helm chart for task runner missing terraform_state
Summary
(Summarize the bug encountered, concisely as possible)
I deployed the GitLab Helm chart to a EKS cluster, using S3 external storage (values.yaml below). The task runner pod failed, trying to read /etc/gitlab/objectstorage/terraform_state. Manually editing the deployment to add secret config for this gets the pod run; however, terraform_state seems to be missing from the deployment template.
Steps to reproduce
Deploy with the config below, after having created S3 buckets, access key and config secrets. On deploy, the task-runner pod crashes with:
kc logs -p gitlab-task-runner-7f4bc97cd4-892fl
/usr/lib/ruby/2.6.0/psych.rb:577:in `initialize': No such file or directory @ rb_sysopen - /etc/gitlab/objectstorage/terraform_state (Errno::ENOENT)
from /usr/lib/ruby/2.6.0/psych.rb:577:in `open'
from /usr/lib/ruby/2.6.0/psych.rb:577:in `load_file'
from (erb):82:in `<main>'
from /usr/lib/ruby/2.6.0/erb.rb:901:in `eval'
from /usr/lib/ruby/2.6.0/erb.rb:901:in `result'
from /scripts/set-config:22:in `block in <main>'
from /scripts/set-config:18:in `each'
from /scripts/set-config:18:in `<main>'
Begin parsing .erb files from /var/opt/gitlab/templates
Writing /srv/gitlab/config/resque.yml
Writing /srv/gitlab/config/gitlab.yml
After patching the deployment kubectl edit deployment gitlab-task-runner
:
- secret:
items:
- key: connection
path: objectstorage/terraform_state
name: gitlab-object-storage
The pod runs. However, in the task-runner deployment template in the chart, there is no section to add terraform_state.
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
global:
hosts:
domain: ${PARENT_DOMAIN}
email:
from: gitlab@...com
reply_to: noreply@...com
smtp:
enabled: true
address: ...com
openssl_verify_mode: "ssl/tls"
user_name: "gitlab@...com"
password:
secret: gitlab-smtp-password
ingress:
class: nginx
configureCertmanager: false
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: letsencrypt-prod-http
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
registry:
bucket: ${GL_BUCKET_REGISTRY}
minio:
enabled: false
appConfig:
incommingEmail:
enabled: true
host: ...com
address: gitlab@...com
user: gitlab@...com
password:
secret: gitlab-incoming-email-password
lfs:
bucket: ${GL_BUCKET_LFS}
connection:
secret: gitlab-object-storage
key: connection
artifacts:
bucket: ${GL_BUCKET_ARTIFACTS}
connection:
secret: gitlab-object-storage
key: connection
uploads:
bucket: ${GL_BUCKET_UPLOADS}
connection:
secret: gitlab-object-storage
key: connection
packages:
bucket: ${GL_BUCKET_PACKAGES}
connection:
secret: gitlab-object-storage
key: connection
externalDiffs:
bucket: ${GL_BUCKET_EXTERNAL_DIFFS}
connection:
secret: gitlab-object-storage
key: connection
terraformState:
bucket: ${GL_BUCKET_TERRAFORM_STATE}
connection:
secret: gitlab-object-storage
key: connection
pseudonymizer:
bucket: ${GL_BUCKET_PSEUDONYMIZER}
connection:
secret: gitlab-object-storage
key: connection
backups:
bucket: ${GL_BUCKET_BACKUP}
tmpBucket: ${GL_BUCKET_BACKUP_TMP}
# ----- specific services
nginx-ingress:
enabled: false
certmanager:
install: false
gitlab:
task-runner:
backups:
objectStorage:
backend: s3
config:
secret: gitlab-backup-storage
key: config
cron:
enabled: true
schedule: "17 2 * * *"
unicorn:
ingress:
tls:
secretName: gitlab-unicorn-tls
registry:
storage:
secret: gitlab-registry-storage
key: config
ingress:
tls:
secretName: gitlab-registry-tls
Current behavior
Helm chart install fails.
Expected behavior
Helm chart install should succeed.
Versions
- Chart: v3.3.1
- Platform: EKS
- Kubernetes: (
kubectl version
)- Client:
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.1", GitCommit:"7879fc12a63337efff607952a323df90cdc7a335", GitTreeState:"clean", BuildDate:"2020-04-10T21:53:51Z", GoVersion:"go1.14.2", Compiler:"gc", Platform:"darwin/amd64"}
- Server:
version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.11-eks-af3caf", GitCommit:"af3caf6136cd355f467083651cc1010a499f59b1", GitTreeState:"clean", BuildDate:"2020-03-27T21:51:36Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
- Client:
- Helm: (
helm version
)- Client:
version.BuildInfo{Version:"v3.0.1", GitCommit:"7c22ef9ce89e0ebeb7125ba2ebf7d421f3e82ffa", GitTreeState:"clean", GoVersion:"go1.13.4"}
- Server: NA
- Client:
Relevant logs
(Please provide any relevate log snippets you have collected, using code blocks (```) to format)
(see above for error log) Current log after patch:
Begin parsing .erb files from /var/opt/gitlab/templates
Writing /srv/gitlab/config/cable.yml
Writing /srv/gitlab/config/resque.yml
Writing /srv/gitlab/config/gitlab.yml
Writing /srv/gitlab/config/database.yml
Copying other config files found in /var/opt/gitlab/templates
Copying smtp_settings.rb into /srv/gitlab/config
Attempting to run '/bin/bash -c cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done' as a main process
'/etc/gitlab/.s3cfg' -> '/home/git/.s3cfg'