From c32132c6a0a4a16aa8fad1323439a103be25b7bc Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Thu, 14 Aug 2025 21:44:03 +0530 Subject: [PATCH 01/25] Add relative_root_url configuration to Sidekiq and Webservice configmaps This update introduces the relative_root_url setting in the configmaps for both Sidekiq and Webservice, allowing for more flexible URL configurations. The corresponding value has also been added to the values.yaml file under appConfig. --- charts/gitlab/charts/sidekiq/templates/configmap.yaml | 3 +++ charts/gitlab/charts/webservice/templates/configmap.yml | 3 +++ charts/gitlab/charts/webservice/values.yaml | 1 + 3 files changed, 7 insertions(+) diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 74e470708d..d5d72e2bf8 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -29,6 +29,9 @@ data: gitlab: host: {{ template "gitlab.gitlab.hostname" . }} https: {{ hasPrefix "https://" (include "gitlab.gitlab.url" .) }} + {{- if .Values.global.appConfig.relativeRootUrl }} + relative_root_url: {{ .Values.global.appConfig.relativeRootUrl | quote }} + {{- end }} {{- with .Values.global.hosts.ssh }} ssh_host: {{ . | quote }} {{- end }} diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 2795a39260..1c3155a8c8 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -38,6 +38,9 @@ data: gitlab: host: {{ template "gitlab.gitlab.hostname" . }} https: {{ hasPrefix "https://" (include "gitlab.gitlab.url" .) }} + {{- if .Values.global.appConfig.relativeRootUrl }} + relative_root_url: {{ .Values.global.appConfig.relativeRootUrl | quote }} + {{- end }} {{- with .Values.global.hosts.ssh }} ssh_host: {{ . | quote }} {{- end }} diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index 52fe1f64a8..abafe93e10 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -314,6 +314,7 @@ global: webservice: {} # workerTimeout: 60 appConfig: + relativeRootUrl: "" microsoft_graph_mailer: enabled: false incomingEmail: -- GitLab From e0436a1b4d86f05a071b88401401d898cb3149c2 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 15 Aug 2025 22:41:16 +0530 Subject: [PATCH 02/25] Update configuration to use relative_url_root for GitLab instance This commit modifies the configuration files for GitLab Shell, Sidekiq, and Webservice to standardize the use of the relative_url_root setting. The corresponding value has been updated in the values.yaml file under appConfig to ensure consistent URL handling across components. --- charts/gitlab/charts/gitlab-shell/templates/configmap.yml | 5 +++++ charts/gitlab/charts/sidekiq/templates/configmap.yaml | 4 ++-- charts/gitlab/charts/webservice/templates/configmap.yml | 8 ++++++-- charts/gitlab/charts/webservice/templates/deployment.yaml | 2 +- charts/gitlab/charts/webservice/values.yaml | 2 +- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml index de5d51bded..8c8233ca44 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml @@ -20,6 +20,11 @@ data: # Url to gitlab instance. Used for api calls. Should end with a slash. gitlab_url: "{{ template "gitlab.workhorse.url" . }}/" + # Relative root URL for GitLab instance + {{- if .Values.global.appConfig.relativeUrlRoot }} + gitlab_relative_url_root: {{ .Values.global.appConfig.relativeUrlRoot | quote }} + {{- end }} + secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret # File used as authorized_keys for gitlab user diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index d5d72e2bf8..9a4ebb426c 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -29,8 +29,8 @@ data: gitlab: host: {{ template "gitlab.gitlab.hostname" . }} https: {{ hasPrefix "https://" (include "gitlab.gitlab.url" .) }} - {{- if .Values.global.appConfig.relativeRootUrl }} - relative_root_url: {{ .Values.global.appConfig.relativeRootUrl | quote }} + {{- if .Values.global.appConfig.relativeUrlRoot }} + relative_url_root: {{ .Values.global.appConfig.relativeUrlRoot | quote }} {{- end }} {{- with .Values.global.hosts.ssh }} ssh_host: {{ . | quote }} diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 1c3155a8c8..1b5a485888 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -38,8 +38,8 @@ data: gitlab: host: {{ template "gitlab.gitlab.hostname" . }} https: {{ hasPrefix "https://" (include "gitlab.gitlab.url" .) }} - {{- if .Values.global.appConfig.relativeRootUrl }} - relative_root_url: {{ .Values.global.appConfig.relativeRootUrl | quote }} + {{- if .Values.global.appConfig.relativeUrlRoot }} + relative_url_root: {{ .Values.global.appConfig.relativeUrlRoot | quote }} {{- end }} {{- with .Values.global.hosts.ssh }} ssh_host: {{ . | quote }} @@ -234,6 +234,10 @@ data: {{- include "workhorse.redis.config" $ | nindent 4 }} {{- end }} {{- include "workhorse.object_storage.config" $ | nindent 4 }} + [auth_backend] + {{- if $.Values.global.appConfig.relativeUrlRoot }} + relative_url_root = {{ $.Values.global.appConfig.relativeUrlRoot | quote }} + {{- end }} [image_resizer] max_scaler_procs = {{ $.Values.workhorse.imageScaler.maxProcs | int }} max_filesize = {{ $.Values.workhorse.imageScaler.maxFileSizeBytes | int }} diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index 90e99ed393..e73460ef4c 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -373,7 +373,7 @@ spec: - name: TMPDIR value: "/tmp/gitlab" - name: GITLAB_WORKHORSE_AUTH_BACKEND - value: "http://localhost:{{ $.Values.service.internalPort }}" + value: "http://localhost:{{ $.Values.service.internalPort }}{{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}" - name: GITLAB_WORKHORSE_EXTRA_ARGS value: {{ .workhorse.extraArgs | quote }} - name: GITLAB_WORKHORSE_LISTEN_PORT diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index abafe93e10..f76a45f6c0 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -314,7 +314,7 @@ global: webservice: {} # workerTimeout: 60 appConfig: - relativeRootUrl: "" + relativeUrlRoot: "" microsoft_graph_mailer: enabled: false incomingEmail: -- GitLab From 077129518599553230e497596d021903d4324697 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 15 Aug 2025 22:59:31 +0530 Subject: [PATCH 03/25] Remove relative_url_root configuration from Webservice configmap This commit eliminates the relative_url_root setting from the Webservice configmap, streamlining the configuration as part of the ongoing adjustments to URL handling in the GitLab charts. --- charts/gitlab/charts/webservice/templates/configmap.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 1b5a485888..97d74e2d69 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -234,10 +234,6 @@ data: {{- include "workhorse.redis.config" $ | nindent 4 }} {{- end }} {{- include "workhorse.object_storage.config" $ | nindent 4 }} - [auth_backend] - {{- if $.Values.global.appConfig.relativeUrlRoot }} - relative_url_root = {{ $.Values.global.appConfig.relativeUrlRoot | quote }} - {{- end }} [image_resizer] max_scaler_procs = {{ $.Values.workhorse.imageScaler.maxProcs | int }} max_filesize = {{ $.Values.workhorse.imageScaler.maxFileSizeBytes | int }} -- GitLab From 53d886b7ae196779fb13be9edc72efab61d47da1 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Tue, 19 Aug 2025 17:48:55 +0530 Subject: [PATCH 04/25] Add RAILS_RELATIVE_URL_ROOT environment variable to Webservice deployment This commit introduces the RAILS_RELATIVE_URL_ROOT environment variable in the Webservice deployment configuration, allowing for dynamic URL handling based on the relativeUrlRoot setting in the global appConfig. This change enhances the flexibility of URL configurations in the GitLab charts. --- charts/gitlab/charts/webservice/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index e73460ef4c..3adff9152b 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -388,6 +388,10 @@ spec: - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .workhorse.sentryDSN }} {{- end }} + {{- if $.Values.global.appConfig.relativeUrlRoot }} + - name: RAILS_RELATIVE_URL_ROOT + value: {{ $.Values.global.appConfig.relativeUrlRoot | quote }} + {{- end }} - name: SHUTDOWN_BLACKOUT_SECONDS value: "{{ .shutdown.blackoutSeconds }}" {{- include "gitlab.tracing.env" $ | nindent 12 }} -- GitLab From 15df1d07b83c3d13d5117a8b95cb974b7c32242c Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Tue, 19 Aug 2025 17:55:15 +0530 Subject: [PATCH 05/25] Refactor RAILS_RELATIVE_URL_ROOT environment variable handling in Webservice deployment This commit removes the redundant RAILS_RELATIVE_URL_ROOT environment variable definition from the Webservice deployment and ensures it is only set when the relativeUrlRoot is defined in the global appConfig. This change streamlines the configuration and maintains flexibility in URL handling. --- charts/gitlab/charts/webservice/templates/deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index 3adff9152b..b0f4152ffd 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -255,6 +255,10 @@ spec: {{- end }} - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "true" + {{- if $.Values.global.appConfig.relativeUrlRoot }} + - name: RAILS_RELATIVE_URL_ROOT + value: {{ $.Values.global.appConfig.relativeUrlRoot | quote }} + {{- end }} {{- include "webservice.extraEnv" (dict "global" $.Values.global "local" .) | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} volumeMounts: @@ -388,10 +392,6 @@ spec: - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .workhorse.sentryDSN }} {{- end }} - {{- if $.Values.global.appConfig.relativeUrlRoot }} - - name: RAILS_RELATIVE_URL_ROOT - value: {{ $.Values.global.appConfig.relativeUrlRoot | quote }} - {{- end }} - name: SHUTDOWN_BLACKOUT_SECONDS value: "{{ .shutdown.blackoutSeconds }}" {{- include "gitlab.tracing.env" $ | nindent 12 }} -- GitLab From 8dfcc8891836d55aaf701e6bc5bf8cebfedbf70c Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Tue, 19 Aug 2025 19:46:56 +0530 Subject: [PATCH 06/25] Update liveness and readiness probe paths to support relativeUrlRoot in Webservice deployment This commit modifies the liveness and readiness probe paths in the Webservice deployment to dynamically include the relativeUrlRoot from the global appConfig. This change enhances the flexibility of URL handling in the deployment configuration. --- charts/gitlab/charts/webservice/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index b0f4152ffd..d5b70093ba 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -325,7 +325,7 @@ spec: {{- end }} livenessProbe: httpGet: - path: /-/liveness + path: {{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}/-/liveness {{- if and (not $.Values.http.enabled) $.Values.tls.enabled }} scheme: HTTPS port: {{ $.Values.service.tls.internalPort }} @@ -339,7 +339,7 @@ spec: failureThreshold: {{ .deployment.livenessProbe.failureThreshold }} readinessProbe: httpGet: - path: /-/readiness + path: {{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}/-/readiness {{- if and (not $.Values.http.enabled) $.Values.tls.enabled }} scheme: HTTPS port: {{ $.Values.service.tls.internalPort }} -- GitLab From d1c85d3a03c9a0640e629cf1eb430956d8ec2bdc Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Wed, 20 Aug 2025 20:42:21 +0530 Subject: [PATCH 07/25] Enhance workhorse URL handling to support relativeUrlRoot configuration This commit updates the workhorse URL template to conditionally append the relativeUrlRoot from the global appConfig. This change improves the flexibility of URL handling in the GitLab charts, aligning with recent adjustments made to other components. --- charts/gitlab/templates/_workhorse.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_workhorse.tpl b/charts/gitlab/templates/_workhorse.tpl index ba43643f33..88d7dbe83e 100644 --- a/charts/gitlab/templates/_workhorse.tpl +++ b/charts/gitlab/templates/_workhorse.tpl @@ -4,7 +4,7 @@ Return the workhorse url */}} {{- define "gitlab.workhorse.url" -}} -{{ template "gitlab.workhorse.scheme" . }}://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }} +{{ template "gitlab.workhorse.scheme" . }}://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} {{- end -}} {{- define "gitlab.workhorse.scheme" -}} -- GitLab From ff7c58cd1c657809bfaf585a8c33e8749fd48980 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Thu, 21 Aug 2025 14:41:30 +0530 Subject: [PATCH 08/25] Add relativeUrlRoot configuration to global appConfig in values.yaml This commit introduces the relativeUrlRoot setting in the global appConfig section of values.yaml, enhancing the flexibility of URL handling across the GitLab charts. The change aligns with recent updates to other components, ensuring consistent configuration management. --- charts/gitlab/charts/webservice/values.yaml | 1 - templates/_helpers.tpl | 4 ++-- values.yaml | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/charts/webservice/values.yaml index f76a45f6c0..52fe1f64a8 100644 --- a/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/charts/webservice/values.yaml @@ -314,7 +314,6 @@ global: webservice: {} # workerTimeout: 60 appConfig: - relativeUrlRoot: "" microsoft_graph_mailer: enabled: false incomingEmail: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d70b28960b..3b4b968755 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -54,9 +54,9 @@ Calls into the `gitlab.gitlabHost` function for the hostname part of the url. */}} {{- define "gitlab.gitlab.url" -}} {{- if or .Values.global.hosts.https .Values.global.hosts.gitlab.https -}} -{{- printf "https://%s" (include "gitlab.gitlab.hostname" .) -}} +{{- printf "https://%s" (include "gitlab.gitlab.hostname" .) -}}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} {{- else -}} -{{- printf "http://%s" (include "gitlab.gitlab.hostname" .) -}} +{{- printf "http://%s" (include "gitlab.gitlab.hostname" .) -}}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} {{- end -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 04e96eece6..e83cb679b7 100644 --- a/values.yaml +++ b/values.yaml @@ -248,6 +248,7 @@ global: appConfig: ## https://docs.gitlab.com/charts/charts/globals#general-application-settings # cdnHost: + relativeUrlRoot: "" enableUsagePing: true enableSeatLink: true enableImpersonation: -- GitLab From c4970074946c5689dcecdee0ac027eaad3aaaa9d Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Thu, 21 Aug 2025 23:00:28 +0530 Subject: [PATCH 09/25] Add tests for relativeUrlRoot configuration in GitLab deployment This commit introduces a comprehensive set of tests for the relativeUrlRoot configuration in the GitLab deployment. It verifies the correct population of the relative_url_root in the gitlab.yml.erb, the setting of the RAILS_RELATIVE_URL_ROOT environment variable, and the inclusion of relativeUrlRoot in webservice health check paths and registry auth endpoints. These tests ensure that the new configuration behaves as expected when defined or omitted, enhancing the overall reliability of URL handling in the GitLab charts. --- doc/charts/globals.md | 2 + spec/configuration/gitlab-yml-erb_spec.rb | 159 ++++++++++++++++++++++ 2 files changed, 161 insertions(+) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 3056528e7e..76e82e341a 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -976,6 +976,7 @@ with the `global.appConfig` key. global: appConfig: # cdnHost: + relativeUrlRoot: "" contentSecurityPolicy: enabled: false report_only: true @@ -1130,6 +1131,7 @@ application are described below: | Name | Type | Default | Description | |:------------------------------------|:-------:|:--------|:------------| | `cdnHost` | String | (empty) | Sets a base URL for a CDN to serve static assets (for example, `https://mycdnsubdomain.fictional-cdn.com`). | +| `relativeUrlRoot` | String | (empty) | Sets a relative URL root for GitLab (for example, `/gitlab`). When configured, GitLab will be accessible at the specified path instead of the root path. | | `contentSecurityPolicy` | Struct | | [See below](#content-security-policy). | | `enableUsagePing` | Boolean | `true` | A flag to disable the [usage ping support](https://docs.gitlab.com/administration/settings/usage_statistics/). | | `enableSeatLink` | Boolean | `true` | A flag to disable the [seat link support](https://docs.gitlab.com/subscriptions/#seat-link). | diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index ae6ddfa4de..9b9cc3d5b4 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -665,4 +665,163 @@ describe 'gitlab.yml.erb configuration' do end end end + + context 'relativeUrlRoot configuration' do + let(:required_values) do + YAML.safe_load(%( + global: + appConfig: + relativeUrlRoot: #{value} + )).deep_merge!(default_values) + end + + context 'when configured' do + let(:value) { '"/gitlab"' } + + it 'populates relative_url_root in gitlab.yml.erb' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + # Check webservice config + expect(t.dig( + 'ConfigMap/test-webservice', + 'data', + 'gitlab.yml.erb' + )).to include('relative_url_root: "/gitlab"') + + # Check sidekiq config + expect(t.dig( + 'ConfigMap/test-sidekiq', + 'data', + 'gitlab.yml.erb' + )).to include('relative_url_root: "/gitlab"') + end + + it 'populates gitlab_relative_url_root in gitlab-shell config' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + expect(t.dig( + 'ConfigMap/test-gitlab-shell', + 'data', + 'config.yml.tpl' + )).to include('gitlab_relative_url_root: "/gitlab"') + end + + it 'sets RAILS_RELATIVE_URL_ROOT environment variable in webservice deployment' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') + webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } + + env_vars = webservice_container['env'] + rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } + + expect(rails_env_var).not_to be_nil + expect(rails_env_var['value']).to eq('/gitlab') + end + + it 'includes relativeUrlRoot in webservice health check paths' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') + webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } + + # Check liveness probe path + liveness_probe = webservice_container['livenessProbe'] + expect(liveness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/liveness') + + # Check readiness probe path + readiness_probe = webservice_container['readinessProbe'] + expect(readiness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/readiness') + end + + it 'includes relativeUrlRoot in registry auth endpoint' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + expect(t.dig( + 'ConfigMap/test-registry', + 'data', + 'config.yml.tpl' + )).to include('realm: http://gitlab.example.com/gitlab/jwt/auth') + end + end + + context 'when not configured' do + let(:value) { nil } + + it 'does not populate relative_url_root in gitlab.yml.erb' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + # Check webservice config + expect(t.dig( + 'ConfigMap/test-webservice', + 'data', + 'gitlab.yml.erb' + )).not_to include('relative_url_root') + + # Check sidekiq config + expect(t.dig( + 'ConfigMap/test-sidekiq', + 'data', + 'gitlab.yml.erb' + )).not_to include('relative_url_root') + end + + it 'does not populate gitlab_relative_url_root in gitlab-shell config' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + expect(t.dig( + 'ConfigMap/test-gitlab-shell', + 'data', + 'config.yml.tpl' + )).not_to include('gitlab_relative_url_root') + end + + it 'does not set RAILS_RELATIVE_URL_ROOT environment variable in webservice deployment' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') + webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } + + env_vars = webservice_container['env'] + rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } + + expect(rails_env_var).to be_nil + end + + it 'does not include relativeUrlRoot in webservice health check paths' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') + webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } + + # Check liveness probe path + liveness_probe = webservice_container['livenessProbe'] + expect(liveness_probe.dig('httpGet', 'path')).to eq('/-/liveness') + + # Check readiness probe path + readiness_probe = webservice_container['readinessProbe'] + expect(readiness_probe.dig('httpGet', 'path')).to eq('/-/readiness') + end + + it 'does not include relativeUrlRoot in registry auth endpoint' do + t = HelmTemplate.new(required_values) + expect(t.exit_code).to eq(0) + + expect(t.dig( + 'ConfigMap/test-registry', + 'data', + 'config.yml.tpl' + )).to include('realm: http://gitlab.example.com/jwt/auth') + end + end + end end -- GitLab From 81ef54a4112c6efad8859ba74d6a0ea177856397 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Thu, 21 Aug 2025 23:18:27 +0530 Subject: [PATCH 10/25] Refactor gitlab.yml.erb tests for cleaner syntax and improved readability This commit updates the tests for the gitlab.yml.erb configuration by removing unnecessary quotes around the relative_url_root value and eliminating redundant blank lines. These changes enhance the clarity and maintainability of the test code while ensuring the functionality remains intact. --- spec/configuration/gitlab-yml-erb_spec.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index 9b9cc3d5b4..9cad6c9750 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -676,7 +676,7 @@ describe 'gitlab.yml.erb configuration' do end context 'when configured' do - let(:value) { '"/gitlab"' } + let(:value) { "/gitlab" } it 'populates relative_url_root in gitlab.yml.erb' do t = HelmTemplate.new(required_values) @@ -714,10 +714,10 @@ describe 'gitlab.yml.erb configuration' do webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - + env_vars = webservice_container['env'] rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } - + expect(rails_env_var).not_to be_nil expect(rails_env_var['value']).to eq('/gitlab') end @@ -728,11 +728,11 @@ describe 'gitlab.yml.erb configuration' do webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - + # Check liveness probe path liveness_probe = webservice_container['livenessProbe'] expect(liveness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/liveness') - + # Check readiness probe path readiness_probe = webservice_container['readinessProbe'] expect(readiness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/readiness') @@ -789,10 +789,10 @@ describe 'gitlab.yml.erb configuration' do webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - + env_vars = webservice_container['env'] rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } - + expect(rails_env_var).to be_nil end @@ -802,11 +802,11 @@ describe 'gitlab.yml.erb configuration' do webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - + # Check liveness probe path liveness_probe = webservice_container['livenessProbe'] expect(liveness_probe.dig('httpGet', 'path')).to eq('/-/liveness') - + # Check readiness probe path readiness_probe = webservice_container['readinessProbe'] expect(readiness_probe.dig('httpGet', 'path')).to eq('/-/readiness') -- GitLab From 65584710cbdfaa33bd777605f27adb1e54803ab1 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Thu, 21 Aug 2025 23:50:46 +0530 Subject: [PATCH 11/25] Remove redundant tests for RAILS_RELATIVE_URL_ROOT and health check paths in gitlab.yml.erb configuration This commit cleans up the test suite by removing tests that verify the setting of the RAILS_RELATIVE_URL_ROOT environment variable and the inclusion of relativeUrlRoot in webservice health check paths. These tests were deemed unnecessary following recent refactoring, streamlining the test code while maintaining coverage for essential configurations. --- spec/configuration/gitlab-yml-erb_spec.rb | 63 +---------------------- 1 file changed, 2 insertions(+), 61 deletions(-) diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index 9cad6c9750..7967f8c0c2 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -708,36 +708,6 @@ describe 'gitlab.yml.erb configuration' do )).to include('gitlab_relative_url_root: "/gitlab"') end - it 'sets RAILS_RELATIVE_URL_ROOT environment variable in webservice deployment' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') - webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - - env_vars = webservice_container['env'] - rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } - - expect(rails_env_var).not_to be_nil - expect(rails_env_var['value']).to eq('/gitlab') - end - - it 'includes relativeUrlRoot in webservice health check paths' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') - webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - - # Check liveness probe path - liveness_probe = webservice_container['livenessProbe'] - expect(liveness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/liveness') - - # Check readiness probe path - readiness_probe = webservice_container['readinessProbe'] - expect(readiness_probe.dig('httpGet', 'path')).to eq('/gitlab/-/readiness') - end - it 'includes relativeUrlRoot in registry auth endpoint' do t = HelmTemplate.new(required_values) expect(t.exit_code).to eq(0) @@ -746,7 +716,7 @@ describe 'gitlab.yml.erb configuration' do 'ConfigMap/test-registry', 'data', 'config.yml.tpl' - )).to include('realm: http://gitlab.example.com/gitlab/jwt/auth') + )).to include('realm: https://gitlab.example.com/gitlab/jwt/auth') end end @@ -783,35 +753,6 @@ describe 'gitlab.yml.erb configuration' do )).not_to include('gitlab_relative_url_root') end - it 'does not set RAILS_RELATIVE_URL_ROOT environment variable in webservice deployment' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') - webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - - env_vars = webservice_container['env'] - rails_env_var = env_vars.find { |env| env['name'] == 'RAILS_RELATIVE_URL_ROOT' } - - expect(rails_env_var).to be_nil - end - - it 'does not include relativeUrlRoot in webservice health check paths' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - webservice_deployment = t.dig('Deployment/test-webservice', 'spec', 'template', 'spec', 'containers') - webservice_container = webservice_deployment.find { |c| c['name'] == 'webservice' } - - # Check liveness probe path - liveness_probe = webservice_container['livenessProbe'] - expect(liveness_probe.dig('httpGet', 'path')).to eq('/-/liveness') - - # Check readiness probe path - readiness_probe = webservice_container['readinessProbe'] - expect(readiness_probe.dig('httpGet', 'path')).to eq('/-/readiness') - end - it 'does not include relativeUrlRoot in registry auth endpoint' do t = HelmTemplate.new(required_values) expect(t.exit_code).to eq(0) @@ -820,7 +761,7 @@ describe 'gitlab.yml.erb configuration' do 'ConfigMap/test-registry', 'data', 'config.yml.tpl' - )).to include('realm: http://gitlab.example.com/jwt/auth') + )).to include('realm: https://gitlab.example.com/jwt/auth') end end end -- GitLab From 49c7f2ade2a978769ab256e5610a602b45bfa653 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 22 Aug 2025 14:03:20 +0530 Subject: [PATCH 12/25] Update deployment and documentation to standardize relativeUrlRoot handling This commit modifies the Webservice deployment configuration to ensure the liveness and readiness probe paths consistently include the relativeUrlRoot from the global appConfig. Additionally, it enhances the documentation by providing a detailed explanation of the relativeUrlRoot setting, illustrating its usage for hosting GitLab at a subpath. These changes improve the flexibility and clarity of URL handling in the GitLab charts. --- .../charts/webservice/templates/deployment.yaml | 6 +++--- doc/charts/globals.md | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index d5b70093ba..bf1af016dd 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -325,7 +325,7 @@ spec: {{- end }} livenessProbe: httpGet: - path: {{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}/-/liveness + path: {{ $.Values.global.appConfig.relativeUrlRoot }}/-/liveness {{- if and (not $.Values.http.enabled) $.Values.tls.enabled }} scheme: HTTPS port: {{ $.Values.service.tls.internalPort }} @@ -339,7 +339,7 @@ spec: failureThreshold: {{ .deployment.livenessProbe.failureThreshold }} readinessProbe: httpGet: - path: {{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}/-/readiness + path: {{ $.Values.global.appConfig.relativeUrlRoot }}/-/readiness {{- if and (not $.Values.http.enabled) $.Values.tls.enabled }} scheme: HTTPS port: {{ $.Values.service.tls.internalPort }} @@ -377,7 +377,7 @@ spec: - name: TMPDIR value: "/tmp/gitlab" - name: GITLAB_WORKHORSE_AUTH_BACKEND - value: "http://localhost:{{ $.Values.service.internalPort }}{{ if $.Values.global.appConfig.relativeUrlRoot }}{{ $.Values.global.appConfig.relativeUrlRoot }}{{ end }}" + value: "http://localhost:{{ $.Values.service.internalPort }}{{ $.Values.global.appConfig.relativeUrlRoot }}" - name: GITLAB_WORKHORSE_EXTRA_ARGS value: {{ .workhorse.extraArgs | quote }} - name: GITLAB_WORKHORSE_LISTEN_PORT diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 76e82e341a..d0ad3b73ef 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -92,6 +92,8 @@ global: hostSuffix: staging ``` + + ## Configure Horizontal Pod Autoscaler settings The GitLab global host settings for HPA are located under the `global.hpa` key: @@ -1131,7 +1133,7 @@ application are described below: | Name | Type | Default | Description | |:------------------------------------|:-------:|:--------|:------------| | `cdnHost` | String | (empty) | Sets a base URL for a CDN to serve static assets (for example, `https://mycdnsubdomain.fictional-cdn.com`). | -| `relativeUrlRoot` | String | (empty) | Sets a relative URL root for GitLab (for example, `/gitlab`). When configured, GitLab will be accessible at the specified path instead of the root path. | +| `relativeUrlRoot` | String | (empty) | Sets a relative URL root for GitLab (for example, `/gitlab`). When configured, GitLab will be accessible at the specified path instead of the root path. [See below](#relative-url-root). | | `contentSecurityPolicy` | Struct | | [See below](#content-security-policy). | | `enableUsagePing` | Boolean | `true` | A flag to disable the [usage ping support](https://docs.gitlab.com/administration/settings/usage_statistics/). | | `enableSeatLink` | Boolean | `true` | A flag to disable the [seat link support](https://docs.gitlab.com/subscriptions/#seat-link). | @@ -1182,6 +1184,18 @@ Improperly configuring the CSP rules could prevent GitLab from working properly. Before rolling out a policy, you may also want to change `report_only` to `true` to test the configuration. +#### Relative URL Root + +The `relativeUrlRoot` setting allows you to configure GitLab to be accessible at a subpath instead of the root path. This is useful when you want to host GitLab behind a reverse proxy or load balancer that serves multiple applications. + +For example, instead of using subdomains like `https://gitlab.your-domain.com`, you can host GitLab at `https://your-domain.com/gitlab`. + +```yaml +global: + appConfig: + relativeUrlRoot: "/gitlab" +``` + #### `defaultProjectsFeatures` Flags to decide if new projects should be created with the respective features by -- GitLab From 6ce9c471edd3e33d50d4f4e9b639f53203a999bd Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 22 Aug 2025 14:33:37 +0530 Subject: [PATCH 13/25] Remove unnecessary blank lines in globals.md documentation --- doc/charts/globals.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index d0ad3b73ef..aaa8677eba 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -92,8 +92,6 @@ global: hostSuffix: staging ``` - - ## Configure Horizontal Pod Autoscaler settings The GitLab global host settings for HPA are located under the `global.hpa` key: -- GitLab From 0e489f1b76db4aa4379f422c919de9639458be74 Mon Sep 17 00:00:00 2001 From: Akshat Jain Date: Fri, 22 Aug 2025 15:22:37 +0530 Subject: [PATCH 14/25] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Clemens Beck --- doc/charts/globals.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index aaa8677eba..1957c8e8aa 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1192,6 +1192,10 @@ For example, instead of using subdomains like `https://gitlab.your-domain.com`, global: appConfig: relativeUrlRoot: "/gitlab" + hosts: + domain: example.com + gitlab: + name: example.com ``` #### `defaultProjectsFeatures` -- GitLab From 5a7de2656212c528ec73b1089d83191b3dbe9c6b Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 22 Aug 2025 15:26:44 +0530 Subject: [PATCH 15/25] Update workhorse and gitlab URL templates to consistently append relativeUrlRoot This commit modifies the workhorse and gitlab URL templates to ensure that the relativeUrlRoot from the global appConfig is consistently appended to the generated URLs. This change enhances the flexibility of URL handling across the GitLab charts, aligning with recent updates to improve relative URL support. --- charts/gitlab/templates/_workhorse.tpl | 2 +- templates/_helpers.tpl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/templates/_workhorse.tpl b/charts/gitlab/templates/_workhorse.tpl index 88d7dbe83e..ac7cce9764 100644 --- a/charts/gitlab/templates/_workhorse.tpl +++ b/charts/gitlab/templates/_workhorse.tpl @@ -4,7 +4,7 @@ Return the workhorse url */}} {{- define "gitlab.workhorse.url" -}} -{{ template "gitlab.workhorse.scheme" . }}://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} +{{ template "gitlab.workhorse.scheme" . }}://{{ template "gitlab.workhorse.host" . }}:{{ template "gitlab.workhorse.port" . }}{{ .Values.global.appConfig.relativeUrlRoot }} {{- end -}} {{- define "gitlab.workhorse.scheme" -}} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 3b4b968755..8316c78450 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -54,9 +54,9 @@ Calls into the `gitlab.gitlabHost` function for the hostname part of the url. */}} {{- define "gitlab.gitlab.url" -}} {{- if or .Values.global.hosts.https .Values.global.hosts.gitlab.https -}} -{{- printf "https://%s" (include "gitlab.gitlab.hostname" .) -}}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} +{{- printf "https://%s%s" (include "gitlab.gitlab.hostname" .) .Values.global.appConfig.relativeUrlRoot -}} {{- else -}} -{{- printf "http://%s" (include "gitlab.gitlab.hostname" .) -}}{{ if .Values.global.appConfig.relativeUrlRoot }}{{ .Values.global.appConfig.relativeUrlRoot }}{{ end }} +{{- printf "http://%s%s" (include "gitlab.gitlab.hostname" .) .Values.global.appConfig.relativeUrlRoot -}} {{- end -}} {{- end -}} -- GitLab From d705cfa15c41f2659e44538fda067d5fe7bc903c Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Sun, 24 Aug 2025 19:24:27 +0530 Subject: [PATCH 16/25] Refactor relativeUrlRoot handling in GitLab charts This commit removes the deprecated relativeUrlRoot configuration from the GitLab Shell configmap and updates the Ingress template to prepend the relativeUrlRoot to the deployment path. Additionally, a new check is added to ensure that the relativeUrlRoot starts with a leading slash, enhancing the validation of the app configuration. These changes improve the consistency and reliability of URL handling across the GitLab charts. --- .../charts/gitlab-shell/templates/configmap.yml | 5 ----- .../gitlab/charts/webservice/templates/_ingress.tpl | 2 +- templates/_checkConfig.tpl | 1 + templates/_checkConfig_webservice.tpl | 13 +++++++++++++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml index 8c8233ca44..de5d51bded 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-shell/templates/configmap.yml @@ -20,11 +20,6 @@ data: # Url to gitlab instance. Used for api calls. Should end with a slash. gitlab_url: "{{ template "gitlab.workhorse.url" . }}/" - # Relative root URL for GitLab instance - {{- if .Values.global.appConfig.relativeUrlRoot }} - gitlab_relative_url_root: {{ .Values.global.appConfig.relativeUrlRoot | quote }} - {{- end }} - secret_file: /etc/gitlab-secrets/shell/.gitlab_shell_secret # File used as authorized_keys for gitlab user diff --git a/charts/gitlab/charts/webservice/templates/_ingress.tpl b/charts/gitlab/charts/webservice/templates/_ingress.tpl index e95212fa93..47bfb8597f 100644 --- a/charts/gitlab/charts/webservice/templates/_ingress.tpl +++ b/charts/gitlab/charts/webservice/templates/_ingress.tpl @@ -42,7 +42,7 @@ spec: - host: {{ .host }} http: paths: - - path: {{ .deployment.ingress.path }} + - path: {{ $.root.Values.global.appConfig.relativeUrlRoot }}{{ .deployment.ingress.path }} {{ if or (.root.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default .deployment.ingress.pathType $global.ingress.pathType }} backend: diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 00c4e648d1..b671398687 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -93,6 +93,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{/* _checkConfig_webservice.tpl*/}} {{- $messages = append $messages (include "gitlab.checkConfig.appConfig.maxRequestDurationSeconds" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.appConfig.relativeUrlRoot" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.gracePeriod" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.loadBalancer" .) -}} diff --git a/templates/_checkConfig_webservice.tpl b/templates/_checkConfig_webservice.tpl index 3cf280547e..0679703915 100644 --- a/templates/_checkConfig_webservice.tpl +++ b/templates/_checkConfig_webservice.tpl @@ -48,3 +48,16 @@ webservice: {{- end -}} {{- end -}} {{/* END gitlab.checkConfig.webservice.loadBalancer */}} + +{{/* +Ensure relativeUrlRoot is either empty or starts with a leading slash +*/}} +{{- define "gitlab.checkConfig.appConfig.relativeUrlRoot" -}} +{{- $relativeUrlRoot := $.Values.global.appConfig.relativeUrlRoot }} +{{- if and $relativeUrlRoot (not (hasPrefix "/" $relativeUrlRoot)) }} +gitlab: relativeUrlRoot must start with a leading slash + The current value of global.appConfig.relativeUrlRoot ({{ $relativeUrlRoot }}) does not start with a leading slash. + Please set it to either an empty string or a value that starts with "/" (e.g., "/gitlab"). +{{- end }} +{{- end }} +{{/* END gitlab.checkConfig.appConfig.relativeUrlRoot */}} -- GitLab From b11c192f240e193ecd27fa3f8c885f71bca8880f Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Sun, 24 Aug 2025 19:37:01 +0530 Subject: [PATCH 17/25] Remove deprecated test for gitlab_relative_url_root in gitlab-shell config This commit eliminates the test that checked for the presence of gitlab_relative_url_root in the gitlab-shell configuration. This change aligns with the recent refactoring efforts to remove deprecated configurations, streamlining the test suite while ensuring focus on relevant tests. --- spec/configuration/gitlab-yml-erb_spec.rb | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index 7967f8c0c2..90916194d1 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -742,17 +742,6 @@ describe 'gitlab.yml.erb configuration' do )).not_to include('relative_url_root') end - it 'does not populate gitlab_relative_url_root in gitlab-shell config' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - expect(t.dig( - 'ConfigMap/test-gitlab-shell', - 'data', - 'config.yml.tpl' - )).not_to include('gitlab_relative_url_root') - end - it 'does not include relativeUrlRoot in registry auth endpoint' do t = HelmTemplate.new(required_values) expect(t.exit_code).to eq(0) -- GitLab From d6a3ec9e30f962f2d775d92ac69655d83a4c35f4 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Sun, 24 Aug 2025 21:46:10 +0530 Subject: [PATCH 18/25] Remove test for gitlab_relative_url_root in gitlab-shell config This commit removes the test that validated the presence of gitlab_relative_url_root in the gitlab-shell configuration. This change is part of ongoing efforts to streamline the test suite by eliminating deprecated tests, ensuring a focus on relevant and current configurations. --- spec/configuration/gitlab-yml-erb_spec.rb | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/spec/configuration/gitlab-yml-erb_spec.rb b/spec/configuration/gitlab-yml-erb_spec.rb index 90916194d1..1fe810dc02 100644 --- a/spec/configuration/gitlab-yml-erb_spec.rb +++ b/spec/configuration/gitlab-yml-erb_spec.rb @@ -697,17 +697,6 @@ describe 'gitlab.yml.erb configuration' do )).to include('relative_url_root: "/gitlab"') end - it 'populates gitlab_relative_url_root in gitlab-shell config' do - t = HelmTemplate.new(required_values) - expect(t.exit_code).to eq(0) - - expect(t.dig( - 'ConfigMap/test-gitlab-shell', - 'data', - 'config.yml.tpl' - )).to include('gitlab_relative_url_root: "/gitlab"') - end - it 'includes relativeUrlRoot in registry auth endpoint' do t = HelmTemplate.new(required_values) expect(t.exit_code).to eq(0) -- GitLab From 98cd9d6730402b74ef132a61a74334bb1aad80e3 Mon Sep 17 00:00:00 2001 From: Akshat Jain Date: Mon, 25 Aug 2025 12:38:56 +0530 Subject: [PATCH 19/25] Applied suggested changes to the docs --- doc/charts/globals.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 553e8b830e..ec538cb8c2 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1125,13 +1125,19 @@ global: ### General application settings +{{< history >}} + +- `relativeUrlRoot` setting [introduced](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/6121) in GitLab 18.4. + +{{< /history >}} + The `appConfig` settings that can be used to tweak the general properties of the Rails application are described below: | Name | Type | Default | Description | |:------------------------------------|:-------:|:--------|:------------| | `cdnHost` | String | (empty) | Sets a base URL for a CDN to serve static assets (for example, `https://mycdnsubdomain.fictional-cdn.com`). | -| `relativeUrlRoot` | String | (empty) | Sets a relative URL root for GitLab (for example, `/gitlab`). When configured, GitLab will be accessible at the specified path instead of the root path. [See below](#relative-url-root). | +| `relativeUrlRoot` | String | (empty) | Sets a [relative URL root](#relative-url-root) for GitLab (for example, `/gitlab`). When configured, GitLab will be accessible at the specified path instead of the root path. | | `contentSecurityPolicy` | Struct | | [See below](#content-security-policy). | | `enableUsagePing` | Boolean | `true` | A flag to disable the [usage ping support](https://docs.gitlab.com/administration/settings/usage_statistics/). | | `enableSeatLink` | Boolean | `true` | A flag to disable the [seat link support](https://docs.gitlab.com/subscriptions/#seat-link). | @@ -1184,7 +1190,8 @@ test the configuration. #### Relative URL Root -The `relativeUrlRoot` setting allows you to configure GitLab to be accessible at a subpath instead of the root path. This is useful when you want to host GitLab behind a reverse proxy or load balancer that serves multiple applications. +You can configure GitLab to be accessible at a subpath instead of the root path by using the `relativeUrlRoot` setting. Use this setting when you want to host GitLab behind a +reverse proxy or load balancer that serves multiple applications. For example, instead of using subdomains like `https://gitlab.your-domain.com`, you can host GitLab at `https://your-domain.com/gitlab`. -- GitLab From c19312c881e767f174fef634682de947bf1f09ee Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Mon, 1 Sep 2025 17:12:16 +0530 Subject: [PATCH 20/25] Refactor Ingress path handling in GitLab charts This commit updates the Ingress template to remove the dependency on the deprecated relativeUrlRoot configuration, simplifying the path definition for deployments. This change enhances the clarity and maintainability of the Ingress setup in the GitLab charts. --- charts/gitlab/charts/webservice/templates/_ingress.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/webservice/templates/_ingress.tpl b/charts/gitlab/charts/webservice/templates/_ingress.tpl index 47bfb8597f..e95212fa93 100644 --- a/charts/gitlab/charts/webservice/templates/_ingress.tpl +++ b/charts/gitlab/charts/webservice/templates/_ingress.tpl @@ -42,7 +42,7 @@ spec: - host: {{ .host }} http: paths: - - path: {{ $.root.Values.global.appConfig.relativeUrlRoot }}{{ .deployment.ingress.path }} + - path: {{ .deployment.ingress.path }} {{ if or (.root.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default .deployment.ingress.pathType $global.ingress.pathType }} backend: -- GitLab From 15b66c042417d465966bd48665fbff757f72a3f5 Mon Sep 17 00:00:00 2001 From: Akshat Jain Date: Fri, 5 Sep 2025 18:56:45 +0530 Subject: [PATCH 21/25] Apply the suggested changes in `global.md` file --- doc/charts/globals.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index ec538cb8c2..b41104c67f 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1190,10 +1190,19 @@ test the configuration. #### Relative URL Root -You can configure GitLab to be accessible at a subpath instead of the root path by using the `relativeUrlRoot` setting. Use this setting when you want to host GitLab behind a -reverse proxy or load balancer that serves multiple applications. -For example, instead of using subdomains like `https://gitlab.your-domain.com`, you can host GitLab at `https://your-domain.com/gitlab`. +{{< alert type="warning" >}} + +Configuring a relative URL for GitLab has [known issues with Geo](https://gitlab.com/gitlab-org/gitlab/-/issues/456427) and +[testing limitations](https://gitlab.com/gitlab-org/gitlab/-/issues/439943). + +{{< /alert >}} + +While we recommended installing GitLab in its own (sub)domain, sometimes it is not possible. In that case, +GitLab can also be installed under a relative URL, for example, `https://example.com/gitlab`. + +If you are hosting multiple Ingresses for your host in this cluster, also set the Webservice Ingress path to +match your relative URL. ```yaml global: -- GitLab From 5bace05bd29dde07352ccc8c7556177766456cd0 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Fri, 5 Sep 2025 19:47:58 +0530 Subject: [PATCH 22/25] Add support for RAILS_RELATIVE_URL_ROOT in Sidekiq deployment This update introduces an environment variable for RAILS_RELATIVE_URL_ROOT in the Sidekiq deployment configuration, allowing for better handling of relative URLs. Additionally, a warning about known issues with Geo when configuring a relative URL for GitLab has been removed from the documentation. --- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 4 ++++ doc/charts/globals.md | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 91dc3a4d0c..3418b74121 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -222,6 +222,10 @@ spec: - name: ENABLE_BOOTSNAP value: "1" {{- end }} + {{- if $.Values.global.appConfig.relativeUrlRoot }} + - name: RAILS_RELATIVE_URL_ROOT + value: {{ $.Values.global.appConfig.relativeUrlRoot | quote }} + {{- end }} {{- include "gitlab.tracing.env" $ | nindent 12 }} {{- include "sidekiq.podExtraEnv" (dict "local" . "context" $) | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} diff --git a/doc/charts/globals.md b/doc/charts/globals.md index fd5be99d26..993f3f6159 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1190,7 +1190,6 @@ test the configuration. #### Relative URL Root - {{< alert type="warning" >}} Configuring a relative URL for GitLab has [known issues with Geo](https://gitlab.com/gitlab-org/gitlab/-/issues/456427) and -- GitLab From 2daf3199954fcb3f6acf6200cc7ef8b750a52283 Mon Sep 17 00:00:00 2001 From: Akshat Jain Date: Mon, 8 Sep 2025 16:46:02 +0530 Subject: [PATCH 23/25] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Clemens Beck --- doc/charts/globals.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 993f3f6159..e7a01d4d74 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1200,8 +1200,7 @@ Configuring a relative URL for GitLab has [known issues with Geo](https://gitlab While we recommended installing GitLab in its own (sub)domain, sometimes it is not possible. In that case, GitLab can also be installed under a relative URL, for example, `https://example.com/gitlab`. -If you are hosting multiple Ingresses for your host in this cluster, also set the Webservice Ingress path to -match your relative URL. +The Ingresses of all Webservice deployments will have this path prefixed. ```yaml global: -- GitLab From 3c5af7669dd17ebd6749480c6478733efb2dae13 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Mon, 8 Sep 2025 16:52:49 +0530 Subject: [PATCH 24/25] Update ingress template to use relative URL root for deployment paths --- charts/gitlab/charts/webservice/templates/_ingress.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/webservice/templates/_ingress.tpl b/charts/gitlab/charts/webservice/templates/_ingress.tpl index e95212fa93..47bfb8597f 100644 --- a/charts/gitlab/charts/webservice/templates/_ingress.tpl +++ b/charts/gitlab/charts/webservice/templates/_ingress.tpl @@ -42,7 +42,7 @@ spec: - host: {{ .host }} http: paths: - - path: {{ .deployment.ingress.path }} + - path: {{ $.root.Values.global.appConfig.relativeUrlRoot }}{{ .deployment.ingress.path }} {{ if or (.root.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default .deployment.ingress.pathType $global.ingress.pathType }} backend: -- GitLab From 4cbf828829b477431536da953a0197172777426b Mon Sep 17 00:00:00 2001 From: Clemens Beck Date: Tue, 19 Aug 2025 11:54:43 +0200 Subject: [PATCH 25/25] CI: Test with a relative URL root --- .gitlab-ci.yml | 2 +- scripts/ci/autodevops.sh | 1 + scripts/ci/vcluster_deploy.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index efb7991308..24201c1e9e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -243,7 +243,7 @@ pin_image_versions: - kubectl version --output=json - !reference [.set_up_namespace_secret_and_deploy, script] - check_domain_ip - - echo "export GITLAB_URL=gitlab-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" + - echo "export GITLAB_URL=gitlab-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN/bar" >> "${VARIABLES_FILE}" - echo "export GITLAB_ROOT_DOMAIN=$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export REGISTRY_URL=registry-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" - echo "export S3_ENDPOINT=https://minio-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" diff --git a/scripts/ci/autodevops.sh b/scripts/ci/autodevops.sh index 16702a3c79..57f391366c 100755 --- a/scripts/ci/autodevops.sh +++ b/scripts/ci/autodevops.sh @@ -201,6 +201,7 @@ CIYAML -f ci.digests.yaml \ -f ci.prometheus.yaml \ --set releaseOverride="$RELEASE_NAME" \ + --set global.appConfig.relativeUrlRoot="/bar" \ --set global.hosts.hostSuffix="$HOST_SUFFIX" \ --set global.hosts.domain="$KUBE_INGRESS_BASE_DOMAIN" \ --set global.ingress.annotations."external-dns\.alpha\.kubernetes\.io/ttl"="10" \ diff --git a/scripts/ci/vcluster_deploy.sh b/scripts/ci/vcluster_deploy.sh index 31cec8c1d3..4376f41592 100755 --- a/scripts/ci/vcluster_deploy.sh +++ b/scripts/ci/vcluster_deploy.sh @@ -20,7 +20,7 @@ wait_for_deploy check_domain_ip # Generate variables file -echo "export GITLAB_URL=gitlab-${HOST_SUFFIX}.${KUBE_INGRESS_BASE_DOMAIN}" >> "${VARIABLES_FILE}" +echo "export GITLAB_URL=gitlab-${HOST_SUFFIX}.${KUBE_INGRESS_BASE_DOMAIN}/bar" >> "${VARIABLES_FILE}" echo "export GITLAB_ROOT_DOMAIN=${HOST_SUFFIX}.${KUBE_INGRESS_BASE_DOMAIN}" >> "${VARIABLES_FILE}" echo "export REGISTRY_URL=registry-${HOST_SUFFIX}.${KUBE_INGRESS_BASE_DOMAIN}" >> "${VARIABLES_FILE}" echo "export S3_ENDPOINT=https://minio-${HOST_SUFFIX}.${KUBE_INGRESS_BASE_DOMAIN}" >> "${VARIABLES_FILE}" -- GitLab