Merge branch 'main' into 'main'

attempt to catch up fork with package Closes platform-one/big-bang/bigbang#833 See merge request !1

Merge branch 'main' into 'main'
fa219162 · Ryan Garcia · d2e0b5a8 · 2a4b0698 · d2e0b5a8 · fa219162
Commit fa219162 authored 3 years ago by Ryan Garcia
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-include:
-  - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates'
-    ref: master
-    file: '/templates/package-tests.yml'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,9 +5,6 @@
 - comment the *.tgz from the .gitignore file
 - commit the tar archives that were downloaded from the helm dependency update command

-## chart/requirements.yaml
- change all external dependency links to point to the local file system
-
 ## chart/values.yaml
 - disable all internal services other than postgres, minio, and redis
 - add BigBang additional values at bottom of values.yaml
@@ -37,12 +34,75 @@
      subPath: ca-bundle.crt
      readOnly: true
    ```
+
 ## chart/charts/minio/templates/_helper_create_buckets.sh
 - hack the MinIO sub-chart to work with newer mc version in IronBank image   
    line 65  
    ```
    /usr/bin/mc policy set $POLICY myminio/$BUCKET
    ```
+    
+## chart/charts/minio/templates/create-buckets-job.yaml    
+- hack the MinIO sub-chart to add annotation to to conditionally disable istio injection   
+    lines 22-25
+    ```
+    {{- if .Values.global.istio.enabled }}  
+    annotations:
+      sidecar.istio.io/inject: "false"
+    {{- end }}
+    ```
+## chart/charts/gitlab/charts/migrations/templates/_jobspec.yaml
+- add curl to quit istio proxy
+    lines 77-82
+    ```
+    {{- if and .Values.global.istio.enabled (eq .Values.global.istio.injection "enabled") }}
+      - '&& sleep 5'
+      - '&& echo "Attempting to stop the istio proxy..."'
+      - '&& echo "curl -X POST http://localhost:15020/quitquitquit"'
+      - '&& curl -X POST http://localhost:15020/quitquitquit'
+    {{- end }}
+    ```
+
+## gitlab/chart/templates/shared-secrets/_self-signed-cert-job.yml
+- add curl to quit isto proxy
+  lines 108-114
+  ```
+  {{- if and .Values.global.istio.enabled (eq .Values.global.istio.injection "enabled") }}
+  # Stop istio sidecar container so gitlab can continue installing
+  until curl -fsI http://localhost:15021/healthz/ready; do echo "Waiting for Istio sidecar proxy..."; sleep 3; done;
+  sleep 5
+  echo "Istio proxy container is ready. Now stop the istio proxy..."
+  curl -X POST http://localhost:15020/quitquitquit
+  {{- end }}
+  ```
+
+## gitlab/chart/templates/shared-secrets/_generate_secrets.sh.tpl
+- add curl to quit isto proxy
+  lines 198-205
+  ```
+  {{ if and .Values.global.istio.enabled (eq .Values.global.istio.injection "enabled") }}
+  # Stop istio sidecar container so gitlab can continue installing
+  until curl -fsI http://localhost:15021/healthz/ready; do echo "Waiting for Istio sidecar proxy..."; sleep 3; done;
+  sleep 5
+  echo "Istio proxy container is ready. Now stop the istio proxy..."
+  echo "curl -X POST http://localhost:15020/quitquitquit"
+  curl -X POST http://localhost:15020/quitquitquit
+  {{ end }}
+  ```
+
+## chart/templates/_runcheck.tpl
+- add curl to quit isto proxy
+  lines 78-84
+  ```
+  {{- if and .Values.global.istio.enabled (eq .Values.global.istio.injection "enabled") }}
+  # Stop istio sidecar container so gitlab can continue installing
+  until curl -fsI http://localhost:15021/healthz/ready; do echo "Waiting for Istio sidecar proxy..."; sleep 3; done;
+    sleep 5
+    echo "Istio proxy container is ready. Now stop the istio proxy..."
+  curl -X POST http://localhost:15020/quitquitquit
+  {{- end }}
+  ```
+
 ## chart/charts/gitlab/charts/gitlab-exporter/templates/bigbang/service-monitor.yaml
 - add ServiceMonitor to Gitlab sub-chart ```gitlab-exporterr``` to enable prometheus monitoring
  
@@ -55,20 +115,51 @@
 ## chart/.helmignore
 - change `scripts/` to `/scripts/` so that the helm test scripts are not ignored

-## fixes for flux helmrelease errors
- chart/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml #24-25  
-  remove duplicate hard coded ```app:``` and ```realm:``` labels
- chart/charts/gitlab/charts/gitaly/templates/statefulset.yml #10  
-  remove duplicate immutable labels
- chart/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml  #21-22  
-  remove duplicate hard codded ```app:``` and ```release:``` labels
- chart/charts/gitlab/charts/gitlab-shell/templates/nginx-tcp-configmap.yml #14  
-  quote port --> ```{{ $port | quote }}```
-
 # Changelog

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [5.3.1-bb.9] - 2021-11-10
+- improvements for istio sidecar proxy injection
+
+## [5.3.1-bb.8] - 2021-11-04
+- add istio injection for upgrade job
+- remove rolling upgade job.
+
+## [5.3.1-bb.7] - 2021-11-04
+- add istio injection for shared-secrets jobs
+
+## [5.3.1-bb.6] - 2021-11-03
+- add istio injection for migrations job
+
+## [5.3.1-bb.5] - 2021-11-01
+- Fixed CI for upgrades
+
+## [5.3.1-bb.4] - 2021-10-29
+- Add check for AWS IAM profile to update the egress-kube-api network policy to allow access to AWS metadata endpoint
+- Add specific NetworkPolicy templates for 4 pods to hit AWS metadata endpoint to use IAM Role
+
+## [5.3.1-bb.3] - 2021-10-29
+- increase resoures for gitaly
+- conditionally disable istio injection for the upgrade-check job
+- modify minio sub-chart to conditionally disable istio injection for the create-buckets job
+
+## [5.3.1-bb.2] - 2021-10-17
+- Update rolling upgrade job with variable for release tag
+
+## [5.3.1-bb.1] - 2021-10-15
+- Updated README.md
+- Renamed docs/README.md to docs/overview.md
+
+## [5.3.1-bb.0] - 2021-10-08
+- upgrade Gitlab to application version 14.3.1 helm chart version v5.3.1
+- If upgrading from 13.12.9 to 14.3.1 must first upgrade to 14.0.5 see Gitlab documentation
+   https://docs.gitlab.com/ee/update/#upgrade-paths
+
+## [5.0.5-bb.0] - 2021-10-01
+- upgrade Gitlab to application version 14.0.5 helm chart version v5.0.5
+- notice: this upgrade requires postgresql 12 or higher
+
 ## [4.12.9-bb.6] - 2021-09-16
 - Updated test.sh with ENV variables from test-values
 - Updated Cypress tests with ENV variables from test-values

--- a/README.md
+++ b/README.md
--- a/chart/.gitlab-ci.yml
+++ b/chart/.gitlab-ci.yml
@@ -28,24 +28,27 @@ image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-ba

 variables:
  AUTO_DEPLOY_TAG_REGEX: '^[0-9]+\.[0-9]+\.[0-9]+\+[a-z0-9]{7,}$'
-  KUBECTL_VERSION: "v1.14.10"
+  KUBECTL_VERSION: "v1.16.15"
+  HELM_VERSION: "3.1.2"
  STABLE_REPO_URL: "https://charts.helm.sh/stable"
  GOOGLE_APPLICATION_CREDENTIALS: ${CI_PROJECT_DIR}/.google_keyfile.json
  # AUTO_DEVOPS_DOMAIN is the application deployment domain and should be set as a variable at the group or project level.
  # AUTO_DEVOPS_DOMAIN: domain.example.com
  GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab
  HELM_MAX_HISTORY: 20
-  TEST_BACKUP_PREFIX: 13.5.0-pre
+  TEST_BACKUP_PREFIX: "14.0.5"
  NAMESPACE: $KUBE_NAMESPACE

 stages:
  - prepare
+  - preflight
  - review
  - staging
  - canary
  - stable
  - specs
  - qa
+  - staging-release
  - package
  - cleanup

@@ -85,7 +88,7 @@ dependency_update:
    <<: *deps_pipeline

 lint_package:
-  stage: package
+  stage: preflight
  when: always
  script:
    - helm repo add gitlab https://charts.gitlab.io
@@ -107,7 +110,7 @@ lint_package:
      - *com_auto_deploy_branch_ref

 .kubeval:
-  stage: package
+  stage: preflight
  when: always
  script:
    - helm repo add gitlab https://charts.gitlab.io
@@ -122,15 +125,17 @@ lint_package:
      - /(^docs[\/-].+|.+-docs$)/
      - *com_auto_deploy_branch_ref

-"Validate 1.13.11":
+"Validate 1.16.15":
  extends: .kubeval
  variables:
-    KUBE_VERSION: "1.13.11"
+    KUBE_VERSION: "1.16.15"
+    KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/"

-"Validate 1.18.1":
+"Validate 1.20.7":
  extends: .kubeval
  variables:
-    KUBE_VERSION: "1.18.1"
+    KUBE_VERSION: "1.20.7"
+    KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/"

 .review_template:
  stage: review
@@ -213,6 +218,7 @@ review_eks:
  variables:
    GIT_CHECKOUT: "false"
  before_script: []
+  dependencies: []
  script:
    - git checkout master
    - source scripts/ci/autodevops.sh
@@ -425,7 +431,7 @@ danger-review:
    - danger --fail-on-errors=true

 rubocop:
-  image: ruby:2.7.2-alpine
+  image: ruby:2.7.4-alpine
  stage: prepare
  dependencies: []
  before_script:
@@ -448,7 +454,7 @@ rubocop:

 # Perform documentation linting on Markdown files
 check_docs_markdown:
-  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.13-vale-2.10.2-markdownlint-0.26.0
+  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.10.4-markdownlint-0.28.1
  stage: prepare
  cache: {}
  dependencies: []
@@ -457,8 +463,7 @@ check_docs_markdown:
    # Lint prose
    - vale --minAlertLevel error doc
    # Lint Markdown
-    - markdownlint --config .markdownlint.json 'doc/**/*.md'
-  retry: 2
+    - markdownlint --config .markdownlint.yml 'doc/**/*.md'
  except:
    variables:
      - $DEPS_PIPELINE
@@ -468,7 +473,7 @@ check_docs_markdown:

 # Perform link checks on published HTML files
 check_docs_links:
-  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.13-ruby-2.7.2
+  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.4-db71f027
  stage: prepare
  cache: {}
  dependencies: []
@@ -482,7 +487,6 @@ check_docs_links:
    - bundle exec nanoc check internal_links
    # Check the internal anchor links
    - bundle exec nanoc check internal_anchors
-  retry: 2
  except:
    variables:
      - $DEPS_PIPELINE
@@ -507,8 +511,8 @@ check_docs_links:
    GIT_STRATEGY: none
    DOCS_REVIEW_APPS_DOMAIN: 178.62.207.141.nip.io
    DOCS_GITLAB_REPO_SUFFIX: charts
-    # By default, deploy the Review App using the `master` branch of the `gitlab-org/gitlab-docs` project
-    DOCS_BRANCH: master
+    # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project
+    DOCS_BRANCH: main
  when: manual
  except:
    - triggers
@@ -540,7 +544,7 @@ review-docs-cleanup:
 # ---------------------------------------------------------------------------

 .specs: &specs
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36

  stage: specs
  services:
@@ -551,10 +555,7 @@ review-docs-cleanup:
    GITLAB_PASSWORD: $ROOT_PASSWORD
    S3_CONFIG_PATH: /etc/gitlab/minio
  script:
-    - |
-      curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
-      echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
-      apt update -qq && apt install docker-ce-cli=5:20.10.5~3-0~debian-buster
+    - ./scripts/ci/install_spec_dependencies
    - if [[ -n "${VARIABLES_FILE}" ]]; then source "${VARIABLES_FILE}"; ./scripts/ci/feature_spec_setup; else ./scripts/ci/integration_spec_setup; fi
    - bundle config set path 'gems'
    - bundle install -j $(nproc)
@@ -697,7 +698,7 @@ production_specs_eks:
    - source "${VARIABLES_FILE}"
    - app_version=$(ruby -e "require 'yaml'; puts YAML.safe_load(File.read('Chart.yaml'))['appVersion']")
    - qa_version="nightly"
-    - if [ "$app_version" != "master"  ]; then
+    - if [ "$app_version" != "master" && "$app_version" != "main" ]; then
    -   qa_version="${app_version}-ee"
    - fi
    - SIGNUP_DISABLED=true QA_DEBUG=true GITLAB_USERNAME=root GITLAB_PASSWORD=$ROOT_PASSWORD GITLAB_ADMIN_USERNAME=root GITLAB_ADMIN_PASSWORD=$ROOT_PASSWORD EE_LICENSE=$REVIEW_APPS_EE_LICENSE gitlab-qa Test::Instance::Any EE:$qa_version https://$QA_ENVIRONMENT_URL -- $TEST_SUITE
@@ -733,6 +734,20 @@ wait_for_dev_images:
    refs:
      - /.*-stable/@gitlab/charts/gitlab

+staging_release:
+  stage: staging-release
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3"
+  variables:
+    CHANNEL: "stable"
+  script:
+    - if [[ $CI_COMMIT_REF_NAME =~ $AUTO_DEPLOY_TAG_REGEX ]]; then export CHANNEL="autodeploy"; fi
+    - helm dependency update
+    - helm package .
+    - chart_file=$(ls -l gitlab*.tgz | head -n 1 | awk '{print $NF}')
+    - curl --request POST --user gitlab-ci-token:$CI_JOB_TOKEN --form "chart=@${chart_file}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/${CHANNEL}/charts"
+  only:
+    - tags@gitlab/charts/gitlab
+
 release_package:
  stage: package
  timeout: 2h
@@ -833,3 +848,21 @@ qa_eks_manual_full_suite:
    name: eks_review/$CI_COMMIT_REF_NAME
    on_stop: stop_review_eks
  when: manual
+
+create_operator_mr:
+  stage: package
+  timeout: 2h
+  image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker
+  allow_failure: true
+  before_script:
+    - bundle install
+  script:
+    - git fetch origin --tags
+    - bash scripts/create_operator_mr.sh
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+\+[^ ]{7,}\.[^ ]{7,}$/'
+      when: never
+    - if: '$CI_COMMIT_TAG && $CI_PROJECT_PATH == "gitlab/charts/gitlab"'
+      when: manual
+    - when: never
+  needs: []
--- a/chart/.gitlab/merge_request_templates/Documentation.md
+++ b/chart/.gitlab/merge_request_templates/Documentation.md
-<!-- Follow the documentation workflow https://docs.gitlab.com/ee/development/documentation/workflow.html -->
-<!-- Additional information is located at https://docs.gitlab.com/ee/development/documentation/ -->
-<!-- To find the designated Tech Writer for the stage/group, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers -->
-
-<!-- Mention "documentation" or "docs" in the MR title -->
-<!-- For changing documentation location use the "Change documentation location" template -->
-
 ## What does this MR do?

 <!-- Briefly describe what this MR is about. -->

 ## Related issues

-<!-- Link related issues below. Insert the issue link or reference after the word "Closes" if merging this should automatically close it. -->
+<!-- Link related issues below. -->

-## Author's checklist (required)
+## Author's checklist

- [ ] Follow the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html).
- If you have `developer` access or higher (for example, GitLab team members or [Core Team](https://about.gitlab.com/community/core-team/) members)
-  - [ ] Apply the ~documentation label, plus:
-    - ~"development guidelines" and ~"Description templates (.gitlab/\*)" when creating/updating issue and MR description templates.
-  - [ ] Assign the [designated Technical Writer](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
+- [ ] Consider taking [the GitLab Technical Writing Fundamentals course](https://gitlab.edcast.com/pathways/ECL-02528ee2-c334-4e16-abf3-e9d8b8260de4)
+- [ ] Follow the:
+  - [Documentation process](https://docs.gitlab.com/ee/development/documentation/workflow.html).
+  - [Documentation guidelines](https://docs.gitlab.com/ee/development/documentation/).
+  - [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
+- [ ] Ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added to topic's `h1`.
+- [ ] [Request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature) based on:
+  - The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/#metadata).
+  - The [associated Technical Writer](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).

-Do not add the ~"feature", ~"frontend", ~"backend", ~"bug", or ~"database" labels if you are only updating documentation. These labels will cause the MR to be added to code verification QA issues.
+If you are only adding documentation, do not add any of the following labels:

-When applicable:
+- `~"feature"`
+- `~"frontend"`
+- `~"backend"`
+- `~"bug"`
+- `~"database"`

- [ ] Link docs to and from the higher-level index page, plus other related docs where helpful.
- [ ] Add [GitLab's version history note(s)](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#gitlab-versions).
- [ ] Add the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges).
- [ ] If you're changing document headings, search `doc/*`, `app/views/*`, and `ee/app/views/*` for old headings replacing with the new ones to [avoid broken anchors](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#anchor-links).
+These labels cause the MR to be added to code verification QA issues.

 ## Review checklist

-All reviewers can help ensure accuracy, clarity, completeness, and adherence to the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html).
-
-**1. Primary Reviewer**
-
-* [ ] Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.
-
-**2. Technical Writer**
-
- [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages).
-  - [ ] Ensure ~"Technical Writing", ~"documentation", and a `docs::` scoped label are added.
-  - [ ] Add ~docs-only when the only files changed are under `doc/*`.
-  - [ ] Add ~"tw::doing" when starting work on the MR.
-  - [ ] Add ~"tw::finished" if Technical Writing team work on the MR is complete but it remains open.
-
-**3. Maintainer**
-
-1. [ ] Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
-1. [ ] Ensure a release milestone is set.
-1. [ ] If there has not been a technical writer review, [create an issue for one using the Doc Review template](https://gitlab.com/gitlab-org/charts/gitlab/issues/new?issuable_template=Doc%20Review).
-
-/label ~documentation ~"devops::enablement" ~"group::distribution"
+Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and the [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
+
+- [ ] If the content requires it, ensure the information is reviewed by a subject matter expert.
+- Technical writer review items:
+  - [ ] Ensure docs metadata is present and up-to-date.
+  - [ ] Ensure the appropriate [labels](https://about.gitlab.com/handbook/engineering/ux/technical-writing/workflow/#labels) are added to this MR.
+  - If relevant to this MR, ensure [content topic type](https://docs.gitlab.com/ee/development/documentation/structure.html) principles are in use, including:
+    - [ ] The headings should be something you'd do a Google search for. Instead of `Default behavior`, say something like `Default behavior when you close an issue`.
+    - [ ] The headings (other than the page title) should be active. Instead of `Configuring GDK`, say something like `Configure GDK`.
+    - [ ] Any task steps should be written as a numbered list.
+    - If the content still needs to be edited for topic types, you can create a follow-up issue with the ~"docs-technical-debt" label.
+- [ ] Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
+- [ ] Ensure a release milestone is set.
+
+/label ~documentation ~devops::enablement ~group::distribution
+/assign me
--- a/chart/.markdownlint.json
+++ b/chart/.markdownlint.json
-{
-  "default": true,
-  "first-header-h1": true,
-  "header-style": {
-    "style": "atx"
-  },
-  "ul-style": {
-    "style": "dash"
-  },
-  "no-trailing-spaces": false,
-  "line-length": false,
-  "no-duplicate-header": {
-    "allow_different_nesting": true
-  },
-  "no-trailing-punctuation": {
-    "punctuation": ".,;:!。，；：！？"
-  },
-  "ol-prefix": {
-    "style": "one"
-  },
-  "no-inline-html": false,
-  "hr-style": {
-    "style": "---"
-  },
-  "no-emphasis-as-heading": false,
-  "first-line-h1": false,
-  "code-block-style": {
-    "style": "fenced"
-  },
-  "proper-names": {
-    "names": [
-      "Akismet",
-      "Alertmanager",
-      "API",
-      "Asana",
-      "Auth0",
-      "Authentiq",
-      "Azure",
-      "Bamboo",
-      "Bitbucket",
-      "Bugzilla",
-      "CAS",
-      "CentOS",
-      "Consul",
-      "Debian",
-      "DevOps",
-      "Docker",
-      "DockerSlim",
-      "Elasticsearch",
-      "Facebook",
-      "fastlane",
-      "fluent-plugin-redis-slowlog",
-      "GDK",
-      "Geo",
-      "Git LFS",
-      "git-annex",
-      "Git",
-      "Gitaly",
-      "GitHub",
-      "GitLab Geo",
-      "GitLab Monitor",
-      "GitLab Operator",
-      "GitLab Pages",
-      "GitLab Rails",
-      "GitLab Runner",
-      "GitLab Shell",
-      "GitLab Workhorse",
-      "GitLab",
-      "Gitleaks",
-      "Gmail",
-      "Google",
-      "Grafana",
-      "Gzip",
-      "Helm",
-      "HipChat",
-      "ID",
-      "Ingress",
-      "jasmine-jquery",
-      "JavaScript",
-      "Jaeger",
-      "Jenkins",
-      "Jira",
-      "Jira Cloud",
-      "Jira Server",
-      "jQuery",
-      "JSON",
-      "JupyterHub",
-      "Karma",
-      "Kerberos",
-      "Knative",
-      "Kubernetes",
-      "LDAP",
-      "Let's Encrypt",
-      "Markdown",
-      "markdownlint",
-      "Mattermost",
-      "Microsoft",
-      "Minikube",
-      "MinIO",
-      "ModSecurity",
-      "NGINX Ingress",
-      "NGINX",
-      "OAuth",
-      "OAuth 2",
-      "OmniAuth",
-      "Omnibus GitLab",
-      "OpenID",
-      "OpenShift",
-      "PgBouncer",
-      "PostgreSQL",
-      "Praefect",
-      "Prometheus",
-      "Puma",
-      "puma-worker-killer",
-      "Python",
-      "Rake",
-      "Redis",
-      "Redmine",
-      "reCAPTCHA",
-      "Ruby",
-      "runit",
-      "Salesforce",
-      "SAML",
-      "Sentry",
-      "Sidekiq",
-      "Shibboleth",
-      "Slack",
-      "SMTP",
-      "SpotBugs",
-      "SSH",
-      "Tiller",
-      "TOML",
-      "Trello",
-      "Trello Power-Ups",
-      "TypeScript",
-      "Twitter",
-      "Ubuntu",
-      "Ultra Auth",
-      "Unicorn",
-      "unicorn-worker-killer",
-      "URL",
-      "WebdriverIO",
-      "YAML",
-      "YouTrack"
-    ],
-    "code_blocks": false
-  }
-}
--- a/chart/.markdownlint.yml
+++ b/chart/.markdownlint.yml
+# Base Markdownlint configuration
+# Extended Markdownlint configuration in doc/.markdownlint/
+"default": true
+"first-header-h1": true
+"header-style":
+  "style": "atx"
+"ul-style":
+  "style": "dash"
+"no-trailing-spaces": false
+"line-length": false
+"no-duplicate-header":
+  "allow_different_nesting": true
+"no-trailing-punctuation":
+  "punctuation": ".,;:!。，；：！？"
+"ol-prefix":
+  "style": "one"
+"no-inline-html": false
+"hr-style":
+  "style": "---"
+"no-emphasis-as-heading": false
+"first-line-h1": false
+"code-block-style":
+  "style": "fenced"
+"proper-names":
+  "names": [
+    "Akismet",
+    "Alertmanager",
+    "API",
+    "Asana",
+    "Auth0",
+    "Authentiq",
+    "Azure",
+    "Bamboo",
+    "Bitbucket",
+    "Bugzilla",
+    "CAS",
+    "CentOS",
+    "Consul",
+    "Debian",
+    "DevOps",
+    "Docker",
+    "DockerSlim",
+    "Elasticsearch",
+    "Facebook",
+    "fastlane",
+    "fluent-plugin-redis-slowlog",
+    "GDK",
+    "Geo",
+    "Git LFS",
+    "git-annex",
+    "Git",
+    "Gitaly",
+    "GitHub",
+    "GitLab Geo",
+    "GitLab Monitor",
+    "GitLab Operator",
+    "GitLab Pages",
+    "GitLab Rails",
+    "GitLab Runner",
+    "GitLab Shell",
+    "GitLab Workhorse",
+    "GitLab",
+    "Gitleaks",
+    "Gmail",
+    "Google",
+    "Grafana",
+    "Gzip",
+    "Helm",
+    "HipChat",
+    "ID",
+    "Ingress",
+    "jasmine-jquery",
+    "JavaScript",
+    "Jaeger",
+    "Jenkins",
+    "Jira",
+    "Jira Cloud",
+    "Jira Server",
+    "jQuery",
+    "JSON",
+    "JupyterHub",
+    "Karma",
+    "Kerberos",
+    "Knative",
+    "Kubernetes",
+    "LDAP",
+    "Let's Encrypt",
+    "Markdown",
+    "markdownlint",
+    "Mattermost",
+    "Microsoft",
+    "Minikube",
+    "MinIO",
+    "ModSecurity",
+    "NGINX Ingress",
+    "NGINX",
+    "OAuth",
+    "OAuth 2",
+    "OmniAuth",
+    "Omnibus GitLab",
+    "OpenID",
+    "OpenShift",
+    "PgBouncer",
+    "PostgreSQL",
+    "Praefect",
+    "Prometheus",
+    "Puma",
+    "puma-worker-killer",
+    "Python",
+    "Rake",
+    "Redis",
+    "Redmine",
+    "reCAPTCHA",
+    "Ruby",
+    "runit",
+    "Salesforce",
+    "SAML",
+    "Sentry",
+    "Sidekiq",
+    "Shibboleth",
+    "Slack",
+    "SMTP",
+    "SpotBugs",
+    "SSH",
+    "Tiller",
+    "TOML",
+    "Trello",
+    "Trello Power-Ups",
+    "TypeScript",
+    "Twitter",
+    "Ubuntu",
+    "Ultra Auth",
+    "Unicorn",
+    "unicorn-worker-killer",
+    "URL",
+    "WebdriverIO",
+    "YAML",
+    "YouTrack"
+  ]
+  "code_blocks": false
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -2,6 +2,216 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 5.3.1 (2021-09-30)
+
+No changes.
+
+## 5.3.0 (2021-09-21)
+
+### Added (1 change)
+
+- [Mount SSH host keys into Webservice container](gitlab-org/charts/gitlab@ff3670c0633094d30d5c8d6e89d394f46ae08d29) by @kravvcu ([merge request](gitlab-org/charts/gitlab!2168))
+
+### Fixed (3 changes)
+
+- [Drop the special ingress rule for /admin/sidekiq](gitlab-org/charts/gitlab@63bad505f20df8b0a211343d75dee1e4e9917445) ([merge request](gitlab-org/charts/gitlab!2182))
+- [Rails db: always put main first](gitlab-org/charts/gitlab@ad9b461b0ddedf1e05b45db54e2950c20298380c) ([merge request](gitlab-org/charts/gitlab!2159))
+- [Remove Gitaly's redundant Prometheus listen addr](gitlab-org/charts/gitlab@fe4a41f5f111a536407ed427d295f9b558bee8d9) ([merge request](gitlab-org/charts/gitlab!2153))
+
+### Changed (7 changes)
+
+- [Update gitlab-org/container-registry from 3.10.1-gitlab to 3.11.0-gitlab](gitlab-org/charts/gitlab@09cb819fc9dbfd17262adf977d369034299b42f5) ([merge request](gitlab-org/charts/gitlab!2181))
+- [Deployments: remove .spec.replicas when HPA present](gitlab-org/charts/gitlab@a23f7ed46ee68b5740690a352e3dd452750abb7a) ([merge request](gitlab-org/charts/gitlab!2180))
+- [Update gitlab-org/container-registry from 3.10.0-gitlab to 3.10.1-gitlab](gitlab-org/charts/gitlab@ba458fab385380bb138a5cc0c8bd71c4d49cc199) ([merge request](gitlab-org/charts/gitlab!2172))
+- [Update gitlab-org/container-registry from 3.9.0-gitlab to 3.10.0-gitlab](gitlab-org/charts/gitlab@9bfbdbf5cfd2619109ef5a49e4312f0210395d41) ([merge request](gitlab-org/charts/gitlab!2156))
+- [Change default configuration for HSTS](gitlab-org/charts/gitlab@14936c95c921770b67c28642dc950fa186252bdd) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2118))
+- [Update gitlab-org/charts/gitlab-runner from 0.31.0 to 0.32.0](gitlab-org/charts/gitlab@0665982645d842994a54bddb1269fbb694a743cb) ([merge request](gitlab-org/charts/gitlab!2149))
+- [Adds pages local_store configuration](gitlab-org/charts/gitlab@426c34858876fe0d52cd4fe880f44771af17e19b) ([merge request](gitlab-org/charts/gitlab!2141))
+
+## 5.2.4 (2021-09-17)
+
+No changes.
+
+## 5.2.3 (2021-09-01)
+
+No changes.
+
+## 5.2.2 (2021-08-31)
+
+No changes.
+
+## 5.2.1 (2021-08-23)
+
+No changes.
+
+## 5.2.0 (2021-08-20)
+
+### Added (4 changes)
+
+- [Support many database configuration](gitlab-org/charts/gitlab@2036b4687bf7e507540bc06b27d5862f496c547c) ([merge request](gitlab-org/charts/gitlab!2122))
+- [Registry: add upload purging to maintenance stanza](gitlab-org/charts/gitlab@aae3afb76daf5b8bae04796307f21d7cf26bb6da) ([merge request](gitlab-org/charts/gitlab!2116))
+- [Support Workhorse config options for propagating correlation IDs](gitlab-org/charts/gitlab@53351d219e8a85423fe1b1922e04101994fa4e2e) ([merge request](gitlab-org/charts/gitlab!2106))
+- [Gitlab-sshd experimental support](gitlab-org/charts/gitlab@41879ffce3c39af07dfe767f3a634ab4aa823d19) ([merge request](gitlab-org/charts/gitlab!1855))
+
+### Fixed (5 changes)
+
+- [Add toString to sidekiq deployment image logic](gitlab-org/charts/gitlab@97f20f307b92e4b370ebb57ba9e0c1f9435e2842) ([merge request](gitlab-org/charts/gitlab!2111))
+- [Fix references to traceChunks and sharedState](gitlab-org/charts/gitlab@d136a24903aa4903319f9f4ec8b07b1dde9c97a0) ([merge request](gitlab-org/charts/gitlab!2117))
+- [Add quotes to labels content, preventing unquoted booleans when deploying chart](gitlab-org/charts/gitlab@614778c435dc94b484b84daccf77f8b063432a25) ([merge request](gitlab-org/charts/gitlab!2068))
+- [Gitaly: Bind metrics endpoint to 0.0.0.0 instead of localhost](gitlab-org/charts/gitlab@dc8857272d92ed690744d6166033edabc5ec1952) ([merge request](gitlab-org/charts/gitlab!2100))
+- [Ensure backup includes Pages bucket also](gitlab-org/charts/gitlab@98d52b39c1293037432025afae3f4441a2a2d7c9) ([merge request](gitlab-org/charts/gitlab!2107))
+
+### Changed (16 changes)
+
+- [Standardize imagePullPolicy and imagePullSecrets behavior](gitlab-org/charts/gitlab@d3a329f1753e635188ff2dc02c111382bf406bfb) ([merge request](gitlab-org/charts/gitlab!2130))
+- [Update gitlab-org/container-registry from 3.8.0-gitlab to 3.9.0-gitlab](gitlab-org/charts/gitlab@b076bfc4d000824f4880f14184fc098a88fb56cd) ([merge request](gitlab-org/charts/gitlab!2142))
+- [Bump container registry to v3.8.0](gitlab-org/charts/gitlab@9a754157f2d68c46667f5635ccaf15993a3ecbb5) ([merge request](gitlab-org/charts/gitlab!2139))
+- [Rename pullsecrets template to gitlab.image.pullSecrets](gitlab-org/charts/gitlab@ad5e7a7e0239df01dc6afbbb00c2a5cf1c57abe8) ([merge request](gitlab-org/charts/gitlab!2126))
+- [Use renamed image: task-runner -> toolbox](gitlab-org/charts/gitlab@e880a913a22e8f3631cedcb3522fb9caba6bb9c4) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2099))
+- [Deprecate global.imagePullPolicy and move it to global.image.pullPolicy](gitlab-org/charts/gitlab@f49cc36c333b2997ebea99db6568b68dac925add) ([merge request](gitlab-org/charts/gitlab!2120))
+- [Update gitlab-org/gitlab-exporter from 11.1.0 to 11.2.0](gitlab-org/charts/gitlab@35f21594c0dc313735a17bcb7991fafdfef2fbe8) ([merge request](gitlab-org/charts/gitlab!2124))
+- [Update gitlab-org/container-registry from 3.6.2-gitlab to 3.7.0-gitlab](gitlab-org/charts/gitlab@b0df57f8d4be24678da3f6e9b7fa4eed820abf04) ([merge request](gitlab-org/charts/gitlab!2123))
+- [Update gitlab-org/container-registry from 3.6.1-gitlab to 3.6.2-gitlab](gitlab-org/charts/gitlab@1e9b17df737a461a5401f8e8b10946822dfbf25f) ([merge request](gitlab-org/charts/gitlab!2115))
+- [Switch busybox/nginx-ingress containers to mirror](gitlab-org/charts/gitlab@df93c5f7c06eef41fff461bdb07ae23da4f84f45) ([merge request](gitlab-org/charts/gitlab!2114))
+- [Update gitlab-org/gitlab-exporter from 11.0.1 to 11.1.0](gitlab-org/charts/gitlab@b8099e5d4774dcf0e8b7abc4a09f07cfebe18483) ([merge request](gitlab-org/charts/gitlab!2109))
+- [Update gitlab-org/container-registry from 3.6.0-gitlab to 3.6.1-gitlab](gitlab-org/charts/gitlab@620c3b9e6dad1e11eede8b0c22952cf794aad76c) ([merge request](gitlab-org/charts/gitlab!2102))
+- [Update gitlab-org/charts/gitlab-runner from 0.30.0 to 0.31.0](gitlab-org/charts/gitlab@3fba0b2a29774cf3118b5cf7121bd95a9116708c) ([merge request](gitlab-org/charts/gitlab!2101))
+- [Update gitlab-org/container-registry from 3.5.2-gitlab to 3.6.0-gitlab](gitlab-org/charts/gitlab@ec98f3663375be3ddf7fec7ab6078fbb65aabeb9) ([merge request](gitlab-org/charts/gitlab!2096))
+- [Update gitlab-exporter appVersion 11.0.1](gitlab-org/charts/gitlab@d6cc85961e3d8369460840e70415b593bd82e432) ([merge request](gitlab-org/charts/gitlab!2092))
+- [Update gitlab-org/gitlab-exporter from 10.5.0 to 11.0.0](gitlab-org/charts/gitlab@2c2a8c2b877b45d47b8bb61a09ed6cb5f8b79392) ([merge request](gitlab-org/charts/gitlab!2092))
+
+## 5.1.5 (2021-09-02)
+
+No changes.
+
+## 5.1.4 (2021-08-31)
+
+No changes.
+
+## 5.1.3 (2021-08-17)
+
+### Fixed (1 change)
+
+- [Fix labels boolean value not being escaped bug](gitlab-org/charts/gitlab@0714357dd8f46874f8abbba6e805ba98e3e30c4b) ([merge request](gitlab-org/charts/gitlab!2121))
+
+## 5.1.2 (2021-08-03)
+
+No changes.
+
+## 5.1.1 (2021-07-28)
+
+No changes.
+
+## 5.1.0 (2021-07-21)
+
+### Fixed (3 changes)
+
+- [Fixed duplicate labels generated by local and `.standardLabels`](gitlab-org/charts/gitlab@34d79356d8adbd732fb7a7a26416e73480220585) ([merge request](gitlab-org/charts/gitlab!2067))
+- [Fix forbidden error while accessing smartcard ingress](gitlab-org/charts/gitlab@38464add1376203104b3783edafb12818d312a00) ([merge request](gitlab-org/charts/gitlab!2053))
+- [Webservice: address common.labels duplication](gitlab-org/charts/gitlab@198feaa11a915e21271a98200b8dc5403823cea6) ([merge request](gitlab-org/charts/gitlab!2054))
+
+### Changed (6 changes)
+
+- [Update gitlab-org/gitlab-exporter from 10.4.0 to 10.5.0](gitlab-org/charts/gitlab@07a8e4b1bad7743f4f7b6ed4ee1b9951beda33c8) ([merge request](gitlab-org/charts/gitlab!2080))
+- [Set GitLab 14.0 as the min supported upgrade version](gitlab-org/charts/gitlab@902017356aae050141adc15d53da4f25aa83ddb8) ([merge request](gitlab-org/charts/gitlab!2086))
+- [Allow PostgreSQL adapter tcp parameter tuning](gitlab-org/charts/gitlab@caf7c65467e5a3490323231ab38bb1c841eb6e0e) ([merge request](gitlab-org/charts/gitlab!2082))
+- [Bump Container Registry to v3.5.1-gitlab](gitlab-org/charts/gitlab@a8e2c62c3755b7f25f56a59bab1c90573529214d) ([merge request](gitlab-org/charts/gitlab!2079))
+- [Update gitlab-org/container-registry from 3.5.0-gitlab to 3.5.1-gitlab](gitlab-org/charts/gitlab@3bd4bda15ef96ae1dd10ea31b3b1fdba47f699c8) ([merge request](gitlab-org/charts/gitlab!2079))
+- [Update gitlab-org/gitlab-exporter from 10.3.0 to 10.4.0](gitlab-org/charts/gitlab@9802bdd7b9cab3b42307729b59e38a27c82d2231) ([merge request](gitlab-org/charts/gitlab!2035))
+
+### Security (1 change)
+
+- [Do not automount SA token when not needed](gitlab-org/charts/gitlab@108af40ae28e55c882feae66eaecd3a0d0f45996) ([merge request](gitlab-org/charts/gitlab!2093))
+
+## 5.0.10 (2021-09-02)
+
+No changes.
+
+## 5.0.9 (2021-08-31)
+
+No changes.
+
+## 5.0.8 (2021-08-25)
+
+No changes.
+
+## 5.0.7 (2021-08-03)
+
+No changes.
+
+## 5.0.6 (2021-07-20)
+
+No changes.
+
+## 5.0.5 (2021-07-08)
+
+No changes.
+
+## 5.0.4 (2021-07-07)
+
+No changes.
+
+## 5.0.3 (2021-07-06)
+
+No changes.
+
+## 5.0.2 (2021-07-01)
+
+No changes.
+
+## 5.0.1 (2021-06-24)
+
+No changes.
+
+## 5.0.0 (2021-06-21)
+
+### Added (7 changes)
+
+- [Make ClientAliveInterval configurable for openssh](gitlab-org/charts/gitlab@6b244f199eb03f3a19eab6b33d6a74aef44c9563) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2049))
+- [Add GKE load balancer options for KAS service](gitlab-org/charts/gitlab@a67751788fc952a0280333e5646f37e1106554f1) ([merge request](gitlab-org/charts/gitlab!1911))
+- [Add initial upgrade docs for version 5 of the chart](gitlab-org/charts/gitlab@4fa460e639f7e6ee4b1dc2cad50272b6d483c7d7) ([merge request](gitlab-org/charts/gitlab!2027))
+- [Add global.ingress.provider and checks to allow changing the ingress provider](gitlab-org/charts/gitlab@b5522e7edb61be66cb31223afe57f95c386ea4b5) ([merge request](gitlab-org/charts/gitlab!2033))
+- [Set Workhorse shutdown to workerTimeout + 1 by default](gitlab-org/charts/gitlab@e0b57b779b0a432ae669ba10a583b3ab255f1b59) ([merge request](gitlab-org/charts/gitlab!2037))
+- [Allow configuring redis instance for trace chunks](gitlab-org/charts/gitlab@db72918ec278de8984dab7a111fc4f2e958662ff) ([merge request](gitlab-org/charts/gitlab!2031))
+- [gitlab/kas: add image pullSecrets to chart](gitlab-org/charts/gitlab@517b3c6ffdd49d594084135371f63f2a78c5791e) ([merge request](gitlab-org/charts/gitlab!2006))
+
+### Fixed (5 changes)
+
+- [Fix support for an existing ServiceAccount](gitlab-org/charts/gitlab@62636629a9663fa4c5f673fea8ce6023932fa065) ([merge request](gitlab-org/charts/gitlab!2045))
+- [gitlab-shell: quote tcp configmap port](gitlab-org/charts/gitlab@f7af9592fdf52bcdcbb93bf3c82ade97f1fc881f) ([merge request](gitlab-org/charts/gitlab!2047))
+- [Fix link to NGINX configuration docs](gitlab-org/charts/gitlab@5b225a7c843d54a1634473c6dc0aeededa0ffb01) ([merge request](gitlab-org/charts/gitlab!2046))
+- [Move Sidekiq's logging.format to _sidekiq.tpl](gitlab-org/charts/gitlab@db79ec4c066882ff01eb5d57ee8b85439455c295) ([merge request](gitlab-org/charts/gitlab!2021))
+- [Fix ingress.configureCertmanager to have higher priority than global](gitlab-org/charts/gitlab@f6dcdb7a0ccbc972313135a4499cb968ad16dd45) ([merge request](gitlab-org/charts/gitlab!1980))
+
+### Changed (12 changes)
+
+- [GitLab Runner to 0.30.0](gitlab-org/charts/gitlab@d9b0310f1a700ed806f50ff373b5745ade06511b) ([merge request](gitlab-org/charts/gitlab!2060))
+- [Update certmanager to 1.2.0 and min k8s version to 1.16](gitlab-org/charts/gitlab@171be67fd3a16ebeb92b4abafd63caa867419e0a) ([merge request](gitlab-org/charts/gitlab!2041))
+- [Update the min k8s and helm versions](gitlab-org/charts/gitlab@352a9cfb3a9c20faa29c0d32cfeab2a515a3970e) ([merge request](gitlab-org/charts/gitlab!2050))
+- [Remove Helm 2 related tasks from cloud installation scripts](gitlab-org/charts/gitlab@24f7ec7b6839d2220db4d229df478390a0b2ac9c) ([merge request](gitlab-org/charts/gitlab!2040))
+- [Remove spaces from sidekiq queues and negateQueues](gitlab-org/charts/gitlab@978f109daff26a70b3562deab800f60c21b0ddb6) ([merge request](gitlab-org/charts/gitlab!1387))
+- [Bump Container Registry to v3.5.0-gitlab](gitlab-org/charts/gitlab@d95bd8302460ab0884b463e5b2efc8d9662d8ff6) ([merge request](gitlab-org/charts/gitlab!2042))
+- [Update helm test to test updated endpoint](gitlab-org/charts/gitlab@90f165255326f8f98251f9f46c46611546f91813) ([merge request](gitlab-org/charts/gitlab!2044))
+- [bump default self-signed cert expiry to 10yr](gitlab-org/charts/gitlab@0bf962ac30535fb0ce58a5da7384c9ba2b12ecfc) ([merge request](gitlab-org/charts/gitlab!2034))
+- [Update minimum required version of PostgreSQL from 11 to 12](gitlab-org/charts/gitlab@9729a60d24fa11602da347ba1c49abb168a5d740) ([merge request](gitlab-org/charts/gitlab!2012))
+- [Only permit upgrades from 4.12](gitlab-org/charts/gitlab@a8facddb582dccf6b97a634370abd34e9bdb3b4c) ([merge request](gitlab-org/charts/gitlab!2029))
+- [add changes suggested by @WarheadsSE in gitlab-org/charts/gitlab!2000](gitlab-org/charts/gitlab@6380ee8b1a2eeebefc1258e08bd7a9a981a8bb04) ([merge request](gitlab-org/charts/gitlab!2019))
+- [Update gitlab-org/charts/gitlab-runner from 0.28.0 to 0.29.0](gitlab-org/charts/gitlab@32447b667c8fd39f4fde45c0fe4b12b9d85c245f) ([merge request](gitlab-org/charts/gitlab!2008))
+
+### Removed (3 changes)
+
+- [Remove deprecated `experimentalQueueSelector` option for Sidekiq](gitlab-org/charts/gitlab@007788f0ba373f7d3fc51623ea5b70021b62ca5b) ([merge request](gitlab-org/charts/gitlab!2023))
+- [Remove the old resouce changes notices](gitlab-org/charts/gitlab@1755275b75dfe669c038e44dd2d218e3aa62c2e6) ([merge request](gitlab-org/charts/gitlab!2028))
+- [Remove ability to disable cluster from sidekiq values](gitlab-org/charts/gitlab@0de93fe181cd8c514aec013bf7e1541e1b41660b) ([merge request](gitlab-org/charts/gitlab!2024))
+
+## 4.12.11 (2021-09-02)
+
+No changes.
+
+## 4.12.10 (2021-08-10)
+
+No changes.
+
 ## 4.12.9 (2021-08-03)

 No changes.
@@ -70,6 +280,18 @@ No changes.
 - [Refactor a yaml indentation inconsistency](gitlab-org/charts/gitlab@e43cbb7f3b75ef88ef6a478ef809826b7e51bfbe) ([merge request](gitlab-org/charts/gitlab!1978))
 - [Support using PAGES_UPDATE_LEGACY_STORAGE env variable to enable Pages disk access](gitlab-org/charts/gitlab@ba72fead4cc4af5268a258b7a4bdbac85665f15c) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/1938))

+## 4.11.7 (2021-07-07)
+
+No changes.
+
+## 4.11.6 (2021-07-01)
+
+No changes.
+
+## 4.11.5 (2021-06-01)
+
+No changes.
+
 ## 4.11.4 (2021-05-14)

 No changes.
@@ -117,6 +339,10 @@ No changes.
 - Added support for IAM roles in EKS. !1940


+## 4.10.5 (2021-06-01)
+
+No changes.
+
 ## 4.10.4 (2021-04-27)

 No changes.

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 ---
 apiVersion: v1
 name: gitlab
-version: 4.12.9-bb.6
-appVersion: 13.12.9
+version: 5.3.1-bb.9
+appVersion: 14.3.1
 description: Web-based Git-repository manager with wiki and issue-tracking features.
 keywords:
 - gitlab

--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
  type: git
  git:
-    commit: a15199a6adcec3ec1d8bd799cec27d9866d602b9
+    commit: 985cbf024d8199547df29e88c72a658e259158a7
    repo: https://gitlab.com/gitlab-org/charts/gitlab
    directory: /
-    ref: v4.12.9
+    ref: v5.3.1
--- a/chart/bin/localtiller-helm
+++ b/chart/bin/localtiller-helm
-#!/bin/bash -e
-
-export HELM_HOST=localhost:44134
-HELM_VERSION="$(helm version -c --short)"
-HELM_VERSION="${HELM_VERSION#* }"
-HELM_VERSION="${HELM_VERSION%+*}"
-
-# Split multiple paths and use the first one that exists
-#  https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#create-a-second-configuration-file
-IFS=':' read -r -a CONFIG_FILES <<< "${KUBECONFIG:-$HOME/.kube/config}"
-TILLER_KUBECONFIG="$(mktemp ${HOME}/.kube/config.XXXXXX)"
-trap 'docker rm -f tiller >/dev/null 2>&1 || true; rm -f ${TILLER_KUBECONFIG}' EXIT
-
-for CONFIG_FILE in ${CONFIG_FILES}; do
-  if [ -e ${CONFIG_FILE} ]; then
-    CURRENT_CONTEXT=$(kubectl config current-context)
-    CURRENT_USER=$(kubectl config view -o jsonpath="{.contexts[?(@.name == \"$CURRENT_CONTEXT\")].context.user}")
-    CURRENT_CLUSTER=$(kubectl config view -o jsonpath="{.contexts[?(@.name == \"$CURRENT_CONTEXT\")].context.cluster}")
-    CURRENT_SERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"$CURRENT_CLUSTER\")].cluster.server}")
-    ACCESS_TOKEN=$(kubectl config view -o jsonpath="{.users[?(@.name == \"$CURRENT_USER\")].user.auth-provider.config.access-token}")
-    CA_DATA=$(kubectl config view -o go-template --template "{{range .clusters}}{{if eq .name \"$CURRENT_CLUSTER\"}}{{index .cluster \"certificate-authority-data\"}}{{end}}{{end}}" --raw)
-
-    if [ "${ACCESS_TOKEN}" != "" ]; then
-      # Refresh the token if needed for things like gcp
-      kubectl version >/dev/null
-      # Generate a simple config without an auth provider
-      export KUBECONFIG=${TILLER_KUBECONFIG}
-      kubectl config set-credentials "${CURRENT_CLUSTER}" --token="${ACCESS_TOKEN}" >/dev/null
-      CA_TMP="$(mktemp)"; echo "${CA_DATA}" | base64 --decode > ${CA_TMP}
-      kubectl config set-cluster "${CURRENT_CLUSTER}" --server="${CURRENT_SERVER}" --certificate-authority="$CA_TMP" --embed-certs >/dev/null
-      kubectl config set-context "${CURRENT_CONTEXT}" --cluster="${CURRENT_CLUSTER}" --user="${CURRENT_USER}" >/dev/null
-      kubectl config use-context "${CURRENT_CONTEXT}" >/dev/null
-      rm ${CA_TMP}
-    else
-      cp ${CONFIG_FILE} ${TILLER_KUBECONFIG}
-    fi
-    break
-  fi
-done
-
-docker rm -f tiller >/dev/null 2>&1 || true
-
-docker run \
-  --name tiller \
-  -d \
-  -p 44134:44134 \
-  -e TILLER_NAMESPACE=kube-system \
-  -v ${TILLER_KUBECONFIG}:/tmp/.kube/config \
-  gcr.io/kubernetes-helm/tiller:"${HELM_VERSION}" >/dev/null
-
-helm version >/dev/null
-
-helm $@
--- a/chart/charts/cert-manager-v0.10.1.tgz
+++ b/chart/charts/cert-manager-v0.10.1.tgz
--- a/chart/charts/cert-manager-v1.2.0.tgz
+++ b/chart/charts/cert-manager-v1.2.0.tgz
--- a/chart/charts/certmanager-issuer/templates/_issuer.yaml
+++ b/chart/charts/certmanager-issuer/templates/_issuer.yaml
 {{ if (pluck "configureCertmanager" .Values.global.ingress (dict "configureCertmanager" false) | first) }}
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ .Release.Name }}-issuer
  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "gitlab.standardLabels" . | indent 4 }}
+    {{- include "gitlab.standardLabels" . | nindent 4 }}
+    {{- include "gitlab.commonLabels" . | nindent 4 }}
 spec:
  acme:
    # The ACME server URL

--- a/chart/charts/certmanager-issuer/templates/cert-manager.yml
+++ b/chart/charts/certmanager-issuer/templates/cert-manager.yml
@@ -5,7 +5,8 @@ metadata:
  name: {{ template "fullname" . }}-certmanager
  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "gitlab.standardLabels" . | indent 4 }}
+    {{- include "gitlab.standardLabels" . | nindent 4 }}
+    {{- include "gitlab.commonLabels" . | nindent 4 }}
 data:
  create-issuer: |
 {{ include (print $.Template.BasePath "/_create_issuer.sh") . | indent 4 }}

--- a/chart/charts/certmanager-issuer/templates/issuer-job.yaml
+++ b/chart/charts/certmanager-issuer/templates/issuer-job.yaml
 {{ if (pluck "configureCertmanager" .Values.global.ingress (dict "configureCertmanager" false) | first) }}
+{{- $imageCfg := dict "global" .Values.global.image "local" .Values.global.kubectl.image -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "certmanager-issuer.jobname" . }}
  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "gitlab.standardLabels" . | indent 4 }}
+    {{- include "gitlab.standardLabels" . | nindent 4 }}
+    {{- include "gitlab.commonLabels" . | nindent 4 }}
 spec:
  activeDeadlineSeconds: 300
  template:
@@ -22,12 +24,12 @@ spec:
      serviceAccountName: {{ template "fullname" . }}
      {{- end }}
      restartPolicy: OnFailure
-{{- include "pullsecrets" .Values.global.kubectl.image | indent 6}}
+      {{- include "gitlab.image.pullSecrets" $imageCfg | indent 6}}
      containers:
        - name: create-issuer
          image: {{ include "gitlab.kubectl.image" . | quote }}
          command: ['/bin/bash', '/scripts/create-issuer', '/scripts/issuer.yml']
-          {{ template "gitlab.imagePullPolicy" . }}
+          {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
          volumeMounts:
            - name: scripts
              mountPath: /scripts

--- a/chart/charts/certmanager-issuer/templates/rbac-config.yaml
+++ b/chart/charts/certmanager-issuer/templates/rbac-config.yaml
@@ -5,7 +5,8 @@ metadata:
  name: {{ template "fullname" . }}
  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "gitlab.standardLabels" . | indent 4 }}
+    {{- include "gitlab.standardLabels" . | nindent 4 }}
+    {{- include "gitlab.commonLabels" . | nindent 4 }}
  annotations:
    namespace: {{ .Release.Namespace }}
 ---
@@ -15,7 +16,7 @@ metadata:
  name: {{ template "fullname" . }}
  namespace: {{ .Release.Namespace }}
 rules:
- apiGroups: ["certmanager.k8s.io"]
+- apiGroups: ["cert-manager.io"]
  resources: ["issuers"]
  verbs: ["get", "list", "update", "create", "patch"]
 ---

--- a/chart/charts/certmanager-issuer/values.yaml
+++ b/chart/charts/certmanager-issuer/values.yaml
@@ -10,3 +10,6 @@ rbac:
 resources:
  requests:
    cpu: 50m
+
+common:
+  labels: {}
\ No newline at end of file
--- a/chart/charts/gitlab-runner-0.29.0.tgz
+++ b/chart/charts/gitlab-runner-0.29.0.tgz
--- a/chart/charts/gitlab-runner-0.32.0.tgz
+++ b/chart/charts/gitlab-runner-0.32.0.tgz