Toolbox Backups fails when Microsoft Graphmailer in use
Summary
When installing the chart in the current version (6.11.3) and most likely with older versions as well, the toolbox backup fails when Microsoft Graphmailer is used.
This bug is quite urgent, as it prevents us from delivering the GitLab Instance to our customer. Without a functioning backup mechanism, the GitLab instance can not be used in a production environment!
Steps to reproduce
Install Chart, enable Microsoft Graphmailer and toolbox-backup cronjob.
Configuration used
global:
appConfig:
microsoft_graph_mailer:
enabled: true
user_id: ""
tenant: ""
client_id: ""
client_secret:
secret: "incoming-email"
key: password
azure_ad_endpoint: "https://login.microsoftonline.com"
graph_endpoint: "https://graph.microsoft.com"
incomingEmail:
user: ""
enabled: true
address: ""
deleteAfterDelivery: false
inboxMethod: "microsoft_graph"
mailbox: "inbox"
tenantId: ""
clientId: ""
clientSecret:
secret: "incoming-email"
key: password
azureAdEndpoint: "https://login.microsoftonline.com"
graphEndpoint: "https://graph.microsoft.com"
serviceDeskEmail:
user: ""
deleteAfterDelivery: false
enabled: true
address: ""
tenantId: ""
clientId: ""
clientSecret:
secret: "incoming-email"
key: password
azureAdEndpoint: "https://login.microsoftonline.com"
graphEndpoint: "https://graph.microsoft.com"
inboxMethod: "microsoft_graph"
mailbox: "inbox"
email:
from: ""
reply_to: ""
gitlab:
toolbox:
backups:
cron:
enabled: true
schedule: 0 0 * * *
extraArgs: "--skip registry,artifacts,lfs,packages,external_diffs"
objectStorage:
config:
secret: runner-s3-config
key: config
persistence:
enabled: false
accessMode: 'ReadWriteOnce'
size: '120Gi'
Current behavior
The toolbox backup job fails, as it expects a file below the path /etc/gitlab/microsoft_graph_mailer/client_secret
, which is not mounted into the container.
The mount is missing here: https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/toolbox/templates/backup-job.yaml#L220
The toolbox deployment itself does mount the secret correctly: https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/toolbox/templates/deployment.yaml#L257
Expected behavior
The backup cronjob runs successfully when Graphmailer is configured
Versions
- Chart: 6.11.3 (and older)
- Platform:
- Cloud: (IONOS)
- Kubernetes: (
kubectl version
)- Server: 1.25.6
Relevant logs
2023-05-11 02:03:14.845 Begin parsing .erb templates from /var/opt/gitlab/templates
2023-05-11 02:03:14.846 Writing /srv/gitlab/config/cable.yml
2023-05-11 02:03:14.973 Writing /srv/gitlab/config/database.yml
2023-05-11 02:03:15.101 Writing /srv/gitlab/config/gitlab.yml
2023-05-11 02:03:15.233 /var/opt/gitlab/templates/gitlab.yml.erb:34:in `read': No such file or directory @ rb_sysopen - /etc/gitlab/microsoft_graph_mailer/client_secret (Errno::ENOENT)
2023-05-11 02:03:15.233 from /var/opt/gitlab/templates/gitlab.yml.erb:34:in `<main>'
2023-05-11 02:03:15.233 from /usr/lib/ruby/3.0.0/erb.rb:905:in `eval'
2023-05-11 02:03:15.233 from /usr/lib/ruby/3.0.0/erb.rb:905:in `result'
2023-05-11 02:03:15.233 from /usr/lib/ruby/3.0.0/erb.rb:890:in `run'
2023-05-11 02:03:15.233 from /usr/lib/ruby/gems/3.0.0/gems/erb-2.2.0/libexec/erb:154:in `run'
2023-05-11 02:03:15.233 from /usr/lib/ruby/gems/3.0.0/gems/erb-2.2.0/libexec/erb:174:in `<top (required)>'
2023-05-11 02:03:15.233 from /usr/bin/erb:23:in `load'
2023-05-11 02:03:15.233 from /usr/bin/erb:23:in `<main>'