...
 
Commits (238)
This diff is collapsed.
......@@ -20,17 +20,25 @@
.idea/
*.tmproj
# Project/CI/CD related items
.gitlab
.gitlab-ci.yml
.dockerignore
.helmignore
Dangerfile
Gemfile
Gemfile.lock
ci/
doc/
examples/
images/
certs/
scripts/
spec/
build/
*.md
CHANGELOG
changelogs/
# CHANGELOG.md
bin/
spec/
# dependencies.io
dependencies.yml
dependencies_io/
......@@ -2,6 +2,148 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 1.9.3 (2019-06-10)
### Other (1 change)
- Update GitLab Version to 11.11.3.
## 1.9.2 (2019-06-05)
### Other (2 changes)
- Update gitlab-runner to 0.5.2/11.11.2. !806
- Update GitLab Version to 11.11.2.
## 1.9.1 (2019-06-03)
### Other (2 changes)
- Update GitLab Runner Helm Chart to 0.5.1. !801
- Update GitLab Version to 11.11.1.
## 1.9.0 (2019-05-22)
### Changed (4 changes)
- Transition Operator from Cluster to Namespace Role. !764
- Replace subgroup with GitLab class annotation. !772
- Rename subgroup to CRD prefix. !773
- Add default Referrer-Policy to nginx-ingress headers. !774
### Performance (1 change)
- Unicorn: increase worker memory defaults.
### Added (3 changes, 1 of them is from the community)
- Add checkConfig logic to detect known bad configurations. !757
- Persistent storage for task-runner tmp directory. !769 (jansmets)
- Enable Sidekiq Memory Killer Configuration. !776
### Other (2 changes)
- Update gitlab-runner to 0.5.0/11.11.0. !798
- Update GitLab Version to 11.11.0.
## 1.8.4 (2019-05-01)
### Other (1 change)
- Update GitLab Version to 11.10.4.
## 1.8.3 (2019-04-30)
### Other (1 change)
- Update GitLab Version to 11.10.3.
## 1.8.2 (2019-04-29)
### Other (1 change)
- Update GitLab Version to 11.10.2.
## 1.8.1 (2019-04-24)
### Other (2 changes)
- Update gitlab-runner to 0.4.1/11.10.1. !768
- Update GitLab Version to 11.10.1.
## 1.8.0 (2019-04-22)
### Fixed (2 changes)
- Quote read passwords in yml files. !717
- Ensure README present in helm package. !752
### Changed (2 changes)
- Update operator to use recreate deployment strategy. !728
- Bump gitlab-operator to v0.4. !744
### Added (3 changes, 1 of them is from the community)
- Expose unicorn memory limits via chart values. !738 (Paul Nicholson)
- Add support for when setting for external diffs. !743
- ElasticSearch is now available. !746
### Other (2 changes)
- Update gitlab-runner to 0.4.0/11.10.0. !765
- Update GitLab Version to 11.10.0.
## 1.7.5 (2019-04-11)
### Other (1 change)
- Update GitLab Version to 11.9.8.
## 1.7.4 (2019-04-10)
### Fixed (1 change)
- Ensure README present in helm package. !752
### Other (1 change)
- Update GitLab Version to 11.9.7.
## 1.7.3 (2019-04-05)
### Fixed (2 changes)
- Mount object storage secrets related to external diffs to pods. !745
- Fix support for NGINX Ingress DaemonSets. !748
### Other (1 change)
- Update GitLab Version to 11.9.6.
## 1.7.2 (2019-04-02)
### Fixed (1 change)
- Application: use groups in componentKinds. !740
### Other (1 change)
- Update GitLab Version to 11.9.4.
## 1.7.1 (2019-03-25)
### Other (2 changes)
......
---
apiVersion: v1
name: gitlab
version: 1.7.1
version: 1.9.3
appVersion: master
description: Web-based Git-repository manager with wiki and issue-tracking features.
keywords:
......
......@@ -5,3 +5,5 @@ gem 'aws-sdk-s3'
gem 'capybara'
gem 'selenium-webdriver'
gem 'capybara-screenshot'
gem 'docker-api'
gem 'rake'
......@@ -31,18 +31,24 @@ GEM
childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11)
diff-lcs (1.3)
docker-api (1.34.2)
excon (>= 0.47.0)
multi_json
excon (0.62.0)
ffi (1.9.25)
jmespath (1.4.0)
launchy (2.4.3)
addressable (~> 2.3)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
multi_json (1.13.1)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
public_suffix (3.0.2)
rack (2.0.5)
rack-test (1.0.0)
rack (>= 1.0, < 3)
rake (12.3.2)
rspec (3.7.0)
rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0)
......@@ -70,6 +76,8 @@ DEPENDENCIES
aws-sdk-s3
capybara
capybara-screenshot
docker-api
rake
rspec
selenium-webdriver
......
require_relative 'scripts/update-docker-images.rb'
namespace :images do
desc 'Sync images between dev and com registries'
task :sync, [:edition] do |t, args|
CNGImageSync.execute(edition: args[:edition])
end
end
---
title: Cron based backup support using Kubernetes and task runner.
merge_request: 548
author: Thomas Miller
type: added
---
title: Add support for tolerations
merge_request: 553
author: Mike Rennie
type: added
\ No newline at end of file
---
title: Prioritize the external object storage connection settings before the global
minio configuration
merge_request: 802
author:
type: changed
---
title: Disable storage redirect of Registry when the internal Minio is used
merge_request: 797
author:
type: fixed
---
title: Ensure unicorn.rb issues appropriate lifecycle hooks
merge_request: 791
author:
type: fixed
---
title: Fix example smtp settings
merge_request: 810
author:
type: fixed
---
title: Default Registry replicas to minReplicas
merge_request: 794
author: skarbek
type: other
---
title: Port over https://github.com/helm/charts/pull/13646
merge_request: 804
author:
type: fixed
---
title: "Modified anyuid to reflect project level instead of cluster"
merge_request: 803
type: added
---
title: Update operator to use recreate deployment strategy
merge_request: 728
author:
type: changed
---
title: Quote read passwords in yml files
merge_request: 717
author:
type: fixed
---
title: Add ability to specify network to use when creating a GKE cluster
merge_request: 799
author:
type: added
---
title: Add gitlab-monitor to Helm Chart
merge_request: 787
author:
type: added
---
title: Add missing object storage settings in task-runner
merge_request: 793
author:
type: fixed
---
title: Add SMTP and other missing settings for task-runner
merge_request: 809
author:
type: fixed
---
title: Updated supported Kubernetes to 1.10 and Helm to 2.12
merge_request: 808
author:
type: changed
---
apiVersion: v1
name: gitaly
version: 1.7.1
version: 1.9.3
appVersion: master
description: Git RPC service for handling all the git calls made by GitLab
keywords:
......
......@@ -25,6 +25,10 @@ spec:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 30
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
......
......@@ -30,6 +30,9 @@ init:
requests:
cpu: 50m
## Support for tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
redis:
......
---
apiVersion: v1
name: gitlab-monitor
version: 4.0.0
appVersion: master
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
- gitlab-monitor
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-monitor
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-monitor
- https://gitlab.com/gitlab-org/gitlab-monitor
maintainers:
- name: GitLab Inc.
email: support@gitlab.com
{{- if .Values.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
data:
gitlab-monitor.yml.erb: |
server:
listen_address: 0.0.0.0
listen_port: {{ .Values.service.internalPort }}
probes:
db_common: &db_common
methods:
- probe_db
opts:
connection_string: dbname={{ template "gitlab.psql.database" . }} user={{ template "gitlab.psql.username" . }} host={{ template "gitlab.psql.host" . }} port={{ template "gitlab.psql.port" . }} password='<%= File.read("/etc/gitlab/postgres/psql-password") %>'
database:
multiple: true
ci_builds:
class_name: Database::CiBuildsProber
<<: *db_common
tuple_stats:
class_name: Database::TuplesProber
<<: *db_common
rows_count:
class_name: Database::RowCountProber
<<: *db_common
sidekiq: &sidekiq
methods:
- probe_queues
- probe_jobs
- probe_workers
- probe_retries
- probe_dead
opts:
redis_url: {{ template "gitlab.redis.url" . }}
redis_enable_client: false
metrics:
multiple: true
sidekiq:
<<: *sidekiq
ci_builds:
class_name: Database::CiBuildsProber
<<: *db_common
tuple_stats:
class_name: Database::TuplesProber
<<: *db_common
rows_count:
class_name: Database::RowCountProber
<<: *db_common
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "postgres" "optional" "redis") | nindent 4 }}
# Leave this here - This line denotes end of block to the parser.
{{- end }}
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.metrics.enabled }}
{{ toYaml .Values.metrics.annotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
{{- if eq (default .Values.global.antiAffinity .antiAffinity) "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- else if eq (default .Values.global.antiAffinity .antiAffinity) "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- end }}
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
- name: configure
command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }}
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 10 }}
{{ include "gitlab.psql.ssl.volumeMount" . | indent 10 }}
- name: gitlab-monitor-config
mountPath: /config
readOnly: true
- name: init-gitlab-monitor-secrets
mountPath: /init-config
readOnly: true
- name: gitlab-monitor-secrets
mountPath: /init-secrets
readOnly: false
resources:
{{ toYaml .Values.init.resources | indent 12 }}
{{ include "pullsecrets" .Values.image | indent 6}}
containers:
{{ include "gitlab.extraContainers" . | indent 8 }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}"
{{ template "gitlab.imagePullPolicy" . }}
env:
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab-monitor/templates'
- name: CONFIG_DIRECTORY
value: '/etc/gitlab-monitor'
ports:
- containerPort: {{ .Values.service.internalPort }}
name: gitlab-monitor
volumeMounts:
- name: gitlab-monitor-config
mountPath: /var/opt/gitlab-monitor/templates/gitlab-monitor.yml.erb
subPath: gitlab-monitor.yml.erb
- name: gitlab-monitor-secrets
mountPath: '/etc/gitlab'
readOnly: true
{{ include "gitlab.extraVolumeMounts" . | indent 12 }}
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
livenessProbe:
exec:
command:
- pgrep
- -f
- gitlab-mon
readinessProbe:
exec:
command:
- pgrep
- -f
- gitlab-mon
lifecycle:
preStop:
exec:
command: ["/bin/bash", "-c", "pkill -f 'gitlab-mon'"]
resources:
{{ toYaml .Values.resources | indent 12 }}
volumes:
{{ include "gitlab.extraVolumes" . | indent 6 }}
- name: gitlab-monitor-config
configMap:
name: {{ template "fullname" . }}
- name: init-gitlab-monitor-secrets
projected:
defaultMode: 0400
sources:
- secret:
name: {{ template "gitlab.psql.password.secret" . }}
items:
- key: {{ template "gitlab.psql.password.key" . }}
path: postgres/psql-password
{{- if .Values.global.redis.password.enabled }}
- secret:
name: {{ template "gitlab.redis.password.secret" . }}
items:
- key: {{ template "gitlab.redis.password.key" . }}
path: redis/password
{{- end }}
- name: gitlab-monitor-secrets
emptyDir:
medium: "Memory"
{{ include "gitlab.certificates.volumes" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
annotations:
{{ include "gitlab.serviceAnnotations" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
protocol: TCP
name: gitlab-monitor
selector:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- end }}
# Default values for gitlab-monitor.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-monitor
pullSecrets: []
# pullPolicy: IfNotPresent
# tag: latest
service:
name: gitlab-monitor
type: ClusterIP
externalPort: 9168
internalPort: 9168
metrics:
enabled: true
port: 9168
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9168"
prometheus.io/path: "/metrics"
enabled: true
init:
image: busybox
tag: latest
resources:
requests:
cpu: 50m
global:
# imagePullPolicy: IfNotPresent
redis:
password: {}
redis:
password: {}
resources:
# limits:
# cpu: 1
# memory: 2G
requests:
cpu: 50m
memory: 100M
---
apiVersion: v1
name: gitlab-shell
version: 1.7.1
version: 1.9.3
appVersion: master
description: sshd for Gitlab
keywords:
......
......@@ -23,6 +23,10 @@ spec:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 8 }}
{{ include "gitlab.certificates.initContainer" . | indent 8 }}
......
......@@ -18,6 +18,9 @@ init:
resources:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
......
---
apiVersion: v1
name: mailroom
version: 1.7.1
version: 1.9.3
appVersion: master
description: Handling incoming emails
keywords:
......
......@@ -20,6 +20,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......
......@@ -13,6 +13,9 @@ init:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
global:
# imagePullPolicy: IfNotPresent
redis:
......
---
apiVersion: v1
name: migrations
version: 1.7.1
version: 1.9.3
appVersion: master
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
......
......@@ -15,6 +15,10 @@ spec:
app: {{ template "name" . }}
release: {{ .Release.Name }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......
......@@ -14,6 +14,9 @@ init:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
enabled: true
initialRootPassword: {}
redis:
......
---
apiVersion: v1
name: operator
version: 1.7.1
version: 1.9.3
appVersion: master
description: Gitlab operator for managing upgrades
keywords:
......
{{- if and .Values.global.operator.enabled }}
{{- if .Values.global.operator.enabled }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
......
{{- if and .Values.global.operator.enabled }}
{{- if .Values.global.operator.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
......@@ -8,7 +8,11 @@ metadata:
{{ include "gitlab.standardLabels" $ | indent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if (include "gitlab.operator.namespaced" .) }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ template "fullname" . }}
labels:
......@@ -31,8 +35,10 @@ rules:
- apiGroups:
- rbac.authorization.k8s.io
resources:
{{- if not (include "gitlab.operator.namespaced" .) }}
- clusterroles
- clusterrolebindings
{{- end }}
- roles
- rolebindings
verbs:
......@@ -78,14 +84,22 @@ rules:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if (include "gitlab.operator.namespaced" .) }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "fullname" . }}
labels:
{{ include "gitlab.standardLabels" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if (include "gitlab.operator.namespaced" .) }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ template "fullname" . }}
subjects:
- kind: ServiceAccount
......
......@@ -6,6 +6,8 @@ metadata:
controller-tools.k8s.io: "1.0"
controller.gitlab.com: {{ .Values.version | quote }}
revision: "{{ .Release.Revision }}"
annotations:
gitlab.com/class: {{ .Release.Name }}
{{ include "gitlab.standardLabels" $ | indent 4 }}
name: {{ template "fullname" . }}
spec:
......
......@@ -21,13 +21,21 @@ spec:
component: operator
{{ include "gitlab.immutableLabels" . | indent 8 }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
serviceAccountName: {{ template "fullname" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.operator.parseVersion" .Values.version ) }}"
env:
- name: API_SUBGROUP
- name: GITLAB_CLASS
value: {{ .Release.Name }}
{{- if .Values.crdPrefix }}
- name: CRD_PREFIX
value: {{ .Values.crdPrefix }}
{{- end }}
{{ template "gitlab.imagePullPolicy" . }}
resources:
{{ toYaml .Values.resources | indent 12 }}
......
......@@ -8,7 +8,7 @@ image:
# tag: latest
# Which version of the operator to deploy
version: 0.3
version: 0.5
init:
resources:
......@@ -24,6 +24,9 @@ install:
pullSecrets: []
#pullPolicy: IfNotPresent
## Support for tolerations for pod scheduling
tolerations: []
resources:
# limits:
# cpu: 1
......@@ -31,3 +34,7 @@ resources:
requests:
cpu: 100m
memory: 64M
# A prefix for group name of GitLab CRD. It can be used for distinguishing
# different CRDs in a cluster, e.g. for development purposes such GitLab CI.
#crdPrefix:
\ No newline at end of file
---
apiVersion: v1
name: sidekiq
version: 1.7.1
version: 1.9.3
appVersion: master
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
......
......@@ -13,7 +13,7 @@ data:
production:
adapter: postgresql
encoding: unicode
database: {{ template "gitlab.psql.database" . }}
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: "<%= File.read("/etc/gitlab/postgres/psql-password") %>"
......@@ -68,11 +68,11 @@ data:
{{- include "gitlab.appConfig.cronJobs" . | nindent 6 }}
{{ include "gitlab.appConfig.extra" . | indent 6 }}
{{- end }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "packages" "config" $.Values.global.appConfig.packages "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.artifacts.configuration" (dict "config" $.Values.global.appConfig.artifacts "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.lfs.configuration" (dict "config" $.Values.global.appConfig.lfs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.uploads.configuration" (dict "config" $.Values.global.appConfig.uploads "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.packages.configuration" (dict "config" $.Values.global.appConfig.packages "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.external_diffs.configuration" (dict "config" $.Values.global.appConfig.externalDiffs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.pseudonymizer.configuration" $ | nindent 6 }}
pages:
enabled: false
......
......@@ -66,6 +66,10 @@ spec:
{{ toYaml $metricsAnnotations | indent 8 }}
{{- end }}
spec:
{{- if $.Values.tolerations }}
tolerations:
{{ toYaml $.Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......@@ -161,6 +165,12 @@ spec:
value: {{ default $concurrency .concurrency | quote }}
- name: SIDEKIQ_TIMEOUT
value: {{ default $timeout .timeout | quote }}
- name: SIDEKIQ_MEMORY_KILLER_MAX_RSS
value: {{ int $.Values.memoryKiller.maxRss | quote }}
- name: SIDEKIQ_MEMORY_KILLER_GRACE_TIME
value: {{ int $.Values.memoryKiller.graceTime | quote }}
- name: SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT
value: {{ int $.Values.memoryKiller.shutdownWait | quote }}
{{- if $metricsEnabled }}
ports:
- containerPort: {{ $metricsPort }}
......@@ -261,6 +271,7 @@ spec:
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
......
......@@ -14,6 +14,9 @@ init:
requests:
cpu: 50m
# Tolerations for pod scheduling
tolerations: []
enabled: true
annotations: {}
......@@ -28,6 +31,12 @@ metrics:
redis:
password: {}
# https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html#sidekiq-memorykiller
memoryKiller:
maxRss: 2000000
graceTime: 900
shutdownWait: 30
global:
# imagePullPolicy: IfNotPresent
hosts:
......@@ -91,6 +100,7 @@ global:
bucket:
connection: {}
externalDiffs:
when:
proxy_download: true
bucket:
connection: {}
......
---
apiVersion: v1
name: task-runner
version: 1.7.1
version: 1.9.3
appVersion: master
description: For manually running rake tasks through kubectl
keywords:
......
{{- if and .Values.enabled .Values.backups.cron.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ template "fullname" . }}-backup
namespace: {{ $.Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
spec:
concurrencyPolicy: {{ .Values.backups.cron.concurrencyPolicy }}
failedJobsHistoryLimit: {{ .Values.backups.cron.failedJobsHistoryLimit }}
schedule: {{ .Values.backups.cron.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.backups.cron.successfulJobsHistoryLimit }}
jobTemplate:
spec:
template:
metadata:
labels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
{{- range $key, $value := .Values.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
restartPolicy: "OnFailure"
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 12 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
initContainers:
{{ include "gitlab.extraInitContainers" . | indent 12 }}
{{ include "gitlab.certificates.initContainer" . | indent 12 }}
- name: configure
command: ['sh', '/config/configure']
image: {{ .Values.init.image }}:{{ .Values.init.tag }}
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 16 }}
{{ include "gitlab.psql.ssl.volumeMount" . | indent 16 }}
- name: task-runner-config
mountPath: /config
readOnly: true
- name: init-task-runner-secrets
mountPath: /init-config
readOnly: true
- name: task-runner-secrets
mountPath: /init-secrets
readOnly: false
resources:
{{ toYaml .Values.init.resources | indent 16 }}
{{- include "pullsecrets" .Values.image | indent 10}}
containers:
{{ include "gitlab.extraContainers" . | indent 12 }}
- name: {{ .Chart.Name }}-backup
args:
- /bin/bash
- -c
- cp /etc/gitlab/.s3cfg $HOME/.s3cfg && backup-utility
image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}"
{{ template "gitlab.imagePullPolicy" . }}
env:
- name: ARTIFACTS_BUCKET_NAME
value: {{ .Values.global.appConfig.artifacts.bucket }}
- name: REGISTRY_BUCKET_NAME
value: {{ .Values.global.registry.bucket }}
- name: LFS_BUCKET_NAME
value: {{ .Values.global.appConfig.lfs.bucket }}
- name: UPLOADS_BUCKET_NAME
value: {{ .Values.global.appConfig.uploads.bucket }}
- name: PACKAGES_BUCKET_NAME
value: {{ .Values.global.appConfig.packages.bucket }}
- name: BACKUP_BUCKET_NAME
value: {{ .Values.global.appConfig.backups.bucket }}
- name: TMP_BUCKET_NAME
value: {{ .Values.global.appConfig.backups.tmpBucket }}
- name: GITALY_FEATURE_DEFAULT_ON
value: "1"
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab/templates'
- name: CONFIG_DIRECTORY
value: '/srv/gitlab/config'
volumeMounts:
{{ include "gitlab.extraVolumeMounts" . | indent 16 }}
- name: task-runner-config
mountPath: '/var/opt/gitlab/templates'
- name: task-runner-secrets
mountPath: '/etc/gitlab'
readOnly: true
- name: task-runner-secrets
mountPath: /srv/gitlab/config/secrets.yml
subPath: rails-secrets/secrets.yml
- name: task-runner-tmp
mountPath: '/srv/gitlab/tmp'
{{- if and .Values.persistence.enabled .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
readOnly: false
{{ include "gitlab.certificates.volumeMount" . | indent 16 }}
resources:
{{ toYaml .Values.backups.cron.resources | indent 16 }}
volumes:
{{ include "gitlab.extraVolumes" . | indent 12 }}
{{ include "gitlab.psql.ssl.volume" . | indent 12 }}
- name: task-runner-config
projected:
sources:
- configMap:
name: {{ template "fullname" . }}
{{- if .Values.global.appConfig.pseudonymizer.configMap }}
- configMap:
name: {{ .Values.global.appConfig.pseudonymizer.configMap }}
{{- end }}
- name: task-runner-tmp
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-tmp
{{- else }}
emptyDir: {}
{{- end }}
- name: init-task-runner-secrets
projected:
defaultMode: 0400
sources:
- secret:
name: {{ template "gitlab.rails-secrets.secret" . }}
items:
- key: secrets.yml
path: rails-secrets/secrets.yml
- secret:
name: {{ template "gitlab.gitlab-shell.authToken.secret" . }}
items:
- key: {{ template "gitlab.gitlab-shell.authToken.key" . }}
path: shell/.gitlab_shell_secret
- secret:
name: {{ template "gitlab.gitaly.authToken.secret" . }}
items:
- key: {{ template "gitlab.gitaly.authToken.key" . }}
path: gitaly/gitaly_token
{{- if .Values.global.redis.password.enabled }}
- secret:
name: {{ template "gitlab.redis.password.secret" . }}
items:
- key: {{ template "gitlab.redis.password.key" . }}
path: redis/password
{{- end }}
- secret:
name: {{ template "gitlab.psql.password.secret" . }}
items:
- key: {{ template "gitlab.psql.password.key" . }}
path: postgres/psql-password
- secret:
name: {{ template "gitlab.registry.certificate.secret" . }}
items:
- key: registry-auth.key
path: registry/gitlab-registry.key
{{- if not .Values.global.minio.enabled }}
- secret:
name: {{ required "A valid backups.objectStorage.config.secret is needed!" .Values.backups.objectStorage.config.secret }}
items:
- key: {{ default "config" .Values.backups.objectStorage.config.key }}
path: objectstorage/.s3cfg
{{- end }}
{{- include "gitlab.minio.mountSecrets" $ | nindent 16 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 16 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 16 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 16 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 16 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 16 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 16 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 16 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 16 }}
- name: task-runner-secrets
emptyDir:
medium: "Memory"
{{ include "gitlab.certificates.volumes" . | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 12 }}
{{- end }}
{{- end }}
......@@ -18,40 +18,61 @@ data:
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
{{- include "gitlab.psql.ssl.config" . | indent 6 }}
smtp_settings.rb: |
{{ include "gitlab.smtp_settings" . | indent 4 }}
resque.yml.erb: |
production:
# Redis (single instance)
url: {{ template "gitlab.redis.url" . }}
id:
gitlab.yml.erb: |
production: &base
gitlab:
host: {{ template "gitlab.gitlab.hostname" . }}
https: {{ hasPrefix "https://" (include "gitlab.gitlab.url" .) }}
{{- with .Values.global.hosts.ssh }}
ssh_host: {{ . | quote }}
{{- end }}
{{- with .Values.global.appConfig }}
impersonation_enabled: {{ .enableImpersonation }}
usage_ping_enabled: {{ eq .enableUsagePing true }}
default_can_create_group: {{ eq .defaultCanCreateGroup true }}
username_changing_enabled: {{ eq .usernameChangingEnabled true }}
issue_closing_pattern: {{ .issueClosingPattern | quote }}
default_theme: {{ .defaultTheme }}
{{- include "gitlab.appConfig.defaultProjectsFeatures.configuration" $ | nindent 8 }}
webhook_timeout: {{ .webhookTimeout }}
{{- end }}
trusted_proxies:
{{- if .Values.trusted_proxies }}
{{ toYaml .Values.trusted_proxies | indent 10 }}
{{- end }}
time_zone: {{ .Values.global.time_zone | quote }}
email_from: example@example.com
email_display_name: GitLab
email_reply_to: noreply@example.com
email_subject_suffix: ''
{{- include "gitlab.appConfig.defaultProjectsFeatures.configuration" $ | nindent 8 }}
incoming_email:
enabled: false
email_from: {{ template "gitlab.email.from" . }}
email_display_name: {{ .Values.global.email.display_name | quote }}
email_reply_to: {{ template "gitlab.email.reply_to" . }}
email_subject_suffix: {{ .Values.global.email.subject_suffix | quote }}
{{- with .Values.global.appConfig }}
{{- include "gitlab.appConfig.cronJobs" . | nindent 6 }}
{{- end }}
artifacts:
enabled: true
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "packages" "config" $.Values.global.appConfig.packages "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.objectStorage.configuration" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.artifacts.configuration" (dict "config" $.Values.global.appConfig.artifacts "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.lfs.configuration" (dict "config" $.Values.global.appConfig.lfs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.uploads.configuration" (dict "config" $.Values.global.appConfig.uploads "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.packages.configuration" (dict "config" $.Values.global.appConfig.packages "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.external_diffs.configuration" (dict "config" $.Values.global.appConfig.externalDiffs "context" $) | nindent 6 }}
{{- include "gitlab.appConfig.pseudonymizer.configuration" $ | nindent 6 }}
pages:
enabled: false
mattermost:
enabled: false
## Registry Integration
{{- include "gitlab.appConfig.registry.configuration" $ | nindent 6 }}
gitlab_ci:
{{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }}
{{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }}
kerberos:
enabled: false
shared:
{{ include "gitlab.appConfig.gitaly" . | indent 6 }}
{{ include "gitlab.appConfig.repositories" . | indent 6 }}
backup:
......@@ -70,8 +91,6 @@ data:
{{- if .Values.extra }}
{{ toYaml .Values.extra | indent 8 }}
{{- end }}
## Registry Integration
{{- include "gitlab.appConfig.registry.configuration" $ | nindent 6 }}
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "shell gitaly registry postgres rails-secrets") | nindent 4 -}}
{{- include "gitlab.psql.ssl.initScript" . | nindent 4 }}
......
......@@ -8,6 +8,9 @@ metadata:
{{ include "gitlab.standardLabels" . | indent 4 }}
spec:
replicas: 1
strategy:
rollingUpdate: null
type: Recreate
selector:
matchLabels:
app: {{ template "name" . }}
......@@ -24,6 +27,10 @@ spec:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsUser: 1000
fsGroup: 1000
......@@ -92,12 +99,21 @@ spec:
{{ include "gitlab.extraVolumeMounts" . | indent 12 }}
- name: task-runner-config
mountPath: '/var/opt/gitlab/templates'
- name: task-runner-config
mountPath: '/srv/gitlab/config/initializers/smtp_settings.rb'
subPath: smtp_settings.rb
- name: task-runner-secrets
mountPath: '/etc/gitlab'
readOnly: true
- name: task-runner-secrets
mountPath: /srv/gitlab/config/secrets.yml
subPath: rails-secrets/secrets.yml
- name: task-runner-tmp
mountPath: '/srv/gitlab/tmp'
{{- if and .Values.persistence.enabled .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
readOnly: false
{{ include "gitlab.certificates.volumeMount" . | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
......@@ -113,6 +129,13 @@ spec:
- configMap:
name: {{ .Values.global.appConfig.pseudonymizer.configMap }}
{{- end }}
- name: task-runner-tmp
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-tmp
{{- else }}
emptyDir: {}
{{- end }}
- name: init-task-runner-secrets
projected:
defaultMode: 0400
......@@ -164,11 +187,21 @@ spec:
path: objectstorage/{{ default "config" .Values.backups.objectStorage.config.key }}
{{- end }}
{{- include "gitlab.minio.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 10 }}
{{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 10 }}
{{- include "gitlab.appConfig.pseudonymizer.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }}
{{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }}
{{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }}
- secret:
name: {{ $.Values.global.smtp.password.secret | required "Missing required secret containing the SMTP password. Make sure to set `global.smtp.password.secret`" }}
items:
- key: {{ $.Values.global.smtp.password.key }}
path: smtp/smtp-password
{{- end }}
- name: task-runner-secrets
emptyDir:
medium: "Memory"
......
{{- if and .Values.enabled .Values.persistence.enabled }}
kind: PersistentVolumeClaim