[V2] Specification of GitLab resource v2beta1
Summary
This is the first draft of the specification for version v2beta1
of GitLab resource. It provides the minimum required configuration for installing and upgrading the smallest possible GitLab instance.
Background
See [Spike] Investigate a structured GitLab resourc... (#1389 - closed)
Key Changes
- Structured and strict syntax for GitLab resource specification
- Tagged Go data types that can be serialized into JSON and used with Kubernetes code generation tooling. The CRD specification can be generated with
controller-gen
.
Benefits
- Better semantics for GitLab resource specification make cloud-native configuration easier
- Strict syntax enables validation of user inputs and prevents misconfigurations
Limitations
- The resource specification only contains a few required core components, including Puma, Workhorse, Sidekiq, and Gitaly
- Only external PostgreSQL and Redis are supported
- The configuration of the components is not complete. The MR is focused on the structure rather than completeness of the data types.
Further Work
- Document Go data types. It is required for documentation of OpenAPI specification.
- Tagging Go data types with CRD validation markers
- Implement status sub-resource. See Implement the Status of GitLab resource v2beta1 (#1511).
Overview
GitLab
classDiagram
GitLab --|> TypeMeta
GitLab --> ObjectMeta : metadata
GitLab --> GitLabSpec : spec
GitLab --> GitLabStatus : status
GitLabList --|> TypeMeta
GitLabList --> ListMeta : metadata
GitLabList --o GitLab : items
GitLabSpec
classDiagram
GitLabSpec --> "0..1" ImageSource : imageSource
GitLabSpec --> "0..1" PodTemplateSpec : podTemplate
GitLabSpec --> ApplicationConfigSpec : appConfig
GitLabSpec --> ApplicationServerSpec : appServer
GitLabSpec --> JobProcessorSpec : jobProcessor
GitLabSpec --* "1..*" RepositorySpec : repositories
GitLabSpec --* "1..*" PostgreSQLSpec : postgresql
GitLabSpec --* "1..*" RedisSpec : redis
ApplicationConfigSpec
classDiagram
ApplicationConfigSpec --> ContentSecurityPolicy : contentSecurityPolicy
ApplicationConfigSpec --* "0..x" PersistentObjectConfig : {artifacts,lfs,uploads,...,ciSecureFiles}
ApplicationConfigSpec --> "0..1" ConsolidatedObjectStore : objectStore
PersistentObjectConfig --> "0..1" FragmentedObjectStore : objectStore
FragmentedObjectStore --> ObjectStoreProvider : provider
FragmentedObjectStore --> ObjectStoreDestination : destination
ConsolidatedObjectStore --> ObjectStoreProvider : provider
ConsolidatedObjectStore --> ConsolidatedDestinations : destinations
ConsolidatedDestinations --* "0..x" ObjectStoreDestination : {artifacts,lfs,uploads,...,ciSecureFiles}
ObjectStoreProvider --> "0..1" AWSObjectStore : aws
ObjectStoreProvider --> "0..1" GCSObjectStore : gcs
ApplicationServerSpec
classDiagram
ImageReference --|> ImageSource :
ApplicationServerImages --* "0..2" ImageSource : {puma,workhorse}
ApplicationServerSpec --> ApplicationServerImages : images
ApplicationServerSpec --> PodTemplateSpec : podTemplate
ApplicationServerSpec --> PumaConfig : puma
ApplicationServerSpec --> WorkhorseConfig : workhorse
JobProcessorSpec
classDiagram
ImageReference --|> ImageSource :
JobProcessorImages --* "0..1" ImageSource : sidekiq
JobProcessorSpec --> JobProcessorImages : images
JobProcessorSpec --> PodTemplateSpec : podTemplate
JobProcessorSpec --> SidekiqConfig : sidekiq
SidekiqConfig --* "0..n" SidekiqRoutingRule
RepositorySpec
classDiagram
ImageReference --|> ImageSource :
GitalyImages --* "0..1" ImageSource : gitaly
RepositorySpec --> RepositoryAuthentication : authentication
RepositorySpec --> RepositoryProvider : provider
RepositoryAuthentication --> SecretKeySelector : token
RepositoryProvider --> "0..1" ExternalServiceEndpoint : external
RepositoryProvider --> "0..1" ObjectReference : service
RepositoryProvider --> "0..1" GitalySpec : gitaly
GitalySpec --> GitalyImages : images
GitalySpec --> PodTemplateSpec : podTemplate
GitalySpec --> GitalyConfig : config
PostgreSQLSpec
classDiagram
PostgreSQLSpec --> PostgreSQLAuthentication : authentication
PostgreSQLSpec --> PostgreSQLProvider : provider
PostgreSQLSpec --> PostgreSQLConnectionSettings : settings
PostgreSQLAuthentication --> "0..1" SecretKeySelector : password
PostgreSQLAuthentication --> "0..1" SecretReference : tls
PostgreSQLProvider --> "0..1" ExternalServiceEndpoint : external
PostgreSQLProvider --> "0..1" ObjectReference : service
RedisSpec
classDiagram
RedisSpec --> RedisAuthentication : authentication
RedisSpec --> RedisProvider : provider
RedisAuthentication --> "0..1" SecretKeySelector : password
RedisProvider --> "0..1" ExternalServiceEndpoint : external
RedisProvider --> "0..1" ObjectReference : service
Examples
Example 1
apiVersion: gitlab.com/v2beta1
kind: GitLab
metadata:
name: example-1
spec:
version: 16.10.0
edition: ee
license:
name: example-1-license-secret
key: license-key
imageSource:
registry: registry.gitlab.com
repository: gitlab-org/build/cng
flavor: Debian
pullSecrets:
- name: gitlab-registry-pull-secret-1
- name: gitlab-registry-pull-secret-2
podTemplate:
metadata:
# Pod labels
labels:
pod-label-1: pod-label-1-value
# Pod annotations
annotations:
pod-annotation-1: pod-annotation-1-value
spec:
# Extra init containers
initContainers: []
# Extra containers
containers: []
# Extra volumes
volumes: []
nodeSelector: {}
securityContext: {}
affinity: {}
tolerations: []
appConfig:
externalUrl: https://example.com
sshHost: ssh.example.com
timezone: UTC
maxRequestDuration: 120
# ...
objectStore:
proxyDownload: true
aws:
accessKeyId:
name: aws-access-key-secret
key: access-key
objects:
artifacts:
bucketName: artifacts
lfs:
bucketName: lfs
# ...
accessKeySecret:
name: aws-access-key-secret
key: access-secret
region: us-east-1
webServices:
podTemplate: {}
deploymentModel:
allInOne:
minReplicas: 2
maxReplicas: 4
puma:
workerProcesses: 2
tls:
enabled: true
certificate:
name: puma-internal-tls-secret
workhorse:
logFormat: JSON
tls:
enabled: true
certificate:
name: workhorse-internal-tls-secret
jobProcessor:
podTemplate: {}
deploymentModel:
allInOne:
minReplicas: 1
maxReplicas: 2
sidekiq:
logFormat: JSON
repositories:
- name: example-gitaly
authentication:
token:
name: gitaly-auth-token-secret
key: gitaly-token
gitaly:
podTemplate: {}
config:
logFormat: JSON
tls:
enabled: true
name: gitaly-internal-tls-secret
# ...
#external:
# host: my-gitaly-vm.local
postgresql:
- name: default
authentication:
password:
name: postgresql-password-secret
settings:
connectTimeout: 300
service:
name: my-postgresql-svc
#external:
# host: my-postgresql-vm.local
redis:
- name: default
authentication:
password:
name: redis-password-secret
service:
name: my-redis-svc
#external:
# host: my-redis-vm.local
Related issues
Closes #1510
Edited by Hossein Pursultani