diff --git a/charts/gitlab/charts/migrations/templates/_helpers.tpl b/charts/gitlab/charts/migrations/templates/_helpers.tpl index d5565b3315d2189d7e42dcc9bd49174ecca253ca..e9e69e726a6450c53d03a380d33516e2590fa7d4 100644 --- a/charts/gitlab/charts/migrations/templates/_helpers.tpl +++ b/charts/gitlab/charts/migrations/templates/_helpers.tpl @@ -7,7 +7,13 @@ upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a randome value to reduce collision */}} -{{- define "migrations.jobname" -}} + +{{- define "migrations.predeploy.jobname" -}} +{{- $name := include "fullname" . | trunc 55 | trimSuffix "-" -}} +{{- printf "%s-predeploy.%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "migrations.predeploy.jobname" -}} {{- $name := include "fullname" . | trunc 55 | trimSuffix "-" -}} -{{- printf "%s.%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-postdeploy.%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/charts/gitlab/charts/migrations/templates/job.yaml b/charts/gitlab/charts/migrations/templates/job.yaml index 2b6007a23ed27fa1a0fc25f68afee1d9944d2cff..f377d9a0fb5be8890fa3cc6c62d6cdc69b100f76 100644 --- a/charts/gitlab/charts/migrations/templates/job.yaml +++ b/charts/gitlab/charts/migrations/templates/job.yaml @@ -2,9 +2,12 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "migrations.jobname" . }} + name: {{ template "migrations.predeploy.jobname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + "helm.sh/hook": pre-upgrade,post-install + "helm.sh/hook-delete-policy": hook-succeeded spec: template: metadata: @@ -39,6 +42,10 @@ spec: - /scripts/db-migrate {{ template "gitlab.imagePullPolicy" . }} env: + {{- if .Release.IsUpgrade -}} + - name: SKIP_POST_DEPLOYMENT_MIGRATIONS + value: "true" + {{- end -}} - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN valueFrom: secretKeyRef: diff --git a/charts/gitlab/charts/migrations/templates/post-deploy-job.yaml b/charts/gitlab/charts/migrations/templates/post-deploy-job.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b16168af1b083c3be21913bb3835e56f899311e7 --- /dev/null +++ b/charts/gitlab/charts/migrations/templates/post-deploy-job.yaml @@ -0,0 +1,103 @@ +{{- if and .Values.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "migrations.postdeploy.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + initContainers: + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false + restartPolicy: OnFailure +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: migrations-config + configMap: + name: {{ template "fullname" . }} + - name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password + - name: migrations-secrets + emptyDir: + medium: "Memory" + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/charts/migrations/templates/pre-deploy-job.yaml b/charts/gitlab/charts/migrations/templates/pre-deploy-job.yaml new file mode 100644 index 0000000000000000000000000000000000000000..80997512f262636a6b8052616226ba97bf19f0d5 --- /dev/null +++ b/charts/gitlab/charts/migrations/templates/pre-deploy-job.yaml @@ -0,0 +1,104 @@ +{{- if .Values.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "migrations.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + initContainers: + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false + restartPolicy: OnFailure +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + {{- if .Release.IsUpgrade -}} + - name: SKIP_POST_DEPLOYMENT_MIGRATIONS + value: "true" + {{- end -}} + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: migrations-config + configMap: + name: {{ template "fullname" . }} + - name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password + - name: migrations-secrets + emptyDir: + medium: "Memory" + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} +{{- end }}