Skip to content

Add `global.image.tagSuffix` as a helm values option

Graeme Gillies requested to merge ggillies/add-tagExtension into master

What does this MR do?

Part of #2860 (closed)

In order to allow easy use of fips or ubi8 images, we want to provide a single helm configuration option that allows users to specify that all images being used will have the helm value global.image.tagSuffix applied to the end of the image tag.

A practical use case for this would be using --set global.image.tagSuffix="-fips" to install GitLab via helm using our fips compliant images.

As implemented

In this iteration, were weren't able to apply the tagSuffix to all GitLab images. So some still need to be set manually, but the result is much better than before:

global:
  image:
    tagSuffix: -fips

  # These helper images will be moved to use tagSuffix in a future release after their tag digests are dropped from the defaults: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3717
  kubectl:
    image:
      tag: [gitab_version]-fips
  certificates:
    image:
      tag: [gitab_version]-fips

  ## Busybox will be moved to default to gitlab base in a future release:  https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3432
  busybox:
    image:
      repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-base
      tag: [gitab_version]-fips

nginx-ingress:
  controller:
    image:
      repository: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/controller  ## Custom controller repository isn't yet the default
      digest: "" ## Setting the `.tagSuffix` and the GitLab chart's default `nginx-ingress` digest are not compatible: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3498

This is the change that can be delivered in this iteration, and safely backported. Future releases can further clean this up.

Related issues

#2860 (closed)

https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/1162

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
  • Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by DJ Mountney

Merge request reports