gitlab-webservice not working while using helm install
Summary
MountVolume.SetUp failed for volume "webservice-config" : failed to sync configmap cache: timed out waiting for the condition Back-off restarting failed container
Steps to reproduce
helm install gitlab gitlab/gitlab -f .\values.yaml -n gitlab --version 4.9.1
the pod of 'gitlab-webservice-default-744fffbc6d-gwq6n' is not working.
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
# Default values for gitlab/gitlab chart
## NOTICE
# Due to the scope and complexity of this chart, all possible values are
# not documented in this file. Extensive documentation for these values
# and more can be found at https://gitlab.com/gitlab-org/charts/gitlab/
## Advanced Configuration
# Documentation for advanced configuration can be found under doc/advanced
# - external PostgreSQL
# - external Gitaly
# - external Redis
# - external NGINX
# - PersistentVolume configuration
# - external Object Storage providers
## The global properties are used to configure multiple charts at once.
## Extended documentation at doc/charts/globals.md
global:
persistence:
storageClass: aliyun-ssd
accessMode: ReadWriteOnce
size: 30Gi
common:
labels: {}
## GitLab operator is Alpha. Not for production use.
operator:
enabled: false
rollout:
# Enables automatic pause for deployment rollout. This must be set to `true` to fix
# Helm's issue with 3-way merge. See:
# https://gitlab.com/gitlab-org/charts/gitlab/issues/1262
# https://github.com/helm/helm/issues/3805
autoPause: true
## Supplemental Pod labels. Will not be used for selectors.
pod:
labels: {}
## doc/installation/deployment.md#deploy-the-community-edition
edition: ce
## doc/charts/globals.md#gitlab-version
# gitlabVersion: master
## doc/charts/globals.md#application-resource
application:
create: false
links: []
allowClusterRoles: true
## doc/charts/globals.md#configure-host-settings
hosts:
domain: 51mydao.com
hostSuffix:
https: false
externalIP:
ssh: ~
gitlab:
name: git.51mydao.com
https: false
minio:
name: minio.51mydao.com
https: false
registry:
name: registry.51mydao.com
https: false
tls:
name: tls.51mydao.com
https: false
smartcard:
name: smartcard.51mydao.com
https: false
kas:
name: kas.51mydao.com
https: false
pages:
name: pages.51mydao.com
https: false
## doc/charts/globals.md#configure-ingress-settings
ingress:
configureCertmanager: true
annotations: {}
enabled: false
tls: {}
# enabled: true
# secretName:
path: /
gitlab:
## Enterprise license for this GitLab installation
## Secret created according to doc/installation/secrets.md#initial-enterprise-license
## If allowing shared-secrets generation, this is OPTIONAL.
license: {}
# secret: RELEASE-gitlab-license
# key: license
## Initial root password for this GitLab installation
## Secret created according to doc/installation/secrets.md#initial-root-password
## If allowing shared-secrets generation, this is OPTIONAL.
initialRootPassword: {}
# secret: RELEASE-gitlab-initial-root-password
# key: password
## doc/charts/globals.md#configure-postgresql-settings
# psql:
# connectTimeout:
# password:
# useSecret: true
# secret: my-release-postgresql
# key: postgresql-password
# # file:
# serviceName: my-release-postgresql
# port: 5432
# username: postgres
## doc/charts/globals.md#configure-redis-settings
# redis:
# password:
# enabled: true
# secret: my-redis-cluster
# key: redis-password
# host: my-redis-cluster
# port: 6379
## doc/charts/globals.md#configure-gitaly-settings
gitaly:
enabled: true
authToken: {}
# secret:
# key:
# serviceName:
internal:
names: ['default']
external: []
service:
name: gitaly
type: ClusterIP
externalPort: 8075
internalPort: 8075
tls:
externalPort: 8076
internalPort: 8076
tls:
enabled: false
# secretName:
praefect:
enabled: false
replaceInternalGitaly: true
authToken: {}
autoMigrate: true
dbSecret: {}
virtualStorages:
- name: default
gitalyReplicas: 3
maxUnavailable: 1
psql:
sslMode: 'disable'
# serviceName:
service:
name: praefect
type: ClusterIP
externalPort: 8075
internalPort: 8075
tls:
externalPort: 8076
internalPort: 8076
tls:
enabled: false
# secretName:
## doc/charts/globals.md#configure-minio-settings
minio:
enabled: true
credentials: {}
# secret:
## doc/charts/globals.md#configure-grafana-integration
grafana:
enabled: false
## doc/charts/globals.md#configure-appconfig-settings
## Rails based portions of this chart share many settings
appConfig:
## doc/charts/globals.md#general-application-settings
enableUsagePing: true
enableSeatLink: true
enableImpersonation:
applicationSettingsCacheSeconds: 60
defaultCanCreateGroup: true
usernameChangingEnabled: true
issueClosingPattern:
defaultTheme:
defaultProjectsFeatures:
issues: true
mergeRequests: true
wiki: true
snippets: true
builds: true
webhookTimeout:
maxRequestDurationSeconds:
## doc/charts/globals.md#cron-jobs-related-settings
cron_jobs: {}
## Flag stuck CI builds as failed
# stuck_ci_jobs_worker:
# cron: "0 * * * *"
## Schedule pipelines in the near future
# pipeline_schedule_worker:
# cron: "19 * * * *"
## Remove expired build artifacts
# expire_build_artifacts_worker:
# cron: "*/7 * * * *"
## Periodically run 'git fsck' on all repositories.
# repository_check_worker:
# cron: "20 * * * *"
## Send admin emails once a week
# admin_email_worker:
# cron: "0 0 * * 0"
## Remove outdated repository archives
# repository_archive_cache_worker:
# cron: "0 * * * *"
## Verify custom GitLab Pages domains
# pages_domain_verification_cron_worker:
# cron: "*/15 * * * *"
## Export pseudonymized data
# pseudonymizer_worker:
# cron: "0 * * * *"
# schedule_migrate_external_diffs_worker:
# cron: "15 * * * *"
### GitLab Geo
# Geo Primary only!
# geo_prune_event_log_worker:
# cron: "*/5 * * * *"
## GitLab Geo repository sync worker
# geo_repository_sync_worker:
# cron: "*/5 * * * *"
## GitLab Geo file download dispatch worker
# geo_file_download_dispatch_worker:
# cron: "*/10 * * * *"
## GitLab Geo repository verification primary batch worker
# geo_repository_verification_primary_batch_worker:
# cron: "*/5 * * * *"
## GitLab Geo repository verification secondary scheduler worker
# geo_repository_verification_secondary_scheduler_worker:
# cron: "*/5 * * * *"
## GitLab Geo migrated local files clean up worker
# geo_migrated_local_files_clean_up_worker:
# cron: "15 */6 * * *"
### LDAP
# ldap_sync_worker:
# cron: "30 1 * * *"
# ldap_group_sync_worker:
# cron: "0 * * * *"
### Snapshot active user statistics
# historical_data_worker:
# cron: "0 12 * * *"
## doc/charts/globals.md#content-security-policy
contentSecurityPolicy:
enabled: false
report_only: true
# directives: {}
## doc/charts/globals.md#gravatarlibravatar-settings
gravatar:
plainUrl:
sslUrl:
## doc/charts/globals.md#hooking-analytics-services-to-the-gitlab-instance
extra:
googleAnalyticsId:
matomoUrl:
matomoSiteId:
matomoDisableCookies:
## doc/charts/globals.md#lfs-artifacts-uploads-packages-external-mr-diffs
object_store:
enabled: false
proxy_download: true
storage_options: {}
# server_side_encryption:
# server_side_encryption_kms_key_id
connection: {}
# secret:
# key:
lfs:
enabled: true
proxy_download: true
bucket: git-lfs
connection: {}
# secret:
# key:
artifacts:
enabled: true
proxy_download: true
bucket: gitlab-artifacts
connection: {}
# secret:
# key:
uploads:
enabled: true
proxy_download: true
bucket: gitlab-uploads
connection: {}
# secret:
# key:
packages:
enabled: true
proxy_download: true
bucket: gitlab-packages
connection: {}
externalDiffs:
enabled: false
when:
proxy_download: true
bucket: gitlab-mr-diffs
connection: {}
terraformState:
enabled: false
bucket: gitlab-terraform-state
connection: {}
dependencyProxy:
enabled: false
proxy_download: true
bucket: gitlab-dependency-proxy
connection: {}
## doc/charts/globals.md#pseudonymizer-settings
pseudonymizer:
configMap:
bucket: gitlab-pseudo
connection: {}
# secret:
# key:
backups:
bucket: gitlab-backups
tmpBucket: tmp
## doc/charts/globals.md#incoming-email-settings
## doc/installation/deployment.md#incoming-email
incomingEmail:
enabled: false
address: ""
host: "imap.gmail.com"
port: 993
ssl: true
startTls: false
user: ""
password:
secret: ""
key: password
expungeDeleted: false
logger:
logPath: "/dev/stdout"
mailbox: inbox
idleTimeout: 60
## doc/charts/globals.md#service-desk-email-settings
## doc/installation/deployment.md#service-desk-email
serviceDeskEmail:
enabled: false
address: ""
host: "imap.gmail.com"
port: 993
ssl: true
startTls: false
user: ""
password:
secret: ""
key: password
expungeDeleted: false
logger:
logPath: "/dev/stdout"
mailbox: inbox
idleTimeout: 60
## doc/charts/globals.md#ldap
ldap:
# prevent the use of LDAP for sign-in via web.
preventSignin: false
servers: {}
## 'main' is the GitLab 'provider ID' of this LDAP server
# main:
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 636
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password:
# secret: _the_secret_containing_your_ldap_password
# key: _the_key_which_holds_your_ldap_password
# encryption: 'plain'
## doc/charts/globals.md#kas
gitlab_kas: {}
# secret:
# key:
## doc/charts/globals.md#omniauth
omniauth:
enabled: false
autoSignInWithProvider:
syncProfileFromProvider: []
syncProfileAttributes: ['email']
allowSingleSignOn: ['saml']
blockAutoCreatedUsers: true
autoLinkLdapUser: false
autoLinkSamlUser: false
autoLinkUser: []
externalProviders: []
allowBypassTwoFactor: []
providers: []
# - secret: gitlab-google-oauth2
# key: provider
## doc/charts/globals.md#configure-appconfig-settings
sentry:
enabled: false
dsn:
clientside_dsn:
environment:
smartcard:
enabled: false
CASecret:
clientCertificateRequiredHost:
sanExtensions: false
requiredForGitAccess: false
# Config that only applies to the defaults on initial install
initialDefaults: {}
# signupEnabled:
## End of global.appConfig
oauth:
gitlab-pages: {}
# secret:
# appIdKey:
# appSecretKey:
# redirectUri:
## doc/charts/geo.md
geo:
enabled: false
# Valid values: primary, secondary
role: primary
## Geo Secondary only
# nodeName allows multiple instances behind a load balancer.
nodeName: # defaults to `gitlab.gitlab.host`
# PostgreSQL connection details only needed for `secondary`
psql:
password: {}
# secret:
# key:
# host: postgresql.hostedsomewhere.else
# port: 123
# username: gitlab_replicator
# database: gitlabhq_geo_production
# ssl:
# secret:
# clientKey:
# clientCertificate:
# serverCA:
## doc/charts/gitlab/kas/index.md
kas:
enabled: false
## doc/charts/globals.md#configure-gitlab-shell-settings
shell:
authToken: {}
# secret:
# key:
hostKeys: {}
# secret:
## doc/charts/globals.md#tcp-proxy-protocol
tcp:
proxyProtocol: false
## Rails application secrets
## Secret created according to doc/installation/secrets.md#gitlab-rails-secret
## If allowing shared-secrets generation, this is OPTIONAL.
railsSecrets: {}
# secret:
## Rails generic setting, applicable to all Rails-based containers
rails:
bootsnap: # Enable / disable Shopify/Bootsnap cache
enabled: true
## doc/charts/globals.md#configure-registry-settings
registry:
bucket: registry
certificate: {}
# secret:
httpSecret: {}
# secret:
# key:
# https://docs.docker.com/registry/notifications/#configuration
notifications: {}
# endpoints:
# - name: FooListener
# url: https://foolistener.com/event
# timeout: 500ms
# threshold: 10
# backoff: 1s
# headers:
# FooBar: ['1', '2']
# Authorization:
# secret: gitlab-registry-authorization-header
# SpecificPassword:
# secret: gitlab-registry-specific-password
# key: password
# events: {}
pages:
enabled: false
accessControl: false
path:
host:
port:
https: # default true
externalHttp: []
externalHttps: []
artifactsServer: true
objectStore:
enabled: true
bucket: gitlab-pages
# proxy_download: true
connection: {}
# secret:
# key:
apiSecret: {}
# secret:
# key:
authSecret: {}
# secret:
# key:
## GitLab Runner
## Secret created according to doc/installation/secrets.md#gitlab-runner-secret
## If allowing shared-secrets generation, this is OPTIONAL.
runner:
registrationToken: {}
# secret:
## doc/installation/deployment.md#outgoing-email
## Outgoing email server settings
smtp:
enabled: false
address: smtp.mailgun.org
port: 2525
user_name: ""
## doc/installation/secrets.md#smtp-password
password:
secret: "smtp-password"
key: password
# domain:
authentication: "plain"
starttls_auto: false
openssl_verify_mode: "peer"
## doc/installation/deployment.md#outgoing-email
## Email persona used in email sent by GitLab
email:
from: 'gitlab@51mydao.com'
display_name: GitLab
reply_to: ''
subject_suffix: ''
smime:
enabled: false
secretName: ""
keyName: "tls.key"
certName: "tls.crt"
## Timezone for containers.
time_zone: UTC
## Global Service Annotations and Labels
service:
labels: {}
annotations: {}
## Global Deployment Annotations
deployment:
annotations: {}
antiAffinity: soft
## doc/charts/globals.md#workhorse
## Global settings related to Workhorse
workhorse:
serviceName: webservice-default
# host: api-git.51mydao.com
port: 8181
# scheme:
# host:
# port:
## doc/installation/secrets.md#gitlab-workhorse-secret
# secret:
# key:
## doc/charts/globals.md#configure-webservice
webservice:
workerTimeout: 60
## doc/charts/globals.md#custom-certificate-authorities
# configuration of certificates container & custom CA injection
certificates:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates
tag: 20191127-r2
customCAs: []
# - secret: custom-CA
# - secret: more-custom-CAs
## kubectl image used by hooks to carry out specific jobs
kubectl:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
tag: 1.13.12
pullSecrets: []
securityContext:
# in most base images, this is `nobody:nogroup`
runAsUser: 65534
fsGroup: 65534
busybox:
image:
repository: busybox
tag: latest
## docs/charts/globals.md#service-accounts
serviceAccount:
enabled: false
create: true
annotations: {}
## Name to be used for serviceAccount, otherwise defaults to chart fullname
# name:
## docs/charts/globals/tracing.md#tracing
tracing:
connection:
string: ""
urlTemplate: ""
## docs/charts/globals.md
extraEnv: {}
# SOME_KEY: some_value
# SOME_OTHER_KEY: some_other_value
## End of global
upgradeCheck:
enabled: true
image: {}
# repository:
# tag:
securityContext:
# in alpine/debian/busybox based images, this is `nobody:nogroup`
runAsUser: 65534
fsGroup: 65534
tolerations: []
resources:
requests:
cpu: 50m
## Settings to for the Let's Encrypt ACME Issuer
certmanager-issuer:
# The email address to register certificates requested from Let's Encrypt.
# Required if using Let's Encrypt.
email: kongx@51mydao.com
## Installation & configuration of jetstack/cert-manager
## See requirements.yaml for current version
certmanager:
createCustomResource: true
nameOverride: cert-manager
# Install cert-manager chart. Set to false if you already have cert-manager
# installed or if you are not using cert-manager.
install: true
# Other cert-manager configurations from upstream
# See https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/README.md#configuration
rbac:
create: true
webhook:
enabled: false
## doc/charts/nginx/index.md
## doc/architecture/decisions.md#nginx-ingress
## Installation & configuration of charts/ingress-nginx:
nginx-ingress:
enabled: false
tcpExternalConfig: "true"
controller:
addHeaders:
Referrer-Policy: strict-origin-when-cross-origin
config:
hsts: "false"
hsts-include-subdomains: "false"
server-name-hash-bucket-size: "256"
use-http2: "true"
ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl-protocols: "TLSv1.3 TLSv1.2"
server-tokens: "false"
service:
externalTrafficPolicy: "Local"
resources:
requests:
cpu: 100m
memory: 100Mi
publishService:
enabled: true
replicaCount: 2
minAvailable: 1
scope:
enabled: true
metrics:
enabled: false
service:
annotations:
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: "10254"
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
admissionWebhooks:
enabled: false
defaultBackend:
enabled: true
minAvailable: 1
replicaCount: 1
resources:
requests:
cpu: 5m
memory: 5Mi
rbac:
create: true
scope: true
serviceAccount:
create: true
## Installation & configuration of stable/prometheus
## See requirements.yaml for current version
prometheus:
install: false
rbac:
create: true
alertmanager:
enabled: false
alertmanagerFiles:
alertmanager.yml: {}
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
pushgateway:
enabled: false
server:
retention: 15d
#
serverFiles:
prometheus.yml:
scrape_configs:
- job_name: prometheus
static_configs:
- targets:
- localhost:9090
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_gitlab_com_prometheus_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: kubernetes_pod_name
- job_name: 'kubernetes-service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape
- action: replace
regex: (https?)
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
- job_name: 'kubernetes-services'
metrics_path: /probe
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_gitlab_com_prometheus_probe]
action: keep
regex: true
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
## Configuration of Redis
## doc/architecture/decisions.md#redis
## doc/charts/redis
redis:
install: true
existingSecret: gitlab-redis-secret
existingSecretKey: redis-password
usePasswordFile: true
cluster:
enabled: true
metrics:
enabled: false
master:
persistence:
enabled: true
## The path the volume will be mounted at, useful when using different
## Redis(TM) images.
##
path: /bitnami/redis/data
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
## Redis(TM) data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "aliyun-ssd"
accessModes:
- ReadWriteOnce
size: 20Gi
## Persistent Volume selectors
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
##
matchLabels: {}
matchExpressions: {}
slave:
persistence:
enabled: true
## The path the volume will be mounted at, useful when using different
## Redis(TM) images.
##
path: /bitnami/redis/data
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
## Redis(TM) data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "aliyun-ssd"
accessModes:
- ReadWriteOnce
size: 20Gi
## Persistent Volume selectors
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
##
matchLabels: {}
matchExpressions: {}
service:
## Service type
##
type: LoadBalancer
## Installation & configuration of stable/prostgresql
## See requirements.yaml for current version
postgresql:
postgresqlUsername: gitlab
# This just needs to be set. It will use a second entry in existingSecret for postgresql-postgres-password
postgresqlPostgresPassword: bogus
install: true
postgresqlDatabase: gitlabhq_production
image:
tag: 11.9.0
usePasswordFile: true
existingSecret: 'bogus'
initdbScriptsConfigMap: 'bogus'
master:
extraVolumeMounts:
- name: custom-init-scripts
mountPath: /docker-entrypoint-preinitdb.d/init_revision.sh
subPath: init_revision.sh
podAnnotations:
postgresql.gitlab/init-revision: "1"
metrics:
enabled: false
## Optionally define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
persistence:
storageClass: aliyun-ssd
accessMode: ReadWriteOnce
size: 30Gi
matchLabels: {}
matchExpressions: []
# subPath: "data"
annotations: {}
service:
## Service type
##
type: LoadBalancer
## Installation & configuration charts/registry
## doc/architecture/decisions.md#registry
## doc/charts/registry/
# registry:
# enabled: false
minio:
persistence:
storageClass: aliyun-ssd
accessMode: ReadWriteOnce
size: 30Gi
matchLabels: {}
matchExpressions: []
subPath: "data"
annotations: {}
## Automatic shared secret generation
## doc/installation/secrets.md
## doc/charts/shared-secrets
shared-secrets:
enabled: true
rbac:
create: true
## Installation & configuration of gitlab/gitlab-runner
## See requirements.yaml for current version
gitlab-runner:
install: true
image: gitlab/gitlab-runner:v13.9.0
rbac:
create: true
runners:
locked: false
cache:
cacheType: s3
s3BucketName: runner-cache
cacheShared: true
s3BucketLocation: us-east-1
s3CachePath: gitlab-runner
s3CacheInsecure: false
podAnnotations:
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: 9252
## Installation & configuration of stable/grafana
## See requirements.yaml for current version
## Controlled by `global.grafana.enabled`
grafana:
## Override and provide "bogus" administation secrets
## gitlab/gitlab-grafana provides overrides via shared-secrets
admin:
existingSecret: bogus
env:
GF_SECURITY_ADMIN_USER: bogus
GF_SECURITY_ADMIN_PASSWORD: bogus
## This override allows gitlab/gitlab-grafana to completely override the secret
## handling behavior of the upstream chart in combination with the above.
command: [ "sh", "-x", "/tmp/scripts/import-secret.sh" ]
## The following settings allow Grafana to dynamically create
## dashboards and datasources from configmaps. See
## https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards
sidecar:
dashboards:
enabled: true
label: gitlab_grafana_dashboard
datasources:
enabled: true
label: gitlab_grafana_datasource
## We host Grafana as a sub-url of GitLab
grafana.ini:
server:
root_url: http://localhost/-/grafana/
## We generate and provide random passwords
## NOTE: the Secret & ConfigMap names are hard coded!
extraSecretMounts:
- name: initial-password
mountPath: /tmp/initial
readOnly: true
secretName: gitlab-grafana-initial-password
defaultMode: 400
extraConfigmapMounts:
- name: import-secret
mountPath: /tmp/scripts
configMap: gitlab-grafana-import-secret
readOnly: true
testFramework:
enabled: false
## Settings for individual sub-charts under GitLab
## Note: Many of these settings are configurable via globals
gitlab:
## doc/charts/gitlab/task-runner
task-runner:
replicas: 1
antiAffinityLabels:
matchLabels:
app: 'gitaly'
image:
repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
tag: gitlab-task-runner-v13.8.4
pullPolicy: IfNotPresent
## doc/charts/gitlab/migrations
migrations:
enabled: false
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ce
## doc/charts/gitlab/webservice
webservice:
enabled: true
image:
repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
tag: gitlab-webservice-v13.8.4
pullPolicy: IfNotPresent
resources:
requests:
memory: 1.5G
## doc/charts/gitlab/sidekiq
sidekiq:
enabled: true
image:
repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
tag: gitlab-sidekiq-v13.8.4
pullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 650M
metrics:
enabled: false
# doc/charts/gitlab/gitaly
gitaly:
image:
# repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
# tag: gitaly-v13.8.4
pullPolicy: IfNotPresent
persistence:
enabled: true
storageClass: aliyun-ssd
accessMode: ReadWriteOnce
size: 50Gi
matchLabels: {}
matchExpressions: []
subPath: "data"
annotations: {}
## doc/charts/gitlab/gitlab-shell
gitlab-shell:
enabled: true
image:
repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
tag: gitlab-shell-v13.8.4
pullPolicy: IfNotPresent
## doc/charts/gitlab/gitlab-grafana
# gitlab-grafana:
gitlab-exporter:
enabled: true
image:
repository: registry.cn-shanghai.aliyuncs.com/mydao/gitlab-cng
tag: gitlab-exporter-v13.8.4
pullPolicy: IfNotPresent
Versions
Chart: gitlab 4.9.1 Platform:
Cloud: aliyun
Kubernetes: (kubectl version)
Client: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11", GitCommit:"637c7e288581ee40ab4ca210618a89a555b6e7e9", GitTreeState:"clean", BuildDate:"2018-11-26T14:38:32Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"windows/amd64"} Server: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.8-aliyun.1", GitCommit:"cff3030", GitTreeState:"", BuildDate:"2020-11-19T07:19:32Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Helm: (helm version)
version.BuildInfo{Version:"v3.5.0", GitCommit:"32c22239423b3b4ba6706d450bd044baffdcf9e6", GitTreeState:"clean", GoVersion:"go1.15.6"}
Relevant logs
kubectl get pod -n gitlab
NAME READY STATUS RESTARTS AGE
cm-acme-http-solver-t7gb2 1/1 Running 0 37m
cm-acme-http-solver-v8842 1/1 Running 0 37m
gitlab-cainjector-67dbdcc896-kpgkh 1/1 Running 0 38m
gitlab-cert-manager-69bd6d746f-jq9gh 1/1 Running 0 38m
gitlab-gitaly-0 1/1 Running 0 38m
gitlab-gitlab-exporter-5559876dc6-nxh2k 1/1 Running 0 38m
gitlab-gitlab-runner-7f4894988d-2chxw 0/1 CrashLoopBackOff 7 38m
gitlab-gitlab-shell-75ffff46bb-dnbbb 1/1 Running 0 38m
gitlab-gitlab-shell-75ffff46bb-xnvmh 1/1 Running 0 38m
gitlab-issuer-1-kwwmr 0/1 Completed 0 38m
gitlab-minio-94f99fbdd-s8pgc 1/1 Running 0 38m
gitlab-minio-create-buckets-1-vjkgc 0/1 Completed 0 38m
gitlab-postgresql-0 1/1 Running 0 38m
gitlab-redis-master-0 1/1 Running 0 38m
gitlab-redis-slave-0 1/1 Running 0 38m
gitlab-redis-slave-1 1/1 Running 0 37m
gitlab-registry-78c58886d9-jbkpm 1/1 Running 0 38m
gitlab-registry-78c58886d9-qqvz5 1/1 Running 0 38m
gitlab-sidekiq-all-in-1-v1-779779f854-s6hmt 0/1 Init:CrashLoopBackOff 11 38m
gitlab-task-runner-858ddf4694-t9krn 1/1 Running 0 38m
gitlab-webservice-default-744fffbc6d-gwq6n 0/2 Init:Error 11 38m
gitlab-webservice-default-744fffbc6d-xl2f8 0/2 Init:CrashLoopBackOff 11 38mkubectl logs -n gitlab gitlab-webservice-default-744fffbc6d-gwq6n -c webservice:
Error from server (BadRequest): container "webservice" in pod "gitlab-webservice-default-744fffbc6d-gwq6n" is waiting to start: PodInitializingis my values.yaml config missing some key fields?