[V2] Specification of GitLab resource v2beta1

🔵 This MR is part of the implementation of Operator V2.

Summary

This is the first draft of the specification for version v2beta1 of GitLab resource. It provides the minimum required configuration for installing and upgrading the smallest possible GitLab instance.

Background

See [Spike] Investigate a structured GitLab resourc... (#1389 - closed)

Key Changes

• Structured and strict syntax for GitLab resource specification
• Tagged Go data types that can be serialized into JSON and used with Kubernetes code generation tooling. The CRD specification can be generated with controller-gen.

Benefits

• Better semantics for GitLab resource specification make cloud-native configuration easier
• Strict syntax enables validation of user inputs and prevents misconfigurations

Limitations

• The resource specification only contains a few required core components, including Puma, Workhorse, Sidekiq, and Gitaly
• Only external PostgreSQL and Redis are supported
• The configuration of the components is not complete. The MR is focused on the structure rather than completeness of the data types.

Further Work

• Document Go data types. It is required for documentation of OpenAPI specification.
• Tagging Go data types with CRD validation markers
• Implement status sub-resource. See Implement the Status of GitLab resource v2beta1 (#1511).

Overview

GitLab

classDiagram
  GitLab --|> TypeMeta
  GitLab --> ObjectMeta : metadata
  GitLab --> GitLabSpec : spec
  GitLab --> GitLabStatus : status

  GitLabList --|> TypeMeta
  GitLabList --> ListMeta : metadata
  GitLabList --o GitLab : items

GitLabSpec

classDiagram
  GitLabSpec --> "0..1" ImageSource : imageSource
  GitLabSpec --> "0..1" PodTemplateSpec : podTemplate
  GitLabSpec --> ApplicationConfigSpec : appConfig
  GitLabSpec --> ApplicationServerSpec : appServer
  GitLabSpec --> JobProcessorSpec : jobProcessor
  GitLabSpec --* "1..*" RepositorySpec : repositories
  GitLabSpec --* "1..*" PostgreSQLSpec : postgresql
  GitLabSpec --* "1..*" RedisSpec : redis

ApplicationConfigSpec

classDiagram
  ApplicationConfigSpec --> ContentSecurityPolicy : contentSecurityPolicy
  ApplicationConfigSpec --* "0..x" PersistentObjectConfig : {artifacts,lfs,uploads,...,ciSecureFiles}
  ApplicationConfigSpec --> "0..1" ConsolidatedObjectStore : objectStore

  PersistentObjectConfig --> "0..1" FragmentedObjectStore : objectStore
  FragmentedObjectStore --> ObjectStoreProvider : provider
  FragmentedObjectStore --> ObjectStoreDestination : destination
  ConsolidatedObjectStore --> ObjectStoreProvider : provider
  ConsolidatedObjectStore --> ConsolidatedDestinations : destinations
  ConsolidatedDestinations --* "0..x" ObjectStoreDestination : {artifacts,lfs,uploads,...,ciSecureFiles}
  ObjectStoreProvider --> "0..1" AWSObjectStore : aws
  ObjectStoreProvider --> "0..1" GCSObjectStore : gcs

ApplicationServerSpec

classDiagram
  ImageReference --|> ImageSource : 
  ApplicationServerImages --* "0..2"  ImageSource : {puma,workhorse}
  ApplicationServerSpec --> ApplicationServerImages : images
  ApplicationServerSpec --> PodTemplateSpec : podTemplate
  ApplicationServerSpec --> PumaConfig : puma
  ApplicationServerSpec --> WorkhorseConfig : workhorse

JobProcessorSpec

classDiagram
  ImageReference --|> ImageSource : 
  JobProcessorImages --* "0..1"  ImageSource : sidekiq
  JobProcessorSpec --> JobProcessorImages : images
  JobProcessorSpec --> PodTemplateSpec : podTemplate
  JobProcessorSpec --> SidekiqConfig : sidekiq
  SidekiqConfig --* "0..n" SidekiqRoutingRule

RepositorySpec

classDiagram
  ImageReference --|> ImageSource : 
  GitalyImages --* "0..1"  ImageSource : gitaly
  RepositorySpec --> RepositoryAuthentication : authentication
  RepositorySpec --> RepositoryProvider : provider
  RepositoryAuthentication --> SecretKeySelector : token
  RepositoryProvider --> "0..1" ExternalServiceEndpoint : external
  RepositoryProvider --> "0..1" ObjectReference : service
  RepositoryProvider --> "0..1" GitalySpec : gitaly
  GitalySpec --> GitalyImages : images
  GitalySpec --> PodTemplateSpec : podTemplate
  GitalySpec --> GitalyConfig : config

PostgreSQLSpec

classDiagram
  PostgreSQLSpec --> PostgreSQLAuthentication : authentication
  PostgreSQLSpec --> PostgreSQLProvider : provider
  PostgreSQLSpec --> PostgreSQLConnectionSettings : settings
  PostgreSQLAuthentication --> "0..1" SecretKeySelector : password
  PostgreSQLAuthentication --> "0..1" SecretReference : tls
  PostgreSQLProvider --> "0..1" ExternalServiceEndpoint : external
  PostgreSQLProvider --> "0..1" ObjectReference : service

RedisSpec

classDiagram
  RedisSpec --> RedisAuthentication : authentication
  RedisSpec --> RedisProvider : provider
  RedisAuthentication --> "0..1" SecretKeySelector : password
  RedisProvider --> "0..1" ExternalServiceEndpoint : external
  RedisProvider --> "0..1" ObjectReference : service

Examples

Example 1

apiVersion: gitlab.com/v2beta1
kind: GitLab
metadata:
  name: example-1
spec:
  version: 16.10.0
  edition: ee
  license:
    name: example-1-license-secret
    key: license-key
  imageSource:
    registry: registry.gitlab.com
    repository: gitlab-org/build/cng
    flavor: Debian
    pullSecrets:
      - name: gitlab-registry-pull-secret-1
      - name: gitlab-registry-pull-secret-2
  podTemplate:
    metadata:
      # Pod labels
      labels:
        pod-label-1: pod-label-1-value
      # Pod annotations
      annotations:
        pod-annotation-1: pod-annotation-1-value
    spec:
      # Extra init containers
      initContainers: []
      # Extra containers
      containers: []
      # Extra volumes
      volumes: []
      nodeSelector: {}
      securityContext: {}
      affinity: {}
      tolerations: []
  appConfig:
    externalUrl: https://example.com
    sshHost: ssh.example.com
    timezone: UTC
    maxRequestDuration: 120
    # ...
    objectStore:
      proxyDownload: true
      aws:
        accessKeyId:
          name: aws-access-key-secret
          key: access-key
        objects:
          artifacts:
            bucketName: artifacts
          lfs:
            bucketName: lfs
          # ...
        accessKeySecret:
          name: aws-access-key-secret
          key: access-secret
        region: us-east-1
  webServices:
    podTemplate: {}
    deploymentModel:
      allInOne:
        minReplicas: 2
        maxReplicas: 4
    puma:
      workerProcesses: 2
      tls:
        enabled: true
        certificate:
          name: puma-internal-tls-secret
    workhorse:
      logFormat: JSON
      tls:
        enabled: true
        certificate:
          name: workhorse-internal-tls-secret
  jobProcessor:
    podTemplate: {}
    deploymentModel:
      allInOne:
        minReplicas: 1
        maxReplicas: 2
    sidekiq:
      logFormat: JSON
  repositories:
    - name: example-gitaly
      authentication:
        token:
          name: gitaly-auth-token-secret
          key: gitaly-token
      gitaly:
        podTemplate: {}
        config:
          logFormat: JSON
          tls:
            enabled: true
            name: gitaly-internal-tls-secret
          # ...
      #external:
      #  host: my-gitaly-vm.local
  postgresql:
    - name: default
      authentication:
        password:
          name: postgresql-password-secret
      settings:
        connectTimeout: 300
      service:
        name: my-postgresql-svc
      #external:
      #  host: my-postgresql-vm.local
  redis:
    - name: default
      authentication:
        password:
          name: redis-password-secret
      service:
        name: my-redis-svc
      #external:
      #  host: my-redis-vm.local

Related issues

Closes #1510