...
 
Commits (43)
...@@ -64,18 +64,6 @@ lint_package: ...@@ -64,18 +64,6 @@ lint_package:
except: except:
- tags - tags
release_package:
stage: package
when: always
script:
- curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master
--form "variables[CHART_NAME]=$CI_PROJECT_NAME"
--form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
only:
- tags@charts/gitlab
review: review:
stage: review stage: review
script: script:
...@@ -667,5 +655,33 @@ qa: ...@@ -667,5 +655,33 @@ qa:
retry: 1 retry: 1
allow_failure: true allow_failure: true
sync_images:
image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder:ruby_docker-0.0.7
stage: prepare
services:
- docker:dind
before_script: []
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375
script:
- bundle install
- bundle exec rake images:sync[ee]
- bundle exec rake images:sync[ce]
only:
- tags@gitlab/charts/gitlab
release_package:
stage: package
script:
- curl --request POST --form "token=${COM_CHARTS_TRIGGER_TOKEN}" --form ref=master
--form "variables[CHART_NAME]=$CI_PROJECT_NAME"
--form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
only:
- tags@gitlab/charts/gitlab
dependencies:
- sync_images
before_script: before_script:
- *auto_devops - *auto_devops
...@@ -20,15 +20,25 @@ ...@@ -20,15 +20,25 @@
.idea/ .idea/
*.tmproj *.tmproj
# Project/CI/CD related items # Project/CI/CD related items
.gitlab
.gitlab-ci.yml
.dockerignore
.helmignore
Dangerfile
Gemfile
Gemfile.lock
ci/ ci/
doc/ doc/
examples/
images/ images/
certs/ certs/
scripts/ scripts/
spec/ spec/
build/ build/
*.md
CHANGELOG
changelogs/ changelogs/
# CHANGELOG.md
bin/ bin/
spec/ spec/
# dependencies.io
dependencies.yml
dependencies_io/
...@@ -2,6 +2,85 @@ ...@@ -2,6 +2,85 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 1.7.5 (2019-04-11)
### Other (1 change)
- Update GitLab Version to 11.9.8.
## 1.7.4 (2019-04-10)
### Fixed (1 change)
- Ensure README present in helm package. !752
### Other (1 change)
- Update GitLab Version to 11.9.7.
## 1.7.3 (2019-04-05)
### Fixed (2 changes)
- Mount object storage secrets related to external diffs to pods. !745
- Fix support for NGINX Ingress DaemonSets. !748
### Other (1 change)
- Update GitLab Version to 11.9.6.
## 1.7.2 (2019-04-02)
### Fixed (1 change)
- Application: use groups in componentKinds. !740
### Other (1 change)
- Update GitLab Version to 11.9.4.
## 1.7.1 (2019-03-25)
### Other (2 changes)
- Update gitlab-runner to 0.3.0/11.9.0. !735
- Update GitLab Version to 11.9.1.
## 1.7.0 (2019-03-22)
### Fixed (5 changes, 3 of them are from the community)
- Set the Redis client ID to nil as some servers have that command disabled. !666 (Vic Iglesias)
- Set the life span of Registry certificate to 10 years. !701
- Add Gitaly configuration to migrations job. !710
- Add missing certificates initContainer to gitaly. !716 (Harry Lee (tclh123))
- Provide Kubernetes 1.8 backwards compatibility for init-container secret copying. !720 (Fabian Jucker)
### Changed (3 changes, 1 of them is from the community)
- Extract shared configuration script of ruby-based pods into own template. !685 (Matthias van de Meent (Cofano Software Solutions))
- Move cron_jobs setting from sidekiq to global context. !693
- Allow disabling of the unicorn helm test. !721
### Added (5 changes, 1 of them is from the community)
- Allow use of password-less Redis services (external). !665 (Vic Iglesias)
- Add support for using object storage for storing MR diffs. !698
- Allow Disabling of ClusterRoles in ApplicationCRD. !702
- Add eks_bootstrap_script. !706
- Registry: Add caompatibility for Docker manifest schema1. !724
### Other (2 changes)
- Automate version mapping updates. !704
- Update GitLab Version to 11.9.0.
## 1.6.1 (2019-03-04) ## 1.6.1 (2019-03-04)
### Fixed (1 change) ### Fixed (1 change)
......
--- ---
apiVersion: v1 apiVersion: v1
name: gitlab name: gitlab
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: Web-based Git-repository manager with wiki and issue-tracking features. description: Web-based Git-repository manager with wiki and issue-tracking features.
keywords: keywords:
- gitlab - gitlab
......
...@@ -5,3 +5,5 @@ gem 'aws-sdk-s3' ...@@ -5,3 +5,5 @@ gem 'aws-sdk-s3'
gem 'capybara' gem 'capybara'
gem 'selenium-webdriver' gem 'selenium-webdriver'
gem 'capybara-screenshot' gem 'capybara-screenshot'
gem 'docker-api'
gem 'rake'
...@@ -31,18 +31,24 @@ GEM ...@@ -31,18 +31,24 @@ GEM
childprocess (0.9.0) childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11) ffi (~> 1.0, >= 1.0.11)
diff-lcs (1.3) diff-lcs (1.3)
docker-api (1.34.2)
excon (>= 0.47.0)
multi_json
excon (0.62.0)
ffi (1.9.25) ffi (1.9.25)
jmespath (1.4.0) jmespath (1.4.0)
launchy (2.4.3) launchy (2.4.3)
addressable (~> 2.3) addressable (~> 2.3)
mini_mime (1.0.0) mini_mime (1.0.0)
mini_portile2 (2.3.0) mini_portile2 (2.3.0)
multi_json (1.13.1)
nokogiri (1.8.2) nokogiri (1.8.2)
mini_portile2 (~> 2.3.0) mini_portile2 (~> 2.3.0)
public_suffix (3.0.2) public_suffix (3.0.2)
rack (2.0.5) rack (2.0.5)
rack-test (1.0.0) rack-test (1.0.0)
rack (>= 1.0, < 3) rack (>= 1.0, < 3)
rake (12.3.2)
rspec (3.7.0) rspec (3.7.0)
rspec-core (~> 3.7.0) rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0) rspec-expectations (~> 3.7.0)
...@@ -70,6 +76,8 @@ DEPENDENCIES ...@@ -70,6 +76,8 @@ DEPENDENCIES
aws-sdk-s3 aws-sdk-s3
capybara capybara
capybara-screenshot capybara-screenshot
docker-api
rake
rspec rspec
selenium-webdriver selenium-webdriver
......
require_relative 'scripts/update-docker-images.rb'
namespace :images do
desc 'Sync images between dev and com registries'
task :sync, [:edition] do |t, args|
CNGImageSync.execute(edition: args[:edition])
end
end
---
title: Set the life span of Registry certificate to 10 years
merge_request: 701
author:
type: fixed
---
title: Add support for using object storage for storing MR diffs
merge_request: 698
author:
type: added
---
title: Move cron_jobs setting from sidekiq to global context
merge_request: 693
author:
type: changed
---
title: Allow Disabling of ClusterRoles in ApplicationCRD
merge_request: 702
author:
type: added
---
title: Add Gitaly configuration to migrations job
merge_request: 710
author:
type: fixed
---
title: Automate version mapping updates
merge_request: 704
author:
type: other
---
title: Add eks_bootstrap_script
merge_request: 706
author:
type: added
---
title: Extract shared configuration script of ruby-based pods into own template
merge_request: 685
author: Matthias van de Meent (Cofano Software Solutions)
type: changed
---
title: Set the Redis client ID to nil as some servers have that command disabled
merge_request: 666
author: Vic Iglesias
type: fixed
---
title: Allow use of password-less Redis services (external)
merge_request: 665
author: Vic Iglesias
type: added
--- ---
apiVersion: v1 apiVersion: v1
name: gitaly name: gitaly
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 1.27.1
description: Git RPC service for handling all the git calls made by GitLab description: Git RPC service for handling all the git calls made by GitLab
keywords: keywords:
- gitlab - gitlab
......
...@@ -10,11 +10,11 @@ data: ...@@ -10,11 +10,11 @@ data:
configure: | configure: |
set -e set -e
mkdir -p /init-secrets/gitaly /init-secrets/shell mkdir -p /init-secrets/gitaly /init-secrets/shell
cp /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret cp -v -r -L /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp /init-config/gitaly_token /init-secrets/gitaly/gitaly_token cp -v -r -L /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
{{- if .Values.global.redis.password.enabled }} {{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets/redis mkdir -p /init-secrets/redis
cp /init-config/redis_password /init-secrets/redis/redis_password cp -v -r -L /init-config/redis_password /init-secrets/redis/redis_password
{{- end }} {{- end }}
config.toml.erb: | config.toml.erb: |
# The directory where Gitaly's executables are stored # The directory where Gitaly's executables are stored
......
...@@ -28,6 +28,7 @@ spec: ...@@ -28,6 +28,7 @@ spec:
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
initContainers: initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }} {{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
- name: configure - name: configure
command: ['sh', '/config/configure'] command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }} image: {{ .Values.init.image }}:{{ .Values.init.tag }}
...@@ -96,6 +97,7 @@ spec: ...@@ -96,6 +97,7 @@ spec:
fieldPath: metadata.name fieldPath: metadata.name
volumeMounts: volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 12 }} {{ include "gitlab.extraVolumeMounts" . | indent 12 }}
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
- name: gitaly-config - name: gitaly-config
mountPath: '/etc/gitaly/templates' mountPath: '/etc/gitaly/templates'
- name: gitaly-secrets - name: gitaly-secrets
...@@ -155,6 +157,7 @@ spec: ...@@ -155,6 +157,7 @@ spec:
- key: {{ template "gitlab.redis.password.key" . }} - key: {{ template "gitlab.redis.password.key" . }}
path: redis_password path: redis_password
{{- end }} {{- end }}
{{ include "gitlab.certificates.volumes" . | indent 6 }}
{{- if .Values.nodeSelector }} {{- if .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }} {{ toYaml .Values.nodeSelector | indent 8 }}
......
--- ---
apiVersion: v1 apiVersion: v1
name: gitlab-shell name: gitlab-shell
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 8.7.1
description: sshd for Gitlab description: sshd for Gitlab
keywords: keywords:
- gitlab - gitlab
......
...@@ -10,7 +10,7 @@ data: ...@@ -10,7 +10,7 @@ data:
configure: | configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "shell" ) | nindent 4 -}} {{- include "gitlab.scripts.configure.secrets" (dict "required" "shell" ) | nindent 4 -}}
mkdir -p /${secret_dir}/ssh mkdir -p /${secret_dir}/ssh
cp /${config_dir}/ssh_host_* /${secret_dir}/ssh/ cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/
chmod 0400 /${secret_dir}/ssh/ssh_host_* chmod 0400 /${secret_dir}/ssh/ssh_host_*
config.yml.erb: | config.yml.erb: |
# GitLab user. git by default # GitLab user. git by default
......
--- ---
apiVersion: v1 apiVersion: v1
name: mailroom name: mailroom
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: Handling incoming emails description: Handling incoming emails
keywords: keywords:
- gitlab - gitlab
......
--- ---
apiVersion: v1 apiVersion: v1
name: migrations name: migrations
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: Database migrations and other versioning tasks for upgrading Gitlab description: Database migrations and other versioning tasks for upgrading Gitlab
keywords: keywords:
- gitlab - gitlab
......
--- ---
apiVersion: v1 apiVersion: v1
name: operator name: operator
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: Gitlab operator for managing upgrades description: Gitlab operator for managing upgrades
keywords: keywords:
- gitlab - gitlab
......
--- ---
apiVersion: v1 apiVersion: v1
name: sidekiq name: sidekiq
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: Gitlab Sidekiq for asynchronous task processing in rails description: Gitlab Sidekiq for asynchronous task processing in rails
keywords: keywords:
- gitlab - gitlab
......
...@@ -261,6 +261,7 @@ spec: ...@@ -261,6 +261,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
--- ---
apiVersion: v1 apiVersion: v1
name: task-runner name: task-runner
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: For manually running rake tasks through kubectl description: For manually running rake tasks through kubectl
keywords: keywords:
- gitlab - gitlab
......
...@@ -54,7 +54,7 @@ spec: ...@@ -54,7 +54,7 @@ spec:
args: args:
- /bin/bash - /bin/bash
- -c - -c
- cp /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity - cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}"
{{ template "gitlab.imagePullPolicy" . }} {{ template "gitlab.imagePullPolicy" . }}
env: env:
...@@ -149,6 +149,7 @@ spec: ...@@ -149,6 +149,7 @@ spec:
{{- include "gitlab.minio.mountSecrets" $ | nindent 10 }} {{- include "gitlab.minio.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
--- ---
apiVersion: v1 apiVersion: v1
name: unicorn name: unicorn
version: 1.6.1 version: 1.7.5
appVersion: master appVersion: 11.9.8
description: HTTP server for Gitlab description: HTTP server for Gitlab
keywords: keywords:
- gitlab - gitlab
......
...@@ -154,10 +154,10 @@ data: ...@@ -154,10 +154,10 @@ data:
configure: | configure: |
set -e set -e
mkdir -p /init-secrets-workhorse/gitlab-workhorse mkdir -p /init-secrets-workhorse/gitlab-workhorse
cp /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
{{- if .Values.global.redis.password.enabled }} {{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets-workhorse/redis mkdir -p /init-secrets-workhorse/redis
cp /init-config/redis/password /init-secrets-workhorse/redis/ cp -v -r -L /init-config/redis/password /init-secrets-workhorse/redis/
{{- end }} {{- end }}
# Leave this here - This line denotes end of block to the parser. # Leave this here - This line denotes end of block to the parser.
{{- end }} {{- end }}
...@@ -276,6 +276,7 @@ spec: ...@@ -276,6 +276,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
{{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }} {{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }}
......
{{- if .Values.enabled -}} {{- if and .Values.enabled .Values.helmTests.enabled -}}
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
......
{{- if .Values.enabled -}} {{- if and .Values.enabled .Values.helmTests.enabled -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
......
...@@ -189,3 +189,5 @@ resources: ...@@ -189,3 +189,5 @@ resources:
maxUnavailable: 1 maxUnavailable: 1
minReplicas: 2 minReplicas: 2
maxReplicas: 10 maxReplicas: 10
helmTests:
enabled: true
...@@ -13,12 +13,12 @@ secret_dir="/init-secrets" ...@@ -13,12 +13,12 @@ secret_dir="/init-secrets"
for secret in {{ default "shell gitaly registry postgres rails-secrets gitlab-workhorse" $.required }} ; do for secret in {{ default "shell gitaly registry postgres rails-secrets gitlab-workhorse" $.required }} ; do
mkdir -p "${secret_dir}/${secret}" mkdir -p "${secret_dir}/${secret}"
cp -v -r "${config_dir}/${secret}/." "${secret_dir}/${secret}/" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done done
for secret in {{ default "redis minio objectstorage ldap omniauth smtp" $.optional }} ; do for secret in {{ default "redis minio objectstorage ldap omniauth smtp" $.optional }} ; do
if [ -e "${config_dir}/${secret}" ]; then if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}" mkdir -p "${secret_dir}/${secret}"
cp -v -r "${config_dir}/${secret}/." "${secret_dir}/${secret}/" cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi fi
done done
{{ end -}} {{ end -}}
...@@ -45,18 +45,17 @@ Returns mount definition for the volume mount definition above. ...@@ -45,18 +45,17 @@ Returns mount definition for the volume mount definition above.
{{- end -}} {{- end -}}
{{/* {{/*
Returns a shell script snippet, which extends the script of a configure Returns a shell script snippet, which extends the script of a configure
container to copy the mutual TLS files to the proper location. Further container to copy the mutual TLS files to the proper location. Further
it sets the permissions correctly. it sets the permissions correctly.
*/}} */}}
{{- define "gitlab.psql.ssl.initScript" -}} {{- define "gitlab.psql.ssl.initScript" -}}
{{- if .Values.global.psql.ssl }} {{- if .Values.global.psql.ssl }}
if [ -d /etc/postgresql/ssl ]; then if [ -d /etc/postgresql/ssl ]; then
mkdir -p /${secret_dir}/postgres/ssl mkdir -p /${secret_dir}/postgres/ssl
cp /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/ cp -v -r -L /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/
chmod 600 /${secret_dir}/postgres/ssl/* chmod 600 /${secret_dir}/postgres/ssl/*
chmod 700 /${secret_dir}/postgres/ssl chmod 700 /${secret_dir}/postgres/ssl
fi fi
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
...@@ -13,6 +13,11 @@ spec: ...@@ -13,6 +13,11 @@ spec:
updateStrategy: updateStrategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }} {{ toYaml .Values.controller.updateStrategy | indent 4 }}
minReadySeconds: {{ .Values.controller.minReadySeconds }} minReadySeconds: {{ .Values.controller.minReadySeconds }}
selector:
matchLabels:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
template: template:
metadata: metadata:
annotations: annotations:
......
...@@ -37,6 +37,13 @@ data: ...@@ -37,6 +37,13 @@ data:
# This is provided from the initContainer execution, at a known path. # This is provided from the initContainer execution, at a known path.
rootcertbundle: /etc/docker/registry/certificate.crt rootcertbundle: /etc/docker/registry/certificate.crt
autoredirect: {{ .Values.authAutoRedirect }} autoredirect: {{ .Values.authAutoRedirect }}
{{- if .Values.compatibility }}
compatibility:
{{- if .Values.compatibility.schema1 }}
schema1:
enabled: {{ eq true .Values.compatibility.schema1.enabled }}
{{- end }}
{{- end }}
storage: storage:
{{- if .Values.storage }} {{- if .Values.storage }}
{{- else if .Values.global.minio.enabled }} {{- else if .Values.global.minio.enabled }}
......
...@@ -66,7 +66,7 @@ init: ...@@ -66,7 +66,7 @@ init:
if [ -e /config/accesskey ] ; then if [ -e /config/accesskey ] ; then
sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml
else else
cp /config/config.yml /registry/config.yml cp -v -r -L /config/config.yml /registry/config.yml
fi fi
# Place the `http.secret` value from the kubernetes secret # Place the `http.secret` value from the kubernetes secret
sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml
...@@ -74,7 +74,7 @@ init: ...@@ -74,7 +74,7 @@ init:
if [ -d /config/storage ]; then if [ -d /config/storage ]; then
# Copy contents of storage secret(s) # Copy contents of storage secret(s)
mkdir -p /registry/storage mkdir -p /registry/storage
cp /config/storage/* /registry/storage/ cp -v -r -L /config/storage/* /registry/storage/
# Ensure there is a new line in the end # Ensure there is a new line in the end
echo '' >> /registry/storage/config echo '' >> /registry/storage/config
# Default `delete.enabled: true` if not present. # Default `delete.enabled: true` if not present.
...@@ -121,3 +121,8 @@ maxReplicas: 10 ...@@ -121,3 +121,8 @@ maxReplicas: 10
maxUnavailable: 1 maxUnavailable: 1
storage: {} storage: {}
minio: {} minio: {}
# https://github.com/docker/distribution/blob/master/docs/configuration.md#compatibility
compatibility:
schema1:
enabled: false
...@@ -47,11 +47,12 @@ Examples for [S3][storage-s3](any s3 compatible) and [GCS][storage-gcs] drivers ...@@ -47,11 +47,12 @@ Examples for [S3][storage-s3](any s3 compatible) and [GCS][storage-gcs] drivers
1. Follow [registry chart documentation on storage](../../charts/registry/index.md#storage) for creating the secret. 1. Follow [registry chart documentation on storage](../../charts/registry/index.md#storage) for creating the secret.
1. Configure the chart as documented. 1. Configure the chart as documented.
## LFS, Artifacts, Uploads, Packages, Pseudonymizer ## LFS, Artifacts, Uploads, Packages, External Diffs, Pseudonymizer
Configuration of object storage for LFS, artifacts, uploads, and packages is done Configuration of object storage for LFS, artifacts, uploads, packages, external
via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.uploads`, diffs, and pseudonymizer is done via the `global.appConfig.lfs`,
`global.appConfig.packages` and `global.appConfig.pseudonymizer` keys. `global.appConfig.artifacts`, `global.appConfig.uploads`,
`global.appConfig.packages`, `global.appConfig.externalDiffs` and `global.appConfig.pseudonymizer` keys.
``` ```
--set global.appConfig.lfs.bucket=gitlab-lfs-storage --set global.appConfig.lfs.bucket=gitlab-lfs-storage
...@@ -70,6 +71,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig. ...@@ -70,6 +71,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
--set global.appConfig.packages.connection.secret=object-storage --set global.appConfig.packages.connection.secret=object-storage
--set global.appConfig.packages.connection.key=connection --set global.appConfig.packages.connection.key=connection
--set global.appConfig.externalDiffs.bucket=gitlab-externaldiffs-storage
--set global.appConfig.externalDiffs.connection.secret=object-storage
--set global.appConfig.externalDiffs.connection.key=connection
--set global.appConfig.pseudonymizer.bucket=gitlab-pseudonymizer-storage --set global.appConfig.pseudonymizer.bucket=gitlab-pseudonymizer-storage
--set global.appConfig.pseudonymizer.connection.secret=object-storage --set global.appConfig.pseudonymizer.connection.secret=object-storage
--set global.appConfig.pseudonymizer.connection.key=connection --set global.appConfig.pseudonymizer.connection.key=connection
...@@ -77,6 +82,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig. ...@@ -77,6 +82,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
> **Note**: Currently a different bucket is needed for each, otherwise performing a restore from backup will not properly function. > **Note**: Currently a different bucket is needed for each, otherwise performing a restore from backup will not properly function.
> **Note**: Storing MR diffs on external storage is not enabled by default. So,
> for the object storage settings for `externalDiffs` to take effect,
> `global.appConfig.externalDiffs.enabled` key should have a `true` value.
See the [charts/globals documentaion on appConfig](../../charts/globals.md#configure-appconfig-settings) for full details. See the [charts/globals documentaion on appConfig](../../charts/globals.md#configure-appconfig-settings) for full details.
Create the secret(s) per the [connection details documentation](../../charts/globals.md#connection), and then configure the chart to use the provided secrets. Note, the same secret can be used for all of them. Create the secret(s) per the [connection details documentation](../../charts/globals.md#connection), and then configure the chart to use the provided secrets. Note, the same secret can be used for all of them.
......
...@@ -35,6 +35,9 @@ registry: ...@@ -35,6 +35,9 @@ registry:
certificate: certificate:
replicas: replicas:
storage: storage:
compatibility:
schema1:
enabled: false
ingress: ingress:
enabled: enabled:
tls: tls:
...@@ -206,7 +209,30 @@ certificate: ...@@ -206,7 +209,30 @@ certificate:
key: registry-auth.crt key: registry-auth.crt
``` ```
#### replicas ### compatiblity
The `compatibility` field is a map relating directly to the configuration file's
[compatiblity](https://github.com/docker/distribution/blob/master/docs/configuration.md#compatibility)
section.
Default contents:
```
compatibility:
schema1:
enabled: false
```
#### schema1
The `schema1` section controls the compatibility of the service with version 1
of the Docker manifest schema. This setting is provide as a means of supporting
Docker clients earlier than `1.10`, after which schema v2 is used by default.
If you _must_ support older verions of Docker clients, you can do so by setting
`registry.compatbility.schema1.enabled: true`.
### replicas
Field `replicas` is an integer, controlling the number of [registry][] instances to create as a part of the set. This defaults to `1`. Field `replicas` is an integer, controlling the number of [registry][] instances to create as a part of the set. This defaults to `1`.
......
...@@ -4,6 +4,12 @@ The table below maps some of the key previous chart versions and GitLab versions ...@@ -4,6 +4,12 @@ The table below maps some of the key previous chart versions and GitLab versions
| Chart version | GitLab version | | Chart version | GitLab version |
|---------------|----------------| |---------------|----------------|
| 1.7.5 | 11.9.8 |
| 1.7.4 | 11.9.7 |
| 1.7.3 | 11.9.6 |
| 1.7.2 | 11.9.4 |
| 1.7.1 | 11.9.1 |
| 1.7.0 | 11.9.0 |
| 1.5.0 | 11.7.0 | | 1.5.0 | 11.7.0 |
| 1.4.0 | 11.6.0 | | 1.4.0 | 11.6.0 |
| 1.3.0 | 11.5.0 | | 1.3.0 | 11.5.0 |
...@@ -35,4 +41,4 @@ gitlab/gitlab 1.4.1 11.6.2 ...@@ -35,4 +41,4 @@ gitlab/gitlab 1.4.1 11.6.2
Read more about our charts versioning [here](https://gitlab.com/charts/gitlab/blob/master/doc/development/release.md#chart-versioning) Read more about our charts versioning [here](https://gitlab.com/charts/gitlab/blob/master/doc/development/release.md#chart-versioning)
Check the [releases documentation](../releases/index.md) for information on important releases, Check the [releases documentation](../releases/index.md) for information on important releases,
and see the [changelog](https://gitlab.com/charts/gitlab/blob/master/CHANGELOG.md) for the full details on any release. and see the [changelog](https://gitlab.com/charts/gitlab/blob/master/CHANGELOG.md) for the full details on any release.
\ No newline at end of file
...@@ -13,6 +13,6 @@ dependencies: ...@@ -13,6 +13,6 @@ dependencies:
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.install condition: postgresql.install
- name: gitlab-runner - name: gitlab-runner
version: 0.2.0 version: 0.3.0
repository: https://charts.gitlab.io/ repository: https://charts.gitlab.io/
condition: gitlab-runner.install condition: gitlab-runner.install
...@@ -2,19 +2,29 @@ require_relative 'version' ...@@ -2,19 +2,29 @@ require_relative 'version'
require 'open-uri' require 'open-uri'
require 'uri' require 'uri'
require 'cgi'
class VersionFetcher class VersionFetcher
def initialize(version, repo) def initialize(version, repo)
@version = Version.new(version) @version = Version.new(version)
@repo = repo @repo = repo
@api_token = ENV['FETCH_DEV_ARTIFACTS_PAT']
@api_url = if @repo.start_with?('gitlab/')
'https://dev.gitlab.org/api/v4'
elsif @repo.start_with?('gitlab-org/')
'https://gitlab.com/api/v4'
else
ENV['CI_API_V4_URL']
end
end end
# GitLab Shell Version # GitLab Shell Version
def gitlab_shell def gitlab_shell
return @version if @version == 'master' return @version if @version == 'master'
url = "#{@repo}/raw/#{ref(@version)}/GITLAB_SHELL_VERSION" url = "#{@api_url}/projects/#{CGI.escape(@repo)}/repository/files/GITLAB_SHELL_VERSION/raw?ref=#{ref(@version)}"
new_version = URI.parse(url).read.strip $stdout.puts "Getting GitLab Shell version from #{url}"
new_version = open(url, 'PRIVATE-TOKEN' => @api_token).read.strip
$stdout.puts "# Shell appVersion: #{new_version}" $stdout.puts "# Shell appVersion: #{new_version}"
new_version new_version
end end
...@@ -23,8 +33,9 @@ class VersionFetcher ...@@ -23,8 +33,9 @@ class VersionFetcher
def gitaly def gitaly
return @version if @version == 'master' return @version if @version == 'master'
url = "#{@repo}/raw/#{ref(@version)}/GITALY_SERVER_VERSION" url = "#{@api_url}/projects/#{CGI.escape(@repo)}/repository/files/GITALY_SERVER_VERSION/raw?ref=#{ref(@version)}"
new_version = URI.parse(url).read.strip $stdout.puts "Getting Gitaly version from #{url}"
new_version = open(url, 'PRIVATE-TOKEN' => @api_token).read.strip
$stdout.puts "# Gitaly appVersion: #{new_version}" $stdout.puts "# Gitaly appVersion: #{new_version}"
new_version new_version
end end
......
...@@ -24,7 +24,7 @@ class VersionOptionsParser ...@@ -24,7 +24,7 @@ class VersionOptionsParser
# defaults # defaults
options.working_dir = Dir.pwd options.working_dir = Dir.pwd
options.include_subcharts = false options.include_subcharts = false
options.gitlab_repo = "https://gitlab.com/gitlab-org/gitlab-ee" options.gitlab_repo = "gitlab-org/gitlab-ee"
OptionParser.new do |opts| OptionParser.new do |opts|
opts.banner = "Usage: #{__FILE__} [options] \n\n" opts.banner = "Usage: #{__FILE__} [options] \n\n"
...@@ -139,7 +139,7 @@ class VersionUpdater ...@@ -139,7 +139,7 @@ class VersionUpdater
if @options.include_subcharts if @options.include_subcharts
@subchart_versions.each do |sub_chart, update_app_version| @subchart_versions.each do |sub_chart, update_app_version|
sub_chart.update_versions(@chart_version, update_app_version) sub_chart.update_versions(@chart_version, branch == 'master' ? nil : update_app_version)
end end
end end
end end
...@@ -211,9 +211,11 @@ class VersionUpdater ...@@ -211,9 +211,11 @@ class VersionUpdater
def get_current_branch def get_current_branch
git_command = 'git rev-parse --abbrev-ref HEAD 2>&1'.freeze git_command = 'git rev-parse --abbrev-ref HEAD 2>&1'.freeze
output = `#{git_command}`.chomp output = `#{git_command}`
raise(StandardError.new(output)) unless $?.success? raise(StandardError.new(output)) unless $?.success?
output.chomp
end end
end end
......
#!/usr/bin/env ruby
require 'docker'
require 'yaml'
require 'net/http'
require 'json'
require 'cgi'
require 'zip'
class CNGImageSync
CI_API_V4_URL = ENV['CI_API_V4_URL'] || "https://dev.gitlab.org/api/v4".freeze
DEV_REGISTRY_URL = "dev.gitlab.org:5005".freeze
COM_REGISTRY_URL = "registry.gitlab.com".freeze
DEV_PROJECT_PATH = ENV['DEV_CNG_PROJECT'] || "gitlab/charts/components/images".freeze
COM_PROJECT_PATH = ENV['COM_CNG_PROJECT'] || "gitlab-org/build/cng".freeze
DEV_PROJECT_REGISTRY = ENV['DEV_CNG_REGISTRY'] || "#{DEV_REGISTRY_URL}/#{DEV_PROJECT_PATH}".freeze
COM_PROJECT_REGISTRY = ENV['COM_CNG_REGISTRY'] || "#{COM_REGISTRY_URL}/#{COM_PROJECT_PATH}".freeze
DEV_REGISTRY_PASSWORD = ENV['FETCH_DEV_ARTIFACTS_PAT'] || ENV['CI_JOB_TOKEN']
COM_REGISTRY_PASSWORD = ENV['PUSH_IMAGES_PAT']
DEV_API_TOKEN = ENV['FETCH_DEV_ARTIFACTS_PAT']
GITLAB_VERSION = YAML.load_file('Chart.yaml')['appVersion'].strip.freeze
class << self
def get_api(uri, token = DEV_API_TOKEN)
req = Net::HTTP::Get.new(uri)
req['PRIVATE-TOKEN'] = token
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(req)
end
res
end
def get_components(version)
artifact_uri = URI("#{CI_API_V4_URL}/projects/#{CGI.escape(DEV_PROJECT_PATH)}/jobs/artifacts/v#{version}/raw/artifacts/image_versions.txt?job=component-details")
puts "Fetching component list from #{artifact_uri}"
res = get_api(artifact_uri)
components = res.body.split("\n")
components.map { |c| c.split(":") }.to_h
end
def authenticate_registry(registry, password)
# `CI_REGISTRY_USER` variable translates to `gitlab-ci-token` internally,
# which will work with GitLab's container registry authentication as long
# as the password is a valid PAT. In other words, as long as the password
# is a valid PAT, we need not bother about a username and can simply use
# `gitlab-ci-token`, which is what we are doing here.
Docker.authenticate!(username: ENV['CI_REGISTRY_USER'], password: password, serveraddress: registry)
end
def pull_and_tag_images(initial_registry, new_registry, components)
components.each do |component, version|
initial_ref = "#{initial_registry}/#{component}:#{version}".downcase
target_repo = "#{new_registry}/#{component}".downcase
puts "Pulling #{initial_ref}"
STDOUT.flush
image = Docker::Image.create(fromImage: initial_ref)
image.tag(repo: target_repo, tag: version)
end
end
def push_images(registry, components)
components.each do |component, version|
ref = "#{registry}/#{component}:#{version}".downcase
puts "Pushing #{ref}"
STDOUT.flush
image = Docker::Image.get(ref)
image.push(nil, repo_tag: ref)
end
end
def check_auth
message = <<~MESSAGE
Login credentials for registries are missing. Make sure the following environment variables are set
PUSH_IMAGES_PAT - PAT with access to gitlab.com API
MESSAGE
raise message if COM_REGISTRY_PASSWORD.nil?
end
def execute(edition: 'ee')
check_auth
version = edition == 'ce' ? GITLAB_VERSION : "#{GITLAB_VERSION}-ee"
puts "Syncing images for version #{version}"
components = get_components(version)
authenticate_registry(DEV_REGISTRY_URL, DEV_REGISTRY_PASSWORD)
pull_and_tag_images(DEV_PROJECT_REGISTRY, COM_PROJECT_REGISTRY, components)
authenticate_registry(COM_REGISTRY_URL, COM_REGISTRY_PASSWORD)
push_images(COM_PROJECT_REGISTRY, components)
puts "Sync completed"
end
end
end
...@@ -2,6 +2,9 @@ require 'spec_helper' ...@@ -2,6 +2,9 @@ require 'spec_helper'
describe "Restoring a backup" do describe "Restoring a backup" do
before(:all) do before(:all) do
stdout, status = wait_for_dependencies
fail stdout unless status.success?
wait_until_app_ready wait_until_app_ready
ensure_backups_on_object_storage ensure_backups_on_object_storage
stdout, status = restore_from_backup stdout, status = restore_from_backup
......
...@@ -112,6 +112,13 @@ module Gitlab ...@@ -112,6 +112,13 @@ module Gitlab
return [stdout, status] return [stdout, status]
end end
def wait_for_dependencies
cmd = full_command("/scripts/wait-for-deps")
stdout, status = Open3.capture2e(cmd)
return [stdout, status]
end
def pod_name def pod_name
filters = 'app=task-runner' filters = 'app=task-runner'
......
...@@ -2,30 +2,64 @@ require 'spec_helper' ...@@ -2,30 +2,64 @@ require 'spec_helper'
require_relative '../../../scripts/lib/version_fetcher.rb' require_relative '../../../scripts/lib/version_fetcher.rb'
describe VersionFetcher do describe VersionFetcher do
let(:repo_url) { 'https://gitlab.com/gitlab-org/gitlab-ce' } let(:com_path) { 'gitlab-org%2Fgitlab-ce/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
let(:uri_response) { URI.parse(repo_url) } let(:dev_path) { 'gitlab%2Fgitlabhq/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
let(:version_fetcher) { VersionFetcher.new('v11.8.0', repo_url) } let(:custom_path) { 'johndoe%2Fgitlab-ee/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
before do before do
allow(URI).to receive(:parse).and_return(uri_response) allow(ENV).to receive(:[]).and_call_original
allow(uri_response).to receive(:read).and_return("1.2.3\n") allow(ENV).to receive(:[]).with('FETCH_DEV_ARTIFACTS_PAT').and_return(nil)
allow(version_fetcher).to receive(:gitlab_shell).and_call_original end
allow(version_fetcher).to receive(:gitaly).and_call_original
describe 'detecting API URL' do
it 'works correctly gitlab.com registry' do
version_fetcher = VersionFetcher.new('v11.8.0', 'gitlab-org/gitlab-ce')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("https://gitlab.com/api/v4/projects/#{com_path}", { 'PRIVATE-TOKEN' => nil })
version_fetcher.fetch('gitlab-shell')
end
it 'works correctly dev registry' do
allow(ENV).to receive(:[]).with('FETCH_DEV_ARTIFACTS_PAT').and_return('myrandomtoken')
version_fetcher = VersionFetcher.new('v11.8.0', 'gitlab/gitlabhq')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("https://dev.gitlab.org/api/v4/projects/#{dev_path}", { 'PRIVATE-TOKEN' => 'myrandomtoken'})
version_fetcher.fetch('gitlab-shell')
end
it 'falls back correctly to current registry for unknown projects' do
version_fetcher = VersionFetcher.new('v11.8.0', 'johndoe/gitlab-ee')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("#{ENV['CI_API_V4_URL']}/projects/#{custom_path}", { 'PRIVATE-TOKEN' => nil})
version_fetcher.fetch('gitlab-shell')
end
end end
describe '#gitlab_shell' do describe 'instance methods' do
it 'returns correct value' do let(:version_fetcher) { VersionFetcher.new('v11.8.0', 'gitlab-org/gitlab-ce') }
expect(version_fetcher.gitlab_shell).to eq('1.2.3')
before do
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
allow(version_fetcher).to receive(:gitlab_shell).and_call_original
allow(version_fetcher).to receive(:gitaly).and_call_original
end
describe '#gitlab_shell' do
it 'returns correct value' do
expect(version_fetcher.gitlab_shell).to eq('1.2.3')
end
end end
describe '#gitaly' do describe '#gitaly' do
it 'returns correct value' do it 'returns correct value' do
expect(version_fetcher.fetch('gitaly')).to eq('1.2.3') expect(version_fetcher.gitaly).to eq('1.2.3')
end end
end end
describe '#fetch' do describe '#fetch' do
it 'callse subchart methods' do it 'calls subchart methods' do
expect(version_fetcher).to receive(:gitlab_shell) expect(version_fetcher).to receive(:gitlab_shell)
expect(version_fetcher).to receive(:gitaly) expect(version_fetcher).to receive(:gitaly)
version_fetcher.fetch('gitlab-shell') version_fetcher.fetch('gitlab-shell')
......
...@@ -72,36 +72,40 @@ spec: ...@@ -72,36 +72,40 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: {{ .Release.Name }} app.kubernetes.io/name: {{ .Release.Name }}
componentKinds: componentKinds:
- apiVersion: v1 - group: core
kind: ConfigMap kind: ConfigMap
- apiVersion: v1 - group: core
kind: Service kind: Service
- apiVersion: v1 - group: core
kind: ServiceAccount kind: ServiceAccount
- apiVersion: rbac.authorization.k8s.io/v1 - group: rbac.authorization.k8s.io
kind: Role kind: Role
- apiVersion: rbac.authorization.k8s.io/v1 - group: rbac.authorization.k8s.io
kind: RoleBinding kind: RoleBinding
{{ if eq .Values.global.application.allowClusterRoles true -}} {{- if eq .Values.global.application.allowClusterRoles true }}
- apiVersion: rbac.authorization.k8s.io/v1 - group: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1 - group: rbac.authorization.k8s.io
kind: ClusterRoleBinding kind: ClusterRoleBinding
{{- end }} {{- end }}
- apiVersion: batch/v1 - group: batch
kind: Job kind: Job
- apiVersion: v1 - group: core
kind: Secret kind: Secret
- apiVersion: extensions/v1beta1 - group: extensions
kind: Ingress kind: Ingress
- apiVersion: v1 - group: core
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
- apiVersion: apps/v1beta2 - group: apps
kind: Deployment kind: Deployment
- apiVersion: autoscaling/v2beta1 {{- if eq (index .Values "nginx-ingress" "controller" "kind") "DaemonSet" }}
- group: apps
kind: DaemonSet
{{- end }}
- group: autoscaling
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
- apiVersion: apps/v1beta2 - group: apps
kind: StatefulSet kind: StatefulSet
- apiVersion: policy/v1beta1 - group: policy
kind: PodDisruptionBudget kind: PodDisruptionBudget
{{- end -}} {{- end -}}