diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..0edec293f061be23a17926b7b3c0f7d55d0ca80d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,10 @@
+.idea
+chart/tests/.env
+chart/tests/cypress.env.json
+chart/tests/cypress.config.js
+chart/tests/cypress/downloads/
+chart/tests/cypress/fixtures/
+chart/tests/cypress/support/
+chart/tests/cypress/screenshots/
+chart/tests/cypress/videos/
+node_modules
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43af8aa35402a60c670c8c80b9fdca5b75bc0641..f8a14f6f8ddbb1865c14c41c6e66953c0c2a3ead 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,28 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+
+## [8.3.0-bb.0] (2024-10-23)
+
+### Changed
+
+- ironbank/gitlab/gitlab/gitlab-webservice (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter (source) v1.64.1 -> v1.65.0
+- registry1.dso.mil/ironbank/gitlab/gitlab/certificates (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) v17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse (source) 17.2.9 -> 17.3.6
+- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl (source) 17.2.9 -> 17.3.6
+
## [8.2.9-bb.4] (2024-10-22)
### Added
@@ -80,7 +102,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Update ironbank/bitnami/redis (source) 7.0.0-debian-10-r3 -> 7.4.0
-
## [8.2.7-bb.0] (2024-09-18)
### Changed
diff --git a/README.md b/README.md
index 63369e1b92acda284011ef20d99734138dce7d35..ed8146e260e6b77f5fcd1f16e6907ff09e529fd6 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,12 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# gitlab
- 
+ 
GitLab is the most comprehensive AI-powered DevSecOps Platform.
## Upstream References
+
- <https://about.gitlab.com/>
- <https://gitlab.com/gitlab-org/charts/gitlab>
@@ -27,7 +28,7 @@ The [upstream chart's release notes](https://gitlab.com/gitlab-org/charts/gitlab
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
@@ -48,7 +49,7 @@ helm install gitlab chart/
| global.image | object | `{}` | |
| global.pod.labels | object | `{}` | |
| global.edition | string | `"ee"` | |
-| global.gitlabVersion | string | `"17.2.9"` | |
+| global.gitlabVersion | string | `"17.3.6"` | |
| global.application.create | bool | `false` | |
| global.application.links | list | `[]` | |
| global.application.allowClusterRoles | bool | `true` | |
@@ -360,7 +361,7 @@ helm install gitlab chart/
| global.workhorse.tls.enabled | bool | `false` | |
| global.webservice.workerTimeout | int | `60` | |
| global.certificates.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/certificates"` | |
-| global.certificates.image.tag | string | `"17.2.9"` | |
+| global.certificates.image.tag | string | `"17.3.6"` | |
| global.certificates.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.certificates.init.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| global.certificates.init.securityContext.runAsUser | int | `65534` | |
@@ -397,12 +398,12 @@ helm install gitlab chart/
| global.certificates.customCAs[29].secret | string | `"ca-certs-dod-trust-anchors-self-signed"` | |
| global.certificates.customCAs[30].secret | string | `"ca-certs-eca"` | |
| global.kubectl.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/kubectl"` | |
-| global.kubectl.image.tag | string | `"17.2.9"` | |
+| global.kubectl.image.tag | string | `"17.3.6"` | |
| global.kubectl.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.kubectl.securityContext.runAsUser | int | `65534` | |
| global.kubectl.securityContext.fsGroup | int | `65534` | |
| global.gitlabBase.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base"` | |
-| global.gitlabBase.image.tag | string | `"17.2.9"` | |
+| global.gitlabBase.image.tag | string | `"17.3.6"` | |
| global.gitlabBase.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.serviceAccount.enabled | bool | `true` | |
| global.serviceAccount.create | bool | `true` | |
@@ -415,6 +416,7 @@ helm install gitlab chart/
| global.extraEnv | object | `{}` | |
| global.extraEnvFrom | object | `{}` | |
| global.job.nameSuffixOverride | string | `nil` | |
+| global.traefik.apiVersion | string | `""` | |
| containerSecurityContext.runAsUser | int | `65534` | |
| containerSecurityContext.runAsGroup | int | `65534` | |
| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
@@ -425,6 +427,7 @@ helm install gitlab chart/
| upgradeCheck.securityContext.runAsUser | int | `65534` | |
| upgradeCheck.securityContext.runAsGroup | int | `65534` | |
| upgradeCheck.securityContext.fsGroup | int | `65534` | |
+| upgradeCheck.containerSecurityContext | object | `{}` | |
| upgradeCheck.tolerations | list | `[]` | |
| upgradeCheck.annotations."sidecar.istio.io/inject" | string | `"true"` | |
| upgradeCheck.configMapAnnotations | object | `{}` | |
@@ -464,86 +467,86 @@ helm install gitlab chart/
| nginx-ingress-geo.<<.controller.config.server-name-hash-bucket-size | string | `"256"` | |
| nginx-ingress.controller.config.server-name-hash-bucket-size | string | `"256"` | |
| nginx-ingress-geo.controller.config.<<.use-http2 | string | `"true"` | |
-| nginx-ingress-geo.controller.<<.config.use-http2 | string | `"true"` | |
| nginx-ingress.controller.config.use-http2 | string | `"true"` | |
+| nginx-ingress-geo.controller.<<.config.use-http2 | string | `"true"` | |
| nginx-ingress-geo.<<.controller.config.use-http2 | string | `"true"` | |
+| nginx-ingress-geo.<<.controller.config.ssl-ciphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"` | |
| nginx-ingress.controller.config.ssl-ciphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"` | |
| nginx-ingress-geo.controller.<<.config.ssl-ciphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"` | |
-| nginx-ingress-geo.<<.controller.config.ssl-ciphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"` | |
| nginx-ingress-geo.controller.config.<<.ssl-ciphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"` | |
| nginx-ingress-geo.<<.controller.config.ssl-protocols | string | `"TLSv1.3 TLSv1.2"` | |
-| nginx-ingress-geo.controller.config.<<.ssl-protocols | string | `"TLSv1.3 TLSv1.2"` | |
| nginx-ingress.controller.config.ssl-protocols | string | `"TLSv1.3 TLSv1.2"` | |
| nginx-ingress-geo.controller.<<.config.ssl-protocols | string | `"TLSv1.3 TLSv1.2"` | |
-| nginx-ingress-geo.<<.controller.config.server-tokens | string | `"false"` | |
-| nginx-ingress.controller.config.server-tokens | string | `"false"` | |
-| nginx-ingress-geo.controller.<<.config.server-tokens | string | `"false"` | |
+| nginx-ingress-geo.controller.config.<<.ssl-protocols | string | `"TLSv1.3 TLSv1.2"` | |
| nginx-ingress-geo.controller.config.<<.server-tokens | string | `"false"` | |
-| nginx-ingress.controller.config.upstream-keepalive-connections | int | `100` | |
+| nginx-ingress-geo.controller.<<.config.server-tokens | string | `"false"` | |
+| nginx-ingress.controller.config.server-tokens | string | `"false"` | |
+| nginx-ingress-geo.<<.controller.config.server-tokens | string | `"false"` | |
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-connections | int | `100` | |
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-connections | int | `100` | |
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-connections | int | `100` | |
+| nginx-ingress.controller.config.upstream-keepalive-connections | int | `100` | |
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-time | string | `"30s"` | |
-| nginx-ingress-geo.<<.controller.config.upstream-keepalive-time | string | `"30s"` | |
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-time | string | `"30s"` | |
+| nginx-ingress-geo.<<.controller.config.upstream-keepalive-time | string | `"30s"` | |
| nginx-ingress.controller.config.upstream-keepalive-time | string | `"30s"` | |
-| nginx-ingress-geo.controller.<<.config.upstream-keepalive-timeout | int | `5` | |
| nginx-ingress.controller.config.upstream-keepalive-timeout | int | `5` | |
-| nginx-ingress-geo.controller.config.<<.upstream-keepalive-timeout | int | `5` | |
+| nginx-ingress-geo.controller.<<.config.upstream-keepalive-timeout | int | `5` | |
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-timeout | int | `5` | |
+| nginx-ingress-geo.controller.config.<<.upstream-keepalive-timeout | int | `5` | |
| nginx-ingress.controller.config.upstream-keepalive-requests | int | `1000` | |
-| nginx-ingress-geo.<<.controller.config.upstream-keepalive-requests | int | `1000` | |
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-requests | int | `1000` | |
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-requests | int | `1000` | |
+| nginx-ingress-geo.<<.controller.config.upstream-keepalive-requests | int | `1000` | |
| nginx-ingress-geo.<<.controller.service.externalTrafficPolicy | string | `"Local"` | |
-| nginx-ingress.controller.service.externalTrafficPolicy | string | `"Local"` | |
| nginx-ingress-geo.controller.<<.service.externalTrafficPolicy | string | `"Local"` | |
-| nginx-ingress-geo.controller.<<.ingressClassByName | bool | `false` | |
+| nginx-ingress.controller.service.externalTrafficPolicy | string | `"Local"` | |
| nginx-ingress-geo.<<.controller.ingressClassByName | bool | `false` | |
+| nginx-ingress-geo.controller.<<.ingressClassByName | bool | `false` | |
| nginx-ingress.controller.ingressClassByName | bool | `false` | |
-| nginx-ingress.controller.ingressClassResource.name | string | `"{{ include \"ingress.class.name\" $ }}"` | |
| nginx-ingress-geo.<<.controller.ingressClassResource.name | string | `"{{ include \"ingress.class.name\" $ }}"` | |
+| nginx-ingress.controller.ingressClassResource.name | string | `"{{ include \"ingress.class.name\" $ }}"` | |
| nginx-ingress-geo.controller.<<.ingressClassResource.name | string | `"{{ include \"ingress.class.name\" $ }}"` | |
+| nginx-ingress-geo.controller.<<.resources.requests.cpu | string | `"100m"` | |
| nginx-ingress.controller.resources.requests.cpu | string | `"100m"` | |
| nginx-ingress-geo.<<.controller.resources.requests.cpu | string | `"100m"` | |
-| nginx-ingress-geo.controller.<<.resources.requests.cpu | string | `"100m"` | |
-| nginx-ingress.controller.resources.requests.memory | string | `"100Mi"` | |
| nginx-ingress-geo.controller.<<.resources.requests.memory | string | `"100Mi"` | |
+| nginx-ingress.controller.resources.requests.memory | string | `"100Mi"` | |
| nginx-ingress-geo.<<.controller.resources.requests.memory | string | `"100Mi"` | |
-| nginx-ingress-geo.<<.controller.publishService.enabled | bool | `true` | |
| nginx-ingress-geo.controller.<<.publishService.enabled | bool | `true` | |
| nginx-ingress.controller.publishService.enabled | bool | `true` | |
-| nginx-ingress-geo.controller.<<.replicaCount | int | `2` | |
+| nginx-ingress-geo.<<.controller.publishService.enabled | bool | `true` | |
| nginx-ingress-geo.<<.controller.replicaCount | int | `2` | |
| nginx-ingress.controller.replicaCount | int | `2` | |
-| nginx-ingress-geo.controller.<<.minAvailable | int | `1` | |
+| nginx-ingress-geo.controller.<<.replicaCount | int | `2` | |
| nginx-ingress.controller.minAvailable | int | `1` | |
| nginx-ingress-geo.<<.controller.minAvailable | int | `1` | |
+| nginx-ingress-geo.controller.<<.minAvailable | int | `1` | |
+| nginx-ingress-geo.controller.<<.scope.enabled | bool | `true` | |
| nginx-ingress.controller.scope.enabled | bool | `true` | |
| nginx-ingress-geo.<<.controller.scope.enabled | bool | `true` | |
-| nginx-ingress-geo.controller.<<.scope.enabled | bool | `true` | |
| nginx-ingress-geo.controller.<<.metrics.enabled | bool | `true` | |
-| nginx-ingress-geo.<<.controller.metrics.enabled | bool | `true` | |
| nginx-ingress.controller.metrics.enabled | bool | `true` | |
+| nginx-ingress-geo.<<.controller.metrics.enabled | bool | `true` | |
| nginx-ingress-geo.controller.<<.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | `"true"` | |
| nginx-ingress.controller.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | `"true"` | |
| nginx-ingress-geo.<<.controller.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | `"true"` | |
| nginx-ingress.controller.metrics.service.annotations."gitlab.com/prometheus_port" | string | `"10254"` | |
| nginx-ingress-geo.<<.controller.metrics.service.annotations."gitlab.com/prometheus_port" | string | `"10254"` | |
| nginx-ingress-geo.controller.<<.metrics.service.annotations."gitlab.com/prometheus_port" | string | `"10254"` | |
+| nginx-ingress.controller.metrics.service.annotations."prometheus.io/scrape" | string | `"true"` | |
| nginx-ingress-geo.controller.<<.metrics.service.annotations."prometheus.io/scrape" | string | `"true"` | |
| nginx-ingress-geo.<<.controller.metrics.service.annotations."prometheus.io/scrape" | string | `"true"` | |
-| nginx-ingress.controller.metrics.service.annotations."prometheus.io/scrape" | string | `"true"` | |
| nginx-ingress-geo.controller.<<.metrics.service.annotations."prometheus.io/port" | string | `"10254"` | |
| nginx-ingress-geo.<<.controller.metrics.service.annotations."prometheus.io/port" | string | `"10254"` | |
| nginx-ingress.controller.metrics.service.annotations."prometheus.io/port" | string | `"10254"` | |
-| nginx-ingress-geo.<<.controller.admissionWebhooks.enabled | bool | `false` | |
| nginx-ingress.controller.admissionWebhooks.enabled | bool | `false` | |
| nginx-ingress-geo.controller.<<.admissionWebhooks.enabled | bool | `false` | |
+| nginx-ingress-geo.<<.controller.admissionWebhooks.enabled | bool | `false` | |
| nginx-ingress-geo.<<.defaultBackend.resources.requests.cpu | string | `"5m"` | |
| nginx-ingress.defaultBackend.resources.requests.cpu | string | `"5m"` | |
-| nginx-ingress.defaultBackend.resources.requests.memory | string | `"5Mi"` | |
| nginx-ingress-geo.<<.defaultBackend.resources.requests.memory | string | `"5Mi"` | |
+| nginx-ingress.defaultBackend.resources.requests.memory | string | `"5Mi"` | |
| nginx-ingress.rbac.create | bool | `true` | |
| nginx-ingress-geo.<<.rbac.create | bool | `true` | |
| nginx-ingress-geo.<<.rbac.scope | bool | `false` | |
@@ -672,7 +675,7 @@ helm install gitlab chart/
| redis.metrics.enabled | bool | `true` | |
| redis.metrics.image.registry | string | `"registry1.dso.mil/ironbank/bitnami"` | |
| redis.metrics.image.repository | string | `"analytics/redis-exporter"` | |
-| redis.metrics.image.tag | string | `"v1.64.1"` | |
+| redis.metrics.image.tag | string | `"v1.65.0"` | |
| redis.metrics.image.pullSecrets | list | `[]` | |
| redis.metrics.resources.limits.cpu | string | `"250m"` | |
| redis.metrics.resources.limits.memory | string | `"256Mi"` | |
@@ -772,7 +775,7 @@ helm install gitlab chart/
| registry.resources.requests.cpu | string | `"200m"` | |
| registry.resources.requests.memory | string | `"1024Mi"` | |
| registry.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry"` | |
-| registry.image.tag | string | `"17.2.9"` | |
+| registry.image.tag | string | `"17.3.6"` | |
| registry.image.pullSecrets[0].name | string | `"private-registry"` | |
| registry.ingress.enabled | bool | `false` | |
| registry.metrics.enabled | bool | `true` | |
@@ -828,7 +831,7 @@ helm install gitlab chart/
| gitlab.toolbox.replicas | int | `1` | |
| gitlab.toolbox.antiAffinityLabels.matchLabels.app | string | `"gitaly"` | |
| gitlab.toolbox.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.toolbox.image.tag | string | `"17.2.9"` | |
+| gitlab.toolbox.image.tag | string | `"17.3.6"` | |
| gitlab.toolbox.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.toolbox.init.resources.requests.cpu | string | `"200m"` | |
| gitlab.toolbox.init.resources.requests.memory | string | `"200Mi"` | |
@@ -865,7 +868,7 @@ helm install gitlab chart/
| gitlab.gitlab-exporter.resources.requests.memory | string | `"200Mi"` | |
| gitlab.gitlab-exporter.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-exporter.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter"` | |
-| gitlab.gitlab-exporter.image.tag | string | `"17.2.9"` | |
+| gitlab.gitlab-exporter.image.tag | string | `"17.3.6"` | |
| gitlab.gitlab-exporter.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-exporter.metrics.enabled | bool | `true` | |
| gitlab.gitlab-exporter.metrics.port | int | `9168` | |
@@ -887,7 +890,7 @@ helm install gitlab chart/
| gitlab.migrations.resources.requests.cpu | string | `"500m"` | |
| gitlab.migrations.resources.requests.memory | string | `"1.5G"` | |
| gitlab.migrations.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.migrations.image.tag | string | `"17.2.9"` | |
+| gitlab.migrations.image.tag | string | `"17.3.6"` | |
| gitlab.migrations.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.migrations.securityContext.runAsUser | int | `1000` | |
| gitlab.migrations.securityContext.runAsGroup | int | `1000` | |
@@ -911,14 +914,14 @@ helm install gitlab chart/
| gitlab.webservice.resources.requests.cpu | string | `"300m"` | |
| gitlab.webservice.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice"` | |
-| gitlab.webservice.image.tag | string | `"17.2.9"` | |
+| gitlab.webservice.image.tag | string | `"17.3.6"` | |
| gitlab.webservice.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.resources.limits.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.limits.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.resources.requests.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.image | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse"` | |
-| gitlab.webservice.workhorse.tag | string | `"17.2.9"` | |
+| gitlab.webservice.workhorse.tag | string | `"17.3.6"` | |
| gitlab.webservice.workhorse.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.metrics.enabled | bool | `true` | |
| gitlab.webservice.workhorse.metrics.serviceMonitor.enabled | bool | `true` | |
@@ -929,7 +932,7 @@ helm install gitlab chart/
| gitlab.webservice.metrics.serviceMonitor.enabled | bool | `true` | |
| gitlab.webservice.helmTests.enabled | bool | `false` | |
| gitlab.sidekiq.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq"` | |
-| gitlab.sidekiq.image.tag | string | `"17.2.9"` | |
+| gitlab.sidekiq.image.tag | string | `"17.3.6"` | |
| gitlab.sidekiq.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.sidekiq.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.sidekiq.init.resources.limits.memory | string | `"200Mi"` | |
@@ -947,7 +950,7 @@ helm install gitlab chart/
| gitlab.sidekiq.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.sidekiq.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitaly.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.gitaly.image.tag | string | `"17.2.9"` | |
+| gitlab.gitaly.image.tag | string | `"17.3.6"` | |
| gitlab.gitaly.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitaly.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitaly.init.resources.limits.memory | string | `"200Mi"` | |
@@ -967,7 +970,7 @@ helm install gitlab chart/
| gitlab.gitaly.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitaly.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-shell.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell"` | |
-| gitlab.gitlab-shell.image.tag | string | `"17.2.9"` | |
+| gitlab.gitlab-shell.image.tag | string | `"17.3.6"` | |
| gitlab.gitlab-shell.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-shell.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitlab-shell.init.resources.limits.memory | string | `"200Mi"` | |
@@ -985,15 +988,15 @@ helm install gitlab chart/
| gitlab.gitlab-shell.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitlab-shell.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.mailroom.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom"` | |
-| gitlab.mailroom.image.tag | string | `"17.2.9"` | |
+| gitlab.mailroom.image.tag | string | `"17.3.6"` | |
| gitlab.mailroom.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.mailroom.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-pages.service.customDomains.type | string | `"ClusterIP"` | |
| gitlab.gitlab-pages.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages"` | |
-| gitlab.gitlab-pages.image.tag | string | `"17.2.9"` | |
+| gitlab.gitlab-pages.image.tag | string | `"17.3.6"` | |
| gitlab.gitlab-pages.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.praefect.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.praefect.image.tag | string | `"17.2.9"` | |
+| gitlab.praefect.image.tag | string | `"17.3.6"` | |
| gitlab.praefect.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.praefect.init.resources.limits.memory | string | `"200Mi"` | |
| gitlab.praefect.init.resources.requests.cpu | string | `"200m"` | |
@@ -1124,4 +1127,3 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
-
diff --git a/chart/.gitlab-ci.yml b/chart/.gitlab-ci.yml
index 664c9aabbc6707a49e70072ce36d56b591ad35ce..2e447075ccb042a0f40c8b40d7ba5d9b6dbb19f5 100644
--- a/chart/.gitlab-ci.yml
+++ b/chart/.gitlab-ci.yml
@@ -28,7 +28,7 @@ default:
variables:
AUTO_DEPLOY_TAG_REGEX: '^[0-9]+\.[0-9]+\.[0-9]+\+[a-z0-9]{7,}$'
- DOCKER_VERSION: "24.0.6"
+ DOCKER_VERSION: "27.1.1"
HELM_VERSION: "3.10.3"
KUBECTL_VERSION: "1.27.9"
STABLE_REPO_URL: "https://charts.helm.sh/stable"
@@ -50,7 +50,7 @@ variables:
DEBIAN_VERSION: bookworm
RUBY_VERSION: "3.1.5"
CI_TOOLS_VERSION: "4.22.0"
- GITLAB_QA_VERSION: "14.12.0"
+ GITLAB_QA_VERSION: "14.13.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
@@ -87,6 +87,7 @@ stages:
include:
- local: '/.gitlab/ci/rules.gitlab-ci.yml'
- local: '/.gitlab/ci/review-apps.gitlab-ci.yml'
+ - local: '/.gitlab/ci/operator.gitlab-ci.yml'
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
- template: Jobs/SAST.latest.gitlab-ci.yml
diff --git a/chart/.gitlab/ci/operator.gitlab-ci.yml b/chart/.gitlab/ci/operator.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1f538d8a747ba6eef8badb54c6e78303e2b5a7a2
--- /dev/null
+++ b/chart/.gitlab/ci/operator.gitlab-ci.yml
@@ -0,0 +1,14 @@
+trigger_operator_test:
+ stage: approve-review-apps
+ trigger:
+ project: 'gitlab-org/cloud-native/gitlab-operator'
+ branch: master
+ variables:
+ CHARTS_REF: "${CI_COMMIT_SHA}"
+ TRIGGER_PROJECT: "${CI_PROJECT_PATH}"
+ inherit:
+ variables: false
+ when: manual
+ rules:
+ - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PIPELINE_SOURCE == "merge_request_event"'
+
diff --git a/chart/.markdownlint-cli2.yaml b/chart/.markdownlint-cli2.yaml
index 812ab05f6b21a23bb1363af822e213c2439bd130..a56c1c1f1ddc41c3e78bfe274a8fd12d3442829e 100644
--- a/chart/.markdownlint-cli2.yaml
+++ b/chart/.markdownlint-cli2.yaml
@@ -16,7 +16,12 @@ config:
style: "atx"
hr-style: # MD035
style: "---"
- line-length: false # MD013
+ line-length: # MD013
+ code_blocks: false
+ tables: false
+ headings: true
+ heading_line_length: 100
+ line_length: 800
no-duplicate-heading: # MD024
siblings_only: true
no-emphasis-as-heading: false # MD036
diff --git a/chart/.vale.ini b/chart/.vale.ini
index 13b198b914877dfa188f0ec62fe863a20e260287..8d8dd99f17a5be20013366fc69a8943af80b9a39 100644
--- a/chart/.vale.ini
+++ b/chart/.vale.ini
@@ -6,4 +6,7 @@ StylesPath = doc/.vale
MinAlertLevel = suggestion
[*.md]
-BasedOnStyles = gitlab
+BasedOnStyles = gitlab_base, gitlab_docs
+
+# Ignore SVG markup
+TokenIgnores = (\*\*\{\w*\}\*\*)
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index 2c9e00f0970cdfc8da7da147837221d52da5915f..41f983a9710141f258296cfa12c2d97f5a99877c 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -2,33 +2,50 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
-## 8.2.9 (2024-10-09)
+## 8.3.6 (2024-10-22)
No changes.
-## 8.2.8 (2024-09-25)
+## 8.3.5 (2024-10-09)
No changes.
-## 8.2.7 (2024-09-16)
+## 8.3.4 (2024-09-24)
No changes.
-## 8.2.6 (2024-09-13)
+## 8.3.3 (2024-09-16)
No changes.
-## 8.2.5 (2024-09-11)
+## 8.3.2 (2024-09-11)
No changes.
-## 8.2.4 (2024-08-21)
+## 8.3.1 (2024-08-20)
No changes.
-## 8.2.3 (2024-08-20)
+## 8.3.0 (2024-08-14)
-No changes.
+### Added (4 changes)
+
+- [Add support for Redis usernames in Workhorse config](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/9d39fcf7abf8dc8c987592b6a8e69739740a2c32) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3877))
+- [Add support for configuring Redis client timeouts](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/d0cb87cbc5b07d2a7f80cf63376a8893b1c7e150) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3825))
+- [Support Redis cluster configuration for registry rate-limiting](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/0658f782489dd8d9d2d351773ecae817d1d4c106) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3844))
+- [Traefik: implement template for apiVersion](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/dab859121cf325d508f732d6b92f5871c93076c2) by @marcel1802 ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3837))
+
+### Fixed (3 changes)
+
+- [Support Redis usernames for gitlab-kas](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ee710780e678c82a8af49424dbc77d60fd4d8c70) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3877))
+- [Sync Gitaly graceful shutdown with pod](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/3d91502b4b57d5466e3ab5c62cdc4763cd7617ba) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3870))
+- [Make GitLab Exporter work with global.redis.queues definition](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/1da8f2d29c5b720be1f2f654246d447b05cc8b6e) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3795))
+
+### Changed (3 changes)
+
+- [Update Helm release gitlab-runner to v0.67.1](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/f44a22b79ca6c1193b342306dd5b2a295e03e09a) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3871))
+- [Update gitlab-org/charts/gitlab-runner from 0.66.0 to 0.67.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/b467affed97511abb50aacc2dbfab479694624b5) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3849))
+- [Update gitlab-org/gitlab-qa from 14.12.0 to 14.13.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/8c71f92f9de6e01ffddc7d004987f18901104a26) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3848))
## 8.2.2 (2024-08-06)
@@ -57,6 +74,14 @@ No changes.
- [Update cert-manager/cert-manager from 1.12.11 to 1.12.12](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/726af7eb0d223e28ba35b0287a3134ba267ddd01) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3817))
- [Update gitlab-org/charts/gitlab-runner from 0.65.0 to 0.66.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/4b2f9346d27fa467ea97cc4f44794288e61325a8) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3810))
+## 8.1.4 (2024-08-06)
+
+No changes.
+
+## 8.1.3 (2024-07-24)
+
+No changes.
+
## 8.1.2 (2024-07-09)
### Changed (1 change)
@@ -100,6 +125,16 @@ No changes.
- [Remove gke125 CI jobs](gitlab-org/charts/gitlab@57ced9243021af6de6e324f2ec5ad17b5dcf975e) ([merge request](gitlab-org/charts/gitlab!3760))
+## 8.0.6 (2024-08-06)
+
+### Changed (1 change)
+
+- [Update gitlab-org/charts/gitlab-runner from 0.64.1 to 0.65.0](https://gitlab.com/gitlab-org/security/charts/gitlab/-/commit/62619d53b4d05b3ea740fda9bde573e659172cad)
+
+## 8.0.5 (2024-07-24)
+
+No changes.
+
## 8.0.4 (2024-07-09)
No changes.
@@ -148,6 +183,14 @@ No changes.
- [Remove deprecated queue selector and negate options from Sidekiq chart](gitlab-org/charts/gitlab@6c3bf44290e29b230132bb17d244d38e218eb15b) ([merge request](gitlab-org/charts/gitlab!3697))
- [Remove support for busybox init containers](gitlab-org/charts/gitlab@f85e7f94cc4863038461daece756081e9d1d960a) ([merge request](gitlab-org/charts/gitlab!3709))
+## 7.11.8 (2024-08-05)
+
+No changes.
+
+## 7.11.7 (2024-07-23)
+
+No changes.
+
## 7.11.6 (2024-07-09)
No changes.
@@ -200,6 +243,10 @@ No changes.
- [Allow routing rules to contain shard information](gitlab-org/charts/gitlab@aad02140fdabbf2a045e2701b8f1f5b6c3ab81c5) ([merge request](gitlab-org/charts/gitlab!3682))
+## 7.10.9 (2024-07-23)
+
+No changes.
+
## 7.10.8 (2024-06-25)
No changes.
@@ -250,6 +297,10 @@ No changes.
- [Removed kubernetes 1.22 testing](gitlab-org/charts/gitlab@ca9ec21a32e28e63b8e731c317d5089384c9c782) ([merge request](gitlab-org/charts/gitlab!3597))
+## 7.9.10 (2024-07-23)
+
+No changes.
+
## 7.9.9 (2024-06-25)
No changes.
@@ -310,6 +361,10 @@ No changes.
- [Update gitlab-org/gitlab-exporter from 13.5.0 to 14.0.0](gitlab-org/charts/gitlab@6cedee72b82377bbea9ca4c915c4e9bd83d22a45) ([merge request](gitlab-org/charts/gitlab!3542))
- [Update gitlab-org/gitlab-qa from 13.1.0 to 13.2.1](gitlab-org/charts/gitlab@8c970eb366b508ef20d30c6369a6aeee57fed149) ([merge request](gitlab-org/charts/gitlab!3573))
+## 7.8.9 (2024-07-23)
+
+No changes.
+
## 7.8.8 (2024-06-25)
No changes.
@@ -358,7 +413,7 @@ No changes.
### Changed (5 changes)
-- [Stop sidekiq namespaced probes in gitlab-exporter ](gitlab-org/charts/gitlab@aec9b2e9bad6c64b03a3f38abaf86c3731920915) ([merge request](gitlab-org/charts/gitlab!3479))
+- [Stop sidekiq namespaced probes in gitlab-exporter](gitlab-org/charts/gitlab@aec9b2e9bad6c64b03a3f38abaf86c3731920915) ([merge request](gitlab-org/charts/gitlab!3479))
- [Require upgrade stop at 16.7/chart 7.7](gitlab-org/charts/gitlab@25cd781235f9e91c8754cf6157ef4b75bf3cdc5b) ([merge request](gitlab-org/charts/gitlab!3559))
- [Update gitlab-org/charts/gitlab-runner from 0.59.2 to 0.60.0](gitlab-org/charts/gitlab@aa2dfde6fe0556b1ab4c5fc270e120464a7fac4a) ([merge request](gitlab-org/charts/gitlab!3549))
- [Update gitlab-org/gitlab-qa from 13.0.0 to 13.1.0](gitlab-org/charts/gitlab@02624f32e73ac31e78309e4fec083de88e14f6c4) ([merge request](gitlab-org/charts/gitlab!3539))
@@ -368,6 +423,10 @@ No changes.
- [Provide option to configure kas redis using global.redis.kas](gitlab-org/charts/gitlab@3e03a63726406922b39057c804d1d7d43508946f) ([merge request](gitlab-org/charts/gitlab!3544))
+## 7.7.9 (2024-07-23)
+
+No changes.
+
## 7.7.8 (2024-06-25)
No changes.
@@ -424,6 +483,10 @@ No changes.
- [Doc: FIPS Add note of UBI expectations for FIPS mode host](gitlab-org/charts/gitlab@4274d077ab7d6b08b9ac640182640b02ea22b4f7) ([merge request](gitlab-org/charts/gitlab!3487))
+## 7.6.9 (2024-07-23)
+
+No changes.
+
## 7.6.8 (2024-06-25)
No changes.
@@ -483,6 +546,10 @@ No changes.
- [Deprecate namespace in mailroom.yml](gitlab-org/charts/gitlab@781a94d070a5ae221c33f1a31fdd9ecde15f2be6) ([merge request](gitlab-org/charts/gitlab!3419))
+## 7.5.9 (2024-07-23)
+
+No changes.
+
## 7.5.8 (2024-01-24)
No changes.
@@ -544,6 +611,10 @@ No changes.
- [Enable dual-namespace polling for sidekiq probe in gitlab-exporter](gitlab-org/charts/gitlab@08e94769a6169bdc380e7d46b3ed300aa9c9cfab) ([merge request](gitlab-org/charts/gitlab!3388))
+## 7.4.6 (2024-07-23)
+
+No changes.
+
## 7.4.5 (2024-01-11)
No changes.
@@ -591,6 +662,10 @@ No changes.
- [Update gitlab-org/container-registry from 3.79.0-gitlab to 3.80.0-gitlab](gitlab-org/charts/gitlab@7f61401aaa147497b4a9a32fa25a1c6896bfe394) ([merge request](gitlab-org/charts/gitlab!3341))
- [Update gitlab-org/gitlab-qa from 12.2.1 to 12.3.0](gitlab-org/charts/gitlab@021b652e4100e94f0f59985cdb21022015275b61) ([merge request](gitlab-org/charts/gitlab!3349))
+## 7.3.8 (2024-07-23)
+
+No changes.
+
## 7.3.7 (2024-01-11)
No changes.
@@ -640,6 +715,10 @@ No changes.
- [Update gitlab-org/gitlab-qa from 12.2.0 to 12.2.1](gitlab-org/charts/gitlab@eff824a0b05538a9d648e21601ac444fc578a701) ([merge request](gitlab-org/charts/gitlab!3299))
- [Update gitlab-org/charts/gitlab-runner from 0.52.0 to 0.53.0](gitlab-org/charts/gitlab@44694d066d142a42600fd152cc7ce2ca532ab72b) ([merge request](gitlab-org/charts/gitlab!3192))
+## 7.2.10 (2024-07-23)
+
+No changes.
+
## 7.2.9 (2024-01-11)
No changes.
@@ -707,6 +786,10 @@ No changes.
- [Remove registry migration configuration](gitlab-org/charts/gitlab@7593db8956336c56f038542e6e89d5c8690f03de) ([merge request](gitlab-org/charts/gitlab!3280))
+## 7.1.7 (2024-07-23)
+
+No changes.
+
## 7.1.6 (2024-01-11)
No changes.
@@ -768,6 +851,12 @@ No changes.
- [Add troubleshooting docs on s3cmd PermissionError](gitlab-org/charts/gitlab@fb92de457cd14c19218db9c8f37a8672051becdf) ([merge request](gitlab-org/charts/gitlab!3198))
- [Postgres: correct minimum version in NOTES](gitlab-org/charts/gitlab@5ea24b44e59236bd82b3a81f6c9f0601159778d7) by @jouve ([merge request](gitlab-org/charts/gitlab!3213))
+## 7.0.9 (2024-07-23)
+
+### Fixed (1 change)
+
+- [Use tcp prefix for KAS service port names](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/78b9f549790ec74398ab53826991b1a9c3e9f2a6) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3339))
+
## 7.0.8 (2023-08-01)
No changes.
@@ -809,7 +898,7 @@ No changes.
- [Registry; add support for database discovery for primary records](gitlab-org/charts/gitlab@02618c9b63bfac6c6baf257bc020439a45d3f220) ([merge request](gitlab-org/charts/gitlab!3142))
- [Add SMTP read and write timeout values](gitlab-org/charts/gitlab@843467c988f90f358d58ace7c6514634443b384f) ([merge request](gitlab-org/charts/gitlab!3156))
- [Add annotations to upgradeCheck ConfigMap](gitlab-org/charts/gitlab@9bd462052cc3ca33994ff262c66208ec8d70a7c8) by @LukasAuerbeck ([merge request](gitlab-org/charts/gitlab!3116))
-- [ Adding containerSecurityContext logic to geo chart](gitlab-org/charts/gitlab@10d9b8c945f10f9e84f1b280e88a040e33586f5b) ([merge request](gitlab-org/charts/gitlab!3127))
+- [Adding containerSecurityContext logic to geo chart](gitlab-org/charts/gitlab@10d9b8c945f10f9e84f1b280e88a040e33586f5b) ([merge request](gitlab-org/charts/gitlab!3127))
- [Allow configuring an embedding database](gitlab-org/charts/gitlab@6a923ec7421e814add2fef3069320c13f28f354c) ([merge request](gitlab-org/charts/gitlab!3107))
### Fixed (7 changes)
@@ -987,7 +1076,7 @@ No changes.
### Added (6 changes)
- [Support setting extra env vars for kas](gitlab-org/charts/gitlab@f8c5589fc5c82ea20b3798838da007b066ec67e4) ([merge request](gitlab-org/charts/gitlab!3023))
-- [Add containerSecurityContext helper templates and values to Gitaly chart ](gitlab-org/charts/gitlab@a7cd11bbc886271d4212ad368fd41885a674a647) by @BrettSeedling ([merge request](gitlab-org/charts/gitlab!2793))
+- [Add containerSecurityContext helper templates and values to Gitaly chart](gitlab-org/charts/gitlab@a7cd11bbc886271d4212ad368fd41885a674a647) by @BrettSeedling ([merge request](gitlab-org/charts/gitlab!2793))
- [Add new cron backup parameter Ref #3076](gitlab-org/charts/gitlab@42b7f8dab938d0d748318d736a42e0070472ccea) by @Vedrillan ([merge request](gitlab-org/charts/gitlab!2984))
- [Add support for Gitaly GPG signing](gitlab-org/charts/gitlab@d65fa4b7880f2b006cb1f0b54c704d47febee136) ([merge request](gitlab-org/charts/gitlab!2754))
- [Add support for fsGroupChangePolicy to all subcharts](gitlab-org/charts/gitlab@20283351cbe24015d25b7823746534c9b65a139a) ([merge request](gitlab-org/charts/gitlab!3000))
@@ -1464,7 +1553,7 @@ No changes.
### Fixed (5 changes)
-- [Add a relabel_config to target __scheme__ in the default values](gitlab-org/charts/gitlab@cedee2096d5558aad731c76ffb4f7122db0f9697) ([merge request](gitlab-org/charts/gitlab!2672))
+- [Add a relabel_config to target **scheme** in the default values](gitlab-org/charts/gitlab@cedee2096d5558aad731c76ffb4f7122db0f9697) ([merge request](gitlab-org/charts/gitlab!2672))
- [Fix custom certificate authorities not working on UBI containers](gitlab-org/charts/gitlab@faed05de75b98269deabf1336e9e613348417c37) ([merge request](gitlab-org/charts/gitlab!2650))
- [Add KAS configmap checksum to deployment spec](gitlab-org/charts/gitlab@180b80d2f1b64614c52b69988c4c7358cfa6abe4) ([merge request](gitlab-org/charts/gitlab!2654))
- [Allow shell maxUnavailable to be a percentage](gitlab-org/charts/gitlab@9758097c837ba2c5dbe4823bde327be82ada51ff) ([merge request](gitlab-org/charts/gitlab!2627))
@@ -2373,7 +2462,6 @@ No changes.
- Add Microsoft Graph config support for MailRoom. !1929
- Added support for IAM roles in EKS. !1940
-
## 4.10.5 (2021-06-01)
No changes.
@@ -2392,7 +2480,6 @@ No changes.
- Fix for Rancher/RKE: Remove extra space before -}} in _kas.tpl. !1925
-
## 4.10.1 (2021-03-31)
### Fixed (1 change)
@@ -2403,7 +2490,6 @@ No changes.
- GitLab Exporter to 10.1.0. !1915
-
## 4.10.0 (2021-03-22)
### Fixed (6 changes, 2 of them are from the community)
@@ -2436,7 +2522,6 @@ No changes.
- Webservice: enable per-deployment blackoutSeconds. !1867
- Add migration configurations to registry chart. !1888
-
## 4.9.7 (2021-04-27)
No changes.
@@ -2455,7 +2540,6 @@ No changes.
- GitLab Runner to 0.26.0. !1858
-
## 4.9.3 (2021-03-08)
- No changes.
@@ -2519,7 +2603,6 @@ No changes.
- Clarify EKS installation instructions. !1801
- Add outgoing email section to 'globals' docs. !1821
-
## 4.8.8 (2021-04-13)
- No changes.
@@ -2551,14 +2634,12 @@ No changes.
- Fixes backups when GitLab KAS is enabled. !1765
- Fix Gitaly persistence configuration. !1796
-
## 4.8.1 (2021-01-26)
### Changed (1 change)
- Update GitLab Runner chart to 0.25.0. !1775
-
## 4.8.0 (2021-01-22)
### Fixed (2 changes, 1 of them is from the community)
@@ -2585,7 +2666,6 @@ No changes.
- Add tolerations for minio create bucket job. !1744 (David ALEXANDRE)
- Add upgrade survey link to upgrade output. !1762
-
## 4.7.9 (2021-03-17)
- No changes.
@@ -2619,7 +2699,6 @@ No changes.
- Minio: Adds podLabels and podAnnotations to chart. !1264 (Kavanaugh Latiolais)
- Support custom labels for Pods of GitLab components. !1457 (Maxence Laude)
-
## 4.7.4 (2021-01-13)
- No changes.
@@ -2634,14 +2713,12 @@ No changes.
- Fix nginx-ingress checkConfig error. !1730
-
## 4.7.1 (2020-12-23)
### Changed (1 change)
- GitLab Runner to 0.24.0. !1724
-
## 4.7.0 (2020-12-22)
### Fixed (3 changes)
@@ -2678,7 +2755,6 @@ No changes.
- Update NGINX from v0.20.0 to 0.41.2. !1690
- Changes the default loglevel for registry to info. !1703
-
## 4.6.7 (2021-02-11)
- No changes.
@@ -2699,7 +2775,6 @@ No changes.
- Minio: Adds podLabels and podAnnotations to chart. !1264 (Kavanaugh Latiolais)
- Support custom labels for Pods of GitLab components. !1457 (Maxence Laude)
-
## 4.6.5 (2021-01-13)
- No changes.
@@ -2714,7 +2789,6 @@ No changes.
- Update gitlab-runner from 0.22.0 to 0.23.0. !1686 (Jan Brummelte)
-
## 4.6.2 (2020-12-07)
- No changes.
@@ -2757,7 +2831,6 @@ No changes.
- Update resource specifications for Webservice and Sidekiq. !1634
- Set release_package to run manually. !1641
-
## 4.5.7 (2021-01-13)
- No changes.
@@ -2772,7 +2845,6 @@ No changes.
- Set release_package to run manually. !1641
-
## 4.5.4 (2020-11-13)
- No changes.
@@ -2788,7 +2860,6 @@ No changes.
- geo-logcursor: move redis secrets to optional. !1614
- Remove trailing space causing errors in the deprecation template. !1615
-
## 4.5.1 (2020-10-22)
- No changes.
@@ -2817,14 +2888,12 @@ No changes.
- cleanup registry.fullname templates. !1568
- Bump default gitlab-kas image tag to v0.0.6. !1582
-
## 4.4.6 (2020-12-07)
### Other (1 change)
- Set release_package to run manually. !1641
-
## 4.4.5 (2020-11-04)
### Fixed (2 changes)
@@ -2832,21 +2901,18 @@ No changes.
- Fix PG password error when enabling extensions during DB init. !1593
- geo-logcursor: move redis secrets to optional. !1614
-
## 4.4.4 (2020-10-15)
### Fixed (1 change)
- Praefect: fixup certificates mounts #2341. !1590
-
## 4.4.3 (2020-10-07)
### Added (1 change)
- Adds NetworkPolicy for gitlab-shell. !1580
-
## 4.4.2 (2020-10-01)
### Changed (1 change)
@@ -2858,14 +2924,12 @@ No changes.
- Bump default gitlab-kas image tag to v0.0.5. !1565
- Update GitLab Version to 13.4.2.
-
## 4.4.1 (2020-09-24)
### Other (1 change)
- Update GitLab Version to 13.4.1.
-
## 4.4.0 (2020-09-22)
### Fixed (1 change)
@@ -2902,7 +2966,6 @@ No changes.
- Adds capability to specify memoryKiller per Pod. !1536
- Update GitLab Version to 13.4.0.
-
## 4.3.9 (2020-11-02)
- No changes.
@@ -2917,7 +2980,6 @@ No changes.
- Update GitLab Version to 13.3.7.
-
## 4.3.6 (2020-09-14)
### Changed (1 change)
@@ -2928,21 +2990,18 @@ No changes.
- Update GitLab Version to 13.3.6.
-
## 4.3.5 (2020-09-04)
### Other (1 change)
- Update GitLab Version to 13.3.5.
-
## 4.3.4 (2020-09-02)
### Other (1 change)
- Update GitLab Version to 13.3.4.
-
## 4.3.3 (2020-09-02)
### Fixed (1 change)
@@ -2953,7 +3012,6 @@ No changes.
- Update GitLab Version to 13.3.3.
-
## 4.3.2 (2020-08-28)
### Fixed (2 changes, 2 of them are from the community)
@@ -2965,7 +3023,6 @@ No changes.
- Update GitLab Version to 13.3.2.
-
## 4.3.1 (2020-08-25)
### Changed (1 change)
@@ -2976,7 +3033,6 @@ No changes.
- Update GitLab Version to 13.3.1.
-
## 4.3.0 (2020-08-22)
### Removed (1 change)
@@ -3007,42 +3063,36 @@ No changes.
- Update GitLab Version to 13.3.0.
-
## 4.2.10 (2020-10-01)
### Other (1 change)
- Update GitLab Version to 13.2.10.
-
## 4.2.9 (2020-09-04)
### Other (1 change)
- Update GitLab Version to 13.2.9.
-
## 4.2.8 (2020-09-02)
### Other (1 change)
- Update GitLab Version to 13.2.8.
-
## 4.2.7 (2020-09-02)
### Other (1 change)
- Update GitLab Version to 13.2.7.
-
## 4.2.6 (2020-08-18)
### Other (1 change)
- Update GitLab Version to 13.2.6.
-
## 4.2.5 (2020-08-18)
### Changed (1 change)
@@ -3053,28 +3103,24 @@ No changes.
- Update GitLab Version to 13.2.5.
-
## 4.2.4 (2020-08-11)
### Other (1 change)
- Update GitLab Version to 13.2.4.
-
## 4.2.3 (2020-08-05)
### Other (1 change)
- Update GitLab Version to 13.2.3.
-
## 4.2.2 (2020-07-30)
### Other (1 change)
- Update GitLab Version to 13.2.2.
-
## 4.2.1 (2020-07-24)
### Fixed (1 change, 1 of them is from the community)
@@ -3089,7 +3135,6 @@ No changes.
- Update GitLab Version to 13.2.1.
-
## 4.2.0 (2020-07-22)
### Fixed (2 changes)
@@ -3113,63 +3158,54 @@ No changes.
- Add an annotations support to the migrations job template. !1423 (Tiago Posse)
- Update GitLab Version to 13.2.0.
-
## 4.1.12 (2020-09-04)
### Other (1 change)
- Update GitLab Version to 13.1.11.
-
## 4.1.11 (2020-09-02)
### Other (1 change)
- Update GitLab Version to 13.1.10.
-
## 4.1.10 (2020-09-02)
### Other (1 change)
- Update GitLab Version to 13.1.9.
-
## 4.1.9 (2020-08-18)
### Other (1 change)
- Update GitLab Version to 13.1.8.
-
## 4.1.7 (2020-08-05)
### Other (1 change)
- Update GitLab Version to 13.1.6.
-
## 4.1.6 (2020-07-24)
### Other (1 change)
- Update GitLab Version to 13.1.5.
-
## 4.1.5 (2020-07-24)
### Other (1 change)
- Update GitLab Version to 13.1.5.
-
## 4.1.4 (2020-07-09)
### Other (1 change)
- Update GitLab Version to 13.1.4.
-
## 4.1.3 (2020-07-06)
### Changed (1 change)
@@ -3180,14 +3216,12 @@ No changes.
- Update GitLab Version to 13.1.3.
-
## 4.1.2 (2020-07-01)
### Other (1 change)
- Update GitLab Version to 13.1.2.
-
## 4.1.1 (2020-06-24)
### Fixed (1 change)
@@ -3198,7 +3232,6 @@ No changes.
- Update GitLab Version to 13.1.1.
-
## 4.1.0 (2020-06-22)
### Fixed (3 changes, 1 of them is from the community)
@@ -3238,56 +3271,48 @@ No changes.
- Update GitLab Runner chart to 0.18.0. !1416
- Update GitLab Version to 13.1.0.
-
## 4.0.12 (2020-08-18)
### Other (1 change)
- Update GitLab Version to 13.0.14.
-
## 4.0.11 (2020-08-18)
### Other (1 change)
- Update GitLab Version to 13.0.13.
-
## 4.0.10 (2020-08-05)
### Other (1 change)
- Update GitLab Version to 13.0.12.
-
## 4.0.9 (2020-07-09)
### Other (1 change)
- Update GitLab Version to 13.0.10.
-
## 4.0.8 (2020-07-06)
### Other (1 change)
- Update GitLab Version to 13.0.9.
-
## 4.0.7 (2020-07-01)
### Other (1 change)
- Update GitLab Version to 13.0.8.
-
## 4.0.6 (2020-06-25)
### Other (1 change)
- Update GitLab Version to 13.0.7.
-
## 4.0.5 (2020-06-10)
### Changed (1 change)
@@ -3298,21 +3323,18 @@ No changes.
- Update GitLab Version to 13.0.6.
-
## 4.0.4 (2020-06-04)
### Other (1 change)
- Update GitLab Version to 13.0.5.
-
## 4.0.3 (2020-06-03)
### Other (1 change)
- Update GitLab Version to 13.0.4.
-
## 4.0.2 (2020-05-29)
### Fixed (3 changes, 1 of them is from the community)
@@ -3329,7 +3351,6 @@ No changes.
- Update GitLab Version to 13.0.3.
-
## 4.0.1 (2020-05-27)
### Fixed (1 change)
@@ -3344,7 +3365,6 @@ No changes.
- Update GitLab Version to 13.0.1.
-
## 4.0.0 (2020-05-22)
### Fixed (2 changes)
@@ -3380,42 +3400,36 @@ No changes.
- Update bitnami/postgres -> 8.9.4, postgres -> 11.7.0. !1320
- Update GitLab Version to 13.0.0.
-
## 3.3.13 (2020-07-06)
### Other (1 change)
- Update GitLab Version to 12.10.14.
-
## 3.3.12 (2020-07-01)
### Other (1 change)
- Update GitLab Version to 12.10.13.
-
## 3.3.11 (2020-06-25)
### Other (1 change)
- Update GitLab Version to 12.10.12.
-
## 3.3.9 (2020-06-04)
### Other (1 change)
- Update GitLab Version to 12.10.10.
-
## 3.3.7 (2020-05-29)
### Other (1 change)
- Update GitLab Version to 12.10.8.
-
## 3.3.6 (2020-05-27)
### Fixed (1 change)
@@ -3426,7 +3440,6 @@ No changes.
- Update GitLab Version to 12.10.7.
-
## 3.3.5 (2020-05-15)
### Changed (1 change)
@@ -3437,21 +3450,18 @@ No changes.
- Update GitLab Version to 12.10.6.
-
## 3.3.4 (2020-05-14)
### Other (1 change)
- Update GitLab Version to 12.10.5.
-
## 3.3.3 (2020-05-04)
### Other (1 change)
- Update GitLab Version to 12.10.3.
-
## 3.3.2 (2020-04-30)
### Fixed (3 changes)
@@ -3464,14 +3474,12 @@ No changes.
- Update GitLab Version to 12.10.2.
-
## 3.3.1 (2020-04-24)
### Other (1 change)
- Update GitLab Version to 12.10.1.
-
## 3.3.0 (2020-04-22)
### Removed (1 change)
@@ -3507,49 +3515,42 @@ No changes.
- Update GitLab Version to 12.10.0.
-
## 3.2.9 (2020-06-10)
### Other (1 change)
- Update GitLab Version to 12.9.10.
-
## 3.2.8 (2020-06-03)
### Other (1 change)
- Update GitLab Version to 12.9.9.
-
## 3.2.7 (2020-05-27)
### Other (1 change)
- Update GitLab Version to 12.9.8.
-
## 3.2.6 (2020-05-14)
### Other (1 change)
- Update GitLab Version to 12.9.7.
-
## 3.2.5 (2020-04-30)
### Other (1 change)
- Update GitLab Version to 12.9.5.
-
## 3.2.4 (2020-04-17)
### Other (1 change)
- Update GitLab Version to 12.9.4.
-
## 3.2.3 (2020-04-15)
### Added (1 change, 1 of them is from the community)
@@ -3560,21 +3561,18 @@ No changes.
- Update GitLab Version to 12.9.3.
-
## 3.2.2 (2020-03-31)
### Other (1 change)
- Update GitLab Version to 12.9.2.
-
## 3.2.1 (2020-03-26)
### Other (1 change)
- Update GitLab Version to 12.9.1.
-
## 3.2.0 (2020-03-22)
### Fixed (4 changes, 1 of them is from the community)
@@ -3593,21 +3591,18 @@ No changes.
- Update GitLab Version to 12.9.0.
-
## 3.1.8 (2020-04-30)
### Other (1 change)
- Update GitLab Version to 12.8.10.
-
## 3.1.7 (2020-04-15)
### Other (1 change)
- Update GitLab Version to 12.8.9.
-
## 3.1.6 (2020-03-26)
### Fixed (1 change)
@@ -3618,28 +3613,24 @@ No changes.
- Update GitLab Version to 12.8.8.
-
## 3.1.5 (2020-03-16)
### Other (1 change)
- Update GitLab Version to 12.8.7.
-
## 3.1.4 (2020-03-11)
### Other (1 change)
- Update GitLab Version to 12.8.6.
-
## 3.1.3 (2020-03-09)
### Other (1 change)
- Update GitLab Version to 12.8.5.
-
## 3.1.2
### Changed (1 change)
@@ -3650,14 +3641,12 @@ No changes.
- Update GitLab Version to 12.8.2.
-
## 3.1.1
### Other (1 change)
- Update GitLab Version to 12.8.1.
-
## 3.1.0
### Fixed (4 changes, 2 of them are from the community)
@@ -3695,14 +3684,12 @@ No changes.
- Bump Container Registry to v2.8.1-gitlab. !1173
- Update GitLab Version to 12.8.0.
-
## 3.0.7 (2020-04-15)
### Other (1 change)
- Update GitLab Version to 12.7.9.
-
## 3.0.6 (2020-03-26)
### Fixed (1 change)
@@ -3713,14 +3700,12 @@ No changes.
- Update GitLab Version to 12.7.8.
-
## 3.0.5
### Other (1 change)
- Update GitLab Version to 12.7.7.
-
## 3.0.4
### Fixed (1 change, 1 of them is from the community)
@@ -3731,7 +3716,6 @@ No changes.
- Update GitLab Version to 12.7.6.
-
## 3.0.3
### Fixed (1 change)
@@ -3742,7 +3726,6 @@ No changes.
- Update GitLab Version to 12.7.5.
-
## 3.0.2
### Changed (1 change)
@@ -3753,7 +3736,6 @@ No changes.
- Update GitLab Version to 12.7.4.
-
## 3.0.1
### Changed (1 change)
@@ -3764,7 +3746,6 @@ No changes.
- Update GitLab Version to 12.7.2.
-
## 3.0.0
### Fixed (2 changes)
@@ -3794,14 +3775,12 @@ No changes.
- Use mail_room gem version from Gemfile.lock as appVersion in the chart. !1088
- Update GitLab Version to 12.7.0.
-
## 2.6.9
### Other (1 change)
- Update GitLab Version to 12.6.8.
-
## 2.6.8
### Fixed (1 change, 1 of them is from the community)
@@ -3812,14 +3791,12 @@ No changes.
- Update GitLab Version to 12.6.7.
-
## 2.6.7
### Other (1 change)
- Update GitLab Version to 12.6.6.
-
## 2.6.6
### Fixed (1 change)
@@ -3830,21 +3807,18 @@ No changes.
- Update GitLab Version to 12.6.4.
-
## 2.6.5
### Other (1 change)
- Update GitLab Version to 12.6.4.
-
## 2.6.4
### Other (1 change)
- Update GitLab Version to 12.6.3.
-
## 2.6.3
### Fixed (1 change)
@@ -3855,14 +3829,12 @@ No changes.
- Update GitLab Version to 12.6.2.
-
## 2.6.2
### Other (1 change)
- Update GitLab Version to 12.6.2.
-
## 2.6.1
### Other (2 changes)
@@ -3870,7 +3842,6 @@ No changes.
- Update gitlab-org/charts/gitlab-runner from 0.11.0 to 0.12.0. !1085
- Update GitLab Version to 12.6.1.
-
## 2.6.0
### Fixed (3 changes, 1 of them is from the community)
@@ -3904,21 +3875,18 @@ No changes.
- Document the use of external Minio for object storage. !1005
- Update GitLab Version to 12.6.0.
-
## 2.5.11
### Other (1 change)
- Update GitLab Version to 12.5.10.
-
## 2.5.10
### Other (1 change)
- Update GitLab Version to 12.5.9.
-
## 2.5.9
### Fixed (1 change)
@@ -3929,21 +3897,18 @@ No changes.
- Update GitLab Version to 12.5.7.
-
## 2.5.8
### Other (1 change)
- Update GitLab Version to 12.5.7.
-
## 2.5.7
### Other (1 change)
- Update GitLab Version to 12.5.6.
-
## 2.5.6
### Added (1 change, 1 of them is from the community)
@@ -3954,14 +3919,12 @@ No changes.
- Update GitLab Version to 12.5.5.
-
## 2.5.5
### Other (1 change)
- Update GitLab Version to 12.5.4.
-
## 2.5.4
### Fixed (1 change)
@@ -3972,21 +3935,18 @@ No changes.
- Update GitLab Version to 12.5.3.
-
## 2.5.3
### Other (1 change)
- Update GitLab Version to 12.5.2.
-
## 2.5.2
### Other (1 change)
- Update GitLab Version to 12.5.1.
-
## 2.5.1
### Added (1 change)
@@ -3997,7 +3957,6 @@ No changes.
- Update GitLab Version to 12.5.0.
-
## 2.5.0
### Fixed (2 changes)
@@ -4028,42 +3987,36 @@ No changes.
- Update gitlab-runner to 0.11.0/12.5.0. !1046
- Update GitLab Version to 12.5.0.
-
## 2.4.13
### Other (1 change)
- Update GitLab Version to 12.4.8.
-
## 2.4.12
### Other (1 change)
- Update GitLab Version to 12.4.7.
-
## 2.4.10
### Other (1 change)
- Update GitLab Version to 12.4.5.
-
## 2.4.9
### Other (1 change)
- Update GitLab Version to 12.4.4.
-
## 2.4.8
### Other (1 change)
- Update GitLab Version to 12.4.3.
-
## 2.4.7
### Fixed (1 change)
@@ -4080,7 +4033,6 @@ No changes.
- Adds the global gitlab annotations to mailroom.
- Update GitLab Version to 12.4.2.
-
## 2.4.6
### Fixed (1 change)
@@ -4095,7 +4047,6 @@ No changes.
- Update GitLab Version to 12.4.2.
-
## 2.4.5
### Other (2 changes)
@@ -4103,7 +4054,6 @@ No changes.
- Update GitLab Runner to v12.4.1. !1018
- Update GitLab Version to 12.4.1.
-
## 2.4.4
### Added (1 change)
@@ -4114,7 +4064,6 @@ No changes.
- Update GitLab Version to 12.4.1.
-
## 2.4.3
### Fixed (1 change)
@@ -4125,7 +4074,6 @@ No changes.
- Update GitLab Version to 12.4.1.
-
## 2.4.2
### Fixed (1 change)
@@ -4136,7 +4084,6 @@ No changes.
- Update GitLab Version to 12.4.0.
-
## 2.4.1
### Fixed (2 changes)
@@ -4148,7 +4095,6 @@ No changes.
- Update GitLab Version to 12.4.0.
-
## 2.4.0
### Fixed (5 changes, 1 of them is from the community)
@@ -4178,7 +4124,6 @@ No changes.
- Update gitlab-runner to 0.10.0/12.4.0. !1003
- Update GitLab Version to 12.4.0.
-
## 2.3.12
### Fixed (2 changes)
@@ -4190,21 +4135,18 @@ No changes.
- Update GitLab Version to 12.3.9.
-
## 2.3.11
### Other (1 change)
- Update GitLab Version to 12.3.8.
-
## 2.3.10
### Other (1 change)
- Update GitLab Version to 12.3.7.
-
## 2.3.9
### Fixed (1 change)
@@ -4215,7 +4157,6 @@ No changes.
- Update GitLab Version to 12.3.6.
-
## 2.3.8
### Fixed (1 change)
@@ -4234,14 +4175,12 @@ No changes.
- Update GitLab Version to 12.3.5.
-
## 2.3.7
### Other (1 change)
- Update GitLab Version to 12.3.5.
-
## 2.3.6
### Other (2 changes)
@@ -4249,7 +4188,6 @@ No changes.
- Update gitlab-runner to v0.9.1. !987
- Update GitLab Version to 12.3.4.
-
## 2.3.5
### Fixed (1 change, 1 of them is from the community)
@@ -4260,21 +4198,18 @@ No changes.
- Update GitLab Version to 12.3.4.
-
## 2.3.3
### Other (1 change)
- Update GitLab Version to 12.3.2.
-
## 2.3.2
### Other (1 change)
- Update GitLab Version to 12.3.1.
-
## 2.3.1
### Fixed (1 change)
@@ -4285,7 +4220,6 @@ No changes.
- Update GitLab Version to 12.3.0.
-
## 2.3.0
### Fixed (4 changes, 2 of them are from the community)
@@ -4317,7 +4251,6 @@ No changes.
- Update gitlab-runner to 0.9.0/12.3.0. !965
- Update GitLab Version to 12.3.0.
-
## 2.2.12
### Fixed (1 change)
@@ -4328,21 +4261,18 @@ No changes.
- Update GitLab Version to 12.2.9.
-
## 2.2.11
### Other (1 change)
- Update GitLab Version to 12.2.8.
-
## 2.2.10
### Other (1 change)
- Update GitLab Version to 12.2.7.
-
## 2.2.9
### Other (1 change)
@@ -4357,14 +4287,12 @@ No changes.
- Update GitLab Version to 12.2.8.
-
## 2.2.8
### Other (1 change)
- Update GitLab Version to 12.2.7.
-
## 2.2.7
### Fixed (1 change)
@@ -4375,14 +4303,12 @@ No changes.
- Update GitLab Version to 12.2.6.
-
## 2.2.6
### Other (1 change)
- Update GitLab Version to 12.2.5.
-
## 2.2.5
### Fixed (1 change)
@@ -4399,7 +4325,6 @@ No changes.
- Update gitlab-runner to 0.8.0/12.2.0. !912
- Update GitLab Version to 12.2.4.
-
## 2.2.4
### Added (2 changes, 2 of them are from the community)
@@ -4411,28 +4336,24 @@ No changes.
- Update GitLab Version to 12.2.4.
-
## 2.2.3
### Other (1 change)
- Update GitLab Version to 12.2.4.
-
## 2.2.2
### Other (1 change)
- Update GitLab Version to 12.2.3.
-
## 2.2.1
### Other (1 change)
- Update GitLab Version to 12.2.1.
-
## 2.2.0
### Fixed (4 changes, 1 of them is from the community)
@@ -4461,14 +4382,12 @@ No changes.
- Document global.ingress.class & sample Traefik. !898
- Update GitLab Version to 12.2.0.
-
## 2.1.14
### Other (1 change)
- Update GitLab Version to 12.1.14.
-
## 2.1.13
### Fixed (1 change, 1 of them is from the community)
@@ -4479,28 +4398,24 @@ No changes.
- Update GitLab Version to 12.1.14.
-
## 2.1.12
### Other (1 change)
- Update GitLab Version to 12.1.13.
-
## 2.1.11
### Other (1 change)
- Update GitLab Version to 12.1.12.
-
## 2.1.10
### Other (1 change)
- Update GitLab Version to 12.1.11.
-
## 2.1.8
### Fixed (1 change)
@@ -4511,14 +4426,12 @@ No changes.
- Update GitLab Version to 12.1.8.
-
## 2.1.7
### Other (1 change)
- Update GitLab Version to 12.1.6.
-
## 2.1.6
### Fixed (1 change, 1 of them is from the community)
@@ -4529,7 +4442,6 @@ No changes.
- Update GitLab Version to 12.1.4.
-
## 2.1.5
### Fixed (1 change)
@@ -4540,35 +4452,30 @@ No changes.
- Update GitLab Version to 12.1.4.
-
## 2.1.4
### Other (1 change)
- Update GitLab Version to 12.1.4.
-
## 2.1.3
### Other (1 change)
- Update GitLab Version to 12.1.3.
-
## 2.1.2
### Other (1 change)
- Update GitLab Version to 12.1.2.
-
## 2.1.1
### Other (1 change)
- Update GitLab Version to 12.1.1.
-
## 2.1.0
### Fixed (8 changes, 2 of them are from the community)
@@ -4602,28 +4509,24 @@ No changes.
- Update gitlab-runner to 0.7.0/12.1.0. !878
- Update GitLab Version to 12.1.0.
-
## 2.0.7
### Other (1 change)
- Update GitLab Version to 12.0.9.
-
## 2.0.6
### Other (1 change)
- Update GitLab Version to 12.0.8.
-
## 2.0.5
### Other (1 change)
- Update GitLab Version to 12.0.6.
-
## 2.0.4
### Fixed (4 changes)
@@ -4637,14 +4540,12 @@ No changes.
- Update GitLab Version to 12.0.4.
-
## 2.0.3 (2019-07-03)
### Other (1 change)
- Update GitLab Version to 12.0.3.
-
## 2.0.2 (2019-06-26)
### Changed (1 change)
@@ -4656,14 +4557,12 @@ No changes.
- Update gitlab-runner to 0.6.0/12.0.0. !832
- Update GitLab Version to 12.0.2.
-
## 2.0.1 (2019-06-25)
### Other (1 change)
- Update GitLab Version to 12.0.1.
-
## 2.0.0 (2019-06-22)
### Fixed (6 changes)
@@ -4671,7 +4570,7 @@ No changes.
- Ensure unicorn.rb issues appropriate lifecycle hooks. !791
- Add missing object storage settings in task-runner. !793
- Disable storage redirect of Registry when the internal Minio is used. !797
-- Port over https://github.com/helm/charts/pull/13646. !804
+- Port over <https://github.com/helm/charts/pull/13646>. !804
- Add SMTP and other missing settings for task-runner. !809
- Fix example smtp settings. !810
@@ -4694,14 +4593,12 @@ No changes.
- Default Registry replicas to minReplicas. !794 (skarbek)
- Update GitLab Version to 12.0.0.
-
## 1.9.8
### Other (1 change)
- Update GitLab Version to 11.11.8.
-
## 1.9.7
### Fixed (2 changes)
@@ -4713,14 +4610,12 @@ No changes.
- Update GitLab Version to 11.11.7.
-
## 1.9.5 (2019-06-26)
### Other (1 change)
- Update GitLab Version to 11.11.4.
-
## 1.9.4 (2019-06-21)
### Added (1 change)
@@ -4731,14 +4626,12 @@ No changes.
- Update GitLab Version to 11.11.3.
-
## 1.9.3 (2019-06-10)
### Other (1 change)
- Update GitLab Version to 11.11.3.
-
## 1.9.2 (2019-06-05)
### Other (2 changes)
@@ -4746,7 +4639,6 @@ No changes.
- Update gitlab-runner to 0.5.2/11.11.2. !806
- Update GitLab Version to 11.11.2.
-
## 1.9.1 (2019-06-03)
### Other (2 changes)
@@ -4754,7 +4646,6 @@ No changes.
- Update GitLab Runner Helm Chart to 0.5.1. !801
- Update GitLab Version to 11.11.1.
-
## 1.9.0 (2019-05-22)
### Changed (4 changes)
@@ -4779,14 +4670,12 @@ No changes.
- Update gitlab-runner to 0.5.0/11.11.0. !798
- Update GitLab Version to 11.11.0.
-
## 1.8.6 (2019-07-03)
### Other (1 change)
- Update GitLab Version to 11.10.8.
-
## 1.8.5 (2019-06-26)
### Performance (1 change)
@@ -4801,28 +4690,24 @@ No changes.
- Update GitLab Version to 11.10.7.
-
## 1.8.4 (2019-05-01)
### Other (1 change)
- Update GitLab Version to 11.10.4.
-
## 1.8.3 (2019-04-30)
### Other (1 change)
- Update GitLab Version to 11.10.3.
-
## 1.8.2 (2019-04-29)
### Other (1 change)
- Update GitLab Version to 11.10.2.
-
## 1.8.1 (2019-04-24)
### Other (2 changes)
@@ -4830,7 +4715,6 @@ No changes.
- Update gitlab-runner to 0.4.1/11.10.1. !768
- Update GitLab Version to 11.10.1.
-
## 1.8.0 (2019-04-22)
### Fixed (2 changes)
@@ -4854,14 +4738,12 @@ No changes.
- Update gitlab-runner to 0.4.0/11.10.0. !765
- Update GitLab Version to 11.10.0.
-
## 1.7.5 (2019-04-11)
### Other (1 change)
- Update GitLab Version to 11.9.8.
-
## 1.7.4 (2019-04-10)
### Fixed (1 change)
@@ -4872,7 +4754,6 @@ No changes.
- Update GitLab Version to 11.9.7.
-
## 1.7.3 (2019-04-05)
### Fixed (2 changes)
@@ -4884,7 +4765,6 @@ No changes.
- Update GitLab Version to 11.9.6.
-
## 1.7.2 (2019-04-02)
### Fixed (1 change)
@@ -4895,7 +4775,6 @@ No changes.
- Update GitLab Version to 11.9.4.
-
## 1.7.1 (2019-03-25)
### Other (2 changes)
@@ -4903,7 +4782,6 @@ No changes.
- Update gitlab-runner to 0.3.0/11.9.0. !735
- Update GitLab Version to 11.9.1.
-
## 1.7.0 (2019-03-22)
### Fixed (5 changes, 3 of them are from the community)
@@ -4933,7 +4811,6 @@ No changes.
- Automate version mapping updates. !704
- Update GitLab Version to 11.9.0.
-
## 1.6.3 (2019-03-20)
### Changed (1 change)
@@ -4944,7 +4821,6 @@ No changes.
- Update GitLab Version to 11.8.3.
-
## 1.6.2 (2019-03-13)
### Fixed (1 change)
@@ -4955,7 +4831,6 @@ No changes.
- Update GitLab Version to 11.8.2.
-
## 1.6.1 (2019-03-04)
### Fixed (1 change)
@@ -4967,7 +4842,6 @@ No changes.
- Update gitlab-runner to 0.2.0/11.8.0. !697
- Update GitLab Version to 11.8.1.
-
## 1.6.0 (2019-02-22)
### Fixed (1 change)
@@ -4992,21 +4866,18 @@ No changes.
- Allow static ServiceAccount Name in shared-secrets. !688
- Update GitLab Version to 11.8.0.
-
## 1.5.3 (2019-02-05)
### Other (1 change)
- Update GitLab Version to 11.7.5.
-
## 1.5.2 (2019-02-05)
### Other (1 change)
- Update GitLab Version to 11.7.4.
-
## 1.5.1 (2019-01-31)
### Other (2 changes)
@@ -5014,7 +4885,6 @@ No changes.
- Update gitlab-runner to 0.1.45/11.7.0. !654
- Update GitLab Version to 11.7.3.
-
## 1.5.0 (2019-01-22)
### Fixed (5 changes, 1 of them is from the community)
@@ -5044,14 +4914,12 @@ No changes.
- Move ingress enabled detection to helper method. !607
- Update GitLab Version to 11.7.0.
-
## 1.4.4 (2019-01-17)
### Other (1 change)
- Update GitLab Version to 11.6.5.
-
## 1.4.3 (2019-01-16)
### Other (2 changes)
@@ -5059,21 +4927,18 @@ No changes.
- Update gitlab/gitlab-runner to v0.1.44. !633
- Update GitLab Version to 11.6.4.
-
## 1.4.2 (2019-01-05)
### Other (1 change)
- Update GitLab Version to 11.6.3.
-
## 1.4.1 (2019-01-02)
### Other (1 change)
- Update GitLab Version to 11.6.2.
-
## 1.4.0 (2018-12-22)
### Fixed (1 change, 1 of them is from the community)
@@ -5102,7 +4967,6 @@ No changes.
- Operator Version 0.1. !605
- Update GitLab Version to 11.6.0.
-
## 1.3.4 (2018-12-14)
### Other (3 changes)
@@ -5111,14 +4975,12 @@ No changes.
- Fix Broken Icon Image on Helm Hub. !597
- Update GitLab Version to 11.5.4.
-
## 1.3.3 (2018-12-06)
### Other (1 change)
- Update GitLab Version to 11.5.3.
-
## 1.3.2 (2018-12-04)
### Added (1 change, 1 of them is from the community)
@@ -5129,14 +4991,12 @@ No changes.
- Update GitLab Version to 11.5.2.
-
## 1.3.1 (2018-11-28)
### Other (1 change)
- Update GitLab Version to 11.5.1.
-
## 1.3.0 (2018-11-22)
### Fixed (2 changes, 1 of them is from the community)
@@ -5164,14 +5024,12 @@ No changes.
- Update nginx-ingress fork to 0.30.0. !578
- Update GitLab Version to 11.5.0.
-
## 1.2.6 (2018-11-20)
### Other (1 change)
- Update GitLab Version to 11.4.7.
-
## 1.2.5 (2018-11-20)
### Other (2 changes)
@@ -5179,28 +5037,24 @@ No changes.
- Mount configuration files directly to /srv/gitlab/config instead of /var/opt/gitlab/config/gitlab. !565
- Update GitLab Version to 11.4.6.
-
## 1.2.4 (2018-11-05)
### Other (1 change)
- Update GitLab Version to 11.4.5.
-
## 1.2.3 (2018-11-01)
### Other (1 change)
- Update GitLab Version to 11.4.4.
-
## 1.2.2 (2018-10-29)
### Other (1 change)
- Update GitLab Version to 11.4.3.
-
## 1.2.1 (2018-10-29)
### Fixed (1 change)
@@ -5211,7 +5065,6 @@ No changes.
- Update GitLab Version to 11.4.2.
-
## 1.2.0 (2018-10-22)
### Security (1 change)
@@ -5245,14 +5098,12 @@ No changes.
- Use example.com in documentation and examples as per RFC2606. !512 (Scott Leggett)
- Update GitLab Version to 11.4.0.
-
## 1.1.6 (2018-10-17)
### Other (1 change)
- Update GitLab Version to 11.3.6.
-
## 1.1.5 (2018-10-15)
### Fixed (1 change)
@@ -5267,35 +5118,30 @@ No changes.
- Update GitLab Version to 11.3.5.
-
## 1.1.4 (2018-10-05)
### Other (1 change)
- Update GitLab Version to 11.3.4.
-
## 1.1.3 (2018-10-04)
### Other (1 change)
- Update GitLab Version to 11.3.3.
-
## 1.1.2 (2018-10-03)
### Other (1 change)
- Update GitLab Version to 11.3.2.
-
## 1.1.1 (2018-10-01)
### Other (1 change)
- Update GitLab Version to 11.3.1.
-
## 1.1.0 (2018-09-22)
### Fixed (1 change)
@@ -5317,14 +5163,12 @@ No changes.
- Added namespace to resources. !443 (Matthias van de Meent (Cofano Software Solutions))
- Update GitLab Version to 11.3.0.
-
## 1.0.2 (2018-08-28)
### Fixed (1 change)
- Fixed setting the connection to a non-default redis port. !470
-
## 1.0.1 (2018-08-22)
- No changes.
@@ -5379,14 +5223,12 @@ No changes.
- add anti-affinity to nginx.
- Remove Dockerfile since it's been moved to gitlab-org/gitlab-build-images.
-
## 0.3.5 (2018-07-31)
### Fixed (1 change)
- Pin the minio/mc image version to a know working tag. !426
-
## 0.3.4 (2018-07-31)
- No changes.
diff --git a/chart/CONTRIBUTING.md b/chart/CONTRIBUTING.md
index 3d84b673bcd6ba18ebb91e17b369f1f5cdd1dd90..d5d5c31280b390217059cc285743134fbadf1453 100644
--- a/chart/CONTRIBUTING.md
+++ b/chart/CONTRIBUTING.md
@@ -67,8 +67,8 @@ request is as follows:
1. If you are contributing code, fill in the template already provided in the
"Description" field.
1. If you are contributing documentation
- 1. Choose `Documentation` from the "Choose a template" menu and fill in the template.
- 1. Ensure the branch name starts with `docs-` or ends with `-docs`
+ 1. Choose `Documentation` from the "Choose a template" menu and fill in the template.
+ 1. Ensure the branch name starts with `docs-` or ends with `-docs`
1. Mention the issue(s) your merge request solves, using the `Solves #XXX` or
`Closes #XXX` syntax to auto-close the issue(s) once the merge request will
be merged.
@@ -162,7 +162,7 @@ This code of conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior can be
-reported by emailing contact@gitlab.com.
+reported by emailing <contact@gitlab.com>.
This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0,
available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/).
@@ -174,5 +174,4 @@ available at [http://contributor-covenant.org/version/1/1/0/](http://contributor
[changelog]: doc/development/changelog.md "Generate a changelog entry"
[git-squash]: https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits
[definition-of-done]: http://guide.agilealliance.org/guide/definition-of-done.html
-[contributor-covenant]: http://contributor-covenant.org
[CNG]: https://gitlab.com/gitlab-org/build/CNG/
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 58c00d189648bbc9283d07df0954b5addd5a28b0..bdb9c2f2723e78f1532d95fd8ae148a4e4cbf645 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,8 +1,8 @@
---
apiVersion: v1
name: gitlab
-version: 8.2.9-bb.4
-appVersion: v17.2.9
+version: 8.3.6-bb.0
+appVersion: v17.3.6
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
@@ -15,40 +15,40 @@ maintainers:
email: support@gitlab.com
annotations:
bigbang.dev/applicationVersions: |
- - Gitlab: 17.2.9
+ - Gitlab: 17.3.6
bigbang.dev/upstreamReleaseNotesMarkdown: |
The [upstream chart's release notes](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/CHANGELOG.md) may help when reviewing this package.
helm.sh/images: |
- name: redis-exporter
condition: redis.metrics.enabled
- image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.64.1
+ image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.65.0
- name: redis
condition: redis.install
image: registry1.dso.mil/ironbank/bitnami/redis:7.4.1
- name: alpine-certificates
- image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.3.6
- name: cfssl-self-sign
condition: shared-secrets.enabled
image: registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
- name: gitaly
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.3.6
- name: gitlab-container-registry
condition: registry.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.3.6
- name: gitlab-shell
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.3.6
- name: gitlab-sidekiq
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.3.6
- name: gitlab-toolbox
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.3.6
- name: gitlab-webservice
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.3.6
- name: gitlab-workhorse
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.3.6
- name: gitlab-pages
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.3.6
- name: kubectl
- image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.3.6
- name: mc
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2024-10-02T08-27-28Z
- name: minio
@@ -60,10 +60,10 @@ annotations:
condition: upgradeCheck.enabled
image: registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4
- name: gitlab-base
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.3.6
- name: gitlab-exporter
condition: gitlab.gitlab-exporter.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.2.9
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.3.6
- name: bbtests
condition: bbtests.enabled
image: registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4
diff --git a/chart/Kptfile b/chart/Kptfile
index ff461be263bb8ae8e6b65d3f94359d8db384e0b2..804ab58b4be6d7d4d0bc191914d1e5810cbe5352 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 7747e52f59619c1d3f885e6e326bcb248008fc0f
+ commit: 960b9c67fb2c0a92dfbd71f4197248e714c1652b
repo: https://gitlab.com/gitlab-org/charts/gitlab
directory: /
- ref: v8.2.9
+ ref: v8.3.6
diff --git a/chart/README.md b/chart/README.md
index 6c852a812cffee68aeef7a5dfd381815dbc1f389..e51f0732e56f8915ea0e14ccbeab60b67c9e8ca2 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -5,6 +5,7 @@
Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter>
@@ -12,6 +13,7 @@ Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
* <https://gitlab.com/gitlab-org/gitlab-exporter>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -23,12 +25,13 @@ Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitlab-exporter chart/
```
@@ -81,6 +84,7 @@ helm install gitlab-exporter chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# migrations
 
@@ -88,12 +92,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Database migrations and other versioning tasks for upgrading Gitlab
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -105,12 +111,13 @@ Database migrations and other versioning tasks for upgrading Gitlab
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install migrations chart/
```
@@ -153,6 +160,7 @@ helm install migrations chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# praefect
 
@@ -160,6 +168,7 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster.
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect>
@@ -167,6 +176,7 @@ Praefect is a router and transaction manager for Gitaly, and a required componen
* <https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -178,12 +188,13 @@ Praefect is a router and transaction manager for Gitaly, and a required componen
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install praefect chart/
```
@@ -225,6 +236,7 @@ helm install praefect chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# sidekiq
 
@@ -232,12 +244,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Gitlab Sidekiq for asynchronous task processing in rails
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -249,12 +263,13 @@ Gitlab Sidekiq for asynchronous task processing in rails
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install sidekiq chart/
```
@@ -406,6 +421,7 @@ helm install sidekiq chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# toolbox
 
@@ -413,12 +429,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
For manually running rake tasks through kubectl
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -430,12 +448,13 @@ For manually running rake tasks through kubectl
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install toolbox chart/
```
@@ -563,6 +582,7 @@ helm install toolbox chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# registry
 
@@ -570,12 +590,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Stateless, highly scalable application that stores and lets you distribute container images
## Upstream References
+
* <https://docs.gitlab.com/ee/user/packages/container_registry>
* <https://gitlab.com/gitlab-org/container-registry>
* <https://gitlab.com/gitlab-org/charts/gitlab/charts/registry>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -587,12 +609,13 @@ Stateless, highly scalable application that stores and lets you distribute conta
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install registry chart/
```
@@ -672,7 +695,7 @@ helm install registry chart/
| init.image | object | `{}` | |
| init.resources.requests.cpu | string | `"50m"` | |
| init.containerSecurityContext | object | `{}` | |
-| init.script | string | `"if [ -e /config/accesskey ] ; then\n sed -e 's@ACCESS_KEY@'\"$(cat /config/accesskey)\"'@' -e 's@SECRET_KEY@'\"$(cat /config/secretkey)\"'@' /config/config.yml > /registry/config.yml\nelse\n cp -v -r -L /config/config.yml /registry/config.yml\nfi\n# Place the `http.secret` value from the kubernetes secret\nsed -i -e 's@HTTP_SECRET@'\"$(cat /config/httpSecret)\"'@' /registry/config.yml\n# Populate sensitive registry notification secrets in the config file\nif [ -d /config/notifications ]; then\n for i in /config/notifications/*; do\n filename=$(basename $i);\n sed -i -e 's@'\"${filename}\"'@'\"$(cat $i)\"'@' /registry/config.yml;\n done\nfi\n# Insert any provided `storage` block from kubernetes secret\nif [ -d /config/storage ]; then\n # Copy contents of storage secret(s)\n mkdir -p /registry/storage\n cp -v -r -L /config/storage/* /registry/storage/\n # Ensure there is a new line in the end\n echo '' >> /registry/storage/config\n # Default `delete.enabled: true` if not present.\n ## Note: busybox grep doesn't support multiline, so we chain `egrep`.\n if ! $(egrep -A1 '^delete:\\s*$' /registry/storage/config \| egrep -q '\\s{2,4}enabled:') ; then\n echo 'delete:' >> /registry/storage/config\n echo ' enabled: true' >> /registry/storage/config\n fi\n # Indent /registry/storage/config 2 spaces before inserting into config.yml\n sed -i 's/^/ /' /registry/storage/config\n # Insert into /registry/config.yml after `storage:`\n sed -i '/^storage:/ r /registry/storage/config' /registry/config.yml\n # Remove the now extraneous `config` file\n rm /registry/storage/config\nfi\n# Copy any middleware.storage if present\nif [ -d /config/middleware.storage ]; then\n cp -v -r -L /config/middleware.storage /registry/middleware.storage\nfi\n# Set to known path, to used ConfigMap\ncat /config/certificate.crt > /registry/certificate.crt\n# Copy the optional profiling keyfile to the expected location\nif [ -f /config/profiling-key.json ]; then\n cp /config/profiling-key.json /registry/profiling-key.json\nfi\n# Insert Database password, if enabled\nif [ -f /config/database_password ] ; then\n sed -i -e 's@DB_PASSWORD_FILE@'\"$(cat /config/database_password)\"'@' /registry/config.yml\nfi\n# Insert Redis password, if enabled\nif [ -f /config/registry/redis-password ] ; then\n sed -i -e 's@REDIS_CACHE_PASSWORD@'\"$(cat /config/registry/redis-password)\"'@' /registry/config.yml\nfi\n# Copy the database TLS connection files to the expected location and set permissions\nif [ -d /config/ssl ]; then\n cp -r /config/ssl/ /registry/ssl\n chmod 700 /registry/ssl\n chmod 600 /registry/ssl/*.pem\nfi\n# Copy TLS certificates if present\nif [ -d /config/tls ]; then\n cp -r /config/tls/ /registry/tls\n chmod 700 /registry/tls\n chmod 600 /registry/tls/*\nfi"` | |
+| init.script | string | `"if [ -e /config/accesskey ] ; then\n sed -e 's@ACCESS_KEY@'\"$(cat /config/accesskey)\"'@' -e 's@SECRET_KEY@'\"$(cat /config/secretkey)\"'@' /config/config.yml > /registry/config.yml\nelse\n cp -v -r -L /config/config.yml /registry/config.yml\nfi\n# Place the`http.secret` value from the kubernetes secret\nsed -i -e 's@HTTP_SECRET@'\"$(cat /config/httpSecret)\"'@' /registry/config.yml\n# Populate sensitive registry notification secrets in the config file\nif [ -d /config/notifications ]; then\n for i in /config/notifications/*; do\n filename=$(basename $i);\n sed -i -e 's@'\"${filename}\"'@'\"$(cat $i)\"'@' /registry/config.yml;\n done\nfi\n# Insert any provided `storage` block from kubernetes secret\nif [ -d /config/storage ]; then\n # Copy contents of storage secret(s)\n mkdir -p /registry/storage\n cp -v -r -L /config/storage/* /registry/storage/\n # Ensure there is a new line in the end\n echo '' >> /registry/storage/config\n # Default `delete.enabled: true` if not present.\n ## Note: busybox grep doesn't support multiline, so we chain `egrep`.\n if ! $(egrep -A1 '^delete:\\s*$' /registry/storage/config \| egrep -q '\\s{2,4}enabled:') ; then\n echo 'delete:' >> /registry/storage/config\n echo ' enabled: true' >> /registry/storage/config\n fi\n # Indent /registry/storage/config 2 spaces before inserting into config.yml\n sed -i 's/^/ /' /registry/storage/config\n # Insert into /registry/config.yml after`storage:`\n sed -i '/^storage:/ r /registry/storage/config' /registry/config.yml\n # Remove the now extraneous`config`file\n rm /registry/storage/config\nfi\n# Copy any middleware.storage if present\nif [ -d /config/middleware.storage ]; then\n cp -v -r -L /config/middleware.storage /registry/middleware.storage\nfi\n# Set to known path, to used ConfigMap\ncat /config/certificate.crt > /registry/certificate.crt\n# Copy the optional profiling keyfile to the expected location\nif [ -f /config/profiling-key.json ]; then\n cp /config/profiling-key.json /registry/profiling-key.json\nfi\n# Insert Database password, if enabled\nif [ -f /config/database_password ] ; then\n sed -i -e 's@DB_PASSWORD_FILE@'\"$(cat /config/database_password)\"'@' /registry/config.yml\nfi\n# Insert Redis password, if enabled\nif [ -f /config/registry/redis-password ] ; then\n sed -i -e 's@REDIS_CACHE_PASSWORD@'\"$(cat /config/registry/redis-password)\"'@' /registry/config.yml\nfi\n# Copy the database TLS connection files to the expected location and set permissions\nif [ -d /config/ssl ]; then\n cp -r /config/ssl/ /registry/ssl\n chmod 700 /registry/ssl\n chmod 600 /registry/ssl/*.pem\nfi\n# Copy TLS certificates if present\nif [ -d /config/tls ]; then\n cp -r /config/tls/ /registry/tls\n chmod 700 /registry/tls\n chmod 600 /registry/tls/*\nfi"` | |
| resources.requests.cpu | string | `"50m"` | |
| resources.requests.memory | string | `"32Mi"` | |
| nodeSelector | object | `{}` | |
@@ -747,6 +770,7 @@ helm install registry chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# gitlab
 
@@ -754,11 +778,13 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
GitLab is the most comprehensive AI-powered DevSecOps Platform.
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -770,12 +796,13 @@ GitLab is the most comprehensive AI-powered DevSecOps Platform.
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitlab chart/
```
@@ -1749,6 +1776,7 @@ helm install gitlab chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# gitlab-shell
 
@@ -1756,12 +1784,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
sshd for Gitlab
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -1773,12 +1803,13 @@ sshd for Gitlab
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitlab-shell chart/
```
@@ -1886,6 +1917,7 @@ helm install gitlab-shell chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# webservice
 
@@ -1893,12 +1925,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
HTTP server for Gitlab
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -1910,12 +1944,13 @@ HTTP server for Gitlab
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install webservice chart/
```
@@ -2142,6 +2177,7 @@ helm install webservice chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# gitlab-pages
 
@@ -2149,6 +2185,7 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Daemon for serving static websites from GitLab projects
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages>
@@ -2156,6 +2193,7 @@ Daemon for serving static websites from GitLab projects
* <https://gitlab.com/gitlab-org/gitlab-pages>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2167,12 +2205,13 @@ Daemon for serving static websites from GitLab projects
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitlab-pages chart/
```
@@ -2276,6 +2315,7 @@ helm install gitlab-pages chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# geo-logcursor
 
@@ -2283,12 +2323,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
GitLab Geo logcursor
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2300,12 +2342,13 @@ GitLab Geo logcursor
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install geo-logcursor chart/
```
@@ -2364,6 +2407,7 @@ helm install geo-logcursor chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# kas
 
@@ -2371,12 +2415,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
GitLab Agent Server
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas>
* <https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2388,12 +2434,13 @@ GitLab Agent Server
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install kas chart/
```
@@ -2472,6 +2519,7 @@ helm install kas chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# minio
 
@@ -2479,12 +2527,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Object storage server built for cloud applications and devops.
## Upstream References
+
* <https://minio.io>
* <https://gitlab.com/gitlab-org/charts/gitlab/charts/minio>
* <https://github.com/minio/minio>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2496,12 +2546,13 @@ Object storage server built for cloud applications and devops.
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install minio chart/
```
@@ -2649,6 +2700,7 @@ helm install minio chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# certmanager-issuer
 
@@ -2656,6 +2708,7 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Configuration Job to add LetsEncrypt Issuer to cert-manager
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/certmanager-issuer>
@@ -2663,6 +2716,7 @@ Configuration Job to add LetsEncrypt Issuer to cert-manager
* <https://github.com/jetstack/cert-manager>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2674,12 +2728,13 @@ Configuration Job to add LetsEncrypt Issuer to cert-manager
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install certmanager-issuer chart/
```
@@ -2697,6 +2752,7 @@ helm install certmanager-issuer chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# gitaly
 
@@ -2704,12 +2760,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Git RPC service for handling all the git calls made by GitLab
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2721,12 +2779,13 @@ Git RPC service for handling all the git calls made by GitLab
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitaly chart/
```
@@ -2800,6 +2859,7 @@ helm install gitaly chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# mailroom
 
@@ -2807,12 +2867,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Handling incoming emails
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom>
* <https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2824,12 +2886,13 @@ Handling incoming emails
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install mailroom chart/
```
@@ -2919,6 +2982,7 @@ helm install mailroom chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# spamcheck
 
@@ -2926,12 +2990,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
GitLab Anti-Spam Engine
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck>
* <https://gitlab.com/gitlab-org/spamcheck>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -2943,12 +3009,13 @@ GitLab Anti-Spam Engine
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install spamcheck chart/
```
@@ -3001,6 +3068,7 @@ helm install spamcheck chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# nginx-ingress
  
@@ -3008,12 +3076,14 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
## Upstream References
+
* <https://github.com/kubernetes/ingress-nginx>
* <https://github.com/kubernetes/ingress-nginx>
* <https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -3027,12 +3097,13 @@ Kubernetes: `>=1.19.0-0`
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install nginx-ingress chart/
```
@@ -3280,6 +3351,7 @@ helm install nginx-ingress chart/
## Contributing
Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing.
+
# gitlab
 
@@ -3287,11 +3359,13 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
Web-based Git-repository manager with wiki and issue-tracking features.
## Upstream References
+
* <https://about.gitlab.com/>
* <https://gitlab.com/gitlab-org/charts/gitlab>
## Learn More
+
* [Application Overview](docs/overview.md)
* [Other Documentation](docs/)
@@ -3303,12 +3377,13 @@ Web-based Git-repository manager with wiki and issue-tracking features.
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
* Clone down the repository
* cd into directory
+
```bash
helm install gitlab chart/
```
diff --git a/chart/bigbang/README.md b/chart/bigbang/README.md
index 8ab490d2ba63fdf35d43fea5d820bde759d8fc5e..cf6c793c887a86ce29dd2a69cfa1eb84d7d88080 100644
--- a/chart/bigbang/README.md
+++ b/chart/bigbang/README.md
@@ -1,3 +1,4 @@
# DoD Approved External PKI Certificate Trust Chains
+
The version 9.5 certs were downloaded from [public.cyber.mil](https://public.cyber.mil/pki-pke/pkipke-document-library/)
-https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-dod_approved_external_pkis_trust_chains.zip
\ No newline at end of file
+<https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-dod_approved_external_pkis_trust_chains.zip>
diff --git a/chart/charts/gitlab-runner-0.67.0.tgz b/chart/charts/gitlab-runner-0.67.0.tgz
deleted file mode 100644
index 01c3ead152248be206ec321b979d584368dad45a..0000000000000000000000000000000000000000
Binary files a/chart/charts/gitlab-runner-0.67.0.tgz and /dev/null differ
diff --git a/chart/charts/gitlab-runner-0.68.0.tgz b/chart/charts/gitlab-runner-0.68.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..720c51dc022d6187f0d42a9613f6dfedd5c701fe
Binary files /dev/null and b/chart/charts/gitlab-runner-0.68.0.tgz differ
diff --git a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
index 5397f891b4558d3d3b4d7356b895e0a4ae99c12b..5547cc11d12468b62bbc6787928ce4fa4f8b4203 100644
--- a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: geo-logcursor
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: GitLab Geo logcursor
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/Chart.yaml b/chart/charts/gitlab/charts/gitaly/Chart.yaml
index f33bf56b5c368b6cdd05b2c9c2a56beef7dec7d7..6eeba3ba1fa3ab939bb350cf57abf2957ac3e5ec 100644
--- a/chart/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitaly
-version: 8.2.9
-appVersion: 17.2.9
+version: 8.3.6
+appVersion: 17.3.6
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml b/chart/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml
index baa0ccaf958857a87de6df61efe2b8905ba9b674..a21bbf7bcc366421429e202798a48de5e7556db1 100644
--- a/chart/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml
+++ b/chart/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml
@@ -31,22 +31,25 @@ data:
prometheus_listen_addr = "0.0.0.0:{{ default .Values.metrics.port .Values.metrics.metricsPort }}"
{{- end }}
+ # Graceful shutdown timeout, how long to wait for in-flight requests to complete
+ graceful_restart_timeout = "{{ .Values.gracefulRestartTimeout | toString | duration }}"
+
{{- if $.Values.global.gitaly.tls.enabled }}
[tls]
certificate_path = '/etc/gitlab-secrets/gitaly/gitaly.crt'
key_path = '/etc/gitlab-secrets/gitaly/gitaly.key'
{{- end }}
+ # Storage configuration
{{- if .storage }}
{{- /*
Passing in "skipStorages=true" below prevents changes in the Gitaly replica counts from modifying
the contents of the ConfigMap, which would cause existing pods to restart unnecessarily.
*/}}
- {{ if not .skipStorages }}
+ {{- if not .skipStorages }}
{% $storages := coll.Slice {{ include "gitlab.praefect.gitaly.storageNames" . }} %}
{{- end }}
-
{% $hostname := .Env.HOSTNAME | strings.TrimSpace %}
{% if coll.Has $storages $hostname %}
[[storage]]
@@ -62,10 +65,9 @@ data:
Passing in "skipStorages=true" below prevents changes in the Gitaly replica counts from modifying
the contents of the ConfigMap, which would cause existing pods to restart unnecessarily.
*/}}
- {{ if not .skipStorages }}
+ {{- if not .skipStorages }}
{% $storages := coll.Slice {{ include "gitlab.gitaly.storageNames" . }} %}
{{- end }}
-
{% $index := index (.Env.HOSTNAME | strings.Split "-" | coll.Reverse) 0 | conv.ToInt64 %}
{% if len $storages | lt $index %}
[[storage]]
diff --git a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
index 94a540fad1d3fa152375f17dec510f9f1af81ab6..04b7ef3e0466df1736280690c4bc10e13e2c2ee8 100644
--- a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
+++ b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
@@ -54,7 +54,7 @@ spec:
{{- toYaml .Values.tolerations | nindent 8 }}
{{- end }}
{{- include "gitlab.priorityClassName" . | nindent 6 }}
- terminationGracePeriodSeconds: 30
+ terminationGracePeriodSeconds: {{ .Values.gracefulRestartTimeout | int | add 5 }}
initContainers:
{{- if .Values.cgroups.enabled }}
- name: init-cgroups
diff --git a/chart/charts/gitlab/charts/gitaly/values.yaml b/chart/charts/gitlab/charts/gitaly/values.yaml
index be51bcf54819354c4e1097e5930a0b0153bbd8ea..4f2b7783e75525cf774843455a0c829324fa827e 100644
--- a/chart/charts/gitlab/charts/gitaly/values.yaml
+++ b/chart/charts/gitlab/charts/gitaly/values.yaml
@@ -67,17 +67,23 @@ tolerations: []
## The Gitaly StatefulSet's priorityClassName
# priorityClassName:
+# Gitaly shutdown grace period, how long to wait for in-flight requests to complete (seconds)
+# Pod `terminationGracePeriodSeconds` is set to this value + 5 seconds
+gracefulRestartTimeout: 25
+
logging:
format: "json"
# level:
# sentryDsn:
# sentryEnvironment:
+
git: {}
# catFileCacheSize:
## Amend the default configuration Gitaly is using when spawning Git
## commands. Accepts configuration as documented in git-config(1).
# config:
# - {key: "pack.threads", value: 4}
+
prometheus: {}
# grpcLatencyBuckets: "[1.0, 1.5, 2.0, 2.5]"
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 4262cdf852bb3cb06b53abaa3a481f26e347aa3e..e6ab539bb31dc9fcc8dae03d252dcdfe17285384 100644
--- a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: gitlab-exporter
-version: 8.2.9
+version: 8.3.6
appVersion: 15.0.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/templates/_helpers.tpl b/chart/charts/gitlab/charts/gitlab-exporter/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..2e3a08482e80f926cd419206f941d42a8ed180fc
--- /dev/null
+++ b/chart/charts/gitlab/charts/gitlab-exporter/templates/_helpers.tpl
@@ -0,0 +1,20 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the URL desired by GitLab Exporter
+
+If global.redis.queues is present, use this. If not present, use global.redis
+*/}}
+{{- define "gitlab.gitlab-exporter.redis.url" -}}
+{{- if $.Values.global.redis.queues -}}
+{{- $_ := set $ "redisConfigName" "queues" }}
+{{- end -}}
+{{- include "gitlab.redis.url" $ -}}
+{{- end -}}
+
+{{- define "gitlab.gitlab-exporter.redis.sentinelsList" -}}
+{{- if $.Values.global.redis.queues -}}
+{{- $_ := set $ "redisConfigName" "queues" }}
+{{- end -}}
+{{- include "gitlab.redis.sentinelsList" . }}
+{{- end -}}
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml b/chart/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml
index cde874db13643d3ad2046660c2bfc85d5148f123..d5498aaa1698ff8a2ee364e4ff72a8cafce53e48 100644
--- a/chart/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml
+++ b/chart/charts/gitlab/charts/gitlab-exporter/templates/configmap.yaml
@@ -50,10 +50,10 @@ data:
- probe_retries
- probe_stats
opts:
- redis_url: {{ template "gitlab.redis.url" . }}
+ redis_url: {{ include "gitlab.gitlab-exporter.redis.url" . }}
redis_enable_client: false
probe_non_namespaced: true
- {{- $sentinels := include "gitlab.redis.sentinelsList" . }}
+ {{- $sentinels := include "gitlab.gitlab-exporter.redis.sentinelsList" . }}
{{- if $sentinels }}
redis_sentinels:
{{- $sentinels | nindent 12 }}
diff --git a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
index 5826f190ee00c578adec11fc0eabbeeffab67658..38f1fb36cb71a70450540333945de5b9fa9a8a4b 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-pages
-version: 8.2.9
-appVersion: 17.2.9
+version: 8.3.6
+appVersion: 17.3.6
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/chart/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
index 68421fc172ab38b8d565e3855ef843aaed967dde..9e58facc514597b25772604b8b5d7a8523f755f8 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
+++ b/chart/charts/gitlab/charts/gitlab-pages/templates/configmap.yml
@@ -158,6 +158,10 @@ data:
{{- if .Values.rateLimitTLSDomainBurst }}
rate-limit-tls-domain-burst={{ .Values.rateLimitTLSDomainBurst }}
{{- end }}
+ {{- if not (empty .Values.rateLimitSubnetsAllowList) }}
+ {{- $rateLimitSubnetsAllowList := .Values.rateLimitSubnetsAllowList | join "," }}
+ rate-limit-subnets-allow-list={{ $rateLimitSubnetsAllowList }}
+ {{- end }}
{{- if .Values.serverReadTimeout }}
server-read-timeout={{ .Values.serverReadTimeout }}
{{- end }}
diff --git a/chart/charts/gitlab/charts/gitlab-pages/values.yaml b/chart/charts/gitlab/charts/gitlab-pages/values.yaml
index 3adf692dfbe3770e878988e5b6f2dfc39f40a6fb..97e74a6c3ca96dc2ab8a04ecdcb7fff24f189583 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/values.yaml
+++ b/chart/charts/gitlab/charts/gitlab-pages/values.yaml
@@ -247,3 +247,4 @@ affinity:
# rateLimitTLSSourceIPBurst:
# rateLimitTLSDomain:
# rateLimitTLSDomainBurst:
+# rateLimitSubnetsAllowList:
diff --git a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
index c166e37dfbcebb80bd15df111237985168587555..9c61f662c533dad1019b5764fd971486c94a4224 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-shell
-version: 8.2.9
-appVersion: 14.37.0
+version: 8.3.6
+appVersion: 14.38.0
description: sshd for Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
index 2250bb7e2b3675bb5011a69cbe3989f3204cd4f8..e5f808d2d49488e9004a483ce3802481818d1dcb 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
+++ b/chart/charts/gitlab/charts/gitlab-shell/templates/configmap.yml
@@ -90,13 +90,15 @@ data:
gssapi:
# Enable the gssapi-with-mic authentication method. Defaults to false.
enabled: {{ .Values.config.gssapi.enabled }}
- # Library path for gssapi shared library - defaults to libgssapi_krb5.so.2
+ # Library path for gssapi shared library - defaults to libgssapi_krb5.so.2
libpath: {{ .Values.config.gssapi.libpath }}
# Keytab path. Defaults to "", system default (usually /etc/krb5.keytab).
keytab: "/etc/krb5.keytab"
# The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file.
service_principal_name: {{ .Values.config.gssapi.servicePrincipalName }}
{{- end }}
+ lfs:
+ pure_ssh_protocol: {{ .Values.config.lfs.pureSSHProtocol }}
krb5.conf: |
{{- .Values.config.gssapi.krb5Config | nindent 4 }}
# Leave this here - This line denotes end of block to the parser.
diff --git a/chart/charts/gitlab/charts/gitlab-shell/templates/traefik-tcp-ingressroute.yaml b/chart/charts/gitlab/charts/gitlab-shell/templates/traefik-tcp-ingressroute.yaml
index 5983f666723a8dfe0bcbfe011d80b9d8b968bc50..8961b67ab8eccd45ddf7323ec83164cbff75d537 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/templates/traefik-tcp-ingressroute.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/templates/traefik-tcp-ingressroute.yaml
@@ -1,6 +1,7 @@
{{- if .Values.enabled -}}
{{- if eq .Values.global.ingress.provider "traefik" -}}
-apiVersion: traefik.containo.us/v1alpha1
+{{- $traefikApiVersion := dict "global" .Values.global.traefik "local" .Values.traefik "context" . -}}
+apiVersion: "{{ template "traefik.apiVersion" $traefikApiVersion }}"
kind: IngressRouteTCP
metadata:
name: {{ $.Release.Name }}-gitlab-shell
@@ -13,6 +14,10 @@ spec:
- {{ .Values.traefik.entrypoint }}
routes:
- match: HostSNI(`*`)
+ {{- with .Values.traefik.tcpMiddlewares }}
+ middlewares:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
services:
- name: {{ template "fullname" . }}
namespace: {{ .Release.Namespace }}
diff --git a/chart/charts/gitlab/charts/gitlab-shell/values.schema.json b/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
index 603b84113797c804c22c3fae71831da1b34a6e9e..e6d346ecfcc4004a1cb9eedc373b4a34d5cebd37 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
+++ b/chart/charts/gitlab/charts/gitlab-shell/values.schema.json
@@ -146,6 +146,16 @@
},
"title": "GSS-API related settings",
"type": "object"
+ },
+ "lfs": {
+ "properties": {
+ "pureSSHProtocol": {
+ "title": "Enable LFS pure SSH protocol support",
+ "type": "boolean"
+ }
+ },
+ "title": "LFS related settings",
+ "type": "object"
}
},
"required": [
diff --git a/chart/charts/gitlab/charts/gitlab-shell/values.yaml b/chart/charts/gitlab/charts/gitlab-shell/values.yaml
index 071cd8c7d21336387d61136435474dfe9d88c15c..7d7a6b0eaaa8709ece185c9f932522ae8b567dc0 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/values.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/values.yaml
@@ -66,6 +66,8 @@ maxReplicas: 10
# When using traefik ingress
traefik:
entrypoint: gitlab-shell
+ apiVersion: ""
+ tcpMiddlewares: []
hpa:
# targetAverageValue: 100m # DEPRECATED: in favor of `hpa.cpu.targetAverageValue` below
@@ -141,6 +143,8 @@ config:
key: keytab
krb5Config: ""
servicePrincipalName: ""
+ lfs:
+ pureSSHProtocol: false
## Allow to overwrite under which User and Group the Pod will be running.
securityContext:
diff --git a/chart/charts/gitlab/charts/kas/Chart.yaml b/chart/charts/gitlab/charts/kas/Chart.yaml
index ae71595eee472c0da7ef4ad9bfc692d64dabea6e..3914af5b0125ad85d847b000e34615e87f071cbd 100644
--- a/chart/charts/gitlab/charts/kas/Chart.yaml
+++ b/chart/charts/gitlab/charts/kas/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: kas
-version: 8.2.9
-appVersion: 17.2.9
+version: 8.3.6
+appVersion: 17.3.6
description: GitLab Agent Server
keywords:
- agent
diff --git a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
index e13c3f16ea99af53c6877cc6c0b725e1b4a07803..01d0901812f1d64c02ccc2fcb809db4ef9e8ca89 100644
--- a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
@@ -24,7 +24,10 @@ Build Redis config for KAS
{{- $_ := set $ "redisConfigName" "sharedState" -}}
{{- end -}}
{{- include "gitlab.redis.selectedMergedConfig" . -}}
-{{- if .redisMergedConfig.password.enabled -}}
+{{- if .redisMergedConfig.user }}
+username: {{ .redisMergedConfig.user }}
+{{- end -}}
+{{- if .redisMergedConfig.password.enabled }}
password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}
{{- end -}}
{{- if not .redisMergedConfig.sentinels }}
diff --git a/chart/charts/gitlab/charts/mailroom/Chart.yaml b/chart/charts/gitlab/charts/mailroom/Chart.yaml
index b807cb217dcbefb59e3e231dcdf3920684564d41..90909322a440c6e0ec84adbc55669bd1e0337d0a 100644
--- a/chart/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/chart/charts/gitlab/charts/mailroom/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mailroom
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: Handling incoming emails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/migrations/Chart.yaml b/chart/charts/gitlab/charts/migrations/Chart.yaml
index 055687c32c6fd0e7c413d9bf0940c67d763750d1..450a3b99251bff9b0d7ca3b68f2d9b58558a108a 100644
--- a/chart/charts/gitlab/charts/migrations/Chart.yaml
+++ b/chart/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: migrations
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/praefect/Chart.yaml b/chart/charts/gitlab/charts/praefect/Chart.yaml
index 1ee9e41b2edaa7d681a577262ecc96f013623ed3..c8019507397f82e02f0341b91aa81981daef6bd2 100644
--- a/chart/charts/gitlab/charts/praefect/Chart.yaml
+++ b/chart/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: praefect
-version: 8.2.9
-appVersion: 17.2.9
+version: 8.3.6
+appVersion: 17.3.6
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
diff --git a/chart/charts/gitlab/charts/sidekiq/Chart.yaml b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
index b9f01eeaeb55b7c6547978c77f1d36df8cac76da..38065282852589562a54584ab99fab9c0d5a9489 100644
--- a/chart/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: sidekiq
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/spamcheck/Chart.yaml b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
index 3ddb9ccef53eb2571bb911785543aba683794baa..8c364c5296929794461e6c313dd54e58311ef04f 100644
--- a/chart/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: spamcheck
-version: 8.2.9
+version: 8.3.6
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
diff --git a/chart/charts/gitlab/charts/toolbox/Chart.yaml b/chart/charts/gitlab/charts/toolbox/Chart.yaml
index d98043bf680d3367ba48314caf58d4bea68c0ebe..7e2808e656ed78d17a5616deba713b44c0c6d558 100644
--- a/chart/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/chart/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: toolbox
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: For manually running rake tasks through kubectl
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/toolbox/templates/_helpers.tpl b/chart/charts/gitlab/charts/toolbox/templates/_helpers.tpl
index 62a85a4cd68460abedaaf52bf2f9cd87fb20a9db..10c03cc69aae0fae6e252a896683d3e6ec25ac2a 100644
--- a/chart/charts/gitlab/charts/toolbox/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/toolbox/templates/_helpers.tpl
@@ -45,11 +45,13 @@ Usage:
*/}}
{{- define "toolbox.backups.objectStorage.config.secret" -}}
{{- if eq .backend "gcs" -}}
+{{- if .config -}}
- secret:
name: {{ .config.secret }}
items:
- key: {{ default "config" .config.key }}
path: objectstorage/{{ default "config" .config.key }}
+{{- end -}}
{{- else if eq .backend "azure" -}}
- secret:
name: {{ .config.secret }}
diff --git a/chart/charts/gitlab/charts/webservice/Chart.yaml b/chart/charts/gitlab/charts/webservice/Chart.yaml
index b594657de61ef2f1817561c4b327a52a7f53ed67..3944a3cb6c57eaae0708ebdf66378f1b44b8fe32 100644
--- a/chart/charts/gitlab/charts/webservice/Chart.yaml
+++ b/chart/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: webservice
-version: 8.2.9
-appVersion: v17.2.9
+version: 8.3.6
+appVersion: v17.3.6
description: HTTP server for Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
index 37bb4b4a4c6af8420fb26f853ab6fad43910dc71..a320e36ee79fe9aafd87ed461b4b8bb7296d0d1d 100644
--- a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
@@ -269,7 +269,11 @@ Return the workhorse redis configuration.
{{- include "gitlab.redis.selectedMergedConfig" . -}}
[redis]
{{- if not .redisMergedConfig.sentinels }}
-URL = "{{ template "gitlab.redis.scheme" $ }}://{{ template "gitlab.redis.host" $ }}:{{ template "gitlab.redis.port" $ }}"
+{{- $userinfo := "" }}
+{{- if .redisMergedConfig.user }}
+{{- $userinfo = printf "%s@" .redisMergedConfig.user }}
+{{- end }}
+URL = "{{ template "gitlab.redis.scheme" $ }}://{{ $userinfo }}{{ template "gitlab.redis.host" $ }}:{{ template "gitlab.redis.port" $ }}"
{{- else }}
SentinelMaster = "{{ template "gitlab.redis.host" $ }}"
Sentinel = [ {{ template "gitlab.redis.workhorse.sentinel-list" $ }} ]
diff --git a/chart/charts/gitlab/templates/_rails.redis.tpl b/chart/charts/gitlab/templates/_rails.redis.tpl
index 071c4ae2904db1c079dc28c6f30d9ef87115261c..41aaf227d28bea7086e985e35a32ef38836453c3 100644
--- a/chart/charts/gitlab/templates/_rails.redis.tpl
+++ b/chart/charts/gitlab/templates/_rails.redis.tpl
@@ -5,17 +5,38 @@ Render a Redis `resque` format configuration for Rails.
Input: dict "context" $ "name" string
*/}}
{{- define "gitlab.rails.redis.yaml" -}}
+{{- $connect_timeout := include "gitlab.redis.connectTimeout" .context }}
+{{- $read_timeout := include "gitlab.redis.readTimeout" .context }}
+{{- $write_timeout := include "gitlab.redis.writeTimeout" .context }}
{{- if $cluster := include "gitlab.redis.cluster" .context -}}
{{ .name }}.yml.erb: |
production:
{{- include "gitlab.redis.cluster.user" .context | nindent 4 }}
{{- include "gitlab.redis.cluster.password" .context | nindent 4 }}
{{- $cluster | nindent 4 }}
+ {{- if $connect_timeout }}
+ connect_timeout: {{ $connect_timeout }}
+ {{- end }}
+ {{- if $read_timeout }}
+ read_timeout: {{ $read_timeout }}
+ {{- end }}
+ {{- if $write_timeout }}
+ write_timeout: {{ $write_timeout }}
+ {{- end }}
id:
{{- else -}}
{{ .name }}.yml.erb: |
production:
url: {{ template "gitlab.redis.url" .context }}
+ {{- if $connect_timeout }}
+ connect_timeout: {{ $connect_timeout }}
+ {{- end }}
+ {{- if $read_timeout }}
+ read_timeout: {{ $read_timeout }}
+ {{- end }}
+ {{- if $write_timeout }}
+ write_timeout: {{ $write_timeout }}
+ {{- end }}
{{- include "gitlab.redis.sentinels" .context | nindent 4 }}
{{- $password := include "gitlab.redis.sentinel.password" .context }}
{{- if $password }}
diff --git a/chart/charts/gitlab/templates/_redis.tpl b/chart/charts/gitlab/templates/_redis.tpl
index d284c21ebdce988a3d098cde5d757e802f946871..8f5841e5f0dff6b4fded4a8621e255df28a67906 100644
--- a/chart/charts/gitlab/templates/_redis.tpl
+++ b/chart/charts/gitlab/templates/_redis.tpl
@@ -52,6 +52,33 @@ Return the redis url.
{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
{{- end -}}
+{{/*
+Return the Redis connection timeout.
+*/}}
+{{- define "gitlab.redis.connectTimeout" -}}
+{{- if .Values.global.redis.connectTimeout -}}
+{{ .Values.global.redis.connectTimeout }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis read timeout.
+*/}}
+{{- define "gitlab.redis.readTimeout" -}}
+{{- if .Values.global.redis.readTimeout -}}
+{{ .Values.global.redis.readTimeout }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis write timeout.
+*/}}
+{{- define "gitlab.redis.writeTimeout" -}}
+{{- if .Values.global.redis.writeTimeout -}}
+{{ .Values.global.redis.writeTimeout }}
+{{- end -}}
+{{- end -}}
+
{{/*
Return the user section of the Redis URI, if needed.
*/}}
diff --git a/chart/charts/nginx-ingress/templates/clusterrole.yaml b/chart/charts/nginx-ingress/templates/clusterrole.yaml
index fa601347279549226d64d4ab3101b0242ed7fe29..930662a5d1a4849f3b5f594cacd5aa284a327184 100644
--- a/chart/charts/nginx-ingress/templates/clusterrole.yaml
+++ b/chart/charts/nginx-ingress/templates/clusterrole.yaml
@@ -20,6 +20,14 @@ rules:
verbs:
- list
- watch
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+ - get
- apiGroups:
- coordination.k8s.io
resources:
diff --git a/chart/charts/nginx-ingress/templates/controller-deployment.yaml b/chart/charts/nginx-ingress/templates/controller-deployment.yaml
index b897aa81654dfa22e7f9b9703aa12f8016eb64e3..2860c4afe3dffdb837da8f733ef2f8d0772663a3 100644
--- a/chart/charts/nginx-ingress/templates/controller-deployment.yaml
+++ b/chart/charts/nginx-ingress/templates/controller-deployment.yaml
@@ -79,7 +79,13 @@ spec:
containers:
- name: {{ .Values.controller.containerName }}
{{- with .Values.controller.image }}
- image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{ include "gitlab.image.tagSuffix" $ }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- $tag := .tag }}
+ {{- $digest := .digest }}
+ {{- if and (not $.Values.rbac.create) (not .disableFallback) }}
+ {{- $tag = .fallbackTag }}
+ {{- $digest = .fallbackDigest }}
+ {{- end }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ $tag }}{{ include "gitlab.image.tagSuffix" $ }}{{- if ($digest) -}} @{{$digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }}
diff --git a/chart/charts/nginx-ingress/templates/controller-role.yaml b/chart/charts/nginx-ingress/templates/controller-role.yaml
index 9924d61c1d672b1e7a01fb95d93cf80122331d66..0106014477b76e5932693deb38cca38a5fe53122 100644
--- a/chart/charts/nginx-ingress/templates/controller-role.yaml
+++ b/chart/charts/nginx-ingress/templates/controller-role.yaml
@@ -95,6 +95,14 @@ rules:
verbs:
- create
- patch
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+ - get
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
diff --git a/chart/charts/nginx-ingress/values.yaml b/chart/charts/nginx-ingress/values.yaml
index d0c0ae8dd984758982d174851e3bbcb26cc51e35..857acbf383c196efc4b646211172a2b515faa95d 100644
--- a/chart/charts/nginx-ingress/values.yaml
+++ b/chart/charts/nginx-ingress/values.yaml
@@ -12,12 +12,15 @@ controller:
image:
registry: registry.gitlab.com
image: gitlab-org/cloud-native/mirror/images/ingress-nginx/controller
- tag: "v1.3.1"
- digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974
+ tag: "v1.11.2"
+ fallbackTag: "v1.3.1"
+ fallbackDigest: "sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"
+ digest: "sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"
pullPolicy: IfNotPresent
# www-data -> uid 101
runAsUser: 101
allowPrivilegeEscalation: true
+ disableFallback: false
# Use an existing PSP instead of creating one
existingPsp: ""
diff --git a/chart/charts/registry/index.md b/chart/charts/registry/index.md
index 1e6668f89d93430219ddcdb17f4badf0bb7d04ee..a3cf666585a88199fa8f0e482e9dcb1e496407d6 100644
--- a/chart/charts/registry/index.md
+++ b/chart/charts/registry/index.md
@@ -1,4 +1,4 @@
-Forked from https://github.com/helm/charts/tree/master/stable/docker-registry
+Forked from <https://github.com/helm/charts/tree/master/stable/docker-registry>
With a few tweaks to make it play nicely with GitLab, including Minio S3
storage and GitLab authentication endpoint.
@@ -10,4 +10,4 @@ this chart also introduces some additional configuration. See [additional option
## Development
-For more details, see [development notes](../../doc/development/index.md#verifying-registry)
+For more details, see [development notes](../../doc/development/index.md#verifying-registry)
diff --git a/chart/charts/registry/templates/_redis.tpl b/chart/charts/registry/templates/_redis.tpl
index 241178cd96137eb18376735820acbfdc912bb62e..784309598df220f84fc0fd9b7abe679bb565fe61 100644
--- a/chart/charts/registry/templates/_redis.tpl
+++ b/chart/charts/registry/templates/_redis.tpl
@@ -1,18 +1,23 @@
{{/*
-Helper for Sentinels as a string
+Helper for List of addresses as a string
-Expectation: input contents has .sentinels, which is a List of Dict
+Expectation: input contents has .sentinels or .cluster, which is a List of Dict
in the format of [{host: , port:}, ...]
*/}}
-{{- define "registry.redis.host.sentinels" -}}
-{{- $sentinels := list -}}
-{{- range .sentinels -}}
-{{- $sentinels = append $sentinels (printf "%s:%d" .host (default 26379 .port | int)) -}}
+{{- define "registry.redis.host.addresses" -}}
+{{- $addresses := list -}}
+{{- if .sentinels -}}
+{{- range .sentinels -}}
+{{- $addresses = append $addresses (printf "%s:%d" .host (default 26379 .port | int)) -}}
+{{- end -}}
+{{- else if .cluster -}}
+{{- range .cluster -}}
+{{- $addresses = append $addresses (printf "%s:%d" .host (default 6379 .port | int)) -}}
+{{- end -}}
{{- end -}}
-{{ join "," $sentinels }}
+{{ join "," $addresses }}
{{- end -}}
-
{{- define "gitlab.registry.redisCacheSecret.mount" -}}
{{- if .Values.redis.cache.password.enabled }}
- secret:
@@ -64,10 +69,10 @@ redis:
cache:
enabled: {{ .Values.redis.cache.enabled | eq true }}
{{- if .Values.redis.cache.sentinels }}
- addr: {{ include "registry.redis.host.sentinels" .Values.redis.cache | quote }}
+ addr: {{ include "registry.redis.host.addresses" .Values.redis.cache | quote }}
mainname: {{ .Values.redis.cache.host }}
{{- else if .redisMergedConfig.sentinels }}
- addr: {{ include "registry.redis.host.sentinels" .redisMergedConfig | quote }}
+ addr: {{ include "registry.redis.host.addresses" .redisMergedConfig | quote }}
mainname: {{ template "gitlab.redis.host" . }}
{{- if .redisMergedConfig.sentinelAuth.enabled }}
sentinelpassword: {% file.Read "/config/redis-sentinel/redis-sentinel-password" | strings.TrimSpace | data.ToJSON %}
@@ -118,13 +123,15 @@ redis:
ratelimiter:
enabled: {{ .Values.redis.rateLimiting.enabled | eq true }}
{{- if .Values.redis.rateLimiting.sentinels }}
- addr: {{ include "registry.redis.host.sentinels" .Values.redis.rateLimiting | quote }}
+ addr: {{ include "registry.redis.host.addresses" .Values.redis.rateLimiting | quote }}
mainname: {{ .Values.redis.rateLimiting.host }}
- {{- else if .redisMergedConfig.sentinels }}
- addr: {{ include "registry.redis.host.sentinels" .redisMergedConfig | quote }}
- mainname: {{ template "gitlab.redis.host" . }}
+ {{- else if .Values.redis.rateLimiting.cluster }}
+ addr: {{ include "registry.redis.host.addresses" .Values.redis.rateLimiting | quote }}
{{- else if .Values.redis.rateLimiting.host }}
addr: {{ printf "%s:%d" .Values.redis.rateLimiting.host (int .Values.redis.rateLimiting.port | default 6379) | quote }}
+ {{- else if .redisMergedConfig.sentinels }}
+ addr: {{ include "registry.redis.host.addresses" .redisMergedConfig | quote }}
+ mainname: {{ template "gitlab.redis.host" . }}
{{- else }}
addr: {{ printf "%s:%s" ( include "gitlab.redis.host" . ) ( include "gitlab.redis.port" . ) | quote }}
{{- end }}
diff --git a/chart/doc/.vale/gitlab_base/BadPlurals.yml b/chart/doc/.vale/gitlab_base/BadPlurals.yml
new file mode 100644
index 0000000000000000000000000000000000000000..77225c8849f3dd594a898ae17ffba4b64267d404
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/BadPlurals.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.BadPlurals
+#
+# Don't write plural words with the '(s)' construction. 'HTTP(S)' is acceptable.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Rewrite '%s' to be plural without parentheses."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#s
+level: warning
+ignorecase: true
+nonword: true
+tokens:
+ - '(?<!http)\(s\)'
diff --git a/chart/doc/.vale/gitlab_base/British.yml b/chart/doc/.vale/gitlab_base/British.yml
new file mode 100644
index 0000000000000000000000000000000000000000..432ed302e11e17a5353e968fffa92a7aa3e0bbc6
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/British.yml
@@ -0,0 +1,120 @@
+---
+# Error: gitlab.British
+#
+# Checks that US spelling is used instead of British spelling.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use the US spelling '%s' instead of the British '%s'."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#language
+level: error
+ignorecase: true
+swap:
+ aeon: eon
+ aeroplane: airplane
+ ageing: aging
+ aluminium: aluminum
+ anaemia: anemia
+ anaesthesia: anesthesia
+ analyse: analyze
+ annexe: annex
+ apologise: apologize
+ authorise: authorize
+ authorised: authorized
+ authorisation: authorization
+ authorising: authorizing
+ behaviour: behavior
+ busses: buses
+ calibre: caliber
+ categorise: categorize
+ categorised: categorized
+ categorises: categorizes
+ categorising: categorizing
+ centre: center
+ cheque: check
+ civilisation: civilization
+ civilise: civilize
+ colour: color
+ cosy: cozy
+ cypher: cipher
+ dependant: dependent
+ defence: defense
+ distil: distill
+ draught: draft
+ encyclopaedia: encyclopedia
+ enquiry: inquiry
+ enrol: enroll
+ enrolment: enrollment
+ enthral: enthrall
+ # equalled: equaled // Under discussion
+ # equalling: equaling // Under discussion
+ favourite: favorite
+ fibre: fiber
+ fillet: filet
+ flavour: flavor
+ furore: furor
+ fulfil: fulfill
+ gaol: jail
+ grey: gray
+ humour: humor
+ honour: honor
+ initialled: initialed
+ initialling: initialing
+ instil: instill
+ jewellery: jewelry
+ labelling: labeling
+ labelled: labeled
+ labour: labor
+ libellous: libelous
+ licence: license
+ likeable: likable
+ liveable: livable
+ lustre: luster
+ manoeuvre: maneuver
+ marvellous: marvelous
+ matt: matte
+ meagre: meager
+ metre: meter
+ modelling: modeling
+ moustache: mustache
+ neighbour: neighbor
+ normalise: normalize
+ offence: offense
+ optimise: optimize
+ optimised: optimized
+ optimising: optimizing
+ organise: organize
+ orientated: oriented
+ paralyse: paralyze
+ plough: plow
+ pretence: pretense
+ programme: program
+ pyjamas: pajamas
+ rateable: ratable
+ realise: realize
+ recognise: recognize
+ reconnoitre: reconnoiter
+ rumour: rumor
+ sabre: saber
+ saleable: salable
+ saltpetre: saltpeter
+ sceptic: skeptic
+ sepulchre: sepulcher
+ signalling: signaling
+ sizeable: sizable
+ skilful: skillful
+ sombre: somber
+ smoulder: smolder
+ speciality: specialty
+ spectre: specter
+ splendour: splendor
+ standardise: standardize
+ standardised: standardized
+ sulphur: sulfur
+ theatre: theater
+ travelled: traveled
+ traveller: traveler
+ travelling: traveling
+ unshakeable: unshakable
+ wilful: willful
+ yoghurt: yogurt
diff --git a/chart/doc/.vale/gitlab_base/CIConfigFile.yml b/chart/doc/.vale/gitlab_base/CIConfigFile.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5cbd02e799b513fd8058ac7a8d248dc37614480a
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/CIConfigFile.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.CIConfigFile
+#
+# Checks that the `.gitlab-ci.yml` file is referenced properly.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Change the file name to be exactly '.gitlab-ci.yml'."
+link: https://docs.gitlab.com/ee/development/documentation/versions.html
+level: error
+scope: raw
+raw:
+ - '(?!`\.gitlab-ci\.yml`)`.?gitlab.?ci.?ya?ml`'
diff --git a/chart/doc/.vale/gitlab_base/CodeblockFences.yml b/chart/doc/.vale/gitlab_base/CodeblockFences.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27159f7e72eddf3d4713cb5ada1ced889ce4951b
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/CodeblockFences.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.CodeblockFences
+#
+# Ensures all codeblock language tags use the full name, not aliases.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Instead of '%s' for the code block, use yaml, ruby, plaintext, markdown, javascript, shell, go, python, dockerfile, or typescript."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#code-blocks
+level: error
+scope: raw
+raw:
+ - '\`\`\`(yml|rb|text|md|bash|sh\n|js\n|golang\n|py\n|docker\n|ts)'
diff --git a/chart/doc/.vale/gitlab_base/CommandStringsQuoted.yml b/chart/doc/.vale/gitlab_base/CommandStringsQuoted.yml
new file mode 100644
index 0000000000000000000000000000000000000000..531595ed10dfcffc244d86b50a9af3bbb22edf84
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/CommandStringsQuoted.yml
@@ -0,0 +1,14 @@
+---
+# Error: gitlab.CommandStringsQuoted
+#
+# Ensures all code blocks wrap URL strings in quotation marks.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "For the command example, use double quotes around the URL: %s"
+link: https://docs.gitlab.com/ee/development/documentation/restful_api_styleguide.html#curl-commands
+level: error
+scope: raw
+nonword: true
+tokens:
+ - '(curl|--url)[^"\]\n]+?https?:\/\/[^ \n]*'
diff --git a/chart/doc/.vale/gitlab_base/CurrentStatus.yml b/chart/doc/.vale/gitlab_base/CurrentStatus.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9972573b4061b059a18b366a70e52e2cf7fea772
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/CurrentStatus.yml
@@ -0,0 +1,13 @@
+---
+# Warning: gitlab.CurrentStatus
+#
+# Checks for words that indicate a product or feature may change in the future.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Remove '%s'. The documentation reflects the current state of the product."
+level: warning
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/versions.html#promising-features-in-future-versions
+tokens:
+ - currently
diff --git a/chart/doc/.vale/gitlab_base/DefaultBranch.yml b/chart/doc/.vale/gitlab_base/DefaultBranch.yml
new file mode 100644
index 0000000000000000000000000000000000000000..86c627bcfe38443eebc3583a4e3bf037ba8f2ea3
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/DefaultBranch.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.DefaultBranch
+#
+# Do not refer to the default branch as the 'master' branch, if possible.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use 'default branch' or `main` instead of `master`, when possible."
+level: warning
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#default-branch
+scope: raw
+raw:
+ - '\`master\`'
diff --git a/chart/doc/.vale/gitlab_base/Dropdown.yml b/chart/doc/.vale/gitlab_base/Dropdown.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c656d1209f5d09df8d27a775f0f37a5287e99c26
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Dropdown.yml
@@ -0,0 +1,14 @@
+---
+# Suggestion: gitlab.Dropdown
+#
+# Catches many ways the phrase 'dropdown list' can be fumbled.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use 'dropdown list'."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#dropdown-list
+level: warning
+ignorecase: true
+tokens:
+ - drop-down( [\w]*)?
+ - dropdown(?! list)
diff --git a/chart/doc/.vale/gitlab_base/EOLWhitespace.yml b/chart/doc/.vale/gitlab_base/EOLWhitespace.yml
new file mode 100644
index 0000000000000000000000000000000000000000..153786443cc2e12968980d0cc525895a024b3e47
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/EOLWhitespace.yml
@@ -0,0 +1,13 @@
+---
+# Warning: gitlab.EOLWhitespace
+#
+# Checks that there is no useless whitespace at the end of lines.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Remove whitespace characters from the end of the line."
+link: https://docs.gitlab.com/ee/development/documentation/versions.html
+level: warning
+scope: raw
+raw:
+ - ' +\n'
diff --git a/chart/doc/.vale/gitlab_base/ElementDescriptors.yml b/chart/doc/.vale/gitlab_base/ElementDescriptors.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fd3acace744cb5037facc52106894c2a94bfd0d6
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/ElementDescriptors.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.ElementDescriptors
+#
+# Suggests the correct way to describe a button.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "If possible, rewrite to remove 'button'."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#button
+level: warning
+ignorecase: true
+scope: raw
+raw:
+ - \*\*[^*]+\*\*\s+button
diff --git a/chart/doc/.vale/gitlab_base/FutureTense.yml b/chart/doc/.vale/gitlab_base/FutureTense.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c8be170d09c0b1be938aaf2669e8396392693a02
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/FutureTense.yml
@@ -0,0 +1,15 @@
+---
+# Warning: gitlab.FutureTense
+#
+# Checks for use of future tense in sentences. Present tense is strongly preferred.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Instead of future tense '%s', use present tense."
+ignorecase: true
+nonword: true
+level: warning
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#future-tense
+tokens:
+ - (going to|will|won't)[ \n:]\w*
+ - (It?|we|you|they)'ll[ \n:]\w*
diff --git a/chart/doc/.vale/gitlab_base/GitLabFlavoredMarkdown.yml b/chart/doc/.vale/gitlab_base/GitLabFlavoredMarkdown.yml
new file mode 100644
index 0000000000000000000000000000000000000000..532f1afd8162cbc3e6e5a1f9d5ec64171ccd69af
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/GitLabFlavoredMarkdown.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.GitLabFlavoredMarkdown
+#
+# Checks for unclear use of GLFM or GLM instead of GitLab/GitHub Flavored Markdown
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use '%s' instead of '%s' when possible."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+level: warning
+ignorecase: true
+swap:
+ GLFM: "GitLab Flavored Markdown"
+ GFM: "GitLab Flavored Markdown' or 'GitHub Flavored Markdown"
diff --git a/chart/doc/.vale/gitlab_base/HeadingContent.yml b/chart/doc/.vale/gitlab_base/HeadingContent.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9fe9610ab06ebcb1b099398ba6a9270767324824
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/HeadingContent.yml
@@ -0,0 +1,19 @@
+---
+# Warning: gitlab.HeadingContent
+#
+# Checks for generic, unhelpful subheadings.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Rename the heading '%s', or re-purpose the content elsewhere."
+level: warning
+link: https://docs.gitlab.com/ee/development/documentation/topic_types/concept.html#concept-topic-titles
+ignorecase: true
+nonword: true
+scope: raw
+tokens:
+ - '\#+ How it works'
+ - '\#+ Limitations'
+ - '\#+ Overview'
+ - '\#+ Use cases?'
+ - '\#+ Important notes?'
diff --git a/chart/doc/.vale/gitlab_base/HeadingDepth.yml b/chart/doc/.vale/gitlab_base/HeadingDepth.yml
new file mode 100644
index 0000000000000000000000000000000000000000..000baf633d78d2d85204fced03576ac87af4d011
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/HeadingDepth.yml
@@ -0,0 +1,13 @@
+---
+# Suggestion: gitlab.HeadingDepth
+#
+# Checks that there are no headings greater than 3 levels
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Refactor the section or page to avoid headings greater than H5."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#heading-levels-in-markdown
+level: suggestion
+scope: raw
+raw:
+ - '(?<=\n)#{6,}\s.*'
diff --git a/chart/doc/.vale/gitlab_base/HeadingLink.yml b/chart/doc/.vale/gitlab_base/HeadingLink.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0755d91529c3cddc5eca8032598640d0863e4040
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/HeadingLink.yml
@@ -0,0 +1,18 @@
+---
+# Error: gitlab.HeadingLink
+#
+# Do not include links in a heading.
+# Headings already have self-referencing anchor links,
+# and they're used for generating the table of contents.
+# Adding a link will break the anchor linking behavior.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Do not use links in headings."
+level: error
+ignorecase: true
+nonword: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links
+scope: raw
+tokens:
+ - ^#+ .*\[.+\]\(\S+\).*$
diff --git a/chart/doc/.vale/gitlab_base/InclusiveLanguage.yml b/chart/doc/.vale/gitlab_base/InclusiveLanguage.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c3b7160df6db99adda13324be1677e0c33d10b55
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/InclusiveLanguage.yml
@@ -0,0 +1,22 @@
+---
+# Warning: gitlab.InclusiveLanguage
+# Suggests alternatives for non-inclusive language.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use inclusive language. Consider '%s' instead of '%s'."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+level: warning
+ignorecase: true
+swap:
+ blacklist(?:ed|ing|s)?: denylist
+ dummy: placeholder, sample, fake
+ (?:he|she): they
+ hers: their
+ his: their
+ mankind: humanity, people
+ manpower: GitLab team members
+ master: primary, main
+ sanity (?:check|test): check for completeness
+ slave: secondary
+ whitelist(?:ed|ing|s)?: allowlist
diff --git a/chart/doc/.vale/gitlab_base/LatinTerms.yml b/chart/doc/.vale/gitlab_base/LatinTerms.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dd858564e09662cc099a25f6045c70f093db51af
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/LatinTerms.yml
@@ -0,0 +1,17 @@
+---
+# Warning: gitlab.LatinTerms
+#
+# Checks for use of Latin terms.
+# Uses https://github.com/errata-ai/Google/blob/master/Google/Latin.yml for ideas.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use '%s' instead of '%s', but consider rewriting the sentence."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+level: warning
+nonword: true
+ignorecase: true
+swap:
+ '\b(?:e\.?g[\s.,;:])': for example
+ '\b(?:i\.?e[\s.,;:])': that is
+ '\bvia\b': "with', 'through', or 'by using"
diff --git a/chart/doc/.vale/gitlab_base/Level.yml b/chart/doc/.vale/gitlab_base/Level.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5eba926cee2a1bd9716a077b7ad06b768a16e358
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Level.yml
@@ -0,0 +1,18 @@
+---
+# Suggestion: gitlab.Level
+#
+# Avoid variations on the phrase "instance level" and "group level"
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Avoid using 'level' when referring to groups, instances, or projects: '%s'"
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#level
+level: suggestion
+ignorecase: true
+tokens:
+ - 'instance level'
+ - 'instance-level'
+ - 'group level'
+ - 'group-level'
+ - 'project level'
+ - 'project-level'
diff --git a/chart/doc/.vale/gitlab_base/MeaningfulLinkWords.yml b/chart/doc/.vale/gitlab_base/MeaningfulLinkWords.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5d5cc7c3880262f755258fad2a409bbb548f143d
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/MeaningfulLinkWords.yml
@@ -0,0 +1,17 @@
+---
+# Warning: gitlab.MeaningfulLinkWords
+#
+# Checks for the presence of semantically unhelpful words in link text.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Improve SEO and accessibility by rewriting the link text for '%s'."
+level: warning
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#text-for-links
+scope: raw
+nonword: true
+tokens:
+ - '\[here\](?=\(.*\))'
+ - '\[this\](?=\(.*\))'
+ - '\[this page\](?=\(.*\))'
diff --git a/chart/doc/.vale/gitlab_base/MergeConflictMarkers.yml b/chart/doc/.vale/gitlab_base/MergeConflictMarkers.yml
new file mode 100644
index 0000000000000000000000000000000000000000..54e044f195db33ae379184cf34574e5534e98f32
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/MergeConflictMarkers.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.MergeConflictMarkers
+#
+# Checks for the presence of merge conflict markers.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Remove the merge conflict marker '%s'."
+link: https://docs.gitlab.com/ee/development/code_review.html#merging-a-merge-request
+level: error
+scope: raw
+raw:
+ - '\n<<<<<<< .+\n|\n=======\n|\n>>>>>>> .+\n'
diff --git a/chart/doc/.vale/gitlab_base/MultiLineLinks.yml b/chart/doc/.vale/gitlab_base/MultiLineLinks.yml
new file mode 100644
index 0000000000000000000000000000000000000000..32fe38277dcfb784fef2060452455d5eb49547de
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/MultiLineLinks.yml
@@ -0,0 +1,14 @@
+---
+# Error: gitlab.MultiLineLinks
+#
+# Checks that links are all on a single line.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Put the full link on one line, even if the link is very long."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '\[[^\[\]]*?\n[^\[\]]*?\]\([^\)]*?\)|'
+ - '\[[^\[\]]*?\]\([^\)]*?\n[^\)]*\)'
diff --git a/chart/doc/.vale/gitlab_base/NonStandardQuotes.yml b/chart/doc/.vale/gitlab_base/NonStandardQuotes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6161a4cc0005f8d1f1f74af269300937198e4f5c
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/NonStandardQuotes.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.NonStandardQuotes
+#
+# Use only standard single and double quotes, not left or right quotes.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use standard single quotes or double quotes only. Do not use left or right quotes."
+level: warning
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation
+scope: raw
+raw:
+ - '[‘’“â€]'
diff --git a/chart/doc/.vale/gitlab_base/OutdatedVersions.yml b/chart/doc/.vale/gitlab_base/OutdatedVersions.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cd77ebeaa177bbfc7e3d5dfcfe1a07b90b5e19f2
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/OutdatedVersions.yml
@@ -0,0 +1,14 @@
+---
+# Suggestion: gitlab.OutdatedVersions
+#
+# Checks for references to versions of GitLab that are no longer supported.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "If possible, remove the reference to '%s'."
+link: https://docs.gitlab.com/ee/development/documentation/versions.html
+level: suggestion
+nonword: true
+ignorecase: true
+tokens:
+ - "GitLab v?(2|3|4|5|6|7|8|9|10|11|12|13|14)"
diff --git a/chart/doc/.vale/gitlab_base/OxfordComma.yml b/chart/doc/.vale/gitlab_base/OxfordComma.yml
new file mode 100644
index 0000000000000000000000000000000000000000..81a9ae5c1fc0dd757c729b9fb5022ebbce3bc5c8
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/OxfordComma.yml
@@ -0,0 +1,12 @@
+---
+# Warning: gitlab.OxfordComma
+#
+# Checks for the lack of an Oxford comma. In some cases, will catch overly complex sentence structures with lots of commas.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use a comma before the last 'and' or 'or' in a list of four or more items."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation
+level: warning
+raw:
+ - '(?:[\w-_` ]+,){2,}(?:[\w-_` ]+) (and |or )'
diff --git a/chart/doc/.vale/gitlab_base/Possessive.yml b/chart/doc/.vale/gitlab_base/Possessive.yml
new file mode 100644
index 0000000000000000000000000000000000000000..64c9481ac28aa55de34a8c742f307b23fb81f927
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Possessive.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.Possessive
+#
+# The word GitLab should not be used in the possessive form.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Remove 's from %s."
+level: error
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#gitlab
+tokens:
+ - GitLab's
diff --git a/chart/doc/.vale/gitlab_base/Prerequisites.yml b/chart/doc/.vale/gitlab_base/Prerequisites.yml
new file mode 100644
index 0000000000000000000000000000000000000000..239f9277c4deae54db4e99fb381862b8409e13a1
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Prerequisites.yml
@@ -0,0 +1,14 @@
+---
+# Error: gitlab.Prerequisites
+#
+# The "Prerequisites:" line should always be plural.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Pluralize 'Prerequisites', even if it includes only one item."
+link: https://docs.gitlab.com/ee/development/documentation/topic_types/task.html#task-prerequisites
+level: warning
+nonword: true
+scope: text
+raw:
+ - '^Prerequisite:'
diff --git a/chart/doc/.vale/gitlab_base/ReadingLevel.yml b/chart/doc/.vale/gitlab_base/ReadingLevel.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e0d2d4fd07fc166ce05b1d54163caecdc2408f0e
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/ReadingLevel.yml
@@ -0,0 +1,15 @@
+---
+# Suggestion: gitlab.ReadingLevel
+#
+# Checks the Flesch-Kincaid reading level.
+#
+# https://docs.errata.ai/vale/styles#metric
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: metric
+message: "The grade level is %s. Aim for 8th grade or lower by using shorter sentences and words."
+link: https://docs.gitlab.com/ee/development/documentation/testing/vale.html#readability-score
+level: suggestion
+formula: |
+ (0.39 * (words / sentences)) + (11.8 * (syllables / words)) - 15.59
+condition: "> 1"
diff --git a/chart/doc/.vale/gitlab_base/Repetition.yml b/chart/doc/.vale/gitlab_base/Repetition.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cdeb29e7d45f7441eb53275f12c7ddaa26800350
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Repetition.yml
@@ -0,0 +1,12 @@
+---
+# Error: gitlab.Repetition
+#
+# Checks for duplicate words, like `the the` or `and and`.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: repetition
+message: "Remove this duplicate word: '%s'."
+level: error
+alpha: true
+tokens:
+ - '[^\s]+'
diff --git a/chart/doc/.vale/gitlab_base/SentenceLength.yml b/chart/doc/.vale/gitlab_base/SentenceLength.yml
new file mode 100644
index 0000000000000000000000000000000000000000..48ebf02bc7f4f24dd347e6da394715998c8df3e4
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/SentenceLength.yml
@@ -0,0 +1,13 @@
+---
+# Suggestion: gitlab.SentenceLength
+#
+# Counts words in a sentence and alerts if a sentence exceeds 25 words.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: occurrence
+message: "Improve readability by using fewer than 25 words in this sentence."
+scope: sentence
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#language
+level: suggestion
+max: 25
+token: \b(\w+)\b
diff --git a/chart/doc/.vale/gitlab_base/SentenceSpacing.yml b/chart/doc/.vale/gitlab_base/SentenceSpacing.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6548c3564d15f45a17d77d9530e3ed24d7318238
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/SentenceSpacing.yml
@@ -0,0 +1,14 @@
+---
+# Error: gitlab.SentenceSpacing
+#
+# Checks for incorrect spacing (no spaces, or more than one space) around punctuation.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use exactly one space between sentences and clauses. Check '%s' for spacing problems."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation
+level: error
+nonword: true
+tokens:
+ - '[a-z][.?!,][A-Z]'
+ - '[\w.?!,\(\)\-":] {2,}[\w.?!,\(\)\-":]'
diff --git a/chart/doc/.vale/gitlab_base/Simplicity.yml b/chart/doc/.vale/gitlab_base/Simplicity.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fd9b1c5e5a63369e06d1ac50df57bb85e05aa603
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Simplicity.yml
@@ -0,0 +1,18 @@
+---
+# Warning: gitlab.Simplicity
+#
+# Checks for words implying ease of use, to avoid cognitive dissonance for frustrated users.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Remove '%s'. Be precise instead of subjective."
+level: warning
+ignorecase: true
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+tokens:
+ - easy
+ - easily
+ - handy
+ - simple
+ - simply
+ - useful
diff --git a/chart/doc/.vale/gitlab_base/Spelling.yml b/chart/doc/.vale/gitlab_base/Spelling.yml
new file mode 100644
index 0000000000000000000000000000000000000000..459803d9d57134876151e002fa26cc89551b795b
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Spelling.yml
@@ -0,0 +1,16 @@
+---
+# Warning: gitlab.Spelling
+#
+# Checks for possible spelling mistakes in content, not code. Results from links using angle brackets (<https://example.com>) should be corrected.
+#
+# If a word is flagged as a spelling mistake incorrectly, such as a product name,
+# you can submit an MR to update `spelling-exceptions.txt` with the missing word.
+# Commands, like `git clone` must use backticks, and must not be added to the
+# exceptions.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: spelling
+message: "Check the spelling of '%s'. If the spelling is correct, ask a Technical Writer to add this word to the spelling exception list."
+level: warning
+ignore:
+ - gitlab_base/spelling-exceptions.txt
diff --git a/chart/doc/.vale/gitlab_base/SubstitutionWarning.yml b/chart/doc/.vale/gitlab_base/SubstitutionWarning.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4901c7576617bd470121df1d9047be49c4dbfdd5
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/SubstitutionWarning.yml
@@ -0,0 +1,77 @@
+---
+# Warning: gitlab.SubstitutionWarning
+#
+# Checks for misused terms or common shorthand that should not be used at GitLab, but can't be flagged as errors.
+# Substitutions.yml also exists.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use '%s' instead of '%s' when possible."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+level: warning
+ignorecase: true
+swap:
+ active user: "billable user"
+ active users: "billable users"
+ agnostic: "platform-independent' or 'vendor-neutral"
+ air(?:-| )?gapped: "offline environment"
+ bullet: "list item"
+ (?<!right-)click(?!-through): "select"
+ cancelled: "canceled"
+ cancelling: "canceling"
+ code base: "codebase"
+ config: "configuration"
+ confirmation box: "confirmation dialog"
+ confirmation dialog box: "confirmation dialog"
+ deselect: "clear"
+ deselected: "cleared"
+ dialog box: "dialog"
+ distro: "distribution"
+ docs: "documentation"
+ e-mail: "email"
+ emojis: "emoji"
+ ex: "for example"
+ file name: "filename"
+ filesystem: "file system"
+ fullscreen: "full screen"
+ info: "information"
+ installation from source: self-compiled installation
+ installations from source: self-compiled installations
+ it is recommended: "you should"
+ log in: "sign in"
+ log-in: "sign in"
+ logged in user: "authenticated user"
+ logged-in user: "authenticated user"
+ machine-learning: "machine learning"
+ modal dialog: "dialog"
+ modal window: "dialog"
+ modal: "dialog"
+ n/a: "not applicable"
+ navigate to: "go to"
+ normally: "usually' or 'typically"
+ normal: "typical' or 'standard"
+ OAuth2: "OAuth 2.0"
+ omnibus gitlab: "Linux package"
+ 'omnibus(?!\))': "Linux package"
+ once that: "after that"
+ once the: "after the"
+ once you: "after you"
+ open telemetry: "OpenTelemetry"
+ pack file: packfile
+ pack files: packfiles
+ pop-up window: "dialog"
+ pop-up: "dialog"
+ popup: "dialog"
+ repo: "repository"
+ signed in user: "authenticated user"
+ signed-in user: "authenticated user"
+ since: "because' or 'after"
+ source (?:install|installation): self-compiled installation
+ source (?:installs|installations): self-compiled installations
+ sub-group: "subgroup"
+ sub-groups: "subgroups"
+ timezone: "time zone"
+ utiliz(?:es?|ing): "use"
+ VSCode: "VS Code"
+ we recommend: "you should"
+ within: "in"
diff --git a/chart/doc/.vale/gitlab_base/Substitutions.yml b/chart/doc/.vale/gitlab_base/Substitutions.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4c48d5bfb45fb94e581eb9759eaef4f8cc27a96a
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Substitutions.yml
@@ -0,0 +1,69 @@
+---
+# Error: gitlab.Substitutions
+#
+# Checks for misused terms that should never be used at GitLab.
+# SubstitutionWarning.yml also exists.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use '%s' instead of '%s'."
+link: https://handbook.gitlab.com/handbook/communication/top-misused-terms/
+level: error
+ignorecase: true
+swap:
+ admin user: administrator
+ admin users: administrators
+ administrator permission: administrator access
+ administrator permissions: administrator access
+ administrator role: administrator access
+ at least the Owner role: the Owner role
+ can login: can log in
+ can log-in: can log in
+ can setup: can set up
+ can signin: can sign in
+ can sign-in: can sign in
+ codequality: code quality
+ Customer [Pp]ortal: Customers Portal
+ developer access: the Developer role
+ developer permission: the Developer role
+ developer permissions: the Developer role
+ disallow: prevent
+ frontmatter: front matter
+ GitLab self hosted: GitLab self-managed # https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#gitlab-self-managed
+ GitLab self-hosted: GitLab self-managed # https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#gitlab-self-managed
+ GitLabber: GitLab team member
+ GitLabbers: GitLab team members
+ GitLab-shell: GitLab Shell
+ gitlab omnibus: Linux package
+ golang: Go
+ guest access: the Guest role
+ guest permission: the Guest role
+ guest permissions: the Guest role
+ maintainer access: the Maintainer role
+ maintainer permission: the Maintainer role
+ maintainer permissions: the Maintainer role
+ owner access: the Owner role
+ owner permission: the Owner role
+ owner permissions: the Owner role
+ param: parameter
+ params: parameters
+ pg: PostgreSQL
+ 'postgres$': PostgreSQL
+ raketask: Rake task
+ raketasks: Rake tasks
+ rspec: RSpec
+ reporter access: the Reporter role
+ reporter permission: the Reporter role
+ reporter permissions: the Reporter role
+ rubocop: RuboCop
+ self hosted GitLab: GitLab self-managed # https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#gitlab-self-managed
+ self-hosted GitLab: GitLab self-managed # https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#gitlab-self-managed
+ styleguide: style guide
+ the administrator access level: administrator access
+ to login: to log in
+ to log-in: to log in
+ to setup: to set up
+ to signin: to sign in
+ to sign-in: to sign in
+ x509: X.509
+ yml: YAML
diff --git a/chart/doc/.vale/gitlab_base/ToDo.yml b/chart/doc/.vale/gitlab_base/ToDo.yml
new file mode 100644
index 0000000000000000000000000000000000000000..079f13baa28f2e28883fddd0b60bee54041210c4
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/ToDo.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.ToDo
+#
+# You should not use "To Do", unless it refers to the UI element.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "Use 'to-do item' in most cases, or 'Add a to do' if referring to the UI button."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#to-do-item
+level: warning
+ignorecase: false
+swap:
+ '[Tt]o [Dd]o [Ii]tems?': to-do item
+ '\w* [Aa] [Tt]o [Dd]o': Add a to do
diff --git a/chart/doc/.vale/gitlab_base/UnclearAntecedent.yml b/chart/doc/.vale/gitlab_base/UnclearAntecedent.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e5d43b6ab7da3a12c7dd3316cfee553c62b4a678
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/UnclearAntecedent.yml
@@ -0,0 +1,22 @@
+---
+# Warning: gitlab.UnclearAntecedent
+#
+# Checks for words that need a noun for clarity.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Instead of '%s', try starting this sentence with a specific subject and verb."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#this-these-that-those
+level: warning
+ignorecase: false
+tokens:
+ - 'That is'
+ - 'That was'
+ - 'These are'
+ - 'These were'
+ - 'There are'
+ - 'There were'
+ - 'This is'
+ - 'This was'
+ - 'Those are'
+ - 'Those were'
diff --git a/chart/doc/.vale/gitlab_base/Units.yml b/chart/doc/.vale/gitlab_base/Units.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5eb2d9551c29f0af5ddd49d874766a6bd3fb1e89
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Units.yml
@@ -0,0 +1,15 @@
+---
+# Warning: gitlab.Units
+#
+# Recommends a space between a number and a unit of measure.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Add a space between the number and the unit in '%s'."
+link: 'https://docs.gitlab.com/ee/development/documentation/styleguide/'
+nonword: true
+level: warning
+ignorecase: true
+tokens:
+ - \d+(?:B|kB|KiB|MB|MiB|GB|GiB|TB|TiB)
+ - \d+(?:ns|ms|μs|s|min|h|d)\b
diff --git a/chart/doc/.vale/gitlab_base/Uppercase.yml b/chart/doc/.vale/gitlab_base/Uppercase.yml
new file mode 100644
index 0000000000000000000000000000000000000000..99aae636d3d374fa1f9f97311e452df3d6c79050
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Uppercase.yml
@@ -0,0 +1,268 @@
+---
+# Suggestion: gitlab.Uppercase
+#
+# Checks for use of all uppercase letters with unknown reason.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: conditional
+message: "Instead of uppercase for '%s', use lowercase or backticks (`) if possible. Otherwise, ask a Technical Writer to add this word or acronym to the rule's exception list."
+link: https://docs.gitlab.com/ee/development/documentation/testing/vale.html#vale-uppercase-acronym-test
+level: suggestion
+ignorecase: false
+# Ensures that the existence of 'first' implies the existence of 'second'.
+first: '\b([A-Z]{3,5})\b'
+second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{3,5})\)'
+# ... with the exception of these:
+exceptions:
+ - ACL
+ - AJAX
+ - ALL
+ - AMI
+ - ANSI
+ - APAC
+ - API
+ - ARIA
+ - APM
+ - ARM
+ - ARN
+ - ASCII
+ - ASG
+ - AST
+ - AWS
+ - BETA
+ - BMP
+ - BSD
+ - CAS
+ - CDN
+ - CGI
+ - CIDR
+ - CLI
+ - CNA
+ - CNCF
+ - CORE
+ - CORS
+ - CPU
+ - CRAN
+ - CRIME
+ - CRM
+ - CRUD
+ - CSRF
+ - CSS
+ - CSV
+ - CTE
+ - CVE
+ - CVS
+ - CVSS
+ - CWE
+ - DAST
+ - DDL
+ - DHCP
+ - DML
+ - DNS
+ - DSN
+ - DOM
+ - DORA
+ - DSA
+ - DSL
+ - DUOPRO
+ - DUOENT
+ - DVCS
+ - DVD
+ - EBS
+ - ECDSA
+ - ECS
+ - EFS
+ - EKS
+ - ELB
+ - ENA
+ - EOL
+ - EWM
+ - EXIF
+ - FAQ
+ - FIDO
+ - FIFO
+ - FIPS
+ - FLAG
+ - FOSS
+ - FQDN
+ - FREE
+ - FTP
+ - GCP
+ - GDK
+ - GDPR
+ - GET
+ - GID
+ - GIF
+ - GKE
+ - GLEX
+ - GLFM
+ - GNU
+ - GPG
+ - GPL
+ - GPS
+ - GPT
+ - GPU
+ - GUI
+ - HAML
+ - HAR
+ - HDD
+ - HEAD
+ - HIPAA
+ - HLL
+ - HSTS
+ - HTML
+ - HTTP
+ - HTTPS
+ - IAM
+ - IANA
+ - IBM
+ - ICO
+ - IDE
+ - IID
+ - IIS
+ - IMAP
+ - IOPS
+ - IRC
+ - ISO
+ - JPEG
+ - JPG
+ - JSON
+ - JVM
+ - JWT
+ - KICS
+ - LAN
+ - LDAP
+ - LDAPS
+ - LESS
+ - LFS
+ - LRU
+ - LSIF
+ - LTM
+ - LTS
+ - LVM
+ - MIME
+ - MIT
+ - MITRE
+ - MVC
+ - NAS
+ - NAT
+ - NDA
+ - NFS
+ - NGINX
+ - NOTE
+ - NPM
+ - NTP
+ - OCI
+ - OIDC
+ - OKD
+ - OKR
+ - ONLY
+ - OSS
+ - OTP
+ - OWASP
+ - PAT
+ - PCI-DSS
+ - PDF
+ - PEM
+ - PEP
+ - PGP
+ - PHP
+ - PID
+ - PKCS
+ - PNG
+ - POSIX
+ - POST
+ - PROXY
+ - PUT
+ - QPS
+ - RAID
+ - RAM
+ - RBAC
+ - RDP
+ - RDS
+ - RDS
+ - REST
+ - RFC
+ - RHEL
+ - RPC
+ - RPM
+ - RPO
+ - RPS
+ - RSA
+ - RSS
+ - RTC
+ - RTO
+ - RVM
+ - SAAS
+ - SAML
+ - SAN
+ - SAST
+ - SATA
+ - SBOM
+ - SBT
+ - SCIM
+ - SCM
+ - SCP
+ - SCSS
+ - SDK
+ - SELF
+ - SEO
+ - SES
+ - SFTP
+ - SHA
+ - SKI
+ - SLA
+ - SLI
+ - SLO
+ - SMS
+ - SMTP
+ - SOAP
+ - SOC
+ - SOX
+ - SPDX
+ - SPDY
+ - SPF
+ - SQL
+ - SRE
+ - SSD
+ - SSG
+ - SSH
+ - SSL
+ - SSO
+ - STI
+ - SUSE
+ - SVG
+ - SVN
+ - TCP
+ - TIFF
+ - TIP
+ - TLD
+ - TLS
+ - TODO
+ - TOML
+ - TOTP
+ - TPS
+ - TTL
+ - UBI
+ - UDP
+ - UID
+ - UID
+ - UNIX
+ - URI
+ - URL
+ - USB
+ - UTC
+ - UTF
+ - UUID
+ - VCS
+ - VPC
+ - VPN
+ - WAF
+ - WEBP
+ - WIP
+ - WSL
+ - XML
+ - XSS
+ - YAML
+ - ZAP
+ - ZIP
diff --git a/chart/doc/.vale/gitlab_base/Wordy.yml b/chart/doc/.vale/gitlab_base/Wordy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9c472f66570abe629d1f0fce4f3fae8129646f8b
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Wordy.yml
@@ -0,0 +1,19 @@
+---
+# Suggestion: gitlab.Wordy
+#
+# Suggests shorter versions of wordy phrases.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: substitution
+message: "%s"
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
+level: suggestion
+ignorecase: true
+swap:
+ a number of: "Specify the number or remove the phrase."
+ as well as: "Use 'and' instead of 'as well as'."
+ note that: "Remove the phrase 'note that'."
+ please: "Use 'please' only if we've inconvenienced the user."
+ respectively: "Remove 'respectively' and list each option instead."
+ and so on: "Remove 'and so on'. Try to use 'like' and provide examples instead."
+ in order to: "Remove 'in order' and leave 'to'."
diff --git a/chart/doc/.vale/gitlab_base/Zip.yml b/chart/doc/.vale/gitlab_base/Zip.yml
new file mode 100644
index 0000000000000000000000000000000000000000..69ff980b822484016d74b5d451474f232bc0e685
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/Zip.yml
@@ -0,0 +1,15 @@
+---
+# Warning: gitlab.Zip
+#
+# Recommends all instances of something.zip be wrapped in backticks
+# due to the .zip top-level domain
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Wrap '%s' in backticks to prevent unintentional links to .zip domain names."
+link: 'https://docs.gitlab.com/ee/development/documentation/styleguide/index.md#backticks-in-markdown'
+nonword: true
+level: error
+ignorecase: true
+tokens:
+ - '\b\w*\.zip'
diff --git a/chart/doc/.vale/gitlab_base/spelling-exceptions.txt b/chart/doc/.vale/gitlab_base/spelling-exceptions.txt
new file mode 100644
index 0000000000000000000000000000000000000000..518de5248d5b78c81c63e42ddc2410d5e0056ae8
--- /dev/null
+++ b/chart/doc/.vale/gitlab_base/spelling-exceptions.txt
@@ -0,0 +1,1235 @@
+accessor
+accessors
+ACLs
+Adafruit
+Airbnb
+Airtable
+Akismet
+Alertmanager
+Algolia
+Alibaba
+aliuid
+Aliyun
+allowlist
+allowlisted
+allowlisting
+allowlists
+AlmaLinux
+AMIs
+anonymization
+anonymized
+Ansible
+Anthos
+Anycast
+apdex
+API
+APIs
+Apparmor
+Appetize
+approvers
+Appsec
+architected
+architecting
+archiver
+Arel
+arity
+Arkose
+armhf
+ARNs
+Artifactory
+Asana
+Asciidoctor
+asdf
+Assembla
+Astro
+async
+Atlassian
+auditability
+auditable
+Auth0
+authenticator
+Authy
+autocomplete
+autocompleted
+autocompletes
+autocompleting
+autogenerated
+autoloaded
+autoloader
+autoloading
+automatable
+autoscale
+autoscaled
+autoscaler
+autoscalers
+autoscales
+autoscaling
+autovacuum
+awardable
+awardables
+Axios
+Ayoa
+AZs
+Azure
+B-tree
+backfilling
+backfills
+backport
+backported
+backporting
+backports
+backtrace
+backtraced
+backtraces
+backtracing
+badging
+balancer
+balancer's
+Bamboo
+Bazel
+bcrypt
+Beamer
+Bhyve
+Bitbucket
+Bitnami
+Bittrex
+blockquote
+blockquoted
+blockquotes
+blockquoting
+boolean
+booleans
+Bootsnap
+bot
+bot's
+Bottlerocket
+browsable
+bugfix
+bugfixed
+bugfixes
+bugfixing
+Bugzilla
+Buildah
+Buildkite
+buildpack
+buildpacks
+bundler
+bundlers
+burndown
+burnup
+burstable
+CA
+cacheable
+Caddy
+callout
+callouts
+callstack
+callstacks
+camelCase
+camelCased
+Camo
+canonicalization
+canonicalized
+captcha
+CAPTCHAs
+Capybara
+Casdoor
+CDNs
+CE
+CentOS
+Ceph
+Certbot
+cgo
+cgroup
+cgroups
+chai
+changeset
+changesets
+ChaosKube
+chatbot
+chatbots
+ChatOps
+checksummable
+checksummed
+checksumming
+Chemlab
+chipset
+chipsets
+CIDRs
+Citrix
+Citus
+Civo
+Cleartext
+ClickHouse
+CLIs
+Clojars
+clonable
+Cloudwatch
+clusterized
+CMake
+CMK
+CMKs
+CNAs
+CNs
+Cobertura
+Codeception
+Codecov
+codenames
+Codepen
+CodeSandbox
+Codey
+Cognito
+Coinbase
+colocate
+colocated
+colocating
+commit's
+CommonMark
+compilable
+composable
+composables
+Conda
+config
+Configs
+Consul
+Contentful
+Corosync
+corpuses
+Cosign
+Coursier
+CPU
+CPUs
+CRAN
+CRI-O
+cron
+crond
+cronjob
+cronjobs
+crons
+crontab
+crontabs
+crosslinked
+crosslinking
+crosslinks
+Crossplane
+Crowdin
+crypto
+CSSComb
+CSV
+CSVs
+CTAs
+CTEs
+CUnit
+customappsso
+CVEs
+CWEs
+cybersecurity
+CycloneDX
+Dangerfile
+DAST
+Database Lab Engine
+Database Lab
+Databricks
+Datadog
+datasource
+datasources
+datastore
+datastores
+datestamp
+datetime
+DBeaver
+Debian
+debloating
+decodable
+Decompressor
+decryptable
+dedupe
+deduplicate
+deduplicated
+deduplicates
+deduplicating
+deduplication
+delegators
+deliverables
+denormalization
+denormalize
+denormalized
+denormalizes
+denormalizing
+dentry
+denylist
+denylisted
+denylisting
+denylists
+Depesz
+deployer
+deployers
+deprovision
+deprovisioned
+deprovisioning
+deprovisions
+dequarantine
+dequarantined
+dequarantining
+deserialization
+deserialize
+deserializers
+deserializes
+desugar
+desugars
+desynchronized
+Dev
+devfile
+devfiles
+DevOps
+Dhall
+dialogs
+Diffblue
+disambiguates
+discoverability
+dismissable
+Disqus
+Distroless
+Divio
+DLE
+DNs
+Docker
+Dockerfile
+Dockerfiles
+Dockerize
+Dockerized
+Dockerizing
+Docusaurus
+dogfood
+dogfooding
+dogfoods
+DOMPurify
+dotenv
+doublestar
+downvoted
+downvotes
+Dpl
+dput
+Dreamweaver
+DRIs
+DSLs
+DSN
+Dynatrace
+Ecto
+eden
+EGit
+ElastiCache
+Elasticsearch
+Eleventy
+enablement
+Encrypt
+enqueued
+enqueues
+enricher
+enrichers
+enum
+enums
+Enviroments
+ESLint
+ESXi
+ETag
+ETags
+Etsy
+Excon
+exfiltrate
+exfiltration
+ExifTool
+expirable
+Facebook
+failover
+failovers
+failsafe
+Falco
+falsy
+Fanout
+Fargate
+fastlane
+Fastly
+Fastzip
+favicon
+favorited
+Fediverse
+ffaker
+Figma
+Filebeat
+Filestore
+Finicity
+Finnhub
+Fio
+firewalled
+firewalling
+fixup
+flamegraph
+flamegraphs
+Flawfinder
+Flickr
+Fluentd
+Flutterwave
+Flycheck
+focusable
+Forgerock
+formatters
+Fortanix
+Fortinet
+FQDNs
+FreshBooks
+frontend
+Fugit
+Fulcio
+fuzzer
+fuzzing
+Gantt
+Gbps
+Gemfile
+Gemnasium
+Gemojione
+Getter
+Getters
+gettext
+GIDs
+gists
+Git
+Gitaly
+Gitea
+GitHub
+GitLab
+gitlabsos
+Gitleaks
+Gitpod
+Gitter
+GLab
+globals
+globbing
+globstar
+globstars
+Gmail
+Godep
+Golang
+Gollum
+Google
+goroutine
+goroutines
+Gosec
+GPUs
+Gradle
+Grafana
+Grafonnet
+gravatar
+Grype
+GUIs
+Gzip
+Hackathon
+Haml
+HAProxy
+HAR
+hardcode
+hardcoded
+hardcodes
+HashiCorp
+Haswell
+heatmap
+heatmaps
+Helm
+Helmfile
+Heroku
+Herokuish
+heuristical
+hexdigest
+Hexo
+HipChat
+hostname
+hostnames
+hotfix
+hotfixed
+hotfixes
+hotfixing
+hotspots
+HTMLHint
+http
+https
+hyperparameter
+hyperparameters
+iCalendar
+iCloud
+idempotence
+idmapper
+Iglu
+IIFEs
+Immer
+inclusivity
+inflector
+inflectors
+Ingress
+initializer
+initializers
+injective
+innersource
+innersourcing
+inodes
+Instrumentor
+interdependencies
+interdependency
+interruptible
+inviter
+IPs
+IPython
+irker
+issuables
+Istio
+Jaeger
+jasmine-jquery
+Javafuzz
+JavaScript
+Jenkins
+Jenkinsfile
+Jira
+Jitsu
+jq
+jQuery
+JRuby
+JSDoc
+jsdom
+Jsonnet
+JUnit
+JupyterHub
+JWT
+JWTs
+Kaminari
+kanban
+kanbans
+kaniko
+Karma
+KCachegrind
+Kerberos
+Keycloak
+keyless
+keyset
+keyspace
+keystore
+keytab
+keytabs
+Kibana
+Kinesis
+Klar
+Knative
+KPIs
+Kramdown
+Kroki
+kubeconfig
+Kubecost
+kubectl
+Kubernetes
+Kubesec
+Kucoin
+Kustomize
+Kustomization
+kwargs
+Laravel
+LaunchDarkly
+ldapsearch
+Lefthook
+Leiningen
+Lemmy
+LLM
+LLMs
+libFuzzer
+Libgcrypt
+Libravatar
+liveness
+lockfile
+lockfiles
+Lodash
+Lograge
+logrotate
+Logrus
+Logstash
+lookahead
+lookaheads
+lookbehind
+lookbehinds
+Lookbook
+lookups
+loopback
+LSP
+Lua
+Lucene
+Lucidchart
+macOS
+Mailchimp
+Maildir
+Mailgun
+Mailroom
+Makefile
+Makefiles
+malloc
+Maniphest
+Markdown
+markdownlint
+Marketo
+matcher
+matchers
+Matomo
+Mattermost
+mbox
+memoization
+memoize
+memoized
+memoizes
+memoizing
+Memorystore
+mergeability
+mergeable
+metaprogramming
+metric's
+microformat
+Microsoft
+middleware
+middlewares
+migratable
+migratus
+minikube
+MinIO
+misconfiguration
+misconfigurations
+misconfigure
+misconfigured
+misconfigures
+misconfiguring
+mitigations
+mitmproxy
+mixin
+mixins
+MLflow
+Mmap
+mockup
+mockups
+ModSecurity
+Monokai
+monorepo
+monorepos
+monospace
+MRs
+MSBuild
+multiline
+mutex
+nameserver
+nameservers
+namespace
+namespace's
+namespaced
+namespaces
+namespacing
+namespacings
+Nanoc
+NAT
+navigations
+negatable
+Neovim
+Netlify
+NGINX
+ngrok
+njsscan
+Nokogiri
+nosniff
+noteable
+noteables
+npm
+NuGet
+nullability
+nullable
+Nurtch
+NVMe
+nyc
+OAuth
+OCP
+Octokit
+offboarded
+offboarding
+offboards
+OIDs
+OKRs
+OKRs
+Okta
+OLM
+OmniAuth
+onboarding
+OpenID
+OpenShift
+OpenTelemetry
+Opsgenie
+Opstrace
+ORMs
+OS
+osquery
+OSs
+OTel
+outdent
+Overcommit
+Packagist
+packfile
+packfiles
+Packwerk
+paginator
+parallelization
+parallelizations
+parsable
+PascalCase
+PascalCased
+passthrough
+passthroughs
+passwordless
+Patroni
+PDFs
+performant
+PgBouncer
+pgFormatter
+pgLoader
+pgMustard
+pgvector
+Phabricator
+phaser
+phasers
+phpenv
+Phorge
+PHPUnit
+PIDs
+pipenv
+Pipfile
+Pipfiles
+Piwik
+plaintext
+podman
+Poedit
+polyfill
+polyfills
+pooler
+postfixed
+Postgres
+postgres.ai
+PostgreSQL
+Praefect's
+prebuild
+prebuilds
+precompile
+precompiled
+preconfigure
+preconfigured
+preconfigures
+prefetch
+prefetching
+prefill
+prefilled
+prefilling
+prefills
+preload
+preloaded
+preloading
+preloads
+prepend
+prepended
+prepending
+prepends
+prepopulate
+prepopulated
+presentationals
+Prettifier
+Pritaly
+Priyanka
+profiler
+Prometheus
+ProseMirror
+protobuf
+protobufs
+proxied
+proxies
+proxyable
+proxying
+pseudocode
+pseudonymization
+pseudonymized
+pseudonymizer
+Pulumi
+Puma
+Pumble
+PyPI
+pytest
+Python
+Qualys
+queryable
+Quicktime
+Rackspace
+railties
+Raspbian
+rbenv
+rbspy
+rbtrace
+Rclone
+Rdoc
+reachability
+Realplayer
+reauthenticate
+reauthenticated
+reauthenticates
+reauthenticating
+rebalancing
+rebar
+rebase
+rebased
+rebases
+rebasing
+rebinding
+reCAPTCHA
+recoverability
+Redcarpet
+redirection
+redirections
+Redis
+Redmine
+refactorings
+referer
+referers
+reflog
+reflogs
+refname
+refspec
+refspecs
+regexes
+Rego
+reimplementation
+reimplemented
+reindex
+reindexed
+reindexes
+reindexing
+reinitialize
+reinitializing
+Rekor
+relicensing
+remediations
+renderers
+renderless
+replicables
+repmgr
+repmgrd
+reposts
+repurposing
+requestee
+requesters
+requeue
+requeued
+requeues
+requeuing
+resolver
+resolver's
+Restlet
+resync
+resynced
+resyncing
+resyncs
+retarget
+retargeted
+retargeting
+retargets
+reusability
+reverified
+reverifies
+reverify
+reviewee
+RIs
+roadmap
+roadmaps
+rock
+rollout
+rollouts
+routable
+RPCs
+RSpec
+rsync
+rsynced
+rsyncing
+rsyncs
+Rubinius
+Rubix
+RuboCop
+Rubular
+RubyGems
+Rugged
+ruleset
+rulesets
+runbook
+runbooks
+runit
+runtime
+runtimes
+Salesforce
+sandboxing
+sanitization
+SBOMs
+sbt
+SBT
+scalar's
+scalers
+scatterplot
+scatterplots
+schedulable
+Schemastore
+scriptable
+scrollable
+SDKs
+segmentations
+SELinux
+Semgrep
+Sendbird
+Sendinblue
+Sendmail
+Sentry
+serializer
+serializers
+serializing
+serverless
+setuptools
+severities
+SFCs
+sharded
+sharding
+SHAs
+shfmt
+Shippo
+Shopify
+Sidekiq
+Sigstore
+Silverlight
+Sisense
+Sitespeed
+skippable
+skopeo
+Slack
+Slackbot
+SLAs
+SLIs
+Slony
+SLOs
+smartcard
+smartcards
+snake_case
+snake_cased
+Snapcraft
+snapshotting
+Snowplow
+Snyk
+Sobelow
+Solargraph
+Solarized
+Sourcegraph
+Spamcheck
+spammable
+sparkline
+sparklines
+Speedscope
+spidering
+Splunk
+SpotBugs
+Squarespace
+SREs
+SSDs
+SSGs
+Stackdriver
+Stackprof
+stageless
+starrer
+starrers
+storable
+storages
+strace
+strikethrough
+strikethroughs
+stunnel
+stylelint
+subchart
+subcharts
+subcommand
+subcommands
+subcomponent
+subfolder
+subfolders
+subgraph
+subgraphs
+subgroup
+subgroups
+subkey
+subkeys
+sublicense
+sublicensed
+sublicenses
+sublicensing
+submodule
+submodule's
+subnet
+subnets
+subnetting
+subpath
+subproject
+subprojects
+subqueried
+subqueries
+subquery
+subquerying
+Subreddit
+substring
+substrings
+subtask
+subtasks
+subtest
+subtests
+subtransaction
+subtransactions
+subtree
+subtrees
+sudo
+sunsetting
+supercookie
+supercookies
+supergroup
+supergroups
+superset
+supersets
+supertype
+supertypes
+SVGs
+swappiness
+swimlane
+swimlanes
+syncable
+Sysbench
+syscall
+syscalls
+syslog
+systemd
+tablespace
+tablespaces
+Tamland
+tanuki
+taskscaler
+tcpdump
+teardown
+templated
+Thanos
+thoughtbot
+throughputs
+Tiller
+timebox
+timeboxed
+timeboxes
+timeboxing
+timecop
+timelog
+timelogs
+Tiptap
+todos
+tokenizer
+Tokenizers
+tokenizing
+tolerations
+toolchain
+toolchains
+toolkit
+toolkits
+toolset
+tooltip
+tooltips
+transactionally
+transpile
+transpiled
+transpiles
+transpiling
+Trello
+Trendline
+triaged
+triages
+triaging
+Trivy
+Truststore
+truthy
+Twilio
+Twitter
+Typeform
+TypeScript
+TZInfo
+Ubuntu
+Udemy
+UI
+UIDs
+unapplied
+unapprove
+unapproved
+unapproving
+unarchive
+unarchived
+unarchives
+unarchiving
+unary
+unassign
+unassigning
+unassigns
+unban
+unbans
+uncached
+uncheck
+unchecked
+unchecking
+unchecks
+uncomment
+uncommented
+uncommenting
+uncordon
+underperforming
+unencode
+unencoded
+unencoder
+unencodes
+unencrypted
+unescaped
+unfollow
+unfollowed
+unfollows
+Unicorn
+unindexed
+unlink
+unlinking
+unlinks
+unmappable
+unmapped
+unmergeable
+unmerged
+unmerges
+unmerging
+unmocked
+unoptimize
+unoptimized
+unoptimizes
+unoptimizing
+unparsable
+unpatched
+unpause
+unprioritized
+unprotect
+unprotected
+unprotecting
+unprotects
+unprovision
+unprovisioned
+unprovisions
+unpublish
+unpublished
+unpublishes
+unpublishing
+unpullable
+unpushed
+unreferenced
+unregister
+unregistered
+unregisters
+unreplicated
+unresolve
+unresolved
+unresolving
+unreviewed
+unrevoke
+unsanitized
+unschedule
+unscoped
+unsetting
+unshare
+unshared
+unshares
+unstage
+unstaged
+unstages
+unstaging
+unstar
+unstars
+unstarted
+unstash
+unstashed
+unstashing
+unsynced
+unsynchronized
+untarred
+untracked
+untrusted
+unverified
+unverifies
+unverify
+unverifying
+uploader
+uploaders
+upstreams
+upvote
+upvoted
+upvotes
+urgencies
+URIs
+URL
+UUIDs
+Vagrantfile
+validator
+validators
+vCPUs
+vendored
+vendoring
+versionless
+viewport
+viewports
+virtualized
+virtualizing
+Vite
+VMs
+VPCs
+VSCodium
+Vue
+Vuex
+waitlist
+walkthrough
+walkthroughs
+WebdriverIO
+Webex
+webpack
+WEBrick
+webserver
+Webservice
+websocket
+websockets
+whitepaper
+whitepapers
+wireframe
+wireframed
+wireframes
+wireframing
+Wireshark
+Wordpress
+Workato
+workstream
+worktree
+worktrees
+Worldline
+Xcode
+Xeon
+XPath
+Yandex
+YouTrack
+ytt
+Yubico
+Zabbix
+ZAProxy
+Zeitwerk
+Zendesk
+ZenTao
+Zoekt
+zsh
+Zstandard
+Zuora
diff --git a/chart/doc/.vale/gitlab_docs/AlertBoxStyle.yml b/chart/doc/.vale/gitlab_docs/AlertBoxStyle.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5d796cafe4922f6ec0649893ea2f77588f7fc863
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/AlertBoxStyle.yml
@@ -0,0 +1,20 @@
+---
+# Error: gitlab.AlertBoxStyle
+#
+# Makes sure alert boxes are used with block quotes. Checks for 3 formatting issues:
+#
+# - Alert boxes inside a block quote ('>')
+# - Alert boxes with the note text on the same line
+# - Alert boxes using words other than 'NOTE' or 'WARNING'
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Update the format of the '%s' alert box. View the style guide for details."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#alert-boxes
+level: error
+nonword: true
+scope: raw
+tokens:
+ - '^ *> *(NOTE|WARNING)'
+ - '(?<=\n\n)(NOTE|WARNING):[^\n]+\n'
+ - '(?<=\n\n) *(> )?\**([Nn]ote|TIP|[Tt]ip|CAUTION|[Cc]aution|DANGER|[Dd]anger|[Ww]arning):.*'
diff --git a/chart/doc/.vale/gitlab_docs/Badges-Offerings.yml b/chart/doc/.vale/gitlab_docs/Badges-Offerings.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4a70abc5617a2a89a10a0577ddfd40b9a9c0afc6
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/Badges-Offerings.yml
@@ -0,0 +1,13 @@
+# Warning: gitlab.Badges-Offerings
+#
+# Tests the offering information in the tier badges that appear below topic titles.
+#
+# For a list of all options, see https://docs.gitlab.com/ee/development/documentation/styleguide/#available-product-tier-badges
+extends: existence
+message: "Offerings should be comma-separated, without `and`, and must be capitalized. Example: `GitLab.com, Self-managed, GitLab Dedicated`."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/#available-product-tier-badges
+level: error
+nonword: true
+scope: raw
+tokens:
+ - ^\*\*Offering:\*\* (Dedicated|[^\n]*(SaaS|self-managed|Self-Managed|GitLab dedicated|and|GitLab Dedicated,|, GitLab\.com|, Dedicated))
diff --git a/chart/doc/.vale/gitlab_docs/Badges-Tiers.yml b/chart/doc/.vale/gitlab_docs/Badges-Tiers.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d9e6a5991addad579f5e5a8ded1c98140a65889c
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/Badges-Tiers.yml
@@ -0,0 +1,13 @@
+# Warning: gitlab.Badges-Tiers
+#
+# Tests the tier information in the tier badges that appear below topic titles.
+#
+# For a list of all options, see https://docs.gitlab.com/ee/development/documentation/styleguide/#available-product-tier-badges
+extends: existence
+message: "Tiers should be capitalized, comma-separated, and ordered lowest to highest."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/#available-product-tier-badges
+level: error
+nonword: true
+scope: raw
+tokens:
+- ^\*\*Tier:\*\*.*(free|premium|ultimate|, Free|Ultimate,)
diff --git a/chart/doc/.vale/gitlab_docs/HistoryItems.yml b/chart/doc/.vale/gitlab_docs/HistoryItems.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f9d31a4e27315092daf890e124a3a80d555f1e04
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/HistoryItems.yml
@@ -0,0 +1,14 @@
+---
+# Warning: gitlab.HistoryItems
+#
+# Ensures history items are properly formatted.
+#
+extends: existence
+message: "History items must always start with '> -', one item per line, even if there is only one item."
+link: https://docs.gitlab.com/ee/development/documentation/versions.html#add-a-version-history-item
+level: error
+nonword: true
+scope: raw
+tokens:
+ - '(?<=^#+[^\n]*\n\n)> [^-]'
+ - '^> - [^\n]*\n[^\n>`]'
diff --git a/chart/doc/.vale/gitlab_docs/HistoryItemsOrder.yml b/chart/doc/.vale/gitlab_docs/HistoryItemsOrder.yml
new file mode 100644
index 0000000000000000000000000000000000000000..353c61bcfd6ee896bd544af1d58084235b7fbe78
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/HistoryItemsOrder.yml
@@ -0,0 +1,13 @@
+---
+# Warning: gitlab.HistoryItemsOrder
+#
+# Ensures history items come before the Details block.
+#
+extends: existence
+message: "History items must follow the tier, offering, or status details."
+link: https://docs.gitlab.com/ee/development/documentation/versions.html#add-a-version-history-item
+level: error
+nonword: true
+scope: raw
+tokens:
+ - '^\>[^\n]*\n\nDETAILS'
diff --git a/chart/doc/.vale/gitlab_docs/InternalLinkCase.yml b/chart/doc/.vale/gitlab_docs/InternalLinkCase.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fded735812ae6473a310292d64d2f6a3bbc22809
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/InternalLinkCase.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.InternalLinkCase
+#
+# Checks that anchor fragments on internal links are in lower-case.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use lowercase for the anchor link."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#anchor-links
+level: error
+scope: raw
+raw:
+ - '[^\`]\[[^\[\]]+\]\((https?:){0}[\w\/\.]*?#[^\s]*?[A-Z][^\) ]*\)[^\`]'
diff --git a/chart/doc/.vale/gitlab_docs/InternalLinkExtension.yml b/chart/doc/.vale/gitlab_docs/InternalLinkExtension.yml
new file mode 100644
index 0000000000000000000000000000000000000000..364263f90c8c0daf76dc6075e761482df0805b23
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/InternalLinkExtension.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.InternalLinkExtension
+#
+# Checks that internal links have .md extenstion and not .html extension.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Link to a file and use the .md file extension instead of .html."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '\[[^\]]+\]\([^:\)]+(\/(#[^\)]+)?\)|\.html(#.+)?\))'
diff --git a/chart/doc/.vale/gitlab_docs/InternalLinkFormat.yml b/chart/doc/.vale/gitlab_docs/InternalLinkFormat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fe8fae0558cea3609ebf0ad5febc46289b511442
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/InternalLinkFormat.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.InternalLinkFormat
+#
+# Checks that internal link paths don't start with '/' or './'.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Edit the link so it does not start with '/' or './'."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '\[[^\]]+\]\(\.?\/(?!uploads|documentation).*?\)'
diff --git a/chart/doc/.vale/gitlab_docs/InternalLinksCode.yml b/chart/doc/.vale/gitlab_docs/InternalLinksCode.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cf2e6c263f5cd0830cfa22615ab764771fe31d25
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/InternalLinksCode.yml
@@ -0,0 +1,12 @@
+# Error: gitlab.InternalLinksCode
+#
+# Checks that internal links don't link to files outside the docs directory
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use full URLs for files outside the docs directory."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '\[[^\]]*\]\([\.\/]*(ee|app|bin|config|db|data|fixtures|gems|lib|locale|qa|scripts|spec)\/'
diff --git a/chart/doc/.vale/gitlab_docs/ReferenceLinks.yml b/chart/doc/.vale/gitlab_docs/ReferenceLinks.yml
new file mode 100644
index 0000000000000000000000000000000000000000..77e8438d4a2ffaade6b54a9b76b60bb0bae4cb50
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/ReferenceLinks.yml
@@ -0,0 +1,14 @@
+---
+# Error: gitlab.ReferenceLinks
+#
+# Checks for reference-style links that should be converted to inline links.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Put this link inline with the rest of the text."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+nonword: true
+scope: raw
+tokens:
+ - '^\[[^\]]*\]: .*'
diff --git a/chart/doc/.vale/gitlab_docs/RelativeLinks.yml b/chart/doc/.vale/gitlab_docs/RelativeLinks.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c2ec32f1d22d85f01fd358f69302ff7a946c9e95
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/RelativeLinks.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.RelativeLinks
+#
+# Checks for the presence of absolute hyperlinks that should be relative.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Use a relative link instead of a URL, and ensure the file name ends in .md and not .html."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '\[[^\]]+\]\(https?:\/\/docs\.gitlab\.com\/charts.*\)'
diff --git a/chart/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml b/chart/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5b22363aa5ef010633ee089299079487835c22e7
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.RelativeLinksDoubleSlashes
+#
+# Checks for the presence of double slashes in relative URLs.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Do not use double slashes '//' or '../doc' in the link path"
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links
+level: error
+scope: raw
+raw:
+ - '(\.//)|(\.\.\/doc\/)'
diff --git a/chart/doc/.vale/gitlab_docs/TabsLinks.yml b/chart/doc/.vale/gitlab_docs/TabsLinks.yml
new file mode 100644
index 0000000000000000000000000000000000000000..97f75046fca1a27409fe15206b9403389da68287
--- /dev/null
+++ b/chart/doc/.vale/gitlab_docs/TabsLinks.yml
@@ -0,0 +1,13 @@
+---
+# Error: gitlab.TabsLinks
+#
+# Checks for the presence of links to individual GitLab UI tabs.
+#
+# For a list of all options, see https://vale.sh/docs/topics/styles/
+extends: existence
+message: "Do not include tabs query parameters in links."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#tabs
+level: error
+scope: raw
+raw:
+ - '\[[^\]]+\]\(.*?\.md\?tab=.*?\)'
diff --git a/chart/doc/advanced/external-db/external-omnibus-psql.md b/chart/doc/advanced/external-db/external-omnibus-psql.md
index f1e25de3611dc18f577b2b9d24afb246003c557f..27a74e6d7f93c2f3c6e1b4bb541c917055eeeccc 100644
--- a/chart/doc/advanced/external-db/external-omnibus-psql.md
+++ b/chart/doc/advanced/external-db/external-omnibus-psql.md
@@ -23,7 +23,7 @@ Follow the installation instructions for the [Linux package](https://about.gitla
Create a minimal `gitlab.rb` file to be placed at `/etc/gitlab/gitlab.rb`. Be very explicit about what is enabled on this node, use the contents below.
-*Note*: This example is not intended to provide [PostgreSQL for scaling](https://docs.gitlab.com/ee/administration/postgresql/index.html).
+_Note_: This example is not intended to provide [PostgreSQL for scaling](https://docs.gitlab.com/ee/administration/postgresql/index.html).
_**NOTE**: The values below should be replaced_
@@ -60,6 +60,7 @@ gitlab_workhorse['enable'] = false
nginx['enable'] = false
prometheus_monitoring['enable'] = false
redis['enable'] = false
+gitlab_kas['enable'] = false
```
After creating `gitlab.rb`, we'll reconfigure the package with `gitlab-ctl reconfigure`. Once the task has completed, check the running processes with `gitlab-ctl status`. The output should appear as such:
diff --git a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
index 62b8c21a9288a4c571b3f7e9270b431e9476b6a0..0f5570864565c9f5ab8547506aa5ef983e5de047 100644
--- a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
+++ b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
@@ -24,7 +24,7 @@ the Linux package installation, **_do not_** provide the `EXTERNAL_URL=` value.
## Configure Linux package installation
Create a minimal `gitlab.rb` file to be placed at `/etc/gitlab/gitlab.rb`. Be
-*very* explicit about what's enabled on this node, using the following contents
+_very_ explicit about what's enabled on this node, using the following contents
based on the documentation for
[running Gitaly on its own server](https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#run-gitaly-on-its-own-server).
diff --git a/chart/doc/advanced/external-object-storage/aws-iam-roles.md b/chart/doc/advanced/external-object-storage/aws-iam-roles.md
index 8a82427d9b78dd0939dd87ec15523e40caee0eaf..be4a101f9f2121be6a027b7358d36c6878e4029b 100644
--- a/chart/doc/advanced/external-object-storage/aws-iam-roles.md
+++ b/chart/doc/advanced/external-object-storage/aws-iam-roles.md
@@ -137,7 +137,7 @@ gitlab:
#### Using chart-owned service accounts
-The `eks.amazonaws.com/role-arn` annotation can be applied to _all_ ServiceAccounts
+The `eks.amazonaws.com/role-arn` annotation can be applied to *all* ServiceAccounts
created by GitLab owned charts by configuring `global.serviceAccount.annotations`.
```yaml
diff --git a/chart/doc/advanced/external-redis/index.md b/chart/doc/advanced/external-redis/index.md
index e237d61f49b9354a3a95326f1d6e6623a4524e31..04ed22830afa5ecf4863e93b425006c03b1e55da 100644
--- a/chart/doc/advanced/external-redis/index.md
+++ b/chart/doc/advanced/external-redis/index.md
@@ -136,9 +136,13 @@ The flip side of the flexibility of `redisYmlOverride` is that it is less user f
## Troubleshooting
+<!-- markdownlint-disable line-length -->
+
### `ERR Error running script (call to f_5962bd591b624c0e0afce6631ff54e7e4402ebd8): @user_script:7: ERR syntax error`
You might see this error in the logs of `webservice` and `sidekiq` pods if you use external Redis 5 with Helm chart 7.2 or later. Redis 5
[is not supported](https://docs.gitlab.com/ee/install/requirements.html#redis).
To fix it, upgrade your external Redis instance to 6.x or later.
+
+<!-- markdownlint-enable line-length -->
diff --git a/chart/doc/advanced/ubi/index.md b/chart/doc/advanced/ubi/index.md
index 3e46cfbac06f5a902b9cbda36e9fbccb871a168b..f7f8c3a351c1e1aa23f1f56019ba1b6dd9297de2 100644
--- a/chart/doc/advanced/ubi/index.md
+++ b/chart/doc/advanced/ubi/index.md
@@ -8,7 +8,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
GitLab offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image)
versions of its images, allowing you to replace standard images with UBI-based
-images. These images use the same tag as standard images with `-ubi9` extension.
+images. These images use the same tag as standard images with `-ubi` extension.
+
+NOTE:
+The UBI-based images prior to GitLab 17.3 use the `-ubi8` extension.
The GitLab chart uses third-party images that are not based on UBI. These images
are mostly offer external services to GitLab, such as Redis, PostgreSQL, and so on.
diff --git a/chart/doc/charts/gitlab/gitaly/index.md b/chart/doc/charts/gitlab/gitaly/index.md
index f785497e3c9a6013eb4a2d6cd9c51a1b6a29c6be..69e393559cc48a128dd291eba453bea79e4b296b 100644
--- a/chart/doc/charts/gitlab/gitaly/index.md
+++ b/chart/doc/charts/gitlab/gitaly/index.md
@@ -78,7 +78,7 @@ the `helm install` command using the `--set` flags.
| `containerSecurityContext` | | Override container [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) under which the Gitaly container is started |
| `containerSecurityContext.runAsUser` | `1000` | Allow to overwrite the specific security context under which the Gitaly container is started |
| `tolerations` | `[]` | Toleration labels for pod assignment |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `persistence.accessMode` | `ReadWriteOnce` | Gitaly persistence access mode |
| `persistence.annotations` | | Gitaly persistence annotations |
| `persistence.enabled` | `true` | Gitaly enable persistence flag |
@@ -130,8 +130,8 @@ the `helm install` command using the `--set` flags.
| `cgroups.initContainer.image.repository` | `registry.com/gitlab-org/build/cng/gitaly-init-cgroups` | Gitaly image repository |
| `cgroups.initContainer.image.tag` | `master` | Gitaly image tag |
| `cgroups.initContainer.image.pullPolicy` | `IfNotPresent` | Gitaly image pull policy |
-| `cgroups.mountpoint` |`/etc/gitlab-secrets/gitaly-pod-cgroup` | Where the parent cgroup directory is mounted.|
-| `cgroups.hierarchyRoot` |`gitaly` | Parent cgroup under which Gitaly creates groups, and is expected to be owned by the user and group Gitaly runs as.|
+| `cgroups.mountpoint` | `/etc/gitlab-secrets/gitaly-pod-cgroup` | Where the parent cgroup directory is mounted.|
+| `cgroups.hierarchyRoot` | `gitaly` | Parent cgroup under which Gitaly creates groups, and is expected to be owned by the user and group Gitaly runs as.|
| `cgroups.memoryBytes` | | The total memory limit that is imposed collectively on all Git processes that Gitaly spawns. 0 implies no limit.|
| `cgroups.cpuShares` | | The CPU limit that is imposed collectively on all Git processes that Gitaly spawns. 0 implies no limit. The maximum is 1024 shares, which represents 100% of CPU. |
| `cgroups.cpuQuotaUs` | | Used to throttle the cgroups’ processes if they exceed this quota value. We set cpuQuotaUs to 100ms so 1 core is 100000. 0 implies no limit. |
@@ -139,6 +139,7 @@ the `helm install` command using the `--set` flags.
| `cgroups.repositories.memoryBytes` | | The total memory limit imposed on all Git processes contained in a repository cgroup. 0 implies no limit. This value cannot exceed that of the top level memoryBytes. |
| `cgroups.repositories.cpuShares` | | The CPU limit that is imposed on all Git processes contained in a repository cgroup. 0 implies no limit. The maximum is 1024 shares, which represents 100% of CPU. This value cannot exceed that of the top level cpuShares. |
| `cgroups.repositories.cpuQuotaUs` | | The cpuQuotaUs that is imposed on all Git processes contained in a repository cgroup. A Git process can’t use more then the given quota. We set cpuQuotaUs to 100ms so 1 core is 100000. 0 implies no limit. |
+| `gracefulRestartTimeout` | `25` | Gitaly shutdown grace period, how long to wait for in-flight requests to complete (seconds). Pod `terminationGracePeriodSeconds` is set to this value + 5 seconds. |
## Chart configuration examples
@@ -228,37 +229,7 @@ tolerations:
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
### annotations
diff --git a/chart/doc/charts/gitlab/gitlab-exporter/index.md b/chart/doc/charts/gitlab/gitlab-exporter/index.md
index 77e09e98fce3ba117744bcfd8eaff6498cf34b86..79c4adbdac217a5fc0b387460e3a20a0e73f89c6 100644
--- a/chart/doc/charts/gitlab/gitlab-exporter/index.md
+++ b/chart/doc/charts/gitlab/gitlab-exporter/index.md
@@ -34,7 +34,7 @@ to the `helm install` command using the `--set` flags.
| Parameter | Default | Description |
| ----------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | | Pod annotations |
| `common.labels` | `{}` | Supplemental labels that are applied to all objects created by this chart. |
| `podLabels` | | Supplemental Pod labels. Will not be used for selectors. |
@@ -148,37 +148,7 @@ image:
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
### annotations
diff --git a/chart/doc/charts/gitlab/gitlab-pages/index.md b/chart/doc/charts/gitlab/gitlab-pages/index.md
index d378192791cebe0d6b6c04a54a7eab4defd0fec0..a83ab22d2a4cd6d83835ca5da067b5b4f6e2fdc4 100644
--- a/chart/doc/charts/gitlab/gitlab-pages/index.md
+++ b/chart/doc/charts/gitlab/gitlab-pages/index.md
@@ -39,7 +39,7 @@ configurations that can be supplied to the `helm install` command using the
| Parameter | Default | Description |
| ----------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | | Pod annotations |
| `common.labels` | `{}` | Supplemental labels that are applied to all objects created by this chart. |
| `deployment.strategy` | `{}` | Allows one to configure the update strategy used by the deployment. When not provided, the cluster default is used. |
@@ -148,14 +148,15 @@ configurations that can be supplied to the `helm install` command using the
| `zipCache.refresh` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
| `zipOpenTimeout` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
| `zipHTTPClientTimeout` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) |
-| `rateLimitSourceIP` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_IP_RATE_LIMITS=true"]` |
+| `rateLimitSourceIP` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). |
| `rateLimitSourceIPBurst` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
-| `rateLimitDomain` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_DOMAIN_RATE_LIMITS=true"]` |
+| `rateLimitDomain` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). |
| `rateLimitDomainBurst` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
-| `rateLimitTLSSourceIP` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_IP_TLS_RATE_LIMITS=true"]` |
+| `rateLimitTLSSourceIP` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). |
| `rateLimitTLSSourceIPBurst` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
-| `rateLimitTLSDomain` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). To enable rate-limiting use `extraEnv=["FF_ENFORCE_DOMAIN_TLS_RATE_LIMITS=true"]` |
+| `rateLimitTLSDomain` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits). |
| `rateLimitTLSDomainBurst` | | See: [GitLab Pages rate-limits](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) |
+| `rateLimitSubnetsAllowList` | | See: [GitLab Pages rate-limits](#rate-limits) |
| `serverReadTimeout` | `5s` | See: [GitLab Pages global settings](https://docs.gitlab.com/ee/administration/pages/#global-settings) |
| `serverReadHeaderTimeout` | `1s` | See: [GitLab Pages global settings](https://docs.gitlab.com/ee/administration/pages/#global-settings) |
| `serverWriteTimeout` | `5m` | See: [GitLab Pages global settings](https://docs.gitlab.com/ee/administration/pages/#global-settings) |
@@ -342,6 +343,26 @@ GitLab Pages supports only one URL scheme at a time: Either with wildcard DNS, o
WARNING:
GitLab Pages does not update the OAuth application, and the default `authRedirectUri` is updated to `https://pages.<yourdomaindomain>/projects/auth`. While accessing a private Pages site, if you encounter an error 'The redirect URI included is not valid', update the redirect URI in the GitLab Pages [System OAuth application](https://docs.gitlab.com/ee/integration/oauth_provider.html#create-an-instance-wide-application) to `https://pages.<yourdomaindomain>/projects/auth`.
+### Rate limits
+
+You can enforce rate limits to help minimize the risk of a Denial of Service (DoS) attack. Detailed [rate limits documentation](https://docs.gitlab.com/ee/administration/pages/index.html#rate-limits) is available.
+
+To allow certain IP ranges (subnets) to bypass all rate limits:
+
+- `rateLimitSubnetsAllowList`: Sets the allow list with the IP ranges (subnets) that should bypass all rate limits.
+
+#### Configure rate limits subnets allow list
+
+Set the allow list with the IP ranges (subnets) in `charts/gitlab/charts/gitlab-pages/values.yaml`:
+
+```yaml
+gitlab:
+ gitlab-pages:
+ rateLimitSubnetsAllowList:
+ - "1.2.3.4/24"
+ - "2001:db8::1/32"
+```
+
### Configuring KEDA
This `keda` section enables the installation of [KEDA](https://keda.sh/) `ScaledObjects` instead of regular `HorizontalPodAutoscalers`.
@@ -373,34 +394,4 @@ Refer to the [KEDA documentation](https://keda.sh/docs/2.10/concepts/scaling-dep
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
diff --git a/chart/doc/charts/gitlab/gitlab-shell/index.md b/chart/doc/charts/gitlab/gitlab-shell/index.md
index e3201c8b00a7d28ba0e356e370a71535014aa978..a388c555f0b969ef5108b7973736ace72c533ca4 100644
--- a/chart/doc/charts/gitlab/gitlab-shell/index.md
+++ b/chart/doc/charts/gitlab/gitlab-shell/index.md
@@ -36,7 +36,7 @@ controlled by `global.shell.port`.
| Parameter | Default | Description |
| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | | Pod annotations |
| `podLabels` | | Supplemental Pod labels. Will not be used for selectors. |
| `common.labels` | | Supplemental labels that are applied to all objects created by this chart. |
@@ -57,7 +57,8 @@ controlled by `global.shell.port`.
| `config.gssapi.keytab.key` | `keytab` | Key holding the keytab in the Kubernetes secret |
| `config.gssapi.krb5Config` | | Content of the `/etc/krb5.conf` file in the GitLab Shell container |
| `config.gssapi.servicePrincipalName` | | The Kerberos service name to be used by the `gitlab-sshd` daemon |
-| `opensshd.supplemental_config` | | Supplemental configuration, appended to `sshd_config`. Strict alignment to [man page](https://manpages.debian.org/bookworm/openssh-server/sshd_config.5.en.html) |
+| `config.lfs.pureSSHProtocol` | `false` | Enable LFS Pure SSH protocol support |
+| `opensshd.supplemental_config` | | Supplemental configuration, appended to `sshd_config`. Strict alignment to [man page](https://manpages.debian.org/bookworm/openssh-server/sshd_config.5.en.html) |
| `deployment.livenessProbe.initialDelaySeconds` | 10 | Delay before liveness probe is initiated |
| `deployment.livenessProbe.periodSeconds` | 10 | How often to perform the liveness probe |
| `deployment.livenessProbe.timeoutSeconds` | 3 | When the liveness probe times out |
@@ -123,6 +124,7 @@ controlled by `global.shell.port`.
| `sshDaemon` | `openssh` | Selects which SSH daemon would be run, possible values (`openssh`, `gitlab-sshd`) |
| `tolerations` | `[]` | Toleration labels for pod assignment |
| `traefik.entrypoint` | `gitlab-shell` | When using traefik, which traefik entrypoint to use for GitLab Shell. Defaults to `gitlab-shell` |
+| `traefik.tcpMiddlewares` | `[]` | When using traefik, which TCP Middlewares to add to IngressRouteTCP resource. No middlewares by default |
| `workhorse.serviceName` | `webservice` | Workhorse service name (by default, Workhorse is a part of the webservice Pods / Service) |
| `metrics.enabled` | `false` | If a metrics endpoint should be made available for scraping (requires `sshDaemon=gitlab-sshd`). |
| `metrics.port` | `9122` | Metrics endpoint port |
@@ -254,37 +256,7 @@ tolerations:
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
### annotations
diff --git a/chart/doc/charts/gitlab/gitlab-zoekt/index.md b/chart/doc/charts/gitlab/gitlab-zoekt/index.md
index 29d9bdfa13d8c4b9a56350089ec9937c0740da85..db229492f8edc64ad04f38676d1253272072e9d8 100644
--- a/chart/doc/charts/gitlab/gitlab-zoekt/index.md
+++ b/chart/doc/charts/gitlab/gitlab-zoekt/index.md
@@ -96,3 +96,8 @@ To configure Zoekt for a top-level group in GitLab:
```
Zoekt can now index projects in that group after any project is updated or created.
+
+## Enable exact code search
+
+After you install and configure Zoekt, you can
+[enable exact code search](https://docs.gitlab.com/ee/integration/exact_code_search/zoekt.html#enable-exact-code-search) in GitLab.
diff --git a/chart/doc/charts/gitlab/index.md b/chart/doc/charts/gitlab/index.md
index ff6bba960739f35deb4caa0ac311f97ecac6b780..ab5cb3d97176a6292f4ef7c3d3d1af6f78d48d26 100644
--- a/chart/doc/charts/gitlab/index.md
+++ b/chart/doc/charts/gitlab/index.md
@@ -47,3 +47,45 @@ Use these charts as optional additions:
- [Prometheus](https://artifacthub.io/packages/helm/prometheus-community/prometheus)
- [_Unprivileged_](https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers-with-gitlab-runner) [GitLab Runner](https://docs.gitlab.com/runner/) that uses the Kubernetes executor
- Automatically provisioned SSL from [Let's Encrypt](https://letsencrypt.org/), which uses [Jetstack](https://venafi.com/jetstack-consult/)'s [cert-manager](https://cert-manager.io/docs/) with [certmanager-issuer](../certmanager-issuer/index.md)
+
+## GitLab Helm subchart optional parameters
+
+### affinity
+
+> - [Introduced](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3770) in GitLab 17.3 (Charts 8.3) for all GitLab Helm subcharts except `webservice` and `sidekiq`.
+
+`affinity` is an optional parameter in all GitLab Helm subcharts. When you set it, it takes precedence over the [global `affinity`](../globals.md#affinity) value.
+For more information about `affinity`, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
+
+NOTE:
+The `webservice` and `sidekiq` Helm charts can only use the [global `affinity`](../globals.md#affinity) value. Follow [issue 25403](https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/issues/25403) to learn when the local `affinity` is implemented for `webservice` and `sidekiq`.
+
+With `affinity`, you can set either or both:
+
+- `podAntiAffinity` rules to:
+ - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
+ - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
+ (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
+ applied or set it to `hard` so that the required mode is applied.
+- `nodeAffinity` rules to:
+ - Schedule pods to nodes that belong to a specific zone or zones.
+ - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
+ (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
+ rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
+
+`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
+
+The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
+
+```yaml
+nodeAffinity: "hard"
+antiAffinity: "hard"
+affinity:
+ nodeAffinity:
+ key: "test.com/zone"
+ values:
+ - us-east1-a
+ - us-east1-b
+ podAntiAffinity:
+ topologyKey: "test.com/hostname"
+```
diff --git a/chart/doc/charts/gitlab/kas/index.md b/chart/doc/charts/gitlab/kas/index.md
index e8028b4531f411e48a0ba230b092ce713b09a9d9..1b0300221ab6d79dc3837c0102f4f2bf74d94903 100644
--- a/chart/doc/charts/gitlab/kas/index.md
+++ b/chart/doc/charts/gitlab/kas/index.md
@@ -67,7 +67,7 @@ You can pass these parameters to the `helm install` command by using the `--set`
| Parameter | Default | Description |
| -------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | `{}` | Pod annotations. |
| `common.labels` | `{}` | Supplemental labels that are applied to all objects created by this chart. |
| `containerSecurityContext.runAsUser` | `65532` | Override container [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) under which the container is started |
@@ -208,34 +208,4 @@ Refer to the [KEDA documentation](https://keda.sh/docs/2.10/concepts/scaling-dep
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
diff --git a/chart/doc/charts/gitlab/mailroom/index.md b/chart/doc/charts/gitlab/mailroom/index.md
index ea4f792691285079420ce07cf414d000a27d2d57..8a1b4af7f33c2a502c91f80d3c413ee03c7e6c31 100644
--- a/chart/doc/charts/gitlab/mailroom/index.md
+++ b/chart/doc/charts/gitlab/mailroom/index.md
@@ -80,7 +80,7 @@ serviceAccount:
| Parameter | Description | Default |
| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `deployment.strategy` | Allows one to configure the update strategy utilized by the deployment | `{}` |
| `enabled` | Mailroom enablement flag | `true` |
| `hpa.behavior` | Behavior contains the specifications for up- and downscaling behavior (requires `autoscaling/v2beta2` or higher) | `{scaleDown: {stabilizationWindowSeconds: 300 }}` |
@@ -244,34 +244,4 @@ as described in the [secrets guide](../../../installation/secrets.md#imap-passwo
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
diff --git a/chart/doc/charts/gitlab/migrations/index.md b/chart/doc/charts/gitlab/migrations/index.md
index 04f279c3e2ee595e22e34be8f4338339150839e1..fa243d860df62a5e5b77fb03e8d2a70c6cae7922 100644
--- a/chart/doc/charts/gitlab/migrations/index.md
+++ b/chart/doc/charts/gitlab/migrations/index.md
@@ -46,7 +46,7 @@ Table below contains all the possible charts configurations that can be supplied
| `init.image.containerSecurityContext` | init container securityContext overrides | `{}` |
| `enabled` | Migrations enable flag | `true` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
-| `affinity` | [Affinity rules](#affinity) for pod assignment | `{}` |
+| `affinity` | [Affinity rules](../index.md#affinity) for pod assignment | `{}` |
| `annotations` | Annotations for the job spec | `{}` |
| `podAnnotations` | Annotations for the pob spec | `{}` |
| `podLabels` | Supplemental Pod labels. Will not be used for selectors. | |
@@ -139,37 +139,7 @@ image:
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
## Using the Community Edition of this chart
diff --git a/chart/doc/charts/gitlab/praefect/index.md b/chart/doc/charts/gitlab/praefect/index.md
index bbbe7ae935ff6e2cfd052007a4d164f7f9a22426..8009ed69545e62cfdb80c2271b651fea4cd301e5 100644
--- a/chart/doc/charts/gitlab/praefect/index.md
+++ b/chart/doc/charts/gitlab/praefect/index.md
@@ -298,7 +298,7 @@ the `helm install` command using the `--set` flags.
| `metrics.separate_database_metrics` | `true` | If true then metrics scrapes will not perform database queries, setting to false [may cause performance problems](https://gitlab.com/gitlab-org/gitaly/-/issues/3796) |
| `metrics.path` | `/metrics` | Metrics endpoint path |
| `metrics.serviceMonitor.enabled` | `false` | If a ServiceMonitor should be created to enable Prometheus Operator to manage the metrics scraping, note that enabling this removes the `prometheus.io` scrape annotations |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `metrics.serviceMonitor.additionalLabels` | `{}` | Additional labels to add to the ServiceMonitor |
| `metrics.serviceMonitor.endpointConfig` | `{}` | Additional endpoint configuration for the ServiceMonitor |
| securityContext.runAsUser | 1000 | |
@@ -309,34 +309,4 @@ the `helm install` command using the `--set` flags.
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
diff --git a/chart/doc/charts/gitlab/sidekiq/index.md b/chart/doc/charts/gitlab/sidekiq/index.md
index 6d1a122f8656eecb3667b50c86de0b2627f24b10..fc358ed9fa396d48bb0059c7d5793b94473fea01 100644
--- a/chart/doc/charts/gitlab/sidekiq/index.md
+++ b/chart/doc/charts/gitlab/sidekiq/index.md
@@ -576,8 +576,8 @@ places. This examples adds the following network policy:
*Note the example provided is only an example and may not be complete*
-_Note that the Sidekiq service requires outbound connectivity to the public
-internet for images on [external object storage](../../../advanced/external-object-storage)_
+*Note that the Sidekiq service requires outbound connectivity to the public
+internet for images on [external object storage](../../../advanced/external-object-storage)*
```yaml
networkpolicy:
diff --git a/chart/doc/charts/gitlab/spamcheck/index.md b/chart/doc/charts/gitlab/spamcheck/index.md
index 9f47b171da114fbf8811f624b602c8806c05c9ee..396dad920f5df3f47869f2fd44f6ca88ccd34e75 100644
--- a/chart/doc/charts/gitlab/spamcheck/index.md
+++ b/chart/doc/charts/gitlab/spamcheck/index.md
@@ -47,7 +47,7 @@ The table below contains all the possible charts configurations that can be supp
| Parameter | Default | Description |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| `affinity` | `{}` | [Affinity rules](#affinity) for pod assignment |
+| `affinity` | `{}` | [Affinity rules](../index.md#affinity) for pod assignment |
| `annotations` | `{}` | Pod annotations |
| `common.labels` | `{}` | Supplemental labels that are applied to all objects created by this chart. |
| `deployment.livenessProbe.initialDelaySeconds` | 20 | Delay before liveness probe is initiated |
@@ -155,37 +155,7 @@ tolerations:
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
### annotations
diff --git a/chart/doc/charts/gitlab/toolbox/index.md b/chart/doc/charts/gitlab/toolbox/index.md
index f2ec97afc1abe3176b156b408675399f07db6f00..f0debd80a3f424a05bf678cf2534e2b560cd1176 100644
--- a/chart/doc/charts/gitlab/toolbox/index.md
+++ b/chart/doc/charts/gitlab/toolbox/index.md
@@ -67,7 +67,7 @@ gitlab:
| Parameter | Description | Default |
|---------------------------------------------|----------------------------------------------|------------------------------|
-| `affinity` | [Affinity rules](#affinity) for pod assignment | `{}` |
+| `affinity` | [Affinity rules](../index.md#affinity) for pod assignment | `{}` |
| `annotations` | Annotations to add to the Toolbox Pods and Jobs | `{}` |
| `common.labels` | Supplemental labels that are applied to all objects created by this chart. | `{}` |
| `antiAffinityLabels.matchLabels` | Labels for setting anti-affinity options | |
@@ -222,34 +222,4 @@ gitlab-rake gitlab:env:info
### affinity
-`affinity` is an optional parameter that allows you to set either or both:
-
-- `podAntiAffinity` rules to:
- - Not schedule pods in the same domain as the pods that match the expression corresponding to the `topology key`.
- - Set two modes of `podAntiAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). Using the variable `antiAffinity` in `values.yaml`, set the setting to `soft` so that the preferred mode is
- applied or set it to `hard` so that the required mode is applied.
-- `nodeAffinity` rules to:
- - Schedule pods to nodes that belong to a specific zone or zones.
- - Set two modes of `nodeAffinity` rules: required (`requiredDuringSchedulingIgnoredDuringExecution`) and preferred
- (`preferredDuringSchedulingIgnoredDuringExecution`). When set to `soft`, the preferred mode is applied. When set to `hard`, the required mode is applied. This
- rule is implemented only for the `registry` chart and the `gitlab` chart alongwith all its subcharts except `webservice` and `sidekiq`.
-
-`nodeAffinity` only implements the [`In` operator](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators).
-
-For more information, see [the relevant Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
-
-The following example sets `affinity`, with both `nodeAffinity` and `antiAffinity` set to `hard`:
-
-```yaml
-nodeAffinity: "hard"
-antiAffinity: "hard"
-affinity:
- nodeAffinity:
- key: "test.com/zone"
- values:
- - us-east1-a
- - us-east1-b
- podAntiAffinity:
- topologyKey: "test.com/hostname"
-```
+For more information, see [`affinity`](../index.md#affinity).
diff --git a/chart/doc/charts/globals.md b/chart/doc/charts/globals.md
index d4c3441c75627d4bfa5006cd75a589efc0d375e7..7d397036d378f0efdac4515fb83decbaf27a2fbc 100644
--- a/chart/doc/charts/globals.md
+++ b/chart/doc/charts/globals.md
@@ -47,6 +47,7 @@ for more information on how the global variables work.
- [Pod priority and preemption](#pod-priority-and-preemption)
- [Log rotation](#log-rotation)
- [Jobs](#jobs)
+- [Traefik](#traefik)
## Configure Host settings
@@ -461,6 +462,9 @@ global:
| Name | Type | Default | Description |
|:------------------ |:-------:|:------- |:----------- |
+| `connectTimeout` | Integer | | The number of seconds to wait for a Redis connection. If no value specified, the client defaults to 1 second. |
+| `readTimeout` | Integer | | The number of seconds to wait for a Redis read. If no value is specified, the client defaults to 1 second. |
+| `writeTimeout` | Integer | | The number of seconds to wait for a Redis write. If no value is specified, the client defaults to 1 second. |
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
@@ -841,7 +845,7 @@ Administrators can chose to use Gitaly nodes in the following ways:
See [Repository Storage Paths](https://docs.gitlab.com/ee/administration/repository_storage_paths.html)
documentation for details on managing which nodes will be used for new projects.
-If `gitaly.host` is provided, `gitaly.internal` and `gitaly.external` properties will *be ignored*.
+If `gitaly.host` is provided, `gitaly.internal` and `gitaly.external` properties will _be ignored_.
See the [deprecated Gitaly settings](#deprecated-gitaly-settings).
The Gitaly authentication token is expected to be identical for
@@ -852,7 +856,7 @@ See [issue #1992](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/1992) for
The `internal` key currently consists of only one key, `names`, which is a list of
[storage names](https://docs.gitlab.com/ee/administration/repository_storage_paths.html)
-to be managed by the chart. For each listed name, *in logical order*, one pod will
+to be managed by the chart. For each listed name, _in logical order_, one pod will
be spawned, named `${releaseName}-gitaly-${ordinal}`, where `ordinal` is the index
within the `names` list. If dynamic provisioning is enabled, the `PersistentVolumeClaim`
will match.
@@ -863,7 +867,7 @@ This list defaults to `['default']`, which provides for 1 pod related to one
Manual scaling of this item is required, by adding or removing entries in
`gitaly.internal.names`. When scaling down, any repository that has not been moved
to another node will become unavailable. Since the Gitaly chart is a `StatefulSet`,
-dynamically provisioned disks *will not* be reclaimed. This means the data disks
+dynamically provisioned disks _will not_ be reclaimed. This means the data disks
will persist, and the data on them can be accessed when the set is scaled up again
by re-adding a node to the `names` list.
@@ -913,9 +917,9 @@ All Gitaly nodes **must** share the same authentication token.
| Name | Type | Default | Description |
|:---------------------------- |:-------:|:------- |:----------- |
-| `host` *(deprecated)* | String | | The hostname of the Gitaly server to use. This can be omitted in lieu of `serviceName`. If this setting is used, it will override any values of `internal` or `external`. |
-| `port` *(deprecated)* | Integer | `8075` | The port on which to connect to the Gitaly server. |
-| `serviceName` *(deprecated)* | String | | The name of the `service` which is operating the Gitaly server. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Gitaly as a part of the overall GitLab chart. |
+| `host` _(deprecated)_ | String | | The hostname of the Gitaly server to use. This can be omitted in lieu of `serviceName`. If this setting is used, it will override any values of `internal` or `external`. |
+| `port` _(deprecated)_ | Integer | `8075` | The port on which to connect to the Gitaly server. |
+| `serviceName` _(deprecated)_ | String | | The name of the `service` which is operating the Gitaly server. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Gitaly as a part of the overall GitLab chart. |
### TLS settings
@@ -1682,8 +1686,8 @@ Defaults to `[]`.
This property has two sub-keys: `secret` and `key`:
-- `secret`: *(required)* The name of a Kubernetes `Secret` containing the provider block.
-- `key`: *(optional)* The name of the key in the `Secret` containing the provider block.
+- `secret`: _(required)_ The name of a Kubernetes `Secret` containing the provider block.
+- `key`: _(optional)_ The name of the key in the `Secret` containing the provider block.
Defaults to `provider`
Alternatively, if the provider has no other configuration than its name, you may
@@ -2122,7 +2126,7 @@ The UBI-based `update-ca-trust` utility does not seem to have the same requireme
You can provide any number of Secrets or ConfigMaps, each containing any number of keys that hold
PEM-encoded CA certificates. These are configured as entries under `global.certificates.customCAs`.
All keys are mounted unless `keys:` is provided with a list of specific keys to be mounted. All mounted keys across all Secrets and ConfigMaps must be unique.
-The Secrets and ConfigMaps can be named in any fashion, but they *must not* contain key names that collide.
+The Secrets and ConfigMaps can be named in any fashion, but they _must not_ contain key names that collide.
## Application Resource
@@ -2588,3 +2592,17 @@ helm <command> <options> --set global.job.nameSuffixOverride=$(date +%Y-%m-%d-%H
| Name | Type | Default | Description |
| :--------------------| :--: | :------ | :-------------------------------------------------------- |
| `nameSuffixOverride` | String | | Custom suffix to replace the automatically generated hash |
+
+## Traefik
+
+The Traefik settings can be configured via `globals.traefik`.
+
+```yaml
+global:
+ traefik:
+ apiVersion: ""
+```
+
+| Name | Type | Default | Description |
+| :------------| :----- | :------ | :------------------------------------------------------ |
+| `apiVersion` | String | | Overrides the default `apiVersion` of Traefik resources |
diff --git a/chart/doc/charts/minio/index.md b/chart/doc/charts/minio/index.md
index 2817ab16666b438cb0e9da4011ea25449afd690e..0c3d6744cf75fefaec5ffe9275cbec73cf47fc23 100644
--- a/chart/doc/charts/minio/index.md
+++ b/chart/doc/charts/minio/index.md
@@ -241,7 +241,7 @@ defaultBuckets:
| Name | Type | Default | Description |
|:-------- |:-------:|:--------|:------------|
-| `name` | String | | The name of the bucket that is created. The provided value should conform to [AWS bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html), meaning that it should be compliant with DNS and contain only the characters a-z, 0-9, and – (hyphen) in strings between 3 and 63 characters in length. The `name` property is _required_ for all entries. |
+| `name` | String | | The name of the bucket that is created. The provided value should conform to [AWS bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html), meaning that it should be compliant with DNS and contain only the characters a-z, 0-9, and – (hyphen) in strings between 3 and 63 characters in length. The `name` property is *required* for all entries. |
| `policy` | | `none` | The value of `policy` controls the access policy of the bucket on MinIO. The `policy` property is not required, and the default value is `none`. In regards to **anonymous** access, possible values are: `none` (no anonymous access), `download` (anonymous read-only access), `upload` (anonymous write-only access) or `public` (anonymous read/write access). |
| `purge` | Boolean | | The `purge` property is provided as a means to cause any existing bucket to be removed with force, at installation time. This only comes into play when using a pre-existing `PersistentVolume` for the volumeName property of [persistence](#persistence). If you make use of a dynamically created `PersistentVolume`, this will have no valuable effect as it only happens at chart installation and there will be no data in the `PersistentVolume` that was just created. This property is not required, but you may specify this property with a value of `true` in order to cause a bucket to purged with force `mc rm -r --force`. |
diff --git a/chart/doc/charts/nginx/fork.md b/chart/doc/charts/nginx/fork.md
index 52c38ff8f61c94281b39508019de076de6e925ff..afbbadffe7525448324b442f55c38e46b3f190bb 100644
--- a/chart/doc/charts/nginx/fork.md
+++ b/chart/doc/charts/nginx/fork.md
@@ -42,3 +42,27 @@ The following adjustments were made to the NGINX fork:
- `controller.service.enableShell`.
- `controller.service.internal.enableShell`.
(follows the exisiting chart pattern of `controller.service.enableHttp(s)`)
+- Add the following new RBAC rules. This is necessary while our chart is on 4.0.6, but we've bumped the controller image to 1.11.2. Once we bring the chart to 4.11.2, we can remove this patch. It was required because the controller now uses endpointslices to track endpoints.
+ This was added to both: `charts/nginx-ingress/templates/clusterrole.yaml` and `charts/nginx-ingress/templates/controller-role.yaml`:
+
+ ```yaml
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+ - get
+ ```
+
+ Additionally, to support migration from v1.3.1 to v1.11.2, for those users that set their own RBAC rules, we've also
+ added these values which will be removed, once we drop the v1.3.1 fallback, which is scheduled for 8.8 release.
+
+ ```yaml
+ controller:
+ image:
+ fallbackTag: "v1.3.1"
+ fallbackDigest: "sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"
+ disableFallback: false
+ ```
diff --git a/chart/doc/charts/registry/index.md b/chart/doc/charts/registry/index.md
index 0e9b1c7572dd842b70dd6a589242fe843bd7517f..1378e3907cab052c32d78ecebd09778e85c0761d 100644
--- a/chart/doc/charts/registry/index.md
+++ b/chart/doc/charts/registry/index.md
@@ -282,6 +282,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the
| `redis.rateLimiting.enabled` | `false` | When set to `true`, the Redis rate limiter is enabled. This feature is under development. |
| `redis.rateLimiting.host` | `<Redis URL>` | The hostname of the Redis instance. If empty, the value will be filled as `global.redis.host:global.redis.port`. |
| `redis.rateLimiting.port` | `6379` | The port of the Redis instance. |
+| `redis.rateLimiting.cluster` | `[]` | List of addresses with host and port. |
| `redis.rateLimiting.sentinels` | `[]` | List sentinels with host and port. |
| `redis.rateLimiting.mainname` | | The main server name. Only applicable for Sentinel. |
| `redis.rateLimiting.username` | | The username used to connect to the Redis instance. |
@@ -958,16 +959,13 @@ profiling:
### database
-DETAILS:
-**Status:** Beta
-
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5521) in GitLab 16.4 as a [beta](https://docs.gitlab.com/ee/policy/experiment-beta-support.html#beta) feature.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/423459) in GitLab 17.3.
The `database` property is optional and enables the [metadata database](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#database).
-This is a [beta](https://docs.gitlab.com/ee/policy/experiment-beta-support.html#beta) feature.
-See the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/423459)
-and associated documentation before enabling this feature.
+See the [administration documentation](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html)
+before enabling this feature.
NOTE:
This feature requires PostgreSQL 12 or newer.
@@ -1013,11 +1011,6 @@ more information about creating the database.
The `gc` property provides [online garbage collection](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#gc)
options.
-NOTE:
-The online garbage collection is a beta feature from version 16.4 and later. Please
-review the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/423459)
-and associated documentation before enabling this feature.
-
Online garbage collection requires the [metadata database](#database) to be enabled. You must use online garbage collection when using the database, though
you can temporarily disable online garbage collection for maintenance and debugging.
@@ -1072,6 +1065,23 @@ redis:
idletimeout: 300s
```
+#### Cluster
+
+The `redis.rateLimiting.cluster` property is a list of hosts and ports
+to connect to a Redis cluster. For example:
+
+```yaml
+redis:
+ cache:
+ enabled: true
+ host: redis.example.com
+ cluster:
+ - host: host1.example.com
+ port: 6379
+ - host: host2.example.com
+ port: 6379
+```
+
#### Sentinels
The `redis.cache` can use the `global.redis.sentinels` configuration. Local values can be provided and
diff --git a/chart/doc/charts/registry/metadata_database.md b/chart/doc/charts/registry/metadata_database.md
index 302179701ad5f1fe2e0e271dab13cc6bbbdf57d2..ddc7274f5170ea1330d215024c4a218ad60b86f5 100644
--- a/chart/doc/charts/registry/metadata_database.md
+++ b/chart/doc/charts/registry/metadata_database.md
@@ -9,9 +9,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
-**Status:** Beta
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5521) in GitLab 16.4 as a [beta](https://docs.gitlab.com/ee/policy/experiment-beta-support.html#beta) feature.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/423459) in GitLab 17.3.
The metadata database enables many new registry features, including
online garbage collection, and increases the efficiency of many registry operations.
@@ -22,7 +22,8 @@ This page contains information on how to create the database.
You can migrate existing registries to the metadata database, and use online garbage collection.
Some database-enabled features are only enabled for GitLab.com and automatic database provisioning for
-the registry database is not available. Review the feature support table in the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/423459#supported-feature-status)
+the registry database is not available. Review the feature support section in the
+[administration documentation](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html#metadata-database-feature-support)
for the status of features related to the container registry database.
## Create the database
@@ -86,7 +87,7 @@ there will be some variation in how you connect.
Prerequisites:
-- GitLab 16.4 or later.
+- GitLab 17.3 or later.
- PostgreSQL database version 12 or later, accessible from the registry pods.
- Access to the Kubernetes cluster and the Helm deployment locally.
- SSH access to the registry pods.
diff --git a/chart/doc/development/index.md b/chart/doc/development/index.md
index e5c4b3311bc67103fc58ac89563e4d525254cb45..499b93e4312d55bb224f1aee27210ba2e1f0830d 100644
--- a/chart/doc/development/index.md
+++ b/chart/doc/development/index.md
@@ -179,7 +179,7 @@ can not resolve the MinIO domain name and find the correct endpoint (you can see
Developers may encounter unique issues while working on new chart features.
[Refer to the troubleshooting guide](troubleshooting.md) for
-information if your **_development_** cluster seems to have strange issues.
+information if your ***development*** cluster seems to have strange issues.
NOTE:
The troubleshooting steps outlined in the link above are for development
diff --git a/chart/doc/installation/command-line-options.md b/chart/doc/installation/command-line-options.md
index db7e6e4f96677f97e247e83bd2157e2739a0ffbb..0f3f3544139c050acd0545ae84ad7dfc47d316b4 100644
--- a/chart/doc/installation/command-line-options.md
+++ b/chart/doc/installation/command-line-options.md
@@ -232,6 +232,9 @@ See the [instructions for creating secrets](secrets.md).
| `nginx-ingress.rbac.createRole` | Create and use namespaced role | true |
| `prometheus.rbac.create` | Create and use RBAC resources | true |
+If you're setting `nginx-ingress.rbac.create` to `false` to configure the RBAC rules by yourself, on
+GitLab chart v8.5.0+, you'll [need to also configure extra rules](../releases/8_0.md#upgrade-to-85x).
+
## Advanced NGINX Ingress configuration
Prefix NGINX Ingress values with `nginx-ingress`. For example, set the controller image tag using `nginx-ingress.controller.image.tag`.
diff --git a/chart/doc/installation/deployment.md b/chart/doc/installation/deployment.md
index 33278b48870594bc17548ec3eac922d741972055..52715cf4148e2ed17637c195abcd3d68ff0ffd75 100644
--- a/chart/doc/installation/deployment.md
+++ b/chart/doc/installation/deployment.md
@@ -36,8 +36,7 @@ helm upgrade --install gitlab gitlab/gitlab \
--timeout 600s \
--set global.hosts.domain=example.com \
--set global.hosts.externalIP=10.10.10.10 \
- --set certmanager-issuer.email=me@example.com \
- --set postgresql.image.tag=13.6.0
+ --set certmanager-issuer.email=me@example.com
```
Note the following:
@@ -93,7 +92,7 @@ kubectl get secret <name>-gitlab-initial-root-password -ojsonpath='{.data.passwo
By default, the Helm charts use the Enterprise Edition of GitLab. The Enterprise Edition is a free, open core version of GitLab with the option of upgrading to a paid tier to unlock additional features. If desired, you can instead use the Community Edition which is licensed under the MIT Expat license. Learn more about the [difference between the two](https://about.gitlab.com/install/ce-or-ee/).
-*To deploy the Community Edition, include this option in your Helm install command:*
+_To deploy the Community Edition, include this option in your Helm install command:_
```shell
--set global.edition=ce
diff --git a/chart/doc/installation/migration/package_to_helm.md b/chart/doc/installation/migration/package_to_helm.md
index 1a29d4f80fa484f6134678998405e1fd9e611f1f..74089495d25e134cbb8ecb9b6c6d2a610043687d 100644
--- a/chart/doc/installation/migration/package_to_helm.md
+++ b/chart/doc/installation/migration/package_to_helm.md
@@ -44,10 +44,10 @@ Before the migration, a few prerequisites must be met:
1. [Create a backup tarball](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html) and [exclude all the already migrated directories](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#excluding-specific-directories-from-the-backup).
- The backup file will be stored under `/var/opt/gitlab/backups`, unless you
- [explicitly changed](https://docs.gitlab.com/omnibus/settings/backups.html#manually-manage-backup-directory)
- it.
-
+ For local backups (default), the backup file is stored under `/var/opt/gitlab/backups`, unless you
+ [explicitly changed the location](https://docs.gitlab.com/omnibus/settings/backups.html#manually-manage-backup-directory).
+ For [remote storage backups](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#upload-backups-to-a-remote-cloud-storage),
+ the backup file is stored in the configured bucket.
1. [Restore from the package-based installation](../../backup-restore/restore.md)
to the Helm chart, starting with the secrets. You will need to migrate the
values of `/etc/gitlab/gitlab-secrets.json` to the YAML file that will be
diff --git a/chart/doc/installation/version_mappings.md b/chart/doc/installation/version_mappings.md
index fec8ac1000291db551ab1d7667613897132074ef..f3b842594514b3951d7524f67c44c549dc70ec4e 100644
--- a/chart/doc/installation/version_mappings.md
+++ b/chart/doc/installation/version_mappings.md
@@ -33,24 +33,30 @@ The table below maps some of the key previous supported chart versions and suppo
| Chart version | GitLab version |
|---------------|----------------|
-| 8.2.9 | 17.2.9 |
-| 8.2.8 | 17.2.8 |
-| 8.2.7 | 17.2.7 |
-| 8.2.6 | 17.2.6 |
-| 8.2.5 | 17.2.5 |
-| 8.2.4 | 17.2.4 |
-| 8.2.3 | 17.2.3 |
+| 8.3.6 | 17.3.6 |
+| 8.3.5 | 17.3.5 |
+| 8.3.4 | 17.3.4 |
+| 8.3.3 | 17.3.3 |
+| 8.3.2 | 17.3.2 |
+| 8.3.1 | 17.3.1 |
+| 8.3.0 | 17.3.6 |
| 8.2.2 | 17.2.2 |
| 8.2.1 | 17.2.1 |
| 8.2.0 | 17.2.0 |
+| 8.1.4 | 17.1.4 |
+| 8.1.3 | 17.1.3 |
| 8.1.2 | 17.1.2 |
| 8.1.1 | 17.1.1 |
| 8.1.0 | 17.1.0 |
+| 8.0.6 | 17.0.6 |
+| 8.0.5 | 17.0.5 |
| 8.0.4 | 17.0.4 |
| 8.0.3 | 17.0.3 |
| 8.0.2 | 17.0.2 |
| 8.0.1 | 17.0.1 |
| 8.0.0 | 17.0.0 |
+| 7.11.8 | 16.11.8 |
+| 7.11.7 | 16.11.7 |
| 7.11.6 | 16.11.6 |
| 7.11.5 | 16.11.5 |
| 7.11.4 | 16.11.4 |
@@ -58,6 +64,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.11.2 | 16.11.2 |
| 7.11.1 | 16.11.1 |
| 7.11.0 | 16.11.0 |
+| 7.10.9 | 16.10.9 |
| 7.10.8 | 16.10.8 |
| 7.10.7 | 16.10.7 |
| 7.10.6 | 16.10.6 |
@@ -67,6 +74,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.10.2 | 16.10.2 |
| 7.10.1 | 16.10.1 |
| 7.10.0 | 16.10.0 |
+| 7.9.10 | 16.9.10 |
| 7.9.9 | 16.9.9 |
| 7.9.8 | 16.9.8 |
| 7.9.7 | 16.9.7 |
@@ -77,6 +85,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.9.2 | 16.9.2 |
| 7.9.1 | 16.9.1 |
| 7.9.0 | 16.9.0 |
+| 7.8.9 | 16.8.9 |
| 7.8.8 | 16.8.8 |
| 7.8.7 | 16.8.7 |
| 7.8.6 | 16.8.6 |
@@ -86,6 +95,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.8.2 | 16.8.2 |
| 7.8.1 | 16.8.1 |
| 7.8.0 | 16.8.0 |
+| 7.7.9 | 16.7.9 |
| 7.7.8 | 16.7.8 |
| 7.7.7 | 16.7.7 |
| 7.7.6 | 16.7.6 |
@@ -95,6 +105,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.7.2 | 16.7.2 |
| 7.7.1 | 16.7.1 |
| 7.7.0 | 16.7.0 |
+| 7.6.9 | 16.6.9 |
| 7.6.8 | 16.6.8 |
| 7.6.7 | 16.6.7 |
| 7.6.6 | 16.6.6 |
@@ -104,6 +115,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.6.2 | 16.6.2 |
| 7.6.1 | 16.6.1 |
| 7.6.0 | 16.6.0 |
+| 7.5.9 | 16.5.9 |
| 7.5.8 | 16.5.8 |
| 7.5.7 | 16.5.7 |
| 7.5.6 | 16.5.6 |
@@ -113,12 +125,14 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.5.2 | 16.5.2 |
| 7.5.1 | 16.5.1 |
| 7.5.0 | 16.5.0 |
+| 7.4.6 | 16.4.6 |
| 7.4.5 | 16.4.5 |
| 7.4.4 | 16.4.4 |
| 7.4.3 | 16.4.3 |
| 7.4.2 | 16.4.2 |
| 7.4.1 | 16.4.1 |
| 7.4.0 | 16.4.0 |
+| 7.3.8 | 16.3.8 |
| 7.3.7 | 16.3.7 |
| 7.3.6 | 16.3.6 |
| 7.3.5 | 16.3.5 |
@@ -127,6 +141,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.3.2 | 16.3.2 |
| 7.3.1 | 16.3.1 |
| 7.3.0 | 16.3.0 |
+| 7.2.10 | 16.2.10 |
| 7.2.9 | 16.2.9 |
| 7.2.8 | 16.2.8 |
| 7.2.7 | 16.2.7 |
@@ -137,6 +152,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.2.2 | 16.2.2 |
| 7.2.1 | 16.2.1 |
| 7.2.0 | 16.2.0 |
+| 7.1.7 | 16.1.7 |
| 7.1.6 | 16.1.6 |
| 7.1.5 | 16.1.5 |
| 7.1.4 | 16.1.4 |
@@ -144,6 +160,7 @@ The table below maps some of the key previous supported chart versions and suppo
| 7.1.2 | 16.1.2 |
| 7.1.1 | 16.1.1 |
| 7.1.0 | 16.1.0 |
+| 7.0.9 | 16.0.9 |
| 7.0.8 | 16.0.8 |
| 7.0.7 | 16.0.7 |
| 7.0.6 | 16.0.6 |
diff --git a/chart/doc/releases/8_0.md b/chart/doc/releases/8_0.md
index 5fde7973214b93be83f7736c5d08e5d35737b2d4..becaf7b7eecf712d02c6e53982c5a5ace91cb10f 100644
--- a/chart/doc/releases/8_0.md
+++ b/chart/doc/releases/8_0.md
@@ -20,6 +20,33 @@ See [GitLab 17 changes](https://docs.gitlab.com/ee/update/versions/gitlab_17_cha
To upgrade to the `8.0` version of the chart, you first need to upgrade to the latest `7.11.x`
release of the chart. Check the [version mapping details](../installation/version_mappings.md) for the latest patch.
+### Upgrade to 8.5.x
+
+If you haven't modified the GitLab chart `nginx-ingress.rbac.create` value, or it's set to `true`,
+you can skip this section.
+
+In v8.5.0, the Ingress NGINX Controller image was bumped to v1.11.2, but the Ingress NGINX Controller chart version is
+still on 4.0.6. The old `v1.3.1` controller image is now deprecated and schedule for removal in GitLab chart 8.8.
+
+By default the `v1.11.2` will be set. The chart will automatically fallback to `v1.3.1` if the you're setting
+`nginx-ingress.rbac.create` to `false`. This is because `v1.11.2` requires new RBAC rules, which we added to our
+[NGINX forked chart](../charts/nginx/fork.md).
+
+If you're using managing NGINX RBAC rules by yourself, and want to use the new `v1.11.2`, apply
+[the new RBAC rules to your cluster](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3901/diffs?commit_id=93a3cbdb5ad83db95e12fa6c2145df0800493d8b)
+, and enable `v1.11.2` with:
+
+```yaml
+nginx-ingress:
+ rbac:
+ create: false
+ controller:
+ image:
+ disableFallback: true
+```
+
+If you're setting `nginx-ingress-geo.rbac.create: false`, the same applies.
+
### Runner workflow changes
The legacy runner registration workflow is now disabled by default. You must
diff --git a/chart/doc/troubleshooting/index.md b/chart/doc/troubleshooting/index.md
index e084e030898141f62beeb95e9ce2060ecc71849c..d1413ec6056a550970bb73b999f1170bb7b8ba61 100644
--- a/chart/doc/troubleshooting/index.md
+++ b/chart/doc/troubleshooting/index.md
@@ -300,6 +300,8 @@ To fix this, either:
Note that for optional keys, an empty map (`{}`) is a valid value.
+<!-- markdownlint-disable line-length -->
+
## Restoration failure: `ERROR: cannot drop view pg_stat_statements because extension pg_stat_statements requires it`
You may face this error when restoring a backup on your Helm chart instance. Use the following steps as a workaround:
@@ -328,6 +330,8 @@ follow the same steps above to drop and re-create it.
You can find more details about this error in issue [#2469](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2469).
+<!-- markdownlint-enable line-length -->
+
## Bundled PostgreSQL pod fails to start: `database files are incompatible with server`
The following error message may appear in the bundled PostgreSQL pod after upgrading to a new version of the GitLab Helm chart:
diff --git a/chart/doc/troubleshooting/kubernetes_cheat_sheet.md b/chart/doc/troubleshooting/kubernetes_cheat_sheet.md
index e8933ff81d7a33c7e89020707103eae08f663c96..15f55a9ea629ca40b92216561833c893ad80b402 100644
--- a/chart/doc/troubleshooting/kubernetes_cheat_sheet.md
+++ b/chart/doc/troubleshooting/kubernetes_cheat_sheet.md
@@ -2,6 +2,7 @@
stage: Systems
group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+ignore_in_report: true
---
# Kubernetes cheat sheet
diff --git a/chart/examples/ubi/values.yaml b/chart/examples/ubi/values.yaml
index 8205704bffd6d9afba187ad44f19e501d1a8e43a..50624ddaaed4233974522493f3d261eea99294ab 100644
--- a/chart/examples/ubi/values.yaml
+++ b/chart/examples/ubi/values.yaml
@@ -31,7 +31,7 @@ global:
image:
pullPolicy: Always # You can drop this if you're using release tags.
- tagSuffix: -ubi9
+ tagSuffix: -ubi # -ubi8 for GitLab 17.2 and earlier
# See: https://gitlab.com/gitlab-org/charts/gitlab/blob/master/doc/installation/tls.md#option-2-use-your-own-wildcard-certificate
ingress:
diff --git a/chart/requirements.lock b/chart/requirements.lock
index 9e767bf415ac1551e48e5cc295fca2e1407e3e68..125611c09233746e10e964ccd0706dadb71c88a5 100644
--- a/chart/requirements.lock
+++ b/chart/requirements.lock
@@ -22,7 +22,7 @@ dependencies:
version: 12.5.2
- name: gitlab-runner
repository: https://charts.gitlab.io/
- version: 0.67.0
+ version: 0.68.0
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.13.2
@@ -44,5 +44,5 @@ dependencies:
- name: kubernetes-ingress
repository: https://haproxytech.github.io/helm-charts
version: 1.32.0
-digest: sha256:642f2e9e5128bfb4a30a2ee52e8cb65ffbc8bf646dde8a6fd45ff2ba4ed179ce
-generated: "2024-08-27T11:52:01.979946-04:00"
+digest: sha256:fcd079349bece4434313e692c222833250c0d4391aa9d06c5dc50f4a79df2375
+generated: "2024-10-28T13:29:21.577997-05:00"
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index d459424a2ecd5fed4794dc2b6d4667d4d2147684..be9873f827090f22eb44398a18e8fe6648cbcbfe 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -21,7 +21,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: postgresql.install
- name: gitlab-runner
- version: 0.67.0
+ version: 0.68.0
repository: https://charts.gitlab.io/
condition: gitlab-runner.install
- name: redis
diff --git a/chart/spec/configuration/gitaly_spec.rb b/chart/spec/configuration/gitaly_spec.rb
index 49823e9995128e08b7ec537f29422929d8abbc54..fd9e36e7fe0fd4f0dc8b53aec7b571e7f7618a9e 100644
--- a/chart/spec/configuration/gitaly_spec.rb
+++ b/chart/spec/configuration/gitaly_spec.rb
@@ -267,7 +267,7 @@ describe 'Gitaly configuration' do
config = t.dig('ConfigMap/test-gitaly', 'data', 'config.toml.tpl')
toml = render_toml(config, 'HOSTNAME' => 'default')
- expect(toml.keys).to match_array(%w[auth bin_dir git gitlab gitlab-shell hooks listen_addr logging prometheus_listen_addr storage])
+ expect(toml.keys).to match_array(%w[auth bin_dir git gitlab gitlab-shell hooks listen_addr logging prometheus_listen_addr storage graceful_restart_timeout])
expect(toml['storage']).to eq([{ 'name' => 'default', 'path' => '/home/git/repositories' }])
expect(toml['auth']['token'].length).to eq(32)
end
@@ -311,7 +311,7 @@ describe 'Gitaly configuration' do
config = t.dig('ConfigMap/test-gitaly-praefect', 'data', 'config.toml.tpl')
toml = render_toml(config, 'HOSTNAME' => 'test-gitaly-default-0')
- expect(toml.keys).to match_array(%w[auth bin_dir git gitlab gitlab-shell hooks listen_addr logging prometheus_listen_addr storage])
+ expect(toml.keys).to match_array(%w[auth bin_dir git gitlab gitlab-shell hooks listen_addr logging prometheus_listen_addr storage graceful_restart_timeout])
expect(toml['storage']).to eq([{ 'name' => 'test-gitaly-default-0', 'path' => '/home/git/repositories' }])
expect(toml['auth']['token'].length).to eq(32)
end
@@ -681,4 +681,83 @@ describe 'Gitaly configuration' do
end
end
end
+
+ context 'gracefulRestartTimeout' do
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ gitaly:
+ gracefulRestartTimeout: #{graceful_restart_timeout}
+ )).merge(default_values)
+ end
+
+ let(:gitaly_stateful_set) { 'StatefulSet/test-gitaly' }
+ let(:gitaly_configmap) { 'ConfigMap/test-gitaly' }
+
+ context 'when default' do
+ let(:graceful_restart_timeout) {}
+
+ it 'sets pod termination grace period' do
+ t = HelmTemplate.new(values)
+ # STS
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_termination_grace_period = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']['terminationGracePeriodSeconds']
+
+ expect(gitaly_termination_grace_period).to eq(30)
+ end
+
+ it 'sets gitaly config termination grace period' do
+ t = HelmTemplate.new(values)
+ # ConfigMap
+ gitaly_config = t.resources_by_kind('ConfigMap').select { |key| key == gitaly_configmap }
+ config_toml = gitaly_config[gitaly_configmap]['data']['config.toml.tpl']
+
+ expect(config_toml).to include "graceful_restart_timeout = \"25s\""
+ end
+ end
+
+ context 'when seconds' do
+ let(:graceful_restart_timeout) { 45 }
+
+ it 'sets pod termination grace period' do
+ t = HelmTemplate.new(values)
+ # STS
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_termination_grace_period = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']['terminationGracePeriodSeconds']
+
+ expect(gitaly_termination_grace_period).to eq(50)
+ end
+
+ it 'sets gitaly config termination grace period' do
+ t = HelmTemplate.new(values)
+ # ConfigMap
+ gitaly_config = t.resources_by_kind('ConfigMap').select { |key| key == gitaly_configmap }
+ config_toml = gitaly_config[gitaly_configmap]['data']['config.toml.tpl']
+
+ expect(config_toml).to include "graceful_restart_timeout = \"45s\""
+ end
+ end
+
+ context 'when minutes' do
+ let(:graceful_restart_timeout) { 120 }
+
+ it 'sets pod termination grace period' do
+ t = HelmTemplate.new(values)
+ # STS
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_termination_grace_period = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']['terminationGracePeriodSeconds']
+
+ expect(gitaly_termination_grace_period).to eq(125)
+ end
+
+ it 'sets gitaly config termination grace period' do
+ t = HelmTemplate.new(values)
+ # ConfigMap
+ gitaly_config = t.resources_by_kind('ConfigMap').select { |key| key == gitaly_configmap }
+ config_toml = gitaly_config[gitaly_configmap]['data']['config.toml.tpl']
+
+ expect(config_toml).to include "graceful_restart_timeout = \"2m0s\""
+ end
+ end
+ end
end
diff --git a/chart/spec/configuration/gitlab_exporter_spec.rb b/chart/spec/configuration/gitlab_exporter_spec.rb
index 670534cee45ed75585c09c57527a3ff21a6c9910..d5550ff29ffc0d105cd26dc9c926ddf1acce00a4 100644
--- a/chart/spec/configuration/gitlab_exporter_spec.rb
+++ b/chart/spec/configuration/gitlab_exporter_spec.rb
@@ -23,7 +23,10 @@ describe 'gitlab-exporter configuration' do
let(:password) { ERB::Util.url_encode(RuntimeTemplate::JUNK_PASSWORD) }
def render_erb(raw_template)
- yaml = RuntimeTemplate.erb(raw_template: raw_template, files: RuntimeTemplate.mock_files)
+ files = RuntimeTemplate.mock_files
+ files['/etc/gitlab/redis/queues-password'] = RuntimeTemplate::JUNK_PASSWORD
+
+ yaml = RuntimeTemplate.erb(raw_template: raw_template, files: files)
YAML.safe_load(yaml, aliases: true)
end
@@ -108,6 +111,35 @@ describe 'gitlab-exporter configuration' do
])
end
+ context 'when Redis Sentinel is defined for the queues config' do
+ let(:values) do
+ YAML.safe_load(%(
+ redis:
+ install: false
+ global:
+ redis:
+ host: global.host
+ queues:
+ host: queues.redis.host
+ sentinels:
+ - host: sentinel1.example.com
+ port: 26379
+ - host: sentinel2.example.com
+ port: 26379
+ )).deep_merge(default_values)
+ end
+
+ it 'configures Sentinels' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@queues.redis.host:6379")
+ expect(sidekiq_config['opts']['redis_sentinels']).to eq(
+ [
+ { 'host' => 'sentinel1.example.com', 'port' => 26379 },
+ { 'host' => 'sentinel2.example.com', 'port' => 26379 }
+ ])
+ end
+ end
+
context 'with Sentinel password as secret' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/gitlab_shell_spec.rb b/chart/spec/configuration/gitlab_shell_spec.rb
index edbf1a1028377caaf8603a6ae324ad3e686db867..19804a8b6b4b210f04f7a4136eca73f885608ce1 100644
--- a/chart/spec/configuration/gitlab_shell_spec.rb
+++ b/chart/spec/configuration/gitlab_shell_spec.rb
@@ -178,4 +178,53 @@ describe 'gitlab-shell configuration' do
expect(t.dig('ServiceAccount/test-gitlab-shell', 'metadata', 'labels')).to include('global' => 'shell')
end
end
+
+ context 'for LFS Pure SSH protocol support' do
+ let(:lfs_pure_ssh_protocol) { nil }
+
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ gitlab-shell:
+ config:
+ lfs:
+ pureSSHProtocol: #{lfs_pure_ssh_protocol}
+ )).deep_merge(default_values)
+ end
+
+ let(:config) { t.dig('ConfigMap/test-gitlab-shell', 'data', 'config.yml.tpl') }
+
+ let(:rendered_config) do
+ rendered = RuntimeTemplate.gomplate(raw_template: config)
+ YAML.safe_load(rendered, aliases: true)
+ end
+
+ context 'when unset' do
+ it 'renders lfs.pure_ssh_protocol as disabled by default' do
+ expect_successful_exit_code
+
+ expect(rendered_config['lfs']['pure_ssh_protocol']).to eq(false)
+ end
+ end
+
+ context 'when disabled' do
+ let(:lfs_pure_ssh_protocol) { false }
+
+ it 'renders lfs.pure_ssh_protocol as disabled' do
+ expect_successful_exit_code
+
+ expect(rendered_config['lfs']['pure_ssh_protocol']).to eq(false)
+ end
+ end
+
+ context 'when enabled' do
+ let(:lfs_pure_ssh_protocol) { true }
+
+ it 'renders lfs.pure_ssh_protocol as enabled' do
+ expect_successful_exit_code
+
+ expect(rendered_config['lfs']['pure_ssh_protocol']).to eq(true)
+ end
+ end
+ end
end
diff --git a/chart/spec/configuration/kas_spec.rb b/chart/spec/configuration/kas_spec.rb
index 68829a14378b9bc5660d6ef451a6e27d2ba2105a..50c637080879ffbadf3753d950b2d983ce745b8d 100644
--- a/chart/spec/configuration/kas_spec.rb
+++ b/chart/spec/configuration/kas_spec.rb
@@ -301,7 +301,21 @@ describe 'kas configuration' do
end
context 'when redisConfigName is empty' do
- context 'when global redis has no password' do
+ context 'when global redis has a username' do
+ let(:kas_values) do
+ default_kas_values.deep_merge!(YAML.safe_load(%(
+ global:
+ redis:
+ user: redis-user
+ )))
+ end
+
+ it 'sets username' do
+ expect(config_yaml_data.dig('redis', 'username')).to eq('redis-user')
+ end
+ end
+
+ context 'when global redis has no password or user' do
let(:kas_values) do
default_kas_values.deep_merge!(YAML.safe_load(%(
global:
@@ -311,8 +325,9 @@ describe 'kas configuration' do
)))
end
- it 'does not set password_file' do
+ it 'does not set password_file or username' do
expect(config_yaml_data['redis']).not_to have_key("password_file")
+ expect(config_yaml_data['redis']).not_to have_key("username")
end
end
diff --git a/chart/spec/configuration/pages_spec.rb b/chart/spec/configuration/pages_spec.rb
index 2626775fefbb213a3a9124d7326dce415872ea4f..8d2e0424274f656ce7fb00dfa8bd8f5c37569cac 100644
--- a/chart/spec/configuration/pages_spec.rb
+++ b/chart/spec/configuration/pages_spec.rb
@@ -39,6 +39,11 @@ describe 'GitLab Pages' do
HelmTemplate.new(values.merge(pages_enabled_values))
end
+ it 'renders cert-manager.io/issuer annotation correctly' do
+ annotations = pages_enabled_template.dig('Ingress/test-webservice-default', 'metadata', 'annotations')
+ expect(annotations).to include({ 'cert-manager.io/issuer' => 'test-issuer' })
+ end
+
it 'creates all pages related required_resources' do
required_resources.each do |resource|
resource_name = "#{resource}/test-gitlab-pages"
@@ -508,6 +513,9 @@ describe 'GitLab Pages' do
rateLimitTLSSourceIPBurst: 51
rateLimitTLSDomain: 1000.5
rateLimitTLSDomainBurst: 20001
+ rateLimitSubnetsAllowList:
+ - "10.1.1.0/24"
+ - "10.1.2.0/24"
serverReadTimeout: 1h
serverReadHeaderTimeout: 2h
serverWriteTimeout: 3h
@@ -562,6 +570,7 @@ describe 'GitLab Pages' do
rate-limit-tls-source-ip-burst=51
rate-limit-tls-domain=1000.5
rate-limit-tls-domain-burst=20001
+ rate-limit-subnets-allow-list=10.1.1.0/24,10.1.2.0/24
server-read-timeout=1h
server-read-header-timeout=2h
server-write-timeout=3h
diff --git a/chart/spec/configuration/redis_spec.rb b/chart/spec/configuration/redis_spec.rb
index 25676c0e14ef44134015e1a4b1a0a8e3b3195213..dd5db4230b04f7b7330a5ba0e5f47dc425f3091f 100644
--- a/chart/spec/configuration/redis_spec.rb
+++ b/chart/spec/configuration/redis_spec.rb
@@ -1,5 +1,6 @@
require 'spec_helper'
require 'helm_template_helper'
+require 'runtime_template_helper'
require 'yaml'
describe 'Redis configuration' do
@@ -7,6 +8,45 @@ describe 'Redis configuration' do
HelmTemplate.defaults
end
+ let(:template) { HelmTemplate.new(values) }
+ let(:resque_yml_erb) { template.dig('ConfigMap/test-webservice', 'data', 'resque.yml.erb') }
+ let(:resque_yml) { render_erb(resque_yml_erb) }
+
+ def render_erb(raw_template)
+ yaml = RuntimeTemplate.erb(raw_template: raw_template, files: RuntimeTemplate.mock_files)
+ YAML.safe_load(yaml, aliases: true)
+ end
+
+ describe 'global.redis.{connect,read,write}Timeout' do
+ context 'default values' do
+ let(:values) { default_values }
+
+ it 'renders no timeout values' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(resque_yml["production"].keys).not_to include("connect_timeout", "read_timeout", "write_timeout")
+ end
+ end
+
+ context 'timeouts set' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ connectTimeout: 3
+ readTimeout: 4
+ writeTimeout: 5
+ )).merge(default_values)
+ end
+
+ it 'renders {connect,read,write}_timeout values' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(resque_yml.dig('production', 'connect_timeout')).to eq(3)
+ expect(resque_yml.dig('production', 'read_timeout')).to eq(4)
+ expect(resque_yml.dig('production', 'write_timeout')).to eq(5)
+ end
+ end
+ end
+
describe 'global.redis.auth.enabled' do
let(:values) do
YAML.safe_load(%(
@@ -659,6 +699,40 @@ describe 'Redis configuration' do
end
end
+ context 'When timeouts are defined' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ connectTimeout: 3
+ readTimeout: 4
+ writeTimeout: 5
+ host: resque.redis
+ auth:
+ enabled: false
+ clusterCache:
+ user: cluster-cache-user
+ password:
+ enabled: true
+ cluster:
+ - host: s1.cluster-cache.redis
+ - host: s2.cluster-cache.redis
+ redis:
+ install: false
+ )).merge(default_values)
+ end
+
+ let(:redis_cluster_yml_erb) { template.dig('ConfigMap/test-webservice', 'data', 'redis.cluster_cache.yml.erb') }
+ let(:redis_cluster_yml) { render_erb(redis_cluster_yml_erb) }
+
+ it 'timeouts are populated' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(redis_cluster_yml.dig('production', 'connect_timeout')).to eq(3)
+ expect(redis_cluster_yml.dig('production', 'read_timeout')).to eq(4)
+ expect(redis_cluster_yml.dig('production', 'write_timeout')).to eq(5)
+ end
+ end
+
context 'When top level user and password are defined' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/registry_spec.rb b/chart/spec/configuration/registry_spec.rb
index e171e366bb7e5b95a096621f13c1e731372e3415..30a65a9b34e7070bd01e47db0204f7796059d99c 100644
--- a/chart/spec/configuration/registry_spec.rb
+++ b/chart/spec/configuration/registry_spec.rb
@@ -945,6 +945,70 @@ describe 'registry configuration' do
end
end
+ context 'when customer provides a redis rate-limiting cluster configuration' do
+ let(:values) do
+ YAML.safe_load(%(
+ registry:
+ redis:
+ rateLimiting:
+ enabled: true
+ cluster:
+ - host: redis1.cluster.example.com
+ port: 16379
+ - host: redis2.cluster.example.com
+ )).deep_merge(default_values)
+ end
+
+ it 'populates the redis rate-limiter settings with the list of host:port' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+ expect(t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl')).to include(
+ <<~CONFIG
+ redis:
+ ratelimiter:
+ enabled: true
+ addr: "redis1.cluster.example.com:16379,redis2.cluster.example.com:6379"
+ CONFIG
+ )
+ end
+ end
+
+ context 'when customer provides a redis rate-limiting cluster configuration in presense of global sentinels' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: redis.example.com
+ sentinels:
+ - host: global1.example.com
+ port: 26379
+ - host: global2.example.com
+ port: 26379
+ registry:
+ redis:
+ rateLimiting:
+ enabled: true
+ cluster:
+ - host: redis1.cluster.example.com
+ port: 16379
+ - host: redis2.cluster.example.com
+ )).deep_merge(default_values)
+ end
+
+ it 'populates the redis rate-limiter settings with the local cluster host:port instead of global.redis.sentinels' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{t.exit_code} -- #{t.stderr}"
+ expect(t.dig('ConfigMap/test-registry', 'data', 'config.yml.tpl')).to include(
+ <<~CONFIG
+ redis:
+ ratelimiter:
+ enabled: true
+ addr: "redis1.cluster.example.com:16379,redis2.cluster.example.com:6379"
+ CONFIG
+ )
+ end
+ end
+
context 'when customer provides a custom redis rate-limiter and cache configuration' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/securitycontext_spec.rb b/chart/spec/configuration/securitycontext_spec.rb
index 184f2cab81bbaa8ebfb3c4f8627c48fc1fca5c53..4deff29b6f2d24ab343c3faaba8960270f92c9c8 100644
--- a/chart/spec/configuration/securitycontext_spec.rb
+++ b/chart/spec/configuration/securitycontext_spec.rb
@@ -126,4 +126,25 @@ describe 'security context' do
end
end
end
+
+ describe 'container security context configuration' do
+ let(:template) do
+ values = HelmTemplate.with_defaults(%(
+ upgradeCheck:
+ enabled: true
+ containerSecurityContext:
+ fsGroupChangePolicy: "OnRootMismatch"
+ ))
+ HelmTemplate.new(values)
+ end
+
+ it 'renders successfully' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ end
+
+ it 'applied fsGroupChangePolicy to the upgrade-check job' do
+ policy = template.dig("Job/test-gitlab-upgrade-check", 'spec', 'template', 'spec', 'containers', 0, 'securityContext', 'fsGroupChangePolicy')
+ expect(policy).to eq("OnRootMismatch"), "Unexpected fsGroupChangePolicy #{policy}"
+ end
+ end
end
diff --git a/chart/spec/configuration/workhorse_spec.rb b/chart/spec/configuration/workhorse_spec.rb
index 23bc9ebe1fef2fb5dace3a99546a3165fda27790..d8c27b583799c79b2e16420cd0c0fa95340aa8d0 100644
--- a/chart/spec/configuration/workhorse_spec.rb
+++ b/chart/spec/configuration/workhorse_spec.rb
@@ -234,6 +234,70 @@ describe 'Workhorse configuration' do
end
end
+ context 'with global Redis user' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: global.redis
+ auth:
+ enabled: true
+ secret: global-secret
+ user: redis-user
+ redis:
+ install: false
+ )).merge(default_values)
+
+ it "adds the username to the URL" do
+ toml = render_toml(raw_toml)
+
+ expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
+
+ redis_config = toml['redis']
+ expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config['URL']).to eq('redis://redis-user@workhorse.redis:6379')
+ expect(redis_config['Password']).to eq(workhorse_redis_password)
+ expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
+ expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
+ end
+ end
+ end
+
+ context 'with Workhorse Redis user' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: global.redis
+ auth:
+ enabled: true
+ secret: global-secret
+ user: redis-user
+ workhorse:
+ host: workhorse.redis
+ password:
+ enabled: true
+ secret: workhorse
+ user: workhorse-redis-user
+ redis:
+ install: false
+ )).merge(default_values)
+ end
+
+ it "overrides global redis config" do
+ toml = render_toml(raw_toml)
+
+ expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
+
+ redis_config = toml['redis']
+ expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config['URL']).to eq('redis://workhorse-redis-user@workhorse.redis:6379')
+ expect(redis_config['Password']).to eq(workhorse_redis_password)
+ expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
+ expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
+ end
+ end
+
context 'with redis sentinel' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/runtime_template_helper.rb b/chart/spec/runtime_template_helper.rb
index 01448c02bdf0a5e826e7db75f43bbd75601356ba..2fcc532721d05a3363455091c8c4854de95aedf7 100644
--- a/chart/spec/runtime_template_helper.rb
+++ b/chart/spec/runtime_template_helper.rb
@@ -72,6 +72,7 @@ class RuntimeTemplate
"#{path}/postgres/psql-password-main" => JUNK_PASSWORD,
"#{path}/postgres/psql-password-ci" => JUNK_PASSWORD,
"#{path}/redis/redis-password" => JUNK_PASSWORD,
+ "#{path}/redis/clusterCache-password" => JUNK_PASSWORD,
"#{path}/redis-sentinel/redis-sentinel-password" => JUNK_PASSWORD,
"#{path}/gitaly/gitaly_token" => JUNK_TOKEN,
# registry notification has a special format ...
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index 8c03298fefa52ab2a6cff2c570a046789d1371b6..31c784c43201bfb8b84a9fcf41727121355cfe17 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -147,6 +147,20 @@ redis:
https://docs.gitlab.com/charts/installation/upgrade.html#use-of-globalredispassword
{{- end -}}
+{{- /* If the user is managing RBAC externally with NGINX chart 4.0.6 */}}
+{{- if or (and (index .Values "nginx-ingress" "enabled") (not (index .Values "nginx-ingress" "rbac" "create")))
+ (and (index .Values "nginx-ingress-geo" "enabled") (not (index .Values "nginx-ingress-geo" "rbac" "create"))) }}
+{{ $WARNING }}
+NGINX Ingress Controller: Default RBAC rules creation has been disabled.
+Updates to NGINX Ingress Controller require RBAC changes. Without these,
+the installation will fallback to version v1.3.1.
+
+Read more on https://docs.gitlab.com/charts/releases/8_0.html#upgrade-to-85x
+
+From GitLab chart 8.8+ the NGINX controller image 1.11.2+ will be the default for
+any configuration.
+{{- end -}}
+
{{- /* run removals */}}
{{ include "gitlab.removals" . }}
{{- /* run checkConfig */}}
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 186cd1a684d344a04c719a726c26d08fbc1b2054..3b8de420938701b00b8b0808862c8c2c857a5e1d 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -514,6 +514,16 @@ emptyDir: {{ toYaml $values | nindent 2 }}
{{- end -}}
{{- end -}}
+{{/*
+Return upgradeCheck container specific securityContext template
+*/}}
+{{- define "upgradeCheck.containerSecurityContext" }}
+{{- if .Values.upgradeCheck.containerSecurityContext }}
+securityContext:
+ {{- toYaml .Values.upgradeCheck.containerSecurityContext | nindent 2 }}
+{{- end }}
+{{- end }}
+
{{/*
Return init container specific securityContext template
*/}}
diff --git a/chart/templates/_traefik.tpl b/chart/templates/_traefik.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..86144c3576621a6d9845220cd096ea0c0ed43bcc
--- /dev/null
+++ b/chart/templates/_traefik.tpl
@@ -0,0 +1,23 @@
+{{/*
+Return the appropriate apiVersion for Traefik.
+
+It expects a dictionary with three entries:
+ - `global` which contains global Traefik settings, e.g. .Values.global.traefik
+ - `local` which contains local Traefik settings, e.g. .Values.traefik
+ - `context` which is the parent context (either `.` or `$`)
+
+Example usage:
+{{- $traefikApiVersion := dict "global" .Values.global.traefik "local" .Values.traefik "context" . -}}
+apiVersion: "{{ template "traefik.apiVersion" $traefikApiVersion }}"
+*/}}
+{{- define "traefik.apiVersion" -}}
+{{- if .local.apiVersion -}}
+{{- .local.apiVersion -}}
+{{- else if .global.apiVersion -}}
+{{- .global.apiVersion -}}
+{{- else if .context.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" -}}
+{{- print "traefik.io/v1alpha1" -}}
+{{- else -}}
+{{- print "traefik.containo.us/v1alpha1" -}}
+{{- end -}}
+{{- end -}}
diff --git a/chart/templates/upgrade_check_hook.yaml b/chart/templates/upgrade_check_hook.yaml
index d9b32debf354b898096c112d1b4bbf704a7931cb..5552ad10e4d4ff9d92f55a0302e6007a2772d6dd 100644
--- a/chart/templates/upgrade_check_hook.yaml
+++ b/chart/templates/upgrade_check_hook.yaml
@@ -68,8 +68,7 @@ spec:
image: {{ include "gitlab.configure.image" (dict "root" $ "image" .Values.upgradeCheck.image) | quote }}
command: ['/bin/sh', '/scripts/runcheck']
{{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
- securityContext:
- {{- toYaml $.Values.containerSecurityContext | nindent 12 }}
+ {{- include "upgradeCheck.containerSecurityContext" . | indent 10 }}
env:
- name: GITLAB_VERSION
value: '{{ coalesce .Values.global.gitlabVersion .Chart.AppVersion }}'
diff --git a/chart/values.yaml b/chart/values.yaml
index 325c5c57b4527b53dbae578b1d7ecec5b8b0bb0a..388ce5b69f1b7f2d0e411221365e7e19db651c71 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -57,7 +57,7 @@ global:
edition: ee
## https://docs.gitlab.com/charts/charts/globals#gitlab-version
- gitlabVersion: "17.2.9"
+ gitlabVersion: "17.3.6"
## https://docs.gitlab.com/charts/charts/globals#application-resource
application:
@@ -188,6 +188,9 @@ global:
# secret:
# key:
+ # connectTimeout: 1
+ # readTimeout: 1
+ # writeTimeout: 1
# host: redis.hostedsomewhere.else
# port: 6379
# user: webservice
@@ -820,7 +823,7 @@ global:
certificates:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/certificates
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
init:
@@ -869,7 +872,7 @@ global:
kubectl:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
securityContext:
@@ -884,7 +887,7 @@ global:
# 1. UBI does not have the newly required /scripts/set-config template generator in its entrypoint.
# a. trying gitlab-base per https://repo1.dso.mil/dsop/gitlab/gitlab/gitlab-base/-/issues/77
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base
- tag: "17.2.9"
+ tag: "17.3.6"
pullSecrets:
- name: private-registry
@@ -937,6 +940,10 @@ global:
## https://docs.gitlab.com/charts/charts/globals/#jobs
job:
nameSuffixOverride:
+
+ traefik:
+ apiVersion: "" # newer apiVersion: "traefik.io/v1alpha1"
+
## End of global
# Needed for upgradeCheck containerSecurityContext values
@@ -963,6 +970,7 @@ upgradeCheck:
# capabilities:
# drop:
# - ALL
+ containerSecurityContext: {}
tolerations: []
annotations:
sidecar.istio.io/inject: "true"
@@ -1260,7 +1268,7 @@ redis:
image:
registry: registry1.dso.mil/ironbank/bitnami
repository: analytics/redis-exporter
- tag: v1.64.1
+ tag: v1.65.0
pullSecrets: []
resources:
limits:
@@ -1449,7 +1457,7 @@ registry:
memory: 1024Mi
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
ingress:
@@ -1583,7 +1591,7 @@ gitlab:
app: gitaly
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
init:
@@ -1660,7 +1668,7 @@ gitlab:
- ALL
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
metrics:
@@ -1705,7 +1713,7 @@ gitlab:
memory: 1.5G
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
securityContext:
@@ -1754,7 +1762,7 @@ gitlab:
memory: 2.5G # = 2 * 1.25G assuming there are 2 workerProcesses configured
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
workhorse:
@@ -1767,7 +1775,7 @@ gitlab:
cpu: 600m
memory: 2.5G
image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
metrics:
@@ -1786,12 +1794,12 @@ gitlab:
serviceMonitor:
enabled: true
helmTests:
- enabled: false
+ enabled: false
## https://docs.gitlab.com/charts/charts/gitlab/sidekiq
sidekiq:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
init:
@@ -1828,7 +1836,7 @@ gitlab:
gitaly:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
init:
@@ -1869,7 +1877,7 @@ gitlab:
gitlab-shell:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
init:
@@ -1913,7 +1921,7 @@ gitlab:
mailroom:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom
- tag: 17.2.9
+ tag: 17.3.6
pullSecrets:
- name: private-registry
containerSecurityContext:
@@ -1930,7 +1938,7 @@ gitlab:
type: ClusterIP
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages
- tag: 17.2.9
+ tag: 17.3.6
containerSecurityContext:
capabilities:
drop:
@@ -1941,7 +1949,7 @@ gitlab:
praefect:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.2.9
+ tag: 17.3.6
init:
resources:
limits:
@@ -2131,8 +2139,8 @@ networkPolicies:
istio: ingressgateway
# See `kubectl cluster-info` and then resolve to IP
controlPlaneCidr: 0.0.0.0/0
- egressPort:
- gitalyEgress:
+ egressPort:
+ gitalyEgress:
enabled: false
additionalPolicies: []
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 814bb5255f4f8fc912870785c97ebe11a30b9790..b2320fdd9a5aaef6a8ff3dd1ecc8f97d3e4caf29 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -1,18 +1,21 @@
# Files that require bigbang integration testing
-### See [bb MR testing](./docs/test-package-against-bb.md) for details regarding testing changes against bigbang umbrella chart.
+### See [bb MR testing](./docs/test-package-against-bb.md) for details regarding testing changes against bigbang umbrella chart
There are certain integrations within the bigbang ecosystem and this package that require additional testing outside of the specific package tests ran during CI. This is a requirement when files within those integrations are changed, as to avoid causing breaks up through the bigbang umbrella. Currently, these include changes to the istio implementation within gitlab (see: [istio templates](./chart/templates/bigbang/istio/), [network policy templates](./chart/templates/bigbang/networkpolicies/), [service entry templates](./chart/templates/bigbang/serviceentries/)).
-Be aware that any changes to files listed in the [Modifications made to upstream chart](#modifications-made-to-upstream-chart) section will also require a codeowner to validate the changes using above method, to ensure that they do not affect the package or its integrations adversely.
+Be aware that any changes to files listed in the [Modifications made to upstream chart](#modifications-made-to-upstream-chart) section will also require a codeowner to validate the changes using above method, to ensure that they do not affect the package or its integrations adversely.
Be sure to also test against monitoring locally as it is integrated by default with these high-impact service control packages, and needs to be validated using the necessary chart values beneath `istio.hardened` block with `monitoring.enabled` set to true as part of your [dev-overrides.yaml](./docs/dev-overrides.yaml).
# Notice about updating postgres via renovate
+
Currently, we do not update postgresql via renovate bot unless the [upstream gitlab documentation](https://docs.gitlab.com/ee/install/requirements.html#postgresql-requirements) updates beyond our current supported version of postgres. Due to local in-place image upgrades not working because of limitations around the data directory being initialized by a previous major postgresql version, this requires a manual `pg_dump` from current & `pg_restore` to new updated postgres pod locally (RDS and other non docker DBs will do this automatically). We try to keep all local in-cluster/CI DBs on the same version and upgrade once all are recommended and tested to be on the next major version.
# How to upgrade the Gitlab Package chart
+
BigBang makes modifications to the upstream helm chart. The full list of changes is at the end of this document.
+
1. Read release notes from upstream [Gitlab Releases](https://about.gitlab.com/releases/categories/releases/). Be aware of changes that are included in the upgrade, you can find those by [comparing the current and new revision](https://gitlab.com/gitlab-org/charts/gitlab/-/compare?from=master&to=master). Take note of any manual upgrade steps that customers might need to perform, if any.
1. Do diff of [upstream chart](https://gitlab.com/gitlab-org/charts/gitlab) between old and new release tags to become aware of any significant chart changes. A graphical diff tool such as [Meld](https://meldmerge.org/) is useful. You can see where the current helm chart came from by inspecting `/chart/Kptfile`.
1. Create a development branch and merge request tied to the Repo1 issue created for the Gitlab package upgrade. The association between the branch and the issue can be made by prefixing the branch name with the issue number, e.g. `56-update-gitlab-package`. DO NOT create a branch if working `renovate/ironbank`. Continue edits on `renovate/ironbank`.
@@ -21,13 +24,16 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
1. Delete all the `/chart/charts/*.tgz` files and the `/chart/requirements.lock`. You will replace these files in a later step.
1. In `/chart/requirements.yaml` update the gluon library to the latest version.
1. Run a helm dependency command to update the `chart/charts/*.tgz` archives and create a new requirements.lock file. You will commit the tar archives along with the requirements.lock that was generated.
+
```bash
helm dependency update ./chart
```
+
1. In `/chart/values.yaml` update all the gitlab image tags to the new version. There are about 12 of them. Renovate might have already done this for you.
1. Update `/CHANGELOG.md` with an entry for "upgrade Gitlab to app version X.X.X chart version X.X.X-bb.X". Or, whatever description is appropriate.
1. Update the `/README.md` following the [gluon library script](https://repo1.dso.mil/platform-one/big-bang/apps/library-charts/gluon/-/blob/master/docs/bb-package-readme.md).
1. Update `/chart/Chart.yaml` to the appropriate versions. The annotation version should match the `appVersion`.
+
```yaml
version: X.X.X-bb.X
appVersion: X.X.X
@@ -35,18 +41,22 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
dev.bigbang.mil/applicationVersions: |
- Gitlab: X.X.X
```
+
1. Update `annotations.helm.sh/images` section in `/chart/Chart.yaml` to fix references to updated packages (if needed).
1. Use a development environment to deploy and test Gitlab. See more detailed testing instructions below. Also test with gitlab-runner to make sure it still works with the new Gitlab version. Also test an upgrade by deploying the old version first and then deploying the new version.
1. When the Package pipeline runs expect the cypress tests to fail due to UI changes. Note that most of the cypress test files are synced to the gitlab-runner Package to avoid having two different versions of the same tests. There is one place in particular that frequently fails because the button id number `button[id="__BVID__XX__BV_toggle_"]` changes in `/chart/tests/cypress/03-gitlab-login.spec.js`. It is usually necessary to run the cypress tests locally in order to troubleshoot a failing test. The following steps are about how to set up local cypress testing. There is not good documentation anywhere else so it is included here.
1. [Install a current version of cypress](https://docs.cypress.io/guides/getting-started/installing-cypress#npm-install) on your workstation.
1. Make a sibling directory named `cypress` next to where you have gitlab repo cloned.
+
```bash
mkdir cypress
ls -l
drwxrwxr-x cypress
drwxrwxr-x gitlab
```
+
Inside the cypress directory create a symbolic link named `integration` that points to the cypress tests inside the gitlab repo.
+
```bash
cd cypress
ln -s ../gitlab/chart/tests/cypress integration
@@ -54,7 +64,9 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
lrwxrwxrwx integration -> ../gitlab/chart/tests/cypress/
cd ..
```
+
1. Export the environment variables that are needed by the cypress test. Reference the `bbtests:` at the end of `/chart/values.yaml`.
+
```bash
export cypress_url=https://gitlab.dev.bigbang.mil
export cypress_gitlab_first_name=test
@@ -70,19 +82,24 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
# kubectl -n gitlab get secrets gitlab-gitlab-initial-root-password -ojson | jq .data.password -r | base64 -d | pbcopy
export cypress_adminpassword=put-the-gitlab-root-password-here
```
+
1. Run cypress from the parent directory of the gitlab and cypress directories.
+
```bash
cypress
```
+
1. When Cypress launches select the same directory where you ran cypress and you should see the gitlab cypress tests listed. Run them manually, in order, one at a time.
1. Investigate and fix errors in the cypress tests. You can run a separate browser with developer tools to find out names of elements on each page.
1. Update the `/README.md` and `/CHANGELOG.md` again if you have made any additional changes during the upgrade/testing process.
# Testing new Gitlab version
+
1. Create a k8s dev environment. One option is to use the Big Bang [k3d-dev.sh](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/tree/master/docs/developer/scripts) with no arguments which will give you the default configuration. The following steps assume you are using the script.
1. Follow the instructions at the end of the script to connect to the k8s cluster and install flux.
1. Deploy gitlab with the dev values overrides from [docs/dev-overrides.yaml](./dev-overrides.yaml). Core apps are disabled for quick deployment.
- 1. Example helm upgrade command (run from within your local checkout of the `bigbang` repository):
+ 1. Example helm upgrade command (run from within your local checkout of the `bigbang` repository):
+
```shell
helm upgrade -n bigbang --create-namespace --install \
bigbang ./chart \
@@ -90,17 +107,21 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
-f https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/dev-overrides.yaml \
--set addons.gitlab.git.branch=YOUR-WORKING-BRANCH-NAME-HERE
```
+
1. Access Gitlab UI from a browser and login with SSO (to learn about deploying GitLab with a dev version of Keycloak, see [keycloak-dev.md](./keycloak-dev.md)).
1. Test changing your profile image.
1. In your profile create an access token with all privileges. Save the token for later use.
1. Create a group called `test`.
1. Create a project called `test1` with a README.md within the `test` group.
1. From your workstation git clone with https the test1 project.
+
```bash
git clone https://gitlab.dev.bigbang.mil/test/test1.git
```
+
1. Make a change to README.md and commit and push. Verify that the change shows in Gitlab UI.
1. Test pushing and pulling an image to the project container registry. Use the access token you created.
+
```bash
docker login registry.dev.bigbang.mil
docker pull busybox
@@ -110,7 +131,9 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
docker image rm registry.dev.bigbang.mil/test/test1:latest
docker pull registry.dev.bigbang.mil/test/test1:latest
```
+
1. Test a pipeline with gitlab-runner. Navigate to `https://gitlab.dev.bigbang.mil/test/test1/-/settings/ci_cd` and disable the Auto DevOps. Navigate to `https://gitlab.dev.bigbang.mil/test/test1/-/ci/editor?branch_name=main` and configure a pipeline. Verify that it completes successfully at `https://gitlab.dev.bigbang.mil/test/test1/-/pipelines`.
+
```yaml
stages:
- test
@@ -125,26 +148,34 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
paths:
- file.txt
```
+
1. Perform a manual upgrade test. First deploy the current Gitlab version. Then deploy your development branch. Verify that the upgrade is successful.
1. Retest with monitoring and logging enabled. Verify that the logging and monitoring are working.
# Modifications made to upstream chart
+
This is a high-level list of modifications that Big Bang has made to the upstream helm chart. You can use this as as cross-check to make sure that no modifications were lost during the upgrade process.
## chart/charts/certmanager-issuer/templates/rbac-config.yaml
+
- Exposed automountServiceAccountToken for service account.
+
```
automountServiceAccountToken: {{ template "gitlab.serviceAccount.automountServiceAccountToken" . }}
```
## chart/charts/gitlab/charts/*/templates/serviceaccount.yaml
+
- Exposed automountServiceAccountToken for service accounts in the following gitlab components: geo-logcursor, gitaly, gitlab-exporter, gitlab-pages, gitlab-shell, kas, mailroom, migrations (_serviceaccountspec.yaml), praefect, sidekiq, spamcheck, toolbox, webservice
+
```
automountServiceAccountToken: {{ template "gitlab.serviceAccount.automountServiceAccountToken" . }}
```
## chart/charts/gitlab/templates/_serviceAccount.tpl
+
- Added template that respects the global and specific service account settings pertaining to automountServiceAccountToken
+
```
{{/*
Return the sub-chart serviceAccount automountServiceAccountToken setting
@@ -160,7 +191,9 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/charts/nginx-ingress/values.yaml
+
- Added default for serviceAccount.automountServiceAccountToken in controller.admissionWebhooks to respect implicit default
+
```
controller:
admissionWebhooks:
@@ -169,19 +202,25 @@ controller:
```
## chart/templates/shared-secrets/job.yaml && chart/templates/shared-secrets/self-signed-cert-job.yml
+
- Set automountServiceAccountToken to true for shared-secrets jobs which need this token to be successful
+
```
automountServiceAccountToken: true
```
## chart/templates/shared-secrets/rbac-config.yaml
+
- Exposed automountServiceAccountToken for service account.
+
```
automountServiceAccountToken: {{ template "shared-secrets.automountServiceAccountToken" . }}
```
## chart/charts/registry/templates/_helpers.tpl
+
- Added template that respects the global and specific service account settings pertaining to automountServiceAccountToken
+
```
{{/*
Return the sub-chart serviceAccount automountServiceAccountToken setting
@@ -197,7 +236,9 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/templates/_helpers.tpl
+
- Added template that respects the global and specific service account settings pertaining to automountServiceAccountToken
+
```
{{/*
Return the sub-chart serviceAccount automountServiceAccountToken setting
@@ -214,11 +255,15 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## `chart/templates/_certificates.tpl`
+
- Remove the include initContainerSecurityContext function.
+
```
{{- include "gitlab.init.containerSecurityContext" . | indent 2 }}
```
+
- Add the logic to use our own configurable securityContext for certificates initContainers.
+
```
{{- with .Values.global.certificates.init.securityContext }}
securityContext:
@@ -227,18 +272,22 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/bigbang/*
+
- Add DoD approved CA certificates (recursive copy directory from previous release).
- If updating new certificates from new bundle:
- Check `Department_of_State/` certificates for spaces in name.
- Check `DigiCert_Federal_SSP/Trust_Chain_2/` certificates for spaces in name.
- Convert `Entrust_Federal_SSP/Trust_Chain_2/0-Entrust_Managed_Services_Root_CA_rekey3.cer` to pem format.
+
```bash
openssl x509 -inform der -in 0-Entrust_Managed_Services_Root_CA_rekey3.cer -out 0-Entrust_Managed_Services_Root_CA_rekey3.pem
```
+
- Remove non-certificate metadata from `Carillon_Federal_Services/Trust_Chain_1/1-Carillon_Federal_Services_PIVI_CA2.cer`.
- Remove non-certificate metadata from `DigiCert_NFI/Trust_Chain_2/2-Senate_PIV-I_CA_G5.cer`.
## chart/templates/bigbang/*
+
- Add istio virtual service.
- Add networkpolicies.
- Add istio peerauthentications.
@@ -246,10 +295,13 @@ If that is not present it will use the global chart serviceAccount automountServ
- Add istio authorization policies
## chart/templates/tests/*
+
- Add templates for CI helm tests.
## chart/charts/gitlab/charts/toolbox/templates/configmap-custom-scripts.yaml
+
- Added custom configmap to mount ruby scripts to toolbox
+
```yaml
{{- if .Values.enabled -}}
{{- if .Values.customScripts -}}
@@ -271,6 +323,7 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/charts/gitlab/charts/toolbox/templates/deployment.yaml
+
- Added volumeMount and volume for custom ruby script configmap
volumeMounts:
@@ -283,7 +336,9 @@ If that is not present it will use the global chart serviceAccount automountServ
{{- end }}
...
```
+
volumes:
+
```yaml
...
{{- if .Values.customScripts }}
@@ -296,37 +351,49 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/charts/gitlab/charts/toolbox/templates/backup-job.yaml
+
- Added istio shutdown to command on lines 85 and 87.
+
```yaml
{{- if and .Values.global.istio.enabled (eq .Values.global.istio.injection "enabled") }}{{ .Values.backups.cron.istioShutdown }}{{- end }}
```
## chart/charts/gitlab/charts/gitlab-pages/templates/service-custom-domains.yaml
+
- Ensure the conditional checking for empty `$externalAddresses` is removed from above the entirety of the template, and instead above the first use of it where it checks if the length of the value is `>1`. Add a closing `{{- end }}` after the existing `{{- else }}` and `{{- end }}` around the `loadBalancerIP:` & `externalIPs:` entries.
+
```yaml
{{- if not (empty ($externalAddresses)) -}}
{{- if len $externalAddresses | eq 1 }}
...
{{- end }}
```
+
- Remove the un-indented `{{- end }}` from the very bottom of the template (to complete the removal of the if statement being around the entire template).
- Remove the `{{- if not (empty $.Values.global.pages.externalHttp) }}` and closing `{{- end }}` from around the `80` port definition so it is always present.
- Remove the `{{- if not (empty $.Values.global.pages.externalHttps) }}` and closing `{{- end }}` from around the `443` port definition so it is always present.
## chart/charts/minio/templates/_helper_create_buckets.sh
+
- Hack the MinIO sub-chart to work with newer mc version in IronBank image, line 65.
+
```bash
/usr/bin/mc policy set $POLICY myminio/$BUCKET
```
-## chart/charts/*.tgz
+
+## chart/charts/*.tgz
+
- Run `helm dependency update ./chart` and commit the downloaded archives.
- Commit the tar archives that were downloaded and requirements.lock that was generated from the helm dependency update command.
## chart/tests/*
+
- Add helm test scripts for CI pipeline.
## chart/templates/_certificates.tpl
+
- Hack to support pki certificate location within the RedHat UBI image. Is different than Debian based images. Add to definition of `gitlab.certificates.volumeMount`. The volumeMount definition is at the end of the file.
+
```yaml
- name: etc-ssl-certs
mountPath: /etc/pki/tls/certs/
@@ -338,14 +405,18 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/.gitignore
+
- Comment the `charts/*.tgz`.
- Comment the `requirements.lock`.
## chart/.helmignore
+
- Change `scripts/` to `/scripts/` so that the helm test scripts are not ignored.
## chart/requirements.yaml
+
- Add latest gluon dependency to the end of the list.
+
```yaml
- name: gluon
version: "x.x.x"
@@ -353,6 +424,7 @@ If that is not present it will use the global chart serviceAccount automountServ
```
## chart/values.yaml
+
- Disable all internal services other than postgres, minio, and redis.
- Add BigBang additional values at bottom of `values.yaml`.
- Add prometheus exporter: gitlab.gitlab-exporter.
@@ -362,9 +434,11 @@ If that is not present it will use the global chart serviceAccount automountServ
- Add default dev.bigbang.mil hostnames at global.hosts.
- Add customCAs (the cert files and secrets need to be added in the next 2 steps for this to work).
- Run this to get a list of secrets:
+
```bash
for i in $(helm template -s templates/bigbang/secrets/DoD_CA_certs.yaml . | grep "name:" | cut -d ":" -f 2); do echo "- secret: $i"; done
``````
+
- Add `global.certificates.init.securityContext` and it's 3 entries
- Add `postgresqlInitdbArgs`, `securityContext`, `postgresqlDataDir` and `persistence` to get IB image working with postgres subchart.
- Add `upgradeCheck.annotations`: sidecar.istio.io/inject: "false".
@@ -376,6 +450,7 @@ If that is not present it will use the global chart serviceAccount automountServ
- Add `gitlab.toolbox.customScripts` with example `testing.rb` script for custom ruby scripts in toolbox.
# chart/Chart.yaml
+
- Change version key to Big Bang composite version.
- Add Big Bang `annotations.dev.bigbang.mil/applicationVersions` and `annotations.helm.sh/images` keys to support release automation.
- Add the required kubeversion
diff --git a/docs/Elastic.md b/docs/Elastic.md
index 981f1079cd196f8ffb57cef4ea3ed5339a107ce4..576bbe8712785f66a36ec16492c6f0380f03e25f 100644
--- a/docs/Elastic.md
+++ b/docs/Elastic.md
@@ -1,8 +1,11 @@
create an index pattern for fluentd if not already created for you
+
```
gitlab-*
```
+
Build filter for gitlab namespace
+
```
{
"query": {
@@ -12,7 +15,9 @@ Build filter for gitlab namespace
}
}
```
+
There are more than 15 pods in a Gitlab delployment.
+
```
[p1dev@p1dev-vm gitlab]$ kubectl get pods -n gitlab
NAME READY STATUS RESTARTS AGE
@@ -36,11 +41,13 @@ gitlab-webservice-7ff8956d8b-8zcj2 2/2 Running 0 4h
gitlab-webservice-7ff8956d8b-9l8sj 2/2 Running 0 143m
global-shared-gitlab-runner-567cf8df54-8dzfw 1/1 Running 0 4h50m
```
+
Here is a document that lists the Gitlab components and what each one does
-https://docs.gitlab.com/ce/development/architecture.html#component-details
+<https://docs.gitlab.com/ce/development/architecture.html#component-details>
Here are some an examples of a filter for a specific containers:
front-end webservice
+
```
{
"query": {
@@ -50,7 +57,9 @@ front-end webservice
}
}
```
+
gitlab-workhorse - a gateway for routing http requests to the proper component
+
```
{
"query": {
@@ -60,7 +69,9 @@ gitlab-workhorse - a gateway for routing http requests to the proper component
}
}
```
+
cli git commands
+
```
{
"query": {
@@ -70,10 +81,13 @@ cli git commands
}
}
```
+
In the KQL field you can text search within a source field such as log
+
```
log: "error"
```
+
```
log:
F 2020-07-10T18:23:01.255Z 8 TID-go4bqp7cw ERROR: Error fetching job: Error connecting to Redis on gitlab-redis-master:6379 (Redis::TimeoutError)
@@ -103,4 +117,4 @@ kubernetes.labels.queue-pod-name:
all-in-1
kubernetes.labels.release:
gitlab
-```
\ No newline at end of file
+```
diff --git a/docs/PostgresSql.md b/docs/PostgresSql.md
index 077f0063981b6ae48a4ee58c09308d7752c8f64e..6166865786d69f027c884ec417875247a82275da 100644
--- a/docs/PostgresSql.md
+++ b/docs/PostgresSql.md
@@ -56,4 +56,4 @@ postgresql:
# preparedStatements: false
```
-[Gitlab](https://docs.gitlab.com/charts/advanced/external-db/) has documentation on doing this.
\ No newline at end of file
+[Gitlab](https://docs.gitlab.com/charts/advanced/external-db/) has documentation on doing this.
diff --git a/docs/gitlab17.md b/docs/gitlab17.md
index 730f5558663cbe0b557cb210540baa15031b7a3e..38c834b3a45f99acbe812c9971a14adf1f2d8312 100644
--- a/docs/gitlab17.md
+++ b/docs/gitlab17.md
@@ -2,7 +2,6 @@
Gitlab is migrating to a new [runner registration workflow](https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html) utilizing runner authentication tokens. Currently, these can be generated via the Admin Area UI following [these steps](https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-an-instance-runner-with-a-runner-authentication-token), or [programatically](https://docs.gitlab.com/ee/tutorials/automate_runner_creation/index.html) via the REST API available on gitlab. Note that programatically requires an existing administrator level access token. The secret used by gitlab-runner must be modified so that the new runner authentication token generated from above is available. See below examples, where `REDACTED` in the new workflow would be the newly generated authentication token.
-
In the legacy runner registration workflow, fields were specified with:
```
@@ -31,4 +30,4 @@ data:
### Re-enable legacy workflow
-The alternative is to manually re-enable the legacy workflow, which should be available until the next major release of Gitlab 18.0. This is accomplished following [these steps](https://docs.gitlab.com/ee/administration/settings/continuous_integration.html#enable-runner-registrations-tokens) in the Admin Area UI.
+The alternative is to manually re-enable the legacy workflow, which should be available until the next major release of Gitlab 18.0. This is accomplished following [these steps](https://docs.gitlab.com/ee/administration/settings/continuous_integration.html#enable-runner-registrations-tokens) in the Admin Area UI.
diff --git a/docs/k8s-resources.md b/docs/k8s-resources.md
index 6de3f93aa24f681a36715e30bc99ab528d7c38d1..3f2394d3c2d7625ab33cbea4652dd9471859a257 100644
--- a/docs/k8s-resources.md
+++ b/docs/k8s-resources.md
@@ -1,11 +1,15 @@
# Kubernetes resource configuration
+
The BigBang Gitlab Package has a default resource configuration for a minimal installation which is sufficient for development, demos, and CI pipelines. For larger operational deployments you must increase the CPU and memory as needed. Consult Gitlab documentation and Gitlab Support for appropriate settings. The resource requests and limits must be equal to achive quality of service guarantee. Below is a catalog of the possible resource configurations which are provided here for convenience. The values below are fake. If you are pasting selected portions into a BigBang values override file you will need to add three additional indent levels and place them under
+
```yaml
addons:
gitlab:
values:
```
+
Here are the possible settings:
+
```yaml
gitlab:
toolbox:
@@ -261,4 +265,4 @@ minio:
requests:
cpu: 201m
memory: 301Mi
-```
\ No newline at end of file
+```
diff --git a/docs/keycloak-dev.md b/docs/keycloak-dev.md
index 9928652beff130d750026ba5fc59fbfd8d9c3d8d..0a8ef2c1ff32454a5e2f930a91fea35f5c43e25b 100644
--- a/docs/keycloak-dev.md
+++ b/docs/keycloak-dev.md
@@ -1,13 +1,17 @@
## Deploying GitLab with a Dev Instance of Keycloak
+
### Prerequisites
+
1. You will need a K8s development environment with two `Gateway` resources configured. One for `passthrough` and the other for `public`. Use the `k3d-dev.sh` script with the `-m` flag to deploy a dev cluster with MetalLB.
-1. You will need the following values file saved locally: `keycloak-dev-values.yaml` ([link](https://repo1.dso.mil/big-bang/bigbang/-/blob/master/docs/assets/configs/example/keycloak-dev-values.yaml?ref_type=heads)).
+1. You will need the following values file saved locally: `keycloak-dev-values.yaml` ([link](https://repo1.dso.mil/big-bang/bigbang/-/blob/master/docs/assets/configs/example/keycloak-dev-values.yaml?ref_type=heads)).
+
+### Deploying
-### Deploying
Before deploying GitLab and configuring SSO, you need to deploy the dev instance of Keycloak. Use the overrides file below.
1. `overrides.yaml`:
+
```yaml
clusterAuditor:
enabled: false
@@ -46,17 +50,23 @@ Before deploying GitLab and configuring SSO, you need to deploy the dev instance
keycloak:
enabled: true
````
+
1. Deploy BigBang:
+
```bash
- $ helm upgrade -i bigbang ./chart -n bigbang --create-namespace -f ./registry-values.yaml -f ./chart/ingress-certs.yaml -f ./keycloak-dev-values.yaml -f ./overrides.yaml
+ helm upgrade -i bigbang ./chart -n bigbang --create-namespace -f ./registry-values.yaml -f ./chart/ingress-certs.yaml -f ./keycloak-dev-values.yaml -f ./overrides.yaml
```
+
Wait for Keycloak pods to be ready before proceeding.
1. Run sshuttle to connect to your cluster's private network (command was provided once the `k3d-dev.sh` script completed.)
1. Run the following command and copy the results:
+
```bash
- $ curl https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml/descriptor
+ curl https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml/descriptor
```
+
1. Add the following to `overrides.yaml`:
+
```yaml
addons:
gitlab:
@@ -104,15 +114,19 @@ Before deploying GitLab and configuring SSO, you need to deploy the dev instance
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
```
+
1. Upgrade BigBang:
+
```bash
- $ helm upgrade -i bigbang ./chart -n bigbang --create-namespace -f ./registry-values.yaml -f ./chart/ingress-certs.yaml -f ./keycloak-dev-values.yaml -f ./overrides.yaml
+ helm upgrade -i bigbang ./chart -n bigbang --create-namespace -f ./registry-values.yaml -f ./chart/ingress-certs.yaml -f ./keycloak-dev-values.yaml -f ./overrides.yaml
```
-1. Login to the Keycloak admin console: (`admin/password`) https://keycloak.dev.bigbang.mil/auth/admin/master/console/
-1. Switch to the baby-yoda realm.
+
+1. Login to the Keycloak admin console: (`admin/password`) <https://keycloak.dev.bigbang.mil/auth/admin/master/console/>
+1. Switch to the baby-yoda realm.
1. Create a new user. Be sure to do the following: Switch "Email verified" to "Yes", join the "Impact Level 2 Authorized" group, remove all "Required user actions" (do this after the user is created), create a password (disable "Temporary").
1. Login to Gitlab using SSO and the user you just configured.
1. Setup MFA.
#### OmniAuth oidc-provider SSO setup
+
- Reference [keycloak.md](https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/keycloak.md?ref_type=heads) for omniauth global configuration and more override examples.
diff --git a/docs/keycloak.md b/docs/keycloak.md
index 1d384b792ee179f8e8b53fbce1d9897ef94eae4b..fa06e516211efcaa52f15eb4691cacb4fa3c68e5 100644
--- a/docs/keycloak.md
+++ b/docs/keycloak.md
@@ -5,20 +5,21 @@ The integration assumes that keycloak is deployed with a realm other than master
This documentation is geared towards configuring GitLab to work with P1 SSO/`login.dso.mil`. To learn about deploying GtitLab with a dev version of Keycloak, see [keycloak-dev.md](./keycloak-dev.md).
If the client gitlab doesn't exist in keycloak, please create the client gitlab with the following settings:
-1. Create a gitlab OIDC client scope. The scope name is case sensitive and must match the oidc settings that Gitlab was deployed with. Bigbang Gitlab settings are expecting scope name "Gitlab" with a capital G. Use the following mappings:
-
+
+1. Create a gitlab OIDC client scope. The scope name is case sensitive and must match the oidc settings that Gitlab was deployed with. Bigbang Gitlab settings are expecting scope name "Gitlab" with a capital G. Use the following mappings:
+
| Name | Mapper Type | Mapper Selection Sub | Token Claim Name | Claim JSON Type |
|-------------|------------------|----------------------|--------------------|-----------------|
| email | User Property | email | email | String |
| profile | User Attribute | profile | N/A | String |
| username | User Property | username | preferred_username | String |
-2. Create a gitlab client
+2. Create a gitlab client
- Change the following configuration items
- access type: confidential _this will enable "Credentials"_
- Direct Access Grants Enabled: Off
- - Valid Redirect URIs: https://code.${DOMAIN}/users/auth/openid_connect/callback
- - Base URL: https://code.${DOMAIN}
+ - Valid Redirect URIs: <https://code.${DOMAIN}/users/auth/openid_connect/callback>
+ - Base URL: <https://code.${DOMAIN}>
- Set Client Scopes
- Default Client Scopes: Gitlab (the client scope you created in the previous step. This is case sensitive.)
- optional client scopes: N/A
@@ -26,7 +27,8 @@ If the client gitlab doesn't exist in keycloak, please create the client gitlab
### GitLab configuration for keycloak
-Reference Gitlab [documentation for SSO](https://docs.gitlab.com/charts/charts/globals.html#omniauth). This is a working example of the json configuration used for keycloak integration.
+Reference Gitlab [documentation for SSO](https://docs.gitlab.com/charts/charts/globals.html#omniauth). This is a working example of the json configuration used for keycloak integration.
+
```
{
"name": "openid_connect",
@@ -50,15 +52,19 @@ Reference Gitlab [documentation for SSO](https://docs.gitlab.com/charts/charts/g
}
}
```
+
Fill in your values and create a json file with the contents in a temporary directory somewhere. You can name the file gitlab-oidc.json. Encode the contents with base64
+
```
cat gitlab-oidc.enc.json | base64 -w 0
```
+
The encoded output is what you will use in the next step. The ```-w 0``` insures that the encoded value is a one line string.
### Create a secret in Gitlab namespace for the oidc provider info
Create a secret for the json provider config from the previous step
+
```
apiVersion: v1
kind: Secret
@@ -68,11 +74,12 @@ metadata:
data:
gitlab-oidc.json: <enter your encoded json config here>
```
+
Before you commit this secret you can encrypt the base64 encoded data with sops. Only encrypt the data section. Flux needs to be able to read the other fields.
### Gitlab omniauth global configuration
-Override the helm chart values.yaml for your environment to include the oidc-provider secret in gitlab ```global.appConfig.omniauth``` definition. The following example is the minimum config that you need. Refer to Gitlab documentation for more settings.
+Override the helm chart values.yaml for your environment to include the oidc-provider secret in gitlab ```global.appConfig.omniauth``` definition. The following example is the minimum config that you need. Refer to Gitlab documentation for more settings.
```
global:
@@ -94,11 +101,14 @@ global:
- secret: oidc-provider
key: gitlab-oidc.json
```
+
#### Network Policy egress-sso configurable port
+
- Default egressPort = 443
- Scenerio: If omniauth is "enabled" and you are configuring the controlPlaneCidr to a specific controlplane ip block you will need to update the "Values.networkPolicies.egressPort" to 8443. This port needs to be open for oidc authentication to the keycloak client in the baby-yoda realm.
Example egress-sso Network Policy override:
+
```yaml
gitlab:
enabled: true
@@ -164,7 +174,8 @@ sso: # derived from https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blo
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
-```
+```
+
- Link to [keycloak-dev.md](https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/keycloak-dev.md?ref_type=heads) document for complete SSO configuration.
If all your configuration is correct you will be able to deploy and use SSO auth for Gitlab!
diff --git a/docs/operational-production-settings.md b/docs/operational-production-settings.md
index ec21a22e5584799caf61d22b948206a93e863540..c0073fb4f1f5ca9c083475236caa72aaedb415ec 100644
--- a/docs/operational-production-settings.md
+++ b/docs/operational-production-settings.md
@@ -1,14 +1,19 @@
# Operational configuration and settings for production environments
+
This document provides suggested settings for operational/production environment. Of course every environment is unique. These suggestions are a good starting point. Also consult the upstream Gitlab documentation and the other documents in the [./docs](./docs) directory.
-## Use external database and object storage
+## Use external database and object storage
+
For production deployments you must externalize the postgres and MinIO services. If you are deploying with BigBang the most common value overrides will passthrough to the Gitlab Package chart.
You should disable the internal postgres.
+
```
postgresql:
install: false
```
+
Enable an external database. Preferably a cloud database service. Customize the values for your external database credentials. If you are using BigBang the values will pass through to this Gitlab Package chart.
+
```
global:
## doc/charts/globals.md#configure-postgresql-settings
@@ -23,13 +28,17 @@ global:
# pool: 1
# preparedStatements: false
```
+
Disable the internal MinIO instance
+
```
global:
minio:
enabled: false
```
+
Customize the values for external object storage. If you are using BigBang the values will pass through to this Gitlab Package chart.
+
```
global:
appConfig:
@@ -46,12 +55,15 @@ global:
```
## Flux settings
+
When deploying this Gitlab Package chart with BigBang the deployment is controlled by the FluxCD GitOps tool. Large Gitlab installations should increase the Flux timeout in the BigBang value (addons.gitlab.flux.timeout) to around 30m to 45m. And the BigBang Flux retries value (addons.gitlab.flux.upgrade.retries) should be adjusted to around 8 to 10.
## Kubernetes resource request/limit settings
-K8s resource requests/limits for webservice and gitaly workloads should be increased from the defaults. Gitlab engineers state predicting Gitaly's resource consumption is very difficult, and will require testing to find the applicable limits/requests for each individual installation. See this [Gitlab Epic](https://gitlab.com/groups/gitlab-org/-/epics/6127) for more information. See the [docs/k8s-resources.md](./k8s-resources.md) for a list of all possible configuration values.
+
+K8s resource requests/limits for webservice and gitaly workloads should be increased from the defaults. Gitlab engineers state predicting Gitaly's resource consumption is very difficult, and will require testing to find the applicable limits/requests for each individual installation. See this [Gitlab Epic](https://gitlab.com/groups/gitlab-org/-/epics/6127) for more information. See the [docs/k8s-resources.md](./k8s-resources.md) for a list of all possible configuration values.
Recommended starting point:
+
```
gitlab:
webservice:
@@ -73,20 +85,27 @@ gitlab:
```
## Backup and rename gitlab-rails-secret
+
If the Kubernetes gitlab-rails-secret happens to get overwritten Gitlab will no longer be able to access the encrypted data in the database. You will get errors like this in the logs.
+
```
OpenSSL::Cipher::CipherError ()
```
+
Many things break when this happens and the recovery is ugly with serious user impacts.
At a minimum an operational deployment of Gitlab should export and save the gitlab-rails-secret somewhere secure outside the cluster.
+
```
kubectl get secret/gitlab-rails-secret -n gitlab -o yaml > cya.yaml
```
+
Ideally, an operational deployment should create a secret with a different name as [documented here](https://docs.gitlab.com/charts/installation/secrets.html#gitlab-rails-secret). The helm chart values ```global.railsSecrets.secret``` can be overridden to point to the secret.
+
```
global:
railsSecrets:
secret: my-gitlab-rails-secret
```
+
This secret should be backed up somewhere secure outside the cluster.
diff --git a/docs/overview.md b/docs/overview.md
index 6b203bf54a73d45dbb2b68e8186d150648376e34..4ed51000d506d60b39cc197bd67a8ff24169664d 100644
--- a/docs/overview.md
+++ b/docs/overview.md
@@ -3,26 +3,34 @@
[[_TOC_]]
# Gitlab for Kubernetes
+
[gitlab](https://docs.gitlab.com/) provides the upstream documentation:
GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and continuous integration/continuous deployment pipeline features, using an open-source license, developed by GitLab Inc.
## Application Deployment
+
The default values are intended for development, demo, and CI pipelines. For operational/production environments see the suggestions in [docs/operational-production-settings.md](./operational-production-settings.md).
## Kubernetes resource configuration
+
The BigBang Gitlab Package has a default resource configuration for a minimal installation which is sufficient for development, demos, and CI pipelines. For larger operational deployments you must increase the CPU and memory as needed. See suggested production settings here [docs/operational-production-settings.md](./operational-production-settings.md). Consult the upstream Gitlab documentation and Gitlab Support for appropriate settings. See the [docs/k8s-resources.md](./k8s-resources.md) for a list of all possible configuration values.
## Keycloak SSO integration
+
Gitlab SSO integration can be 100% configuration as code. No manual post-install actions are required if the configuration is correct.
see [docs/keycloak.md](./keycloak.md)
## elasticsearch notes
+
create an index pattern for fluentd if not already created for you
+
```
logstash-*
```
+
Build filter for gitlab namespace
+
```
{
"query": {
@@ -32,7 +40,9 @@ Build filter for gitlab namespace
}
}
```
+
There are more than 15 pods in a Gitlab deployment.
+
```
[p1dev@p1dev-vm gitlab]$ kubectl get pods -n gitlab
NAME READY STATUS RESTARTS AGE
@@ -56,11 +66,13 @@ gitlab-webservice-7ff8956d8b-8zcj2 2/2 Running 0 4h
gitlab-webservice-7ff8956d8b-9l8sj 2/2 Running 0 143m
global-shared-gitlab-runner-567cf8df54-8dzfw 1/1 Running 0 4h50m
```
+
Here is a document that lists the Gitlab components and what each one does
-https://docs.gitlab.com/ce/development/architecture.html#component-details
+<https://docs.gitlab.com/ce/development/architecture.html#component-details>
Here are some an examples of a filter for specific containers:
front-end webservice
+
```
{
"query": {
@@ -70,7 +82,9 @@ front-end webservice
}
}
```
+
gitlab-workhorse - a gateway for routing http requests to the proper component
+
```
{
"query": {
@@ -80,7 +94,9 @@ gitlab-workhorse - a gateway for routing http requests to the proper component
}
}
```
+
cli git commands
+
```
{
"query": {
@@ -90,10 +106,13 @@ cli git commands
}
}
```
+
In the KQL field you can text search within a source field such as log
+
```
log: "error"
```
+
```
log:
F 2020-07-10T18:23:01.255Z 8 TID-go4bqp7cw ERROR: Error fetching job: Error connecting to Redis on gitlab-redis-master:6379 (Redis::TimeoutError)
@@ -124,4 +143,3 @@ kubernetes.labels.queue-pod-name:
kubernetes.labels.release:
gitlab
```
-
diff --git a/docs/test-package-against-bb.md b/docs/test-package-against-bb.md
index 548c206e199b6f92242ce88d6887c9780a8a0ad3..eabf81ce5f4a3f7b4d640b5e1ce1a0e69f6d1c82 100644
--- a/docs/test-package-against-bb.md
+++ b/docs/test-package-against-bb.md
@@ -8,6 +8,7 @@ As part of your MR that modifies istio you will need to run bigbang tests agains
1. Create a new branch on bigbang off of master `git checkout master && git pull && git checkout -b my-bigbang-branch-for-testing.`
1. Modify the [test values](https://repo1.dso.mil/big-bang/bigbang/-/blob/master/tests/test-values.yaml?ref_type=heads). Yours will be different for your package, you may need more than this.
+
```yaml
gitlab:
git:
@@ -18,6 +19,7 @@ As part of your MR that modifies istio you will need to run bigbang tests agains
hardened:
enabled: true
```
+
1. Stage your changes `git add -A.`
1. Commit your changes `git commit -m "prepping for test."`
1. Push your changes `git push -u origin my-bigbang-branch-for-testing.`
diff --git a/tests/images.txt b/tests/images.txt
index 392309bd13d8794a753cabbacd6f20fc3e5397ec..49c400582fca06931374f7512b82718901ba86c2 100644
--- a/tests/images.txt
+++ b/tests/images.txt
@@ -1,2 +1,2 @@
-registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.2.9
-registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.2.9
+registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.3.6
+registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.3.6