Gitlab chart incorrect image annotation conditions
Currently the following helm.sh/images annotation conditions from the Gitlab Chart.yaml do not exist inside the values.yaml:
gitlab-exporter.enabled
ungradeCheck.enabled
This prevents other tooling (such as Zarf) from acting on these conditions.
Designs
Related merge requests 2
When these merge requests are accepted, this issue will be closed automatically.
Activity
Unable to open an MR but the below fixes it along with a conftest test:
--- apiVersion: v1 name: gitlab version: 6.9.2-bb.0 appVersion: 15.9.2 description: The One DevOps Platform keywords: - gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png sources: - https://gitlab.com/gitlab-org/charts/gitlab maintainers: - name: GitLab Inc. email: support@gitlab.com annotations: bigbang.dev/applicationVersions: | - Gitlab: 15.9.2 helm.sh/images: | - name: redis-exporter condition: redis.metrics.enabled image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.48.0 - name: redis condition: redis.install image: registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3 - name: alpine-certificates image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:15.9.2 - name: cfssl-self-sign condition: shared-secrets.enabled image: registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1 - name: gitaly image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:15.9.2 - name: gitlab-container-registry condition: registry.enabled image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:15.9.2 - name: gitlab-shell image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:15.9.2 - name: gitlab-sidekiq image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:15.9.2 - name: gitlab-toolbox image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:15.9.2 - name: gitlab-webservice image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:15.9.2 - name: gitlab-workhorse image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:15.9.2 - name: gitlab-pages image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:15.9.2 - name: kubectl image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:15.9.2 - name: mc image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2022-12-24T15-21-38Z - name: minio image: registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2022-12-12T19-27-27Z - name: postgresql12 condition: postgresql.install image: registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.14 - name: ubi8 condition: upgradeCheck.enabled image: registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.7 - name: gitlab-exporter condition: gitlab.gitlab-exporter.enabled image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:15.9.2 - name: bbtests condition: bbtests.enabled image: registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4package main deny_missing_values_image_condition[msg] { values := parse_config_file("../values.yaml") chart := parse_config_file("../Chart.yaml") images := yaml.unmarshal(chart.annotations["helm.sh/images"]) conditionRaw := images[i].condition conditionKeys := split(conditionRaw, ".") value := object.get(values, conditionKeys, "undefined") print("Condition", conditionRaw, "has value:", value) not value != "undefined" msg := sprintf("Image condition '%s' was not specified in values.yaml", [conditionRaw]) }-
The above script worked well for Gitlab, but may need to be modified for other charts (or value shells will need to be added) - Neuvector, for example, passes its values.yaml into a subchart that loads the prometheus exporter via
monitor.exporter.enabledwhich exists in the monitor chart but not in the parent.https://repo1.dso.mil/big-bang/product/packages/neuvector/-/blob/main/chart/Chart.yaml
Anchore-enterprise also has a similar configuration with postgresql
Edited by wayne.starr mentioned in issue vault#43 (closed)
mentioned in merge request !178 (merged)
closed with merge request !178 (merged)
mentioned in commit 6f79d10f
mentioned in merge request big-bang/bigbang!2596 (merged)
mentioned in commit big-bang/bigbang@23c038fa