From 9bd55d19336428ca6c6161b771af68792ba77d74 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Wed, 26 Nov 2025 16:28:10 +0530 Subject: [PATCH 1/6] feat: Enable automatic DB reindexing using CronJob Related to https://gitlab.com/gitlab-com/gl-infra/delivery/-/work_items/21668 [Automatic database reindexing] is possible in an Omnibus installation by flipping some configuration values inside the `gitlab.rb` file. As far as I can tell, Helm chart installations that use CNG (Cloud Native GitLab) container images do not have a native method for runnig reindexing periodically. The Toolbox chart already has a CronJob for taking a backup. So, I am proposing that we add a CronJob that will perform automatic database reindexing on a user-specified schedule. The script that is mentioned in this MR is added to the Rails image in this CNG MR: https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/2712 As usual, before running the script, we ensure that the dependencies (Postgres and Redis) are accessible. The script will run a Rake task, which emulates the behavior from Omnibus, when the configuration flags mentioned [here] are enabled: https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/b26f58eb8a5e14be5ee3ddc6c16a8ecf9a462181/files/gitlab-cookbooks/gitlab/recipes/database_reindexing_enable.rb#L27 [Automatic database reindexing]: https://docs.gitlab.com/omnibus/settings/database/#automatic-database-reindexing [here]: https://docs.gitlab.com/omnibus/settings/database/#automatic-database-reindexing Changelog: added --- .../templates/database-reindex-job.yaml | 234 ++++++++++++++++++ charts/gitlab/charts/toolbox/values.yaml | 47 ++++ 2 files changed, 281 insertions(+) create mode 100644 charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml new file mode 100644 index 0000000000..ddf7c7d05e --- /dev/null +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -0,0 +1,234 @@ +{{- if and .Values.enabled .Values.database_reindex.cron.enabled }} +{{- $imageCfg := dict "global" .Values.global.image "local" .Values.image -}} +{{- $initImageCfg := include "gitlab.configure.config" .Values | fromYaml -}} +{{- include "database.datamodel.prepare" . -}} +{{ if or ($.Capabilities.APIVersions.Has "batch/v1/CronJob") (eq $.Values.global.batch.cronJob.apiVersion "batch/v1") -}} +apiVersion: batch/v1 +{{- else -}} +apiVersion: batch/v1beta1 +{{- end }} +kind: CronJob +metadata: + name: {{ template "fullname" . }}-db-reindex + namespace: {{ $.Release.Namespace }} + labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} +spec: + concurrencyPolicy: {{ .Values.database_reindex.cron.concurrencyPolicy }} + failedJobsHistoryLimit: {{ .Values.database_reindex.cron.failedJobsHistoryLimit }} + schedule: {{ .Values.database_reindex.cron.schedule | quote }} + startingDeadlineSeconds: {{ .Values.database_reindex.cron.startingDeadlineSeconds }} + successfulJobsHistoryLimit: {{ .Values.database_reindex.cron.successfulJobsHistoryLimit }} + suspend: {{ .Values.database_reindex.cron.suspend }} + {{- if .Values.database_reindex.cron.timeZone }} + timeZone: {{ .Values.database_reindex.cron.timeZone | quote }} + {{- end }} + jobTemplate: + spec: + backoffLimit: {{ .Values.database_reindex.cron.backoffLimit }} + {{- if .Values.database_reindex.cron.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.database_reindex.cron.activeDeadlineSeconds }} + {{- end }} + {{- if .Values.database_reindex.cron.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.database_reindex.cron.ttlSecondsAfterFinished }} + {{- end }} + template: + metadata: + labels: + {{- include "gitlab.standardLabels" . | nindent 12 }} + {{- include "gitlab.commonLabels" . | nindent 12 }} + {{- include "gitlab.podLabels" . | nindent 12 }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + cluster-autoscaler.kubernetes.io/safe-to-evict: {{ .Values.database_reindex.cron.safeToEvict | quote }} + {{- range $key, $value := .Values.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + restartPolicy: {{ .Values.database_reindex.cron.restartPolicy }} + {{- $tolerations := default .Values.tolerations .Values.database_reindex.cron.tolerations }} + {{- if $tolerations }} + tolerations: + {{- toYaml $tolerations | nindent 12 }} + {{- end }} + {{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 10 }} + {{- if or .Values.serviceAccount.enabled .Values.global.serviceAccount.enabled }} + serviceAccountName: {{ include "gitlab.serviceAccount.name" . }} + {{- end }} + {{- include "gitlab.priorityClassName" . | nindent 10 }} + initContainers: + {{- include "gitlab.extraInitContainers" . | nindent 12 }} + {{- include "gitlab.certificates.initContainer" . | nindent 12 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ include "gitlab.configure.image" (dict "root" $ "image" .Values.init.image) | quote }} + {{- include "gitlab.image.pullPolicy" $initImageCfg | indent 14 }} + {{- include "gitlab.init.containerSecurityContext" . | indent 14 }} + env: + {{- include "gitlab.timeZone.env" $ | nindent 16 }} + {{- include "gitlab.extraEnv" $ | nindent 16 }} + {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 16 }} + volumeMounts: + {{- include "gitlab.extraVolumeMounts" . | nindent 16 }} + {{- include "gitlab.psql.ssl.volumeMount" . | nindent 16 }} + - name: toolbox-config + mountPath: /config + readOnly: true + - name: init-toolbox-secrets + mountPath: /init-config + readOnly: true + - name: toolbox-secrets + mountPath: /init-secrets + readOnly: false + resources: + {{- toYaml .Values.init.resources | nindent 16 }} + {{- include "gitlab.image.pullSecrets" $imageCfg | indent 10 }} + containers: + {{- include "gitlab.extraContainers" . | nindent 12 }} + - name: {{ .Chart.Name }}-db-reindex + args: + - /bin/bash + - -c + - /scripts/wait-for-deps /scripts/db-reindex + image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}{{ include "gitlab.image.tagSuffix" . }}" + {{- include "gitlab.image.pullPolicy" $imageCfg | indent 14 }} + {{- include "gitlab.containerSecurityContext" . | indent 14 }} + env: + - name: ARTIFACTS_BUCKET_NAME + value: {{ .Values.global.appConfig.artifacts.bucket }} + - name: REGISTRY_BUCKET_NAME + value: {{ .Values.global.registry.bucket }} + - name: LFS_BUCKET_NAME + value: {{ .Values.global.appConfig.lfs.bucket }} + - name: UPLOADS_BUCKET_NAME + value: {{ .Values.global.appConfig.uploads.bucket }} + - name: PACKAGES_BUCKET_NAME + value: {{ .Values.global.appConfig.packages.bucket }} + - name: EXTERNAL_DIFFS_BUCKET_NAME + value: {{ .Values.global.appConfig.externalDiffs.bucket }} + - name: TERRAFORM_STATE_BUCKET_NAME + value: {{ .Values.global.appConfig.terraformState.bucket }} + - name: CI_SECURE_FILES_BUCKET_NAME + value: {{ .Values.global.appConfig.ciSecureFiles.bucket }} + - name: BACKUP_BUCKET_NAME + value: {{ .Values.global.appConfig.backups.bucket }} + - name: BACKUP_BACKEND + value: {{ .Values.backups.objectStorage.backend }} + - name: TMP_BUCKET_NAME + value: {{ .Values.global.appConfig.backups.tmpBucket }} + - name: PAGES_BUCKET_NAME + value: {{ .Values.global.pages.objectStore.bucket }} + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/srv/gitlab/config' + {{- include "gitlab.timeZone.env" . | nindent 16 }} + {{- include "gitlab.extraEnv" $ | nindent 16 }} + {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 16 }} + volumeMounts: + {{- include "gitlab.extraVolumeMounts" . | nindent 16 }} + - name: toolbox-config + mountPath: '/var/opt/gitlab/templates' + - name: toolbox-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: toolbox-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: toolbox-tmp + mountPath: '/srv/gitlab/tmp' + {{- if and .Values.database_reindex.cron.persistence.enabled .Values.database_reindex.cron.persistence.subPath }} + subPath: "{{ .Values.database_reindex.cron.persistence.subPath }}" + {{- end }} + readOnly: false + {{- include "gitlab.certificates.volumeMount" . | nindent 16 }} + resources: + {{- toYaml .Values.database_reindex.cron.resources | nindent 16 }} + volumes: + {{- include "gitlab.extraVolumes" . | nindent 12 }} + {{- include "gitlab.psql.ssl.volume" . | nindent 12 }} + - name: toolbox-config + projected: + sources: + - configMap: + name: {{ template "fullname" . }} + - name: toolbox-tmp + {{- if .Values.database_reindex.cron.persistence.enabled }} + {{- if .Values.database_reindex.cron.persistence.useGenericEphemeralVolume }} + ephemeral: + volumeClaimTemplate: + {{- include "toolbox.database_reindex.cron.persistence.persistentVolumeClaim" . | nindent 18 }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-backup-tmp + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + - name: init-toolbox-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.gitlab-shell.authToken.secret" . }} + items: + - key: {{ template "gitlab.gitlab-shell.authToken.key" . }} + path: shell/.gitlab_shell_secret + {{- if $.Values.global.clickhouse.enabled }} + {{- include "gitlab.clickhouse.main.secrets" $ | nindent 16 }} + {{- end }} + {{- include "gitlab.gitaly.clientSecrets" . | nindent 16 }} + {{- include "gitlab.redis.secrets" (dict "globalContext" $) | nindent 16 }} + {{- include "gitlab.redisSentinel.secret" $ | nindent 16 }} + {{- range $.Values.local.psql }} + {{- include "gitlab.psql.secret" . | nindent 16 }} + {{- end }} + {{- if include "gitlab.geo.secondary" $ }} + - secret: + name: {{ template "gitlab.geo.psql.password.secret" . }} + items: + - key: {{ template "gitlab.geo.psql.password.key" . }} + path: postgres/geo-psql-password + {{- end }} + - secret: + name: {{ template "gitlab.registry.certificate.secret" . }} + items: + - key: registry-auth.key + path: registry/gitlab-registry.key + {{- include "gitlab.registry.notificationSecret.mount" $ | nindent 16 -}} + {{- if or .Values.backups.objectStorage.config (not .Values.global.minio.enabled) }} + {{- include "toolbox.backups.objectStorage.config.secret" .Values.backups.objectStorage | nindent 16 }} + {{- end }} + {{- include "gitlab.kas.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.pages.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.minio.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "object_store" "config" $.Values.global.appConfig.object_store) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "artifacts" "config" $.Values.global.appConfig.artifacts) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "lfs" "config" $.Values.global.appConfig.lfs) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "uploads" "config" $.Values.global.appConfig.uploads) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "packages" "config" $.Values.global.appConfig.packages) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "external_diffs" "config" $.Values.global.appConfig.externalDiffs) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "terraform_state" "config" $.Values.global.appConfig.terraformState) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "ci_secure_files" "config" $.Values.global.appConfig.ciSecureFiles) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "dependency_proxy" "config" $.Values.global.appConfig.dependencyProxy) | nindent 16 }} + {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 16 }} + {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.appConfig.microsoftGraphMailer.mountSecrets" $ | nindent 16 }} + - name: toolbox-secrets + emptyDir: + medium: "Memory" + {{- include "gitlab.certificates.volumes" . | nindent 12 }} + {{- if .Values.database_reindex.cron.nodeSelector }} + nodeSelector: + {{- toYaml .Values.database_reindex.cron.nodeSelector | nindent 12 }} + {{- else }} + {{- include "gitlab.nodeSelector" . | nindent 10 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/charts/toolbox/values.yaml b/charts/gitlab/charts/toolbox/values.yaml index 6079c5b79e..b449bcc4ce 100644 --- a/charts/gitlab/charts/toolbox/values.yaml +++ b/charts/gitlab/charts/toolbox/values.yaml @@ -195,6 +195,53 @@ backups: # gcpProject: my-gcp-project-id extra: {} +## Automatic database reindexing +## https://docs.gitlab.com/omnibus/settings/database/#automatic-database-reindexing +database_reindex: + cron: + enabled: false + concurrencyPolicy: Replace + failedJobsHistoryLimit: 1 + schedule: "12 * * * 0,6" + startingDeadlineSeconds: null + successfulJobsHistoryLimit: 3 + suspend: false + backoffLimit: 6 + # activeDeadlineSeconds: + # ttlSecondsAfterFinished: + safeToEvict: false + restartPolicy: "OnFailure" + extraArgs: "" + resources: + # limits: + # cpu: 1 + # memory: 2G + requests: + cpu: 50m + memory: 350M + persistence: + enabled: false + ## Use a generic ephemeral volume. + ## This kind of volume will exist only as long as the pod exists. + ## Requires at least Kubernetes version 1.23. + ## https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes + useGenericEphemeralVolume: false + ## toolbox temporarily Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 10Gi + subPath: "" + ## if volumeName is set, use this existing PersistentVolume + # volumeName: + matchLabels: {} + matchExpressions: [] + rack_attack: git_basic_auth: enabled: false -- GitLab From 1ec9609a3b20332d7d3414a00276672fc6bc34e6 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 28 Nov 2025 10:45:19 +0530 Subject: [PATCH 2/6] fix: Remove everything related to persistence --- .../templates/database-reindex-job.yaml | 14 ----------- charts/gitlab/charts/toolbox/values.yaml | 23 ------------------- 2 files changed, 37 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml index ddf7c7d05e..1c76dfbc71 100644 --- a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -138,9 +138,6 @@ spec: subPath: rails-secrets/secrets.yml - name: toolbox-tmp mountPath: '/srv/gitlab/tmp' - {{- if and .Values.database_reindex.cron.persistence.enabled .Values.database_reindex.cron.persistence.subPath }} - subPath: "{{ .Values.database_reindex.cron.persistence.subPath }}" - {{- end }} readOnly: false {{- include "gitlab.certificates.volumeMount" . | nindent 16 }} resources: @@ -154,18 +151,7 @@ spec: - configMap: name: {{ template "fullname" . }} - name: toolbox-tmp - {{- if .Values.database_reindex.cron.persistence.enabled }} - {{- if .Values.database_reindex.cron.persistence.useGenericEphemeralVolume }} - ephemeral: - volumeClaimTemplate: - {{- include "toolbox.database_reindex.cron.persistence.persistentVolumeClaim" . | nindent 18 }} - {{- else }} - persistentVolumeClaim: - claimName: {{ template "fullname" . }}-backup-tmp - {{- end }} - {{- else }} emptyDir: {} - {{- end }} - name: init-toolbox-secrets projected: defaultMode: 0400 diff --git a/charts/gitlab/charts/toolbox/values.yaml b/charts/gitlab/charts/toolbox/values.yaml index b449bcc4ce..dd968a7bd2 100644 --- a/charts/gitlab/charts/toolbox/values.yaml +++ b/charts/gitlab/charts/toolbox/values.yaml @@ -211,7 +211,6 @@ database_reindex: # ttlSecondsAfterFinished: safeToEvict: false restartPolicy: "OnFailure" - extraArgs: "" resources: # limits: # cpu: 1 @@ -219,28 +218,6 @@ database_reindex: requests: cpu: 50m memory: 350M - persistence: - enabled: false - ## Use a generic ephemeral volume. - ## This kind of volume will exist only as long as the pod exists. - ## Requires at least Kubernetes version 1.23. - ## https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes - useGenericEphemeralVolume: false - ## toolbox temporarily Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 10Gi - subPath: "" - ## if volumeName is set, use this existing PersistentVolume - # volumeName: - matchLabels: {} - matchExpressions: [] rack_attack: git_basic_auth: -- GitLab From ec6a518ba7796d0ec9bbe005306efebe4a2dd3cf Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 28 Nov 2025 10:45:29 +0530 Subject: [PATCH 3/6] fix: Remove environment variables related to backup --- .../charts/toolbox/templates/database-reindex-job.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml index 1c76dfbc71..3b010b4566 100644 --- a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -111,10 +111,6 @@ spec: value: {{ .Values.global.appConfig.terraformState.bucket }} - name: CI_SECURE_FILES_BUCKET_NAME value: {{ .Values.global.appConfig.ciSecureFiles.bucket }} - - name: BACKUP_BUCKET_NAME - value: {{ .Values.global.appConfig.backups.bucket }} - - name: BACKUP_BACKEND - value: {{ .Values.backups.objectStorage.backend }} - name: TMP_BUCKET_NAME value: {{ .Values.global.appConfig.backups.tmpBucket }} - name: PAGES_BUCKET_NAME @@ -188,9 +184,6 @@ spec: - key: registry-auth.key path: registry/gitlab-registry.key {{- include "gitlab.registry.notificationSecret.mount" $ | nindent 16 -}} - {{- if or .Values.backups.objectStorage.config (not .Values.global.minio.enabled) }} - {{- include "toolbox.backups.objectStorage.config.secret" .Values.backups.objectStorage | nindent 16 }} - {{- end }} {{- include "gitlab.kas.mountSecrets" $ | nindent 16 }} {{- include "gitlab.pages.mountSecrets" $ | nindent 16 }} {{- include "gitlab.minio.mountSecrets" $ | nindent 16 }} -- GitLab From ccb88d89d707d5118bdce929092e0d3b402ef251 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 28 Nov 2025 10:46:28 +0530 Subject: [PATCH 4/6] fix: Only support batch/v1 Kubernetes API --- .../gitlab/charts/toolbox/templates/database-reindex-job.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml index 3b010b4566..1d1fdbfcd2 100644 --- a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -2,11 +2,7 @@ {{- $imageCfg := dict "global" .Values.global.image "local" .Values.image -}} {{- $initImageCfg := include "gitlab.configure.config" .Values | fromYaml -}} {{- include "database.datamodel.prepare" . -}} -{{ if or ($.Capabilities.APIVersions.Has "batch/v1/CronJob") (eq $.Values.global.batch.cronJob.apiVersion "batch/v1") -}} apiVersion: batch/v1 -{{- else -}} -apiVersion: batch/v1beta1 -{{- end }} kind: CronJob metadata: name: {{ template "fullname" . }}-db-reindex -- GitLab From 5eb85a3cdd731bbf3bfb2b53ab743373a84415e8 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 28 Nov 2025 10:49:10 +0530 Subject: [PATCH 5/6] fix: Don't inject environment variables that are unnecessary --- .../templates/database-reindex-job.yaml | 22 ++----------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml index 1d1fdbfcd2..0293c5113b 100644 --- a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -91,30 +91,12 @@ spec: {{- include "gitlab.image.pullPolicy" $imageCfg | indent 14 }} {{- include "gitlab.containerSecurityContext" . | indent 14 }} env: - - name: ARTIFACTS_BUCKET_NAME - value: {{ .Values.global.appConfig.artifacts.bucket }} - - name: REGISTRY_BUCKET_NAME - value: {{ .Values.global.registry.bucket }} - - name: LFS_BUCKET_NAME - value: {{ .Values.global.appConfig.lfs.bucket }} - - name: UPLOADS_BUCKET_NAME - value: {{ .Values.global.appConfig.uploads.bucket }} - - name: PACKAGES_BUCKET_NAME - value: {{ .Values.global.appConfig.packages.bucket }} - - name: EXTERNAL_DIFFS_BUCKET_NAME - value: {{ .Values.global.appConfig.externalDiffs.bucket }} - - name: TERRAFORM_STATE_BUCKET_NAME - value: {{ .Values.global.appConfig.terraformState.bucket }} - - name: CI_SECURE_FILES_BUCKET_NAME - value: {{ .Values.global.appConfig.ciSecureFiles.bucket }} - - name: TMP_BUCKET_NAME - value: {{ .Values.global.appConfig.backups.tmpBucket }} - - name: PAGES_BUCKET_NAME - value: {{ .Values.global.pages.objectStore.bucket }} - name: CONFIG_TEMPLATE_DIRECTORY value: '/var/opt/gitlab/templates' - name: CONFIG_DIRECTORY value: '/srv/gitlab/config' + - name: BYPASS_SCHEMA_VERSION + value: 'true' {{- include "gitlab.timeZone.env" . | nindent 16 }} {{- include "gitlab.extraEnv" $ | nindent 16 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 16 }} -- GitLab From d6a69dfb0996fe266c6a53b4ab5e7a2c0802e94f Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Tue, 2 Dec 2025 09:50:55 +0530 Subject: [PATCH 6/6] fix: Database reindexing does not need to run on the secondary site We can see in the [reindexing Rake task] that the Geo tracking database is excluded by default. [reindexing Rake task]: https://gitlab.com/gitlab-org/gitlab/blob/700db0f103651e068f1376d41ba52961eaed96bb/lib/tasks/gitlab/db.rake#L358-370 Confirmed by @c_fons on Slack: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4665#note_2925745040 --- .../charts/toolbox/templates/database-reindex-job.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml index 0293c5113b..a262be8f98 100644 --- a/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml +++ b/charts/gitlab/charts/toolbox/templates/database-reindex-job.yaml @@ -149,13 +149,6 @@ spec: {{- range $.Values.local.psql }} {{- include "gitlab.psql.secret" . | nindent 16 }} {{- end }} - {{- if include "gitlab.geo.secondary" $ }} - - secret: - name: {{ template "gitlab.geo.psql.password.secret" . }} - items: - - key: {{ template "gitlab.geo.psql.password.key" . }} - path: postgres/geo-psql-password - {{- end }} - secret: name: {{ template "gitlab.registry.certificate.secret" . }} items: -- GitLab