...
 
Commits (43)
......@@ -64,18 +64,6 @@ lint_package:
except:
- tags
release_package:
stage: package
when: always
script:
- curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master
--form "variables[CHART_NAME]=$CI_PROJECT_NAME"
--form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
only:
- tags@charts/gitlab
review:
stage: review
script:
......@@ -667,5 +655,33 @@ qa:
retry: 1
allow_failure: true
sync_images:
image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder:ruby_docker-0.0.7
stage: prepare
services:
- docker:dind
before_script: []
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375
script:
- bundle install
- bundle exec rake images:sync[ee]
- bundle exec rake images:sync[ce]
only:
- tags@gitlab/charts/gitlab
release_package:
stage: package
script:
- curl --request POST --form "token=${COM_CHARTS_TRIGGER_TOKEN}" --form ref=master
--form "variables[CHART_NAME]=$CI_PROJECT_NAME"
--form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
only:
- tags@gitlab/charts/gitlab
dependencies:
- sync_images
before_script:
- *auto_devops
......@@ -20,15 +20,25 @@
.idea/
*.tmproj
# Project/CI/CD related items
.gitlab
.gitlab-ci.yml
.dockerignore
.helmignore
Dangerfile
Gemfile
Gemfile.lock
ci/
doc/
examples/
images/
certs/
scripts/
spec/
build/
*.md
CHANGELOG
changelogs/
# CHANGELOG.md
bin/
spec/
# dependencies.io
dependencies.yml
dependencies_io/
......@@ -2,6 +2,85 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 1.7.5 (2019-04-11)
### Other (1 change)
- Update GitLab Version to 11.9.8.
## 1.7.4 (2019-04-10)
### Fixed (1 change)
- Ensure README present in helm package. !752
### Other (1 change)
- Update GitLab Version to 11.9.7.
## 1.7.3 (2019-04-05)
### Fixed (2 changes)
- Mount object storage secrets related to external diffs to pods. !745
- Fix support for NGINX Ingress DaemonSets. !748
### Other (1 change)
- Update GitLab Version to 11.9.6.
## 1.7.2 (2019-04-02)
### Fixed (1 change)
- Application: use groups in componentKinds. !740
### Other (1 change)
- Update GitLab Version to 11.9.4.
## 1.7.1 (2019-03-25)
### Other (2 changes)
- Update gitlab-runner to 0.3.0/11.9.0. !735
- Update GitLab Version to 11.9.1.
## 1.7.0 (2019-03-22)
### Fixed (5 changes, 3 of them are from the community)
- Set the Redis client ID to nil as some servers have that command disabled. !666 (Vic Iglesias)
- Set the life span of Registry certificate to 10 years. !701
- Add Gitaly configuration to migrations job. !710
- Add missing certificates initContainer to gitaly. !716 (Harry Lee (tclh123))
- Provide Kubernetes 1.8 backwards compatibility for init-container secret copying. !720 (Fabian Jucker)
### Changed (3 changes, 1 of them is from the community)
- Extract shared configuration script of ruby-based pods into own template. !685 (Matthias van de Meent (Cofano Software Solutions))
- Move cron_jobs setting from sidekiq to global context. !693
- Allow disabling of the unicorn helm test. !721
### Added (5 changes, 1 of them is from the community)
- Allow use of password-less Redis services (external). !665 (Vic Iglesias)
- Add support for using object storage for storing MR diffs. !698
- Allow Disabling of ClusterRoles in ApplicationCRD. !702
- Add eks_bootstrap_script. !706
- Registry: Add caompatibility for Docker manifest schema1. !724
### Other (2 changes)
- Automate version mapping updates. !704
- Update GitLab Version to 11.9.0.
## 1.6.1 (2019-03-04)
### Fixed (1 change)
......
---
apiVersion: v1
name: gitlab
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: Web-based Git-repository manager with wiki and issue-tracking features.
keywords:
- gitlab
......
......@@ -5,3 +5,5 @@ gem 'aws-sdk-s3'
gem 'capybara'
gem 'selenium-webdriver'
gem 'capybara-screenshot'
gem 'docker-api'
gem 'rake'
......@@ -31,18 +31,24 @@ GEM
childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11)
diff-lcs (1.3)
docker-api (1.34.2)
excon (>= 0.47.0)
multi_json
excon (0.62.0)
ffi (1.9.25)
jmespath (1.4.0)
launchy (2.4.3)
addressable (~> 2.3)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
multi_json (1.13.1)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
public_suffix (3.0.2)
rack (2.0.5)
rack-test (1.0.0)
rack (>= 1.0, < 3)
rake (12.3.2)
rspec (3.7.0)
rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0)
......@@ -70,6 +76,8 @@ DEPENDENCIES
aws-sdk-s3
capybara
capybara-screenshot
docker-api
rake
rspec
selenium-webdriver
......
require_relative 'scripts/update-docker-images.rb'
namespace :images do
desc 'Sync images between dev and com registries'
task :sync, [:edition] do |t, args|
CNGImageSync.execute(edition: args[:edition])
end
end
---
title: Set the life span of Registry certificate to 10 years
merge_request: 701
author:
type: fixed
---
title: Add support for using object storage for storing MR diffs
merge_request: 698
author:
type: added
---
title: Move cron_jobs setting from sidekiq to global context
merge_request: 693
author:
type: changed
---
title: Allow Disabling of ClusterRoles in ApplicationCRD
merge_request: 702
author:
type: added
---
title: Add Gitaly configuration to migrations job
merge_request: 710
author:
type: fixed
---
title: Automate version mapping updates
merge_request: 704
author:
type: other
---
title: Add eks_bootstrap_script
merge_request: 706
author:
type: added
---
title: Extract shared configuration script of ruby-based pods into own template
merge_request: 685
author: Matthias van de Meent (Cofano Software Solutions)
type: changed
---
title: Set the Redis client ID to nil as some servers have that command disabled
merge_request: 666
author: Vic Iglesias
type: fixed
---
title: Allow use of password-less Redis services (external)
merge_request: 665
author: Vic Iglesias
type: added
---
apiVersion: v1
name: gitaly
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 1.27.1
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
......
......@@ -10,11 +10,11 @@ data:
configure: |
set -e
mkdir -p /init-secrets/gitaly /init-secrets/shell
cp /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
cp -v -r -L /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp -v -r -L /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
{{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets/redis
cp /init-config/redis_password /init-secrets/redis/redis_password
cp -v -r -L /init-config/redis_password /init-secrets/redis/redis_password
{{- end }}
config.toml.erb: |
# The directory where Gitaly's executables are stored
......
......@@ -28,6 +28,7 @@ spec:
terminationGracePeriodSeconds: 30
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
- name: configure
command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }}
......@@ -96,6 +97,7 @@ spec:
fieldPath: metadata.name
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 12 }}
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
- name: gitaly-config
mountPath: '/etc/gitaly/templates'
- name: gitaly-secrets
......@@ -155,6 +157,7 @@ spec:
- key: {{ template "gitlab.redis.password.key" . }}
path: redis_password
{{- end }}
{{ include "gitlab.certificates.volumes" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
......
---
apiVersion: v1
name: gitlab-shell
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 8.7.1
description: sshd for Gitlab
keywords:
- gitlab
......
......@@ -10,7 +10,7 @@ data:
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "shell" ) | nindent 4 -}}
mkdir -p /${secret_dir}/ssh
cp /${config_dir}/ssh_host_* /${secret_dir}/ssh/
cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/
chmod 0400 /${secret_dir}/ssh/ssh_host_*
config.yml.erb: |
# GitLab user. git by default
......
---
apiVersion: v1
name: mailroom
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: Handling incoming emails
keywords:
- gitlab
......
---
apiVersion: v1
name: migrations
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: operator
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: Gitlab operator for managing upgrades
keywords:
- gitlab
......
---
apiVersion: v1
name: sidekiq
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
......
......@@ -261,6 +261,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
---
apiVersion: v1
name: task-runner
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: For manually running rake tasks through kubectl
keywords:
- gitlab
......
......@@ -54,7 +54,7 @@ spec:
args:
- /bin/bash
- -c
- cp /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
- cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}"
{{ template "gitlab.imagePullPolicy" . }}
env:
......@@ -149,6 +149,7 @@ spec:
{{- include "gitlab.minio.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
---
apiVersion: v1
name: unicorn
version: 1.6.1
appVersion: master
version: 1.7.5
appVersion: 11.9.8
description: HTTP server for Gitlab
keywords:
- gitlab
......
......@@ -154,10 +154,10 @@ data:
configure: |
set -e
mkdir -p /init-secrets-workhorse/gitlab-workhorse
cp /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
{{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets-workhorse/redis
cp /init-config/redis/password /init-secrets-workhorse/redis/
cp -v -r -L /init-config/redis/password /init-secrets-workhorse/redis/
{{- end }}
# Leave this here - This line denotes end of block to the parser.
{{- end }}
......@@ -276,6 +276,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
{{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }}
......
{{- if .Values.enabled -}}
{{- if and .Values.enabled .Values.helmTests.enabled -}}
apiVersion: v1
kind: Pod
metadata:
......
{{- if .Values.enabled -}}
{{- if and .Values.enabled .Values.helmTests.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
......
......@@ -189,3 +189,5 @@ resources:
maxUnavailable: 1
minReplicas: 2
maxReplicas: 10
helmTests:
enabled: true
......@@ -13,12 +13,12 @@ secret_dir="/init-secrets"
for secret in {{ default "shell gitaly registry postgres rails-secrets gitlab-workhorse" $.required }} ; do
mkdir -p "${secret_dir}/${secret}"
cp -v -r "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
done
for secret in {{ default "redis minio objectstorage ldap omniauth smtp" $.optional }} ; do
if [ -e "${config_dir}/${secret}" ]; then
mkdir -p "${secret_dir}/${secret}"
cp -v -r "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/"
fi
done
{{ end -}}
......@@ -53,10 +53,9 @@ it sets the permissions correctly.
{{- if .Values.global.psql.ssl }}
if [ -d /etc/postgresql/ssl ]; then
mkdir -p /${secret_dir}/postgres/ssl
cp /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/
cp -v -r -L /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/
chmod 600 /${secret_dir}/postgres/ssl/*
chmod 700 /${secret_dir}/postgres/ssl
fi
{{- end -}}
{{- end -}}
......@@ -13,6 +13,11 @@ spec:
updateStrategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
selector:
matchLabels:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
template:
metadata:
annotations:
......
......@@ -37,6 +37,13 @@ data:
# This is provided from the initContainer execution, at a known path.
rootcertbundle: /etc/docker/registry/certificate.crt
autoredirect: {{ .Values.authAutoRedirect }}
{{- if .Values.compatibility }}
compatibility:
{{- if .Values.compatibility.schema1 }}
schema1:
enabled: {{ eq true .Values.compatibility.schema1.enabled }}
{{- end }}
{{- end }}
storage:
{{- if .Values.storage }}
{{- else if .Values.global.minio.enabled }}
......
......@@ -66,7 +66,7 @@ init:
if [ -e /config/accesskey ] ; then
sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml
else
cp /config/config.yml /registry/config.yml
cp -v -r -L /config/config.yml /registry/config.yml
fi
# Place the `http.secret` value from the kubernetes secret
sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml
......@@ -74,7 +74,7 @@ init:
if [ -d /config/storage ]; then
# Copy contents of storage secret(s)
mkdir -p /registry/storage
cp /config/storage/* /registry/storage/
cp -v -r -L /config/storage/* /registry/storage/
# Ensure there is a new line in the end
echo '' >> /registry/storage/config
# Default `delete.enabled: true` if not present.
......@@ -121,3 +121,8 @@ maxReplicas: 10
maxUnavailable: 1
storage: {}
minio: {}
# https://github.com/docker/distribution/blob/master/docs/configuration.md#compatibility
compatibility:
schema1:
enabled: false
......@@ -47,11 +47,12 @@ Examples for [S3][storage-s3](any s3 compatible) and [GCS][storage-gcs] drivers
1. Follow [registry chart documentation on storage](../../charts/registry/index.md#storage) for creating the secret.
1. Configure the chart as documented.
## LFS, Artifacts, Uploads, Packages, Pseudonymizer
## LFS, Artifacts, Uploads, Packages, External Diffs, Pseudonymizer
Configuration of object storage for LFS, artifacts, uploads, and packages is done
via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.uploads`,
`global.appConfig.packages` and `global.appConfig.pseudonymizer` keys.
Configuration of object storage for LFS, artifacts, uploads, packages, external
diffs, and pseudonymizer is done via the `global.appConfig.lfs`,
`global.appConfig.artifacts`, `global.appConfig.uploads`,
`global.appConfig.packages`, `global.appConfig.externalDiffs` and `global.appConfig.pseudonymizer` keys.
```
--set global.appConfig.lfs.bucket=gitlab-lfs-storage
......@@ -70,6 +71,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
--set global.appConfig.packages.connection.secret=object-storage
--set global.appConfig.packages.connection.key=connection
--set global.appConfig.externalDiffs.bucket=gitlab-externaldiffs-storage
--set global.appConfig.externalDiffs.connection.secret=object-storage
--set global.appConfig.externalDiffs.connection.key=connection
--set global.appConfig.pseudonymizer.bucket=gitlab-pseudonymizer-storage
--set global.appConfig.pseudonymizer.connection.secret=object-storage
--set global.appConfig.pseudonymizer.connection.key=connection
......@@ -77,6 +82,10 @@ via the `global.appConfig.lfs`, `global.appConfig.artifacts`, `global.appConfig.
> **Note**: Currently a different bucket is needed for each, otherwise performing a restore from backup will not properly function.
> **Note**: Storing MR diffs on external storage is not enabled by default. So,
> for the object storage settings for `externalDiffs` to take effect,
> `global.appConfig.externalDiffs.enabled` key should have a `true` value.
See the [charts/globals documentaion on appConfig](../../charts/globals.md#configure-appconfig-settings) for full details.
Create the secret(s) per the [connection details documentation](../../charts/globals.md#connection), and then configure the chart to use the provided secrets. Note, the same secret can be used for all of them.
......
......@@ -35,6 +35,9 @@ registry:
certificate:
replicas:
storage:
compatibility:
schema1:
enabled: false
ingress:
enabled:
tls:
......@@ -206,7 +209,30 @@ certificate:
key: registry-auth.crt
```
#### replicas
### compatiblity
The `compatibility` field is a map relating directly to the configuration file's
[compatiblity](https://github.com/docker/distribution/blob/master/docs/configuration.md#compatibility)
section.
Default contents:
```
compatibility:
schema1:
enabled: false
```
#### schema1
The `schema1` section controls the compatibility of the service with version 1
of the Docker manifest schema. This setting is provide as a means of supporting
Docker clients earlier than `1.10`, after which schema v2 is used by default.
If you _must_ support older verions of Docker clients, you can do so by setting
`registry.compatbility.schema1.enabled: true`.
### replicas
Field `replicas` is an integer, controlling the number of [registry][] instances to create as a part of the set. This defaults to `1`.
......
......@@ -4,6 +4,12 @@ The table below maps some of the key previous chart versions and GitLab versions
| Chart version | GitLab version |
|---------------|----------------|
| 1.7.5 | 11.9.8 |
| 1.7.4 | 11.9.7 |
| 1.7.3 | 11.9.6 |
| 1.7.2 | 11.9.4 |
| 1.7.1 | 11.9.1 |
| 1.7.0 | 11.9.0 |
| 1.5.0 | 11.7.0 |
| 1.4.0 | 11.6.0 |
| 1.3.0 | 11.5.0 |
......
......@@ -13,6 +13,6 @@ dependencies:
repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.install
- name: gitlab-runner
version: 0.2.0
version: 0.3.0
repository: https://charts.gitlab.io/
condition: gitlab-runner.install
......@@ -2,19 +2,29 @@ require_relative 'version'
require 'open-uri'
require 'uri'
require 'cgi'
class VersionFetcher
def initialize(version, repo)
@version = Version.new(version)
@repo = repo
@api_token = ENV['FETCH_DEV_ARTIFACTS_PAT']
@api_url = if @repo.start_with?('gitlab/')
'https://dev.gitlab.org/api/v4'
elsif @repo.start_with?('gitlab-org/')
'https://gitlab.com/api/v4'
else
ENV['CI_API_V4_URL']
end
end
# GitLab Shell Version
def gitlab_shell
return @version if @version == 'master'
url = "#{@repo}/raw/#{ref(@version)}/GITLAB_SHELL_VERSION"
new_version = URI.parse(url).read.strip
url = "#{@api_url}/projects/#{CGI.escape(@repo)}/repository/files/GITLAB_SHELL_VERSION/raw?ref=#{ref(@version)}"
$stdout.puts "Getting GitLab Shell version from #{url}"
new_version = open(url, 'PRIVATE-TOKEN' => @api_token).read.strip
$stdout.puts "# Shell appVersion: #{new_version}"
new_version
end
......@@ -23,8 +33,9 @@ class VersionFetcher
def gitaly
return @version if @version == 'master'
url = "#{@repo}/raw/#{ref(@version)}/GITALY_SERVER_VERSION"
new_version = URI.parse(url).read.strip
url = "#{@api_url}/projects/#{CGI.escape(@repo)}/repository/files/GITALY_SERVER_VERSION/raw?ref=#{ref(@version)}"
$stdout.puts "Getting Gitaly version from #{url}"
new_version = open(url, 'PRIVATE-TOKEN' => @api_token).read.strip
$stdout.puts "# Gitaly appVersion: #{new_version}"
new_version
end
......
......@@ -24,7 +24,7 @@ class VersionOptionsParser
# defaults
options.working_dir = Dir.pwd
options.include_subcharts = false
options.gitlab_repo = "https://gitlab.com/gitlab-org/gitlab-ee"
options.gitlab_repo = "gitlab-org/gitlab-ee"
OptionParser.new do |opts|
opts.banner = "Usage: #{__FILE__} [options] \n\n"
......@@ -139,7 +139,7 @@ class VersionUpdater
if @options.include_subcharts
@subchart_versions.each do |sub_chart, update_app_version|
sub_chart.update_versions(@chart_version, update_app_version)
sub_chart.update_versions(@chart_version, branch == 'master' ? nil : update_app_version)
end
end
end
......@@ -211,9 +211,11 @@ class VersionUpdater
def get_current_branch
git_command = 'git rev-parse --abbrev-ref HEAD 2>&1'.freeze
output = `#{git_command}`.chomp
output = `#{git_command}`
raise(StandardError.new(output)) unless $?.success?
output.chomp
end
end
......
#!/usr/bin/env ruby
require 'docker'
require 'yaml'
require 'net/http'
require 'json'
require 'cgi'
require 'zip'
class CNGImageSync
CI_API_V4_URL = ENV['CI_API_V4_URL'] || "https://dev.gitlab.org/api/v4".freeze
DEV_REGISTRY_URL = "dev.gitlab.org:5005".freeze
COM_REGISTRY_URL = "registry.gitlab.com".freeze
DEV_PROJECT_PATH = ENV['DEV_CNG_PROJECT'] || "gitlab/charts/components/images".freeze
COM_PROJECT_PATH = ENV['COM_CNG_PROJECT'] || "gitlab-org/build/cng".freeze
DEV_PROJECT_REGISTRY = ENV['DEV_CNG_REGISTRY'] || "#{DEV_REGISTRY_URL}/#{DEV_PROJECT_PATH}".freeze
COM_PROJECT_REGISTRY = ENV['COM_CNG_REGISTRY'] || "#{COM_REGISTRY_URL}/#{COM_PROJECT_PATH}".freeze
DEV_REGISTRY_PASSWORD = ENV['FETCH_DEV_ARTIFACTS_PAT'] || ENV['CI_JOB_TOKEN']
COM_REGISTRY_PASSWORD = ENV['PUSH_IMAGES_PAT']
DEV_API_TOKEN = ENV['FETCH_DEV_ARTIFACTS_PAT']
GITLAB_VERSION = YAML.load_file('Chart.yaml')['appVersion'].strip.freeze
class << self
def get_api(uri, token = DEV_API_TOKEN)
req = Net::HTTP::Get.new(uri)
req['PRIVATE-TOKEN'] = token
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(req)
end
res
end
def get_components(version)
artifact_uri = URI("#{CI_API_V4_URL}/projects/#{CGI.escape(DEV_PROJECT_PATH)}/jobs/artifacts/v#{version}/raw/artifacts/image_versions.txt?job=component-details")
puts "Fetching component list from #{artifact_uri}"
res = get_api(artifact_uri)
components = res.body.split("\n")
components.map { |c| c.split(":") }.to_h
end
def authenticate_registry(registry, password)
# `CI_REGISTRY_USER` variable translates to `gitlab-ci-token` internally,
# which will work with GitLab's container registry authentication as long
# as the password is a valid PAT. In other words, as long as the password
# is a valid PAT, we need not bother about a username and can simply use
# `gitlab-ci-token`, which is what we are doing here.
Docker.authenticate!(username: ENV['CI_REGISTRY_USER'], password: password, serveraddress: registry)
end
def pull_and_tag_images(initial_registry, new_registry, components)
components.each do |component, version|
initial_ref = "#{initial_registry}/#{component}:#{version}".downcase
target_repo = "#{new_registry}/#{component}".downcase
puts "Pulling #{initial_ref}"
STDOUT.flush
image = Docker::Image.create(fromImage: initial_ref)
image.tag(repo: target_repo, tag: version)
end
end
def push_images(registry, components)
components.each do |component, version|
ref = "#{registry}/#{component}:#{version}".downcase
puts "Pushing #{ref}"
STDOUT.flush
image = Docker::Image.get(ref)
image.push(nil, repo_tag: ref)
end
end
def check_auth
message = <<~MESSAGE
Login credentials for registries are missing. Make sure the following environment variables are set
PUSH_IMAGES_PAT - PAT with access to gitlab.com API
MESSAGE
raise message if COM_REGISTRY_PASSWORD.nil?
end
def execute(edition: 'ee')
check_auth
version = edition == 'ce' ? GITLAB_VERSION : "#{GITLAB_VERSION}-ee"
puts "Syncing images for version #{version}"
components = get_components(version)
authenticate_registry(DEV_REGISTRY_URL, DEV_REGISTRY_PASSWORD)
pull_and_tag_images(DEV_PROJECT_REGISTRY, COM_PROJECT_REGISTRY, components)
authenticate_registry(COM_REGISTRY_URL, COM_REGISTRY_PASSWORD)
push_images(COM_PROJECT_REGISTRY, components)
puts "Sync completed"
end
end
end
......@@ -2,6 +2,9 @@ require 'spec_helper'
describe "Restoring a backup" do
before(:all) do
stdout, status = wait_for_dependencies
fail stdout unless status.success?
wait_until_app_ready
ensure_backups_on_object_storage
stdout, status = restore_from_backup
......
......@@ -112,6 +112,13 @@ module Gitlab
return [stdout, status]
end
def wait_for_dependencies
cmd = full_command("/scripts/wait-for-deps")
stdout, status = Open3.capture2e(cmd)
return [stdout, status]
end
def pod_name
filters = 'app=task-runner'
......
......@@ -2,13 +2,46 @@ require 'spec_helper'
require_relative '../../../scripts/lib/version_fetcher.rb'
describe VersionFetcher do
let(:repo_url) { 'https://gitlab.com/gitlab-org/gitlab-ce' }
let(:uri_response) { URI.parse(repo_url) }
let(:version_fetcher) { VersionFetcher.new('v11.8.0', repo_url) }
let(:com_path) { 'gitlab-org%2Fgitlab-ce/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
let(:dev_path) { 'gitlab%2Fgitlabhq/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
let(:custom_path) { 'johndoe%2Fgitlab-ee/repository/files/GITLAB_SHELL_VERSION/raw?ref=v11.8.0' }
before do
allow(ENV).to receive(:[]).and_call_original
allow(ENV).to receive(:[]).with('FETCH_DEV_ARTIFACTS_PAT').and_return(nil)
end
describe 'detecting API URL' do
it 'works correctly gitlab.com registry' do
version_fetcher = VersionFetcher.new('v11.8.0', 'gitlab-org/gitlab-ce')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("https://gitlab.com/api/v4/projects/#{com_path}", { 'PRIVATE-TOKEN' => nil })
version_fetcher.fetch('gitlab-shell')
end
it 'works correctly dev registry' do
allow(ENV).to receive(:[]).with('FETCH_DEV_ARTIFACTS_PAT').and_return('myrandomtoken')
version_fetcher = VersionFetcher.new('v11.8.0', 'gitlab/gitlabhq')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("https://dev.gitlab.org/api/v4/projects/#{dev_path}", { 'PRIVATE-TOKEN' => 'myrandomtoken'})
version_fetcher.fetch('gitlab-shell')
end
it 'falls back correctly to current registry for unknown projects' do
version_fetcher = VersionFetcher.new('v11.8.0', 'johndoe/gitlab-ee')
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
expect(version_fetcher).to receive(:open).with("#{ENV['CI_API_V4_URL']}/projects/#{custom_path}", { 'PRIVATE-TOKEN' => nil})
version_fetcher.fetch('gitlab-shell')
end
end
describe 'instance methods' do
let(:version_fetcher) { VersionFetcher.new('v11.8.0', 'gitlab-org/gitlab-ce') }
before do
allow(URI).to receive(:parse).and_return(uri_response)
allow(uri_response).to receive(:read).and_return("1.2.3\n")
allow(version_fetcher).to receive_message_chain(:open, :read).and_return("1.2.3\n")
allow(version_fetcher).to receive(:gitlab_shell).and_call_original
allow(version_fetcher).to receive(:gitaly).and_call_original
end
......@@ -17,15 +50,16 @@ describe VersionFetcher do
it 'returns correct value' do
expect(version_fetcher.gitlab_shell).to eq('1.2.3')
end
end
describe '#gitaly' do
it 'returns correct value' do
expect(version_fetcher.fetch('gitaly')).to eq('1.2.3')
expect(version_fetcher.gitaly).to eq('1.2.3')
end
end
describe '#fetch' do
it 'callse subchart methods' do
it 'calls subchart methods' do
expect(version_fetcher).to receive(:gitlab_shell)
expect(version_fetcher).to receive(:gitaly)
version_fetcher.fetch('gitlab-shell')
......
......@@ -72,36 +72,40 @@ spec:
matchLabels:
app.kubernetes.io/name: {{ .Release.Name }}
componentKinds:
- apiVersion: v1
- group: core
kind: ConfigMap
- apiVersion: v1
- group: core
kind: Service
- apiVersion: v1
- group: core
kind: ServiceAccount
- apiVersion: rbac.authorization.k8s.io/v1
- group: rbac.authorization.k8s.io
kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- group: rbac.authorization.k8s.io
kind: RoleBinding
{{ if eq .Values.global.application.allowClusterRoles true -}}
- apiVersion: rbac.authorization.k8s.io/v1
{{- if eq .Values.global.application.allowClusterRoles true }}
- group: rbac.authorization.k8s.io
kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- group: rbac.authorization.k8s.io
kind: ClusterRoleBinding
{{- end }}
- apiVersion: batch/v1
- group: batch
kind: Job
- apiVersion: v1
- group: core
kind: Secret
- apiVersion: extensions/v1beta1
- group: extensions
kind: Ingress
- apiVersion: v1
- group: core
kind: PersistentVolumeClaim
- apiVersion: apps/v1beta2
- group: apps
kind: Deployment
- apiVersion: autoscaling/v2beta1
{{- if eq (index .Values "nginx-ingress" "controller" "kind") "DaemonSet" }}
- group: apps
kind: DaemonSet
{{- end }}
- group: autoscaling
kind: HorizontalPodAutoscaler
- apiVersion: apps/v1beta2
- group: apps
kind: StatefulSet
- apiVersion: policy/v1beta1
- group: policy
kind: PodDisruptionBudget
{{- end -}}