diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28fcdd86a8255a1c8898b2fd96e320e0f79c0179..3047188a47b6bc8628809eb83c3307efc4a5ea63 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [8.8.1-bb.0] (2024-01-24)
+
+### Changed
+
+- update gluon 0.5.3 -> 0.5.14
+- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.7.2 -> 17.8.1
+
## [8.7.4-bb.1] (2024-01-22)
### Changed
diff --git a/README.md b/README.md
index 346553c396d8533699f9961cea5903c6abcf217c..9f478da604c32fecdf440b7266741b94c2870b14 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# gitlab
-  
+  
GitLab is the most comprehensive AI-powered DevSecOps Platform.
@@ -48,7 +48,7 @@ helm install gitlab chart/
| global.image | object | `{}` | |
| global.pod.labels | object | `{}` | |
| global.edition | string | `"ee"` | |
-| global.gitlabVersion | string | `"17.7.2"` | |
+| global.gitlabVersion | string | `"17.8.1"` | |
| global.application.create | bool | `false` | |
| global.application.links | list | `[]` | |
| global.application.allowClusterRoles | bool | `true` | |
@@ -362,7 +362,7 @@ helm install gitlab chart/
| global.workhorse.tls.enabled | bool | `false` | |
| global.webservice.workerTimeout | int | `60` | |
| global.certificates.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/certificates"` | |
-| global.certificates.image.tag | string | `"17.7.2"` | |
+| global.certificates.image.tag | string | `"17.8.1"` | |
| global.certificates.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.certificates.init.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| global.certificates.init.securityContext.runAsUser | int | `65534` | |
@@ -399,13 +399,13 @@ helm install gitlab chart/
| global.certificates.customCAs[29].secret | string | `"ca-certs-dod-trust-anchors-self-signed"` | |
| global.certificates.customCAs[30].secret | string | `"ca-certs-eca"` | |
| global.kubectl.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/kubectl"` | |
-| global.kubectl.image.tag | string | `"17.7.2"` | |
+| global.kubectl.image.tag | string | `"17.8.1"` | |
| global.kubectl.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.kubectl.securityContext.runAsUser | int | `65534` | |
| global.kubectl.securityContext.fsGroup | int | `65534` | |
| global.kubectl.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| global.gitlabBase.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base"` | |
-| global.gitlabBase.image.tag | string | `"17.7.2"` | |
+| global.gitlabBase.image.tag | string | `"17.8.1"` | |
| global.gitlabBase.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.serviceAccount.enabled | bool | `true` | |
| global.serviceAccount.create | bool | `true` | |
@@ -790,7 +790,7 @@ helm install gitlab chart/
| registry.resources.requests.cpu | string | `"200m"` | |
| registry.resources.requests.memory | string | `"1024Mi"` | |
| registry.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry"` | |
-| registry.image.tag | string | `"17.7.2"` | |
+| registry.image.tag | string | `"17.8.1"` | |
| registry.image.pullSecrets[0].name | string | `"private-registry"` | |
| registry.ingress.enabled | bool | `false` | |
| registry.metrics.enabled | bool | `true` | |
@@ -850,7 +850,7 @@ helm install gitlab chart/
| gitlab.toolbox.replicas | int | `1` | |
| gitlab.toolbox.antiAffinityLabels.matchLabels.app | string | `"gitaly"` | |
| gitlab.toolbox.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.toolbox.image.tag | string | `"17.7.2"` | |
+| gitlab.toolbox.image.tag | string | `"17.8.1"` | |
| gitlab.toolbox.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.toolbox.init.resources.requests.cpu | string | `"200m"` | |
| gitlab.toolbox.init.resources.requests.memory | string | `"200Mi"` | |
@@ -887,7 +887,7 @@ helm install gitlab chart/
| gitlab.gitlab-exporter.resources.requests.memory | string | `"200Mi"` | |
| gitlab.gitlab-exporter.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-exporter.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter"` | |
-| gitlab.gitlab-exporter.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-exporter.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-exporter.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-exporter.metrics.enabled | bool | `true` | |
| gitlab.gitlab-exporter.metrics.port | int | `9168` | |
@@ -909,7 +909,7 @@ helm install gitlab chart/
| gitlab.migrations.resources.requests.cpu | string | `"500m"` | |
| gitlab.migrations.resources.requests.memory | string | `"1.5G"` | |
| gitlab.migrations.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.migrations.image.tag | string | `"17.7.2"` | |
+| gitlab.migrations.image.tag | string | `"17.8.1"` | |
| gitlab.migrations.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.migrations.securityContext.runAsUser | int | `1000` | |
| gitlab.migrations.securityContext.runAsGroup | int | `1000` | |
@@ -933,14 +933,14 @@ helm install gitlab chart/
| gitlab.webservice.resources.requests.cpu | string | `"300m"` | |
| gitlab.webservice.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice"` | |
-| gitlab.webservice.image.tag | string | `"17.7.2"` | |
+| gitlab.webservice.image.tag | string | `"17.8.1"` | |
| gitlab.webservice.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.resources.limits.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.limits.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.resources.requests.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.image | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse"` | |
-| gitlab.webservice.workhorse.tag | string | `"17.7.2"` | |
+| gitlab.webservice.workhorse.tag | string | `"17.8.1"` | |
| gitlab.webservice.workhorse.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.metrics.enabled | bool | `true` | |
| gitlab.webservice.workhorse.metrics.serviceMonitor.enabled | bool | `true` | |
@@ -951,7 +951,7 @@ helm install gitlab chart/
| gitlab.webservice.metrics.serviceMonitor.enabled | bool | `true` | |
| gitlab.webservice.helmTests.enabled | bool | `false` | |
| gitlab.sidekiq.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq"` | |
-| gitlab.sidekiq.image.tag | string | `"17.7.2"` | |
+| gitlab.sidekiq.image.tag | string | `"17.8.1"` | |
| gitlab.sidekiq.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.sidekiq.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.sidekiq.init.resources.limits.memory | string | `"200Mi"` | |
@@ -969,7 +969,7 @@ helm install gitlab chart/
| gitlab.sidekiq.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.sidekiq.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitaly.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.gitaly.image.tag | string | `"17.7.2"` | |
+| gitlab.gitaly.image.tag | string | `"17.8.1"` | |
| gitlab.gitaly.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitaly.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitaly.init.resources.limits.memory | string | `"200Mi"` | |
@@ -989,7 +989,7 @@ helm install gitlab chart/
| gitlab.gitaly.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitaly.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-shell.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell"` | |
-| gitlab.gitlab-shell.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-shell.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-shell.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-shell.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitlab-shell.init.resources.limits.memory | string | `"200Mi"` | |
@@ -1007,15 +1007,15 @@ helm install gitlab chart/
| gitlab.gitlab-shell.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitlab-shell.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.mailroom.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom"` | |
-| gitlab.mailroom.image.tag | string | `"17.7.2"` | |
+| gitlab.mailroom.image.tag | string | `"17.8.1"` | |
| gitlab.mailroom.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.mailroom.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-pages.service.customDomains.type | string | `"ClusterIP"` | |
| gitlab.gitlab-pages.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages"` | |
-| gitlab.gitlab-pages.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-pages.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-pages.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.praefect.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.praefect.image.tag | string | `"17.7.2"` | |
+| gitlab.praefect.image.tag | string | `"17.8.1"` | |
| gitlab.praefect.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.praefect.init.resources.limits.memory | string | `"200Mi"` | |
| gitlab.praefect.init.resources.requests.cpu | string | `"200m"` | |
diff --git a/chart/.gitlab-ci.yml b/chart/.gitlab-ci.yml
index e5cc6f01cacf0ef75095ddb88dc0f957c82c4219..b4853e2e1170f0e188295d302971f0e4a9f4d894 100644
--- a/chart/.gitlab-ci.yml
+++ b/chart/.gitlab-ci.yml
@@ -50,7 +50,7 @@ variables:
DEBIAN_VERSION: bookworm
RUBY_VERSION: "3.1.5"
CI_TOOLS_VERSION: "4.22.0"
- GITLAB_QA_VERSION: "14.20.0"
+ GITLAB_QA_VERSION: "15.0.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
@@ -238,6 +238,8 @@ trigger_review_current:
- job: pin_image_versions
rules:
- !reference [.rule:skip_if_fork]
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline" && $PIPELINE_TYPE =~ /DEFAULT_BRANCH_PIPELINE$/ '
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline" && $PIPELINE_TYPE =~ /STABLE_BRANCH_PIPELINE$/ '
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
@@ -248,6 +250,8 @@ trigger_review_current:
.trigger_review_current:
rules:
- !reference [.rule:skip_if_fork]
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
# Triggered from CNG
- if: '$CI_PIPELINE_SOURCE == "pipeline" && $TEST_BRANCH == "true"'
@@ -263,6 +267,8 @@ trigger_review_secondary:
optional: true
- job: pin_image_versions
rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- !reference [.rule:skip_if_fork]
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
when: manual
@@ -271,6 +277,8 @@ trigger_review_secondary:
.trigger_review_secondary:
rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- !reference [.rule:skip_if_fork]
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
@@ -281,8 +289,10 @@ trigger_review_secondary:
include:
- local: .gitlab-ci.yml
strategy: depend
+ forward:
+ pipeline_variables: true
inherit:
- variables:
+ variables:
- PIPELINE_TYPE
- REVIEW_REF_PREFIX
- LIMIT_TO
diff --git a/chart/.gitlab/ci/checks.yml b/chart/.gitlab/ci/checks.yml
index 983b999b55ddcb3d951fbf66f11940531c62fac8..9106ece354207019ccef2532e67baec00c7558b0 100644
--- a/chart/.gitlab/ci/checks.yml
+++ b/chart/.gitlab/ci/checks.yml
@@ -64,6 +64,22 @@ check_docs_links:
- if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /BRANCH_PIPELINE$/'
+# https://github.com/zegl/kube-score
+# Initially motivated to detect duplicated environment variable definitions
+kube-score:
+ image:
+ name: "zegl/kube-score:v1.19.0@sha256:94137f32ce139dc9fbdbbd380249025e4d378c282ff151a100b981cdeeb923b6"
+ entrypoint: [""]
+ stage: prepare
+ script:
+ - helm dependency build
+ - helm template . --set certmanager-issuer.email=gitlab@example.com > /tmp/test.yaml
+ - /kube-score score --ignore-container-cpu-limit --ignore-container-memory-limit --ignore-test "container-image-pull-policy,container-security-context-user-group-id,container-ephemeral-storage-request-and-limit,container-security-context-readonlyrootfilesystem,pod-probes,pod-networkpolicy,container-resources,deployment-has-poddisruptionbudget,deployment-replicas,deployment-has-host-podantiaffinity" /tmp/test.yaml
+ rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ - if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
+ - if: '$PIPELINE_TYPE =~ /BRANCH_PIPELINE$/'
+
lint_package:
stage: preflight
when: always
@@ -100,4 +116,3 @@ specs_without_cluster:
- if: '$PIPELINE_TYPE == "AUTO_DEPLOY_PIPELINE"'
- if: '$PIPELINE_TYPE == "RELEASE_PIPELINE"'
needs: ['lint_package']
-
diff --git a/chart/.gitlab/ci/operator.gitlab-ci.yml b/chart/.gitlab/ci/operator.gitlab-ci.yml
index 1f538d8a747ba6eef8badb54c6e78303e2b5a7a2..b1571eb07747437acd07c01b2ed91099c7ad9730 100644
--- a/chart/.gitlab/ci/operator.gitlab-ci.yml
+++ b/chart/.gitlab/ci/operator.gitlab-ci.yml
@@ -6,9 +6,10 @@ trigger_operator_test:
variables:
CHARTS_REF: "${CI_COMMIT_SHA}"
TRIGGER_PROJECT: "${CI_PROJECT_PATH}"
+ PIPELINE_TYPE: "${PIPELINE_TYPE}"
inherit:
variables: false
- when: manual
rules:
- - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PIPELINE_SOURCE == "merge_request_event"'
-
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
+ - when: manual
diff --git a/chart/.gitlab/ci/review-docs.yml b/chart/.gitlab/ci/review-docs.yml
index 1ee9775b8aa240e6761c2ab18e98b5bfd9f5f32a..8f3077adb342e561b31c657b780edbab19929923 100644
--- a/chart/.gitlab/ci/review-docs.yml
+++ b/chart/.gitlab/ci/review-docs.yml
@@ -4,6 +4,7 @@
stage: review
cache: {}
dependencies: []
+ needs: []
before_script:
- gem install gitlab --no-doc
# We need to download the script rather than clone the repo since the
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index 32602ce3666d08fd0012f42520ef6f6ecf5a8e96..6f878037675655957ca8e8e362373e6e992dba68 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -2,6 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 8.8.1 (2025-01-22)
+
+No changes.
+
+## 8.8.0 (2025-01-15)
+
+### Added (1 change)
+
+- [Support configuring redis database number](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/8338b2142ebb22b256420adb656addd7a7e2be95) by @gpongelli ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3995))
+
+### Fixed (3 changes)
+
+- [Remove duplicate TZ keys in Gitaly StatefulSet](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/344ee5e80a92b8880187f60c4f8833e42e01c9d2) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4046))
+- [Revert certmanager-issuer time zone change](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/703c18ffc1feab1cda16c02f7acca70f871aac11) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4043))
+- [Shared Secrets: consume idiomatic returns from yq](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/19e1aa90c41e3559959f27b4a3baf67669905400) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4039))
+
+### Changed (5 changes)
+
+- [Update dependency gitlab-exporter to v15.1.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/13bc443fde1001e18db458f3d123ae05efe7a285) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4055))
+- [Add ttlSecondsAfterFinished to certmanager_issuer](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/b9b3698b41916d69bb82c467ebbe0d1aa3473bc2) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4053))
+- [Update dependency container-registry to v4.15.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/7d9b71c4adc0078424aa1e9ebfb65efd49ae20a9) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4059))
+- [Update Helm release gitlab-runner to v0.72.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/13515980ce6275fff3d8241b73725a48f443d2fb) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4038))
+- [Update dependency gitlab-qa to v15](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/a1b4854886a67007690053b6f7606636d9703f53) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4032))
+
## 8.7.4 (2025-01-15)
No changes.
@@ -16,12 +40,6 @@ No changes.
- [Revert certmanager-issuer time zone change](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/99befdf99b7f07639d7b6ceb83ea8b534085bbe3) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4044))
-## 8.7.1 (2024-12-20)
-
-### Fixed (1 change)
-
-- [Shared Secrets: consume idiomatic returns from yq](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/19e1aa90c41e3559959f27b4a3baf67669905400) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4039))
-
## 8.7.0 (2024-12-18)
### Added (3 changes)
@@ -40,6 +58,10 @@ No changes.
- [Update dependency container-registry to v4.14.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/dcc8ce8e48d88f5ff1aee9f0aa67bf4b505de585) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4017))
- [Update Helm release gitlab-runner to v0.71.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/45c82f324306ca23d68384a65103ec889c1b6cee) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4011))
+## 8.6.3 (2025-01-08)
+
+No changes.
+
## 8.6.2 (2024-12-10)
No changes.
@@ -69,6 +91,10 @@ No changes.
- [Update Helm release gitlab-runner to v0.70.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ea3833fd35e5d201c96e9da5b4892b610df19781) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3955))
- [Bump nginx-controller from 1.3.1 to 1.11.2](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/c8f6090ec807dde86d4f6fd92803ada8b125868e) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3901))
+## 8.5.5 (2025-01-08)
+
+No changes.
+
## 8.5.4 (2024-12-10)
No changes.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 2c289c66f63bae519f515a753e316f2f59a5da50..71fef3b9ad8f2e3ba63ecf42aca50088d822add9 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,8 +1,8 @@
---
apiVersion: v1
name: gitlab
-version: 8.7.4-bb.1
-appVersion: 17.7.2
+version: 8.8.1-bb.0
+appVersion: 17.8.1
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
@@ -16,7 +16,7 @@ maintainers:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Gitlab: 17.7.2
+ - Gitlab: 17.8.1
bigbang.dev/upstreamReleaseNotesMarkdown: |
The [upstream chart's release notes](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/CHANGELOG.md) may help when reviewing this package.
helm.sh/images: |
@@ -27,29 +27,29 @@ annotations:
condition: redis.install
image: registry1.dso.mil/ironbank/bitnami/redis:7.4.2
- name: alpine-certificates
- image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.8.1
- name: cfssl-self-sign
condition: shared-secrets.enabled
image: registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
- name: gitaly
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.8.1
- name: gitlab-container-registry
condition: registry.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.8.1
- name: gitlab-shell
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.8.1
- name: gitlab-sidekiq
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.8.1
- name: gitlab-toolbox
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.8.1
- name: gitlab-webservice
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.8.1
- name: gitlab-workhorse
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.8.1
- name: gitlab-pages
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.8.1
- name: kubectl
- image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.8.1
- name: mc
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2024-10-02T08-27-28Z
- name: minio
@@ -61,10 +61,10 @@ annotations:
condition: upgradeCheck.enabled
image: registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.5
- name: gitlab-base
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.8.1
- name: gitlab-exporter
condition: gitlab.gitlab-exporter.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.8.1
- name: bbtests
condition: bbtests.enabled
image: registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4
diff --git a/chart/Kptfile b/chart/Kptfile
index 355dd35eda1eb253c1dd68a47751832ec13c0a0f..322c3cb8f7dead42f9f2f0f921d266429a2a4c5a 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 6ac93b61b25b1e7db4d7dc0c7549d1f85670887e
+ commit: c9cc7286394007b8b8f1e04649658a089aeee4a0
repo: https://gitlab.com/gitlab-org/charts/gitlab
directory: /
- ref: v8.7.4
+ ref: v8.8.1
diff --git a/chart/charts/certmanager-issuer/Chart.yaml b/chart/charts/certmanager-issuer/Chart.yaml
index 8c74e23757f1c021c919a9a80365feee600f7f2c..c4d1ac1f489a61d74cbd127a402898e7f7a1c258 100644
--- a/chart/charts/certmanager-issuer/Chart.yaml
+++ b/chart/charts/certmanager-issuer/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: certmanager-issuer
-version: 0.1.0
+version: 0.2.0
appVersion: 0.2.2
description: Configuration Job to add LetsEncrypt Issuer to cert-manager
keywords:
diff --git a/chart/charts/certmanager-issuer/templates/issuer-job.yaml b/chart/charts/certmanager-issuer/templates/issuer-job.yaml
index 4bb5adce82fa8c36a35cad0e753783a2399dd068..6c5dd8fbdec098313f6851b4ebcead806a494827 100644
--- a/chart/charts/certmanager-issuer/templates/issuer-job.yaml
+++ b/chart/charts/certmanager-issuer/templates/issuer-job.yaml
@@ -10,6 +10,7 @@ metadata:
{{- include "gitlab.commonLabels" . | nindent 4 }}
spec:
activeDeadlineSeconds: 300
+ ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }}
template:
metadata:
labels:
diff --git a/chart/charts/certmanager-issuer/values.yaml b/chart/charts/certmanager-issuer/values.yaml
index 3f13384a60585bf5336cff3491229cabcb6ae13d..b5660f2e4a28e414c84680682b2545643f444408 100644
--- a/chart/charts/certmanager-issuer/values.yaml
+++ b/chart/charts/certmanager-issuer/values.yaml
@@ -26,3 +26,5 @@ common:
labels: {}
useNewIngressForCerts: false
+
+ttlSecondsAfterFinished: 1800
diff --git a/chart/charts/gitlab-runner-0.71.0.tgz b/chart/charts/gitlab-runner-0.71.0.tgz
deleted file mode 100644
index 7c208e5223edaec89cfc7f30b682c9a4edd7c3d3..0000000000000000000000000000000000000000
Binary files a/chart/charts/gitlab-runner-0.71.0.tgz and /dev/null differ
diff --git a/chart/charts/gitlab-runner-0.72.0.tgz b/chart/charts/gitlab-runner-0.72.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..54d30273f02d3226024c11e2f7f4d1433a6ebc39
Binary files /dev/null and b/chart/charts/gitlab-runner-0.72.0.tgz differ
diff --git a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
index 2f359384f68d00d4b12fbef7402e05e95dd0d389..73a0aec9d58eee964f4ebacc779803a1c2be05b8 100644
--- a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: geo-logcursor
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: GitLab Geo logcursor
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/Chart.yaml b/chart/charts/gitlab/charts/gitaly/Chart.yaml
index 9ad46f50bc2318900579cdd2584bf0902f2ea04f..bf5e20bd35a39e8d789d38e9a1cbf026017a4f69 100644
--- a/chart/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitaly
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
index 60d26ec1bcc87c7cfc94d553dc968fd14874f1ba..0655eed4cac7208aa725a756018785f381f78c74 100644
--- a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
+++ b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
@@ -49,6 +49,9 @@ spec:
prometheus.io/path: {{ $.Values.metrics.path }}
{{- end }}
spec:
+ {{- if .Values.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.shareProcessNamespace }}
+ {{- end }}
{{- if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
diff --git a/chart/charts/gitlab/charts/gitaly/values.yaml b/chart/charts/gitlab/charts/gitaly/values.yaml
index 8adba3ddf5fa8b483bbf99973b19472b78c75c51..4051387a1a930f618e9267b0a3dbf8c6ad8a6e42 100644
--- a/chart/charts/gitlab/charts/gitaly/values.yaml
+++ b/chart/charts/gitlab/charts/gitaly/values.yaml
@@ -33,6 +33,10 @@ common:
podLabels: {}
serviceLabels: {}
+# Allows process namespace sharing within the pod
+# This makes processes in a container visible to all other containers in the same pod.
+shareProcessNamespace: false
+
init:
image: {}
# repository:
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 2f96cbed2e317c03144c3e8c6b79500146653b1f..0bd52d6f08bf6a2627ef060433bbf0861e645c6f 100644
--- a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-exporter
-version: 8.7.4
-appVersion: 15.0.0
+version: 8.8.1
+appVersion: 15.1.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
index 8e5eaa92ac4d54c2ad1780ee9b49f039ed12556c..d1b8634547f7dc14f724360cf751893cf10b8856 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-pages
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
index d52df87ade274518ac5d777ed6ec32101abf3e7e..1d89b64b91e699605da75ff3675ecdae8fd74814 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: gitlab-shell
-version: 8.7.4
+version: 8.8.1
appVersion: 14.39.0
description: sshd for Gitlab
keywords:
diff --git a/chart/charts/gitlab/charts/kas/Chart.yaml b/chart/charts/gitlab/charts/kas/Chart.yaml
index f6846cc57c8b30c8d38a736439f3c1927a5920fb..ac5ca7d79b24193fd2075e5e2d50c5b0c43119ba 100644
--- a/chart/charts/gitlab/charts/kas/Chart.yaml
+++ b/chart/charts/gitlab/charts/kas/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: kas
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: GitLab Agent Server
keywords:
- agent
diff --git a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
index 0ce08c57d47214a0ae734d6ebf4964915b3ab771..72f66b6598e6290973ab8969a4865ace04357791 100644
--- a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
@@ -29,7 +29,8 @@ username: {{ .redisMergedConfig.user }}
{{- end -}}
{{- if .redisMergedConfig.password.enabled }}
password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}
-{{- end -}}
+{{- end }}
+database_index: {{ .redisMergedConfig.database }}
{{- if not .redisMergedConfig.sentinels }}
server:
address: {{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
diff --git a/chart/charts/gitlab/charts/mailroom/Chart.yaml b/chart/charts/gitlab/charts/mailroom/Chart.yaml
index 1eb041c4bbf903b878f810066443aef42e765396..24902cb351102b8d92a3d867b4694751ec9a8432 100644
--- a/chart/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/chart/charts/gitlab/charts/mailroom/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mailroom
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Handling incoming emails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/migrations/Chart.yaml b/chart/charts/gitlab/charts/migrations/Chart.yaml
index 8e84db026a0341d4a5651f7c8784599d3bfa3afc..1f4f4bd7bd2158f4faf3c31004a09548e35e8dca 100644
--- a/chart/charts/gitlab/charts/migrations/Chart.yaml
+++ b/chart/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: migrations
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/praefect/Chart.yaml b/chart/charts/gitlab/charts/praefect/Chart.yaml
index 7edb2000b641f6f03e1f7b06f4c119039ba3357c..7ee128f082f4702358aa99a47a0366589cc082bc 100644
--- a/chart/charts/gitlab/charts/praefect/Chart.yaml
+++ b/chart/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: praefect
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
diff --git a/chart/charts/gitlab/charts/sidekiq/Chart.yaml b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
index 7c8fd79cae833f14be0b18eda6914a003be6b981..38f892a765819734dedfac9c346a51cc32f9662c 100644
--- a/chart/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: sidekiq
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/spamcheck/Chart.yaml b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
index 043c3e0a76f348371117a0f90d7458b2ed129776..904cf9fb0fd72523086b30a430cb9cd2c4779d74 100644
--- a/chart/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: spamcheck
-version: 8.7.4
+version: 8.8.1
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
diff --git a/chart/charts/gitlab/charts/toolbox/Chart.yaml b/chart/charts/gitlab/charts/toolbox/Chart.yaml
index 910d4f891bffa4d2e7a767227adefbfa0c44a8f5..f9a3ed1dc9d21024aa2fb48c881f6882b3f76483 100644
--- a/chart/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/chart/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: toolbox
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: For manually running rake tasks through kubectl
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/Chart.yaml b/chart/charts/gitlab/charts/webservice/Chart.yaml
index 8092ba7bf8c01f988e20709bd64dc7446cee7563..423762d9b4a332eb26d3c6047a765f2c316c91c7 100644
--- a/chart/charts/gitlab/charts/webservice/Chart.yaml
+++ b/chart/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: webservice
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: HTTP server for Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
index a320e36ee79fe9aafd87ed461b4b8bb7296d0d1d..21fd7be309faf80449941fb18192d6d21a1452bb 100644
--- a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
@@ -268,6 +268,7 @@ Return the workhorse redis configuration.
{{- end }}
{{- include "gitlab.redis.selectedMergedConfig" . -}}
[redis]
+DB = {{ .redisMergedConfig.database }}
{{- if not .redisMergedConfig.sentinels }}
{{- $userinfo := "" }}
{{- if .redisMergedConfig.user }}
diff --git a/chart/charts/gitlab/templates/_redis.tpl b/chart/charts/gitlab/templates/_redis.tpl
index 8f5841e5f0dff6b4fded4a8621e255df28a67906..a026d49847876039adfdda52359e7b3a979cb6fc 100644
--- a/chart/charts/gitlab/templates/_redis.tpl
+++ b/chart/charts/gitlab/templates/_redis.tpl
@@ -31,6 +31,16 @@ to 6379 default
{{- default 6379 .redisMergedConfig.port -}}
{{- end -}}
+{{/*
+Return the redis database
+If the redis database is provided, it will use that, otherwise it will fallback
+to 0 default
+*/}}
+{{- define "gitlab.redis.database" -}}
+{{- include "gitlab.redis.configMerge" . -}}
+{{- default 0 .redisMergedConfig.database -}}
+{{- end -}}
+
{{/*
Return the redis scheme, or redis. Allowing people to use rediss clusters
*/}}
@@ -49,7 +59,7 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters
Return the redis url.
*/}}
{{- define "gitlab.redis.url" -}}
-{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
+{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}/{{ template "gitlab.redis.database" . }}
{{- end -}}
{{/*
@@ -134,6 +144,7 @@ sentinels:
{{- if not (kindIs "map" (get $.redisMergedConfig "password")) -}}
{{- $_ := set $.redisMergedConfig "password" $.Values.global.redis.auth -}}
{{- end -}}
+{{- $_ := set $.redisMergedConfig "database" (default 0 .Values.global.redis.database) -}}
{{- range $key := keys $.Values.global.redis.auth -}}
{{- if not (hasKey $.redisMergedConfig.password $key) -}}
{{- $_ := set $.redisMergedConfig.password $key (index $.Values.global.redis.auth $key) -}}
diff --git a/chart/charts/gluon-0.5.12.tgz b/chart/charts/gluon-0.5.12.tgz
deleted file mode 100644
index 002bdc40c2d4eb3144041bde2fab7d61a60c84d4..0000000000000000000000000000000000000000
Binary files a/chart/charts/gluon-0.5.12.tgz and /dev/null differ
diff --git a/chart/charts/gluon-0.5.14.tgz b/chart/charts/gluon-0.5.14.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c99d9e0f44b4d35311fda2b49ee005cbbea4fb67
Binary files /dev/null and b/chart/charts/gluon-0.5.14.tgz differ
diff --git a/chart/charts/registry/Chart.yaml b/chart/charts/registry/Chart.yaml
index b101e619616b64eb1147881bab558685add1aa40..417fe95a9e350888017113e2553a24d730a1f054 100644
--- a/chart/charts/registry/Chart.yaml
+++ b/chart/charts/registry/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: registry
version: 0.7.0
-appVersion: 'v4.14.0-gitlab'
+appVersion: 'v4.15.0-gitlab'
description: Stateless, highly scalable application that stores and lets you
distribute container images
details: Container Registry component of GitLab
diff --git a/chart/charts/registry/values.yaml b/chart/charts/registry/values.yaml
index ac9fb2fd0570af288d40ec8b9ee94423015198fb..1838859af77b890b5b5ac23bceaf1fd6f84a8ca6 100644
--- a/chart/charts/registry/values.yaml
+++ b/chart/charts/registry/values.yaml
@@ -1,6 +1,6 @@
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry
- tag: 'v4.14.0-gitlab'
+ tag: 'v4.15.0-gitlab'
# pullPolicy: IfNotPresent
# pullSecrets: []
diff --git a/chart/danger/chart-version/Dangerfile b/chart/danger/chart-version/Dangerfile
new file mode 100644
index 0000000000000000000000000000000000000000..70bd1f9efa43293dea934656011ca051f5234822
--- /dev/null
+++ b/chart/danger/chart-version/Dangerfile
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+if helper.all_changed_files.detect(-> { false }) { |filename| filename == 'charts/certmanager-issuer/templates/issuer-job.yaml' }
+ failure <<~MSG
+ Jobs templates are immutable. Changing it breaks upgrades if there's an existing job with the same name.
+ Please bump the certmanager-issuer chart version, so that it gets a different generated name
+ as per [globals Jobs documentation](https://docs.gitlab.com/charts/charts/globals.html#jobs).
+ MSG
+end
diff --git a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
index 09c1c18644aefee3c8ea1c326526948f4de68c38..8e9562f6c3e3b106e3100646da8f432c23d59ea9 100644
--- a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
+++ b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
@@ -56,7 +56,7 @@ gitlab_kas['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
-# If you don't run a seperate monitoring node you can
+# If you don't run a separate monitoring node you can
# Enable Prometheus access & disable these extra services
# This makes Prometheus listen on all interfaces. You must use firewalls to restrict access to this address/port.
# prometheus['listen_address'] = '0.0.0.0:9090'
diff --git a/chart/doc/advanced/external-redis/index.md b/chart/doc/advanced/external-redis/index.md
index c2431d97937a60b0445c9c048fbf463446b3989e..18bad8c961421290ed061cf0f46a78939bed3b10 100644
--- a/chart/doc/advanced/external-redis/index.md
+++ b/chart/doc/advanced/external-redis/index.md
@@ -28,6 +28,7 @@ You must set the following parameters:
Items below can be further customized if you are not using the defaults:
- `global.redis.port`: The port the database is available on, defaults to `6379`.
+- `global.redis.database`: The database to connect to on the Redis server, defaults to `0`.
For example, pass these values via Helm's `--set` flag while deploying:
diff --git a/chart/doc/charts/certmanager-issuer/index.md b/chart/doc/charts/certmanager-issuer/index.md
index 457bbecf203259f35bf829c85fbf8ed5d70e980e..bf11cf550eae40236081b0c86b8d262b64a7e140 100644
--- a/chart/doc/charts/certmanager-issuer/index.md
+++ b/chart/doc/charts/certmanager-issuer/index.md
@@ -60,3 +60,4 @@ to the `helm install` command using the `--set` flags:
| `containerSecurityContext.allowPrivilegeEscalation` | `false` | Controls whether a process can gain more privileges than its parent process |
| `containerSecurityContext.runAsNonRoot` | `true` | Controls whether the container runs with a non-root user |
| `containerSecurityContext.capabilities.drop` | `[ "ALL" ]` | Removes [Linux capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) for the container |
+| `ttlSecondsAfterFinished` | `1800` | Controls when a finished job becomes eligible for cascading removal. |
diff --git a/chart/doc/charts/gitlab/gitaly/index.md b/chart/doc/charts/gitlab/gitaly/index.md
index 12e3769be9c5b712b4d6d7d1da120054100bccf5..a1c06077a788ba822b2d43cc72bc55d567bf5f41 100644
--- a/chart/doc/charts/gitlab/gitaly/index.md
+++ b/chart/doc/charts/gitlab/gitaly/index.md
@@ -86,6 +86,7 @@ the `helm install` command using the `--set` flags.
| `securityContext.fsGroupChangePolicy` | | Policy for changing ownership and permission of the volume (requires Kubernetes 1.23) |
| `securityContext.runAsUser` | `1000` | User ID under which the pod should be started |
| `securityContext.seccompProfile.type` | `RuntimeDefault` | Seccomp profile to use |
+| `shareProcessNamespace` | `false` | Allows making container processes visible to all other contains in the same pod |
| `containerSecurityContext` | | Override container [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) under which the Gitaly container is started |
| `containerSecurityContext.runAsUser` | `1000` | Allow overwriting of the specific security context user ID under which the Gitaly container is started |
| `containerSecurityContext.allowPrivilegeEscalation` | `false` | Controls whether a process of the Gitaly container can gain more privileges than its parent process |
diff --git a/chart/doc/charts/gitlab/migrations/index.md b/chart/doc/charts/gitlab/migrations/index.md
index c4df87b1d276fbd2d909cdf8688a6a72619c0c49..adf1715db1fb59f7c83ece055767e084bbf4084e 100644
--- a/chart/doc/charts/gitlab/migrations/index.md
+++ b/chart/doc/charts/gitlab/migrations/index.md
@@ -79,7 +79,6 @@ Table below contains all the possible charts configurations that can be supplied
| `extraVolumeMounts` | List of extra volumes mounts to do | |
| `extraEnv` | List of extra environment variables to expose | |
| `extraEnvFrom` | List of extra environment variables from other data sources to expose| |
-| `bootsnap.enabled` | Enable the Bootsnap cache for Rails | `true` |
| `priorityClassName` | [Priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) assigned to pods. | |
## Chart configuration examples
diff --git a/chart/doc/charts/globals.md b/chart/doc/charts/globals.md
index 4541ffc5de82cab54b78a54b4bc04797cb962fbc..4f67a15443f8fb733df1b48fcf1b623115036058 100644
--- a/chart/doc/charts/globals.md
+++ b/chart/doc/charts/globals.md
@@ -256,7 +256,7 @@ with the `-fips` extension to the image tag.
--set global.image.tagSuffix="-fips"
```
-## Custom timezone for all containers
+## Custom timezone for all containers
If you wish to set a custom timezone for all the GitLab containers, you can use the `global.time_zone` key. Refer to `TZ identifier` on the [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for the available values. Default is `UTC`.
@@ -460,6 +460,7 @@ global:
redis:
host: redis.example.com
serviceName: redis
+ database: 7
port: 6379
auth:
enabled: true
@@ -476,6 +477,7 @@ global:
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
+| `database` | Integer | `0` | The database to connect to on the Redis server. |
| `user` | String | | The user used to authenticate against Redis (Redis 6.0+). |
| `auth.enabled` | Boolean | true | The `auth.enabled` provides a toggle for using a password with the Redis instance. |
| `auth.key` | String | | The `auth.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. |
@@ -1362,10 +1364,10 @@ This property has two sub-keys: `secret` and `key`.
- `key` is the name of the key in the secret which houses the YAML block. Defaults to `connection`.
Valid configuration keys can be found in the [GitLab Job Artifacts Administration](https://docs.gitlab.com/ee/administration/job_artifacts.html#s3-compatible-connection-settings)
-documentation. This matches to [Fog](https://github.com/fog), and is different between
+documentation. This matches to [Fog](https://github.com/fog/fog.github.com), and is different between
provider modules.
-Examples for [AWS](https://fog.io/storage/#using-amazon-s3-and-fog) and [Google](https://fog.io/storage/#google-cloud-storage)
+Examples for [AWS](https://fog.github.io/storage/#using-amazon-s3-and-fog) and [Google](https://fog.github.io/storage/#google-cloud-storage)
providers can be found in [`examples/objectstorage`](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/objectstorage).
- [`rails.s3.yaml`](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/objectstorage/rails.s3.yaml)
diff --git a/chart/doc/charts/registry/index.md b/chart/doc/charts/registry/index.md
index 07fa999e73adfb2c95108edc10213987771b915e..1b6501691bb03df56a8421ad123c2ed795a1ef10 100644
--- a/chart/doc/charts/registry/index.md
+++ b/chart/doc/charts/registry/index.md
@@ -76,7 +76,7 @@ registry:
interval: 24h
dryrun: false
image:
- tag: 'v4.14.0-gitlab'
+ tag: 'v4.15.0-gitlab'
pullPolicy: IfNotPresent
annotations:
service:
@@ -187,7 +187,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the
| `image.pullPolicy` | | Pull policy for the registry image |
| `image.pullSecrets` | | Secrets to use for image repository |
| `image.repository` | `registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry` | Registry image |
-| `image.tag` | `v4.14.0-gitlab` | Version of the image to use |
+| `image.tag` | `v4.15.0-gitlab` | Version of the image to use |
| `init.image.repository` | | initContainer image |
| `init.image.tag` | | initContainer image tag |
| `init.containerSecurityContext` | | initContainer specific [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) |
@@ -430,7 +430,7 @@ You can change the included version of the Registry and `pullPolicy`.
Default settings:
-- `tag: 'v4.14.0-gitlab'`
+- `tag: 'v4.15.0-gitlab'`
- `pullPolicy: 'IfNotPresent'`
## Configuring the `service`
diff --git a/chart/doc/development/ci.md b/chart/doc/development/ci.md
index e26d459c74b6a458d4209998a63e38aefef62b5f..7990f69778543e63a28a7fa3b68752c16ccf719e 100644
--- a/chart/doc/development/ci.md
+++ b/chart/doc/development/ci.md
@@ -8,8 +8,8 @@
### LIMIT_TO
-`LIMIT_TO` allows to isolate singular logical block of pipeline and *only* execute that block skipping all other blocks. This allows for faster iteration as developer may choose to test only a singular platform before code is ready for more thorough testing. It also allows for external pipeline invocations for very specific scenarios.
+`LIMIT_TO` allows to isolate singular logical block of pipeline and *only* execute that block skipping all other blocks. This allows for faster iteration as developer may choose to test only a singular platform before code is ready for more thorough testing. It also allows for external pipeline invocations for very specific scenarios.
`LIMIT_TO` accepts only a single value.
-Empty value implies that there are no limits and that pipeline shall be executed in full.
+Empty value implies that there are no limits and that pipeline shall be executed in full.
diff --git a/chart/doc/installation/cloud/index.md b/chart/doc/installation/cloud/index.md
index ee8df737bc9a68c6c62610a66631c356cd9a0646..5fe63b0cdf1a372be97f1258b5c5e4813593ca12 100644
--- a/chart/doc/installation/cloud/index.md
+++ b/chart/doc/installation/cloud/index.md
@@ -39,7 +39,7 @@ We welcome reports made to our [issue tracker](https://gitlab.com/gitlab-org/cha
Some GitLab features might not work on deprecated releases or releases older than the releases listed above.
-For some components, like the [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/#gitlab-agent-for-kubernetes-supported-cluster-versions) and [GitLab Operator](https://docs.gitlab.com/operator/installation.html#kubernetes), GitLab might support different cluster releases.
+For some components, like the [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/) and [GitLab Operator](https://docs.gitlab.com/operator/installation.html), GitLab might support different cluster releases.
WARNING:
Kubernetes nodes must use the x86-64 architecture.
diff --git a/chart/doc/installation/secrets.md b/chart/doc/installation/secrets.md
index fd653c2916cb88319133836f597e4b631bc8afea..d59af5c63a0065ce3dc98fa68bf80478d0abed8d 100644
--- a/chart/doc/installation/secrets.md
+++ b/chart/doc/installation/secrets.md
@@ -224,6 +224,8 @@ This secret is referenced by the `global.praefect.authToken.secret` setting.
### GitLab Rails secret
+> - The `active_record_encryption_*` keys were added in [GitLab 17.8](../releases/8_0.md#upgrade-to-880).
+
Replace `<name>` with the name of the release.
```shell
@@ -250,9 +252,6 @@ This secret is referenced by the `global.railsSecrets.secret` setting.
It is **not recommended** to rotate this secret as it contains the database encryption keys. If the secret is
rotated, the result will be the same behavior exhibited [when the secrets file is lost](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#when-the-secrets-file-is-lost).
-NOTE:
-The `encrypted_settings_key_base` was added in GitLab `13.7`, and will be required for GitLab `14.0`.
-
### GitLab Workhorse secret
Generate the workhorse secret. This must have a length of 32 characters and
diff --git a/chart/doc/installation/upgrade.md b/chart/doc/installation/upgrade.md
index 22ab06abe6bbe2bdd9ad13334e00b4d39654fcf7..fc4e3e0df4f8922fa11fe459d681ba29ec9b1dbf 100644
--- a/chart/doc/installation/upgrade.md
+++ b/chart/doc/installation/upgrade.md
@@ -21,9 +21,7 @@ Because the GitLab chart versions don't follow the same numbering as GitLab vers
see the [version mappings](version_mappings.md) between them.
NOTE:
-**Zero-downtime upgrades** are not available with the GitLab charts.
-Ongoing work to support this feature can be tracked via
-[the GitLab Operator epic](https://gitlab.com/groups/gitlab-org/cloud-native/-/epics/52).
+**Zero-downtime upgrades** are not available with the GitLab charts but can be achieved by using [GitLab Operator](https://docs.gitlab.com/operator/gitlab_upgrades.html).
We also recommend that you take a [backup](../backup-restore/index.md) first. Also note that you
must provide all values using `helm upgrade --set key=value` syntax or `-f values.yaml` instead of
diff --git a/chart/doc/installation/version_mappings.md b/chart/doc/installation/version_mappings.md
index bb95df50dbfe8564dc8166189913f68185ec4b28..33d29f606578b638dd68b076092018c85a353d85 100644
--- a/chart/doc/installation/version_mappings.md
+++ b/chart/doc/installation/version_mappings.md
@@ -33,14 +33,17 @@ The table below maps some of the key previous supported chart versions and suppo
| Chart version | GitLab version |
|---------------|----------------|
+| 8.8.1 | 17.8.1 |
+| 8.8.0 | 17.8.0 |
| 8.7.4 | 17.7.2 |
| 8.7.3 | 17.7.1 |
| 8.7.2 | 17.7.0 |
-| 8.7.1 | 17.7.0 |
| 8.7.0 | 17.7.0 |
+| 8.6.3 | 17.6.3 |
| 8.6.2 | 17.6.2 |
| 8.6.1 | 17.6.1 |
| 8.6.0 | 17.6.0 |
+| 8.5.5 | 17.5.5 |
| 8.5.4 | 17.5.4 |
| 8.5.3 | 17.5.3 |
| 8.5.2 | 17.5.2 |
diff --git a/chart/doc/releases/8_0.md b/chart/doc/releases/8_0.md
index 9bb2a83f371f56a62f16fc484713400add3d0368..2bb5f5a9ba943fbc2a9f323bdb8414ead2236150 100644
--- a/chart/doc/releases/8_0.md
+++ b/chart/doc/releases/8_0.md
@@ -20,6 +20,41 @@ See [GitLab 17 changes](https://docs.gitlab.com/ee/update/versions/gitlab_17_cha
To upgrade to the `8.0` version of the chart, you first need to upgrade to the latest `7.11.x`
release of the chart. Check the [version mapping details](../installation/version_mappings.md) for the latest patch.
+### Upgrade to 8.8.0
+
+If you disabled the [`shared-secrets` job](../charts/shared-secrets.md#disable-functionality),
+you'll need to manually create three new secrets. If you have it enabled (default behavior), then there's nothing to do, as the new secrets will be auto-generated.
+
+- `active_record_encryption_primary_key`
+- `active_record_encryption_deterministic_key`
+- `active_record_encryption_key_derivation_salt`
+
+The secrets format can be seen in [the GitLab Rails secrets section](../installation/secrets.md#gitlab-rails-secret).
+
+Here are the steps to populate these 3 secrets:
+
+1. [Back up the secrets](../backup-restore/backup.md#back-up-the-secrets).
+1. Generate 3 different 32-chars random strings –one for each of the new secrets– with `LC_ALL=C < /dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32`
+1. Add the secrets at the end of `gitlab-secrets.yaml`:
+
+ ```yaml
+ active_record_encryption_primary_key:
+ - "<first 32-chars random string>"
+ active_record_encryption_deterministic_key:
+ - "<second 32-chars random string>"
+ active_record_encryption_key_derivation_salt: "<third 32-chars random string>"
+ ```
+
+1. Create a new `secret` resource (replace `<name>` with the name of the release):
+
+ ```shell
+ kubectl create secret generic <name>-rails-secret-v2 --from-file=gitlab-secrets.yaml
+ ```
+
+1. Update the `global.railsSecrets.secret` in your `values.yaml` file to point to the new `<name>-rails-secret-v2` secret resource.
+1. Upgrade the GitLab Chart release with this new value, but making sure other old values still apply (for example, [don't use the `--reuse-values` flag](../installation/upgrade.md)).
+1. Confirm that GitLab is working as expected. If it is, it should be safe to delete the old `<name>-rails-secret` secret resource.
+
### Upgrade to 8.6.0
The `app` label of the Job that performs the database migrations for the registry metadata database has
diff --git a/chart/requirements.lock b/chart/requirements.lock
index e89ef718c740c925e28dad1bba6f356066b27c5f..b3a85663b6a1fae42451813b89f70094f6ff6229 100644
--- a/chart/requirements.lock
+++ b/chart/requirements.lock
@@ -22,7 +22,7 @@ dependencies:
version: 12.5.2
- name: gitlab-runner
repository: https://charts.gitlab.io/
- version: 0.71.0
+ version: 0.72.0
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.13.2
@@ -37,12 +37,12 @@ dependencies:
version: 1.4.3
- name: gluon
repository: oci://registry1.dso.mil/bigbang
- version: 0.5.12
+ version: 0.5.14
- name: traefik
repository: https://helm.traefik.io/traefik
version: 10.19.4
- name: kubernetes-ingress
repository: https://haproxytech.github.io/helm-charts
version: 1.32.0
-digest: sha256:21dd06b33ea0567bdece9abb2a3dff308e4d9111d4f3c91667e8d12c7d7e92d0
-generated: "2025-01-15T13:08:24.330905-05:00"
+digest: sha256:c426626626761ac60ff8acc301c56da4af0a16aaf92c915c0ff04c40a30ea109
+generated: "2025-01-24T17:56:34.90962225-06:00"
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index 2fda5f93e1736cdf61146dc6ebf7463a7fafd0c5..81c452430c5bc2176e9d6f7261465e893742c68a 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -21,7 +21,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: postgresql.install
- name: gitlab-runner
- version: 0.71.0
+ version: 0.72.0
repository: https://charts.gitlab.io/
condition: gitlab-runner.install
- name: redis
@@ -40,7 +40,7 @@ dependencies:
repository: https://charts.gitlab.io/
condition: gitlab-zoekt.install
- name: gluon
- version: "0.5.12"
+ version: "0.5.14"
repository: "oci://registry1.dso.mil/bigbang"
- name: traefik
repository: https://helm.traefik.io/traefik
diff --git a/chart/spec/configuration/certmanager_issuer_spec.rb b/chart/spec/configuration/certmanager_issuer_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..af35dbecc3fc610361f33f8f69a0ba896458f5c4
--- /dev/null
+++ b/chart/spec/configuration/certmanager_issuer_spec.rb
@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'hash_deep_merge'
+require 'helm_template_helper'
+require 'yaml'
+
+describe 'certmanager_issuer configuration' do
+ let(:default_values) do
+ HelmTemplate.defaults
+ end
+
+ let(:required_resources) do
+ %w[Role RoleBinding ServiceAccount]
+ end
+
+ context 'default chart values' do
+ it 'creates certmanager_issuer related resources with default values' do
+ template = HelmTemplate.new(default_values)
+
+ required_resources.each do |resource|
+ resource_name = "#{resource}/test-certmanager-issuer"
+
+ expect(template.resources_by_kind(resource)[resource_name]).to be_present
+ end
+
+ jobs = template.resources_by_kind("Job")
+ issuer_job = jobs.find { |key, _| key.start_with?("Job/test-issuer-") }.last
+
+ # Expectation for the metadata name prefix
+ expect(issuer_job["metadata"]["name"]).to match(/^test-issuer-[a-f0-9]+$/)
+
+ # Expectation for the container image needs to be a regex to work for master and stable branches.
+ expect(issuer_job["spec"]["template"]["spec"]["containers"][0]["image"]).to match(%r{^registry\.gitlab\.com/gitlab-org/build/cng/kubectl:(v\d+\.\d+\.\d+|master)$})
+
+ # Expectation for the rest of the structure
+ expect(issuer_job).to include(
+ "apiVersion" => "batch/v1",
+ "kind" => "Job",
+ "metadata" => include(
+ "namespace" => "default",
+ "labels" => {
+ "app" => "certmanager-issuer",
+ "chart" => "certmanager-issuer-0.2.0",
+ "release" => "test",
+ "heritage" => "Helm"
+ }
+ ),
+ "spec" => include(
+ "activeDeadlineSeconds" => 300,
+ "ttlSecondsAfterFinished" => 1800,
+ "template" => include(
+ "metadata" => { "labels" => { "app" => "certmanager-issuer", "release" => "test" } },
+ "spec" => include(
+ "securityContext" => { "runAsUser" => 65534, "fsGroup" => 65534, "seccompProfile" => { "type" => "RuntimeDefault" } },
+ "serviceAccountName" => "test-certmanager-issuer",
+ "restartPolicy" => "OnFailure",
+ "containers" => include(
+ include(
+ "name" => "create-issuer",
+ "command" => ["/bin/bash", "/scripts/create-issuer", "/scripts/issuer.yml"],
+ "securityContext" => {
+ "allowPrivilegeEscalation" => false,
+ "capabilities" => { "drop" => ["ALL"] },
+ "runAsGroup" => 65534,
+ "runAsNonRoot" => true,
+ "runAsUser" => 65534
+ },
+ "volumeMounts" => [{ "name" => "scripts", "mountPath" => "/scripts" }],
+ "resources" => { "requests" => { "cpu" => "50m" } }
+ )
+ ),
+ "volumes" => [{ "name" => "scripts", "configMap" => { "name" => "test-certmanager-issuer-certmanager" } }]
+ )
+ )
+ )
+ )
+ end
+ end
+
+ context 'when configureCertmanager is disabled' do
+ it 'does not create any certmanager_issuer related resource' do
+ template = HelmTemplate.new(default_values.deep_merge!(
+ { 'global' => { 'ingress' => { 'configureCertmanager' => false } } })
+ )
+
+ required_resources.each do |resource|
+ resource_name = "#{resource}/test-certmanager-issuer"
+
+ expect(template.resources_by_kind(resource)[resource_name]).to be_nil
+ end
+
+ expect(template.resources_by_kind("Job").keys.select { |k| k.start_with?("Job/test-issuer-") }).to be_empty
+ end
+ end
+end
diff --git a/chart/spec/configuration/gitaly_spec.rb b/chart/spec/configuration/gitaly_spec.rb
index 422a152b82615abb772175695e7a551908b0d973..98a9bc28a4bed0186acf69b09a7fea70feb75010 100644
--- a/chart/spec/configuration/gitaly_spec.rb
+++ b/chart/spec/configuration/gitaly_spec.rb
@@ -527,6 +527,42 @@ describe 'Gitaly configuration' do
end
end
+ context 'shareProcessNamespace' do
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ gitaly:
+ shareProcessNamespace: #{share_process_namespace_enabled}
+ )).merge(default_values)
+ end
+
+ let(:gitaly_stateful_set) { 'StatefulSet/test-gitaly' }
+
+ context 'when enabled' do
+ let(:share_process_namespace_enabled) { true }
+
+ it 'enables shareProcessNamespace' do
+ t = HelmTemplate.new(values)
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_template_spec = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']
+ expect(gitaly_template_spec).to include(
+ 'shareProcessNamespace' => true
+ )
+ end
+ end
+
+ context 'when not enabled' do
+ let(:share_process_namespace_enabled) { false }
+
+ it 'does not set shareProcessNamespace' do
+ t = HelmTemplate.new(values)
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_template_spec = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']
+ expect(gitaly_template_spec).not_to include('shareProcessNamespace')
+ end
+ end
+ end
+
context 'cgroups' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/gitlab_exporter_spec.rb b/chart/spec/configuration/gitlab_exporter_spec.rb
index d5550ff29ffc0d105cd26dc9c926ddf1acce00a4..e69420211947e684d9ed499df233a297eded90aa 100644
--- a/chart/spec/configuration/gitlab_exporter_spec.rb
+++ b/chart/spec/configuration/gitlab_exporter_spec.rb
@@ -35,11 +35,26 @@ describe 'gitlab-exporter configuration' do
it 'configures Redis' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379/0")
expect(sidekiq_config['opts']).not_to include('redis_sentinels')
end
end
+ context 'with custom redis database value' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ database: 4
+ )).deep_merge(default_values)
+ end
+
+ it 'configures Redis' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379/4")
+ end
+ end
+
context 'When customer provides additional labels' do
let(:values) do
YAML.safe_load(%(
@@ -103,7 +118,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
{ 'host' => 'sentinel1.example.com', 'port' => 26379 },
@@ -131,7 +146,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@queues.redis.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@queues.redis.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
{ 'host' => 'sentinel1.example.com', 'port' => 26379 },
@@ -164,7 +179,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels with password' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinel_password']).to eq(RuntimeTemplate::JUNK_PASSWORD)
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
diff --git a/chart/spec/configuration/kas_spec.rb b/chart/spec/configuration/kas_spec.rb
index b8bbf86e8a1cc1acac1bd8765ff2462d81ea5eaf..ffec4c9b3fddba8335f2f84a060dd1eb320819e7 100644
--- a/chart/spec/configuration/kas_spec.rb
+++ b/chart/spec/configuration/kas_spec.rb
@@ -290,6 +290,19 @@ describe 'kas configuration' do
))
end
+ let(:sentinels_database) do
+ YAML.safe_load(%(
+ redis:
+ host: global.host
+ database: 6
+ sentinels:
+ - host: sentinel1.example.com
+ port: 26379
+ - host: sentinel2.example.com
+ port: 26379
+ ))
+ end
+
context 'when redis is disabled' do
let(:kas_values) do
default_kas_values.deep_merge!(YAML.safe_load(%(
@@ -336,9 +349,28 @@ describe 'kas configuration' do
end
end
+ context 'when global redis has database value' do
+ let(:kas_values) do
+ default_kas_values.deep_merge!(YAML.safe_load(%(
+ global:
+ redis:
+ database: 3
+ )))
+ end
+
+ it 'has set url' do
+ expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 3
+ server:
+ address: test-redis-master.default.svc:6379
+ )))
+ end
+ end
+
context 'when no sentinel is setup' do
it 'takes the global redis config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
password_file: /etc/kas/redis/redis-password
server:
address: test-redis-master.default.svc:6379
@@ -359,6 +391,28 @@ describe 'kas configuration' do
it 'takes the global sentinel redis config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
+ sentinel:
+ addresses:
+ - sentinel1.example.com:26379
+ - sentinel2.example.com:26379
+ master_name: global.host
+ )))
+ end
+ end
+
+ context 'when sentinel and database are setup' do
+ let(:kas_values) do
+ vals = default_kas_values
+ vals['global'].deep_merge!(sentinels_database)
+ vals.deep_merge!('redis' => { 'install' => false })
+ end
+
+ it_behaves_like 'mounts global redis secret'
+
+ it 'takes the global sentinel and database redis config' do
+ expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 6
sentinel:
addresses:
- sentinel1.example.com:26379
@@ -439,6 +493,7 @@ describe 'kas configuration' do
let(:sentinels) { {} }
it 'configures a sharedState server config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
password_file: /etc/kas/redis/sharedState-password
server:
address: shared.redis:6378
diff --git a/chart/spec/configuration/mailroom_spec.rb b/chart/spec/configuration/mailroom_spec.rb
index 1b94ccc49adc39412e67bf6c992b9b6c307557b4..fcdaeb5c1464ae3c8879d62632e135c8a5aa78d6 100644
--- a/chart/spec/configuration/mailroom_spec.rb
+++ b/chart/spec/configuration/mailroom_spec.rb
@@ -330,13 +330,27 @@ describe 'Mailroom configuration' do
t = HelmTemplate.new(values)
expect(t.exit_code).to eq(0)
# configure the external-redis server, port, secret
- expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999")
+ expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999/0")
projected_volume = t.projected_volume_sources('Deployment/test-mailroom','init-mailroom-secrets')
redis_mount = projected_volume.select { |item| item['secret']['name'] == "external-redis-secret" }
expect(redis_mount.length).to eq(1)
expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).not_to include(":sentinels:")
end
+ it 'Populates configured database host, port, password' do
+ local = YAML.safe_load(%(
+ global:
+ redis:
+ host: external-redis
+ port: 9999
+ database: 7
+ ))
+ t = HelmTemplate.new(values.deep_merge(local))
+ expect(t.exit_code).to eq(0)
+ # configure the external-redis server, port, secret
+ expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999/7")
+ end
+
it 'Populates Sentinels, when configured' do
local = YAML.safe_load(%(
global:
diff --git a/chart/spec/configuration/redis_spec.rb b/chart/spec/configuration/redis_spec.rb
index dd5db4230b04f7b7330a5ba0e5f47dc425f3091f..5f5720c1eacbf7ab30883d655c80396e342a003d 100644
--- a/chart/spec/configuration/redis_spec.rb
+++ b/chart/spec/configuration/redis_spec.rb
@@ -45,6 +45,26 @@ describe 'Redis configuration' do
expect(resque_yml.dig('production', 'write_timeout')).to eq(5)
end
end
+
+ context 'custom redis database value' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: resque.redis
+ port: 6379
+ database: 4
+ redis:
+ install: false
+ )).deep_merge(default_values)
+ end
+
+ it 'configures Redis' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque.redis:6379/4")
+ end
+ end
end
describe 'global.redis.auth.enabled' do
diff --git a/chart/spec/configuration/workhorse_spec.rb b/chart/spec/configuration/workhorse_spec.rb
index d8c27b583799c79b2e16420cd0c0fa95340aa8d0..7240bf9b34f82d5e58d7141b13af360cdebcc51c 100644
--- a/chart/spec/configuration/workhorse_spec.rb
+++ b/chart/spec/configuration/workhorse_spec.rb
@@ -155,18 +155,50 @@ describe 'Workhorse configuration' do
context 'configuring dedicated redis' do
let(:template) { HelmTemplate.new(values) }
+ context 'with default redis database' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: global.redis
+ auth:
+ enabled: true
+ secret: global-secret
+ redis:
+ install: false
+ )).deep_merge(default_values)
+ end
+
+ it 'renders the global redis config' do
+ toml = render_toml(raw_toml)
+
+ expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
+
+ redis_config = toml['redis']
+
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
+ expect(redis_config['URL']).to eq('redis://global.redis:6379')
+ expect(redis_config['DB']).to eq(0)
+ expect(redis_config['Password']).to eq(global_redis_password)
+
+ expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/redis-password')
+ expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/redis-password')
+ end
+ end
+
context 'with global redis' do
let(:values) do
YAML.safe_load(%(
global:
redis:
host: global.redis
+ database: 3
auth:
enabled: true
secret: global-secret
redis:
install: false
- )).merge(default_values)
+ )).deep_merge(default_values)
end
it 'renders the global redis config' do
@@ -176,8 +208,9 @@ describe 'Workhorse configuration' do
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://global.redis:6379')
+ expect(redis_config['DB']).to eq(3)
expect(redis_config['Password']).to eq(global_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/redis-password')
@@ -210,8 +243,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
@@ -228,8 +262,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL])
+ expect(redis_config.keys).to match_array(%w[URL DB])
expect(redis_config['URL']).to eq('redis://workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
end
end
end
@@ -254,8 +289,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://redis-user@workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
@@ -269,6 +305,7 @@ describe 'Workhorse configuration' do
global:
redis:
host: global.redis
+ database: 7
auth:
enabled: true
secret: global-secret
@@ -290,20 +327,22 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://workhorse-redis-user@workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(7)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
end
end
- context 'with redis sentinel' do
+ context 'with redis sentinel and database' do
let(:values) do
YAML.safe_load(%(
global:
redis:
host: global.redis
+ database: 9
auth:
enabled: true
secret: global-secret
@@ -334,10 +373,11 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel])
+ expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
expect(redis_config['Password']).to eq(workhorse_redis_password)
+ expect(redis_config['DB']).to eq(9)
expect(template.dig("ConfigMap/test-workhorse-default", "data", 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
end
@@ -353,7 +393,7 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[SentinelMaster Sentinel])
+ expect(redis_config.keys).to match_array(%w[SentinelMaster Sentinel DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
end
@@ -397,11 +437,12 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel SentinelPassword])
+ expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel SentinelPassword DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(redis_config['SentinelPassword']).to eq(global_redis_sentinel_password)
+ expect(redis_config['DB']).to eq(0)
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
diff --git a/chart/spec/gitlab_test_helper.rb b/chart/spec/gitlab_test_helper.rb
index 33808c0b70b2775ee4928040a2bf9be9a9b3a038..93b4c3ae969f509fcd3b8dfc9a0e8bcdb9cd26d4 100644
--- a/chart/spec/gitlab_test_helper.rb
+++ b/chart/spec/gitlab_test_helper.rb
@@ -150,7 +150,9 @@ module Gitlab
filters="#{filters},release=#{ENV['RELEASE_NAME']}"
end
- stdout, status = Open3.capture2e("kubectl rollout status #{type} -l'#{filters}' --timeout=#{kube_timeout_parse('KUBE_ROLLOUT_TIMEOUT')}")
+ cmd = "kubectl rollout status #{type} -l'#{filters}' --timeout=#{kube_timeout_parse('KUBE_ROLLOUT_TIMEOUT')}"
+ puts "Executing in Namespace #{ENV['KUBE_NAMESPACE']}: #{cmd}"
+ stdout, status = Open3.capture2e(cmd)
raise stdout unless status.success?
end
diff --git a/chart/templates/_redis.tpl b/chart/templates/_redis.tpl
index 7ba03e59ee1624e64cd046b8ed7dc0ed8dcc4769..7935acf010448fc736812cad1354bc05ebba887e 100644
--- a/chart/templates/_redis.tpl
+++ b/chart/templates/_redis.tpl
@@ -15,7 +15,7 @@ Build a dict of redis configuration
{{- if and $.Values.global.redis.redisYmlOverride $.redisConfigName -}}
{{- $hasOverrideSecret = (kindIs "map" (dig $.redisConfigName "password" "" $.Values.global.redis.redisYmlOverride)) -}}
{{- end -}}
-{{- range $want := list "host" "port" "scheme" "user" -}}
+{{- range $want := list "host" "port" "scheme" "user" "database" -}}
{{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}}
{{- end -}}
{{- if and $hasOverrideSecret $.usingOverride -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 6ebcac5ec67fa08aa7ec3a263515a585f1223b2d..2a929b284ced51dc281a3cee6742a9594c52d191 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -57,7 +57,7 @@ global:
edition: ee
## https://docs.gitlab.com/charts/charts/globals#gitlab-version
- gitlabVersion: "17.7.2"
+ gitlabVersion: "17.8.1"
## https://docs.gitlab.com/charts/charts/globals#application-resource
application:
@@ -193,6 +193,7 @@ global:
# writeTimeout: 1
# host: redis.hostedsomewhere.else
# port: 6379
+ # database: 0
# user: webservice
# sentinels:
# - host:
@@ -825,7 +826,7 @@ global:
certificates:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/certificates
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -874,7 +875,7 @@ global:
kubectl:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
securityContext:
@@ -891,7 +892,7 @@ global:
# 1. UBI does not have the newly required /scripts/set-config template generator in its entrypoint.
# a. trying gitlab-base per https://repo1.dso.mil/dsop/gitlab/gitlab/gitlab-base/-/issues/77
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base
- tag: "17.7.2"
+ tag: "17.8.1"
pullSecrets:
- name: private-registry
@@ -1478,7 +1479,7 @@ registry:
memory: 1024Mi
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
ingress:
@@ -1618,7 +1619,7 @@ gitlab:
app: gitaly
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1695,7 +1696,7 @@ gitlab:
- ALL
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
metrics:
@@ -1740,7 +1741,7 @@ gitlab:
memory: 1.5G
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
securityContext:
@@ -1789,7 +1790,7 @@ gitlab:
memory: 2.5G # = 2 * 1.25G assuming there are 2 workerProcesses configured
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
workhorse:
@@ -1802,7 +1803,7 @@ gitlab:
cpu: 600m
memory: 2.5G
image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
metrics:
@@ -1826,7 +1827,7 @@ gitlab:
sidekiq:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1863,7 +1864,7 @@ gitlab:
gitaly:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1904,7 +1905,7 @@ gitlab:
gitlab-shell:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1948,7 +1949,7 @@ gitlab:
mailroom:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
containerSecurityContext:
@@ -1965,7 +1966,7 @@ gitlab:
type: ClusterIP
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages
- tag: 17.7.2
+ tag: 17.8.1
containerSecurityContext:
capabilities:
drop:
@@ -1976,7 +1977,7 @@ gitlab:
praefect:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.7.2
+ tag: 17.8.1
init:
resources:
limits:
diff --git a/tests/images.txt b/tests/images.txt
index 4a0d41c595abbec97746f5f26ea491b4f7e87ade..a2e288edd45c562991020280dab6459769e588a1 100644
--- a/tests/images.txt
+++ b/tests/images.txt
@@ -1,2 +1,2 @@
-registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.7.2
-registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.7.2
+registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.8.1
+registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.8.1