Remove Cilium Support for AutoDevOps in GitLab > 15.0
Summary
There is a requirement to manually create gitlab-cilium-role and gitlab-cilium-role-binding for AutoDevOps to work with Cilium network policies in GitLab versions greater than 15.0.
It's because this MR removed the creation of the gitlab-cilium-role in the Kubernetes cluster service account, in May 2022, as part of this issue #352287 (closed) to remove the Threat Monitoring page.
Because of this, since GitLab 15.1, it's not possible to add the cilium network policy to AutoDevOps projects, until you manually create gitlab-cilium-role and gitlab-cilium-role-binding.
Steps to reproduce
- Deploy GitLab
15.0. - Create a namespace with a project and add the cilium network policy.
- Upgrade to GitLab
15.1. - Create another new namespace with a project and add try to add the cilium network policy.
What is the current bug behavior?
You will find that the cilium network policy is unavailable in the newly created namespace after upgrading to GitLab 15.1 until you manually create gitlab-cilium-role and gitlab-cilium-role-binding.
What is the expected correct behavior?
The cilium network policy should be available in the newly created namespace after upgrading to GitLab 15.1.
If it is no longer supported, then the cilium network policy section needs to be removed from the AutoDevOps helm chart here:
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
gitlab-rake gitlab:env:info System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 2.7.5p203 Gem Version: 3.1.6 Bundler Version:2.3.15 Rake Version: 13.0.6 Redis Version: 6.2.7 Sidekiq Version:6.4.2 Go Version: unknown GitLab information Version: 15.4.2-ee Revision: 4eacd5378ab Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 12.10 URL: https://gitlab.teracloud.ninja HTTP Clone URL: https://gitlab.teracloud.ninja/some-group/some-project.git SSH Clone URL: git@gitlab.teracloud.ninja:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: azure_oauth2 GitLab Shell Version: 14.10.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Results of GitLab application Check
Expand for output related to the GitLab application check
# gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 14.10.0 ? ... OK (14.10.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 1/1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Systemd unit files or init script exist? ... skipped (omnibus-gitlab has neither init script nor systemd units) Systemd unit files or init script up-to-date? ... skipped (omnibus-gitlab has neither init script nor systemd units) Projects have namespace: ... 4/1 ... yes 4/2 ... yes 5/3 ... yes 5/5 ... yes 3/6 ... yes 65/7 ... yes 3/8 ... yes 3/9 ... yes 3/10 ... yes 5/11 ... yes 5/12 ... yes 5/13 ... yes 5/14 ... yes 5/15 ... yes 5/16 ... yes 5/17 ... yes 3/19 ... yes 3/20 ... yes 5/22 ... yes 3/24 ... yes 5/25 ... yes 3/26 ... yes 3/27 ... yes 5/28 ... yes 3/29 ... yes 2/30 ... yes 5/31 ... yes 5/33 ... yes 3/34 ... yes 27/38 ... yes 3/39 ... yes 3/40 ... yes 27/41 ... yes 28/42 ... yes 28/44 ... yes 28/46 ... yes 3/47 ... yes 28/48 ... yes 5/49 ... yes 34/50 ... yes 3/51 ... yes 28/52 ... yes 3/54 ... yes 39/55 ... yes 41/56 ... yes 3/58 ... yes 5/60 ... yes 3/61 ... yes 5/64 ... yes 5/65 ... yes 55/66 ... yes 56/67 ... yes 56/68 ... yes 441/70 ... yes 5/71 ... yes 41/75 ... yes 27/76 ... yes 5/77 ... yes 18/78 ... yes 18/79 ... yes 2/80 ... yes 2/81 ... yes 2/82 ... yes 41/83 ... yes 5/84 ... yes 4/85 ... yes 5/86 ... yes 5/87 ... yes 41/90 ... yes 18/91 ... yes 67/92 ... yes 2/93 ... yes 2/94 ... yes 28/96 ... yes 67/97 ... yes 76/98 ... yes 28/101 ... yes 28/102 ... yes 65/103 ... yes 65/107 ... yes 27/110 ... yes 28/111 ... yes 27/112 ... yes 5/113 ... yes 27/114 ... yes 85/115 ... yes 86/116 ... yes 28/117 ... yes 28/118 ... yes 27/119 ... yes 28/120 ... yes 5/121 ... yes 28/124 ... yes 28/125 ... yes 5/126 ... yes 22/128 ... yes 28/130 ... yes 28/132 ... yes 28/133 ... yes 93/134 ... yes 5/137 ... yes 5/139 ... yes 92/142 ... yes 86/144 ... yes 5/146 ... yes 28/149 ... yes 28/150 ... yes 92/151 ... yes 5/152 ... yes 28/153 ... yes 28/154 ... yes 5/155 ... yes 27/157 ... yes 28/158 ... yes 3/159 ... yes 100/160 ... yes 96/161 ... yes 89/168 ... yes 89/169 ... yes 3/170 ... yes 96/173 ... yes 100/174 ... yes 101/175 ... yes 27/176 ... yes 92/177 ... yes 100/178 ... yes 100/182 ... yes 22/183 ... yes 106/184 ... yes 65/185 ... yes 100/186 ... yes 2/188 ... yes 100/189 ... yes 28/190 ... yes 2/192 ... yes 108/194 ... yes 5/195 ... yes 27/199 ... yes 22/200 ... yes 100/201 ... yes 27/202 ... yes 115/204 ... yes 100/206 ... yes 28/207 ... yes 100/208 ... yes 100/209 ... yes 96/210 ... yes 117/211 ... yes 3/213 ... yes 4/214 ... yes 100/215 ... yes 100/216 ... yes 108/220 ... yes 100/222 ... yes 117/223 ... yes 28/224 ... yes 28/225 ... yes 113/226 ... yes 100/227 ... yes 100/228 ... yes 3/229 ... yes 28/230 ... yes 100/231 ... yes 100/232 ... yes 124/233 ... yes 100/234 ... yes 441/237 ... yes 124/238 ... yes 125/240 ... yes 125/241 ... yes 125/242 ... yes 28/243 ... yes 28/244 ... yes 28/246 ... yes 125/247 ... yes 125/250 ... yes 124/251 ... yes 89/252 ... yes 89/253 ... yes 100/254 ... yes 65/255 ... yes 100/257 ... yes 108/258 ... yes 139/259 ... yes 125/260 ... yes 5/261 ... yes 34/262 ... yes 28/263 ... yes 5/265 ... yes 100/266 ... yes 163/267 ... yes 100/268 ... yes 127/269 ... yes 28/270 ... yes 2/271 ... yes 108/273 ... yes 108/274 ... yes 100/275 ... yes 100/276 ... yes 100/277 ... yes 28/278 ... yes 178/279 ... yes 108/280 ... yes 178/281 ... yes 100/283 ... yes 100/284 ... yes 28/286 ... yes 100/287 ... yes 154/288 ... yes 100/289 ... yes 117/290 ... yes 217/291 ... yes 226/292 ... yes 178/293 ... yes 5/294 ... yes 86/295 ... yes 226/296 ... yes 230/297 ... yes 100/298 ... yes 86/299 ... yes 154/300 ... yes 100/301 ... yes 5/303 ... yes 247/304 ... yes 178/305 ... yes 100/306 ... yes 28/307 ... yes 100/308 ... yes 100/309 ... yes 259/310 ... yes 28/311 ... yes 121/312 ... yes 5/314 ... yes 259/315 ... yes 28/316 ... yes 140/317 ... yes 259/318 ... yes 259/319 ... yes 259/320 ... yes 44/323 ... yes 42/324 ... yes 271/325 ... yes 44/326 ... yes 271/327 ... yes 100/328 ... yes 55/331 ... yes 28/332 ... yes 154/333 ... yes 23/334 ... yes 100/335 ... yes 154/336 ... yes 217/337 ... yes 288/339 ... yes 19/341 ... yes 245/343 ... yes 71/344 ... yes 127/345 ... yes 100/348 ... yes 28/349 ... yes 288/350 ... yes 86/351 ... yes 28/352 ... yes 71/353 ... yes 227/354 ... yes 222/355 ... yes 28/357 ... yes 331/358 ... yes 86/359 ... yes 338/360 ... yes 28/361 ... yes 19/362 ... yes 339/363 ... yes 259/364 ... yes 19/365 ... yes 192/366 ... yes 55/367 ... yes 154/368 ... yes 288/369 ... yes 144/370 ... yes 100/371 ... yes 5/373 ... yes 5/374 ... yes 28/375 ... yes 71/378 ... yes 55/379 ... yes 56/380 ... yes 101/382 ... yes 100/383 ... yes 28/385 ... yes 339/386 ... yes 28/387 ... yes 28/388 ... yes 441/389 ... yes 5/390 ... yes 338/391 ... yes 100/393 ... yes 441/394 ... yes 28/397 ... yes 86/398 ... yes 441/399 ... yes 86/400 ... yes 165/403 ... yes 330/404 ... yes 28/405 ... yes 28/407 ... yes 5/408 ... yes 259/409 ... yes 340/410 ... yes 100/411 ... yes 113/412 ... yes 113/413 ... yes 100/414 ... yes 127/415 ... yes 100/416 ... yes 55/417 ... yes 802/418 ... yes 237/419 ... yes 28/420 ... yes 28/421 ... yes 125/422 ... yes 28/423 ... yes 802/424 ... yes 125/425 ... yes 28/427 ... yes 850/430 ... yes 840/432 ... yes 86/433 ... yes 835/434 ... yes 28/436 ... yes 850/437 ... yes 813/438 ... yes 881/439 ... yes 338/441 ... yes 812/445 ... yes 4/446 ... yes 141/447 ... yes 812/448 ... yes 259/449 ... yes 881/450 ... yes 34/451 ... yes 927/452 ... yes 940/453 ... yes 217/454 ... yes 100/455 ... yes 881/457 ... yes 202/460 ... yes 217/461 ... yes 977/462 ... yes 202/463 ... yes 977/464 ... yes 977/465 ... yes 977/466 ... yes 977/467 ... yes 977/468 ... yes 977/469 ... yes 1004/470 ... yes 288/471 ... yes 303/473 ... yes 154/474 ... yes 28/475 ... yes 154/476 ... yes 1020/477 ... yes 100/478 ... yes 297/479 ... yes 1060/480 ... yes 1060/481 ... yes 28/482 ... yes 154/483 ... yes 86/484 ... yes 1177/485 ... yes 1048/486 ... yes 1048/488 ... yes 371/489 ... yes 1128/490 ... yes 259/491 ... yes 858/492 ... yes 1053/493 ... yes 1135/494 ... yes 944/495 ... yes 944/496 ... yes 1034/497 ... yes 1048/498 ... yes 1043/499 ... yes 1004/500 ... yes 1043/501 ... yes 338/502 ... yes 141/503 ... yes 28/504 ... yes 28/505 ... yes 3/506 ... yes 259/507 ... yes 812/509 ... yes 28/510 ... yes 141/511 ... yes 1121/512 ... yes 1209/513 ... yes 1004/514 ... yes 1217/515 ... yes 125/516 ... yes 1162/517 ... yes 341/518 ... yes 339/519 ... yes 328/520 ... yes 28/521 ... yes 1004/522 ... yes 338/523 ... yes 28/524 ... yes 154/525 ... yes 881/526 ... yes 441/527 ... yes 1033/528 ... yes 5/530 ... yes 34/531 ... yes 229/532 ... yes 117/533 ... yes 1004/534 ... yes 1099/535 ... yes 154/536 ... yes 28/537 ... yes 1004/538 ... yes 1004/539 ... yes 1099/540 ... yes 100/541 ... yes 156/542 ... yes 28/543 ... yes 76/544 ... yes 101/545 ... yes 168/546 ... yes 881/547 ... yes 156/548 ... yes 1290/549 ... yes 1004/551 ... yes Redis version >= 6.0.0? ... yes Ruby version >= 2.7.2 ? ... yes (2.7.5) Git user has default SSH configuration? ... yes Active users: ... 400 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 7.x-8.x or OpenSearch version 1.x ... skipped (Advanced Search is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished
Possible fixes
Edited by Gabriel Yoachum