Add `global.image.tagSuffix` as a helm values option
What does this MR do?
Part of #2860 (closed)
In order to allow easy use of fips or ubi8 images, we want to provide
a single helm configuration option that allows users to specify that
all images being used will have the helm value global.image.tagSuffix
applied to the end of the image tag.
A practical use case for this would be using --set global.image.tagSuffix="-fips"
to install GitLab via helm using our fips compliant images.
As implemented
In this iteration, were weren't able to apply the tagSuffix to all GitLab images. So some still need to be set manually, but the result is much better than before:
global:
image:
tagSuffix: -fips
# These helper images will be moved to use tagSuffix in a future release after their tag digests are dropped from the defaults: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3717
kubectl:
image:
tag: [gitab_version]-fips
certificates:
image:
tag: [gitab_version]-fips
## Busybox will be moved to default to gitlab base in a future release: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3432
busybox:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-base
tag: [gitab_version]-fips
nginx-ingress:
controller:
image:
repository: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/controller ## Custom controller repository isn't yet the default
digest: "" ## Setting the `.tagSuffix` and the GitLab chart's default `nginx-ingress` digest are not compatible: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3498
This is the change that can be delivered in this iteration, and safely backported. Future releases can further clean this up.
Related issues
https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/1162
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.