Request for independent annotations configuration for toolbox-backup Job
Summary
The toolbox-backup Job inherits annotations from the main toolbox chart, preventing the use of distinct metadata between the two resources. This makes it impossible to separate logs and monitoring configurations.
Steps to reproduce
- Deploy the GitLab Helm chart including the
toolboxcomponent. - Add annotations under
.Values.gitlab.toolbox.annotations. - Observe that the same annotations are applied to both the
toolboxDeployment and thetoolbox-backupJob.
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
gitlab:
installCertmanager: false
global:
deployment:
annotations:
reloader.stakater.com/auto: "true"
nodeSelector:
karpenter.k8s.aws/instance-generation: "7"
nodeAffinity: hard
affinity:
nodeAffinity:
key: karpenter.k8s.aws/instance-cpu
values:
- "1"
- "2"
- "4"
- "8"
- "16"
- "32"
- "48"
- "64"
- "96"
priorityClassName: tier-0
appConfig:
usernameChangingEnabled: false
defaultProjectsFeatures:
wiki: false
object_store:
enabled: true
proxy_download: false
connection:
secret: gitlab-env-object
storage_options:
server_side_encryption: AES256
artifacts:
proxy_download: false
bucket:
backups:
bucket:
tmpBucket:
dependencyProxy:
enabled: true
proxy_download: false
bucket:
lfs:
proxy_download: false
bucket:
packages:
proxy_download: false
bucket:
terraformState:
enabled: true
bucket:
uploads:
proxy_download: false
bucket:
ciSecureFiles:
enabled: true
bucket:
connection:
secret: gitlab-env-object
incomingEmail:
enabled: true
address: 'git+%{key}@m.company.com'
host: imap.gmail.com
password:
secret: gitlab-env-imap-creds
user:
'git@m.company.com'
ldap:
servers:
main:
label: 'company LDAP'
port: 636
uid: uid
encryption: simple_tls
active_directory: false
admin_group: gitlab-quick-deploy
base: ou=Webusers,dc=company,dc=com
group_base: ou=Webgroups,dc=company,dc=com
sync_ssh_keys: sshpublickey
user_filter: (|(memberOf=cn=tech,ou=Webgroups,dc=company,dc=com)(memberOf=cn=gitlab-extra,ou=Webgroups,dc=company,dc=com)(memberOf=cn=intl-envuct,ou=Webgroups,dc=company,dc=com)(memberOf=cn=repo_master,ou=Webgroups,dc=company,dc=com)(memberOf=cn=repo_reporter,ou=Webgroups,dc=company,dc=com))
omniauth:
enabled: true
autoSignInWithProvider: 'saml_okta'
syncProfileFromProvider:
- 'saml_okta'
allowSingleSignOn:
- 'saml_okta'
blockAutoCreatedUsers: false
autoLinkLdapUser: true
autoLinkSamlUser: true
autoLinkUser:
- 'saml_okta'
providers:
- secret: gitlab-env-okta-saml
common:
labels:
app.kubernetes.io/name: gitlab
apps.company.com/envuct-group: gitlab
email:
display_name: 'Gitlab'
from: 'git@company.com'
reply_to: 'noreply@company.com'
kas:
enabled: false
minio:
enabled: false
geo:
nodeName:
enabled: true
role:
grafana:
enabled: false
hosts:
domain: corp.company.com
gitlab:
name: code.corp.company.com
ingress:
configureCertmanager: false
class: gitlab-nginx
enabled: false
pages:
enabled: true
accessControl: true
objectStore:
bucket:
connection:
secret: gitlab-env-object
psql:
host:
password:
secret: gitlab-env-postgresql-password
redis:
host:
port:
scheme: rediss
registry:
bucket:
service:
annotations:
service.kubernetes.io/topology-mode: auto
serviceAccount:
enabled: true
smtp:
enabled:
address:
authentication:
port:
gitaly:
enabled: false
external:
shell:
tcp:
proxyProtocol: false
gitlab:
webservice:
annotations:
ad.datadoghq.com/gitlab-workhorse.logs: '[{"source": "gitlab"}]'
ad.datadoghq.com/webservice.logs: '[{"source": "gitlab"}]'
maxUnavailable: 1
hpa:
maxReplicas: 34
minReplicas: 8
cpu:
targetAverageValue: 1.5
resources:
limits:
memory: 8G
requests:
cpu: 3
memory: 6G
workerProcesses: 4
trusted_proxies:
workhorse:
extraArgs: "-apiCiLongPollingDuration 50s"
puma:
disableWorkerKiller: false
workerMaxMemory: 1024
threadsMin: 4
threadsMax: 4
mailroom:
annotations:
ad.datadoghq.com/mailroom.logs: '[{"source": "gitlab"}]'
hpa:
minReplicas: 2
maxReplicas: 3
geo-logcursor:
annotations:
ad.datadoghq.com/geo-logcursor.logs: '[{"source": "gitlab"}]'
replicaCount: 3
gitlab-exporter:
listenAddr: 0.0.0.0
metrics:
annotations:
ad.datadoghq.com/gitlab-exporter.logs: '[{"source": "gitlab"}]'
ad.datadoghq.com/gitlab-exporter.checks: |
{
"openmetrics": {
"instances": [
{
"openmetrics_endpoint": "http://%%host%%:%%port_http-metrics%%/metrics",
"namespace": "gitlab",
"metrics": [{".*": {"type": "gauge"}}]
}
]
}
}
gitlab-pages:
hpa:
minReplicas: 3
annotations:
ad.datadoghq.com/gitlab-pages.logs: '[{"source": "gitlab"}]'
sidekiq:
annotations:
ad.datadoghq.com/sidekiq.logs: '[{"source": "gitlab"}]'
toolbox:
annotations:
ad.datadoghq.com/toolbox-backup.logs: '[{"source": "gitlab"}]'
replicas: 3
securityContext:
fsGroupChangePolicy: OnRootMismatch
gitlab-shell:
annotations:
ad.datadoghq.com/gitlab-shell.logs: '[{"source": "gitlab"}]'
ad.datadoghq.com/gitlab-shell.checks: |
{
"openmetrics": {
"instances": [
{
"openmetrics_endpoint": "http://%%host%%:%%port_http-metrics%%/metrics",
"namespace": "gitlab",
"metrics": [".*"]
}
]
}
}
metrics:
enabled: true
sshDaemon: gitlab-sshd
config:
proxyProtocol: false
gitlab-runner:
install: false
nginx-ingress:
controller:
podLabels:
app.kubernetes.io/name: gitlab
apps.company.com/envuct-group: gitlab
ingressClassResource:
controllerValue: "k8s.io/ingress-nginx-gitlab-env"
extraArgs:
enable-topology-aware-routing: "true"
topologySpreadConstraints:
- maxSkew: 1
minDomains: 6
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: nginx-ingress
matchLabelKeys:
- pod-template-hash
- maxSkew: 1
minDomains: 3
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: nginx-ingress
matchLabelKeys:
- pod-template-hash
tolerations:
- key: node.company.com/ingress
operator: Equal
value: "true"
nodeSelector:
node.company.com/ingress: "true"
karpenter.sh/capacity-type: on-demand
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "karpenter.k8s.aws/instance-generation"
operator: Gt
values: ["6"]
- key: "karpenter.k8s.aws/instance-cpu"
operator: Lt
values: ["97"]
config:
enable-opentracing: "true"
datadog-service-name: "gitlab-nginx-controller"
datadog-collector-host: "agent.datadog.svc.cluster.local"
datadog-environment: "env"
use-proxy-protocol: "false"
proxy-real-ip-cidr:
podAnnotations:
security.apps.company.com/podsecurityexception: ingress-nginx
ad.datadoghq.com/controller.logs: '[{"service": "gitlab-nginx-controller", "source": "nginx-ingress-controller"}]'
ad.datadoghq.com/controller.checks: |
{
"nginx_ingress_controller": {
"instances": [
{
"prometheus_url": "http://%%host%%:%%port_metrics%%/metrics",
"collect_nginx_histograms":true,
"send_distribution_buckets":true,
"labels_mapper":{"host":"ingress_host"}
}
]
}
}
resources:
requests:
cpu: 1
memory: 1G
maxUnavailable: 1
autoscaling:
enabled: true
minReplicas: 9
maxReplicas: 20
targetCPUUtilizationPercentage: 75
targetMemoryUtilizationPercentage: 75
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-attributes: dns_record.client_routing_policy=availability_zone_affinity
service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: traffic-port
postgresql:
install: false
prometheus:
install: false
redis:
install: false
registry:
annotations:
ad.datadoghq.com/registry.logs: '[{"service": "gitlab-registry", "source": "gitlab"}]'
metrics:
enabled: true
resources:
requests:
cpu: 250m
memory: 64Mi
hpa:
minReplicas: 3
storage:
secret: gitlab-env-registry-storageCurrent behavior
The toolbox-backup Job inherits annotations from the toolbox Deployment and cannot be configured separately.
Expected behavior
(What you're expecting to happen)
Versions
-
Chart: (
9.3.2) -
Platform:
- Cloud: EKS
-
Kubernetes: (output of
v1.32.8-eks-e386d34)
Relevant logs
No specific errors – configuration inheritance observed through resource inspection
Edited by Gaston Mascolo