diff --git a/CHANGELOG.md b/CHANGELOG.md
index 469484baca74e667fbc0cc6d9a99f8367376d117..ed19c0c9d79a6ee664c4aa8327a5f6e9c9a31b8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [8.6.1-bb.0] (2024-12-06)
+
+### Changed
+
+- ironbank/gitlab/gitlab/gitlab-webservice (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/certificates (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl (source) 17.5.2 -> 17.6.1
+- registry1.dso.mil/ironbank/opensource/postgres/postgresql (source) 14.14 -> 14.15
+
## [8.5.2-bb.0] (2024-11-19)
### Changed
diff --git a/README.md b/README.md
index 55003243f11e92859659831f5317acae4b402b96..5d8caca81a8abf910b4fe88b637156760835cec0 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# gitlab
-  
+  
GitLab is the most comprehensive AI-powered DevSecOps Platform.
## Upstream References
- <https://about.gitlab.com/>
-* <https://gitlab.com/gitlab-org/charts/gitlab>
+- <https://gitlab.com/gitlab-org/charts/gitlab>
## Upstream Release Notes
@@ -48,7 +48,7 @@ helm install gitlab chart/
| global.image | object | `{}` | |
| global.pod.labels | object | `{}` | |
| global.edition | string | `"ee"` | |
-| global.gitlabVersion | string | `"17.5.2"` | |
+| global.gitlabVersion | string | `"17.6.1"` | |
| global.application.create | bool | `false` | |
| global.application.links | list | `[]` | |
| global.application.allowClusterRoles | bool | `true` | |
@@ -362,7 +362,7 @@ helm install gitlab chart/
| global.workhorse.tls.enabled | bool | `false` | |
| global.webservice.workerTimeout | int | `60` | |
| global.certificates.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/certificates"` | |
-| global.certificates.image.tag | string | `"17.5.2"` | |
+| global.certificates.image.tag | string | `"17.6.1"` | |
| global.certificates.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.certificates.init.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| global.certificates.init.securityContext.runAsUser | int | `65534` | |
@@ -399,13 +399,13 @@ helm install gitlab chart/
| global.certificates.customCAs[29].secret | string | `"ca-certs-dod-trust-anchors-self-signed"` | |
| global.certificates.customCAs[30].secret | string | `"ca-certs-eca"` | |
| global.kubectl.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/kubectl"` | |
-| global.kubectl.image.tag | string | `"17.5.2"` | |
+| global.kubectl.image.tag | string | `"17.6.1"` | |
| global.kubectl.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.kubectl.securityContext.runAsUser | int | `65534` | |
| global.kubectl.securityContext.fsGroup | int | `65534` | |
| global.kubectl.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| global.gitlabBase.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base"` | |
-| global.gitlabBase.image.tag | string | `"17.5.2"` | |
+| global.gitlabBase.image.tag | string | `"17.6.1"` | |
| global.gitlabBase.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.serviceAccount.enabled | bool | `true` | |
| global.serviceAccount.create | bool | `true` | |
@@ -682,6 +682,7 @@ helm install gitlab chart/
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[6].target_label | string | `"kubernetes_name"` | |
| redis.global.imagePullSecrets[0] | string | `"private-registry"` | |
| redis.install | bool | `true` | |
+| redis.image.tag | string | `"6.2.16-debian-12-r1"` | |
| redis.auth.existingSecret | string | `"gitlab-redis-secret"` | |
| redis.auth.existingSecretKey | string | `"secret"` | |
| redis.auth.usePasswordFiles | bool | `true` | |
@@ -747,7 +748,7 @@ helm install gitlab chart/
| postgresql.resources.requests.memory | string | `"500Mi"` | |
| postgresql.image.registry | string | `"registry1.dso.mil"` | |
| postgresql.image.repository | string | `"ironbank/opensource/postgres/postgresql"` | |
-| postgresql.image.tag | string | `"14.14"` | |
+| postgresql.image.tag | string | `"14.15"` | |
| postgresql.image.pullSecrets[0] | string | `"private-registry"` | |
| postgresql.auth.username | string | `"gitlab"` | |
| postgresql.auth.password | string | `"bogus-satisfy-upgrade"` | |
@@ -790,7 +791,7 @@ helm install gitlab chart/
| registry.resources.requests.cpu | string | `"200m"` | |
| registry.resources.requests.memory | string | `"1024Mi"` | |
| registry.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry"` | |
-| registry.image.tag | string | `"17.5.2"` | |
+| registry.image.tag | string | `"17.6.1"` | |
| registry.image.pullSecrets[0].name | string | `"private-registry"` | |
| registry.ingress.enabled | bool | `false` | |
| registry.metrics.enabled | bool | `true` | |
@@ -850,7 +851,7 @@ helm install gitlab chart/
| gitlab.toolbox.replicas | int | `1` | |
| gitlab.toolbox.antiAffinityLabels.matchLabels.app | string | `"gitaly"` | |
| gitlab.toolbox.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.toolbox.image.tag | string | `"17.5.2"` | |
+| gitlab.toolbox.image.tag | string | `"17.6.1"` | |
| gitlab.toolbox.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.toolbox.init.resources.requests.cpu | string | `"200m"` | |
| gitlab.toolbox.init.resources.requests.memory | string | `"200Mi"` | |
@@ -887,7 +888,7 @@ helm install gitlab chart/
| gitlab.gitlab-exporter.resources.requests.memory | string | `"200Mi"` | |
| gitlab.gitlab-exporter.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-exporter.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter"` | |
-| gitlab.gitlab-exporter.image.tag | string | `"17.5.2"` | |
+| gitlab.gitlab-exporter.image.tag | string | `"17.6.1"` | |
| gitlab.gitlab-exporter.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-exporter.metrics.enabled | bool | `true` | |
| gitlab.gitlab-exporter.metrics.port | int | `9168` | |
@@ -909,7 +910,7 @@ helm install gitlab chart/
| gitlab.migrations.resources.requests.cpu | string | `"500m"` | |
| gitlab.migrations.resources.requests.memory | string | `"1.5G"` | |
| gitlab.migrations.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.migrations.image.tag | string | `"17.5.2"` | |
+| gitlab.migrations.image.tag | string | `"17.6.1"` | |
| gitlab.migrations.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.migrations.securityContext.runAsUser | int | `1000` | |
| gitlab.migrations.securityContext.runAsGroup | int | `1000` | |
@@ -933,14 +934,14 @@ helm install gitlab chart/
| gitlab.webservice.resources.requests.cpu | string | `"300m"` | |
| gitlab.webservice.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice"` | |
-| gitlab.webservice.image.tag | string | `"17.5.2"` | |
+| gitlab.webservice.image.tag | string | `"17.6.1"` | |
| gitlab.webservice.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.resources.limits.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.limits.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.resources.requests.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.image | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse"` | |
-| gitlab.webservice.workhorse.tag | string | `"17.5.2"` | |
+| gitlab.webservice.workhorse.tag | string | `"17.6.1"` | |
| gitlab.webservice.workhorse.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.metrics.enabled | bool | `true` | |
| gitlab.webservice.workhorse.metrics.serviceMonitor.enabled | bool | `true` | |
@@ -951,7 +952,7 @@ helm install gitlab chart/
| gitlab.webservice.metrics.serviceMonitor.enabled | bool | `true` | |
| gitlab.webservice.helmTests.enabled | bool | `false` | |
| gitlab.sidekiq.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq"` | |
-| gitlab.sidekiq.image.tag | string | `"17.5.2"` | |
+| gitlab.sidekiq.image.tag | string | `"17.6.1"` | |
| gitlab.sidekiq.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.sidekiq.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.sidekiq.init.resources.limits.memory | string | `"200Mi"` | |
@@ -969,7 +970,7 @@ helm install gitlab chart/
| gitlab.sidekiq.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.sidekiq.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitaly.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.gitaly.image.tag | string | `"17.5.2"` | |
+| gitlab.gitaly.image.tag | string | `"17.6.1"` | |
| gitlab.gitaly.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitaly.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitaly.init.resources.limits.memory | string | `"200Mi"` | |
@@ -989,7 +990,7 @@ helm install gitlab chart/
| gitlab.gitaly.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitaly.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-shell.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell"` | |
-| gitlab.gitlab-shell.image.tag | string | `"17.5.2"` | |
+| gitlab.gitlab-shell.image.tag | string | `"17.6.1"` | |
| gitlab.gitlab-shell.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-shell.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitlab-shell.init.resources.limits.memory | string | `"200Mi"` | |
@@ -1007,15 +1008,15 @@ helm install gitlab chart/
| gitlab.gitlab-shell.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitlab-shell.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.mailroom.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom"` | |
-| gitlab.mailroom.image.tag | string | `"17.5.2"` | |
+| gitlab.mailroom.image.tag | string | `"17.6.1"` | |
| gitlab.mailroom.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.mailroom.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-pages.service.customDomains.type | string | `"ClusterIP"` | |
| gitlab.gitlab-pages.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages"` | |
-| gitlab.gitlab-pages.image.tag | string | `"17.5.2"` | |
+| gitlab.gitlab-pages.image.tag | string | `"17.6.1"` | |
| gitlab.gitlab-pages.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.praefect.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.praefect.image.tag | string | `"17.5.2"` | |
+| gitlab.praefect.image.tag | string | `"17.6.1"` | |
| gitlab.praefect.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.praefect.init.resources.limits.memory | string | `"200Mi"` | |
| gitlab.praefect.init.resources.requests.cpu | string | `"200m"` | |
diff --git a/chart/.gitlab-ci.yml b/chart/.gitlab-ci.yml
index cd9a2830b353290cf40d1e03f6eaa42f2254ce5b..c363492f062ae9c8ccebd499208ff1e04487ecf6 100644
--- a/chart/.gitlab-ci.yml
+++ b/chart/.gitlab-ci.yml
@@ -37,7 +37,7 @@ variables:
# AUTO_DEVOPS_DOMAIN: domain.example.com
GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab
HELM_MAX_HISTORY: 20
- TEST_BACKUP_PREFIX: "1708639806_2024_02_22_16.10.0-pre"
+ TEST_BACKUP_PREFIX: "1730017433_2024_10_27_17.6.0-pre"
NAMESPACE: $KUBE_NAMESPACE
REVIEW_REF_PREFIX: ""
ISSUE_BOT_LABELS_EXTRA: "group::distribution,type::maintenance,maintenance::pipelines"
@@ -45,12 +45,13 @@ variables:
CANONICAL_PROJECT_PATH: 'gitlab-org/charts/gitlab'
SECURITY_PROJECT_PATH: 'gitlab-org/security/charts/gitlab'
DEV_PROJECT_PATH: 'gitlab/charts/gitlab'
- QA_FULL_SUITE_OPTIONS: '--tag ~smoke --tag ~blocking --tag ~skip_live_env --tag ~orchestrated --tag ~transient'
- QA_SANITY_SUITE_OPTIONS: '--tag smoke --tag blocking --tag ~skip_live_env --tag ~orchestrated'
+ QA_FULL_SUITE_OPTIONS: '--tag ~smoke --tag ~skip_live_env --tag ~orchestrated --tag ~transient'
+ QA_SANITY_SUITE_OPTIONS: '--tag smoke --tag ~skip_live_env --tag ~orchestrated'
+ GITLAB_QA_ADMIN_ACCESS_TOKEN: $GITLAB_ADMIN_TOKEN
DEBIAN_VERSION: bookworm
RUBY_VERSION: "3.1.5"
CI_TOOLS_VERSION: "4.22.0"
- GITLAB_QA_VERSION: "14.17.0"
+ GITLAB_QA_VERSION: "14.20.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
@@ -88,6 +89,22 @@ include:
- local: '/.gitlab/ci/rules.gitlab-ci.yml'
- local: '/.gitlab/ci/review-apps.gitlab-ci.yml'
- local: '/.gitlab/ci/operator.gitlab-ci.yml'
+ - local: '/.gitlab/ci/environments/gke130-arm.gitlab-ci.yml'
+ rules:
+ # pipeline-defined variables are not available, so we're hardwiring present value of:
+ # * $CANONICAL_PROJECT_PATH
+ #
+ # CANONICAL_DEFAULT_BRANCH_PIPELINE
+ - if: '$PIPELINE_TYPE == null && $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+ # CANONICAL_MR_PIPELINE
+ - if: '$PIPELINE_TYPE == null && $CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_PIPELINE_SOURCE == "merge_request_event"'
+ # CANONICAL_FEATURE_BRANCH_PIPELINE
+ # Allow in triggered pipelines
+ - if: '$CI_PROJECT_PATH == "gitlab-org/charts/gitlab" && $CI_PIPELINE_SOURCE == "pipeline" && $TEST_BRANCH == "true"'
+ - local: '/.gitlab/ci/environments/gke129.gitlab-ci.yml'
+ - local: '/.gitlab/ci/environments/gke130.gitlab-ci.yml'
+ - local: '/.gitlab/ci/environments/eks.gitlab-ci.yml'
+ - local: '/.gitlab/ci/environments/eks130.gitlab-ci.yml'
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
- template: Jobs/SAST.latest.gitlab-ci.yml
@@ -204,10 +221,10 @@ lint_package:
- if: '$PIPELINE_TYPE == "NIGHTLY_PIPELINE"'
needs: ['lint_package']
-"Validate 1.27.5":
+"Validate 1.28.3":
extends: .kubeconform
variables:
- KUBE_VERSION: "1.27.5"
+ KUBE_VERSION: "1.28.3"
HELM_SETTINGS: |
global:
ingress:
@@ -220,23 +237,23 @@ lint_package:
cronJob:
apiVersion: batch/v1
-"Validate 1.28.3":
- extends: .kubeconform
- variables:
- KUBE_VERSION: "1.28.3"
- HELM_SETTINGS: !reference ["Validate 1.27.5", variables, HELM_SETTINGS]
-
"Validate 1.29.4":
extends: .kubeconform
variables:
KUBE_VERSION: "1.29.4"
- HELM_SETTINGS: !reference ["Validate 1.27.5", variables, HELM_SETTINGS]
+ HELM_SETTINGS: !reference ["Validate 1.28.3", variables, HELM_SETTINGS]
"Validate 1.30.1":
extends: .kubeconform
variables:
KUBE_VERSION: "1.30.1"
- HELM_SETTINGS: !reference ["Validate 1.27.5", variables, HELM_SETTINGS]
+ HELM_SETTINGS: !reference ["Validate 1.28.3", variables, HELM_SETTINGS]
+
+"Validate 1.31.1":
+ extends: .kubeconform
+ variables:
+ KUBE_VERSION: "1.31.1"
+ HELM_SETTINGS: !reference ["Validate 1.28.3", variables, HELM_SETTINGS]
approve_cluster_tests:
stage: approve-review-apps
@@ -320,24 +337,6 @@ pin_image_versions:
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "QA_KNAPSACK_UPDATE_PIPELINE"'
-.review_gke127_common_vars: &review_gke127_common_vars
- DNS_PROVIDER: "google"
- AGENT_NAME: "gke127-ci-cluster"
- KUBE_INGRESS_BASE_DOMAIN: "cloud-native-v127.helm-charts.win"
- KUBE_NAMESPACE: "helm-charts-win"
-
-.review_gke129_common_vars: &review_gke129_common_vars
- DNS_PROVIDER: "google"
- AGENT_NAME: "gke129-ci-cluster"
- KUBE_INGRESS_BASE_DOMAIN: "cloud-native-v129.helm-charts.win"
- KUBE_NAMESPACE: "helm-charts-win"
-
-.review_eks_common_vars: &review_eks_common_vars
- DNS_PROVIDER: "aws"
- AGENT_NAME: "eks129-ci-cluster"
- KUBE_INGRESS_BASE_DOMAIN: "sandbox.eks.helm-charts.win"
- KUBE_NAMESPACE: "eks-helm-charts-win"
-
# Jobs using auto_stop_in that exit with a failure will not execute the on_stop
# action. We get frequent failures during review_* jobs. Their accompanying
# partially deployed environments then hang around forever which may eventually
@@ -352,85 +351,6 @@ pin_image_versions:
# $REVIEW_APPS_AUTO_STOP_IN expires. The actual deployment is left to the
# associated review_* job.
-create_review_gke127:
- stage: review
- image: busybox
- variables:
- <<: *review_gke127_common_vars
- GIT_STRATEGY: none
- script:
- - echo "Configuring gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke127
- auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
- action: start
-
-review_gke127:
- variables:
- <<: *review_gke127_common_vars
- extends: .review_template
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke127
- auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
- action: access
-
-# See comments in create_review_gke127.
-create_review_gke129:
- stage: review
- image: busybox
- variables:
- <<: *review_gke129_common_vars
- GIT_STRATEGY: none
- script:
- - echo "Configuring gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke129
- auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
- action: start
-
-review_gke129:
- variables:
- <<: *review_gke129_common_vars
- extends: .review_template
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke129
- auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
- action: access
-
-# See comments in create_review_gke127.
-create_review_eks:
- stage: review
- image: busybox
- variables:
- <<: *review_eks_common_vars
- GIT_STRATEGY: none
- script:
- - echo "Configuring eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_eks
- auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
- action: start
-
-review_eks:
- variables:
- <<: *review_eks_common_vars
- extends: .review_template
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_eks
- auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
- action: access
-
.stop_review_template:
stage: review
variables:
@@ -449,30 +369,6 @@ review_eks:
rules:
- !reference [.review_template, rules]
-stop_review_gke127:
- variables:
- <<: *review_gke127_common_vars
- extends: .stop_review_template
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- action: stop
-
-stop_review_gke129:
- variables:
- <<: *review_gke129_common_vars
- extends: .stop_review_template
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- action: stop
-
-stop_review_eks:
- variables:
- <<: *review_eks_common_vars
- extends: .stop_review_template
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- action: stop
-
rubocop:
image: ruby:3.1-alpine
stage: prepare
@@ -624,54 +520,6 @@ review-docs-cleanup:
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "QA_KNAPSACK_UPDATE_PIPELINE"'
-review_specs_gke127:
- extends: .specs
- variables:
- <<: *review_gke127_common_vars
- VARIABLES_FILE: "variables/review_gke127"
- RSPEC_TAGS: type:feature
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONENMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke127
- action: access
- rules:
- - !reference [.rule:skip_if_no_cluster]
- - !reference [.specs, rules]
- needs: ['review_gke127']
-
-review_specs_gke129:
- extends: .specs
- variables:
- <<: *review_gke129_common_vars
- VARIABLES_FILE: "variables/review_gke129"
- RSPEC_TAGS: type:feature
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONENMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_gke129
- action: access
- rules:
- - !reference [.rule:skip_if_no_cluster]
- - !reference [.specs, rules]
- needs: ['review_gke129']
-
-review_specs_eks:
- extends: .specs
- variables:
- <<: *review_eks_common_vars
- VARIABLES_FILE: "variables/review_eks"
- RSPEC_TAGS: type:feature
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
- on_stop: stop_review_eks
- action: access
- rules:
- - !reference [.rule:skip_if_no_cluster]
- - !reference [.specs, rules]
- needs: ['review_eks']
-
specs_without_cluster:
extends: .specs
variables:
@@ -801,7 +649,7 @@ release_package:
.qa_branch:
extends:
- .qa
- parallel: 7
+ parallel: 5
rules:
- !reference [.rule:skip_if_no_cluster]
- if: '$PIPELINE_TYPE =~ /DEFAULT_BRANCH_PIPELINE$/'
@@ -810,49 +658,7 @@ release_package:
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "QA_KNAPSACK_UPDATE_PIPELINE"'
-# QA jobs for Smoke and Blocking E2E suites
-
-qa_gke127:
- extends: .qa_branch
- variables:
- VARIABLES_FILE: "variables/review_gke127"
- TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_gke127
- action: access
- needs:
- - review_gke127
- - job: review_specs_gke127
- artifacts: false
-
-qa_gke129:
- extends: .qa_branch
- variables:
- VARIABLES_FILE: "variables/review_gke129"
- TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_gke129
- action: access
- needs:
- - review_gke129
- - job: review_specs_gke129
- artifacts: false
-
-qa_eks:
- extends: .qa_branch
- variables:
- VARIABLES_FILE: "variables/review_eks"
- TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_eks
- action: access
- needs:
- - review_eks
- - job: review_specs_eks
- artifacts: false
+# QA jobs for Smoke E2E suites
# QA jobs for Full E2E suites
@@ -864,54 +670,6 @@ qa_eks:
paths:
- variables
-qa_gke127_full_suite_manual_trigger:
- extends: .qa_full_suite_manual_trigger
- script: echo 'The job will trigger Full E2E suite against GKE127'
-
-qa_gke129_full_suite_manual_trigger:
- extends: .qa_full_suite_manual_trigger
- script: echo 'The job will trigger Full E2E suite against GKE129'
-
-qa_gke127_manual_full_suite:
- extends: .qa_branch
- parallel: 7
- variables:
- VARIABLES_FILE: "variables/review_gke127"
- TEST_SUITE: $QA_FULL_SUITE_OPTIONS
- environment:
- name: gke127_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_gke127
- action: access
- needs: [ "qa_gke127_full_suite_manual_trigger"]
-
-qa_gke129_manual_full_suite:
- extends: .qa_branch
- parallel: 7
- variables:
- VARIABLES_FILE: "variables/review_gke129"
- TEST_SUITE: $QA_FULL_SUITE_OPTIONS
- environment:
- name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_gke129
- action: access
- needs: [ "qa_gke129_full_suite_manual_trigger"]
-
-qa_eks_full_suite_manual_trigger:
- extends: .qa_full_suite_manual_trigger
- script: echo 'The job will trigger Full E2E suite against EKS'
-
-qa_eks_manual_full_suite:
- extends: .qa_branch
- parallel: 7
- variables:
- VARIABLES_FILE: "variables/review_eks"
- TEST_SUITE: $QA_FULL_SUITE_OPTIONS
- environment:
- name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- on_stop: stop_review_eks
- action: access
- needs: [ "qa_eks_full_suite_manual_trigger"]
-
knapsack-qa-report:
image:
name: registry.gitlab.com/gitlab-org/gitlab/gitlab-ee-qa:master
diff --git a/chart/.gitlab/ci/environments/eks.gitlab-ci.yml b/chart/.gitlab/ci/environments/eks.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6964b490b7a4a5f2914d9ad409cddfdb05c29d3a
--- /dev/null
+++ b/chart/.gitlab/ci/environments/eks.gitlab-ci.yml
@@ -0,0 +1,85 @@
+.review_eks_common_vars: &review_eks_common_vars
+ DNS_PROVIDER: "aws"
+ AGENT_NAME: "eks129-ci-cluster"
+ KUBE_INGRESS_BASE_DOMAIN: "sandbox.eks.helm-charts.win"
+ KUBE_NAMESPACE: "eks-helm-charts-win"
+
+create_review_eks:
+ stage: review
+ image: busybox
+ variables:
+ <<: *review_eks_common_vars
+ GIT_STRATEGY: none
+ script:
+ - echo "Configuring eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks
+ auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
+ action: start
+
+review_eks:
+ variables:
+ <<: *review_eks_common_vars
+ extends: .review_template
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_eks
+ auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
+ action: access
+
+stop_review_eks:
+ variables:
+ <<: *review_eks_common_vars
+ extends: .stop_review_template
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ action: stop
+
+review_specs_eks:
+ extends: .specs
+ variables:
+ <<: *review_eks_common_vars
+ VARIABLES_FILE: "variables/review_eks"
+ RSPEC_TAGS: type:feature
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_eks
+ action: access
+ rules:
+ - !reference [.rule:skip_if_no_cluster]
+ - !reference [.specs, rules]
+ needs: ['review_eks']
+
+qa_eks:
+ extends: .qa_branch
+ variables:
+ VARIABLES_FILE: "variables/review_eks"
+ TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks
+ action: access
+ needs:
+ - review_eks
+ - job: review_specs_eks
+ artifacts: false
+
+qa_eks_full_suite_manual_trigger:
+ extends: .qa_full_suite_manual_trigger
+ script: echo 'The job will trigger Full E2E suite against EKS'
+
+qa_eks_manual_full_suite:
+ extends: .qa_branch
+ parallel: 7
+ variables:
+ VARIABLES_FILE: "variables/review_eks"
+ TEST_SUITE: $QA_FULL_SUITE_OPTIONS
+ environment:
+ name: eks129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks
+ action: access
+ needs: [ "qa_eks_full_suite_manual_trigger"]
+
diff --git a/chart/.gitlab/ci/environments/eks130.gitlab-ci.yml b/chart/.gitlab/ci/environments/eks130.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..30eccdb9b41ed62313294972e8dbccadba3161c1
--- /dev/null
+++ b/chart/.gitlab/ci/environments/eks130.gitlab-ci.yml
@@ -0,0 +1,84 @@
+.review_eks130_common_vars: &review_eks130_common_vars
+ DNS_PROVIDER: "aws"
+ AGENT_NAME: "eks130-ci-cluster"
+ KUBE_INGRESS_BASE_DOMAIN: "sandbox.eks.helm-charts.win"
+ KUBE_NAMESPACE: "eks-helm-charts-win"
+
+create_review_eks130:
+ stage: review
+ image: busybox
+ variables:
+ <<: *review_eks130_common_vars
+ GIT_STRATEGY: none
+ script:
+ - echo "Configuring eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks130
+ auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
+ action: start
+
+review_eks130:
+ variables:
+ <<: *review_eks130_common_vars
+ extends: .review_template
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_eks130
+ auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
+ action: access
+
+stop_review_eks130:
+ variables:
+ <<: *review_eks130_common_vars
+ extends: .stop_review_template
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ action: stop
+
+review_specs_eks130:
+ extends: .specs
+ variables:
+ <<: *review_eks130_common_vars
+ VARIABLES_FILE: "variables/review_eks130"
+ RSPEC_TAGS: type:feature
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_eks130
+ action: access
+ rules:
+ - !reference [.rule:skip_if_no_cluster]
+ - !reference [.specs, rules]
+ needs: ["review_eks130"]
+
+qa_eks130:
+ extends: .qa_branch
+ variables:
+ VARIABLES_FILE: "variables/review_eks130"
+ TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks130
+ action: access
+ needs:
+ - review_eks130
+ - job: review_specs_eks130
+ artifacts: false
+
+qa_eks130_full_suite_manual_trigger:
+ extends: .qa_full_suite_manual_trigger
+ script: echo 'The job will trigger Full E2E suite against EKS 130'
+
+qa_eks130_manual_full_suite:
+ extends: .qa_branch
+ parallel: 7
+ variables:
+ VARIABLES_FILE: "variables/review_eks130"
+ TEST_SUITE: $QA_FULL_SUITE_OPTIONS
+ environment:
+ name: eks130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_eks130
+ action: access
+ needs: ["qa_eks130_full_suite_manual_trigger"]
diff --git a/chart/.gitlab/ci/environments/gke129.gitlab-ci.yml b/chart/.gitlab/ci/environments/gke129.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..39f9fc462490b327580521c1a4c2945a942896c3
--- /dev/null
+++ b/chart/.gitlab/ci/environments/gke129.gitlab-ci.yml
@@ -0,0 +1,87 @@
+
+.review_gke129_common_vars: &review_gke129_common_vars
+ DNS_PROVIDER: "google"
+ AGENT_NAME: "gke129-ci-cluster"
+ KUBE_INGRESS_BASE_DOMAIN: "cloud-native-v129.helm-charts.win"
+ KUBE_NAMESPACE: "helm-charts-win"
+
+create_review_gke129:
+ stage: review
+ image: busybox
+ variables:
+ <<: *review_gke129_common_vars
+ GIT_STRATEGY: none
+ script:
+ - echo "Configuring gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke129
+ auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
+ action: start
+
+review_gke129:
+ variables:
+ <<: *review_gke129_common_vars
+ extends: .review_template
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke129
+ auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
+ action: access
+
+stop_review_gke129:
+ variables:
+ <<: *review_gke129_common_vars
+ extends: .stop_review_template
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ action: stop
+
+review_specs_gke129:
+ extends: .specs
+ variables:
+ <<: *review_gke129_common_vars
+ VARIABLES_FILE: "variables/review_gke129"
+ RSPEC_TAGS: type:feature
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONENMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke129
+ action: access
+ rules:
+ - !reference [.rule:skip_if_no_cluster]
+ - !reference [.specs, rules]
+ needs: ['review_gke129']
+
+qa_gke129:
+ extends: .qa_branch
+ variables:
+ VARIABLES_FILE: "variables/review_gke129"
+ TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_gke129
+ action: access
+ needs:
+ - review_gke129
+ - job: review_specs_gke129
+ artifacts: false
+
+qa_gke129_full_suite_manual_trigger:
+ extends: .qa_full_suite_manual_trigger
+ script: echo 'The job will trigger Full E2E suite against GKE129'
+
+qa_gke129_manual_full_suite:
+ extends: .qa_branch
+ parallel: 7
+ variables:
+ VARIABLES_FILE: "variables/review_gke129"
+ TEST_SUITE: $QA_FULL_SUITE_OPTIONS
+ environment:
+ name: gke129_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_gke129
+ action: access
+ needs: [ "qa_gke129_full_suite_manual_trigger"]
+
diff --git a/chart/.gitlab/ci/environments/gke130-arm.gitlab-ci.yml b/chart/.gitlab/ci/environments/gke130-arm.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1126fceea4aa281093ab4ec2eeef602f9de659b6
--- /dev/null
+++ b/chart/.gitlab/ci/environments/gke130-arm.gitlab-ci.yml
@@ -0,0 +1,98 @@
+.review_gke130a_common_vars: &review_gke130a_common_vars
+ DNS_PROVIDER: "google"
+ AGENT_NAME: "gke130-ci-cluster"
+ KUBE_INGRESS_BASE_DOMAIN: "cloud-native-v130.helm-charts.win"
+ KUBE_NAMESPACE: "helm-charts-win"
+ DEPLOY_MULTIARCH: "true"
+
+create_review_gke130a:
+ stage: review
+ image: busybox
+ variables:
+ <<: *review_gke130a_common_vars
+ GIT_STRATEGY: none
+ script:
+ - echo "Configuring gke130_review/a-$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
+ environment: &gke130a_environment
+ name: &gke130a_name gke130_review/a-$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke130a
+ auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
+ action: start
+
+review_gke130a:
+ variables:
+ <<: *review_gke130a_common_vars
+ extends: .review_template
+ environment:
+ <<: *gke130a_environment
+ action: access
+ # initially allow arm64 failures
+ allow_failure: true
+ rules:
+ # Initially we only execute for:
+ # * MRs and Default branch
+ # * Triggered pipelines (from CNG)
+ - if: '$PIPELINE_TYPE == "CANONICAL_FEATURE_BRANCH_PIPELINE" && $CI_PIPELINE_SOURCE == "pipeline" && $TEST_BRANCH == "true"'
+ - if: '$PIPELINE_TYPE != "CANONICAL_MR_PIPELINE" && $PIPELINE_TYPE != "CANONICAL_DEFAULT_BRANCH_PIPELINE"'
+ when: never
+ - !reference [.review_template, rules]
+
+stop_review_gke130a:
+ variables:
+ <<: *review_gke130a_common_vars
+ extends: .stop_review_template
+ # initially allow arm64 failures
+ allow_failure: true
+ environment:
+ # name: gke130_review/a-$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ name: *gke130a_name
+ action: stop
+
+review_specs_gke130a:
+ extends: .specs
+ variables:
+ <<: *review_gke130a_common_vars
+ VARIABLES_FILE: "variables/review_gke130a"
+ RSPEC_TAGS: type:feature
+ # initially allow arm64 failures
+ allow_failure: true
+ environment:
+ <<: *gke130a_environment
+ action: access
+ rules:
+ - !reference [.rule:skip_if_no_cluster]
+ - !reference [.specs, rules]
+ needs: ["review_gke130a"]
+
+qa_gke130a:
+ extends: .qa_branch
+ variables:
+ VARIABLES_FILE: "variables/review_gke130a"
+ TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
+ # initially allow arm64 failures
+ allow_failure: true
+ environment:
+ <<: *gke130a_environment
+ action: access
+ needs:
+ - review_gke130a
+ - job: review_specs_gke130a
+ artifacts: false
+
+qa_gke130a_full_suite_manual_trigger:
+ extends: .qa_full_suite_manual_trigger
+ script: echo 'The job will trigger Full E2E suite against GKE130'
+
+qa_gke130a_manual_full_suite:
+ extends: .qa_branch
+ parallel: 7
+ variables:
+ VARIABLES_FILE: "variables/review_gke130a"
+ TEST_SUITE: $QA_FULL_SUITE_OPTIONS
+ # initially allow arm64 failures
+ allow_failure: true
+ environment:
+ <<: *gke130a_environment
+ action: access
+ needs: ["qa_gke130a_full_suite_manual_trigger"]
diff --git a/chart/.gitlab/ci/environments/gke130.gitlab-ci.yml b/chart/.gitlab/ci/environments/gke130.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a5a50883a7ecc383aad07f03f6559921f24981ca
--- /dev/null
+++ b/chart/.gitlab/ci/environments/gke130.gitlab-ci.yml
@@ -0,0 +1,85 @@
+.review_gke130_common_vars: &review_gke130_common_vars
+ DNS_PROVIDER: "google"
+ AGENT_NAME: "gke130-ci-cluster"
+ KUBE_INGRESS_BASE_DOMAIN: "cloud-native-v130.helm-charts.win"
+ KUBE_NAMESPACE: "helm-charts-win"
+
+create_review_gke130:
+ stage: review
+ image: busybox
+ variables:
+ <<: *review_gke130_common_vars
+ GIT_STRATEGY: none
+ script:
+ - echo "Configuring gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke130
+ auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
+ action: start
+
+review_gke130:
+ variables:
+ <<: *review_gke130_common_vars
+ extends: .review_template
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke130
+ auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
+ action: access
+
+stop_review_gke130:
+ variables:
+ <<: *review_gke130_common_vars
+ extends: .stop_review_template
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ action: stop
+
+review_specs_gke130:
+ extends: .specs
+ variables:
+ <<: *review_gke130_common_vars
+ VARIABLES_FILE: "variables/review_gke130"
+ RSPEC_TAGS: type:feature
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ url: https://gitlab-$CI_ENVIRONENMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
+ on_stop: stop_review_gke130
+ action: access
+ rules:
+ - !reference [.rule:skip_if_no_cluster]
+ - !reference [.specs, rules]
+ needs: ["review_gke130"]
+
+qa_gke130:
+ extends: .qa_branch
+ variables:
+ VARIABLES_FILE: "variables/review_gke130"
+ TEST_SUITE: $QA_SANITY_SUITE_OPTIONS
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_gke130
+ action: access
+ needs:
+ - review_gke130
+ - job: review_specs_gke130
+ artifacts: false
+
+qa_gke130_full_suite_manual_trigger:
+ extends: .qa_full_suite_manual_trigger
+ script: echo 'The job will trigger Full E2E suite against GKE130'
+
+qa_gke130_manual_full_suite:
+ extends: .qa_branch
+ parallel: 7
+ variables:
+ VARIABLES_FILE: "variables/review_gke130"
+ TEST_SUITE: $QA_FULL_SUITE_OPTIONS
+ environment:
+ name: gke130_review/$REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
+ on_stop: stop_review_gke130
+ action: access
+ needs: ["qa_gke130_full_suite_manual_trigger"]
diff --git a/chart/.gitlab/ci/review-apps.gitlab-ci.yml b/chart/.gitlab/ci/review-apps.gitlab-ci.yml
index a6ec4328516a175b074b691aa23afac5ba97cbbd..00974d0da1f880b885b83ee6ddd2f873ed8fea5b 100644
--- a/chart/.gitlab/ci/review-apps.gitlab-ci.yml
+++ b/chart/.gitlab/ci/review-apps.gitlab-ci.yml
@@ -54,16 +54,16 @@ stop_review_vcluster_128:
extends: .stop_review_app_template
variables: !reference [review_vcluster_128, variables]
-# Kubernetes 1.29
+# Kubernetes 1.31
-review_vcluster_129:
+review_vcluster_131:
extends: .review_app_template
variables:
- VCLUSTER_K8S_VERSION: "1.29"
- VCLUSTER_NAME: vcluster-1-29-${REVIEW_REF_PREFIX}${CI_COMMIT_SHORT_SHA}
+ VCLUSTER_K8S_VERSION: "1.31"
+ VCLUSTER_NAME: vcluster-1-31-${REVIEW_REF_PREFIX}${CI_COMMIT_SHORT_SHA}
environment:
- on_stop: stop_review_vcluster_129
+ on_stop: stop_review_vcluster_131
-stop_review_vcluster_129:
+stop_review_vcluster_131:
extends: .stop_review_app_template
- variables: !reference [review_vcluster_129, variables]
+ variables: !reference [review_vcluster_131, variables]
diff --git a/chart/.helmignore b/chart/.helmignore
index e877c513d5810c9cb2f70938279dfbd4dc858463..a5545c338d9fd988e7bd6c86eb1398353229914e 100644
--- a/chart/.helmignore
+++ b/chart/.helmignore
@@ -43,7 +43,3 @@ changelogs/
# CHANGELOG.md
bin/
spec/
-# dependencies.io
-dependencies.yml
-deps.yml
-dependencies_io/
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index c704a29acebaa370c690c84582ad52895207a903..dba20ff8451c898c9b2fbcca30e94d08103962eb 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -2,6 +2,31 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 8.6.1 (2024-11-26)
+
+No changes.
+
+## 8.6.0 (2024-11-20)
+
+### Added (2 changes)
+
+- [Support new PAT feature in GitLab Shell](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/7741ec22bdbede136cb8c06e488aa025765a2b0b) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3997))
+- [Add annotations support to mailroom chart](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/46665cd8f93b351bb240cf716c9345e866e915d1) by @loliee ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3946))
+
+### Changed (11 changes)
+
+- [Update Helm release cert-manager to v1.12.14](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/0c024b2dd34be3c2e72360cbf3605987e27878f6) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4005))
+- [Update dependency gitlab-qa to v14.20.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/d58309f363d2490c354620359a4431f7f1eb6ba9) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3992))
+- [Update dependency gitlab-qa to v14.19.2](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/7e84c8fbbdff92cbba243750c7366d56b0fb5a99) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3981))
+- [Update dependency container-registry to v4.13.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/43a990baa13a5bdd0c4368b0b5e8b76d5c3331ba) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3980))
+- [Update Helm release gitlab-runner to v0.70.3](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/8f17dfb74a2b6fb3daf686da81fb7488c677d276) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3965))
+- [Update dependency container-registry to v4.12.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/15c6836b1401f90d377c8d3ed53ce22d70f34347) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3970))
+- [Update dependency gitlab-qa to v14.19.1](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/08d2813a4acb78c73f394d6abd857a185ae84ebf) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3962))
+- [Update dependency container-registry to v4.11.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/3811c509baf363e79227629b1471beea7dc99048) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3961))
+- [Update Helm release gitlab-runner to v0.70.1](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/b82f0a50ae6ec26a79fe9cc307c862c816f3ac78) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3958))
+- [Update Helm release gitlab-runner to v0.70.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ea3833fd35e5d201c96e9da5b4892b610df19781) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3955))
+- [Bump nginx-controller from 1.3.1 to 1.11.2](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/c8f6090ec807dde86d4f6fd92803ada8b125868e) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3901))
+
## 8.5.2 (2024-11-12)
### Changed (1 change)
@@ -39,6 +64,14 @@ No changes.
- [Remove 'ci_jwt_signing_key' secret migrated to ApplicationSetting](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/b23acb2484f63ebb7e0f461033f5a3542519b3c9) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3910))
+## 8.4.4 (2024-11-12)
+
+No changes.
+
+## 8.4.3 (2024-10-22)
+
+No changes.
+
## 8.4.2 (2024-10-09)
No changes.
@@ -65,6 +98,14 @@ No changes.
- [Update Helm release cert-manager to v1.12.13](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/e45d38f61348f8fae9c824a58a9e3551b91a7d5b) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3876))
- [Update dependency container-registry to v4.7.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/9da185ee884ef15ce5be7f032d734bfa654ef630) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3872))
+## 8.3.7 (2024-11-12)
+
+No changes.
+
+## 8.3.6 (2024-10-22)
+
+No changes.
+
## 8.3.5 (2024-10-09)
No changes.
diff --git a/chart/CONTRIBUTING.md b/chart/CONTRIBUTING.md
index 94cfdd333c4dbc956fc1d778b6c33c37edaebd85..d0e89a63fb272c70da1a6e4f8a70dd4783f15224 100644
--- a/chart/CONTRIBUTING.md
+++ b/chart/CONTRIBUTING.md
@@ -6,10 +6,10 @@ all contributions. By participating in this project, you agree to abide by the
## Developer Certificate of Origin + License
-By contributing to GitLab B.V., You accept and agree to the following terms and
-conditions for Your present and future Contributions submitted to GitLab B.V.
-Except for the license granted herein to GitLab B.V. and recipients of software
-distributed by GitLab B.V., You reserve all right, title, and interest in and to
+By contributing to GitLab Inc., You accept and agree to the following terms and
+conditions for Your present and future Contributions submitted to GitLab Inc.
+Except for the license granted herein to GitLab Inc. and recipients of software
+distributed by GitLab Inc., You reserve all right, title, and interest in and to
Your Contributions. All Contributions are subject to the following DCO + License
terms.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index ae17710fc6f61e102c17c9437643d9ae186352ad..50394a761ba66172b50c2c2f9c8ecb490ceec2b7 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,8 +1,8 @@
---
apiVersion: v1
name: gitlab
-version: 8.5.2-bb.0
-appVersion: 17.5.2
+version: 8.6.1-bb.0
+appVersion: v17.6.1
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
@@ -16,7 +16,7 @@ maintainers:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Gitlab: 17.5.2
+ - Gitlab: 17.6.1
bigbang.dev/upstreamReleaseNotesMarkdown: |
The [upstream chart's release notes](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/CHANGELOG.md) may help when reviewing this package.
helm.sh/images: |
@@ -27,44 +27,44 @@ annotations:
condition: redis.install
image: registry1.dso.mil/ironbank/bitnami/redis:7.4.1
- name: alpine-certificates
- image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.6.1
- name: cfssl-self-sign
condition: shared-secrets.enabled
image: registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
- name: gitaly
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.6.1
- name: gitlab-container-registry
condition: registry.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.6.1
- name: gitlab-shell
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.6.1
- name: gitlab-sidekiq
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.6.1
- name: gitlab-toolbox
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.6.1
- name: gitlab-webservice
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.6.1
- name: gitlab-workhorse
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.6.1
- name: gitlab-pages
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.6.1
- name: kubectl
- image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.6.1
- name: mc
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2024-10-02T08-27-28Z
- name: minio
image: registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2024-06-04T19-20-08Z
- name: postgresql
condition: postgresql.install
- image: registry1.dso.mil/ironbank/opensource/postgres/postgresql:14.14
+ image: registry1.dso.mil/ironbank/opensource/postgres/postgresql:14.15
- name: ubi9
condition: upgradeCheck.enabled
image: registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.5
- name: gitlab-base
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.6.1
- name: gitlab-exporter
condition: gitlab.gitlab-exporter.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.5.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.6.1
- name: bbtests
condition: bbtests.enabled
image: registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4
diff --git a/chart/Kptfile b/chart/Kptfile
index 3fe228d7bb017893b09d66a917e7785f808b9db1..58a33bdcc1bc255e84359e23b857184b42a07c21 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 444b06a2195c8f8932847de2b727b63cbc3b8836
+ commit: 0a325d09171fcfa4a3e828052cb273f148a8ff04
repo: https://gitlab.com/gitlab-org/charts/gitlab
directory: /
- ref: v8.5.2
+ ref: v8.6.1
diff --git a/chart/LICENSE.md b/chart/LICENSE.md
index 4abe8b8bf03b34cb233a7fafb261a2829e159906..5aa367954311fc949f375c6bc2f0ba8518abae10 100644
--- a/chart/LICENSE.md
+++ b/chart/LICENSE.md
@@ -1,4 +1,4 @@
-Copyright (c) 2011-2017 GitLab B.V.
+Copyright (c) 2011-2017 GitLab Inc.
With regard to the GitLab Software:
diff --git a/chart/charts/cert-manager-v1.12.13.tgz b/chart/charts/cert-manager-v1.12.13.tgz
deleted file mode 100644
index ed81e0ef8d2389081985036b3f6a421827ec525a..0000000000000000000000000000000000000000
Binary files a/chart/charts/cert-manager-v1.12.13.tgz and /dev/null differ
diff --git a/chart/charts/cert-manager-v1.12.14.tgz b/chart/charts/cert-manager-v1.12.14.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..56f883c038307ac872b76eace97ff6415a8492b3
Binary files /dev/null and b/chart/charts/cert-manager-v1.12.14.tgz differ
diff --git a/chart/charts/gitlab-runner-0.70.0.tgz b/chart/charts/gitlab-runner-0.70.0.tgz
deleted file mode 100644
index c51c4d362d84c3cf2980bfc0ecb661eff89da86d..0000000000000000000000000000000000000000
Binary files a/chart/charts/gitlab-runner-0.70.0.tgz and /dev/null differ
diff --git a/chart/charts/gitlab-runner-0.71.0.tgz b/chart/charts/gitlab-runner-0.71.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7c208e5223edaec89cfc7f30b682c9a4edd7c3d3
Binary files /dev/null and b/chart/charts/gitlab-runner-0.71.0.tgz differ
diff --git a/chart/charts/gitlab-zoekt-1.4.1.tgz b/chart/charts/gitlab-zoekt-1.4.1.tgz
deleted file mode 100644
index 8cff95488a739795ca4dc190368992fe90d6fddc..0000000000000000000000000000000000000000
Binary files a/chart/charts/gitlab-zoekt-1.4.1.tgz and /dev/null differ
diff --git a/chart/charts/gitlab-zoekt-1.4.2.tgz b/chart/charts/gitlab-zoekt-1.4.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..36765395602648d5fb8e5ca4009aa572c38e83bb
Binary files /dev/null and b/chart/charts/gitlab-zoekt-1.4.2.tgz differ
diff --git a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
index ff8226eac6fc2acfc806a1452e28512f1081a157..521189fdafac3e36e847ea1c58f3e2ac9cd3f1e9 100644
--- a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: geo-logcursor
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: GitLab Geo logcursor
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/Chart.yaml b/chart/charts/gitlab/charts/gitaly/Chart.yaml
index c0857d1636fc9aadc3ed5eab99c3db0ea7eeb780..011719826a03bf7f5dd0e34e348f73daad67d231 100644
--- a/chart/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitaly
-version: 8.5.2
-appVersion: 17.5.2
+version: 8.6.1
+appVersion: 17.6.1
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 36149a2d1d51b24acc78645b901562e24eda29e9..45d9a87a0f1b4240f33e1a5721f15ae6ac67d5bd 100644
--- a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: gitlab-exporter
-version: 8.5.2
+version: 8.6.1
appVersion: 15.0.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
diff --git a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
index a19b7ac5653c12ceab1f74cde4a8de0abaa64656..5b6b1e47edda2d1d141561a849d63c78a3c6509f 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-pages
-version: 8.5.2
-appVersion: 17.5.2
+version: 8.6.1
+appVersion: 17.6.1
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
index 422c6befda699ad2acb448d87b46fe7fd36f8b2d..b05e62cf635ec7e69fe438f19f1960c68cfd7993 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: gitlab-shell
-version: 8.5.2
+version: 8.6.1
appVersion: 14.39.0
description: sshd for Gitlab
keywords:
diff --git a/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
index e5f808d2d49488e9004a483ce3802481818d1dcb..de5d51bdedd7a25dd6de6c8183a77779d3acc774 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
+++ b/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
@@ -99,6 +99,9 @@ data:
{{- end }}
lfs:
pure_ssh_protocol: {{ .Values.config.lfs.pureSSHProtocol }}
+ pat:
+ enabled: {{ .Values.config.pat.enabled }}
+ allowed_scopes: {{- .Values.config.pat.allowedScopes | toYaml | nindent 8 }}
krb5.conf: |
{{- .Values.config.gssapi.krb5Config | nindent 4 }}
# Leave this here - This line denotes end of block to the parser.
diff --git a/chart/charts/gitlab/charts/gitlab-shell/values.schema.json b/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
index 5eb139d47efb78e138e24e4bf285b532e7097be8..df60280a44b8f19988739a145a671c665542f7a9 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
+++ b/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
@@ -156,6 +156,20 @@
},
"title": "LFS related settings",
"type": "object"
+ },
+ "pat": {
+ "properties": {
+ "enabled": {
+ "title": "Enable PAT using SSH",
+ "type": "boolean"
+ },
+ "allowedScopes": {
+ "title": "An array of scopes allowed for PATs generated with SSH",
+ "type": "array"
+ }
+ },
+ "title": "Personal access token (PAT) related settings",
+ "type": "object"
}
},
"required": [
diff --git a/chart/charts/gitlab/charts/gitlab-shell/values.yaml b/chart/charts/gitlab/charts/gitlab-shell/values.yaml
index c9991b6b2bc44629823e996baf33d9e1e6de3ad7..de740f12deabe862f7119604fda2596b8b703363 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/values.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/values.yaml
@@ -150,6 +150,9 @@ config:
servicePrincipalName: ""
lfs:
pureSSHProtocol: false
+ pat:
+ enabled: true
+ allowedScopes: []
## Allow to overwrite under which User and Group the Pod will be running.
securityContext:
diff --git a/chart/charts/gitlab/charts/kas/Chart.yaml b/chart/charts/gitlab/charts/kas/Chart.yaml
index 6e187def0f6bb016c0653d6b44b51de035abf06e..da9ed96bca8ec9590d16f237b1ced05beea37d19 100644
--- a/chart/charts/gitlab/charts/kas/Chart.yaml
+++ b/chart/charts/gitlab/charts/kas/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: kas
-version: 8.5.2
-appVersion: 17.5.2
+version: 8.6.1
+appVersion: 17.6.1
description: GitLab Agent Server
keywords:
- agent
diff --git a/chart/charts/gitlab/charts/mailroom/Chart.yaml b/chart/charts/gitlab/charts/mailroom/Chart.yaml
index 0a39f4474d2ad443b726b5ccb1311306dab10c66..0d158ca9377d323bde0ab6d9f6fc2e9a42957ff8 100644
--- a/chart/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/chart/charts/gitlab/charts/mailroom/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mailroom
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: Handling incoming emails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/mailroom/templates/deployment.yaml b/chart/charts/gitlab/charts/mailroom/templates/deployment.yaml
index 24e227ea8c97d1cc9044376c60385347bf1eb833..82968a5273192f584a5d211c8cb0feab2bf3e0b9 100644
--- a/chart/charts/gitlab/charts/mailroom/templates/deployment.yaml
+++ b/chart/charts/gitlab/charts/mailroom/templates/deployment.yaml
@@ -28,6 +28,9 @@ spec:
{{- include "gitlab.podLabels" . | nindent 8 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- range $key, $value := .Values.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
{{- if .Values.tolerations }}
tolerations:
diff --git a/chart/charts/gitlab/charts/mailroom/values.yaml b/chart/charts/gitlab/charts/mailroom/values.yaml
index 98f68d97c68d4ab4c570e5d6357ca7f153614fcb..4bdad07c357e38dae6b51474f559c0a53ef46318 100644
--- a/chart/charts/gitlab/charts/mailroom/values.yaml
+++ b/chart/charts/gitlab/charts/mailroom/values.yaml
@@ -16,6 +16,8 @@ init:
cpu: 50m
containerSecurityContext: {}
+annotations: {}
+
# Tolerations for pod scheduling
tolerations: []
diff --git a/chart/charts/gitlab/charts/migrations/Chart.yaml b/chart/charts/gitlab/charts/migrations/Chart.yaml
index 9dec57d4eaf8b9537b9b240805612d7f97fb43be..ec42ef28a3705e6b4610af193c0c7b87d94383d0 100644
--- a/chart/charts/gitlab/charts/migrations/Chart.yaml
+++ b/chart/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: migrations
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/praefect/Chart.yaml b/chart/charts/gitlab/charts/praefect/Chart.yaml
index a29c54492d253f12115f09feb6607b2b9b676fb3..58d02e8ab91a9b36f041886dc701ace2c97c34e1 100644
--- a/chart/charts/gitlab/charts/praefect/Chart.yaml
+++ b/chart/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: praefect
-version: 8.5.2
-appVersion: 17.5.2
+version: 8.6.1
+appVersion: 17.6.1
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
diff --git a/chart/charts/gitlab/charts/sidekiq/Chart.yaml b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
index 8bdfc1f2e5b5490dd2764e9d9cdee14161c149a8..b18430f92273506e0bc0323691b1d24ec7c786f5 100644
--- a/chart/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: sidekiq
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/spamcheck/Chart.yaml b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
index a5bd88b833447595850888f0f8f3feded4b02d01..38c3c32a47e99ec82bba5cd175cbafb32789f59d 100644
--- a/chart/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: spamcheck
-version: 8.5.2
+version: 8.6.1
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
diff --git a/chart/charts/gitlab/charts/toolbox/Chart.yaml b/chart/charts/gitlab/charts/toolbox/Chart.yaml
index 09de07e7ec3ff653b83b3890f90ce87d02d74c70..14c4c16d0809c4b4a6b85df1a0f20c399edd683a 100644
--- a/chart/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/chart/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: toolbox
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: For manually running rake tasks through kubectl
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/Chart.yaml b/chart/charts/gitlab/charts/webservice/Chart.yaml
index ddb8259db5d9615042702cb82319ac20435bc13d..e8bd7bdeb117814cd177609ebcccf49e30f9f796 100644
--- a/chart/charts/gitlab/charts/webservice/Chart.yaml
+++ b/chart/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: webservice
-version: 8.5.2
-appVersion: v17.5.2
+version: 8.6.1
+appVersion: v17.6.1
description: HTTP server for Gitlab
keywords:
- gitlab
diff --git a/chart/charts/registry/Chart.yaml b/chart/charts/registry/Chart.yaml
index b882dd0b60f76d23ad010261f3698ac67ae8a38c..e98ebca5c56dbd00c88468136e8775ffccc56f57 100644
--- a/chart/charts/registry/Chart.yaml
+++ b/chart/charts/registry/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: registry
version: 0.7.0
-appVersion: 'v4.10.0-gitlab'
+appVersion: 'v4.13.0-gitlab'
description: Stateless, highly scalable application that stores and lets you
distribute container images
details: Container Registry component of GitLab
diff --git a/chart/charts/registry/templates/_database.tpl b/chart/charts/registry/templates/_database.tpl
index 1168b6f84b76570b723effda5511c9161150bec1..25af0ab05be6b8d8a447e8fd8a94d6e1245db91c 100644
--- a/chart/charts/registry/templates/_database.tpl
+++ b/chart/charts/registry/templates/_database.tpl
@@ -54,6 +54,22 @@ database:
maxjobretries: {{ .Values.database.backgroundMigrations.maxJobRetries }}
{{- end }}
{{- end }}
+ {{- if .Values.database.loadBalancing.enabled }}
+ loadbalancing:
+ enabled: {{ .Values.database.loadBalancing.enabled }}
+ {{- if .Values.database.loadBalancing.nameserver }}
+ {{- if .Values.database.loadBalancing.nameserver.host }}
+ nameserver: {{ .Values.database.loadBalancing.nameserver.host | quote }}
+ {{- end }}
+ {{- if .Values.database.loadBalancing.nameserver.port }}
+ port: {{ .Values.database.loadBalancing.nameserver.port | int }}
+ {{- end }}
+ {{- end }}
+ record: {{ .Values.database.loadBalancing.record | required "`database.loadBalancing` requires `record` to be provided." | quote }}
+ {{- if .Values.database.loadBalancing.replicaCheckInterval }}
+ replicacheckinterval: {{ .Values.database.loadBalancing.replicaCheckInterval | quote }}
+ {{- end }}
+ {{- end }}
{{- end }}
{{- end -}}
diff --git a/chart/charts/registry/templates/_helpers.tpl b/chart/charts/registry/templates/_helpers.tpl
index 38f203cd87f437a92cb6513255c56b69e1a6751c..5cab007211ae1f22b353c48d3eaa20219cb3bf7d 100644
--- a/chart/charts/registry/templates/_helpers.tpl
+++ b/chart/charts/registry/templates/_helpers.tpl
@@ -227,3 +227,14 @@ affinity:
{{- end -}}
{{- end -}}
{{- end }}
+
+{{/*
+Render the standard labels for resources related to the registry migration.
+These differ from the standard labels so the migration related Pod's are not
+matched by the registry PDB and Deployment selectors.
+*/}}
+{{- define "registry.migration.standardLabels" -}}
+{{- $labels := (include "gitlab.standardLabels" .) | fromYaml }}
+{{- $_ := set $labels "app" "registry-migrations" }}
+{{- toYaml $labels }}
+{{- end -}}
diff --git a/chart/charts/registry/templates/migrations-job.yaml b/chart/charts/registry/templates/migrations-job.yaml
index b81d5edb304e29e73959dac3beca0fffb009b711..34d27a0b19ceceb940847f33cdb67d99f9177bcf 100644
--- a/chart/charts/registry/templates/migrations-job.yaml
+++ b/chart/charts/registry/templates/migrations-job.yaml
@@ -7,7 +7,7 @@ metadata:
name: {{ template "registry.migrations.jobname" . }}
namespace: {{ .Release.Namespace }}
labels:
- {{- include "gitlab.standardLabels" . | nindent 4 }}
+ {{- include "registry.migration.standardLabels" . | nindent 4 }}
{{- include "gitlab.commonLabels" . | nindent 4 }}
{{- if .Values.database.migrations.annotations }}
annotations:
@@ -27,7 +27,7 @@ spec:
{{- end }}
{{- end }}
labels:
- {{- include "gitlab.standardLabels" . | nindent 8 }}
+ {{- include "registry.migration.standardLabels" . | nindent 8 }}
{{- include "gitlab.commonLabels" . | nindent 8 }}
{{- include "gitlab.podLabels" . | nindent 8 }}
spec:
diff --git a/chart/charts/registry/values.yaml b/chart/charts/registry/values.yaml
index 6289c4ea062b49d7e95702d5a80d60c46aad9372..919dbc7d676ede5dc526361aca02c52599698f4b 100644
--- a/chart/charts/registry/values.yaml
+++ b/chart/charts/registry/values.yaml
@@ -1,6 +1,6 @@
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry
- tag: 'v4.10.0-gitlab'
+ tag: 'v4.13.0-gitlab'
# pullPolicy: IfNotPresent
# pullSecrets: []
@@ -400,6 +400,11 @@ database:
name: registry
sslmode: disable
ssl: {}
+ # Load balancing settings
+ # WARNING: This is an experimental feature and must not be used in production.
+ # https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#loadbalancing
+ loadBalancing:
+ enabled: false
migrations:
enabled: true
activeDeadlineSeconds: 3600
diff --git a/chart/doc/charts/gitlab/gitlab-shell/index.md b/chart/doc/charts/gitlab/gitlab-shell/index.md
index cc7b30b2a0f0d636b6bbd7e7f84d5e5a5bb5f4be..746454e104ac5d8da862f7fd5812dce09d1df9aa 100644
--- a/chart/doc/charts/gitlab/gitlab-shell/index.md
+++ b/chart/doc/charts/gitlab/gitlab-shell/index.md
@@ -36,7 +36,7 @@ controlled by `global.shell.port`.
| Parameter | Default | Description |
|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | | Pod annotations |
| `podLabels` | | Supplemental Pod labels. Will not be used for selectors. |
| `common.labels` | | Supplemental labels that are applied to all objects created by this chart. |
@@ -51,13 +51,15 @@ controlled by `global.shell.port`.
| `config.ciphers` | `[aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr]` | Specify the ciphers allowed. |
| `config.kexAlgorithms` | `[curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]` | Specifies the available KEX (Key Exchange) algorithms. |
| `config.macs` | `[hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1]` | Specifies the available MAC (message authentication code algorithms. |
-| `config.publicKeyAlgorithms` | `[]` | Custom list of public key algorithms. If empty, the default algorithms are used. |
+| `config.publicKeyAlgorithms` | `[]` | Custom list of public key algorithms. If empty, the default algorithms are used. |
| `config.gssapi.enabled` | `false` | Enable GSS-API support for the `gitlab-sshd` daemon |
| `config.gssapi.keytab.secret` | | The name of a Kubernetes secret holding the keytab for the gssapi-with-mic authentication method |
| `config.gssapi.keytab.key` | `keytab` | Key holding the keytab in the Kubernetes secret |
| `config.gssapi.krb5Config` | | Content of the `/etc/krb5.conf` file in the GitLab Shell container |
| `config.gssapi.servicePrincipalName` | | The Kerberos service name to be used by the `gitlab-sshd` daemon |
-| `config.lfs.pureSSHProtocol` | `false` | Enable LFS Pure SSH protocol support |
+| `config.lfs.pureSSHProtocol` | `false` | Enable LFS Pure SSH protocol support |
+| `config.pat.enabled` | `true` | Enable PAT using SSH |
+| `config.pat.allowedScopes` | `[]` | An array of scopes allowed for PATs generated with SSH |
| `opensshd.supplemental_config` | | Supplemental configuration, appended to `sshd_config`. Strict alignment to [man page](https://manpages.debian.org/bookworm/openssh-server/sshd_config.5.en.html) |
| `deployment.livenessProbe.initialDelaySeconds` | 10 | Delay before liveness probe is initiated |
| `deployment.livenessProbe.periodSeconds` | 10 | How often to perform the liveness probe |
@@ -93,10 +95,10 @@ controlled by `global.shell.port`.
| `image.tag` | `master` | Shell image tag |
| `init.image.repository` | | initContainer image |
| `init.image.tag` | | initContainer image tag |
-| `init.containerSecurityContext` | | initContainer specific [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) |
-| `init.containerSecurityContext.allowPrivilegeEscalation` | `false` | initContainer specific: Controls whether a process can gain more privileges than its parent process |
-| `init.containerSecurityContext.runAsNonRoot` | `true` | initContainer specific: Controls whether the container runs with a non-root user |
-| `init.containerSecurityContext.capabilities.drop` | `[ "ALL" ]` | initContainer specific: Removes [Linux capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) for the container |
+| `init.containerSecurityContext` | | initContainer specific [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) |
+| `init.containerSecurityContext.allowPrivilegeEscalation` | `false` | initContainer specific: Controls whether a process can gain more privileges than its parent process |
+| `init.containerSecurityContext.runAsNonRoot` | `true` | initContainer specific: Controls whether the container runs with a non-root user |
+| `init.containerSecurityContext.capabilities.drop` | `[ "ALL" ]` | initContainer specific: Removes [Linux capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) for the container |
| `keda.enabled` | `false` | Use [KEDA](https://keda.sh/) `ScaledObjects` instead of `HorizontalPodAutoscalers` |
| `keda.pollingInterval` | `30` | The interval to check each trigger on |
| `keda.cooldownPeriod` | `300` | The period to wait after the last trigger reported active before scaling the resource back to 0 |
@@ -112,7 +114,7 @@ controlled by `global.shell.port`.
| `priorityClassName` | | [Priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) assigned to pods. |
| `replicaCount` | `1` | Shell replicas |
| `serviceLabels` | `{}` | Supplemental service labels |
-| `service.allocateLoadBalancerNodePorts` | Not set, to use Kubernetes default value. | Allows to disable NodePort allocation on LoadBalancer service, see the [documentation](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation) |
+| `service.allocateLoadBalancerNodePorts` | Not set, to use Kubernetes default value. | Allows to disable NodePort allocation on LoadBalancer service, see the [documentation](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation) |
| `service.externalTrafficPolicy` | `Cluster` | Shell service external traffic policy (Cluster or Local) |
| `service.internalPort` | `2222` | Shell internal port |
| `service.nodePort` | | Sets shell nodePort if set |
@@ -120,11 +122,11 @@ controlled by `global.shell.port`.
| `service.type` | `ClusterIP` | Shell service type |
| `service.loadBalancerIP` | | IP address to assign to LoadBalancer (if supported) |
| `service.loadBalancerSourceRanges` | | List of IP CIDRs allowed access to LoadBalancer (if supported) |
-| `serviceAccount.annotations` | `{}` | ServiceAccount annotations |
-| `serviceAccount.automountServiceAccountToken` | `false` | Indicates whether or not the default ServiceAccount access token should be mounted in pods |
-| `serviceAccount.create` | `false` | Indicates whether or not a ServiceAccount should be created |
-| `serviceAccount.enabled` | `false` | Indicates whether or not to use a ServiceAccount |
-| `serviceAccount.name` | | Name of the ServiceAccount. If not set, the full chart name is used |
+| `serviceAccount.annotations` | `{}` | ServiceAccount annotations |
+| `serviceAccount.automountServiceAccountToken` | `false` | Indicates whether or not the default ServiceAccount access token should be mounted in pods |
+| `serviceAccount.create` | `false` | Indicates whether or not a ServiceAccount should be created |
+| `serviceAccount.enabled` | `false` | Indicates whether or not to use a ServiceAccount |
+| `serviceAccount.name` | | Name of the ServiceAccount. If not set, the full chart name is used |
| `securityContext.fsGroup` | `1000` | Group ID under which the pod should be started |
| `securityContext.runAsUser` | `1000` | User ID under which the pod should be started |
| `securityContext.fsGroupChangePolicy` | | Policy for changing ownership and permission of the volume (requires Kubernetes 1.23) |
@@ -137,7 +139,7 @@ controlled by `global.shell.port`.
| `sshDaemon` | `openssh` | Selects which SSH daemon would be run, possible values (`openssh`, `gitlab-sshd`) |
| `tolerations` | `[]` | Toleration labels for pod assignment |
| `traefik.entrypoint` | `gitlab-shell` | When using traefik, which traefik entrypoint to use for GitLab Shell. Defaults to `gitlab-shell` |
-| `traefik.tcpMiddlewares` | `[]` | When using traefik, which TCP Middlewares to add to IngressRouteTCP resource. No middlewares by default |
+| `traefik.tcpMiddlewares` | `[]` | When using traefik, which TCP Middlewares to add to IngressRouteTCP resource. No middlewares by default |
| `workhorse.serviceName` | `webservice` | Workhorse service name (by default, Workhorse is a part of the webservice Pods / Service) |
| `metrics.enabled` | `false` | If a metrics endpoint should be made available for scraping (requires `sshDaemon=gitlab-sshd`). |
| `metrics.port` | `9122` | Metrics endpoint port |
diff --git a/chart/doc/charts/gitlab/mailroom/index.md b/chart/doc/charts/gitlab/mailroom/index.md
index 82ffa038f0eb181a608a00306c90ea8e460b5fe4..d87cd30ae8682fc3cd938b0ba3780bd4fcacd174 100644
--- a/chart/doc/charts/gitlab/mailroom/index.md
+++ b/chart/doc/charts/gitlab/mailroom/index.md
@@ -31,6 +31,8 @@ init:
requests:
cpu: 50m
+annotations: {}
+
# Tolerations for pod scheduling
tolerations: []
affinity: {}
@@ -81,6 +83,7 @@ serviceAccount:
| Parameter | Description | Default |
| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- |
| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
+| `annotations` | Pod annotations. | `{}` |
| `deployment.strategy` | Allows one to configure the update strategy utilized by the deployment | `{}` |
| `enabled` | Mailroom enablement flag | `true` |
| `hpa.behavior` | Behavior contains the specifications for up- and downscaling behavior (requires `autoscaling/v2beta2` or higher) | `{scaleDown: {stabilizationWindowSeconds: 300 }}` |
diff --git a/chart/doc/charts/globals.md b/chart/doc/charts/globals.md
index 8e3e3e7d40c8aa8ce43a960a317bd5a3d340f612..123be6d1c86f0b492fe9a3d368bccf36fe5bbac6 100644
--- a/chart/doc/charts/globals.md
+++ b/chart/doc/charts/globals.md
@@ -1643,8 +1643,8 @@ kubectl create secret generic <secret_object_name> --from-literal=secretKey=<duo
### OmniAuth
-GitLab can leverage OmniAuth to allow users to sign in using Twitter, GitHub, Google,
-and other popular services. Expanded documentation can be found in the [OmniAuth documentation](https://docs.gitlab.com/ee/integration/omniauth.html)
+GitLab can leverage OmniAuth to allow users to sign in using GitHub, Google,
+and other popular services. Expanded documentation can be found in the [OmniAuth documentation](https://docs.gitlab.com/ee/integration/omniauth.html#configure-common-settings)
for GitLab.
```yaml
@@ -1666,20 +1666,20 @@ omniauth:
# - name: group_saml
```
-| Name | Type | Default | Description |
-|:------------------------- |:-------:|:----------- |:----------- |
-| `allowBypassTwoFactor` | | | Allows users to log in with the specified providers without two factor authentication. Can be set to `true`, `false`, or an array of providers. See [Bypassing two factor authentication](https://docs.gitlab.com/ee/integration/omniauth.html#bypassing-two-factor-authentication). |
-| `allowSingleSignOn` | Array | `['saml']` | Enable the automatic creation of accounts when signing in with OmniAuth. Input the [name of the OmniAuth Provider](https://docs.gitlab.com/ee/integration/omniauth.html#supported-providers). |
-| `autoLinkLdapUser` | Boolean | `false` | Can be used if you have LDAP / ActiveDirectory integration enabled. When enabled, users automatically created through OmniAuth will be linked to their LDAP entry as well. |
-| `autoLinkSamlUser` | Boolean | `false` | Can be used if you have SAML integration enabled. When enabled, users automatically created through OmniAuth will be linked to their SAML entry as well. |
-| `autoLinkUser` | | | Allows users authenticating via an OmniAuth provider to be automatically linked to a current GitLab user if their emails match. Can be set to `true`, `false`, or an array of providers. |
-| `autoSignInWithProvider` | | `nil` | Single provider name allowed to automatically sign in. This should match the name of the provider, such as `saml` or `google_oauth2`. |
-| `blockAutoCreatedUsers` | Boolean | `true` | If `true` auto created users will be blocked by default and will have to be unblocked by an administrator before they are able to sign in. |
-| `enabled` | Boolean | `false` | Enable / disable the use of OmniAuth with GitLab. |
-| `externalProviders` | | `[]` | You can define which OmniAuth providers you want to be `external`, so that all users **creating accounts, or logging in via these providers** will be unable to access internal projects. You will need to use the full name of the provider, like `google_oauth2` for Google. See [Configure OmniAuth Providers as External](https://docs.gitlab.com/ee/integration/omniauth.html#configure-omniauth-providers-as-external). |
-| `providers` | | `[]` | [See below](#providers). |
-| `syncProfileAttributes` | | `['email']` | List of profile attributes to sync from the provider upon login. See [Keep OmniAuth user profiles up to date](https://docs.gitlab.com/ee/integration/omniauth.html#keep-omniauth-user-profiles-up-to-date) for options. |
-| `syncProfileFromProvider` | | `[]` | List of provider names that GitLab should automatically sync profile information from. Entries should match the name of the provider, such as `saml` or `google_oauth2`. See [Keep OmniAuth user profiles up to date](https://docs.gitlab.com/ee/integration/omniauth.html#keep-omniauth-user-profiles-up-to-date). |
+| Name | Type | Default |
+|:------------------------- |:-------:|:----------- |
+| `allowBypassTwoFactor` | Boolean or Array | `false` |
+| `allowSingleSignOn` | Boolean or Array | `['saml']` |
+| `autoLinkLdapUser` | Boolean | `false` |
+| `autoLinkSamlUser` | Boolean | `false` |
+| `autoLinkUser` | Boolean or Array | `false` |
+| `autoSignInWithProvider` | | `nil` |
+| `blockAutoCreatedUsers` | Boolean | `true` |
+| `enabled` | Boolean | `false` |
+| `externalProviders` | | `[]` |
+| `providers` | | `[]` |
+| `syncProfileAttributes` | | `['email']` |
+| `syncProfileFromProvider` | | `[]` |
#### providers
diff --git a/chart/doc/charts/registry/index.md b/chart/doc/charts/registry/index.md
index f9d7c6d8d8d917fd80708facf878295000b8490f..7f7de4421bde49c846243769cb0b5d4f9674cad0 100644
--- a/chart/doc/charts/registry/index.md
+++ b/chart/doc/charts/registry/index.md
@@ -76,7 +76,7 @@ registry:
interval: 24h
dryrun: false
image:
- tag: 'v4.10.0-gitlab'
+ tag: 'v4.13.0-gitlab'
pullPolicy: IfNotPresent
annotations:
service:
@@ -186,7 +186,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the
| `image.pullPolicy` | | Pull policy for the registry image |
| `image.pullSecrets` | | Secrets to use for image repository |
| `image.repository` | `registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry` | Registry image |
-| `image.tag` | `v4.10.0-gitlab` | Version of the image to use |
+| `image.tag` | `v4.13.0-gitlab` | Version of the image to use |
| `init.image.repository` | | initContainer image |
| `init.image.tag` | | initContainer image tag |
| `init.containerSecurityContext` | | initContainer specific [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) |
@@ -241,6 +241,11 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the
| `database.pool.maxopen` | `0` | The maximum number of open connections to the database. If `maxopen` is less than `maxidle`, then `maxidle` is reduced to match the `maxopen` limit. Zero or not specified means unlimited open connections. |
| `database.pool.maxlifetime` | `0` | The maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. Zero or not specified means unlimited reuse. |
| `database.pool.maxidletime` | `0` | The maximum amount of time a connection may be idle. Expired connections may be closed lazily before reuse. Zero or not specified means unlimited duration. |
+| `database.loadBalancing.enabled` | `false` | Enable database load balancing. This is an experimental feature and must not be used in production environments. |
+| `database.loadBalancing.nameserver.host` | `localhost` | The host of the nameserver to use for looking up the DNS record. |
+| `database.loadBalancing.nameserver.port` | `8600` | The port of the nameserver to use for looking up the DNS record. |
+| `database.loadBalancing.record` | | The SRV record to look up. This option is required for service discovery to work. |
+| `database.loadBalancing.replicaCheckInterval` | `1m` | The minimum amount of time between checking the status of a replica. |
| `database.migrations.enabled` | `true` | Enable the migrations job to automatically run migrations upon initial deployment and upgrades of the Chart. Note that migrations can also be run manually from within any running Registry pods. |
| `database.migrations.activeDeadlineSeconds` | `3600` | Set the [activeDeadlineSeconds](https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-termination-and-cleanup) on the migrations job. |
| `database.migrations.annotations` | `{}` | Additional annotations to add to the migrations job. |
@@ -424,7 +429,7 @@ You can change the included version of the Registry and `pullPolicy`.
Default settings:
-- `tag: 'v4.10.0-gitlab'`
+- `tag: 'v4.13.0-gitlab'`
- `pullPolicy: 'IfNotPresent'`
## Configuring the `service`
@@ -993,7 +998,7 @@ See the [administration documentation](https://docs.gitlab.com/ee/administration
before enabling this feature.
NOTE:
-This feature requires PostgreSQL 12 or newer.
+This feature requires PostgreSQL 13 or newer.
```yaml
database:
@@ -1030,6 +1035,13 @@ database:
jobInterval: 10s
```
+#### Load balancing
+
+WARNING:
+This is an experimental feature under active development and must not be used in production.
+
+The `loadBalancing` section allows configuring [database load balancing](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#loadbalancing). The [Redis cache](#redis-cache) must be enabled for this feature to work.
+
#### Manage the database
See the [Container registry metadata database](metadata_database.md) page for
diff --git a/chart/doc/development/environment_setup.md b/chart/doc/development/environment_setup.md
index c3b3520e9921407852562e27b811598a3e853a75..8fbb8dc56b2ef41b9103bba5eb0d67d535a75ca4 100644
--- a/chart/doc/development/environment_setup.md
+++ b/chart/doc/development/environment_setup.md
@@ -91,7 +91,7 @@ Details on installing the chart from the Git repository can be found in the [dev
## Developer license
-A [developer license](https://handbook.gitlab.com/handbook/developer-onboarding/#working-on-gitlab-ee-developer-licenses) can
+A [developer license](https://handbook.gitlab.com/handbook/engineering/developer-onboarding/#working-on-gitlab-ee-developer-licenses) can
be used for chart development to test features that are only functional in a licensed environment.
To use a developer license follow the [instructions for Enterprise licenses](../installation/secrets.md#initial-enterprise-license)
diff --git a/chart/doc/development/gitlab-qa/index.md b/chart/doc/development/gitlab-qa/index.md
index 3fd2d6bf4f0067fd4b23466701d42985318b2a3e..40584f35f17f697bb84792c7fe2befd06ba5a907 100644
--- a/chart/doc/development/gitlab-qa/index.md
+++ b/chart/doc/development/gitlab-qa/index.md
@@ -96,14 +96,11 @@ when end-to-end tests are grouped by various [RSpec metadata](https://docs.gitla
- _Smoke suite_: small [subset of fast end-to-end functional tests](https://docs.gitlab.com/ee/development/testing_guide/smoke.html)
to quickly ensure that basic functionality is working
- Enable this suite via `export QA_OPTIONS="--tag smoke"`
-- _Smoke and Blocking suite_: subset of smoke and blocking tests to verify that the
-major functionality is working
- - Enable this suite via `export QA_OPTIONS="--tag smoke --tag blocking --tag ~skip_live_env --tag ~orchestrated --tag ~github"`
- _Full suite_: running all tests against the environment. Test run will take more than an hour.
- Enable this suite via `--tag ~skip_live_env --tag ~orchestrated --tag ~requires_praefect --tag ~github --tag ~requires_git_protocol_v2 --tag ~transient`
Selecting a test suite depends on the use case. In the majority of cases, running
-Smoke and Blocking suite should give quick and consistent test results
+Smoke suite should give quick and consistent test results
as well as a good test coverage. This suite is being used as a sanity
check in [GitLab.com deployments](https://handbook.gitlab.com/handbook/engineering/deployments-and-releases/deployments/#gitlabcom-deployments-process).
diff --git a/chart/doc/development/troubleshooting.md b/chart/doc/development/troubleshooting.md
index 79bcb660ade01f17bdaa6ca42caf9af4fb9b14c3..ebeefaca141dad17ecf2c6b89477391b43ed670a 100644
--- a/chart/doc/development/troubleshooting.md
+++ b/chart/doc/development/troubleshooting.md
@@ -50,22 +50,27 @@ production.
Certain jobs in CI use a backup of GitLab during testing. Complete the steps below to update this backup when needed:
-1. Generate the desired backup by running a CI pipeline for the matching stable branch.
- 1. For example: run a CI pipeline for branch `5-4-stable` if current release is `5-5-stable` to create a backup of 14.4.
- 1. Note that this will require the Maintainer role.
-1. In that pipeline, cancel the QA jobs (but leave the spec tests) so that we don't get extra data in the backup.
-1. Let the spec tests finish. They will have installed the old backup, and migrated the instance to the version we want.
-1. Edit the `gitlab-runner` Deployment replicas to 0, so the Runner turns off.
-1. Log in to the UI and delete the Runner from the admin section. This should help avoid cipher errors later.
+1. Install the most latest version of the chart that is compatible with the current backup
+ into a development cluster.
+1. [Restore the backup](../backup-restore/restore.md#restoring-the-backup-file) currently
+ used in CI. The backup is available at `https://storage.cloud.google.com/gitlab-charts-ci/test-backups/<BACKUP_PREFIX>_gitlab_backup.tar`.
+ The current `BACKUP_PREFIX` is defined in `.gitlab-ci.yml`.
+
+ - If you are using the bundled MinIO with a self-signed certificate you may want
+ to use `awscli` instead of `s3cmd` to avoid SSL errors.
+ To do this, [first configure `awscli`](https://min.io/docs/minio/linux/integrations/aws-cli-with-minio.html)
+ inside your toolbox, and then pass `--s3tool awscli --aws-s3-endpoint-url http://gitlab-minio-svc:9000` to
+ your backup and restore commands.
+
1. [Ensure the background migrations all complete](https://docs.gitlab.com/ee/update/#check-for-background-migrations-before-upgrading), forcing them to complete if needed.
-1. Delete the `toolbox` Pod to ensure there is no existing `tmp` data, keeping the backup small.
-1. If any manual work is needed to modify the contents of the backup, complete it before moving on to the next step.
-1. [Create a new backup](../backup-restore/backup.md) from the new `toolbox` Pod.
-1. Download the new backup from the CI instance of MinIO in the `gitlab-backups` bucket.
-1. Upload the backup to the proper location in Google Cloud Storage (GCS):
+1. Upgrade the Helm release to use the new CNG images which have the new backup/restore
+ changes by setting `global.gitlabVersion=<CNG tag>`.
+1. [Create a new backup](../backup-restore/backup.md) from the `toolbox` Pod.
+1. Download the new backup from the `gitlab-backups` bucket.
+1. Ask in `#g_distribution` to upload the backup to Google Cloud Storage (GCS):
1. Project: `cloud-native-182609`, path: `gitlab-charts-ci/test-backups/`
1. Edit access and add `Entity=Public`, `Name=allUsers`, and `Access=Reader`.
-1. Finally, update `.variables.TEST_BACKUP_PREFIX` in `.gitlab-ci.yml` to the new version of the backup.
+1. Finally, update `.variables.TEST_BACKUP_PREFIX` in `.gitlab-ci.yml` and open a merge request.
- For example: If the filename is `1708623546_2024_02_22_16.9.1-ee_gitlab_backup`, then the prefix is `1708623546_2024_02_22_16.9.1-ee`.
Future pipelines will now use the new backup artifact during testing.
diff --git a/chart/doc/installation/cloud/index.md b/chart/doc/installation/cloud/index.md
index 463fc4c6942d80bf2c702346492cccb4091d741a..ee8df737bc9a68c6c62610a66631c356cd9a0646 100644
--- a/chart/doc/installation/cloud/index.md
+++ b/chart/doc/installation/cloud/index.md
@@ -21,17 +21,18 @@ you can reduce the defaults to fit into a smaller cluster.
The GitLab Helm chart supports the following Kubernetes releases:
-| Kubernetes release | Status | Minimum GitLab version | Architectures | End of life |
-|--------------------|------------|------------------------|---------------|-------------|
-| 1.30 | [In development/qualification](https://gitlab.com/gitlab-org/distribution/team-tasks/-/issues/1498) | 17.0 | x86-64 | 2025-06-28 |
-| 1.29 | Supported | 17.0 | x86-64 | 2025-02-28 |
-| 1.28 | Supported | 17.0 | x86-64 | 2024-10-28 |
-| 1.27 | Supported | 16.6 | x86-64 | 2024-06-28 |
-| 1.26 | Deprecated | 16.5 | x86-64 | 2024-02-28 |
-| 1.25 | Deprecated | 16.5 | x86-64 | 2023-10-28 |
-| 1.24 | Deprecated | 16.5 | x86-64 | 2023-07-28 |
-| 1.23 | Deprecated | 16.5 | x86-64 | 2023-02-28 |
-| 1.22 | Deprecated | 16.5 | x86-64 | 2022-10-28 |
+| Kubernetes release | Status | Minimum GitLab version | Architectures | End of life |
+|--------------------|-------------|------------------------|---------------|-------------|
+| 1.31 | [In development/qualification](https://gitlab.com/gitlab-org/distribution/team-tasks/-/issues/1602) | | x86-64 | 2025-10-28 |
+| 1.30 | Supported | 17.6 | x86-64 | 2025-06-28 |
+| 1.29 | Supported | 17.0 | x86-64 | 2025-02-28 |
+| 1.28 | Supported | 17.0 | x86-64 | 2024-10-28 |
+| 1.27 | Unsupported | 16.6 | x86-64 | 2024-06-28 |
+| 1.26 | Unsupported | 16.5 | x86-64 | 2024-02-28 |
+| 1.25 | Unsupported | 16.5 | x86-64 | 2023-10-28 |
+| 1.24 | Unsupported | 16.5 | x86-64 | 2023-07-28 |
+| 1.23 | Unsupported | 16.5 | x86-64 | 2023-02-28 |
+| 1.22 | Unsupported | 16.5 | x86-64 | 2022-10-28 |
The GitLab Helm Chart aims to support new minor Kubernetes releases three months after their initial release.
We welcome reports made to our [issue tracker](https://gitlab.com/gitlab-org/charts/gitlab/-/issues) about compatibility issues in releases newer than those listed above.
diff --git a/chart/doc/installation/command-line-options.md b/chart/doc/installation/command-line-options.md
index 6f599ee351bbaceb3879e2476b1271bf93ef0ad1..c93e34a46e60b9a27e9f9e8ff9469c882978f76d 100644
--- a/chart/doc/installation/command-line-options.md
+++ b/chart/doc/installation/command-line-options.md
@@ -47,7 +47,7 @@ helm inspect values gitlab/gitlab
| `global.psql.password.secret` | Global name of the secret containing the psql password | _Uses in-cluster non-production PostgreSQL_ |
| `global.registry.bucket` | registry bucket name | `registry` |
| `global.service.annotations` | Annotations to add to every `Service` | {} |
-| `global.raills.sessionStore.sessionCookieTokenPrefix` | Prefix for the generated session cookies | "" |
+| `global.rails.sessionStore.sessionCookieTokenPrefix` | Prefix for the generated session cookies | "" |
| `global.deployment.annotations` | Annotations to add to every `Deployment` | {} |
| `global.time_zone` | Global time zone | UTC |
@@ -232,8 +232,9 @@ See the [instructions for creating secrets](secrets.md).
| `nginx-ingress.rbac.createRole` | Create and use namespaced role | true |
| `prometheus.rbac.create` | Create and use RBAC resources | true |
-If you're setting `nginx-ingress.rbac.create` to `false` to configure the RBAC rules by yourself, on
-GitLab chart v8.5.0+, you'll [need to also configure extra rules](../releases/8_0.md#upgrade-to-85x).
+If you're setting `nginx-ingress.rbac.create` to `false` to configure the RBAC rules by yourself, you
+might need to add specific RBAC rules
+[depending on your chart version](../releases/8_0.md#upgrade-to-86x-851-843-836).
## Advanced NGINX Ingress configuration
diff --git a/chart/doc/installation/database_upgrade.md b/chart/doc/installation/database_upgrade.md
index 022d3c7fd97696260a74ef2d84f7305ddb910fd3..58b96aec8f8a51b9088095ce4f3d1afa7fdc0a16 100644
--- a/chart/doc/installation/database_upgrade.md
+++ b/chart/doc/installation/database_upgrade.md
@@ -31,7 +31,7 @@ not a drop in replacement. Manual steps need to be performed to upgrade the data
The steps have been documented in the [upgrade steps](#steps-for-upgrading-the-bundled-postgresql).
NOTE:
-As part of the `4.0.0` release of this chart, we upgraded the bundled [PostgreSQL chart](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) from `7.7.0` to `8.9.4`.
+As part of the `4.0.0` release of this chart, we upgraded the bundled [PostgreSQL chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) from `7.7.0` to `8.9.4`.
This is not a drop in replacement. Manual steps need to be performed to upgrade the database.
The steps have been documented in the [upgrade steps](#steps-for-upgrading-the-bundled-postgresql).
diff --git a/chart/doc/installation/tools.md b/chart/doc/installation/tools.md
index eaca389131d3facb7db0f6a121efcd9a47dad148..eb412ab5487efb40f8f8c3f974ee72b36701d500 100644
--- a/chart/doc/installation/tools.md
+++ b/chart/doc/installation/tools.md
@@ -279,7 +279,7 @@ If the endpoint can be and is TLS-enabled they will also set the
`gitlab.com/prometheus_scheme: "https"` annotation, as well as the
`prometheus.io/scheme: "https"` annotation, either of which can be used with a
`relabel_config` to set the Prometheus `__scheme__` target label.
-The [Prometheus TLS values example](https://gitlab.com/gitlab-org/charts/gitlab/-/tree/master/examples/prometheus/values-tls.yaml)
+The [Prometheus TLS values example](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/prometheus/values-tls.yaml)
includes a `relabel_config` that targets `__scheme__` using the
`gitlab.com/prometheus_scheme: "https"` annotation.
diff --git a/chart/doc/installation/upgrade.md b/chart/doc/installation/upgrade.md
index 9722b659a4ec4cca7f2ad2f6c9dd6c4b9fa644fd..22ab06abe6bbe2bdd9ad13334e00b4d39654fcf7 100644
--- a/chart/doc/installation/upgrade.md
+++ b/chart/doc/installation/upgrade.md
@@ -40,7 +40,7 @@ This safely replaces the behavior of `--reuse-values`
NOTE:
If you're upgrading to the `7.0` version of the chart, follow the [manual upgrade steps for 7.0](#upgrade-to-version-70).
If you're upgrading to the `6.0` version of the chart, follow the [manual upgrade steps for 6.0](#upgrade-to-version-60).
-If you're upgrading to an older version of the chart, follow the [upgrade steps for older versions](upgrade_old.md).
+If you're upgrading to an older version of the chart, follow the [upgrade steps for older versions](#older-upgrade-instructions).
Before you upgrade, reflect on your set values and if you've possibly "over-configured" your settings. We expect you to maintain a small list of modified values, and leverage most of the chart defaults. If you've explicitly set a large number of settings by:
diff --git a/chart/doc/installation/version_mappings.md b/chart/doc/installation/version_mappings.md
index a6640bbbe64438785a08ba70dd794e3f914c3c88..d34d60831a262986c4cabbaa66dfe9f8c3c515e9 100644
--- a/chart/doc/installation/version_mappings.md
+++ b/chart/doc/installation/version_mappings.md
@@ -33,7 +33,12 @@ The table below maps some of the key previous supported chart versions and suppo
| Chart version | GitLab version |
|---------------|----------------|
+| 8.6.1 | 17.6.1 |
+| 8.6.0 | 17.6.0 |
+| 8.6.1 | 17.6.1 |
+| 8.6.0 | 17.6.0 |
| 8.5.2 | 17.5.2 |
+<<<<<<< HEAD
| 8.5.1 | 17.5.1 |
| 8.5.0 | 17.5.0 |
| 8.4.2 | 17.4.2 |
@@ -300,6 +305,277 @@ The table below maps some of the key previous supported chart versions and suppo
| 6.0.2 | 15.0.2 |
| 6.0.1 | 15.0.1 |
| 6.0.0 | 15.0.0 |
+=======
+| 8.5.1 | 17.5.1 |
+| 8.5.0 | 17.5.0 |
+| 8.4.4 | 17.4.4 |
+| 8.4.3 | 17.4.3 |
+| 8.4.2 | 17.4.2 |
+| 8.4.1 | 17.4.1 |
+| 8.4.0 | 17.4.0 |
+| 8.3.7 | 17.3.7 |
+| 8.3.6 | 17.3.6 |
+| 8.3.5 | 17.3.5 |
+| 8.3.4 | 17.3.4 |
+| 8.3.3 | 17.3.3 |
+| 8.3.2 | 17.3.2 |
+| 8.3.1 | 17.3.1 |
+| 8.3.0 | 17.3.0 |
+| 8.2.9 | 17.2.9 |
+| 8.2.8 | 17.2.8 |
+| 8.2.7 | 17.2.7 |
+| 8.2.6 | 17.2.6 |
+| 8.2.5 | 17.2.5 |
+| 8.2.4 | 17.2.4 |
+| 8.2.3 | 17.2.3 |
+| 8.2.2 | 17.2.2 |
+| 8.2.1 | 17.2.1 |
+| 8.2.0 | 17.2.0 |
+| 8.1.8 | 17.1.8 |
+| 8.1.7 | 17.1.7 |
+| 8.1.6 | 17.1.6 |
+| 8.1.5 | 17.1.5 |
+| 8.1.4 | 17.1.4 |
+| 8.1.3 | 17.1.3 |
+| 8.1.2 | 17.1.2 |
+| 8.1.1 | 17.1.1 |
+| 8.1.0 | 17.1.0 |
+| 8.0.8 | 17.0.8 |
+| 8.0.7 | 17.0.7 |
+| 8.0.6 | 17.0.6 |
+| 8.0.5 | 17.0.5 |
+| 8.0.4 | 17.0.4 |
+| 8.0.3 | 17.0.3 |
+| 8.0.2 | 17.0.2 |
+| 8.0.1 | 17.0.1 |
+| 8.0.0 | 17.0.0 |
+| 7.11.10 | 16.11.10 |
+| 7.11.9 | 16.11.9 |
+| 7.11.8 | 16.11.8 |
+| 7.11.7 | 16.11.7 |
+| 7.11.6 | 16.11.6 |
+| 7.11.5 | 16.11.5 |
+| 7.11.4 | 16.11.4 |
+| 7.11.3 | 16.11.3 |
+| 7.11.2 | 16.11.2 |
+| 7.11.1 | 16.11.1 |
+| 7.11.0 | 16.11.0 |
+| 7.10.10 | 16.10.10 |
+| 7.10.9 | 16.10.9 |
+| 7.10.8 | 16.10.8 |
+| 7.10.7 | 16.10.7 |
+| 7.10.6 | 16.10.6 |
+| 7.10.5 | 16.10.5 |
+| 7.10.4 | 16.10.4 |
+| 7.10.3 | 16.10.3 |
+| 7.10.2 | 16.10.2 |
+| 7.10.1 | 16.10.1 |
+| 7.10.0 | 16.10.0 |
+| 7.9.11 | 16.9.11 |
+| 7.9.10 | 16.9.10 |
+| 7.9.9 | 16.9.9 |
+| 7.9.8 | 16.9.8 |
+| 7.9.7 | 16.9.7 |
+| 7.9.6 | 16.9.6 |
+| 7.9.5 | 16.9.5 |
+| 7.9.4 | 16.9.4 |
+| 7.9.3 | 16.9.3 |
+| 7.9.2 | 16.9.2 |
+| 7.9.1 | 16.9.1 |
+| 7.9.0 | 16.9.0 |
+| 7.8.10 | 16.8.10 |
+| 7.8.9 | 16.8.9 |
+| 7.8.8 | 16.8.8 |
+| 7.8.7 | 16.8.7 |
+| 7.8.6 | 16.8.6 |
+| 7.8.5 | 16.8.5 |
+| 7.8.4 | 16.8.4 |
+| 7.8.3 | 16.8.3 |
+| 7.8.2 | 16.8.2 |
+| 7.8.1 | 16.8.1 |
+| 7.8.0 | 16.8.0 |
+| 7.7.10 | 16.7.10 |
+| 7.7.9 | 16.7.9 |
+| 7.7.8 | 16.7.8 |
+| 7.7.7 | 16.7.7 |
+| 7.7.6 | 16.7.6 |
+| 7.7.5 | 16.7.5 |
+| 7.7.4 | 16.7.4 |
+| 7.7.3 | 16.7.3 |
+| 7.7.2 | 16.7.2 |
+| 7.7.1 | 16.7.1 |
+| 7.7.0 | 16.7.0 |
+| 7.6.10 | 16.6.10 |
+| 7.6.9 | 16.6.9 |
+| 7.6.8 | 16.6.8 |
+| 7.6.7 | 16.6.7 |
+| 7.6.6 | 16.6.6 |
+| 7.6.5 | 16.6.5 |
+| 7.6.4 | 16.6.4 |
+| 7.6.3 | 16.6.3 |
+| 7.6.2 | 16.6.2 |
+| 7.6.1 | 16.6.1 |
+| 7.6.0 | 16.6.0 |
+| 7.5.10 | 16.5.10 |
+| 7.5.9 | 16.5.9 |
+| 7.5.8 | 16.5.8 |
+| 7.5.7 | 16.5.7 |
+| 7.5.6 | 16.5.6 |
+| 7.5.5 | 16.5.5 |
+| 7.5.4 | 16.5.4 |
+| 7.5.3 | 16.5.3 |
+| 7.5.2 | 16.5.2 |
+| 7.5.1 | 16.5.1 |
+| 7.5.0 | 16.5.0 |
+| 7.4.7 | 16.4.7 |
+| 7.4.6 | 16.4.6 |
+| 7.4.5 | 16.4.5 |
+| 7.4.4 | 16.4.4 |
+| 7.4.3 | 16.4.3 |
+| 7.4.2 | 16.4.2 |
+| 7.4.1 | 16.4.1 |
+| 7.4.0 | 16.4.0 |
+| 7.3.9 | 16.3.9 |
+| 7.3.8 | 16.3.8 |
+| 7.3.7 | 16.3.7 |
+| 7.3.6 | 16.3.6 |
+| 7.3.5 | 16.3.5 |
+| 7.3.4 | 16.3.4 |
+| 7.3.3 | 16.3.3 |
+| 7.3.2 | 16.3.2 |
+| 7.3.1 | 16.3.1 |
+| 7.3.0 | 16.3.0 |
+| 7.2.11 | 16.2.11 |
+| 7.2.10 | 16.2.10 |
+| 7.2.9 | 16.2.9 |
+| 7.2.8 | 16.2.8 |
+| 7.2.7 | 16.2.7 |
+| 7.2.6 | 16.2.6 |
+| 7.2.5 | 16.2.5 |
+| 7.2.4 | 16.2.4 |
+| 7.2.3 | 16.2.3 |
+| 7.2.2 | 16.2.2 |
+| 7.2.1 | 16.2.1 |
+| 7.2.0 | 16.2.0 |
+| 7.1.8 | 16.1.8 |
+| 7.1.7 | 16.1.7 |
+| 7.1.6 | 16.1.6 |
+| 7.1.5 | 16.1.5 |
+| 7.1.4 | 16.1.4 |
+| 7.1.3 | 16.1.3 |
+| 7.1.2 | 16.1.2 |
+| 7.1.1 | 16.1.1 |
+| 7.1.0 | 16.1.0 |
+| 7.0.10 | 16.0.10 |
+| 7.0.9 | 16.0.9 |
+| 7.0.8 | 16.0.8 |
+| 7.0.7 | 16.0.7 |
+| 7.0.6 | 16.0.6 |
+| 7.0.5 | 16.0.5 |
+| 7.0.4 | 16.0.4 |
+| 7.0.3 | 16.0.3 |
+| 7.0.2 | 16.0.2 |
+| 7.0.1 | 16.0.1 |
+| 7.0.0 | 16.0.0 |
+| 6.11.13 | 15.11.13 |
+| 6.11.12 | 15.11.12 |
+| 6.11.11 | 15.11.11 |
+| 6.11.10 | 15.11.10 |
+| 6.11.9 | 15.11.9 |
+| 6.11.8 | 15.11.8 |
+| 6.11.7 | 15.11.7 |
+| 6.11.6 | 15.11.6 |
+| 6.11.5 | 15.11.5 |
+| 6.11.4 | 15.11.4 |
+| 6.11.3 | 15.11.3 |
+| 6.11.2 | 15.11.2 |
+| 6.11.1 | 15.11.1 |
+| 6.11.0 | 15.11.0 |
+| 6.10.8 | 15.10.8 |
+| 6.10.7 | 15.10.7 |
+| 6.10.6 | 15.10.6 |
+| 6.10.5 | 15.10.5 |
+| 6.10.4 | 15.10.4 |
+| 6.10.3 | 15.10.3 |
+| 6.10.2 | 15.10.2 |
+| 6.10.1 | 15.10.1 |
+| 6.10.0 | 15.10.0 |
+| 6.9.8 | 15.9.8 |
+| 6.9.7 | 15.9.7 |
+| 6.9.6 | 15.9.6 |
+| 6.9.5 | 15.9.5 |
+| 6.9.4 | 15.9.4 |
+| 6.9.3 | 15.9.3 |
+| 6.9.2 | 15.9.2 |
+| 6.9.1 | 15.9.1 |
+| 6.9.0 | 15.9.0 |
+| 6.8.6 | 15.8.6 |
+| 6.8.5 | 15.8.5 |
+| 6.8.4 | 15.8.4 |
+| 6.8.3 | 15.8.3 |
+| 6.8.2 | 15.8.2 |
+| 6.8.1 | 15.8.1 |
+| 6.8.0 | 15.8.0 |
+| 6.7.9 | 15.7.9 |
+| 6.7.8 | 15.7.8 |
+| 6.7.7 | 15.7.7 |
+| 6.7.6 | 15.7.6 |
+| 6.7.5 | 15.7.5 |
+| 6.7.3 | 15.7.3 |
+| 6.7.2 | 15.7.2 |
+| 6.7.1 | 15.7.1 |
+| 6.7.0 | 15.7.0 |
+| 6.6.8 | 15.6.8 |
+| 6.6.7 | 15.6.7 |
+| 6.6.6 | 15.6.6 |
+| 6.6.4 | 15.6.4 |
+| 6.6.3 | 15.6.3 |
+| 6.6.2 | 15.6.2 |
+| 6.6.1 | 15.6.1 |
+| 6.6.0 | 15.6.0 |
+| 6.5.9 | 15.5.9 |
+| 6.5.8 | 15.5.7 |
+| 6.5.7 | 15.5.6 |
+| 6.5.6 | 15.5.5 |
+| 6.5.5 | 15.5.4 |
+| 6.5.4 | 15.5.3 |
+| 6.5.3 | 15.5.3 |
+| 6.5.2 | 15.5.2 |
+| 6.5.1 | 15.5.1 |
+| 6.5.0 | 15.5.0 |
+| 6.4.6 | 15.4.6 |
+| 6.4.5 | 15.4.5 |
+| 6.4.4 | 15.4.4 |
+| 6.4.3 | 15.4.3 |
+| 6.4.2 | 15.4.2 |
+| 6.4.1 | 15.4.1 |
+| 6.4.0 | 15.4.0 |
+| 6.3.5 | 15.3.5 |
+| 6.3.4 | 15.3.4 |
+| 6.3.3 | 15.3.3 |
+| 6.3.2 | 15.3.2 |
+| 6.3.1 | 15.3.1 |
+| 6.3.0 | 15.3.0 |
+| 6.2.5 | 15.2.5 |
+| 6.2.4 | 15.2.4 |
+| 6.2.3 | 15.2.3 |
+| 6.2.2 | 15.2.2 |
+| 6.2.1 | 15.2.1 |
+| 6.2.0 | 15.2.0 |
+| 6.1.6 | 15.1.6 |
+| 6.1.5 | 15.1.5 |
+| 6.1.4 | 15.1.4 |
+| 6.1.3 | 15.1.3 |
+| 6.1.2 | 15.1.2 |
+| 6.1.1 | 15.1.1 |
+| 6.1.0 | 15.1.0 |
+| 6.0.5 | 15.0.5 |
+| 6.0.4 | 15.0.4 |
+| 6.0.3 | 15.0.3 |
+| 6.0.2 | 15.0.2 |
+| 6.0.1 | 15.0.1 |
+| 6.0.0 | 15.0.0 |
+>>>>>>> update "chart" (https://gitlab.com/gitlab-org/charts/gitlab) from "v8.6.1" (444b06a2195c8f8932847de2b727b63cbc3b8836) to "v8.6.1" (0a325d09171fcfa4a3e828052cb273f148a8ff04)
To see the full list, you can issue the following command with Helm:
diff --git a/chart/doc/releases/8_0.md b/chart/doc/releases/8_0.md
index 502254537879a874d58c6ffe76775a05c4f3fd1b..9bb2a83f371f56a62f16fc484713400add3d0368 100644
--- a/chart/doc/releases/8_0.md
+++ b/chart/doc/releases/8_0.md
@@ -20,13 +20,23 @@ See [GitLab 17 changes](https://docs.gitlab.com/ee/update/versions/gitlab_17_cha
To upgrade to the `8.0` version of the chart, you first need to upgrade to the latest `7.11.x`
release of the chart. Check the [version mapping details](../installation/version_mappings.md) for the latest patch.
-### Upgrade to 8.5.x
+### Upgrade to 8.6.0
+
+The `app` label of the Job that performs the database migrations for the registry metadata database has
+been changed from `registry` to `registry-migrations` to address issues with the selectors of the
+container registry `Deployment` and `PodDisruptionBudget`.
+
+If you don't have the registry metadata database enabled, or don't use it in any external tools
+such as monitoring or logging solutions, you don't need to do anything. If you do use this label,
+please update it accordingly.
+
+### Upgrade to 8.6.x, 8.5.1, 8.4.3, 8.3.6
If you haven't modified the GitLab chart `nginx-ingress.rbac.create` value, or it's set to `true`,
you can skip this section.
-In v8.5.0, the Ingress NGINX Controller image was bumped to v1.11.2, but the Ingress NGINX Controller chart version is
-still on 4.0.6. The old `v1.3.1` controller image is now deprecated and schedule for removal in GitLab chart 8.8.
+In these versions, the Ingress NGINX Controller image was bumped to v1.11.2, but the Ingress NGINX Controller chart version is
+still on 4.0.6. The old `v1.3.1` controller image is now deprecated and schedule for removal in GitLab chart 9.0.
By default the `v1.11.2` will be set. The chart will automatically fallback to `v1.3.1` if the you're setting
`nginx-ingress.rbac.create` to `false`. This is because `v1.11.2` requires new RBAC rules, which we added to our
diff --git a/chart/doc/troubleshooting/index.md b/chart/doc/troubleshooting/index.md
index b93aff3e184316f0ca4222a8c769d00b6127f6d4..943203227334c0096077d9a80cbcabc5bd861adf 100644
--- a/chart/doc/troubleshooting/index.md
+++ b/chart/doc/troubleshooting/index.md
@@ -106,7 +106,7 @@ to ensure that the application does not malfunction to the schema not matching
expectations of the codebase.
1. Find the `migrations` Job. `kubectl get job -lapp=migrations`
-1. Find the Pod being run by the Job. `kubectl get pod -ljob-name=<job-name>`
+1. Find the Pod being run by the Job. `kubectl get pod -lbatch.kubernetes.io/job-name=<job-name>`
1. Examine the output, checking the `STATUS` column.
If the `STATUS` is `Running`, continue. If the `STATUS` is `Completed`, the application containers should start shortly after the next check passes.
diff --git a/chart/requirements.lock b/chart/requirements.lock
index e80fb74f4d44e698d16d50173f07f715673afd89..46d6c248829192f631deb595b2b09725240fa764 100644
--- a/chart/requirements.lock
+++ b/chart/requirements.lock
@@ -13,7 +13,7 @@ dependencies:
version: '*.*.*'
- name: cert-manager
repository: https://charts.jetstack.io/
- version: v1.12.13
+ version: v1.12.14
- name: prometheus
repository: https://prometheus-community.github.io/helm-charts
version: 15.18.0
@@ -22,7 +22,7 @@ dependencies:
version: 12.5.2
- name: gitlab-runner
repository: https://charts.gitlab.io/
- version: 0.70.0
+ version: 0.71.0
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.13.2
@@ -34,7 +34,7 @@ dependencies:
version: '*.*.*'
- name: gitlab-zoekt
repository: https://charts.gitlab.io/
- version: 1.4.1
+ version: 1.4.2
- name: gluon
repository: oci://registry1.dso.mil/bigbang
version: 0.5.3
@@ -44,5 +44,5 @@ dependencies:
- name: kubernetes-ingress
repository: https://haproxytech.github.io/helm-charts
version: 1.32.0
-digest: sha256:229c6b103fdb12ad42d13a565912f9a3aa5d5c426f4c7be6559e2dd765ad796c
-generated: "2024-11-12T12:11:32.508232-06:00"
+digest: sha256:208bdd8f1c59e101010235eb006510a3eb4ff24677f7fb1ec0d93b888d242792
+generated: "2024-12-06T12:04:32.305073916-06:00"
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index 3fa2f53e1a56285a2c827103f2bde9a4af83d51d..7848c324813d4402ce5af7b4593c403d42b71ea6 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -8,7 +8,7 @@ dependencies:
- name: registry
version: '*.*.*'
- name: cert-manager
- version: v1.12.13
+ version: v1.12.14
repository: https://charts.jetstack.io/
condition: certmanager.install
alias: certmanager
@@ -21,7 +21,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: postgresql.install
- name: gitlab-runner
- version: 0.70.1
+ version: 0.71.0
repository: https://charts.gitlab.io/
condition: gitlab-runner.install
- name: redis
@@ -36,7 +36,7 @@ dependencies:
version: '*.*.*'
alias: nginx-ingress-geo
- name: gitlab-zoekt
- version: 1.4.1
+ version: 1.4.2
repository: https://charts.gitlab.io/
condition: gitlab-zoekt.install
- name: gluon
diff --git a/chart/scripts/ci/arm_nodeselectors.yaml b/chart/scripts/ci/arm_nodeselectors.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9ab65e6313cd747be57d7e49e600b7d7f97bbbc2
--- /dev/null
+++ b/chart/scripts/ci/arm_nodeselectors.yaml
@@ -0,0 +1,39 @@
+---
+
+global:
+ nodeSelector:
+ kubernetes.io/arch: arm64
+
+minio:
+ nodeSelector:
+ kubernetes.io/arch: amd64
+
+gitlab-runner:
+ nodeSelector:
+ kubernetes.io/arch: arm64
+
+postgresql:
+ primary:
+ nodeSelector:
+ kubernetes.io/arch: arm64
+ readReplicas:
+ nodeSelector:
+ kubernetes.io/arch: arm64
+ backup.cronjob.labels:
+ nodeSelector:
+ kubernetes.io/arch: arm64
+
+# Redis fails with arm64
+# redis:
+# master:
+# nodeSelector:
+# kubernetes.io/arch: arm64
+# replica:
+# nodeSelector:
+# kubernetes.io/arch: arm64
+
+
+nginx-ingress:
+ nodeSelector:
+ kubernetes.io/arch: amd64
+
diff --git a/chart/scripts/ci/autodevops.sh b/chart/scripts/ci/autodevops.sh
index a50bde0b96f2b360c9ec888dabf8b39c8f4237e1..804203ea0620ca36bbc853ad5eabd53bff8e2a1e 100644
--- a/chart/scripts/ci/autodevops.sh
+++ b/chart/scripts/ci/autodevops.sh
@@ -8,15 +8,26 @@ export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID}
# Derive the Helm RELEASE argument from CI_ENVIRONMENT_SLUG
if [[ $CI_ENVIRONMENT_SLUG =~ ^[^-]+-review ]]; then
+ # if multiarch deployment is on - we will be deploying *two*
+ # charts - one for "amd64" and second for "arm64" thus the need
+ # to avoid name collision:
+ if [ "${DEPLOY_MULTIARCH}" == "true" ]; then
+ RELEASE_NAME="rvw-a-${REVIEW_REF_PREFIX}${CI_COMMIT_SHORT_SHA}"
+ else
+ RELEASE_NAME=rvw-${REVIEW_REF_PREFIX}${CI_COMMIT_SHORT_SHA}
+ fi
# if a "review", use $REVIEW_REF_PREFIX$CI_COMMIT_SHORT_SHA
- RELEASE_NAME=rvw-${REVIEW_REF_PREFIX}${CI_COMMIT_SHORT_SHA}
# Trim release name to leave room for prefixes/suffixes
RELEASE_NAME=${RELEASE_NAME:0:30}
# Trim any hyphens in the suffix
RELEASE_NAME=${RELEASE_NAME%-}
else
# otherwise, use CI_ENVIRONMENT_SLUG
- RELEASE_NAME=$CI_ENVIRONMENT_SLUG
+ if [ "${DEPLOY_MULTIARCH}" == "true" ]; then
+ RELEASE_NAME="a-${CI_ENVIRONMENT_SLUG}"
+ else
+ RELEASE_NAME=$CI_ENVIRONMENT_SLUG
+ fi
fi
export RELEASE_NAME
@@ -43,6 +54,7 @@ function previousDeployFailed() {
}
function deploy() {
+ echo "DEPLOY_MULTIARCH: $DEPLOY_MULTIARCH"
# Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
if [ "$RELEASE_NAME" != "production" ] && previousDeployFailed ; then
echo "Deployment in bad state, cleaning up $RELEASE_NAME"
@@ -154,10 +166,14 @@ CIYAML
SENTRY_CONFIGURATION="-f ci.sentry.yaml"
fi
-
+ MULTIARCH_CONFIGURATION=""
+ if [ "${DEPLOY_MULTIARCH}" == "true" ]; then
+ MULTIARCH_CONFIGURATION="-f scripts/ci/arm_nodeselectors.yaml"
+ fi
helm upgrade --install \
$WAIT \
${SENTRY_CONFIGURATION} \
+ ${MULTIARCH_CONFIGURATION} \
-f ci.details.yaml \
-f ci.scale.yaml \
-f ci.psql.yaml \
diff --git a/chart/spec/configuration/gitlab_shell_spec.rb b/chart/spec/configuration/gitlab_shell_spec.rb
index 8db825143a3487213a37388af4d30f8afefe44bf..7588cbd780e81ee5c395942ea34d9181fc41eb0a 100644
--- a/chart/spec/configuration/gitlab_shell_spec.rb
+++ b/chart/spec/configuration/gitlab_shell_spec.rb
@@ -264,4 +264,69 @@ describe 'gitlab-shell configuration' do
end
end
end
+
+ context 'for PAT' do
+ let(:enabled) { nil }
+ let(:allowed_scopes) { nil }
+
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ gitlab-shell:
+ config:
+ pat:
+ enabled: #{enabled}
+ allowedScopes: #{allowed_scopes}
+ )).deep_merge(default_values)
+ end
+
+ let(:config) { t.dig('ConfigMap/test-gitlab-shell', 'data', 'config.yml.tpl') }
+
+ let(:rendered_config) do
+ rendered = RuntimeTemplate.gomplate(raw_template: config)
+ YAML.safe_load(rendered, aliases: true)
+ end
+
+ context 'when unset' do
+ it 'renders default settings for pat' do
+ expect_successful_exit_code
+
+ expect(rendered_config['pat']['enabled']).to eq(true)
+ expect(rendered_config['pat']['allowed_scopes']).to eq([])
+ end
+ end
+
+ context 'when PAT disabled' do
+ let(:enabled) { false }
+
+ it 'renders pat.enabled as disabled' do
+ expect_successful_exit_code
+
+ expect(rendered_config['pat']['enabled']).to eq(false)
+ expect(rendered_config['pat']['allowed_scopes']).to eq([])
+ end
+ end
+
+ context 'when PAT enabled' do
+ let(:enabled) { true }
+
+ it 'renders pat.enabled as enabled' do
+ expect_successful_exit_code
+
+ expect(rendered_config['pat']['enabled']).to eq(true)
+ expect(rendered_config['pat']['allowed_scopes']).to eq([])
+ end
+ end
+
+ context 'when PAT allowed_scopes are set' do
+ let(:allowed_scopes) { ['read_repository', 'read_api'] }
+
+ it 'renders pat.allowed_scopes' do
+ expect_successful_exit_code
+
+ expect(rendered_config['pat']['enabled']).to eq(true)
+ expect(rendered_config['pat']['allowed_scopes']).to match_array(['read_repository', 'read_api'])
+ end
+ end
+ end
end
diff --git a/chart/spec/configuration/mailroom_spec.rb b/chart/spec/configuration/mailroom_spec.rb
index 143dcc1256f2757d061d9ad94bde7bb13e2aa3e8..1b94ccc49adc39412e67bf6c992b9b6c307557b4 100644
--- a/chart/spec/configuration/mailroom_spec.rb
+++ b/chart/spec/configuration/mailroom_spec.rb
@@ -453,6 +453,22 @@ describe 'Mailroom configuration' do
end
end
+ context 'When customer provides additional annotations' do
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ mailroom:
+ annotations:
+ test-annotation: mailroom-annotation-value
+ )).deep_merge(default_values)
+ end
+ it 'Populates the additional annotations in the expected manner' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+ expect(t.dig('Deployment/test-mailroom', 'spec', 'template', 'metadata', 'annotations')).to include('test-annotation' => 'mailroom-annotation-value')
+ end
+ end
+
context 'When customer provides additional labels' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/registry_spec.rb b/chart/spec/configuration/registry_spec.rb
index 92bb95f448d176da3b95eb9483cf6f6daff7e8d8..2c0210d97b90e3f6b20bbc0e831308d04f0bd700 100644
--- a/chart/spec/configuration/registry_spec.rb
+++ b/chart/spec/configuration/registry_spec.rb
@@ -427,6 +427,140 @@ describe 'registry configuration' do
end
end
end
+
+ describe 'database loadBalancing config' do
+ context 'when replicaCheckInterval is provided' do
+ let(:values) do
+ YAML.safe_load(%(
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ replicaCheckInterval: 1s
+ )).deep_merge(default_values)
+ end
+
+ it 'populates the replicacheckinterval setting correctly' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+
+ expect(t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl')).to include(
+ <<~CONFIG
+ database:
+ enabled: true
+ host: "test-postgresql.default.svc"
+ port: 5432
+ user: registry
+ password: "DB_PASSWORD_FILE"
+ dbname: registry
+ sslmode: disable
+ loadbalancing:
+ enabled: true
+ record: "db-replica-registry.service.consul"
+ replicacheckinterval: "1s"
+ CONFIG
+ )
+ end
+ end
+
+ context 'when replicaCheckInterval is not provided' do
+ let(:values) do
+ YAML.safe_load(%(
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).deep_merge(default_values)
+ end
+
+ it 'does not include the replicaCheckInterval setting' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+
+ expect(t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl')).not_to include('replicacheckinterval')
+ end
+ end
+
+ context 'when nameserver.host and nameserver.port are provided' do
+ let(:values) do
+ YAML.safe_load(%(
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ nameserver:
+ host: "nameserver.example.com"
+ port: 5353
+ )).deep_merge(default_values)
+ end
+
+ it 'populates the nameserver host and port settings correctly' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+
+ expect(t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl')).to include(
+ <<~CONFIG
+ database:
+ enabled: true
+ host: "test-postgresql.default.svc"
+ port: 5432
+ user: registry
+ password: "DB_PASSWORD_FILE"
+ dbname: registry
+ sslmode: disable
+ loadbalancing:
+ enabled: true
+ nameserver: "nameserver.example.com"
+ port: 5353
+ record: "db-replica-registry.service.consul"
+ CONFIG
+ )
+ end
+ end
+
+ context 'when nameserver.host and nameserver.port are not provided' do
+ let(:values) do
+ YAML.safe_load(%(
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).deep_merge(default_values)
+ end
+
+ it 'does not include the nameserver or port settings' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+
+ # there are other `port` attributes in the output, so we need to isolate the `loadbalancing` section prior to validations
+ loadbalancing_block = t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl').match(/loadbalancing:\n(?:.*\n)*?/)
+
+ expect(loadbalancing_block).not_to be_nil
+ expect(loadbalancing_block.to_s).not_to include('nameserver')
+ expect(loadbalancing_block.to_s).not_to include('port')
+ end
+ end
+ end
end
describe 'redis cache config' do
diff --git a/chart/spec/features/backups_spec.rb b/chart/spec/features/backups_spec.rb
index 3aa9bce530c4b3ca5b76e4d741a328561b526c34..8e7595a361efdb7337076c76757872a343b42773 100644
--- a/chart/spec/features/backups_spec.rb
+++ b/chart/spec/features/backups_spec.rb
@@ -28,7 +28,7 @@ describe "Restoring a backup" do
stdout, status = restore_from_backup(skip: 'db')
fail stdout unless status.success?
- stdout, status = set_runner_token
+ stdout, status = update_application_settings
fail stdout unless status.success?
stdout, status = enable_legacy_runner_registration
diff --git a/chart/spec/gitlab_test_helper.rb b/chart/spec/gitlab_test_helper.rb
index 3474abbc01ca9608dc5f949183fb516ea5183bc0..2b3aa2b6416390cf3333a36a22695b435f60f0d8 100644
--- a/chart/spec/gitlab_test_helper.rb
+++ b/chart/spec/gitlab_test_helper.rb
@@ -198,15 +198,35 @@ module Gitlab
return [stdout, status]
end
- def set_runner_token
+ def update_application_settings
cmd = full_command(
- "gitlab-rails runner \"" \
- "settings = ApplicationSetting.current_without_cache; " \
- "settings.update_columns(encrypted_customers_dot_jwt_signing_key_iv: nil, encrypted_customers_dot_jwt_signing_key: nil, encrypted_ci_jwt_signing_key_iv: nil, encrypted_ci_jwt_signing_key: nil, error_tracking_access_token_encrypted: nil); " \
- "settings.set_runners_registration_token('#{runner_registration_token}'); " \
- "settings.save!; " \
- "Ci::Runner.delete_all" \
- "\""
+ <<~RAILS_RUNNER
+ gitlab-rails runner "
+ settings = ApplicationSetting.current_without_cache;
+
+ # Reset runner token
+ settings.update_columns(
+ encrypted_customers_dot_jwt_signing_key_iv: nil,
+ encrypted_customers_dot_jwt_signing_key: nil,
+ encrypted_ci_jwt_signing_key_iv: nil,
+ encrypted_ci_jwt_signing_key: nil,
+ error_tracking_access_token_encrypted: nil);
+ settings.set_runners_registration_token('#{runner_registration_token}');
+
+ # Set FIPS restrictions
+ if File.file?('/etc/system-fips')
+ settings.rsa_key_restriction=3072;
+ settings.dsa_key_restriction=-1;
+ settings.ecdsa_key_restriction=256;
+ settings.ed25519_key_restriction=256;
+ settings.ecdsa_sk_key_restriction=256;
+ settings.ed25519_sk_key_restriction=256;
+ end
+
+ settings.save!;
+ Ci::Runner.delete_all;
+ "
+ RAILS_RUNNER
)
stdout, status = Open3.capture2e(cmd)
diff --git a/chart/spec/integration/check_config/registry_spec.rb b/chart/spec/integration/check_config/registry_spec.rb
index d4210a2ea7ea1e441b69f98e08e9ee306a95ed76..1974a055bd920344e06a6b85686975b99bc78b6c 100644
--- a/chart/spec/integration/check_config/registry_spec.rb
+++ b/chart/spec/integration/check_config/registry_spec.rb
@@ -70,6 +70,137 @@ describe 'checkConfig registry' do
error_description: 'when when database.sslmode is not valid'
end
+ describe 'registry.database.loadBalancing (record)' do
+ let(:success_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).merge(default_required_values)
+ end
+
+ let(:error_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ )).merge(default_required_values)
+ end
+
+ let(:error_output) { '`database.loadBalancing` requires `record` to be provided' }
+
+ include_examples 'config validation',
+ success_description: 'when database load balancing is enabled, with record',
+ error_description: 'when database load balancing is enabled, with no record'
+ end
+
+ describe 'registry.database.loadBalancing requires database.enabled to be true' do
+ let(:success_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).merge(default_required_values)
+ end
+
+ let(:error_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: false
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).merge(default_required_values)
+ end
+
+ let(:error_output) { 'Enabling database load balancing requires the metadata database to be enabled.' }
+
+ include_examples 'config validation',
+ success_description: 'when database load balancing is enabled, with database enabled',
+ error_description: 'when database load balancing is enabled, with database disabled'
+ end
+
+ describe 'registry.database.loadBalancing requires redis.cache.enabled to be true' do
+ let(:success_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: true
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).merge(default_required_values)
+ end
+
+ let(:error_values) do
+ YAML.safe_load(%(
+ postgresql:
+ image:
+ tag: 13
+
+ registry:
+ redis:
+ cache:
+ enabled: false
+ database:
+ enabled: true
+ loadBalancing:
+ enabled: true
+ record: db-replica-registry.service.consul
+ )).merge(default_required_values)
+ end
+
+ let(:error_output) { 'Enabling database load balancing requires Redis caching to be enabled.' }
+
+ include_examples 'config validation',
+ success_description: 'when database load balancing is enabled, with redis cache enabled',
+ error_description: 'when database load balancing is enabled, with redis cache disabled'
+ end
+
describe 'gitlab.checkConfig.registry.sentry.dsn' do
let(:success_values) do
YAML.safe_load(%(
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index 5678cc4b875eee3fd5eaec3268b938553b337eee..1db16bc7dc8022c80482d5ccb8fda00ea05881fd 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -26,6 +26,12 @@ Carefully review the documentation https://docs.gitlab.com/charts/charts/registr
If you encounter a problem with either the import or operation of the registry, please add a comment in the feedback issue https://gitlab.com/gitlab-org/gitlab/-/issues/423459#supported-feature-status.
{{- end }}
+{{- /* If the Container Registry database load balancing is enabled */}}
+{{- if eq .Values.registry.database.loadBalancing.enabled true }}
+{{ $WARNING }}
+The Container Registry database load balancing feature has been enabled. This is an experimental feature under active development and must not be used in production.
+{{- end }}
+
{{- /* Notifications endpoint threshold should use maxretries instead */ -}}
{{- $usesThreshold := false }}
{{- range $v := .Values.global.registry.notifications.endpoints }}
@@ -155,7 +161,7 @@ NGINX Ingress Controller: Default RBAC rules creation has been disabled.
Updates to NGINX Ingress Controller require RBAC changes. Without these,
the installation will fallback to version v1.3.1.
-Read more on https://docs.gitlab.com/charts/releases/8_0.html#upgrade-to-85x
+Read more on https://docs.gitlab.com/charts/releases/8_0.html#upgrade-to-86x-851-843-836
From GitLab chart 8.8+ the NGINX controller image 1.11.2+ will be the default for
any configuration.
diff --git a/chart/templates/_checkConfig.tpl b/chart/templates/_checkConfig.tpl
index 4a595a8f4d05d079a1590217b51ab4a389c13f2f..a4ecd1f75a49c674de34d65c7c0299faea52ec6f 100644
--- a/chart/templates/_checkConfig.tpl
+++ b/chart/templates/_checkConfig.tpl
@@ -74,6 +74,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin
{{- $messages = append $messages (include "gitlab.checkConfig.registry.sentry.dsn" .) -}}
{{- $messages = append $messages (include "gitlab.checkConfig.registry.notifications" .) -}}
{{- $messages = append $messages (include "gitlab.checkConfig.registry.database" .) -}}
+{{- $messages = append $messages (include "gitlab.checkConfig.registry.database.loadBalancing" .) -}}
{{- $messages = append $messages (include "gitlab.checkConfig.registry.redis.cache" .) -}}
{{- $messages = append $messages (include "gitlab.checkConfig.registry.redis.rateLimiting" .) -}}
{{- $messages = append $messages (include "gitlab.checkConfig.registry.tls" .) -}}
diff --git a/chart/templates/_checkConfig_registry.tpl b/chart/templates/_checkConfig_registry.tpl
index 1b44155038387c1601ab7e8edeb23a1f0b128ce3..71f75e15ee1cc9c704b4ba7fce15c18adf4233a4 100644
--- a/chart/templates/_checkConfig_registry.tpl
+++ b/chart/templates/_checkConfig_registry.tpl
@@ -45,6 +45,31 @@ registry:
{{- end -}}
{{/* END gitlab.checkConfig.registry.database */}}
+{{/*
+Ensure Registry database load balancing is configured properly and dependencies are met
+*/}}
+{{- define "gitlab.checkConfig.registry.database.loadBalancing" -}}
+{{- if $.Values.registry.database.loadBalancing.enabled }}
+ {{- if not $.Values.registry.database.enabled }}
+registry:
+ Enabling database load balancing requires the metadata database to be enabled.
+ See https://docs.gitlab.com/charts/charts/registry#load-balancing
+ {{- end }}
+ {{- if not $.Values.registry.redis.cache.enabled }}
+registry:
+ Enabling database load balancing requires Redis caching to be enabled.
+ See https://docs.gitlab.com/charts/charts/registry/#redis-cache
+ {{- end }}
+ {{- if and (kindIs "string" $.Values.registry.database.loadBalancing.record) (empty $.Values.registry.database.loadBalancing.record) }}
+registry:
+ Enabling database load balancing requires the record to not be empty.
+ See https://docs.gitlab.com/charts/charts/registry#load-balancing
+ {{- end }}
+{{- end -}}
+
+{{- end -}}
+{{/* END gitlab.checkConfig.registry.database.loadBalancing */}}
+
{{/*
Ensure Registry Redis cache is configured properly and dependencies are met
*/}}
diff --git a/chart/templates/_runcheck.tpl b/chart/templates/_runcheck.tpl
index 7185cf985816264a0b1f175fa093155e9380e910..6d17a765110f58a7b73e774ef298900dbf7e1170 100644
--- a/chart/templates/_runcheck.tpl
+++ b/chart/templates/_runcheck.tpl
@@ -35,8 +35,8 @@ if [ -d "${secrets_dir}" ]; then
fi
fi
fi
-MIN_VERSION=17.3
-CHART_MIN_VERSION=8.3
+MIN_VERSION=17.5
+CHART_MIN_VERSION=8.5
# Remove 'v' prefix from GitLab version if present (set in Chart.yaml appVersions)
GITLAB_VERSION=${GITLAB_VERSION#v}
diff --git a/chart/values.yaml b/chart/values.yaml
index c39f3e84e72bda6102e997057b2fce0486ecb837..216e49449327286e9df7ef868386a80211807d15 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -57,7 +57,7 @@ global:
edition: ee
## https://docs.gitlab.com/charts/charts/globals#gitlab-version
- gitlabVersion: "17.5.2"
+ gitlabVersion: "17.6.1"
## https://docs.gitlab.com/charts/charts/globals#application-resource
application:
@@ -825,7 +825,7 @@ global:
certificates:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/certificates
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
init:
@@ -874,7 +874,7 @@ global:
kubectl:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
securityContext:
@@ -891,7 +891,7 @@ global:
# 1. UBI does not have the newly required /scripts/set-config template generator in its entrypoint.
# a. trying gitlab-base per https://repo1.dso.mil/dsop/gitlab/gitlab/gitlab-base/-/issues/77
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base
- tag: "17.5.2"
+ tag: "17.6.1"
pullSecrets:
- name: private-registry
@@ -1389,7 +1389,7 @@ postgresql:
image:
registry: registry1.dso.mil
repository: ironbank/opensource/postgres/postgresql
- tag: "14.14"
+ tag: "14.15"
pullSecrets:
- private-registry
auth:
@@ -1478,7 +1478,7 @@ registry:
memory: 1024Mi
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
ingress:
@@ -1618,7 +1618,7 @@ gitlab:
app: gitaly
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
init:
@@ -1695,7 +1695,7 @@ gitlab:
- ALL
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
metrics:
@@ -1740,7 +1740,7 @@ gitlab:
memory: 1.5G
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
securityContext:
@@ -1789,7 +1789,7 @@ gitlab:
memory: 2.5G # = 2 * 1.25G assuming there are 2 workerProcesses configured
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
workhorse:
@@ -1802,7 +1802,7 @@ gitlab:
cpu: 600m
memory: 2.5G
image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
metrics:
@@ -1826,7 +1826,7 @@ gitlab:
sidekiq:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
init:
@@ -1863,7 +1863,7 @@ gitlab:
gitaly:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
init:
@@ -1904,7 +1904,7 @@ gitlab:
gitlab-shell:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
init:
@@ -1948,7 +1948,7 @@ gitlab:
mailroom:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom
- tag: 17.5.2
+ tag: 17.6.1
pullSecrets:
- name: private-registry
containerSecurityContext:
@@ -1965,7 +1965,7 @@ gitlab:
type: ClusterIP
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages
- tag: 17.5.2
+ tag: 17.6.1
containerSecurityContext:
capabilities:
drop:
@@ -1976,7 +1976,7 @@ gitlab:
praefect:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.5.2
+ tag: 17.6.1
init:
resources:
limits:
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 81176ffbe1a676ae39f1e52d78c9dcf53ce4fbe1..514b4b591d0e254a6fe5ce85e5e2d111e7b711fc 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -104,7 +104,7 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
helm upgrade -n bigbang --create-namespace --install \
bigbang ./chart \
-f https://repo1.dso.mil/big-bang/bigbang/-/raw/master/tests/test-values.yaml \
- -f https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/dev-overrides.yaml \
+ -f https://repo1.dso.mil/big-bang/product/packages/gitlab/-/raw/main/docs/dev-overrides.yaml \
--set addons.gitlab.git.branch=YOUR-WORKING-BRANCH-NAME-HERE
```
diff --git a/tests/images.txt b/tests/images.txt
index d7778c8c1a1f9627afac4d8ef6eca78920fbab6a..ca6855a2d4b428c572a1a313ed0a5fc92d337ff7 100644
--- a/tests/images.txt
+++ b/tests/images.txt
@@ -1,2 +1,2 @@
-registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.5.2
-registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.5.2
+registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.6.1
+registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.6.1