Consider using shared secrets for all the Review Apps
Currently, for each Review App, we create two secrets manually:
function create_application_secret() {
local namespace="${KUBE_NAMESPACE}"
local release="${CI_ENVIRONMENT_SLUG}"
echoinfo "Creating the ${release}-gitlab-initial-root-password secret in the ${namespace} namespace..." true
kubectl create secret generic --namespace "${namespace}" \
"${release}-gitlab-initial-root-password" \
--from-literal="password=${REVIEW_APPS_ROOT_PASSWORD}" \
--dry-run -o json | kubectl apply -f -
if [ -z "${REVIEW_APPS_EE_LICENSE}" ]; then echo "License not found" && return; fi
echoinfo "Creating the ${release}-gitlab-license secret in the ${namespace} namespace..." true
echo "${REVIEW_APPS_EE_LICENSE}" > /tmp/license.gitlab
kubectl create secret generic --namespace "${namespace}" \
"${release}-gitlab-license" \
--from-file=license=/tmp/license.gitlab \
--dry-run -o json | kubectl apply -f -
}
but there's no point in creating new secrets each time. We could just have two secrets that are reused by all the Review Apps.
We'd need to set gitlab.migrations.initialRootPassword.secret
: https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc%2Finstallation%2Fcommand-line-options.md