Replace internal MinIO objects with objects from Chart
Summary
Replaces the internally-defined MinIO objects with objects from the charts, increasing parity with the charts and enabling us to remove a significant amount of code. Notably, this removes the Secrets definitions which required specific workarounds and deviated from the Charts implementation of Shared Secrets.
Closes #374 (closed)
Closes #389 (closed)
Closes https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/133
Testing
Install from 0.6.3
helm upgrade --install gitlab-operator deploy/chart --create-namespace --namespace gitlab-system --set cert-manager.install=true --set image.tag=0.6.3
PVC: export-gitlab-minio-0
PV: pvc-ced1015f-907b-406b-9ccf-098470effbe7
374-replace-minio
Install from helm upgrade --install gitlab-operator deploy/chart --create-namespace --namespace gitlab-system --set cert-manager.install=true --set image.tag=374-replace-minio
Needed to delete Deployments due to #683 (closed):
- `gitlab-registry
gitlab-sidekiq-all-in-1-v2
gitlab-toolbox
gitlab-webservice-default
PVC: pvc-94c4b098-069f-4bb8-a161-c62fd5ab3b93
PV: gitlab-minio
Reconnect to old volume
- Delete Secret
gitlab-minio-secret
(contents change with upgrade, but Secret name does not). - Edit old MinIO PV policy to
Retain
. - Delete old MinIO StatefulSet.
- Delete old MinIO PVC.
- Remove
.spec.ClaimRef
from old MinIO PV. - Confirm old PV status is now
Available
- Set GitLab CR value:
minio.persistence.volumeName=<old PV name>
- Apply GitLab CR.
- Delete new MinIO PVC (and MinIO pod, so PVC is unbound) so Operator can recreate PVC (immutable .spec field).
- Confirm old MinIO PV is now bound to new MinIO PVC.
- Confirm data is restored.
Object kind | Object name in 0.6.1 | Object name in 374-replace-minio | Different? |
---|---|---|---|
Deployment | nonexistent | gitlab-minio |
Yes |
StatefulSet | gitlab-minio |
nonexistent | Yes |
Service | gitlab-minio |
gitlab-minio-svc |
Yes |
ConfigMap | gitlab-minio-script |
gitlab-minio-config-cm |
Yes |
Secret | gitlab-minio-secret |
gitlab-minio-secret |
No |
PVC | export-gitlab-minio-0 |
gitlab-minio |
Yes |
Ingress | gitlab-minio |
gitlab-minio |
No |
End user upgrade considerations
Users upgrading to this change would have a few options:
- Set
minio.nameOverride=export-gitlab-minio
to ensure the PVC is generated with the same name as before. - Do nothing at first, upgrade, and then delete the new (empty) PVC and reconnect the previous PVC which has the data (as outlined above).
- Do nothing and accept data loss.
For all options above, it will be required to delete the MinIO Secret prior to the upgrade so it can be recreated with the new contents (since the name didn't change in this MR, and shared-secrets isn't aware of the content of the Secret - just the name).
Keeping in mind that the bundled MinIO is not recommended for production, the options above should be acceptable.