CI: Bump build images to use Helm 3.9
What does this MR do?
Bump build images to use helm 3.9 instead of helm 3.7.
Related issues
Author checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, follow the instructions in the "Reviewer Roulette" section of the Danger Bot MR comment, as per the Distribution experimental MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added/updated -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Equivalent MR/issue for Gitlab Operator project opened (see Operator documentation on impact of Charts changes) -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Test plan
-
Check helm changelog for changes between 3.7 and 3.9. Notable changes: - OCI registry support for charts is now generally available
- Added more checks during the signing process
-
Green pipeline (including triggering qa_*_manual_full_suite
jobs). Pipeline at https://gitlab.com/gitlab-org/charts/gitlab/-/pipelines/1103535906. Failures inrspec ./qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb:32
occur in master so are unlikely to be a result of this MR. -
Check installed version. helm version version.BuildInfo{Version:"v3.9.4", GitCommit:"dbc6d8e20fe1d58d50e6ed30f09a04a77e4c68db", GitTreeState:"clean", GoVersion:"go1.17.13"}
-
Ensure gpg and gpg-agent is installed. gpg --version gpg (GnuPG) 2.4.3 libgcrypt 1.10.2 Copyright (C) 2023 g10 Code GmbH License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /root/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 gpg-agent --version gpg-agent (GnuPG) 2.4.3 libgcrypt 1.10.2 Copyright (C) 2023 g10 Code GmbH License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
-
Check build logs for helm-related errors and warning. From build logs for job https://gitlab.com/gitlab-org/charts/gitlab/-/jobs/5730599050:
Getting updates for unmanaged Helm repositories... ...Successfully got an update from the "https://haproxytech.github.io/helm-charts" chart repository ...Successfully got an update from the "https://charts.jetstack.io/" chart repository ...Successfully got an update from the "https://helm.traefik.io/traefik" chart repository ...Successfully got an update from the "https://charts.gitlab.io/" chart repository ...Successfully got an update from the "https://charts.gitlab.io/" chart repository ...Successfully got an update from the "https://prometheus-community.github.io/helm-charts" chart repository ...Successfully got an update from the "https://charts.bitnami.com/bitnami" chart repository ...Successfully got an update from the "https://charts.bitnami.com/bitnami" chart repository Saving 14 charts Dependency gitlab did not declare a repository. Assuming it exists in the charts directory Dependency certmanager-issuer did not declare a repository. Assuming it exists in the charts directory Dependency minio did not declare a repository. Assuming it exists in the charts directory Dependency registry did not declare a repository. Assuming it exists in the charts directory Downloading cert-manager from repo https://charts.jetstack.io/ Downloading prometheus from repo https://prometheus-community.github.io/helm-charts Downloading postgresql from repo https://charts.bitnami.com/bitnami Downloading gitlab-runner from repo https://charts.gitlab.io/ Downloading redis from repo https://charts.bitnami.com/bitnami Dependency nginx-ingress did not declare a repository. Assuming it exists in the charts directory Dependency nginx-ingress did not declare a repository. Assuming it exists in the charts directory Downloading gitlab-zoekt from repo https://charts.gitlab.io/ Downloading traefik from repo https://helm.traefik.io/traefik Downloading kubernetes-ingress from repo https://haproxytech.github.io/helm-charts Deleting outdated charts REVIEW_APPS_SENTRY_* detected, enabling Sentry WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /builds/gitlab.tmp/KUBECONFIG WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /builds/gitlab.tmp/KUBECONFIG Release "rvw-bump-helm-to-3-9" does not exist. Installing it now. NAME: rvw-bump-helm-to-3-9 LAST DEPLOYED: Tue Dec 12 05:28:10 2023 NAMESPACE: eks-helm-charts-win STATUS: deployed REVISION: 1 NOTES: === CRITICAL The following charts are included for evaluation purposes only. They will not be supported by GitLab Support for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures. - PostgreSQL - Redis - Gitaly - MinIO === NOTICE The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab- org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details. === NOTICE You've installed GitLab Runner without the ability to use 'docker in docker'. The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation on why we chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers- with-gitlab-runners