UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit 9a0762c8 authored by joshwolf's avatar joshwolf
Browse files

Merge branch 'bb-1287-2' into 'master' 

feat: upgrade gitlab to 13.7.2 and add new bigbang features

Summary

Upgrade gitlab to app version 13.7.2 chart version 4.7.2. Also add feature support for sso, database, and object storage.

See merge request platform-one/big-bang/bigbang!211
parents 8c1c10c4 5ee91a31
No related branches found
No related tags found
1 merge request!211feat: upgrade gitlab to 13.7.2 and add new bigbang features
Pipeline #156864 passed with warnings
Stage: .pre
Stage: smoke tests
Hide whitespace changes
Inline Side-by-side
chart/templates/NOTES.txt
+ 61
75
View file @ 9a0762c8
......@@ -3,93 +3,79 @@ Thank you for supporting PlatformOne!
{{ if $.Values.addons.gitlab.enabled }}
Gitlab is enabled.
Please follow the Gitlab online documentation for proper configuration.
Here is an example of how to configure external perstistent storage for postgres DB and object storage.
This BigBang chart provides convenient enhancements to the Gitlab Package helm chart.
If you enable these features certain settings will be defaulted for you and any required secrets will be automatically created.
You should point to your cloud provider's RDS and object storage.
Gitlab will not provision storage for you. You will need to provision the database and the S3 buckets.
Here is an example of how to configure your deployment.
addons:
gitlab:
enabled: true
values:
postgresql:
install: false
global:
minio:
enabled: false
psql:
host: postgres-postgresql-headless.postgres.svc.cluster.local
port: 5432
username: postgres
database: postgres
password:
secret: db-credentials
key: PGPASSWORD
registry:
bucket: gitlab-registry-storage
appConfig:
lfs:
bucket: gitlab-lfs
connection:
secret: gitlab-object-storage
key: rails
artifacts:
bucket: gitlab-artifacts
connection:
secret: gitlab-object-storage
key: rails
uploads:
bucket: gitlab-uploads
connection:
secret: gitlab-object-storage
key: rails
packages:
bucket: gitlab-packages
connection:
secret: gitlab-object-storage
key: rails
externalDiffs:
bucket: gitlab-mr-diffs
connection:
secret: gitlab-object-storage
key: rails
terraformState:
enabled: false
bucket: gitlab-terraform-state
connection:
secret: gitlab-object-storage
key: rails
backups:
bucket: gitlab-backup
tmpBucket: gitlab-backup-tmp
gitlab:
task-runner:
psql:
host: postgres-postgresql-headless.postgres.svc.cluster.local
port: 5432
username: postgres
database: postgres
password:
secret: db-credentials
key: PGPASSWORD
backups:
objectStorage:
config:
secret: gitlab-object-storage
key: backups
registry:
storage:
secret: gitlab-object-storage
key: registry
hostnames:
gitlab: gitlab.example.mil
registry: registry.example.mil
sso:
enabled: true
label: "Platform One SSO"
client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab"
client_secret: ""
database:
host: postgres.example.mil
port: 5432
username: gitlab
database: gitlab
password: mysecretpassword
objectstorage:
type: s3
endpoint: https://s3.us-gov-west-1.amazonaws.com
region: us-gov-west-1
accessKey: myaccesskey
accessSecret: mysecretkey
bucketPrefix: prod
{{ if $.Values.addons.gitlab.objectstorage.endpoint }}
GITLAB: You have enabled Gitlab external object storage.
Here is the list of buckets that you must provision in your s3 service:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-lfs
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-artifacts
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-uploads
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-packages
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-mr-diffs
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-terraform-state
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-dependency-proxy
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-pseudo
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup
{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup-tmp
{{- else }}
gitlab-registry
gitlab-lfs
gitlab-artifacts
gitlab-uploads
gitlab-packages
gitlab-mr-diffs
gitlab-terraform-state
gitlab-dependency-proxy
gitlab-pseudo
gitlab-backup
gitlab-backup-tmp
{{- end }}
{{- end }}
{{- if $.Values.addons.gitlab.values.postgresql.install }}
{{ if $.Values.addons.gitlab.database.host }}
{{ else }}
PLATFORM ONE GITLAB WARNING:
You have enabled an internal postgres database in the values configuration.
You have enabled an internal postgres database in the BigBang configuration.
PlatformOne does not support this option for production deployments because your persistent data can be permanently lost.
This option should only be used for development or CI pipelines.
{{- end -}}
{{- if $.Values.addons.gitlab.values.global.minio.enabled }}
{{ if $.Values.addons.gitlab.objectstorage.endpoint }}
{{ else }}
PLATFORM ONE GITLAB WARNING:
You have enabled a MinIO internal service in the values configuration.
You have enabled a MinIO internal service in the BigBang configuration.
PlatformOne does not support this option for production deployments because your persistent data can be permanently lost.
This option should only be used for development or CI pipelines.
{{- end }}
......
chart/templates/gitlab/helmrelease.yaml
+ 149
9
View file @ 9a0762c8
......@@ -48,8 +48,10 @@ spec:
enabled: {{ .Values.istio.enabled }}
monitoring:
enabled: {{ .Values.monitoring.enabled }}
{{- if ( include "imagePullSecret" . ) }}
## values for image pull secrets
{{- if .Values.addons.gitlab.database.host }}
postgresql:
install: false
{{- end }}
redis:
metrics:
image:
......@@ -59,6 +61,11 @@ spec:
pullSecrets:
- private-registry
registry:
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
storage:
secret: gitlab-object-storage
key: registry
{{- end }}
image:
pullSecrets:
- name: private-registry
......@@ -69,6 +76,13 @@ spec:
- name: private-registry
gitlab:
task-runner:
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
backups:
objectStorage:
config:
secret: gitlab-object-storage
key: backups
{{- end }}
image:
pullSecrets:
- name: private-registry
......@@ -102,16 +116,143 @@ spec:
minio:
pullSecrets:
- name: private-registry
{{- end }}
global:
hosts:
domain: code.{{ .Values.hostname }}
domain: {{ .Values.hostname }}
gitlab:
name: code.{{ .Values.hostname }}
name: {{ .Values.addons.gitlab.hostnames.gitlab }}
registry:
name: registry.{{ .Values.hostname }}
{{- if ( include "imagePullSecret" . ) }}
## values for image pull secrets
name: {{ .Values.addons.gitlab.hostnames.registry }}
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
minio:
enabled: false
{{- end }}
{{- if .Values.addons.gitlab.database.host }}
psql:
host: {{ .Values.addons.gitlab.database.host }}
port: {{ .Values.addons.gitlab.database.port }}
username: {{ .Values.addons.gitlab.database.username }}
database: {{ .Values.addons.gitlab.database.database }}
password:
secret: gitlab-database
key: PGPASSWORD
{{- end }}
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
registry:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
{{- else }}
bucket: gitlab-registry
{{- end }}
{{- end }}
{{- if or .Values.addons.gitlab.sso.enabled .Values.addons.gitlab.objectstorage.endpoint }}
appConfig:
{{- end }}
{{- if .Values.addons.gitlab.sso.enabled }}
omniauth:
enabled: true
{{- $global := .Values.addons.gitlab.values.global | default dict }}
{{- $appConfig := $global.appConfig | default dict }}
{{- $omniauth := $appConfig.omniauth | default dict }}
{{- if hasKey $omniauth "allowSingleSignOn" }}
allowSingleSignOn: {{ .Values.addons.gitlab.values.global.appConfig.omniauth.allowSingleSignOn }}
{{- else }}
allowSingleSignOn: ['openid_connect']
{{- end }}
{{- if hasKey $omniauth "blockAutoCreatedUsers" }}
blockAutoCreatedUsers: {{ .Values.addons.gitlab.values.global.appConfig.omniauth.blockAutoCreatedUsers }}
{{- else }}
blockAutoCreatedUsers: false
{{- end }}
providers:
- secret: gitlab-sso-provider
key: gitlab-sso.json
{{- end }}
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
lfs:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-lfs
{{- else }}
bucket: gitlab-lfs
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
artifacts:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-artifacts
{{- else }}
bucket: gitlab-artifacts
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
uploads:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-uploads
{{- else }}
bucket: gitlab-uploads
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
packages:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-packages
{{- else }}
bucket: gitlab-packages
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
externalDiffs:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-mr-diffs
{{- else }}
bucket: gitlab-mr-diffs
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
terraformState:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-terraform-state
{{- else }}
bucket: gitlab-terraform-state
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
dependencyProxy:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-dependency-proxy
{{- else }}
bucket: gitlab-dependency-proxy
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
pseudonymizer:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-pseudo
{{- else }}
bucket: gitlab-pseudo
{{- end }}
connection:
secret: gitlab-object-storage
key: rails
backups:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup
{{- else }}
bucket: gitlab-backup
{{- end }}
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
tmpBucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup-tmp
{{- else }}
tmpBucket: gitlab-backup-tmp
{{- end }}
{{- end }}
certificates:
image:
pullSecrets:
......@@ -120,7 +261,6 @@ spec:
image:
pullSecrets:
- name: private-registry
{{ end }}
{{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.monitoring.enabled }}
dependsOn:
......
chart/templates/gitlab/namespace.yaml
+ 93
0
View file @ 9a0762c8
......@@ -22,4 +22,97 @@ type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end }}
---
# create sso secret. The assumption is OIDC
{{- if .Values.addons.gitlab.sso.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: gitlab-sso-provider
namespace: gitlab
type: kubernetes.io/opaque
stringData:
gitlab-sso.json: |-
{
"name": "openid_connect",
"label": "{{ .Values.addons.gitlab.sso.label }}",
"args": {
"name": "openid_connect",
"scope": [
"Gitlab"
],
"response_type": "code",
"issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
"client_auth_method": "query",
"discovery": true,
"uid_field": "preferred_username",
"client_options": {
"identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
"secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
"redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}/users/auth/openid_connect/callback",
"end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
}
}
}
{{- end }}
---
# create database secret
{{- if .Values.addons.gitlab.database.host }}
apiVersion: v1
kind: Secret
metadata:
name: gitlab-database
namespace: gitlab
type: kubernetes.io/opaque
stringData:
PGPASSWORD: {{ .Values.addons.gitlab.database.password }}
{{- end }}
---
# create object storage secret
{{- if .Values.addons.gitlab.objectstorage.endpoint }}
apiVersion: v1
kind: Secret
metadata:
name: gitlab-object-storage
namespace: gitlab
type: kubernetes.io/opaque
stringData:
rails: |-
provider: AWS
region: {{ .Values.addons.gitlab.objectstorage.region }}
aws_access_key_id: {{ .Values.addons.gitlab.objectstorage.accessKey }}
aws_secret_access_key: {{ .Values.addons.gitlab.objectstorage.accessSecret }}
{{- if eq .Values.addons.gitlab.objectstorage.type "minio" }}
aws_signature_version: 4
host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectstorage.endpoint "${2}" }}
endpoint: "{{ .Values.addons.gitlab.objectstorage.endpoint }}"
path_style: true
{{- end }}
registry: |-
s3:
{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
{{- else }}
bucket: gitlab-registry
{{- end }}
accesskey: {{ .Values.addons.gitlab.objectstorage.accessKey }}
secretkey: {{ .Values.addons.gitlab.objectstorage.accessSecret }}
region: {{ .Values.addons.gitlab.objectstorage.region }}
{{- if eq .Values.addons.gitlab.objectstorage.type "s3" }}
v4auth: true
{{- end }}
{{- if eq .Values.addons.gitlab.objectstorage.type "minio" }}
aws_signature_version: 4
host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectstorage.endpoint "${2}" }}
regionendpoint: "{{ .Values.addons.gitlab.objectstorage.endpoint }}"
path_style: true
{{- end }}
backups: |-
[default]
access_key = {{ .Values.addons.gitlab.objectstorage.accessKey }}
secret_key = {{ .Values.addons.gitlab.objectstorage.accessSecret }}
bucket_location = {{ .Values.addons.gitlab.objectstorage.region }}
host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectstorage.endpoint "" }}
{{- end }}
{{- end }}
\ No newline at end of file
chart/values.yaml
+ 29
1
View file @ 9a0762c8
......@@ -216,10 +216,38 @@ addons:
gitlab:
enabled: false
hostnames:
gitlab: gitlab.bigbang.dev
registry: registry.bigbang.dev
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
tag: "4.2.0-bb.1"
tag: "4.7.2-bb.0"
sso:
# enabling this option will auto-create any required secrets.
# The defaults assume an OIDC provider.
enabled: false
label: "" # the text next to the login button
client_id: ""
client_secret: ""
database:
# entering connection info will enable external database and will auto-create any required secrets.
# Gitlab will not provison the database when using an external service
host: "" # example: postgres.bigbang.dev
port: "" # example: 5432
username: "" # example: gitlab
database: "" # example: gitlab
password: "" # unencoded string data. This should be placed in the secret values and then encrypted
objectstorage:
# entering connection info will enable this option and will auto-create any required secrets
# Gitlab will not provision the S3 buckets when using an external service
type: "" # supported types are "s3" or "minio"
endpoint: "" # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
region: "" # example: us-gov-west-1
accessKey: "" # unencoded string data
accessSecret: "" # unencoded string data. This should be placed in the secret values and then encrypted
bucketPrefix: "" # optional. example: "prod"
values: {}
haproxy:
enabled: false
......
tests/ci/k3d/values.yaml
+ 3
6
View file @ 9a0762c8
......@@ -63,9 +63,6 @@ addons:
callback_uri: "https://minimal.bigbang.dev"
gitlab:
enabled: true
values:
postgresql:
install: true
global:
minio:
enabled: true
sso:
enabled: false
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI