2 -m "${GL_MP_SA_MAPPING_YAML}"> "${GL_MP_SCHEMA_RBAC_ENTRIES}"; then
+    display_progress "...generated RBAC schema entries"
+else
+    display_failure "...failed to generate RBAC schema entries"
+fi
+# TODO: How to wrap this up for a guard?
+#       Would prefer to set the variable & verify grep came back with
+#       non-zero at same time
+#       For now, it will fail if grep fails because of -e
+line_number=$(grep -n "\$RBAC_ENTRIES" "${GL_MP_SCHEMA_FILE}"|cut -d ':' -f 1)
+display_progress "Exporting Schema Head"
+if head -n $((line_number-1)) "${GL_MP_SCHEMA_FILE}" > "${GL_MP_SCHEMA_HEAD}"; then
+    display_progress "...succeeded"
+else
+    display_failure "...failed"
+fi
+display_progress "Exporting Schema Tail"
+if sed -n $((line_number+1))', $p' "${GL_MP_SCHEMA_FILE}" > "${GL_MP_SCHEMA_TAIL}"; then
+    display_progress "...succeeded"
+else
+    display_failure "...failed"
+fi
+display_progress "Re-assembling Schema with RBAC entries"
+if  cp "${GL_MP_SCHEMA_HEAD}" "${GL_MP_SCHEMA_FILE}"; then
+    display_progress "...schema head injected"
+else
+    display_failure "...schema head injection failed"
+fi
+if cat "${GL_MP_SCHEMA_RBAC_ENTRIES}" >> "${GL_MP_SCHEMA_FILE}"; then
+    display_progress "...schema RBAC entries injected"
+else
+    display_failure "...schema RBAC entries injection failed"
+fi
+if cat "${GL_MP_SCHEMA_TAIL}" >> "${GL_MP_SCHEMA_FILE}"; then
+    display_progress "...schema tail injected"
+else
+    display_failure "...schema tail injection failed"
+fi
--- a/build-scripts/list-helm-images.sh
+++ b/build-scripts/list-helm-images.sh
-#!/bin/bash
-set -exo pipefail
-cd gitlab
-helm init --client-only > /dev/null
-helm repo add gitlab https://charts.gitlab.io/ > /dev/null
-helm repo update > /dev/null
-helm dep update > /dev/null
-helm template . --set certmanager-issuer.email=none@none.com | \
-   yq -r ". | select( .kind == \"Job\" or .kind == \"Deployment\" or .kind == \"StatefulSet\" or .kind == \"DaemonSet\" ) | .spec.template.spec | [.containers,.initContainers] | .[] | select(.!=null) | .[].image" | \
-   sort | uniq
-cd ..
\ No newline at end of file
--- a/build-scripts/mirror-helm-images.sh
+++ b/build-scripts/mirror-helm-images.sh
-#!/usr/bin/env bash
-set -e
-GCR_REGISTRY=${GCR_REGISTRY:-"gcr.io/top-chain-204115/gitlab"}
-for image in $(build-scripts/list-helm-images.sh); do
-    SOURCE_IMAGE_NAME="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
-    SOURCE_IMAGE_TAG="${image//*:}"
-    MIRRORED_IMAGE="${GCR_REGISTRY}/${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}"
-    docker pull "$image"
-    docker tag "$image" "$MIRRORED_IMAGE"
-    docker push "$MIRRORED_IMAGE"
-done
--- a/build-scripts/push-container-dependencies.sh
+++ b/build-scripts/push-container-dependencies.sh
+#!/usr/bin/env bash
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+for image in $("${GL_MP_LIST_IMAGES}"); do
+    source_image_name="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
+    source_image_tag="${image//*:}"
+    mirrored_image="${GCR_REGISTRY}/${source_image_name}:${source_image_tag}"
+    if docker pull "${image}"; then
+        display_progress "Pulled ${image} to local container registry"
+    else
+        display_failure "Unable to pull ${image} to local container registry"
+    fi
+    if docker tag "${image}" "${mirrored_image}"; then
+        display_progress "Created tag ${mirrored_image} referring to ${image}"
+    else
+        display_failure "Unable to create tag ${mirrored_image} referring to ${image}"
+    fi
+    if docker push "${mirrored_image}"; then
+        display_progress "Pushed ${mirrored_image}"
+    else
+        display_failure "Unable to push ${mirrored_image}"
+    fi
+done
--- a/build-scripts/push-marketplace-release.sh
+++ b/build-scripts/push-marketplace-release.sh
+#!/bin/bash
+# Import build environment variables and shared functions
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+display_progress "Pushing deployer to ${GCR_REGISTRY}"
+if docker push "${GCR_REGISTRY}/deployer"; then
+    display_progress "...push complete"
+else
+    display_failure "...push failed"
+fi
--- a/build-scripts/tear-down-marketplace-release-test.sh
+++ b/build-scripts/tear-down-marketplace-release-test.sh
+#!/bin/bash
+# Import build environment variables and shared functions
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+function cleanup() {
+    kubectl -n "${GL_MP_NAMESPACE}" get ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,applications 2>&1 \
+      | grep "${GL_MP_APP_INSTANCE_NAME}" \
+      | awk '{print $1}' \
+      | xargs kubectl -n "${GL_MP_NAMESPACE}" delete \
+      || true
+}
+display_progress "Starting test environment tear down"
+if cleanup; then
+    display_progress "...completed successfully"
+else
+    display_failure "...tear down failed"
+fi
--- a/build-scripts/test-marketplace-release.sh
+++ b/build-scripts/test-marketplace-release.sh
+#!/bin/bash
+# Import build environment variables and shared functions
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+if ! verify_registry_defined; then
+    display_failure "Nope Nope Nope"
+fi
+parameter="{\"APP_INSTANCE_NAME\": \"$GL_MP_APP_INSTANCE_NAME\",\"NAMESPACE\": \"$GL_MP_NAMESPACE\", \"global.hosts.domain\": \"$GL_MP_TLD\"}"
+display_progress "Attempting to deploy test instance"
+if mpdev /scripts/install --deployer="${GCR_REGISTRY}/deployer:latest" --parameters="${parameter}"; then
+    display_progress "...Deployment sent to cluster"
+else
+    display_progress "...Deployment failed."
+fi
--- a/build-scripts/update-schema-yml.sh
+++ b/build-scripts/update-schema-yml.sh
-#!/usr/bin/env bash
-# update-schema-yml
-# Script to update the image tags of schema.yml based on the image tags
-# of the rendered helm template.
-set -e
-SCHEMA_FILE=${SCHEMA_FILE:-schema.yaml}
-function findImage() {
-    grep -q "default: [\"]\{0,1\}\$REGISTRY/$1" $SCHEMA_FILE
-}
-function replaceTagOnImage() {
-    IMAGE=$1
-    TAG=$2
-    pattern="s/[\"]\{0,1\}\$REGISTRY\/${IMAGE}:.*[\"]\{0,1\}$/\"\$REGISTRY\/${IMAGE}:${TAG}\"/"
-    sed -i -e $pattern $SCHEMA_FILE
-}
-if [ ! -f $SCHEMA_FILE ]; then
-  echo "Unable to find file: $SCHEMA_FILE"
-fi
-for image in $(build-scripts/list-helm-images.sh); do
-    sourceImageName="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
-    sourceImageTag="${image//*:}"
-    echo -n "Image: ${sourceImageName}"
-    if ! findImage $sourceImageName ; then
-        echo ' !! NOT FOUND'
-    else
-        echo ''
-        replaceTagOnImage $sourceImageName $sourceImageTag
-    fi
-done
--- a/conf/mapping.yaml
+++ b/conf/mapping.yaml
+---
+gl-mp-app-nginx-ingress: gitlab.nginx-ingress.serviceAccount.name
+gl-mp-app-shared-secrets: gitlab.shared-secrets.serviceAccount.name
--- a/conf/user_env.EXAMPLE
+++ b/conf/user_env.EXAMPLE
+# vim: set filetype=bash:
+# Define each value below according to the specific development environment.
+################################################################################
+# Configure Debugging
+################################################################################
+# "yes" will turn on heavy debugging
+# GL_MP_DEBUG="yes"
+################################################################################
+# Variables that control the GKE Cluster
+################################################################################
+# The name of the cluster in GKE Console
+#GL_MP_CLUSTER=[gke_cluster_name]
+# The name of the GKE Zone eg: us-central1-b
+#GL_MP_ZONE=[gke_zone_name]
+# The Project ID field from GKE Console
+#GL_MP_PROJECT_ID=[gke_project_id]
+################################################################################
+# Variables that control the registry containing marketplace images
+################################################################################
+# The container registry where the marketplace images should be pushed
+#GL_MP_REGISTRY="gcr.io/top-chain-204115"
+# The application name when deployed into a Kubernetes Cluster
+#GL_MP_APP_NAME="gitlab"
+################################################################################
+# Variables controlling values specific to the deployment in Kubernetes
+################################################################################
+# The helm RELEASE_NAME when deploying to the GKE cluster
+#GL_MP_APP_INSTANCE_NAME=[RELEASE_NAME]
+# Kubernetes Namespace for deploying the chart
+#GL_MP_NAMESPACE=[namespace]
+# The top level domain, eg creating gitlab.TLD
+#GL_MP_TLD=[top_level_domain]
+################################################################################
+# Values that define what version will be used to create the helm deployment
+################################################################################
+# Semantic version of the upstream GitLab Chart being packaged
+#GL_RELEASE_VERSION=[semantic.version]