Service Annotations aren't being applied
Summary
I know this was supposed to be addressed in #202 (closed) and the corresponding MR. However, when I set
global.service.annotations
the annotations don't appear in the service gitlab-nginx-ingress-controller
When running in a private VPC, this annotation is necessary to get kubernetes to apply an internal load balancer. As it is, without directly patching the nginx-ingress-controller service directly, the install will fail.
My current workaround is to run the install in the background, then patch the service using :
kubectl patch -n gitlab service gitlab-nginx-ingress-controller --type=json -p='[{"op": "add", "path": "/metadata/annotations", value: { "service.beta.kubernetes.io/aws-load-balancer-internal": "0.0.0.0/0"} }]'
But I think there are some other side effects of this failure. Namely that the deployments for gitlab-unicorn and gitlab-sidekiq-all-in-1-v1 become paused and do not resume (without manual intervention)
Steps to reproduce
Deploy via helm3 Then have a look at the service:
kubectl -n gitlab get service gitlab-nginx-ingress-controller -o yaml
Configuration used
helm3 install --namespace=gitlab --replace gitlab gitlab/gitlab \
--debug -v 5 \
--wait --timeout 15m0s \
--set global.hosts.domain=<mydomain.com> \
--set global.hosts.gitlab.https=true \
--set global.hosts.minio.https=true \
--set global.hosts.registry.https=true \
--set global.ingress.tls.enabled=true \
--set global.initialRootPassword."secret"=gitlab-gitlab-initial-root-password \
--set global.initialRootPassword."password"=$MYPASS \
--set certmanager.install=false \
--set global.ingress.configureCertmanager=false \
--set global.ingress.tls.secretName=gitlab-tls \
--set gitlab.unicorn.ingress.tls.secretName=unicorn-tls \
--set registry.ingress.tls.secretName=registry-tls \
--set minio.ingress.tls.secretName=minio-tls \
--set global.ingress.annotations."kubernetes\.io/tls-acme"=true \
--set global.ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
--set global.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"=0.0.0.0/0 \
--set global.operator.enabled=true \
--set global.edition=ce \
--set postgresql.install=false \
--set global.psql.password.secret=gitlab-postgres \
--set global.psql.password.key=password \
--set global.psql.port=5432 \
--set global.psql.username=postgres \
--set global.psql.serviceName=$PGHOST
Current behavior
The service manifest is created with no annotations.
---
# Source: gitlab/charts/nginx-ingress/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
name: RELEASE-NAME-nginx-ingress-controller
namespace: default
labels:
component: "controller"
app: nginx-ingress
chart: nginx-ingress-0.30.0-1
release: RELEASE-NAME
heritage: Helm
spec:
Expected behavior
I expect to see in the service manifest for gitlab-nginx-ingress-controller
---
# Source: gitlab/charts/nginx-ingress/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
name: RELEASE-NAME-nginx-ingress-controller
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
labels:
component: "controller"
app: nginx-ingress
chart: nginx-ingress-0.30.0-1
release: RELEASE-NAME
heritage: Helm
Versions
- Chart: v3.1.5 (verified against
master
@ 10e241a5) - Platform:
- Cloud: AWS
- Self-hosted: Kops in private VPC
- Kubernetes: (
kubectl version
)- Client: 1.17.3
- Server: 1.17.3
- Helm: (
helm version
)- Client: 3.1.1
- Server: N/A
Relevant logs
(Please provide any relevate log snippets you have collected, using code blocks (```) to format)