diff --git a/chart/templates/gitlab/values.yaml b/chart/templates/gitlab/values.yaml
index 374138a1976e76d44a4338a41ae2bed47a59ea98..7abb2c84ad6983f80beeeeaadecb91591e98fb92 100644
--- a/chart/templates/gitlab/values.yaml
+++ b/chart/templates/gitlab/values.yaml
@@ -84,6 +84,17 @@ registry:
{{ include "istioAnnotation" . }}
{{- end }}
{{- end }}
+ {{- if and (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.gitlab.values) "STRICT") $istioInjection }}
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
{{- end }}
gitlab:
@@ -113,8 +124,42 @@ gitlab:
annotations:
{{ include "istioAnnotation" . }}
{{- end }}
+ {{- if and (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.gitlab.values) "STRICT") $istioInjection }}
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
+
{{- if or $iamProfile $istioInjection }}
webservice:
+ {{- if and (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.gitlab.values) "STRICT") $istioInjection }}
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ workhorse:
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
+ {{- if or $iamProfile $istioInjection }}
annotations:
{{- if $iamProfile }}
iam.amazonaws.com/role: {{ .Values.addons.gitlab.objectStorage.iamProfile }}
@@ -131,6 +176,7 @@ gitlab:
{{ include "istioAnnotation" . }}
{{- end }}
{{- end }}
+ {{- end }}
{{- if $istioInjection }}
migrations:
annotations:
@@ -138,9 +184,32 @@ gitlab:
gitaly:
annotations:
{{ include "istioAnnotation" . }}
+ {{- if and (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.gitlab.values) "STRICT") $istioInjection }}
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
gitlab-shell:
annotations:
{{ include "istioAnnotation" . }}
+ {{- if and (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.gitlab.values) "STRICT") $istioInjection }}
+ metrics:
+ serviceMonitor:
+ endpointConfig:
+ scheme: https
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
+
praefect:
annotations:
{{ include "istioAnnotation" . }}
diff --git a/chart/values.yaml b/chart/values.yaml
index f09a47cb2dff0a089ad8ccea76a3ed31e512011a..caa17c3165225a6c55697b7ddbcc070219e7fc0e 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -870,7 +870,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
- tag: "6.4.1-bb.0"
+ tag: "6.4.1-bb.1"
# -- Flux reconciliation overrides specifically for the Gitlab Package
flux: {}