From 0243d62399bed0918b3412871685fc2510383e2c Mon Sep 17 00:00:00 2001 From: Lucas Li Date: Thu, 4 Dec 2025 16:33:44 +0900 Subject: [PATCH 1/2] Change the default Registry database setting to prefer mode With the default prefer mode: - For bundled PostgreSQL users, we run registry migrations - For external PostgreSQL users, we reject the settings just like: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4671 We will ask the user to set an explicit setting Changelog: changed --- templates/NOTES.txt | 2 +- templates/_checkConfig_registry.tpl | 3 ++- values.yaml | 6 ++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 21a642adcc..b4498eb05a 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -29,7 +29,7 @@ If you encounter a problem with either the import or operation of the registry, {{- /* if the Container Registry metadata database is in 'prefer' mode */}} {{- if eq (toString .Values.registry.database.enabled) "prefer" }} {{ $WARNING }} -The Container Registry metadata database is set to 'prefer' mode. +We have changed the default setting for the Container Registry metadata database to 'prefer' mode. This means that registry database will be enabled for new installations using the bundled PostgreSQL database. For external PostgreSQL databases, you must explicitly enable/disable the registry database. Carefully review the documentation https://docs.gitlab.com/charts/charts/registry/metadata_database.html for more details. diff --git a/templates/_checkConfig_registry.tpl b/templates/_checkConfig_registry.tpl index e77fca19ea..7c2a6734d9 100644 --- a/templates/_checkConfig_registry.tpl +++ b/templates/_checkConfig_registry.tpl @@ -44,7 +44,8 @@ registry: {{- end -}} {{- if and (eq $.Values.postgresql.install false) (eq (toString $.Values.registry.database.enabled) "prefer") -}} registry: - We detected that `registry.database.enabled` is set to `prefer`, but the bundled PostgreSQL chart is not being deployed. + `registry.database.enabled` is set to `prefer`, but the bundled PostgreSQL chart is not being deployed. + We have changed the default setting for the Container Registry metadata database to 'prefer' mode. When using an external PostgreSQL instance, you must explicitly enable or disable the metadata database. For production environments, we recommend enabling and migrating to the metadata database. diff --git a/values.yaml b/values.yaml index 55a0488554..efe3ba1282 100644 --- a/values.yaml +++ b/values.yaml @@ -1384,8 +1384,10 @@ postgresql: ## Installation & configuration charts/registry ## https://docs.gitlab.com/charts/architecture/decisions#registry ## https://docs.gitlab.com/charts/charts/registry/ -# registry: -# enabled: false +## https://docs.gitlab.com/charts/charts/registry/metadata_database +registry: + database: + enabled: prefer ## Automatic shared secret generation ## https://docs.gitlab.com/charts/installation/secrets -- GitLab From c0f51fdf6b5fee6354e61c02928c585148fcdf24 Mon Sep 17 00:00:00 2001 From: Lucas Li Date: Thu, 4 Dec 2025 18:42:19 +0900 Subject: [PATCH 2/2] Fix unit tests by disabling registry database in fixtures --- .../values-loadbalancing-discover.yaml | 3 + examples/database/values-loadbalancing.yaml | 3 + .../database/values-password-from-vault.yaml | 4 + .../values-per-service-loadbalancing.yaml | 4 + examples/database/values-per-service.yaml | 4 + examples/fips/values.yaml | 3 +- examples/geo/primary.yaml | 70 +++++++++-------- examples/geo/secondary.yaml | 76 ++++++++++--------- examples/ref/10k.yaml | 2 + examples/ref/25k.yaml | 2 + examples/ref/2k.yaml | 2 + examples/ref/3k.yaml | 2 + examples/ref/50k.yaml | 2 + examples/ref/5k.yaml | 2 + examples/ubi/values.yaml | 2 + examples/values-external-database.yaml | 3 + .../database_decomposition_spec.rb | 6 ++ spec/configuration/database_spec.rb | 15 ++++ spec/configuration/image_pull_spec.rb | 3 +- .../check_config/postgresql_spec.rb | 21 +++++ 20 files changed, 158 insertions(+), 71 deletions(-) diff --git a/examples/database/values-loadbalancing-discover.yaml b/examples/database/values-loadbalancing-discover.yaml index 2c4a66bcc1..45d898b54a 100644 --- a/examples/database/values-loadbalancing-discover.yaml +++ b/examples/database/values-loadbalancing-discover.yaml @@ -22,3 +22,6 @@ global: # disconnect_timeout: 120 postgresql: install: false +registry: + database: + enabled: false diff --git a/examples/database/values-loadbalancing.yaml b/examples/database/values-loadbalancing.yaml index f70ef1bfe6..2eabeedd8c 100644 --- a/examples/database/values-loadbalancing.yaml +++ b/examples/database/values-loadbalancing.yaml @@ -9,3 +9,6 @@ global: - secondary-2.db.example postgresql: install: false +registry: + database: + enabled: false diff --git a/examples/database/values-password-from-vault.yaml b/examples/database/values-password-from-vault.yaml index 292bc2dc15..9b333a59f9 100644 --- a/examples/database/values-password-from-vault.yaml +++ b/examples/database/values-password-from-vault.yaml @@ -9,3 +9,7 @@ global: password: useSecret: false file: /vault/secrets/psql-password + +registry: + database: + enabled: false diff --git a/examples/database/values-per-service-loadbalancing.yaml b/examples/database/values-per-service-loadbalancing.yaml index 708b16e7b4..0e260bc67f 100644 --- a/examples/database/values-per-service-loadbalancing.yaml +++ b/examples/database/values-per-service-loadbalancing.yaml @@ -14,3 +14,7 @@ gitlab: psql: host: db.sidekiq port: 5431 + +registry: + database: + enabled: false diff --git a/examples/database/values-per-service.yaml b/examples/database/values-per-service.yaml index 57169ef46a..9dd7396be2 100644 --- a/examples/database/values-per-service.yaml +++ b/examples/database/values-per-service.yaml @@ -10,3 +10,7 @@ gitlab: psql: host: db.sidekiq port: 5431 + +registry: + database: + enabled: false diff --git a/examples/fips/values.yaml b/examples/fips/values.yaml index ec70419ed3..ab3b2b6f49 100644 --- a/examples/fips/values.yaml +++ b/examples/fips/values.yaml @@ -99,7 +99,8 @@ gitlab: # See: https://gitlab.com/gitlab-org/charts/gitlab/tree/master/doc/advanced/external-object-storage registry: + database: + enabled: false storage: secret: my-objectstore-registry-secret # Registry storage secret. key: config - diff --git a/examples/geo/primary.yaml b/examples/geo/primary.yaml index e54d2b5990..5b4a84e83a 100644 --- a/examples/geo/primary.yaml +++ b/examples/geo/primary.yaml @@ -1,34 +1,38 @@ ### Geo Primary - global: - # See docs.gitlab.com/charts/charts/globals - # Configure host & domain - hosts: - domain: example.com - # configure DB connection - psql: - host: geo-1.db.example.com - port: 5432 - password: - secret: geo - key: postgresql-password - # configure geo (primary) - geo: - nodeName: London Office - enabled: true - role: primary - # configure Geo Nginx Controller for internal Geo site traffic - nginx-ingress-geo: - enabled: true - gitlab: - webservice: - # Use the Geo NGINX controller. - ingress: - useGeoClass: true - # Configure an Ingress for internal Geo traffic - extraIngress: - enabled: true - hostname: gitlab.london.example.com - useGeoClass: true - # External DB, disable - postgresql: - install: false +global: + # See docs.gitlab.com/charts/charts/globals + # Configure host & domain + hosts: + domain: example.com + # configure DB connection + psql: + host: geo-1.db.example.com + port: 5432 + password: + secret: geo + key: postgresql-password + # configure geo (primary) + geo: + nodeName: London Office + enabled: true + role: primary +# configure Geo Nginx Controller for internal Geo site traffic +nginx-ingress-geo: + enabled: true +gitlab: + webservice: + # Use the Geo NGINX controller. + ingress: + useGeoClass: true + # Configure an Ingress for internal Geo traffic + extraIngress: + enabled: true + hostname: gitlab.london.example.com + useGeoClass: true +# External DB, disable +postgresql: + install: false + +registry: + database: + enabled: false diff --git a/examples/geo/secondary.yaml b/examples/geo/secondary.yaml index e8ec7b1214..f5eefeb9af 100644 --- a/examples/geo/secondary.yaml +++ b/examples/geo/secondary.yaml @@ -1,36 +1,40 @@ - ## Geo Secondary - global: - # See docs.gitlab.com/charts/charts/globals - # Configure host & domain - hosts: - domain: shanghai.example.com - # use a unified URL (same external URL as the primary site) - gitlab: - name: gitlab.example.com - # configure DB connection - psql: - host: geo-2.db.example.com - port: 5432 - password: - secret: geo - key: postgresql-password - # configure geo (secondary) - geo: - enabled: true - role: secondary - nodeName: Shanghai Office - psql: - host: geo-2.db.example.com - port: 5431 - password: - secret: geo - key: geo-postgresql-password - gitlab: - webservice: - # Configure a Ingress for internal Geo traffic - extraIngress: - enabled: true - hostname: shanghai.gitlab.example.com - # External DB, disable - postgresql: - install: false +## Geo Secondary +global: + # See docs.gitlab.com/charts/charts/globals + # Configure host & domain + hosts: + domain: shanghai.example.com + # use a unified URL (same external URL as the primary site) + gitlab: + name: gitlab.example.com + # configure DB connection + psql: + host: geo-2.db.example.com + port: 5432 + password: + secret: geo + key: postgresql-password + # configure geo (secondary) + geo: + enabled: true + role: secondary + nodeName: Shanghai Office + psql: + host: geo-2.db.example.com + port: 5431 + password: + secret: geo + key: geo-postgresql-password +gitlab: + webservice: + # Configure a Ingress for internal Geo traffic + extraIngress: + enabled: true + hostname: shanghai.gitlab.example.com +# External DB, disable +postgresql: + install: false + +registry: + database: + enabled: false diff --git a/examples/ref/10k.yaml b/examples/ref/10k.yaml index 86c8ca798c..003ffb3717 100644 --- a/examples/ref/10k.yaml +++ b/examples/ref/10k.yaml @@ -146,6 +146,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ref/25k.yaml b/examples/ref/25k.yaml index 5494692e34..ff9b9e776a 100644 --- a/examples/ref/25k.yaml +++ b/examples/ref/25k.yaml @@ -146,6 +146,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ref/2k.yaml b/examples/ref/2k.yaml index 16245cd300..7b83b1bfac 100644 --- a/examples/ref/2k.yaml +++ b/examples/ref/2k.yaml @@ -133,6 +133,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ref/3k.yaml b/examples/ref/3k.yaml index 51f6e7c8c3..d128076890 100644 --- a/examples/ref/3k.yaml +++ b/examples/ref/3k.yaml @@ -137,6 +137,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ref/50k.yaml b/examples/ref/50k.yaml index e5815cbdab..4b218e7b33 100644 --- a/examples/ref/50k.yaml +++ b/examples/ref/50k.yaml @@ -146,6 +146,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ref/5k.yaml b/examples/ref/5k.yaml index d1f253472f..831df265d6 100644 --- a/examples/ref/5k.yaml +++ b/examples/ref/5k.yaml @@ -137,6 +137,8 @@ nginx-ingress: workload: webservice registry: + database: + enabled: false storage: extraKey: gcs.json key: registry-config diff --git a/examples/ubi/values.yaml b/examples/ubi/values.yaml index 6d019efbb3..69ca0cc15c 100644 --- a/examples/ubi/values.yaml +++ b/examples/ubi/values.yaml @@ -99,6 +99,8 @@ gitlab: # See: https://gitlab.com/gitlab-org/charts/gitlab/tree/master/doc/advanced/external-object-storage registry: + database: + enabled: false storage: secret: my-objectstore-registry-secret # Registry storage secret. key: config diff --git a/examples/values-external-database.yaml b/examples/values-external-database.yaml index 3e9b33489a..c60b3e865c 100644 --- a/examples/values-external-database.yaml +++ b/examples/values-external-database.yaml @@ -12,3 +12,6 @@ global: database: mydb username: myusername +registry: + database: + enabled: false diff --git a/spec/configuration/database_decomposition_spec.rb b/spec/configuration/database_decomposition_spec.rb index ccaaf4c524..9d7228f16d 100644 --- a/spec/configuration/database_decomposition_spec.rb +++ b/spec/configuration/database_decomposition_spec.rb @@ -155,6 +155,9 @@ describe 'Database configuration' do - b.sidekiq.global postgresql: # must disable for load_balancing install: false + registry: + database: + enabled: false ))) end @@ -297,6 +300,9 @@ describe 'Database configuration' do postgresql: install: false + registry: + database: + enabled: false ))) end diff --git a/spec/configuration/database_spec.rb b/spec/configuration/database_spec.rb index ef9f893c22..d963647d86 100644 --- a/spec/configuration/database_spec.rb +++ b/spec/configuration/database_spec.rb @@ -130,6 +130,9 @@ describe 'Database configuration' do - secondary-2 postgresql: install: false + registry: + database: + enabled: false ))) end @@ -156,6 +159,9 @@ describe 'Database configuration' do record: secondary.db.service postgresql: install: false + registry: + database: + enabled: false ))) end @@ -387,6 +393,9 @@ describe 'Database configuration' do default_values.merge(YAML.safe_load(%( postgresql: install: false + registry: + database: + enabled: false global: psql: host: global.primary @@ -421,6 +430,9 @@ describe 'Database configuration' do default_values.merge(YAML.safe_load(%( postgresql: install: false + registry: + database: + enabled: false global: psql: host: global.primary @@ -459,6 +471,9 @@ describe 'Database configuration' do default_values.merge(YAML.safe_load(%( postgresql: install: false + registry: + database: + enabled: false global: psql: host: psql.global diff --git a/spec/configuration/image_pull_spec.rb b/spec/configuration/image_pull_spec.rb index 1b77319cc0..bcf8a7ce36 100644 --- a/spec/configuration/image_pull_spec.rb +++ b/spec/configuration/image_pull_spec.rb @@ -169,6 +169,7 @@ describe 'image configuration' do it 'should have both the global and local imagePullSecrets' do app_label = resource.dig('metadata', 'labels', 'app') + app_label = 'registry' if app_label == 'registry-migrations' expect(resource.dig('spec', 'template', 'spec', 'imagePullSecrets')).to \ include('name' => 'ps-global') expect(resource.dig('spec', 'template', 'spec', 'imagePullSecrets')).to \ @@ -182,7 +183,7 @@ describe 'image configuration' do it 'should use the local imagePullPolicy' do app_label = resource.dig('metadata', 'labels', 'app') - + app_label = 'registry' if app_label == 'registry-migrations' app_label = 'kubectl' if app_label == 'certmanager-issuer' || resource&.dig('metadata', 'name')&.include?('shared-secrets') diff --git a/spec/integration/check_config/postgresql_spec.rb b/spec/integration/check_config/postgresql_spec.rb index ccdcb88273..747b2e63fc 100644 --- a/spec/integration/check_config/postgresql_spec.rb +++ b/spec/integration/check_config/postgresql_spec.rb @@ -16,6 +16,9 @@ describe 'checkConfig postgresql' do hosts: [a, b, c] postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -51,6 +54,9 @@ describe 'checkConfig postgresql' do hosts: [a, b, c] postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -65,6 +71,9 @@ describe 'checkConfig postgresql' do invalid: item postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -87,6 +96,9 @@ describe 'checkConfig postgresql' do hosts: [a, b, c] postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -101,6 +113,9 @@ describe 'checkConfig postgresql' do hosts: a postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -124,6 +139,9 @@ describe 'checkConfig postgresql' do record: secondary postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end @@ -138,6 +156,9 @@ describe 'checkConfig postgresql' do discover: true postgresql: install: false + registry: + database: + enabled: false )).deep_merge!(default_required_values) end -- GitLab