Commit 446688b2 authored by Jason Plum's avatar Jason Plum

Merge branch '1506-gitlab-shell-to-workhorse' into 'master'

Resolve "Route gitlab-shell through Workhorse instead of Unicorn"

Closes #1506

See merge request !1114
parents 046b46ce 69c5ae80
Pipeline #113069699 failed with stages
in 27 minutes and 1 second
---
title: Route gitlab-shell and gitaly requests through workhorse
merge_request: 1114
author: Dmitry Chepurovskiy
type: fixed
......@@ -128,7 +128,7 @@ data:
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http://{{ template "gitlab.unicorn.host" . }}:{{ default 8080 .Values.unicorn.port }}/"
gitlab_url: "http://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }}/"
secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret
......
......@@ -58,10 +58,12 @@ ruby: {}
prometheus: {}
# grpcLatencyBuckets: "[1.0, 1.5, 2.0, 2.5]"
unicorn: {}
workhorse:
# by default, Workhorse is a part of the Unicorn Pods / Service
serviceName: unicorn
# host: '0.0.0.0'
# serviceName: 'unicorn'
# port: 8080
# port: 8181
redis: {}
shell:
authToken: {}
......
......@@ -17,7 +17,7 @@ data:
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http://{{ template "gitlab.unicorn.host" . }}:{{ default 8080 .Values.unicorn.port }}/"
gitlab_url: "http://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }}/"
secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret
......
......@@ -38,11 +38,12 @@ global:
enabled: true
annotations: {}
unicorn:
workhorse:
# by default, Workhorse is a part of the Unicorn Pods / Service
serviceName: unicorn
# host: '0.0.0.0'
# serviceName: 'unicorn'
# port: 8080
# port: 8181
redis:
password: {}
resources:
......
{{/* ######### unicorn templates */}}
{{/*
Return the unicorn hostname
If the unicorn host is provided, it will use that, otherwise it will fallback
to the service name
*/}}
{{- define "gitlab.unicorn.host" -}}
{{- if .Values.unicorn.host -}}
{{- .Values.unicorn.host -}}
{{- else -}}
{{- $name := default "unicorn" .Values.unicorn.serviceName -}}
{{- printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- end -}}
{{/* ######### workhorse templates */}}
{{/*
Return the workhorse hostname
If the workhorse host is provided, it will use that, otherwise it will fallback
to the service name
*/}}
{{- define "gitlab.workhorse.host" -}}
{{- if .Values.workhorse.host -}}
{{- .Values.workhorse.host -}}
{{- else -}}
{{- $name := default "unicorn" .Values.workhorse.serviceName -}}
{{- printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- end -}}
{{- define "gitlab.workhorse.port" -}}
{{- if .Values.workhorse.port -}}
{{- .Values.workhorse.port -}}
{{- else -}}
{{- $port:= default "8181" .Values.workhorse.port -}}
{{- $port -}}
{{- end -}}
{{- end -}}
......@@ -4,7 +4,7 @@ The `gitaly` sub-chart provides a configurable deployment of Gitaly Servers.
## Requirements
This chart depends on access to Redis and Unicorn services, either as part of the
This chart depends on access to Redis and Workhorse services, either as part of the
complete GitLab chart or provided as external services reachable from the Kubernetes
cluster this chart is deployed onto.
......@@ -125,8 +125,8 @@ annotations:
## External Services
This chart should be attached the Unicorn service, and should also use the same Redis
as the attached Unicorn service.
This chart should be attached the Workhorse service, and should also use the same Redis
as the attached Workhorse service.
### Redis
......@@ -145,26 +145,26 @@ redis:
NOTE: **Note:** Credentials will be sourced from `global.redis.password` values.
### Unicorn
### Workhorse
```yaml
unicorn:
host: unicorn.example.com
workhorse:
host: workhorse.example.com
serviceName: unicorn
port: 8080
port: 8181
```
| Name | Type | Default | Description |
|:------------- |:-------:|:--------- |:----------- |
| `host` | String | | The hostname of the Unicorn server. This can be omitted in lieu of `serviceName`. |
| `port` | Integer | `8080` | The port on which to connect to the Unicorn server.|
| `serviceName` | String | `unicorn` | The name of the `service` which is operating the Unicorn server. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Unicorn as a part of the overall GitLab chart. |
| `host` | String | | The hostname of the Workhorse server. This can be omitted in lieu of `serviceName`. |
| `port` | Integer | `8181` | The port on which to connect to the Workhorse server.|
| `serviceName` | String | `unicorn` | The name of the `service` which is operating the Workhorse server. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Workhorse as a part of the overall GitLab chart. |
## Chart Settings
The following values are used to configure the Gitaly Pods.
NOTE: **Note:** Gitaly uses an Auth Token to authenticate with the Unicorn and Sidekiq
NOTE: **Note:** Gitaly uses an Auth Token to authenticate with the Workhorse and Sidekiq
services. The Auth Token secret and key are sourced from the `global.gitaly.authToken`
value. Additionally, the Gitaly container has a copy of GitLab Shell, which has some configuration
that can be set. The Shell authToken is sourced from the `global.shell.authToken`
......
......@@ -4,7 +4,7 @@ The `gitlab-shell` sub-chart provides an SSH server configured for Git SSH acces
## Requirements
This chart depends on access to Redis and Unicorn services, either as part of the
This chart depends on access to Redis and Workhorse services, either as part of the
complete GitLab chart or provided as external services reachable from the Kubernetes
cluster this chart is deployed onto.
......@@ -59,7 +59,7 @@ with `global.shell.port`, and defaults to `22`.
| `service.loadBalancerSourceRanges` | | List of IP CIDRs allowed access to LoadBalancer (if supported) |
| `service.type` | `ClusterIP` | Shell service type |
| `tolerations` | `[]` | Toleration labels for pod assignment |
| `unicorn.serviceName` | `unicorn` | Unicorn service name |
| `workhorse.serviceName` | `unicorn` | Workhorse service name (by default, Workhorse is a part of the Unicorn Pods / Service) |
## Chart configuration examples
......@@ -113,8 +113,8 @@ annotations:
## External Services
This chart should be attached the Unicorn service, and should also use the same Redis
as the attached Unicorn service.
This chart should be attached the Workhorse service, and should also use the same Redis
as the attached Workhorse service.
### Redis
......@@ -147,20 +147,20 @@ deployment through the GitLab chart should be disabled with `redis.install=false
The Secret containing the Redis password will need to be manually created
before deploying the GitLab chart.
### Unicorn
### Workhorse
```yaml
unicorn:
host: unicorn.example.com
workhorse:
host: workhorse.example.com
serviceName: unicorn
port: 8080
port: 8181
```
| Name | Type | Default | Description |
|:--------------|:-------:|:----------|:------------|
| `host` | String | | The hostname of the Unicorn server. This can be omitted in lieu of `serviceName`. |
| `port` | Integer | `8080` | The port on which to connect to the Unicorn server.|
| `serviceName` | String | `unicorn` | The name of the `service` which is operating the Unicorn server. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Unicorn as a part of the overall GitLab chart. |
| `host` | String | | The hostname of the Workhorse server. This can be omitted in lieu of `serviceName`. |
| `port` | Integer | `8181` | The port on which to connect to the Workhorse server.|
| `serviceName` | String | `unicorn` | The name of the `service` which is operating the Workhorse server. By default, Workhorse is a part of the Unicorn Pods / Service. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Workhorse as a part of the overall GitLab chart. |
## Chart Settings
......@@ -173,8 +173,8 @@ secret must start with the key names `ssh_host_` in order to be used by GitLab S
### authToken
GitLab Shell uses an Auth Token in its communication with Unicorn. Share the token
with GitLab Shell and Unicorn using a shared Secret.
GitLab Shell uses an Auth Token in its communication with Workhorse. Share the token
with GitLab Shell and Workhorse using a shared Secret.
```yaml
authToken:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment