Merge branch 'update-gitlab-tag-7.2.2-bb.1' into 'master'

gitlab update to 7.2.2-bb.1 See merge request !3003

Merge branch 'update-gitlab-tag-7.2.2-bb.1' into 'master'
2699ca3b · Ryan Garcia · 6f55a68c · 8a0988db · 2699ca3b · 2699ca3b
Commit 2699ca3b authored 1 year ago by Ryan Garcia
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -146,20 +146,9 @@ policies:

  require-drop-all-capabilities:
    validationFailureAction: audit
-    {{- if or .Values.addons.gitlab.enabled .Values.neuvector.enabled }}
+    {{- if .Values.neuvector.enabled }}
    exclude:
      any:
-      {{- if .Values.addons.gitlab.enabled }}      
-      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened
-      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
-      - resources:
-          namespaces:
-          - gitlab
-          names:
-          - gitlab-redis-*
-          - gitlab-postgresql*
-      {{- end }}
-      {{- if .Values.neuvector.enabled }}
      # Neuvector needs access to host to inspect network traffic
      - resources:
          namespaces:
@@ -167,7 +156,6 @@ policies:
          names:
          - neuvector-enforcer-pod*
          - neuvector-prometheus-exporter-pod*
-      {{- end }}
    {{- end }}

  # Kyverno Beta feature - https://kyverno.io/docs/writing-policies/verify-images/
@@ -196,7 +184,7 @@ policies:

  require-non-root-group:
    validationFailureAction: audit
-    {{- if or $deployNodeAgent .Values.twistlock.enabled .Values.fluentbit.enabled .Values.promtail.enabled .Values.addons.gitlab.enabled }}
+    {{- if or $deployNodeAgent .Values.twistlock.enabled .Values.fluentbit.enabled .Values.promtail.enabled }}
    exclude:
      any:
      {{- if $deployNodeAgent }}
@@ -240,15 +228,6 @@ policies:
          names:
          - promtail-promtail*
      {{- end }}
-      {{- if .Values.addons.gitlab.enabled }}
-      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened
-      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
-      - resources:
-          namespaces:
-          - gitlab
-          names:
-          - gitlab-redis-*
-      {{- end }}
    {{- end }}

  require-non-root-user:
@@ -258,7 +237,7 @@ policies:
      excludeContainers:
        - istio-init
    {{- end }}
-    {{- if or $deployNodeAgent .Values.twistlock.enabled .Values.fluentbit.enabled .Values.promtail.enabled .Values.addons.gitlab.enabled }}
+    {{- if or $deployNodeAgent .Values.twistlock.enabled .Values.fluentbit.enabled .Values.promtail.enabled }}
    exclude:
      any:
      {{- if $deployNodeAgent }}
@@ -302,15 +281,6 @@ policies:
          names:
          - promtail-promtail*
      {{- end }}
-      {{- if .Values.addons.gitlab.enabled }}
-      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened
-      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
-      - resources:
-          namespaces:
-          - gitlab
-          names:
-          - gitlab-redis-*
-      {{- end }}
    {{- end }}

  {{- if .Values.twistlock.enabled }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1156,11 +1156,11 @@ addons:
    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
      path: "./chart"
-      tag: "7.2.2-bb.0"
+      tag: "7.2.2-bb.1"
    helmRepo:
      repoName: "registry1"
      chartName: "gitlab"
-      tag: "7.2.2-bb.0"
+      tag: "7.2.2-bb.1"

    # -- Flux reconciliation overrides specifically for the Gitlab Package
    flux: {}