## Summary Enable the toolbox pod to access Container Registry database credentials for backup operations in Cloud Native GitLab installations. Leverage existing registry configmap and secrets to pass credentials to the backup utility. ## Implementation Proposal ### 1. Credential Access The toolbox pod needs access to registry database credentials currently stored in: - **ConfigMap:** Non-sensitive registry configuration from `registry.database` chart values - **Secret:** Sensitive credentials (password) Reference: https://docs.gitlab.com/charts/charts/registry/metadata_database/#enable-for-new-registries ### 2. Environment Variable Mapping Set environment variables on the toolbox pod from registry configmap and secrets: - `REGISTRY_DATABASE_HOST` ← from registry configmap - `REGISTRY_DATABASE_PORT` ← from registry configmap - `REGISTRY_DATABASE_NAME` ← from registry configmap - `REGISTRY_DATABASE_USER` ← from registry configmap - `REGISTRY_DATABASE_PASSWORD` ← from registry secret - `REGISTRY_DATABASE_SSLMODE` ← from registry configmap **Goal:** Environment variables should match what `gitlab-rake gitlab:backup:db:*` expects, requiring **no changes** to the `backup-utility` script. ### 3. Toolbox Pod Configuration Update `charts/gitlab/charts/toolbox` to: - Mount registry configmap as environment variables - Mount registry secret for database password - Ensure credentials are available during backup operations ### 4. Monitoring & Alerting - Add registry database backup status to toolbox pod logs - Create alerts for registry database backup failures - Include registry DB in backup health metrics ## Chart Values Example ```yaml registry: database: enabled: true host: registry-database port: 5432 user: registry database: registry password: secret: registry-database-password key: password sslmode: require ``` ## Exit Criteria - [ ] Toolbox pod has access to registry database credentials - [ ] Environment variables correctly set from configmap and secrets - [ ] Backup operations include registry database without script changes - [ ] Monitoring and alerting configured - [ ] Tested in staging environment - [ ] Documentation updated for chart configuration ## Related - Parent epic: gitlab-com/gl-infra/data-access/durability#45 - GitLab backup tool changes: gitlab-org/gitlab (to be linked)