Skip to content
Commits on Source (8)
......@@ -2,6 +2,12 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 7.8.2 (2024-02-07)
### Changed (1 change)
- [Update gitlab-org/charts/gitlab-runner from 0.60.0 to 0.61.0](gitlab-org/security/charts/gitlab@7d2d3c4d088a89ab953dc37aea7ec9b4333a63f2)
## 7.8.1 (2024-01-24)
No changes.
......
---
apiVersion: v1
name: gitlab
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
......
---
apiVersion: v1
name: geo-logcursor
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: GitLab Geo logcursor
keywords:
- gitlab
......
---
apiVersion: v1
name: gitaly
version: 7.8.1
appVersion: 16.8.1
version: 7.8.2
appVersion: 16.8.2
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-exporter
version: 7.8.1
version: 7.8.2
appVersion: 13.5.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
......
---
apiVersion: v1
name: gitlab-pages
version: 7.8.1
appVersion: 16.8.1
version: 7.8.2
appVersion: 16.8.2
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-shell
version: 7.8.1
version: 7.8.2
appVersion: 14.33.0
description: sshd for Gitlab
keywords:
......
......@@ -155,5 +155,13 @@ data:
# Specifies amount of time athat the server will disconnect after if the user has not successfully logged in
LoginGraceTime {{ .Values.config.loginGraceTime }}
# Includes
Include /etc/ssh/sshd_config.d/*.conf
{{- with .Values.opensshd }}
{{ .supplemental_config | nindent 4 }}
{{- end }}
# Leave this here - This line denotes end of block to the parser.
{{- end }}
---
apiVersion: v1
name: kas
version: 7.8.1
version: 7.8.2
appVersion: v16.9.0-rc1
description: GitLab Agent Server
keywords:
......
---
apiVersion: v1
name: mailroom
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: Handling incoming emails
keywords:
- gitlab
......
---
apiVersion: v1
name: migrations
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: praefect
version: 7.8.1
appVersion: 16.8.1
version: 7.8.2
appVersion: 16.8.2
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
......
---
apiVersion: v1
name: sidekiq
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
......
---
apiVersion: v1
name: spamcheck
version: 7.8.1
version: 7.8.2
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
......
---
apiVersion: v1
name: toolbox
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: For manually running rake tasks through kubectl
keywords:
- gitlab
......
---
apiVersion: v1
name: webservice
version: 7.8.1
appVersion: v16.8.1
version: 7.8.2
appVersion: v16.8.2
description: HTTP server for Gitlab
keywords:
- gitlab
......
......@@ -51,6 +51,7 @@ controlled by `global.shell.port`.
| `config.gssapi.keytab.key` | `keytab` | Key holding the keytab in the Kubernetes secret |
| `config.gssapi.krb5Config` | | Content of the `/etc/krb5.conf` file in the GitLab Shell container |
| `config.gssapi.servicePrincipalName` | | The Kerberos service name to be used by the `gitlab-sshd` daemon |
| `opensshd.supplemental_config` | | Supplemental configuration, appended to `sshd_config`. Strict alignment to [man page](https://manpages.debian.org/bookworm/openssh-server/sshd_config.5.en.html) |
| `deployment.livenessProbe.initialDelaySeconds` | 10 | Delay before liveness probe is initiated |
| `deployment.livenessProbe.periodSeconds` | 10 | How often to perform the liveness probe |
| `deployment.livenessProbe.timeoutSeconds` | 3 | When the liveness probe times out |
......@@ -320,6 +321,50 @@ service:
- 10.0.0.0/8
```
### OpenSSH supplemental configuration
When making use of OpenSSH's `sshd` (via `.sshDaemon: openssh`), it is possible to provide supplemental configuration
in two ways: `.opensshd.supplemental_config`, and via mounting configuration snippets to `/etc/ssh/sshd_config.d/*.conf`.
Any configuration supplied _must_ meet the functional requirements of `sshd_config`. Ensure you read the [manual page](https://man.openbsd.org/sshd_config).
#### opensshd.supplemental_config
The content of `.opensshd.supplemental_config` will be directly placed at the end the `sshd_config` file within the container.
This value should be a mutli-line string.
Example, enabling older clients using the `ssh-rsa` key exchange algorithms, which
[have been deprecated by OpenSSH](https://www.openssh.com/txt/release-8.8):
```yaml
opensshd:
supplemental_config: |-
HostKeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01@openssh.com
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01@openssh.com
CASignatureAlgorithms +ssh-rsa
```
#### sshd_config.d
You may provide full configuration snippets to `sshd` via mounting content into `/etc/ssh/sshd_config.d`, with the files
matching `*.conf`. Note, that these are included _after_ the default configuration which is required for the application
to function in the container, and within the chart. These values _will not_ override the contents of `sshd_config`, but
extend them.
Example, mounting a single item of a ConfigMap into the container via `extraVolumes` and `extraVolumeMounts`:
```yaml
extraVolumes: |
- name: gitlab-sshdconfig-extra
configMap:
name: gitlab-sshdconfig-extra
extraVolumeMounts: |
- name: gitlab-sshdconfig-extra
mountPath: /etc/ssh/sshd_config.d/extra.conf
subPath: extra.conf
```
### Configuring the `networkpolicy`
This section controls the
......
......@@ -37,6 +37,7 @@ The table below maps some of the key previous chart versions and GitLab versions
| Chart version | GitLab version |
|---------------|----------------|
| 7.8.2 | 16.8.2 |
| 7.8.1 | 16.8.1 |
| 7.8.0 | 16.8.0 |
| 7.7.3 | 16.7.3 |
......
global:
hosts:
domain: domain.xyz
ssh: altssh.domain.xyz
shell:
port: 443
gitlab:
gitlab-shell:
service:
type: LoadBalancer
annotations:
# any provider specific appropriate annotations for this Service object
# disables the rendering of NGINX TCP configuration for GitLab Shell
tcpExternalConfig: true
gitlab:
gitlab-shell:
extraVolumes: |
- name: gitlab-sshdconfig-extra
configMap:
name: gitlab-sshdconfig-extra
extraVolumeMounts: |
- name: gitlab-sshdconfig-extra
mountPath: /etc/ssh/sshd_config.d/extra.conf
subPath: extra.conf
\ No newline at end of file