Skip to content

Replace internal MinIO objects with objects from Chart

Mitchell Nielsen requested to merge 374-replace-minio into master

Summary

Replaces the internally-defined MinIO objects with objects from the charts, increasing parity with the charts and enabling us to remove a significant amount of code. Notably, this removes the Secrets definitions which required specific workarounds and deviated from the Charts implementation of Shared Secrets.

Closes #374 (closed)

Closes #389 (closed)

Closes https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/133

Testing

Install from 0.6.3

helm upgrade --install gitlab-operator deploy/chart --create-namespace --namespace gitlab-system --set cert-manager.install=true --set image.tag=0.6.3

PVC: export-gitlab-minio-0 PV: pvc-ced1015f-907b-406b-9ccf-098470effbe7

Install from 374-replace-minio 

helm upgrade --install gitlab-operator deploy/chart --create-namespace --namespace gitlab-system --set cert-manager.install=true --set image.tag=374-replace-minio

Needed to delete Deployments due to #683 (closed):

  • `gitlab-registry
  • gitlab-sidekiq-all-in-1-v2
  • gitlab-toolbox
  • gitlab-webservice-default

PVC: pvc-94c4b098-069f-4bb8-a161-c62fd5ab3b93 PV: gitlab-minio

Reconnect to old volume

Relevant docs page

  1. Delete Secret gitlab-minio-secret (contents change with upgrade, but Secret name does not).
  2. Edit old MinIO PV policy to Retain.
  3. Delete old MinIO StatefulSet.
  4. Delete old MinIO PVC.
  5. Remove .spec.ClaimRef from old MinIO PV.
  6. Confirm old PV status is now Available
  7. Set GitLab CR value: minio.persistence.volumeName=<old PV name>
  8. Apply GitLab CR.
  9. Delete new MinIO PVC (and MinIO pod, so PVC is unbound) so Operator can recreate PVC (immutable .spec field).
  10. Confirm old MinIO PV is now bound to new MinIO PVC.
  11. Confirm data is restored.
Object kind Object name in 0.6.1 Object name in 374-replace-minio Different?
Deployment nonexistent gitlab-minio Yes
StatefulSet gitlab-minio nonexistent Yes
Service gitlab-minio gitlab-minio-svc Yes
ConfigMap gitlab-minio-script gitlab-minio-config-cm Yes
Secret gitlab-minio-secret gitlab-minio-secret No
PVC export-gitlab-minio-0 gitlab-minio Yes
Ingress gitlab-minio gitlab-minio No

End user upgrade considerations

Users upgrading to this change would have a few options:

  1. Set minio.nameOverride=export-gitlab-minio to ensure the PVC is generated with the same name as before.
  2. Do nothing at first, upgrade, and then delete the new (empty) PVC and reconnect the previous PVC which has the data (as outlined above).
  3. Do nothing and accept data loss.

For all options above, it will be required to delete the MinIO Secret prior to the upgrade so it can be recreated with the new contents (since the name didn't change in this MR, and shared-secrets isn't aware of the content of the Secret - just the name).

Keeping in mind that the bundled MinIO is not recommended for production, the options above should be acceptable.

Edited by Mitchell Nielsen

Merge request reports