1. 11 Oct, 2021 2 commits
  2. 01 Oct, 2021 1 commit
    • Hordur Freyr Yngvason's avatar
      Add config field gitlab_kas.external_k8s_proxy_url · e0137111
      Hordur Freyr Yngvason authored
      KAS runs the Kubernetes API proxy on a separate port from the agentk
      gRPC service. In the GitLab Helm chart, there is a reverse
      proxy (Ingress) that combines both under a single address, but this is
      not the case for other distributions, such as Omnibus and GDK.
      Furthermore, the two are in separate security domains:
      - gitlab_kas.external_url must be reachable from agentk instances
      - gitlab_kas.external_k8s_proxy_url must be reachable from CI/CD and user machines
      See #342084
      Changelog: added
  3. 08 Sep, 2021 1 commit
  4. 31 Aug, 2021 1 commit
    • Stan Hu's avatar
      Support AWS SSE-KMS in backups · 3963b251
      Stan Hu authored and Michael Kozono's avatar Michael Kozono committed
      AWS supports three different modes for encrypting S3 data:
      1. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
      2. Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS
      Key Management Service (SSE-KMS)
      3. Server-Side Encryption with Customer-Provided Keys (SSE-C)
      Previously, SSE-S3 and SSE-C were supported via the
      `backup.upload.encryption` and `backup.upload.encryption_key`
      configuration options.
      SSE-KMS was previously not supported in backups because there was no way
      to specify which customer-managed key to use. However, we did support
      SSE-KMS with consolidated object storage enabled for other CI artifacts,
      attachments, LFS, etc. Note that SSE-C is NOT supported here.
      In consolidated object storage, the `storage_options` Hash provides the
      `server_side_encryption` and `server_side_encryption_kms_key_id`
      parameters that allow admins to configure SSE-KMS. We reuse this
      configuration in backups to support SSE-KMS.
      Relates to #338764
      Changelog: added
  5. 17 Aug, 2021 1 commit
  6. 10 Aug, 2021 1 commit
    • Stan Hu's avatar
      Support setting Rails asset host via gitlab.yml · d11ace24
      Stan Hu authored and Michael Kozono's avatar Michael Kozono committed
      Previously the only way to set the Rails asset host was via the
      `GITLAB_CDN_HOST` environment variable. This still works, but the
      `gitlab.cdn_host` config parameter can now be used to better manage this
      Relates to #332695
      Changelog: added
  7. 29 Jul, 2021 1 commit
  8. 28 Jun, 2021 1 commit
  9. 25 Jun, 2021 1 commit
    • James Fargher's avatar
      Add configuration for locating gitaly-backup · abc8d061
      James Fargher authored
      `gitaly.client_path` has been removed. So we need a specific
      configuration for finding gitaly-backup. CNG will likely install the
      binary on the container path. So it's useful to search path as a
      Changelog: added
  10. 11 Jun, 2021 1 commit
  11. 07 Jun, 2021 1 commit
  12. 20 May, 2021 1 commit
    • Aleksei Lipniagov's avatar
      Remove Unicorn Sampler and its dependencies · b30ae67d
      Aleksei Lipniagov authored
      With removing Unicorn support in 14.0, UnicornSampler is no longer
      Raindrops was only used with Unicorn, so it could be removed too.
      Update the docs related to the change.
      Changelog: removed
  13. 18 May, 2021 1 commit
  14. 05 May, 2021 1 commit
  15. 28 Apr, 2021 2 commits
  16. 09 Apr, 2021 1 commit
  17. 02 Apr, 2021 1 commit
  18. 01 Apr, 2021 1 commit
  19. 29 Mar, 2021 1 commit
  20. 04 Mar, 2021 1 commit
  21. 18 Feb, 2021 1 commit
  22. 10 Feb, 2021 1 commit
  23. 03 Feb, 2021 1 commit
  24. 29 Jan, 2021 1 commit
  25. 19 Jan, 2021 1 commit
  26. 07 Jan, 2021 1 commit
  27. 06 Jan, 2021 1 commit
  28. 05 Jan, 2021 1 commit
    • Balasankar 'Balu' C's avatar
      Deprecate prometheus.enable and prometheus.listen_address · f8b8d4a8
      Balasankar 'Balu' C authored and Peter Leitzen's avatar Peter Leitzen committed
      We introduced `prometheus.server_address` setting in `gitlab.yml` which
      is to be Rails application's SSOT regarding a Prometheus address.
      Hence, we can deprecate the existing settings `enable` and
      * To `Gitlab::Prometheus::Internal` class methods:
        * `server_address` method renamed to `uri_without_protocol`, to
          reflect what the method actually does.
        * `listen_address` method renamed to `server_address`.
        * `promtheus_enabled?` method now depends on presence of
      * To `Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService`
        class methods:
        * `prometheus_listen_address` method renamed to
        * `internal_prometheus_listen_address_uri` renamed to
      Signed-off-by: Balasankar 'Balu' C's avatarBalasankar "Balu" C <balasankarc@autistici.org>
  29. 16 Dec, 2020 1 commit
    • Stan Hu's avatar
      Use Praefect instead of Gitaly in testing loop · 63973c00
      Stan Hu authored
      In the test environment, we go through the trouble of spinning up Gitaly
      and Praefect, only to bypass Praefect entirely and go directly to the
      Gitaly socket. This renders the Praefect step useless and causes us to
      miss errors in proxying.
      To fix this, we now proxy all calls through Praefect and add a second
      Gitaly shard.
      This was discovered in
  30. 10 Dec, 2020 1 commit
  31. 08 Dec, 2020 1 commit
  32. 25 Nov, 2020 1 commit
    • Kate Grechishkina's avatar
      Rename Piwik to Matomo · 49ed77a1
      Kate Grechishkina authored and Stan Hu's avatar Stan Hu committed
      This currently will fall back to the legacy Piwki settings (`piwiki_url`
      and `piwik_site_id`) if the new Matoma settings are not defined.
  33. 23 Nov, 2020 1 commit
    • DJ Mountney's avatar
      Apply review feedback · 187618c5
      DJ Mountney authored
      -Ensure we creation our tempfile within our final directory
      - Add encrypted settings config to gitlab.yml.example
      - Update missing key syntax
      - And check early for missing key during the edit command
      - Ensure spec tests are rails rooted
  34. 19 Nov, 2020 1 commit
  35. 16 Nov, 2020 1 commit
    • Nicolas Dular's avatar
      Add google tag manager · 36683da9
      Nicolas Dular authored
      This adds the google tag manager scripts on the sign in/up and trial
      sign up page. To align with our privacy policy the script only gets
      activated when the `google_tag_manager_id` is set in the config on
      GitLab.com and when there is no signed in user.
  36. 06 Nov, 2020 1 commit
  37. 21 Oct, 2020 1 commit
  38. 16 Oct, 2020 1 commit