...
 
Commits (733)
......@@ -2,3 +2,4 @@ config.yaml
charts/*.tgz
Gemfile.lock
.DS_Store
tags
This diff is collapsed.
......@@ -20,15 +20,26 @@
.idea/
*.tmproj
# Project/CI/CD related items
.gitlab
.gitlab-ci.yml
.dockerignore
.helmignore
Dangerfile
Gemfile
Gemfile.lock
ci/
doc/
examples/
images/
certs/
scripts/
spec/
build/
*.md
CHANGELOG
changelogs/
# CHANGELOG.md
bin/
spec/
# dependencies.io
dependencies.yml
dependencies_io/
.markdownlint.json
{
"default": true,
"header-style": {
"style": "atx"
},
"ul-style": {
"style": "dash"
},
"line-length": false,
"no-duplicate-header": {
"allow_different_nesting": true
},
"no-trailing-punctuation": {
"punctuation": ".,;:!。,;:!?"
},
"ol-prefix": {
"style": "one"
},
"no-inline-html": false,
"hr-style": {
"style": "---"
},
"no-emphasis-as-heading": false,
"fenced-code-language": false,
"code-block-style": {
"style": "fenced"
}
}
This diff is collapsed.
......@@ -164,9 +164,9 @@ reported by emailing contact@gitlab.com.
This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0,
available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/).
[accepting-mrs]: https://gitlab.com/charts/gitlab/issues?label_name=Accepting+Merge+Requests
[gitlab-mr-tracker]: https://gitlab.com/charts/gitlab/merge_requests
[closed-merge-requests]: https://gitlab.com/charts/gitlab/merge_requests?assignee_id=&label_name=&milestone_id=&scope=&sort=&state=closed
[accepting-mrs]: https://gitlab.com/gitlab-org/charts/gitlab/issues?label_name=Accepting+Merge+Requests
[gitlab-mr-tracker]: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests
[closed-merge-requests]: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests?assignee_id=&label_name=&milestone_id=&scope=&sort=&state=closed
[contributor-covenant]: http://contributor-covenant.org
[changelog]: doc/development/changelog.md "Generate a changelog entry"
[git-squash]: https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits
......
---
apiVersion: v1
name: gitlab
version: 1.6.1
version: 2.3.1
appVersion: master
description: Web-based Git-repository manager with wiki and issue-tracking features.
keywords:
......@@ -9,7 +9,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
sources:
- https://gitlab.com/charts/gitlab
- https://gitlab.com/gitlab-org/charts/gitlab
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
danger.import_dangerfile(path: 'scripts/support/changelog')
danger.import_dangerfile(path: 'scripts/support/metadata')
danger.import_dangerfile(path: 'scripts/support/reviewers')
......@@ -31,18 +31,24 @@ GEM
childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11)
diff-lcs (1.3)
docker-api (1.34.2)
excon (>= 0.47.0)
multi_json
excon (0.62.0)
ffi (1.9.25)
jmespath (1.4.0)
launchy (2.4.3)
addressable (~> 2.3)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
multi_json (1.13.1)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
public_suffix (3.0.2)
rack (2.0.5)
rack-test (1.0.0)
rack (>= 1.0, < 3)
rake (12.3.2)
rspec (3.7.0)
rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0)
......@@ -55,6 +61,8 @@ GEM
rspec-mocks (3.7.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.7.0)
rspec-retry (0.6.1)
rspec-core (> 3.3)
rspec-support (3.7.1)
rubyzip (1.2.1)
selenium-webdriver (3.12.0)
......@@ -70,7 +78,10 @@ DEPENDENCIES
aws-sdk-s3
capybara
capybara-screenshot
docker-api
rake
rspec
rspec-retry
selenium-webdriver
BUNDLED WITH
......
[![pipeline status](https://gitlab.com/charts/gitlab/badges/master/pipeline.svg)](https://gitlab.com/charts/gitlab/pipelines)
[![pipeline status](https://gitlab.com/gitlab-org/charts/gitlab/badges/master/pipeline.svg)](https://gitlab.com/gitlab-org/charts/gitlab/pipelines)
# Cloud Native GitLab Helm Chart
......
require_relative 'scripts/update-docker-images.rb'
namespace :images do
desc 'Sync images between dev and com registries'
task :sync, [:edition] do |t, args|
CNGImageSync.execute(edition: args[:edition])
end
end
---
title: Set the life span of Registry certificate to 10 years
merge_request: 701
author:
type: fixed
---
title: Add support for using object storage for storing MR diffs
merge_request: 698
author:
type: added
---
title: Move cron_jobs setting from sidekiq to global context
merge_request: 693
author:
type: changed
---
title: Allow Disabling of ClusterRoles in ApplicationCRD
merge_request: 702
author:
type: added
---
title: Add Gitaly configuration to migrations job
merge_request: 710
author:
type: fixed
---
title: Automate version mapping updates
merge_request: 704
author:
type: other
---
title: Add eks_bootstrap_script
merge_request: 706
author:
type: added
---
title: Extract shared configuration script of ruby-based pods into own template
merge_request: 685
author: Matthias van de Meent (Cofano Software Solutions)
type: changed
---
title: Set the Redis client ID to nil as some servers have that command disabled
merge_request: 666
author: Vic Iglesias
type: fixed
---
title: Allow use of password-less Redis services (external)
merge_request: 665
author: Vic Iglesias
type: added
......@@ -11,7 +11,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/certmanager-issuer
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/certmanager-issuer
- https://gitlab.com/gitlab-org/build/CNG/tree/master/kubectl
- https://github.com/jetstack/cert-manager
maintainers:
......
......@@ -18,12 +18,12 @@ spec:
serviceAccountName: {{ template "fullname" . }}
{{- end }}
restartPolicy: OnFailure
{{- include "pullsecrets" .Values.image | indent 6}}
{{- include "pullsecrets" .Values.global.kubectl.image | indent 6}}
containers:
- name: create-issuer
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: {{ include "gitlab.kubectl.image" . | quote }}
command: ['/bin/bash', '/scripts/create-issuer', '/scripts/issuer.yml']
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{ template "gitlab.imagePullPolicy" . }}
volumeMounts:
- name: scripts
mountPath: /scripts
......
image:
repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
tag: 1f8690f03f7aeef27e727396927ab3cc96ac89e7
pullPolicy: Always
pullSecrets: []
# Configure an ACME Issuer in cert-manager. Only used if configure==true
server: https://acme-v02.api.letsencrypt.org/directory
......
......@@ -9,7 +9,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab
- https://gitlab.com/gitlab-org/charts/gitlab
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
---
apiVersion: v1
name: gitaly
version: 1.6.1
version: 2.3.1
appVersion: master
description: Git RPC service for handling all the git calls made by GitLab
keywords:
......@@ -10,7 +10,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
maintainers:
- name: GitLab Inc.
......
......@@ -10,11 +10,11 @@ data:
configure: |
set -e
mkdir -p /init-secrets/gitaly /init-secrets/shell
cp /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
cp -v -r -L /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp -v -r -L /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
{{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets/redis
cp /init-config/redis_password /init-secrets/redis/redis_password
cp -v -r -L /init-config/redis_password /init-secrets/redis/redis_password
{{- end }}
config.toml.erb: |
# The directory where Gitaly's executables are stored
......@@ -23,6 +23,11 @@ data:
# listen on a TCP socket. This is insecure (no authentication)
listen_addr = "0.0.0.0:8075"
# If metrics collection is enabled, inform gitaly about that
{{- if .Values.metrics.enabled }}
prometheus_listen_addr = "localhost:{{ .Values.metrics.metricsPort }}"
{{- end }}
<% @storages = [ {{- range (coalesce .Values.internal.names .Values.global.gitaly.internal.names) }} {{ . | quote }}, {{- end }} ] %>
<% @index=`echo ${HOSTNAME##*-}`.to_i %>
<% if @storages.length > @index %>
......@@ -32,17 +37,73 @@ data:
<% else %>
<% raise Exception, "Storage for node #{@index} is not present in the storageNames array. Did you use kubectl to scale up ? You need to solely use helm for this purpose" %>
<% end %>
[logging]
{{- with .Values.logging }}
{{- if .level }}
level = "{{ .level }}"
{{- end }}
{{- if .format }}
format = "{{ .format }}"
{{- end }}
{{- if .sentryDsn }}
sentry_dsn = "{{ .sentryDsn }}"
{{- end }}
{{- if .rubySentryDsn }}
ruby_sentry_dsn = "{{ .rubySentryDsn }}"
{{- end }}
{{- if .sentryEnvironment }}
sentry_environment = "{{ .sentryEnvironment }}"
{{- end }}
{{- end }}
{{- if .Values.prometheus.grpcLatencyBuckets }}
[prometheus]
grpc_latency_buckets = {{ .Values.prometheus.grpcLatencyBuckets }}
{{- end }}
[auth]
token = "<%= File.read('/etc/gitlab-secrets/gitaly/gitaly_token') %>"
token = "<%= File.read('/etc/gitlab-secrets/gitaly/gitaly_token').strip.dump[1..-2] %>"
[git]
{{- with .Values.git }}
{{- if .catFileCacheSize }}
catfile_cache_size = {{ .catFileCacheSize }}
{{- end }}
{{- end }}
[gitaly-ruby]
# The directory where gitaly-ruby is installed
dir = "/srv/gitaly-ruby"
{{- with .Values.ruby }}
{{- if .maxRss }}
max_rss = {{ .maxRss }}
{{- end }}
{{- if .gracefulRestartTimeout }}
graceful_restart_timeout = "{{ .gracefulRestartTimeout }}"
{{- end }}
{{- if .restartDelay }}
restart_delay = "{{ .restartDelay }}"
{{- end }}
{{- if .numWorkers }}
num_workers = {{ .numWorkers }}
{{- end }}
{{- end }}
[gitlab-shell]
# The directory where gitlab-shell is installed
dir = "/srv/gitlab-shell"
{{- if .Values.shell.concurrency }}
{{- range .Values.shell.concurrency }}
{{- if and .rpc .maxPerRepo }}
[[concurrency]]
rpc = "{{ .rpc }}"
max_per_repo = {{ .maxPerRepo }}
{{- end }}
{{- end }}
{{- end }}
shell-config.yml.erb: |
# GitLab user. git by default
user: git
......@@ -63,7 +124,7 @@ data:
host: {{ template "gitlab.redis.host" . }}
port: {{ template "gitlab.redis.port" . }}
{{- if .Values.global.redis.password.enabled }}
pass: "<%= File.read("/etc/gitlab-secrets/redis/redis_password") %>"
pass: "<%= File.read("/etc/gitlab-secrets/redis/redis_password").strip.dump[1..-2] %>"
{{- end }}
database: nil
namespace: resque:gitlab
......
......@@ -25,9 +25,14 @@ spec:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 30
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
- name: configure
command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }}
......@@ -96,6 +101,7 @@ spec:
fieldPath: metadata.name
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 12 }}
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
- name: gitaly-config
mountPath: '/etc/gitaly/templates'
- name: gitaly-secrets
......@@ -155,6 +161,7 @@ spec:
- key: {{ template "gitlab.redis.password.key" . }}
path: redis_password
{{- end }}
{{ include "gitlab.certificates.volumes" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
......
......@@ -30,12 +30,32 @@ init:
requests:
cpu: 50m
## Support for tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
redis:
password: {}
gitaly:
authToken: {}
logging:
format: "json"
# level:
# sentryDsn:
# rubySentryDsn:
# sentryEnvironment:
git: {}
# catFileCacheSize:
ruby: {}
# maxRss:
# gracefulRestartTimeout:
# restartDelay:
# numWorkers:
prometheus: {}
# grpcLatencyBuckets: "[1.0, 1.5, 2.0, 2.5]"
unicorn: {}
# host: '0.0.0.0'
# serviceName: 'unicorn'
......@@ -43,6 +63,11 @@ unicorn: {}
redis: {}
shell:
authToken: {}
concurrency: []
# - rpc: "/gitaly.SmartHTTPService/PostUploadPack"
# maxPerRepo: 20
# - rpc: "/gitaly.SSHService/SSHUploadPack"
# maxPerRepo: 20
## Enable prometheus metrics and set the port to scrape the
## container on.
......
---
apiVersion: v1
name: gitlab-exporter
version: 2.3.1
appVersion: 5.0.1
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
- gitlab-exporter
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
- https://gitlab.com/gitlab-org/gitlab-exporter
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
{{- if .Values.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
data:
gitlab-exporter.yml.erb: |
server:
listen_address: 0.0.0.0
listen_port: {{ .Values.service.internalPort }}
probes:
db_common: &db_common
methods:
- probe_db
opts:
connection_string: dbname={{ template "gitlab.psql.database" . }} user={{ template "gitlab.psql.username" . }} host={{ template "gitlab.psql.host" . }} port={{ template "gitlab.psql.port" . }} password='<%= File.read("/etc/gitlab/postgres/psql-password").strip.gsub(/[\'\\]/) { |esc| '\\' + esc } %>'
database:
multiple: true
ci_builds:
class_name: Database::CiBuildsProber
<<: *db_common
tuple_stats:
class_name: Database::TuplesProber
<<: *db_common
rows_count:
class_name: Database::RowCountProber
<<: *db_common
sidekiq: &sidekiq
methods:
- probe_queues
- probe_workers
- probe_retries
- probe_stats
opts:
redis_url: {{ template "gitlab.redis.url" . }}
redis_enable_client: false
metrics:
multiple: true
sidekiq:
<<: *sidekiq
ci_builds:
class_name: Database::CiBuildsProber
<<: *db_common
tuple_stats:
class_name: Database::TuplesProber
<<: *db_common
rows_count:
class_name: Database::RowCountProber
<<: *db_common
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "postgres" "optional" "redis") | nindent 4 }}
# Leave this here - This line denotes end of block to the parser.
{{- end }}
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.metrics.enabled }}
{{ toYaml .Values.metrics.annotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
{{- if eq (default .Values.global.antiAffinity .antiAffinity) "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- else if eq (default .Values.global.antiAffinity .antiAffinity) "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- end }}
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
- name: configure
command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }}
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 10 }}
{{ include "gitlab.psql.ssl.volumeMount" . | indent 10 }}
- name: gitlab-exporter-config
mountPath: /config
readOnly: true
- name: init-gitlab-exporter-secrets
mountPath: /init-config
readOnly: true
- name: gitlab-exporter-secrets
mountPath: /init-secrets
readOnly: false
resources:
{{ toYaml .Values.init.resources | indent 12 }}
{{ include "pullsecrets" .Values.image | indent 6}}
containers:
{{ include "gitlab.extraContainers" . | indent 8 }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag .Chart.AppVersion }}"
{{ template "gitlab.imagePullPolicy" . }}
env:
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab-exporter/templates'
- name: CONFIG_DIRECTORY
value: '/etc/gitlab-exporter'
ports:
- containerPort: {{ .Values.service.internalPort }}
name: gitlab-exporter
volumeMounts:
- name: gitlab-exporter-config
mountPath: /var/opt/gitlab-exporter/templates/gitlab-exporter.yml.erb
subPath: gitlab-exporter.yml.erb
- name: gitlab-exporter-secrets
mountPath: '/etc/gitlab'
readOnly: true
{{ include "gitlab.extraVolumeMounts" . | indent 12 }}
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
livenessProbe:
exec:
command:
- pgrep
- -f
- gitlab-exporter
readinessProbe:
exec:
command:
- pgrep
- -f
- gitlab-exporter
lifecycle:
preStop:
exec:
command: ["/bin/bash", "-c", "pkill -f 'gitlab-exporter'"]
resources:
{{ toYaml .Values.resources | indent 12 }}
volumes:
{{ include "gitlab.extraVolumes" . | indent 6 }}
- name: gitlab-exporter-config
configMap:
name: {{ template "fullname" . }}
- name: init-gitlab-exporter-secrets
projected:
defaultMode: 0400
sources:
- secret:
name: {{ template "gitlab.psql.password.secret" . }}
items:
- key: {{ template "gitlab.psql.password.key" . }}
path: postgres/psql-password
{{- if .Values.global.redis.password.enabled }}
- secret:
name: {{ template "gitlab.redis.password.secret" . }}
items:
- key: {{ template "gitlab.redis.password.key" . }}
path: redis/password
{{- end }}
- name: gitlab-exporter-secrets
emptyDir:
medium: "Memory"
{{ include "gitlab.certificates.volumes" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
annotations:
{{ include "gitlab.serviceAnnotations" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
protocol: TCP
name: gitlab-exporter
selector:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- end }}
# Default values for gitlab-exporter.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter
pullSecrets: []
# pullPolicy: IfNotPresent
# tag: latest
service:
name: gitlab-exporter
type: ClusterIP
externalPort: 9168
internalPort: 9168
metrics:
enabled: true
port: 9168
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9168"
prometheus.io/path: "/metrics"
enabled: true
init:
image: busybox
tag: latest
resources:
requests:
cpu: 50m
global:
# imagePullPolicy: IfNotPresent
redis:
password: {}
redis:
password: {}
resources:
# limits:
# cpu: 1
# memory: 2G
requests:
cpu: 50m
memory: 100M
---
apiVersion: v1
name: gitlab-grafana
version: 2.3.1
description: Adapt the Grafana chart to interface to the GitLab App
keywords:
- gitlab
- grafana
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
#!/bin/sh
PW_FILE='/tmp/initial/password'
# If the password file exists, set the admin password using the contents
if [ -r "$PW_FILE" ]; then
echo "GitLab shim: Setting admin username to root"
export GF_SECURITY_ADMIN_USER="root"
read -r line < "$PW_FILE"
echo "GitLab shim: Setting admin password in environment"
export GF_SECURITY_ADMIN_PASSWORD="$line"
fi
# Start up the full grafana service
exec /run.sh
{{- if .Values.global.grafana.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fullname" . }}-datasource
namespace: {{ .Release.Namespace }}
labels:
gitlab_grafana_datasource: "true"
{{ include "gitlab.standardLabels" . | indent 4 }}
data:
gitlab.yaml: |
apiVersion: 1
deleteDatasources:
- name: GitLab installed Prometheus
orgId: 1
datasources:
- name: GitLab installed Prometheus
type: prometheus
orgId: 1
url: "http://{{ .Release.Name }}-prometheus-server"
access: proxy
isDefault: true
editable: false
{{- end }}
{{- if .Values.global.grafana.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-grafana-import-secret
namespace: {{ .Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
data:
import-secret.sh: |-
{{ include (print $.Template.BasePath "/_import-secret.sh") . | indent 4 }}
{{- end }}
{{- if .Values.global.grafana.enabled -}}
{{- $gitlabHostname := include "gitlab.gitlab.hostname" . -}}
{{- $tlsSecret := include "unicorn.tlsSecret" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Release.Name }}-grafana
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
annotations:
kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}"
kubernetes.io/ingress.provider: nginx
nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }}
nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.ingress.proxyReadTimeout | quote }}
nginx.ingress.kubernetes.io/proxy-connect-timeout: {{ .Values.ingress.proxyConnectTimeout | quote }}
nginx.ingress.kubernetes.io/rewrite-target: /
{{ include "gitlab.certmanager_annotations" . }}
{{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ $gitlabHostname }}
http:
paths:
- backend:
serviceName: {{ .Release.Name }}-grafana
servicePort: 80
path: /-/grafana
{{- if (and $tlsSecret (eq (include "gitlab.ingress.tls.enabled" $) "true" )) }}
tls:
- hosts:
- {{ $gitlabHostname }}
secretName: {{ $tlsSecret }}
{{- else }}
tls: []
{{- end }}
{{- end -}}
\ No newline at end of file
## GitLab Grafana configuration
## If enabled, we will deploy a secured Grafana
# This chart is controlled by `global.grafana.enabled`
global: {}
# We supply an Ingress resource that locates Grafana under /-/grafana
# NOTE: these values are placeholders for template functionality.
ingress:
tls: {}
annotations: {}
proxyBodySize: "0"
# Setting longer read timeout in case there is a lot of data coming back
proxyReadTimeout: 180
proxyConnectTimeout: 15
---
apiVersion: v1
name: gitlab-shell
version: 1.6.1
version: 2.3.1
appVersion: master
description: sshd for Gitlab
keywords:
......@@ -11,7 +11,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
maintainers:
- name: GitLab Inc.
......
......@@ -10,7 +10,7 @@ data:
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "shell" ) | nindent 4 -}}
mkdir -p /${secret_dir}/ssh
cp /${config_dir}/ssh_host_* /${secret_dir}/ssh/
cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/
chmod 0400 /${secret_dir}/ssh/ssh_host_*
config.yml.erb: |
# GitLab user. git by default
......@@ -32,7 +32,7 @@ data:
host: {{ template "gitlab.redis.host" . }}
port: {{ template "gitlab.redis.port" . }}
{{- if .Values.global.redis.password.enabled }}
pass: "<%= File.read("/etc/gitlab-secrets/redis/password") %>"
pass: "<%= File.read("/etc/gitlab-secrets/redis/password").strip.dump[1..-2] %>"
{{- end }}
database: nil
namespace: resque:gitlab
......
......@@ -23,6 +23,10 @@ spec:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
......
......@@ -11,10 +11,23 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
- port: {{ include "gitlab.shell.port" . | int }}
targetPort: {{ .Values.service.internalPort }}
protocol: TCP
name: ssh
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
selector:
app: {{ template "name" . }}
release: {{ .Release.Name }}
......
......@@ -11,6 +11,12 @@ service:
type: ClusterIP
externalPort: 22
internalPort: 2222
# loadBalancerIP: x.x.x.x
# loadBalancerSourceRanges:
# - x.x.x.x/yy
# externalIPs:
# - x.x.x.x
# - y.y.y.y
init:
image: busybox
......@@ -18,6 +24,9 @@ init:
resources:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
......
---
apiVersion: v1
name: mailroom
version: 1.6.1
version: 2.3.1
appVersion: master
description: Handling incoming emails
keywords:
......@@ -10,7 +10,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom
maintainers:
- name: GitLab Inc.
......
......@@ -16,14 +16,14 @@ data:
:ssl: {{ .ssl }}
:start_tls: {{ .startTls }}
:email: {{ .user }}
:password: <%= File.read("/etc/gitlab/mailroom/password") %>
:password: "<%= File.read("/etc/gitlab/mailroom/password").strip.dump[1..-2] %>"
:idle_timeout: {{ .idleTimeout }}
:name: {{ .mailbox }}
:delete_after_delivery: true
:delivery_method: sidekiq
{{- end }}
:delivery_options:
:redis_url: {{ template "gitlab.redis.scheme" . }}://:<%= File.read("/etc/gitlab/redis/password") %>@{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
:redis_url: {{ template "gitlab.redis.url" . }}
:namespace: resque:gitlab
:queue: email_receiver
:worker: EmailReceiverWorker
......
......@@ -20,6 +20,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......
......@@ -13,6 +13,9 @@ init:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
redis:
......
---
apiVersion: v1
name: migrations
version: 1.6.1
version: 2.3.1
appVersion: master
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
......@@ -9,7 +9,7 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/migrations
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
maintainers:
- name: GitLab Inc.
......
......@@ -15,6 +15,10 @@ spec:
app: {{ template "name" . }}
release: {{ .Release.Name }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......
......@@ -14,9 +14,10 @@ data:
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: <%= File.read("/etc/gitlab/postgres/psql-password") %>
password: "<%= File.read("/etc/gitlab/postgres/psql-password").strip.dump[1..-2] %>"
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
prepared_statements: {{ template "gitlab.psql.preparedStatements" . }}
# load_balancing:
# hosts:
# - host1.example.com
......
......@@ -14,6 +14,9 @@ init:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
enabled: true
initialRootPassword: {}
redis:
......@@ -32,6 +35,7 @@ global:
# port: '5432'
# database: 'gitlabhq_production'
# username: 'gitlab'
# preparedStatements: false
# password:
# secret: gitlab-postgres
# key: psql-password
......
---
apiVersion: v1
name: operator
version: 1.6.1
version: 2.3.1
appVersion: master
description: Gitlab operator for managing upgrades
keywords:
......@@ -10,8 +10,8 @@ keywords:
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/operator
- https://gitlab.com/charts/components/gitlab-operator
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/operator
- https://gitlab.com/gitlab-org/charts/components/gitlab-operator
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
{{- if and .Values.global.operator.enabled }}
{{- if .Values.global.operator.enabled }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
......@@ -11,12 +11,20 @@ spec:
kind: GitLab
plural: gitlabs
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
......@@ -24,41 +32,37 @@ spec:
properties:
helmRelease:
type: string
revision:
type: string
templates:
type: object
properties:
sharedSecretsTemplate:
type: object
migrationsTemplate:
properties:
configMapName:
type: string
configMapKey:
type: string
roleKey:
type: string
roleBindingKey:
type: string
serviceAccountKey:
configMapName:
type: string
required:
- configMapKey
- configMapName
- roleKey
- roleKey
- serviceAccountKey
migrationsTemplate:
- configMapName
- configMapKey
type: object
sharedSecretsTemplate:
properties:
configMapName:
roleBindingKey:
type: string
configMapKey:
roleKey:
type: string
serviceAccountKey:
type: string
required:
- configMapName
- configMapKey
- serviceAccountKey
- roleKey
- roleBindingKey
type: object
required:
- migrationsTemplate
- sharedSecretsTemplate
- migrationsTemplate
- sharedSecretsTemplate
type: object
version:
type: string
required:
......@@ -67,6 +71,38 @@ spec:
- helmRelease
type: object
status:
properties:
conditions:
items: