1. 22 Nov, 2021 1 commit
    • Matthias Käppler's avatar
      Allow instantiating SidekiqExporter with settings · 405c21ac
      Matthias Käppler authored
      Going forward, we will be running several instances
      of this server in separate processes, with different
      sets of configuration (most notably, different ports)
      
      This change merely prepares the code base for this;
      since we default the new settings to the existing
      exporter settings, it should be a no-op.
      405c21ac
  2. 12 Nov, 2021 1 commit
  3. 11 Oct, 2021 2 commits
  4. 01 Oct, 2021 1 commit
    • Hordur Freyr Yngvason's avatar
      Add config field gitlab_kas.external_k8s_proxy_url · e0137111
      Hordur Freyr Yngvason authored
      KAS runs the Kubernetes API proxy on a separate port from the agentk
      gRPC service. In the GitLab Helm chart, there is a reverse
      proxy (Ingress) that combines both under a single address, but this is
      not the case for other distributions, such as Omnibus and GDK.
      
      Furthermore, the two are in separate security domains:
      
      - gitlab_kas.external_url must be reachable from agentk instances
      - gitlab_kas.external_k8s_proxy_url must be reachable from CI/CD and user machines
      
      See #342084
      
      Changelog: added
      e0137111
  5. 08 Sep, 2021 1 commit
  6. 31 Aug, 2021 1 commit
    • Stan Hu's avatar
      Support AWS SSE-KMS in backups · 3963b251
      Stan Hu authored and Michael Kozono's avatar Michael Kozono committed
      AWS supports three different modes for encrypting S3 data:
      
      1. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
      2. Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS
      Key Management Service (SSE-KMS)
      3. Server-Side Encryption with Customer-Provided Keys (SSE-C)
      
      Previously, SSE-S3 and SSE-C were supported via the
      `backup.upload.encryption` and `backup.upload.encryption_key`
      configuration options.
      
      SSE-KMS was previously not supported in backups because there was no way
      to specify which customer-managed key to use. However, we did support
      SSE-KMS with consolidated object storage enabled for other CI artifacts,
      attachments, LFS, etc. Note that SSE-C is NOT supported here.
      
      In consolidated object storage, the `storage_options` Hash provides the
      `server_side_encryption` and `server_side_encryption_kms_key_id`
      parameters that allow admins to configure SSE-KMS. We reuse this
      configuration in backups to support SSE-KMS.
      
      Relates to #338764
      
      Changelog: added
      3963b251
  7. 17 Aug, 2021 1 commit
  8. 10 Aug, 2021 1 commit
    • Stan Hu's avatar
      Support setting Rails asset host via gitlab.yml · d11ace24
      Stan Hu authored and Michael Kozono's avatar Michael Kozono committed
      Previously the only way to set the Rails asset host was via the
      `GITLAB_CDN_HOST` environment variable. This still works, but the
      `gitlab.cdn_host` config parameter can now be used to better manage this
      setting.
      
      Relates to #332695
      
      Changelog: added
      d11ace24
  9. 29 Jul, 2021 1 commit
  10. 28 Jun, 2021 1 commit
  11. 25 Jun, 2021 1 commit
    • James Fargher's avatar
      Add configuration for locating gitaly-backup · abc8d061
      James Fargher authored
      `gitaly.client_path` has been removed. So we need a specific
      configuration for finding gitaly-backup. CNG will likely install the
      binary on the container path. So it's useful to search path as a
      fallback.
      
      Changelog: added
      abc8d061
  12. 11 Jun, 2021 1 commit
  13. 07 Jun, 2021 1 commit
  14. 20 May, 2021 1 commit
    • Aleksei Lipniagov's avatar
      Remove Unicorn Sampler and its dependencies · b30ae67d
      Aleksei Lipniagov authored
      With removing Unicorn support in 14.0, UnicornSampler is no longer
      needed.
      Raindrops was only used with Unicorn, so it could be removed too.
      Update the docs related to the change.
      
      Changelog: removed
      b30ae67d
  15. 18 May, 2021 1 commit
  16. 05 May, 2021 1 commit
  17. 28 Apr, 2021 2 commits
  18. 09 Apr, 2021 1 commit
  19. 02 Apr, 2021 1 commit
  20. 01 Apr, 2021 1 commit
  21. 29 Mar, 2021 1 commit
  22. 04 Mar, 2021 1 commit
  23. 18 Feb, 2021 1 commit
  24. 10 Feb, 2021 1 commit
  25. 03 Feb, 2021 1 commit
  26. 29 Jan, 2021 1 commit
  27. 19 Jan, 2021 1 commit
  28. 07 Jan, 2021 1 commit
  29. 06 Jan, 2021 1 commit
  30. 05 Jan, 2021 1 commit
    • Balasankar 'Balu' C's avatar
      Deprecate prometheus.enable and prometheus.listen_address · f8b8d4a8
      Balasankar 'Balu' C authored and Peter Leitzen's avatar Peter Leitzen committed
      
      
      We introduced `prometheus.server_address` setting in `gitlab.yml` which
      is to be Rails application's SSOT regarding a Prometheus address.
      Hence, we can deprecate the existing settings `enable` and
      `listen_address`.
      
      Changes:
      * To `Gitlab::Prometheus::Internal` class methods:
        * `server_address` method renamed to `uri_without_protocol`, to
          reflect what the method actually does.
        * `listen_address` method renamed to `server_address`.
        * `promtheus_enabled?` method now depends on presence of
          `server_address`.
      
      * To `Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService`
        class methods:
        * `prometheus_listen_address` method renamed to
          `prometheus_server_address`.
        * `internal_prometheus_listen_address_uri` renamed to
          `internal_prometheus_server_address_uri`.
      Signed-off-by: Balasankar 'Balu' C's avatarBalasankar "Balu" C <balasankarc@autistici.org>
      f8b8d4a8
  31. 16 Dec, 2020 1 commit
    • Stan Hu's avatar
      Use Praefect instead of Gitaly in testing loop · 63973c00
      Stan Hu authored
      In the test environment, we go through the trouble of spinning up Gitaly
      and Praefect, only to bypass Praefect entirely and go directly to the
      Gitaly socket. This renders the Praefect step useless and causes us to
      miss errors in proxying.
      
      To fix this, we now proxy all calls through Praefect and add a second
      Gitaly shard.
      
      This was discovered in
      gitaly#3379.
      63973c00
  32. 10 Dec, 2020 1 commit
  33. 08 Dec, 2020 1 commit
  34. 25 Nov, 2020 1 commit
    • Kate Grechishkina's avatar
      Rename Piwik to Matomo · 49ed77a1
      Kate Grechishkina authored and Stan Hu's avatar Stan Hu committed
      This currently will fall back to the legacy Piwki settings (`piwiki_url`
      and `piwik_site_id`) if the new Matoma settings are not defined.
      49ed77a1
  35. 23 Nov, 2020 1 commit
    • DJ Mountney's avatar
      Apply review feedback · 187618c5
      DJ Mountney authored
      -Ensure we creation our tempfile within our final directory
      - Add encrypted settings config to gitlab.yml.example
      - Update missing key syntax
      - And check early for missing key during the edit command
      - Ensure spec tests are rails rooted
      187618c5
  36. 19 Nov, 2020 1 commit
  37. 16 Nov, 2020 1 commit
    • Nicolas Dular's avatar
      Add google tag manager · 36683da9
      Nicolas Dular authored
      This adds the google tag manager scripts on the sign in/up and trial
      sign up page. To align with our privacy policy the script only gets
      activated when the `google_tag_manager_id` is set in the config on
      GitLab.com and when there is no signed in user.
      36683da9
  38. 06 Nov, 2020 1 commit