Charts now fail to deploy on when no backups config is provided for Toolbox when Minio is disabled
Summary
Bit of a nuanced one this. In the recent MR to enable Application Default Credentials for GKE deployments it looks like an unintentional conditional false positive was added that blocks the charts from deploying whenever Minio is disabled.
If my Helm-fu reading is right the conditional now in place for checking if the Toolbox deployment thinks it requires a secret and blocks the whole apply if not will now trigger when the following is true:
{{- if .Values.gitlab.toolbox.enabled -}}
{{- if or .Values.gitlab.toolbox.backups.objectStorage.config (not .Values.global.minio.enabled) -}}
{{- if and (not (eq .Values.gitlab.toolbox.backups.objectStorage.backend "gcs")) (not .Values.gitlab.toolbox.backups.objectStorage.config.secret) -}}
if gitlab.toolbox.enabled is TRUE (default) AND
if .Values.gitlab.toolbox.backups.objectStorage.config EXISTS OR .Values.global.minio.enabled is FALSE OR
if .Values.gitlab.toolbox.backups.objectStorage.backend IS NOT "GCS" AND .Values.gitlab.toolbox.backups.objectStorage.config.secret DOES NOT EXIST
Fail with "A valid object storage config secret is needed for backups."
Failure when executing Helm command. Exited 1.
stdout:
stderr: Error: UPGRADE FAILED: execution error at (gitlab/templates/NOTES.txt:138:3):
CONFIGURATION CHECKS:
toolbox:
A valid object storage config secret is needed for backups.
Please configure it via `gitlab.toolbox.backups.objectStorage.config.secret`.
TL;DR - Charts will now always fail to deploy when Minio is disabled and gitlab.toolbox.backups.objectStorage.config.secret
is not set (except if GCS is configured as backend
).
This is present in the 8.0.0
charts release and as a change in behaviour can be considered a breaking change. I believe the reason this previously was fine was due to the additional check of if .Values.global.appConfig.object_store.enabled is TRUE
, which was considered an acceptable alternative when Minio was disabled and we "allow" the Toolbox to still deploy even though it may be missing backup config as presumably there was cases where the selected custom Object Storage provider didn't need an additional secret.
Steps to reproduce
Deploy the Chart with Minio disabled and no config passed for Toolbox backups.
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
global:
appConfig:
minio:
enabled: false
Current behavior
Charts now fails to deploy with "default" Toolbox settings when Minio has been disabled.
Expected behavior
Charts continues to deploy with "default" Toolbox settings when Minio has been disabled. A missing optional backups secret for Toolbox shouldn't block the whole chart from deploying argubly.
Versions
- Chart:
8.0.0
- Platform:
- Cloud: Any platform, even GCP if
.Values.gitlab.toolbox.backups.objectStorage.backend
isn't specifically set to GCS
- Cloud: Any platform, even GCP if