Skip to content

Update the process of secret conversion for helm chart

Alexandr Tanayno requested to merge docs-migrate-secrets-omnibus-k8s into master

What does this MR do?

In the MR !2434 (merged), @WarheadsSE suggested using yq tool to convert the YAML secret to JSON secret compatible with Omnibus GitLab to simplify the migration from GitLab Helm Chart to Omnibus GitLab.

In this MR, I initially wanted to suggest the opposite steps to convert JSON to YAML (smth like yq -P '.gitlab_rails' secrets-test.txt >> gitlab-secrets-updated.yaml) but realized that the proper YAML file already exists on Omnibus GitLab instances at /var/opt/gitlab/gitlab-rails/etc/secrets.yml. So this MR suggests to use this file instead of /etc/gitlab/gitlab-secrets.json to create a Kubernetes Secret.

It will help our users to prevent errors when converting secrets during Omnibus > Helm chart migrations.

Related issues

One example of the customer's ticket: internal ZD ticket. In this case, ci_jwt_signing_key was not converted properly.

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
Edited by Jason Plum

Merge request reports