From 766ddee1de7f214a92a2a1affead10c76f42f82a Mon Sep 17 00:00:00 2001 From: Luke Addison Date: Thu, 9 Aug 2018 22:23:52 +0100 Subject: [PATCH 01/25] Add gitlab operator --- .../charts/unicorn/templates/deployment.yaml | 7 + charts/shared-secrets/templates/job.yaml | 3 + templates/application.yaml | 141 ++++++++++++++++++ values.yaml | 2 + 4 files changed, 153 insertions(+) diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index b27b78936f..e52194a04b 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: name: {{ template "fullname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} + {{- if .Values.global.operator.enabled }} + annotations: + gitlab.com/version: {{ .Values.global.gitlabVersion }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} selector: @@ -17,6 +21,9 @@ spec: app: {{ template "name" . }} release: {{ .Release.Name }} annotations: + {{- if .Values.global.operator.enabled }} + gitlab.com/version: {{ .Values.global.gitlabVersion }} + {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yml") . | sha256sum }} {{- if .Values.metrics.enabled }} {{ toYaml .Values.metrics.annotations | indent 8 }} diff --git a/charts/shared-secrets/templates/job.yaml b/charts/shared-secrets/templates/job.yaml index dcbe1615e4..ae10ba0e23 100644 --- a/charts/shared-secrets/templates/job.yaml +++ b/charts/shared-secrets/templates/job.yaml @@ -8,6 +8,9 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded spec: + {{- if .Values.global.operator.enabled }} + parallelism: 0 + {{- end }} template: metadata: labels: diff --git a/templates/application.yaml b/templates/application.yaml index 2cb155eb27..e6a0b03af0 100644 --- a/templates/application.yaml +++ b/templates/application.yaml @@ -102,3 +102,144 @@ spec: - apiVersion: policy/v1beta1 kind: PodDisruptionBudget {{- end -}} +{{- if .Values.global.operator.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gitlab-crd-installer + annotations: + "helm.sh/hook-weight": "-1" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: gitlab-crd-installer + spec: + serviceAccount: gitlab-crd-installer + restartPolicy: Never + containers: + - name: hyperkube + image: gcr.io/google_containers/hyperkube:v1.9.0 + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: gitlab-crd-installer +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitlab-crd-installer + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + crd.yaml: | + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: gitlabs.gitlab.com + spec: + group: gitlab.com + names: + kind: GitLab + plural: gitlabs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + type: + type: string + version: + type: string + required: + - version + - type + type: object + status: + type: object + type: object + version: v1beta1 + --- + apiVersion: gitlab.com/v1beta1 + kind: GitLab + metadata: + labels: + controller-tools.k8s.io: "1.0" + name: gitlab + spec: + version: {{ .Values.global.gitlabVersion | quote }} + type: "ee" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitlab-crd-installer + labels: + app: gitlab-crd-installer + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitlab-crd-installer + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitlab-crd-installer + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitlab-crd-installer +subjects: + - kind: ServiceAccount + name: gitlab-crd-installer + namespace: default +{{- end -}} \ No newline at end of file diff --git a/values.yaml b/values.yaml index 0d3295083d..1d173592f8 100644 --- a/values.yaml +++ b/values.yaml @@ -3,6 +3,8 @@ global: # gitlabVersion: master + operator: + enabled: false application: create: false links: [] -- GitLab From b0915c16d7bd0e4e1bfe670e88c0b5cfdd02fbee Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Fri, 17 Aug 2018 17:08:34 +0100 Subject: [PATCH 02/25] Move to operator chart --- charts/gitlab/charts/operator/.helmignore | 21 +++ charts/gitlab/charts/operator/Chart.yaml | 17 ++ .../gitlab/charts/operator/templates/crd.yaml | 162 ++++++++++++++++++ charts/gitlab/charts/operator/values.yaml | 8 + templates/application.yaml | 141 --------------- 5 files changed, 208 insertions(+), 141 deletions(-) create mode 100644 charts/gitlab/charts/operator/.helmignore create mode 100644 charts/gitlab/charts/operator/Chart.yaml create mode 100644 charts/gitlab/charts/operator/templates/crd.yaml create mode 100644 charts/gitlab/charts/operator/values.yaml diff --git a/charts/gitlab/charts/operator/.helmignore b/charts/gitlab/charts/operator/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/charts/gitlab/charts/operator/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml new file mode 100644 index 0000000000..f0163c37c7 --- /dev/null +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +name: operator +version: 0.0.1 +appVersion: master +description: Gitlab operator for managing upgrades +keywords: +- gitlab +- operator +home: https://about.gitlab.com/ +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg +sources: +- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/operator +- https://gitlab.com/gitlab-org/distribution/gitlab-operator +maintainers: +- name: GitLab Inc. + email: support@gitlab.com diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml new file mode 100644 index 0000000000..c72fafc65e --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -0,0 +1,162 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-1" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }}-crd-installer +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-crd-installer + restartPolicy: Never + containers: + - name: hyperkube + image: gcr.io/google_containers/hyperkube:v1.9.0 + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: {{ template "fullname" . }}-crd-installer +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + crd.yaml: | + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: gitlabs.gitlab.com + spec: + group: gitlab.com + names: + kind: GitLab + plural: gitlabs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + helmRelease: + type: string + type: + type: string + version: + type: string + required: + - version + - type + - helmRelease + type: object + status: + type: object + type: object + version: v1beta1 + status: + acceptedNames: + kind: "" + plural: "" + conditions: null + + --- + apiVersion: gitlab.com/v1beta1 + kind: GitLab + metadata: + labels: + controller-tools.k8s.io: "1.0" +{{ include "gitlab.standardLabels" $ | indent 8 }} + name: {{ template "fullname" . }} + spec: + version: {{ .Values.global.gitlabVersion | quote }} + type: "ee" + helmRelease: {{ .Release.Name }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: + app: {{ template "fullname" . }}-crd-installer +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-crd-installer +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-crd-installer + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml new file mode 100644 index 0000000000..04b84291a2 --- /dev/null +++ b/charts/gitlab/charts/operator/values.yaml @@ -0,0 +1,8 @@ +# Default values for sidekiq. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: + pullSecrets: [] + # pullPolicy: IfNotPresent + # tag: latest diff --git a/templates/application.yaml b/templates/application.yaml index e6a0b03af0..2cb155eb27 100644 --- a/templates/application.yaml +++ b/templates/application.yaml @@ -102,144 +102,3 @@ spec: - apiVersion: policy/v1beta1 kind: PodDisruptionBudget {{- end -}} -{{- if .Values.global.operator.enabled }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: gitlab-crd-installer - annotations: - "helm.sh/hook-weight": "-1" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: gitlab-crd-installer - spec: - serviceAccount: gitlab-crd-installer - restartPolicy: Never - containers: - - name: hyperkube - image: gcr.io/google_containers/hyperkube:v1.9.0 - command: - - ./kubectl - - apply - - -f - - /crd/crd.yaml - volumeMounts: - - name: crd - mountPath: /crd - volumes: - - name: crd - configMap: - name: gitlab-crd-installer ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitlab-crd-installer - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -data: - crd.yaml: | - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - controller-tools.k8s.io: "1.0" - name: gitlabs.gitlab.com - spec: - group: gitlab.com - names: - kind: GitLab - plural: gitlabs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - type: - type: string - version: - type: string - required: - - version - - type - type: object - status: - type: object - type: object - version: v1beta1 - --- - apiVersion: gitlab.com/v1beta1 - kind: GitLab - metadata: - labels: - controller-tools.k8s.io: "1.0" - name: gitlab - spec: - version: {{ .Values.global.gitlabVersion | quote }} - type: "ee" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitlab-crd-installer - labels: - app: gitlab-crd-installer - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gitlab-crd-installer - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" -- apiGroups: - - gitlab.com - resources: - - gitlabs - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gitlab-crd-installer - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gitlab-crd-installer -subjects: - - kind: ServiceAccount - name: gitlab-crd-installer - namespace: default -{{- end -}} \ No newline at end of file -- GitLab From 967d47f78cf7038a8639be739e59360c39877a5e Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 20 Aug 2018 08:36:18 +0100 Subject: [PATCH 03/25] Abstract values of crd install --- charts/gitlab/charts/operator/templates/crd.yaml | 4 +++- charts/gitlab/charts/operator/values.yaml | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml index c72fafc65e..92e69a89ea 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -19,9 +19,11 @@ spec: spec: serviceAccount: {{ template "fullname" . }}-crd-installer restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} containers: - name: hyperkube - image: gcr.io/google_containers/hyperkube:v1.9.0 + image: "{{ .Values.image.crd..repository }}:{{ .Values.image.crd.tag }}" + {{ template "gitlab.crd.imagePullPolicy" . }} command: - ./kubectl - apply diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 04b84291a2..15453c067f 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -6,3 +6,12 @@ image: pullSecrets: [] # pullPolicy: IfNotPresent # tag: latest + +# Install the operator as well +install: true +crd: + image: + repository: gcr.io/google_containers/hyperkube + tag: v1.9.0 + pullSecrets: [] + #pullPolicy: IfNotPresent -- GitLab From 7b025d27d6012cd64478764eed00f0e39b5863c4 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 20 Aug 2018 09:32:06 +0100 Subject: [PATCH 04/25] Fixes for crd install --- charts/gitlab/charts/operator/templates/crd.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml index 92e69a89ea..cb4aa5759c 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -22,8 +22,8 @@ spec: {{- include "pullsecrets" $.Values.image | indent 6}} containers: - name: hyperkube - image: "{{ .Values.image.crd..repository }}:{{ .Values.image.crd.tag }}" - {{ template "gitlab.crd.imagePullPolicy" . }} + image: "{{ .Values.crd.image.repository }}:{{ .Values.crd.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} command: - ./kubectl - apply @@ -100,11 +100,12 @@ data: metadata: labels: controller-tools.k8s.io: "1.0" + revision: "{{ .Release.Revision }}" {{ include "gitlab.standardLabels" $ | indent 8 }} name: {{ template "fullname" . }} spec: version: {{ .Values.global.gitlabVersion | quote }} - type: "ee" + type: "" helmRelease: {{ .Release.Name }} --- apiVersion: v1 -- GitLab From 88842a3df6a3341723ec06f17c60578b34737d4d Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 20 Aug 2018 14:59:59 +0100 Subject: [PATCH 05/25] Add RBAC for operator --- .../gitlab/charts/operator/templates/crd.yaml | 96 ++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml index cb4aa5759c..9eaac4f2df 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -93,7 +93,75 @@ data: kind: "" plural: "" conditions: null - + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + creationTimestamp: null + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + rules: + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" $ | indent 8 }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }} + subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace | quote }} --- apiVersion: gitlab.com/v1beta1 kind: GitLab @@ -143,6 +211,32 @@ rules: - gitlabs verbs: - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - "*" +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - "*" +- apiGroups: + - batch + resources: + - jobs + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -- GitLab From 02f299c0f6f73fe2959f1da5a66fbf0c25edc883 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 20 Aug 2018 17:31:44 +0100 Subject: [PATCH 06/25] Add operator deployment + fix roles --- .../gitlab/charts/operator/templates/crd.yaml | 43 +++++++++++++++++-- charts/gitlab/charts/operator/values.yaml | 14 +++++- 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml index 9eaac4f2df..a1a9502aff 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -114,6 +114,7 @@ data: resources: - deployments - statefulsets + - daemonsets verbs: - get - list @@ -123,9 +124,9 @@ data: - patch - delete - apiGroups: - - batch + - "" resources: - - jobs + - pods verbs: - get - list @@ -135,9 +136,9 @@ data: - patch - delete - apiGroups: - - gitlab.com + - batch resources: - - gitlabs + - jobs verbs: - get - list @@ -146,6 +147,12 @@ data: - update - patch - delete + - apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -163,6 +170,32 @@ data: name: {{ template "fullname" . }} namespace: {{ .Release.Namespace | quote }} --- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 8 }} + spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "fullname" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + {{ template "gitlab.imagePullPolicy" . }} + resources: +{{ toYaml .Values.resources | indent 16 }} + --- apiVersion: gitlab.com/v1beta1 kind: GitLab metadata: @@ -222,6 +255,7 @@ rules: - "" resources: - serviceaccounts + - pods verbs: - "*" - apiGroups: @@ -229,6 +263,7 @@ rules: resources: - deployments - statefulsets + - daemonsets verbs: - "*" - apiGroups: diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 15453c067f..04385ce389 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -2,10 +2,12 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. image: - repository: + repository: registry.gitlab.com/gitlab-org/distribution/gitlab-operator + tag: latest pullSecrets: [] # pullPolicy: IfNotPresent - # tag: latest + +replicaCount: 1 # Install the operator as well install: true @@ -15,3 +17,11 @@ crd: tag: v1.9.0 pullSecrets: [] #pullPolicy: IfNotPresent + +resources: + # limits: + # cpu: 1 + # memory: 2G + requests: + cpu: 100m + memory: 64M -- GitLab From d5d92d886c6778d438aee4561bc825fa1e6531a6 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 20 Aug 2018 18:52:35 +0100 Subject: [PATCH 07/25] Separate gitlab set into its own --- .../gitlab/charts/operator/templates/crd.yaml | 27 ++--- .../charts/operator/templates/gitlab.yaml | 113 ++++++++++++++++++ charts/gitlab/charts/operator/values.yaml | 6 +- 3 files changed, 123 insertions(+), 23 deletions(-) create mode 100644 charts/gitlab/charts/operator/templates/gitlab.yaml diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd.yaml index a1a9502aff..e11d3ad065 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.operator.enabled }} +{{- if and .Values.global.operator.enabled .Values.install.enabled }} --- apiVersion: batch/v1 kind: Job @@ -7,7 +7,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - "helm.sh/hook-weight": "-1" + "helm.sh/hook-weight": "-3" "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded spec: @@ -22,7 +22,7 @@ spec: {{- include "pullsecrets" $.Values.image | indent 6}} containers: - name: hyperkube - image: "{{ .Values.crd.image.repository }}:{{ .Values.crd.image.tag }}" + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" {{ template "gitlab.imagePullPolicy" . }} command: - ./kubectl @@ -44,7 +44,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - "helm.sh/hook-weight": "-2" + "helm.sh/hook-weight": "-4" "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded data: @@ -195,19 +195,6 @@ data: {{ template "gitlab.imagePullPolicy" . }} resources: {{ toYaml .Values.resources | indent 16 }} - --- - apiVersion: gitlab.com/v1beta1 - kind: GitLab - metadata: - labels: - controller-tools.k8s.io: "1.0" - revision: "{{ .Release.Revision }}" -{{ include "gitlab.standardLabels" $ | indent 8 }} - name: {{ template "fullname" . }} - spec: - version: {{ .Values.global.gitlabVersion | quote }} - type: "" - helmRelease: {{ .Release.Name }} --- apiVersion: v1 kind: ServiceAccount @@ -217,7 +204,7 @@ metadata: app: {{ template "fullname" . }}-crd-installer {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - "helm.sh/hook-weight": "-2" + "helm.sh/hook-weight": "-4" "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded --- @@ -228,7 +215,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - "helm.sh/hook-weight": "-2" + "helm.sh/hook-weight": "-4" "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded rules: @@ -280,7 +267,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - "helm.sh/hook-weight": "-2" + "helm.sh/hook-weight": "-4" "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded roleRef: diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml new file mode 100644 index 0000000000..82c1f3f461 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab.yaml @@ -0,0 +1,113 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-1" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }}-set-gitlab +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-set-gitlab + restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} + containers: + - name: hyperkube + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: {{ template "fullname" . }}-set-gitlab +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + crd.yaml: | + apiVersion: gitlab.com/v1beta1 + kind: GitLab + metadata: + labels: + controller-tools.k8s.io: "1.0" + revision: "{{ .Release.Revision }}" +{{ include "gitlab.standardLabels" $ | indent 8 }} + name: {{ template "fullname" . }} + spec: + version: {{ .Values.global.gitlabVersion | quote }} + type: "" + helmRelease: {{ .Release.Name }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: + app: {{ template "fullname" . }}-set-gitlab +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-set-gitlab +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-set-gitlab + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 04385ce389..00fd6e8806 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -9,9 +9,9 @@ image: replicaCount: 1 -# Install the operator as well -install: true -crd: +install: + # Install the operator as well + enabled: true image: repository: gcr.io/google_containers/hyperkube tag: v1.9.0 -- GitLab From e15bb37f728fcb442e5a8354950ba054519edfbb Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Tue, 21 Aug 2018 08:23:11 +0100 Subject: [PATCH 08/25] Move to separate files --- .../{crd.yaml => crd-configmap.yaml} | 120 ------------------ .../charts/operator/templates/crd-job.yaml | 39 ++++++ .../charts/operator/templates/crd-rbac.yaml | 85 +++++++++++++ .../operator/templates/gitlab-configmap.yaml | 27 ++++ .../charts/operator/templates/gitlab-job.yaml | 39 ++++++ .../operator/templates/gitlab-rbac.yaml | 51 ++++++++ .../charts/operator/templates/gitlab.yaml | 113 ----------------- 7 files changed, 241 insertions(+), 233 deletions(-) rename charts/gitlab/charts/operator/templates/{crd.yaml => crd-configmap.yaml} (57%) create mode 100644 charts/gitlab/charts/operator/templates/crd-job.yaml create mode 100644 charts/gitlab/charts/operator/templates/crd-rbac.yaml create mode 100644 charts/gitlab/charts/operator/templates/gitlab-configmap.yaml create mode 100644 charts/gitlab/charts/operator/templates/gitlab-job.yaml create mode 100644 charts/gitlab/charts/operator/templates/gitlab-rbac.yaml delete mode 100644 charts/gitlab/charts/operator/templates/gitlab.yaml diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml similarity index 57% rename from charts/gitlab/charts/operator/templates/crd.yaml rename to charts/gitlab/charts/operator/templates/crd-configmap.yaml index e11d3ad065..1ae02c4a93 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -1,42 +1,5 @@ {{- if and .Values.global.operator.enabled .Values.install.enabled }} --- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "fullname" . }}-crd-installer - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-3" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "fullname" . }}-crd-installer -{{ include "gitlab.standardLabels" $ | indent 8 }} - spec: - serviceAccount: {{ template "fullname" . }}-crd-installer - restartPolicy: Never -{{- include "pullsecrets" $.Values.image | indent 6}} - containers: - - name: hyperkube - image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" - {{ template "gitlab.imagePullPolicy" . }} - command: - - ./kubectl - - apply - - -f - - /crd/crd.yaml - volumeMounts: - - name: crd - mountPath: /crd - volumes: - - name: crd - configMap: - name: {{ template "fullname" . }}-crd-installer ---- apiVersion: v1 kind: ConfigMap metadata: @@ -195,87 +158,4 @@ data: {{ template "gitlab.imagePullPolicy" . }} resources: {{ toYaml .Values.resources | indent 16 }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }}-crd-installer - labels: - app: {{ template "fullname" . }}-crd-installer -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-4" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "fullname" . }}-crd-installer - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-4" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" -- apiGroups: - - gitlab.com - resources: - - gitlabs - verbs: - - "*" -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - verbs: - - "*" -- apiGroups: - - "" - resources: - - serviceaccounts - - pods - verbs: - - "*" -- apiGroups: - - apps - resources: - - deployments - - statefulsets - - daemonsets - verbs: - - "*" -- apiGroups: - - batch - resources: - - jobs - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "fullname" . }}-crd-installer - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-4" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "fullname" . }}-crd-installer -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }}-crd-installer - namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-job.yaml b/charts/gitlab/charts/operator/templates/crd-job.yaml new file mode 100644 index 0000000000..d9c439ca4c --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd-job.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.global.operator.enabled .Values.install.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-3" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }}-crd-installer +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-crd-installer + restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} + containers: + - name: hyperkube + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: {{ template "fullname" . }}-crd-installer +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-rbac.yaml b/charts/gitlab/charts/operator/templates/crd-rbac.yaml new file mode 100644 index 0000000000..3f690c8f05 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd-rbac.yaml @@ -0,0 +1,85 @@ +{{- if and .Values.global.operator.enabled .Values.install.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: + app: {{ template "fullname" . }}-crd-installer +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - "*" +- apiGroups: + - "" + resources: + - serviceaccounts + - pods + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - "*" +- apiGroups: + - batch + resources: + - jobs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-crd-installer + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-4" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-crd-installer +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-crd-installer + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml new file mode 100644 index 0000000000..e0e9221c29 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -0,0 +1,27 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +data: + crd.yaml: | + apiVersion: gitlab.com/v1beta1 + kind: GitLab + metadata: + labels: + controller-tools.k8s.io: "1.0" + revision: "{{ .Release.Revision }}" +{{ include "gitlab.standardLabels" $ | indent 8 }} + name: {{ template "fullname" . }} + spec: + version: {{ .Values.global.gitlabVersion | quote }} + type: "" + helmRelease: {{ .Release.Name }} +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-job.yaml b/charts/gitlab/charts/operator/templates/gitlab-job.yaml new file mode 100644 index 0000000000..41e8aba5ec --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-job.yaml @@ -0,0 +1,39 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-1" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }}-set-gitlab +{{ include "gitlab.standardLabels" $ | indent 8 }} + spec: + serviceAccount: {{ template "fullname" . }}-set-gitlab + restartPolicy: Never +{{- include "pullsecrets" $.Values.image | indent 6}} + containers: + - name: hyperkube + image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" + {{ template "gitlab.imagePullPolicy" . }} + command: + - ./kubectl + - apply + - -f + - /crd/crd.yaml + volumeMounts: + - name: crd + mountPath: /crd + volumes: + - name: crd + configMap: + name: {{ template "fullname" . }}-set-gitlab +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml new file mode 100644 index 0000000000..9d367ad04b --- /dev/null +++ b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: + app: {{ template "fullname" . }}-set-gitlab +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: + - gitlab.com + resources: + - gitlabs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-set-gitlab + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + "helm.sh/hook-weight": "-2" + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-set-gitlab +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-set-gitlab + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml deleted file mode 100644 index 82c1f3f461..0000000000 --- a/charts/gitlab/charts/operator/templates/gitlab.yaml +++ /dev/null @@ -1,113 +0,0 @@ -{{- if .Values.global.operator.enabled }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "fullname" . }}-set-gitlab - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-1" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "fullname" . }}-set-gitlab -{{ include "gitlab.standardLabels" $ | indent 8 }} - spec: - serviceAccount: {{ template "fullname" . }}-set-gitlab - restartPolicy: Never -{{- include "pullsecrets" $.Values.image | indent 6}} - containers: - - name: hyperkube - image: "{{ .Values.install.image.repository }}:{{ .Values.install.image.tag }}" - {{ template "gitlab.imagePullPolicy" . }} - command: - - ./kubectl - - apply - - -f - - /crd/crd.yaml - volumeMounts: - - name: crd - mountPath: /crd - volumes: - - name: crd - configMap: - name: {{ template "fullname" . }}-set-gitlab ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "fullname" . }}-set-gitlab - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -data: - crd.yaml: | - apiVersion: gitlab.com/v1beta1 - kind: GitLab - metadata: - labels: - controller-tools.k8s.io: "1.0" - revision: "{{ .Release.Revision }}" -{{ include "gitlab.standardLabels" $ | indent 8 }} - name: {{ template "fullname" . }} - spec: - version: {{ .Values.global.gitlabVersion | quote }} - type: "" - helmRelease: {{ .Release.Name }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }}-set-gitlab - labels: - app: {{ template "fullname" . }}-set-gitlab -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "fullname" . }}-set-gitlab - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -rules: -- apiGroups: - - gitlab.com - resources: - - gitlabs - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "fullname" . }}-set-gitlab - labels: -{{ include "gitlab.standardLabels" $ | indent 4 }} - annotations: - "helm.sh/hook-weight": "-2" - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "fullname" . }}-set-gitlab -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }}-set-gitlab - namespace: {{ .Release.Namespace | quote }} -{{- end }} -- GitLab From 560475c849a6fa29e32aab6e9d740a4aa9bfb49b Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Tue, 21 Aug 2018 08:33:19 +0100 Subject: [PATCH 09/25] Change api version of deployment --- charts/gitlab/charts/operator/templates/crd-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index 1ae02c4a93..afa7124936 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -133,7 +133,7 @@ data: name: {{ template "fullname" . }} namespace: {{ .Release.Namespace | quote }} --- - apiVersion: apps/v1 + apiVersion: apps/v1beta2 kind: Deployment metadata: name: {{ template "fullname" . }} -- GitLab From 51adaed903c651d5eefc4a1209a695be3d5111a8 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Wed, 22 Aug 2018 09:10:54 +0100 Subject: [PATCH 10/25] Address MR comments --- charts/gitlab/charts/operator/templates/crd-rbac.yaml | 1 - .../charts/operator/templates/gitlab-configmap.yaml | 2 +- charts/gitlab/charts/operator/templates/gitlab-job.yaml | 8 ++++---- charts/gitlab/charts/operator/templates/gitlab-rbac.yaml | 1 - 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd-rbac.yaml b/charts/gitlab/charts/operator/templates/crd-rbac.yaml index 3f690c8f05..f43d11989b 100644 --- a/charts/gitlab/charts/operator/templates/crd-rbac.yaml +++ b/charts/gitlab/charts/operator/templates/crd-rbac.yaml @@ -5,7 +5,6 @@ kind: ServiceAccount metadata: name: {{ template "fullname" . }}-crd-installer labels: - app: {{ template "fullname" . }}-crd-installer {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: "helm.sh/hook-weight": "-4" diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index e0e9221c29..f4c3cbd271 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -11,7 +11,7 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded data: - crd.yaml: | + gitlab.yaml: | apiVersion: gitlab.com/v1beta1 kind: GitLab metadata: diff --git a/charts/gitlab/charts/operator/templates/gitlab-job.yaml b/charts/gitlab/charts/operator/templates/gitlab-job.yaml index 41e8aba5ec..0dc1921b89 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-job.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-job.yaml @@ -28,12 +28,12 @@ spec: - ./kubectl - apply - -f - - /crd/crd.yaml + - /gitlab/gitlab.yaml volumeMounts: - - name: crd - mountPath: /crd + - name: gitlab + mountPath: /gitlab volumes: - - name: crd + - name: gitlab configMap: name: {{ template "fullname" . }}-set-gitlab {{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml index 9d367ad04b..61fcf80bd6 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-rbac.yaml @@ -5,7 +5,6 @@ kind: ServiceAccount metadata: name: {{ template "fullname" . }}-set-gitlab labels: - app: {{ template "fullname" . }}-set-gitlab {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: "helm.sh/hook-weight": "-2" -- GitLab From 29fb5a1d92e1dfa88f6f1253bceafe4e7c62c244 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Wed, 22 Aug 2018 11:33:11 +0100 Subject: [PATCH 11/25] Hardcode replica count for Gitlab operator We hardcode this as atm we haven't tested multiple replicas of the operator running at the same time. --- charts/gitlab/charts/operator/templates/crd-configmap.yaml | 2 +- charts/gitlab/charts/operator/values.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index afa7124936..4fdf0fd263 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -140,7 +140,7 @@ data: labels: {{ include "gitlab.standardLabels" . | indent 8 }} spec: - replicas: {{ .Values.replicaCount }} + replicas: 1 selector: matchLabels: app: {{ template "name" . }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 00fd6e8806..e2b38ee6da 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -7,8 +7,6 @@ image: pullSecrets: [] # pullPolicy: IfNotPresent -replicaCount: 1 - install: # Install the operator as well enabled: true -- GitLab From 869060b441d1b22bd2b007fbe79232d22498f6dc Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Fri, 24 Aug 2018 10:40:00 +0100 Subject: [PATCH 12/25] Fixes for gitlab version and labels --- .../gitlab/charts/operator/templates/crd-configmap.yaml | 8 ++++---- charts/gitlab/charts/operator/templates/crd-job.yaml | 1 - .../charts/operator/templates/gitlab-configmap.yaml | 4 ++-- charts/gitlab/charts/operator/templates/gitlab-job.yaml | 1 - charts/gitlab/charts/unicorn/templates/deployment.yaml | 4 ++-- 5 files changed, 8 insertions(+), 10 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index 4fdf0fd263..93a40ee633 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -143,13 +143,13 @@ data: replicas: 1 selector: matchLabels: - app: {{ template "name" . }} - release: {{ .Release.Name }} + component: operator +{{ include "gitlab.standardLabels" . | indent 10 }} template: metadata: labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} + component: operator +{{ include "gitlab.standardLabels" . | indent 12 }} spec: serviceAccountName: {{ template "fullname" . }} containers: diff --git a/charts/gitlab/charts/operator/templates/crd-job.yaml b/charts/gitlab/charts/operator/templates/crd-job.yaml index d9c439ca4c..9148f88b95 100644 --- a/charts/gitlab/charts/operator/templates/crd-job.yaml +++ b/charts/gitlab/charts/operator/templates/crd-job.yaml @@ -14,7 +14,6 @@ spec: template: metadata: labels: - app: {{ template "fullname" . }}-crd-installer {{ include "gitlab.standardLabels" $ | indent 8 }} spec: serviceAccount: {{ template "fullname" . }}-crd-installer diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index f4c3cbd271..d22d49041a 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -19,9 +19,9 @@ data: controller-tools.k8s.io: "1.0" revision: "{{ .Release.Revision }}" {{ include "gitlab.standardLabels" $ | indent 8 }} - name: {{ template "fullname" . }} + name: gitlab-{{ .Release.Name }} spec: - version: {{ .Values.global.gitlabVersion | quote }} + version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion | quote }} type: "" helmRelease: {{ .Release.Name }} {{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-job.yaml b/charts/gitlab/charts/operator/templates/gitlab-job.yaml index 0dc1921b89..6ab1115f71 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-job.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-job.yaml @@ -14,7 +14,6 @@ spec: template: metadata: labels: - app: {{ template "fullname" . }}-set-gitlab {{ include "gitlab.standardLabels" $ | indent 8 }} spec: serviceAccount: {{ template "fullname" . }}-set-gitlab diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index e52194a04b..1f940eb91f 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -7,7 +7,7 @@ metadata: {{ include "gitlab.standardLabels" . | indent 4 }} {{- if .Values.global.operator.enabled }} annotations: - gitlab.com/version: {{ .Values.global.gitlabVersion }} + gitlab.com/version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion }} {{- end }} spec: replicas: {{ .Values.replicaCount }} @@ -22,7 +22,7 @@ spec: release: {{ .Release.Name }} annotations: {{- if .Values.global.operator.enabled }} - gitlab.com/version: {{ .Values.global.gitlabVersion }} + gitlab.com/version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion }} {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yml") . | sha256sum }} {{- if .Values.metrics.enabled }} -- GitLab From a31792360f25966491cdf3452bb5bbb08ddb4e0e Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Wed, 29 Aug 2018 16:10:36 +0200 Subject: [PATCH 13/25] Add BYPASS_SCHEMA_VERSION to unicorn and sidekiq --- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 4 ++++ charts/gitlab/charts/unicorn/templates/deployment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 3a506d2bb0..4df586a49b 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -144,6 +144,10 @@ spec: value: {{ default $concurrency .concurrency | quote }} - name: SIDEKIQ_TIMEOUT value: {{ default $timeout .timeout | quote }} +{{- if $.Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' +{{- end }} {{- if $metricsEnabled }} ports: - containerPort: {{ $metricsPort }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 1f940eb91f..d2ccaebffb 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -121,6 +121,10 @@ spec: {{- if .Values.workhorse.sentryDSN }} - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .Values.workhorse.sentryDSN }} +{{- end }} +{{- if .Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' {{- end }} volumeMounts: {{- if .Values.metrics.enabled }} -- GitLab From e4013d8ccea5617225e44200de31d7b7c49d7116 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Wed, 29 Aug 2018 21:00:41 +0200 Subject: [PATCH 14/25] Add extra hewlper for setting Gitlab version master gets translated to latest. We have to do the same for the version in Gitlab field. We don't want to use vx.y.z notation, but x.y.z as semver notation. --- .../operator/templates/gitlab-configmap.yaml | 2 +- .../charts/unicorn/templates/deployment.yaml | 4 +-- charts/gitlab/templates/_operator.tpl | 26 +++++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 charts/gitlab/templates/_operator.tpl diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index d22d49041a..9c4263bc89 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -21,7 +21,7 @@ data: {{ include "gitlab.standardLabels" $ | indent 8 }} name: gitlab-{{ .Release.Name }} spec: - version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion | quote }} + version: {{ include "gitlab.operator.gitlabVersion" . | quote }} type: "" helmRelease: {{ .Release.Name }} {{- end }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index d2ccaebffb..5c498cf250 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -7,7 +7,7 @@ metadata: {{ include "gitlab.standardLabels" . | indent 4 }} {{- if .Values.global.operator.enabled }} annotations: - gitlab.com/version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion }} + gitlab.com/version: {{ include "gitlab.operator.gitlabVersion" . }} {{- end }} spec: replicas: {{ .Values.replicaCount }} @@ -22,7 +22,7 @@ spec: release: {{ .Release.Name }} annotations: {{- if .Values.global.operator.enabled }} - gitlab.com/version: {{ coalesce .Values.global.gitlabVersion .Chart.AppVersion }} + gitlab.com/version: {{ include "gitlab.operator.gitlabVersion" . }} {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yml") . | sha256sum }} {{- if .Values.metrics.enabled }} diff --git a/charts/gitlab/templates/_operator.tpl b/charts/gitlab/templates/_operator.tpl new file mode 100644 index 0000000000..7d88756e54 --- /dev/null +++ b/charts/gitlab/templates/_operator.tpl @@ -0,0 +1,26 @@ +{{/* +Return the version used of Gitlab +Defaults to using the information from the chart appVersion field, but can be +overridden using the global.gitlabVersion field in values. +*/}} +{{- define "gitlab.operator.gitlabVersion" -}} +{{- template "gitlab.operator.parseAppVersion" (coalesce .Values.global.gitlabVersion .Chart.AppVersion) -}} +{{- end -}} + +{{/* +Returns a Gitlab version from the passed in app version or branchname + +If the version is 'master' we use the 'latest' image tag. +Else if the version is a semver version, we use the 'x.x.x' semver notation. +Else we just use the version passed as the image tag +*/}} +{{- define "gitlab.operator.parseAppVersion" -}} +{{- $appVersion := coalesce . "master" -}} +{{- if eq $appVersion "master" -}} +latest +{{- else if regexMatch "^\\d+\\.\\d+\\.\\d+(-rc\\d+)?(-pre)?$" $appVersion -}} +{{- printf "%s" $appVersion -}} +{{- else -}} +{{- $appVersion -}} +{{- end -}} +{{- end -}} -- GitLab From a931b17f981314f09b0a4ca2714b04e42e43012e Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Thu, 30 Aug 2018 09:09:24 +0200 Subject: [PATCH 15/25] Add changelog --- changelogs/unreleased/658-add-gitlab-operator.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/658-add-gitlab-operator.yml diff --git a/changelogs/unreleased/658-add-gitlab-operator.yml b/changelogs/unreleased/658-add-gitlab-operator.yml new file mode 100644 index 0000000000..b9a957c3e4 --- /dev/null +++ b/changelogs/unreleased/658-add-gitlab-operator.yml @@ -0,0 +1,5 @@ +--- +title: Add Gitlab operator +merge_request: +author: +type: added -- GitLab From 543b3d6479c061c7b1089211d0cc728ae1ce2f98 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Thu, 30 Aug 2018 09:10:30 +0200 Subject: [PATCH 16/25] Add mr to changelog --- changelogs/unreleased/658-add-gitlab-operator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/658-add-gitlab-operator.yml b/changelogs/unreleased/658-add-gitlab-operator.yml index b9a957c3e4..923f1f89ea 100644 --- a/changelogs/unreleased/658-add-gitlab-operator.yml +++ b/changelogs/unreleased/658-add-gitlab-operator.yml @@ -1,5 +1,5 @@ --- title: Add Gitlab operator -merge_request: +merge_request: 435 author: type: added -- GitLab From f207edef62735df126416f0c5b54b97e99918c90 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Thu, 30 Aug 2018 09:43:45 +0200 Subject: [PATCH 17/25] Extend title of changelog --- changelogs/unreleased/658-add-gitlab-operator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/658-add-gitlab-operator.yml b/changelogs/unreleased/658-add-gitlab-operator.yml index 923f1f89ea..294ee7bcd9 100644 --- a/changelogs/unreleased/658-add-gitlab-operator.yml +++ b/changelogs/unreleased/658-add-gitlab-operator.yml @@ -1,5 +1,5 @@ --- -title: Add Gitlab operator +title: Add Gitlab operator to run upgrades of Gitlab merge_request: 435 author: type: added -- GitLab From fbe65ff04606bf6e7ab471fe873ffec4b72d7e9b Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Thu, 30 Aug 2018 17:02:30 +0200 Subject: [PATCH 18/25] Move env var --- charts/gitlab/charts/sidekiq/templates/deployment.yaml | 8 ++++---- charts/gitlab/charts/unicorn/templates/deployment.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 4df586a49b..8acf4bace6 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -115,6 +115,10 @@ spec: value: {{ default $concurrency .concurrency | quote }} - name: SIDEKIQ_TIMEOUT value: {{ default $timeout .timeout | quote }} +{{- if $.Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' +{{- end }} volumeMounts: - name: sidekiq-config mountPath: '/var/opt/gitlab/templates' @@ -144,10 +148,6 @@ spec: value: {{ default $concurrency .concurrency | quote }} - name: SIDEKIQ_TIMEOUT value: {{ default $timeout .timeout | quote }} -{{- if $.Values.global.operator.enabled }} - - name: BYPASS_SCHEMA_VERSION - value: 'true' -{{- end }} {{- if $metricsEnabled }} ports: - containerPort: {{ $metricsPort }} diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 5c498cf250..f0733b4221 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -91,6 +91,10 @@ spec: value: '/var/opt/gitlab/config/gitlab/' - name: WORKHORSE_ARCHIVE_CACHE_DISABLED value: "1" +{{- if .Values.global.operator.enabled }} + - name: BYPASS_SCHEMA_VERSION + value: 'true' +{{- end }} volumeMounts: - name: unicorn-config mountPath: '/var/opt/gitlab/templates' @@ -121,10 +125,6 @@ spec: {{- if .Values.workhorse.sentryDSN }} - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .Values.workhorse.sentryDSN }} -{{- end }} -{{- if .Values.global.operator.enabled }} - - name: BYPASS_SCHEMA_VERSION - value: 'true' {{- end }} volumeMounts: {{- if .Values.metrics.enabled }} -- GitLab From 02392bb6266ba2d6bc63ca9d4995a7807e4e1f5d Mon Sep 17 00:00:00 2001 From: Luke Addison Date: Wed, 22 Aug 2018 13:15:09 +0100 Subject: [PATCH 19/25] Do not create migrations job when operator is enabled --- .../migrations/templates/configmap.yaml | 4 + .../charts/migrations/templates/job.yaml | 2 +- .../operator/templates/crd-configmap.yaml | 80 ++++++++++++++++++- .../operator/templates/gitlab-configmap.yaml | 22 ++++- values.yaml | 6 ++ 5 files changed, 109 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 2c5abca5e8..8aba8dc116 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -2,7 +2,11 @@ apiVersion: v1 kind: ConfigMap metadata: + {{- if .Values.global.operator.enabled }} + name: {{ .Values.global.operator.migrations.configMapName }} + {{- else }} name: {{ template "fullname" . }} + {{- end }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} data: diff --git a/charts/gitlab/charts/migrations/templates/job.yaml b/charts/gitlab/charts/migrations/templates/job.yaml index 0e7a898811..3da92400e5 100644 --- a/charts/gitlab/charts/migrations/templates/job.yaml +++ b/charts/gitlab/charts/migrations/templates/job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.enabled }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index 93a40ee633..b3c03481c6 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -38,13 +38,87 @@ data: properties: helmRelease: type: string - type: - type: string + migrations: + properties: + configMapName: + type: string + gitLabRunnerRegistationToken: + properties: + key: + type: string + name: + type: string + required: + - name + - key + type: object + image: + type: string + initContainer: + properties: + image: + type: string + tag: + type: string + required: + - image + - tag + type: object + initialRootPassword: + properties: + key: + type: string + name: + type: string + required: + - name + - key + type: object + psqlPassword: + properties: + key: + type: string + name: + type: string + required: + - name + - key + type: object + railsSecret: + properties: + key: + type: string + name: + type: string + required: + - name + - key + type: object + redisPassword: + properties: + key: + type: string + name: + type: string + required: + - name + - key + type: object + required: + - image + - configMapName + - initContainer + - railsSecret + - redisPassword + - psqlPassword + - initialRootPassword + - gitLabRunnerRegistationToken + type: object version: type: string required: - version - - type + - migrations - helmRelease type: object status: diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index 9c4263bc89..33a90f8bcf 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -22,6 +22,26 @@ data: name: gitlab-{{ .Release.Name }} spec: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} - type: "" helmRelease: {{ .Release.Name }} + migrations: + configMapName: {{ .Values.global.operator.migrations.configMapName }} + initContainer: + image: {{ .Values.global.operator.migrations.initContainer.image }} + tag: {{ .Values.global.operator.migrations.initContainer.tag }} + image: {{ .Values.global.operator.migrations.image }} + railsSecret: + name: {{ template "gitlab.rails-secrets.secret" . }} + key: secrets.yml + redisPassword: + name: {{ template "gitlab.redis.password.secret" . }} + key: {{ template "gitlab.redis.password.key" . }} + psqlPassword: + name: {{ template "gitlab.psql.password.secret" . }} + key: {{ template "gitlab.psql.password.key" . }} + initialRootPassword: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + gitLabRunnerRegistationToken: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token {{- end }} diff --git a/values.yaml b/values.yaml index 1d173592f8..94d4ba522e 100644 --- a/values.yaml +++ b/values.yaml @@ -5,6 +5,12 @@ global: # gitlabVersion: master operator: enabled: false + migrations: + image: + initContainer: + image: + tag: + configMapName: application: create: false links: [] -- GitLab From e7fc73dfa12b4b961b930fc1394d7e5c56a41408 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Thu, 6 Sep 2018 17:25:15 -0700 Subject: [PATCH 20/25] Update the migrations operator to work with the upstream MR --- charts/gitlab/charts/migrations/templates/configmap.yaml | 2 +- charts/gitlab/charts/operator/templates/crd-configmap.yaml | 4 +++- .../gitlab/charts/operator/templates/gitlab-configmap.yaml | 3 ++- charts/gitlab/charts/operator/values.yaml | 4 ++-- templates/_helpers.tpl | 4 ++++ values.yaml | 7 +++---- 6 files changed, 15 insertions(+), 9 deletions(-) diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 8aba8dc116..3e788d622e 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: {{- if .Values.global.operator.enabled }} - name: {{ .Values.global.operator.migrations.configMapName }} + name: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullname" .) }} {{- else }} name: {{ template "fullname" . }} {{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index b3c03481c6..26c1abf290 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -104,8 +104,11 @@ data: - name - key type: object + tag: + type: string required: - image + - tag - configMapName - initContainer - railsSecret @@ -123,7 +126,6 @@ data: type: object status: type: object - type: object version: v1beta1 status: acceptedNames: diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index 33a90f8bcf..9d60cdfb2c 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -24,11 +24,12 @@ data: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} helmRelease: {{ .Release.Name }} migrations: - configMapName: {{ .Values.global.operator.migrations.configMapName }} + configMapName: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullnameFor" (dict "Chart" "migrations" "Context" . )) }} initContainer: image: {{ .Values.global.operator.migrations.initContainer.image }} tag: {{ .Values.global.operator.migrations.initContainer.tag }} image: {{ .Values.global.operator.migrations.image }} + tag: {{ coalesce .Values.global.operator.migrations.tag (include "gitlab.versionTag" . ) }} railsSecret: name: {{ template "gitlab.rails-secrets.secret" . }} key: secrets.yml diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index e2b38ee6da..461b46dda8 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -3,9 +3,9 @@ # Declare variables to be passed into your templates. image: repository: registry.gitlab.com/gitlab-org/distribution/gitlab-operator - tag: latest + tag: 13-generate-migrations-job-spec-in-operator pullSecrets: [] - # pullPolicy: IfNotPresent + pullPolicy: Always install: # Install the operator as well diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index b44d02a242..691585023e 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -15,6 +15,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "fullnameFor" -}} +{{- printf "%s-%s" .Context.Release.Name .Chart | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* ######### Hostname templates */}} {{/* diff --git a/values.yaml b/values.yaml index 94d4ba522e..1c8525d1e8 100644 --- a/values.yaml +++ b/values.yaml @@ -6,10 +6,10 @@ global: operator: enabled: false migrations: - image: + image: registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee initContainer: - image: - tag: + image: busybox + tag: latest configMapName: application: create: false @@ -243,4 +243,3 @@ gitlab-runner: # enabled: false # gitlab-shell: # enabled: false - -- GitLab From 88ee7e7611b7eecf2dd51d79a56f643b2b0c2a0e Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Fri, 7 Sep 2018 14:43:50 -0700 Subject: [PATCH 21/25] Switch tp providing the full migration job podspec to the gitlab object --- .../operator/templates/crd-configmap.yaml | 80 +----------- .../operator/templates/gitlab-configmap.yaml | 121 ++++++++++++++---- charts/gitlab/charts/operator/values.yaml | 7 +- values.yaml | 6 +- 4 files changed, 113 insertions(+), 101 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index 26c1abf290..e143e5140f 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -38,90 +38,18 @@ data: properties: helmRelease: type: string - migrations: + migrationsJob: properties: - configMapName: - type: string - gitLabRunnerRegistationToken: - properties: - key: - type: string - name: - type: string - required: - - name - - key + template: type: object - image: - type: string - initContainer: - properties: - image: - type: string - tag: - type: string - required: - - image - - tag - type: object - initialRootPassword: - properties: - key: - type: string - name: - type: string - required: - - name - - key - type: object - psqlPassword: - properties: - key: - type: string - name: - type: string - required: - - name - - key - type: object - railsSecret: - properties: - key: - type: string - name: - type: string - required: - - name - - key - type: object - redisPassword: - properties: - key: - type: string - name: - type: string - required: - - name - - key - type: object - tag: - type: string required: - - image - - tag - - configMapName - - initContainer - - railsSecret - - redisPassword - - psqlPassword - - initialRootPassword - - gitLabRunnerRegistationToken + - template type: object version: type: string required: - version - - migrations + - migrationsJob - helmRelease type: object status: diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index 9d60cdfb2c..7dae78f67b 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -23,26 +23,103 @@ data: spec: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} helmRelease: {{ .Release.Name }} - migrations: - configMapName: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullnameFor" (dict "Chart" "migrations" "Context" . )) }} - initContainer: - image: {{ .Values.global.operator.migrations.initContainer.image }} - tag: {{ .Values.global.operator.migrations.initContainer.tag }} - image: {{ .Values.global.operator.migrations.image }} - tag: {{ coalesce .Values.global.operator.migrations.tag (include "gitlab.versionTag" . ) }} - railsSecret: - name: {{ template "gitlab.rails-secrets.secret" . }} - key: secrets.yml - redisPassword: - name: {{ template "gitlab.redis.password.secret" . }} - key: {{ template "gitlab.redis.password.key" . }} - psqlPassword: - name: {{ template "gitlab.psql.password.secret" . }} - key: {{ template "gitlab.psql.password.key" . }} - initialRootPassword: - name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} - gitLabRunnerRegistationToken: - name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} - key: runner-registration-token + migrationsJob: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + initContainers: +{{ include "gitlab.certificates.initContainer" . | indent 14 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.global.operator.migrations.init.image }}:{{ .Values.global.operator.migrations.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false + restartPolicy: OnFailure +{{- include "pullsecrets" .Values.global.operator.migrations.image | indent 12}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.global.operator.migrations.image.repository }}:{{ coalesce .Values.global.operator.migrations.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + - name: BYPASS_SCHEMA_VERSION + value: 'true' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password +{{ include "gitlab.certificates.volumeMount" . | indent 18 }} + resources: + +{{ toYaml .Values.resources | indent 18 }} + volumes: + - name: migrations-config + configMap: + name: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullnameFor" (dict "Chart" "migrations" "Context" . )) }} + - name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password + - name: migrations-secrets + emptyDir: + medium: "Memory" + +{{ include "gitlab.certificates.volumes" . | indent 12 }} + {{- if .Values.global.operator.migrations.nodeSelector }} + nodeSelector: +{{ toYaml .Values.global.operator.migrations.nodeSelector | indent 14 }} + {{- end }} {{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 461b46dda8..cc19f6f20c 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -3,10 +3,15 @@ # Declare variables to be passed into your templates. image: repository: registry.gitlab.com/gitlab-org/distribution/gitlab-operator - tag: 13-generate-migrations-job-spec-in-operator + tag: dj-generate-migrations-job pullSecrets: [] pullPolicy: Always +init: + resources: + requests: + cpu: 50m + install: # Install the operator as well enabled: true diff --git a/values.yaml b/values.yaml index 1c8525d1e8..0549dc6d0f 100644 --- a/values.yaml +++ b/values.yaml @@ -6,8 +6,10 @@ global: operator: enabled: false migrations: - image: registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee - initContainer: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee + # tag: latest + init: image: busybox tag: latest configMapName: -- GitLab From 7eeda92244e9881698b30c50f4abc1236c7d6ad4 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Fri, 7 Sep 2018 15:44:15 -0700 Subject: [PATCH 22/25] Nother attempt at passing the migrations along to the operator --- .../charts/migrations/templates/_podspec.yaml | 92 ++++++++++++++++ .../migrations/templates/configmap.yaml | 16 ++- .../charts/migrations/templates/job.yaml | 91 +--------------- .../operator/templates/gitlab-configmap.yaml | 102 +----------------- values.yaml | 8 -- 5 files changed, 108 insertions(+), 201 deletions(-) create mode 100644 charts/gitlab/charts/migrations/templates/_podspec.yaml diff --git a/charts/gitlab/charts/migrations/templates/_podspec.yaml b/charts/gitlab/charts/migrations/templates/_podspec.yaml new file mode 100644 index 0000000000..0396922c4d --- /dev/null +++ b/charts/gitlab/charts/migrations/templates/_podspec.yaml @@ -0,0 +1,92 @@ +{{- if .Values.enabled }} +securityContext: + runAsUser: 1000 + fsGroup: 1000 +initContainers: +{{ include "gitlab.certificates.initContainer" . | indent 8 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false +restartPolicy: OnFailure +{{- include "pullsecrets" .Values.image | indent 6}} +containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + - name: BYPASS_SCHEMA_VERSION + value: 'true' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password +{{ include "gitlab.certificates.volumeMount" . | indent 12 }} + resources: +{{ toYaml .Values.resources | indent 12 }} +volumes: +- name: migrations-config + configMap: + name: {{ template "fullname" . }} +- name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password +- name: migrations-secrets + emptyDir: + medium: "Memory" +{{ include "gitlab.certificates.volumes" . | indent 6 }} +{{- if .Values.nodeSelector }} +nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 3e788d622e..7568f1fb88 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -2,11 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - {{- if .Values.global.operator.enabled }} - name: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullname" .) }} - {{- else }} name: {{ template "fullname" . }} - {{- end }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} data: @@ -43,5 +39,17 @@ data: cp /init-config/postgres/psql-password /init-secrets/postgres/psql-password cp /init-config/rails-secrets/secrets.yml /init-secrets/rails-secrets/secrets.yml cp /init-config/migrations/initial_root_password /init-secrets/migrations/initial_root_password +{{- if .Values.global.operator.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-migrations-podspec + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +data: + template: |- +{{ include (print $.Template.BasePath "/_podspec.yaml") . | indent 4 }} +{{- end }} # Leave this here - This line denotes end of block to the parser. {{- end }} diff --git a/charts/gitlab/charts/migrations/templates/job.yaml b/charts/gitlab/charts/migrations/templates/job.yaml index 3da92400e5..d799053c42 100644 --- a/charts/gitlab/charts/migrations/templates/job.yaml +++ b/charts/gitlab/charts/migrations/templates/job.yaml @@ -12,94 +12,5 @@ spec: app: {{ template "name" . }} release: {{ .Release.Name }} spec: - securityContext: - runAsUser: 1000 - fsGroup: 1000 - initContainers: -{{ include "gitlab.certificates.initContainer" . | indent 8 }} - - name: configure - command: ['sh', '/config/configure'] - image: {{ .Values.init.image }}:{{ .Values.init.tag }} - volumeMounts: - - name: migrations-config - mountPath: /config - readOnly: true - - name: init-migrations-secrets - mountPath: /init-config - readOnly: true - - name: migrations-secrets - mountPath: /init-secrets - readOnly: false - restartPolicy: OnFailure -{{- include "pullsecrets" .Values.image | indent 6}} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" - args: - - /scripts/wait-for-deps - - /scripts/db-migrate - {{ template "gitlab.imagePullPolicy" . }} - env: - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} - key: runner-registration-token - - name: CONFIG_TEMPLATE_DIRECTORY - value: '/var/opt/gitlab/templates' - - name: CONFIG_DIRECTORY - value: '/var/opt/gitlab/config/gitlab/' - - name: BYPASS_SCHEMA_VERSION - value: 'true' - volumeMounts: - - name: migrations-config - mountPath: '/var/opt/gitlab/templates' - - name: migrations-secrets - mountPath: '/etc/gitlab' - readOnly: true - - name: migrations-secrets - mountPath: /srv/gitlab/config/secrets.yml - subPath: rails-secrets/secrets.yml - - name: migrations-secrets - mountPath: /srv/gitlab/config/initial_root_password - subPath: migrations/initial_root_password -{{ include "gitlab.certificates.volumeMount" . | indent 12 }} - resources: -{{ toYaml .Values.resources | indent 12 }} - volumes: - - name: migrations-config - configMap: - name: {{ template "fullname" . }} - - name: init-migrations-secrets - projected: - defaultMode: 0400 - sources: - - secret: - name: {{ template "gitlab.rails-secrets.secret" . }} - items: - - key: secrets.yml - path: rails-secrets/secrets.yml - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - - secret: - name: {{ template "gitlab.psql.password.secret" . }} - items: - - key: {{ template "gitlab.psql.password.key" . }} - path: postgres/psql-password - - secret: - name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} - items: - - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} - path: migrations/initial_root_password - - name: migrations-secrets - emptyDir: - medium: "Memory" -{{ include "gitlab.certificates.volumes" . | indent 6 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} +{{ include (print $.Template.BasePath "/_podspec.yaml") . | indent 6 }} {{- end }} diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index 7dae78f67b..e59012f2b1 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -23,103 +23,7 @@ data: spec: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} helmRelease: {{ .Release.Name }} - migrationsJob: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 1000 - fsGroup: 1000 - initContainers: -{{ include "gitlab.certificates.initContainer" . | indent 14 }} - - name: configure - command: ['sh', '/config/configure'] - image: {{ .Values.global.operator.migrations.init.image }}:{{ .Values.global.operator.migrations.init.tag }} - volumeMounts: - - name: migrations-config - mountPath: /config - readOnly: true - - name: init-migrations-secrets - mountPath: /init-config - readOnly: true - - name: migrations-secrets - mountPath: /init-secrets - readOnly: false - restartPolicy: OnFailure -{{- include "pullsecrets" .Values.global.operator.migrations.image | indent 12}} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.global.operator.migrations.image.repository }}:{{ coalesce .Values.global.operator.migrations.image.tag (include "gitlab.versionTag" . ) }}" - args: - - /scripts/wait-for-deps - - /scripts/db-migrate - {{ template "gitlab.imagePullPolicy" . }} - env: - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} - key: runner-registration-token - - name: CONFIG_TEMPLATE_DIRECTORY - value: '/var/opt/gitlab/templates' - - name: CONFIG_DIRECTORY - value: '/var/opt/gitlab/config/gitlab/' - - name: BYPASS_SCHEMA_VERSION - value: 'true' - volumeMounts: - - name: migrations-config - mountPath: '/var/opt/gitlab/templates' - - name: migrations-secrets - mountPath: '/etc/gitlab' - readOnly: true - - name: migrations-secrets - mountPath: /srv/gitlab/config/secrets.yml - subPath: rails-secrets/secrets.yml - - name: migrations-secrets - mountPath: /srv/gitlab/config/initial_root_password - subPath: migrations/initial_root_password -{{ include "gitlab.certificates.volumeMount" . | indent 18 }} - resources: - -{{ toYaml .Values.resources | indent 18 }} - volumes: - - name: migrations-config - configMap: - name: {{ coalesce .Values.global.operator.migrations.configMapName (include "fullnameFor" (dict "Chart" "migrations" "Context" . )) }} - - name: init-migrations-secrets - projected: - defaultMode: 0400 - sources: - - secret: - name: {{ template "gitlab.rails-secrets.secret" . }} - items: - - key: secrets.yml - path: rails-secrets/secrets.yml - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - - secret: - name: {{ template "gitlab.psql.password.secret" . }} - items: - - key: {{ template "gitlab.psql.password.key" . }} - path: postgres/psql-password - - secret: - name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} - items: - - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} - path: migrations/initial_root_password - - name: migrations-secrets - emptyDir: - medium: "Memory" - -{{ include "gitlab.certificates.volumes" . | indent 12 }} - {{- if .Values.global.operator.migrations.nodeSelector }} - nodeSelector: -{{ toYaml .Values.global.operator.migrations.nodeSelector | indent 14 }} - {{- end }} + migrationsTemplate: + configMapName: {{ .Release.Name }}-migrations-podspec + configMapKey: template {{- end }} diff --git a/values.yaml b/values.yaml index 0549dc6d0f..1194da3795 100644 --- a/values.yaml +++ b/values.yaml @@ -5,14 +5,6 @@ global: # gitlabVersion: master operator: enabled: false - migrations: - image: - repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee - # tag: latest - init: - image: busybox - tag: latest - configMapName: application: create: false links: [] -- GitLab From b3ba08726626c676826bba7d059c1468b435cacb Mon Sep 17 00:00:00 2001 From: Ahmad Hassan Date: Mon, 10 Sep 2018 22:33:25 +0200 Subject: [PATCH 23/25] Make operator work with a templated jobspec --- .../charts/migrations/templates/_jobspec.yaml | 107 ++++++++++++++++++ .../charts/migrations/templates/_podspec.yaml | 92 --------------- .../migrations/templates/configmap.yaml | 4 +- .../charts/migrations/templates/job.yaml | 15 +-- .../operator/templates/crd-configmap.yaml | 16 ++- .../charts/operator/templates/crd-rbac.yaml | 1 + .../operator/templates/gitlab-configmap.yaml | 2 +- charts/gitlab/charts/operator/values.yaml | 2 +- 8 files changed, 123 insertions(+), 116 deletions(-) create mode 100644 charts/gitlab/charts/migrations/templates/_jobspec.yaml delete mode 100644 charts/gitlab/charts/migrations/templates/_podspec.yaml diff --git a/charts/gitlab/charts/migrations/templates/_jobspec.yaml b/charts/gitlab/charts/migrations/templates/_jobspec.yaml new file mode 100644 index 0000000000..5eb30bd261 --- /dev/null +++ b/charts/gitlab/charts/migrations/templates/_jobspec.yaml @@ -0,0 +1,107 @@ +{{- if .Values.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "migrations.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + initContainers: +{{ include "gitlab.certificates.initContainer" . | indent 8 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: + - name: migrations-config + mountPath: /config + readOnly: true + - name: init-migrations-secrets + mountPath: /init-config + readOnly: true + - name: migrations-secrets + mountPath: /init-secrets + readOnly: false + resources: +{{ toYaml .Values.init.resources | indent 12 }} + restartPolicy: OnFailure +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + args: + - /scripts/wait-for-deps + - /scripts/db-migrate + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} + key: runner-registration-token + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab/templates' + - name: CONFIG_DIRECTORY + value: '/var/opt/gitlab/config/gitlab/' + - name: BYPASS_SCHEMA_VERSION + value: 'true' + volumeMounts: + - name: migrations-config + mountPath: '/var/opt/gitlab/templates' + - name: migrations-secrets + mountPath: '/etc/gitlab' + readOnly: true + - name: migrations-secrets + mountPath: /srv/gitlab/config/secrets.yml + subPath: rails-secrets/secrets.yml + - name: migrations-secrets + mountPath: /srv/gitlab/config/initial_root_password + subPath: migrations/initial_root_password +{{ include "gitlab.certificates.volumeMount" . | indent 12 }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: migrations-config + configMap: + name: {{ template "fullname" . }} + - name: init-migrations-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.rails-secrets.secret" . }} + items: + - key: secrets.yml + path: rails-secrets/secrets.yml + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + - secret: + name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} + items: + - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} + path: migrations/initial_root_password + - name: migrations-secrets + emptyDir: + medium: "Memory" +{{ include "gitlab.certificates.volumes" . | indent 6 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/charts/migrations/templates/_podspec.yaml b/charts/gitlab/charts/migrations/templates/_podspec.yaml deleted file mode 100644 index 0396922c4d..0000000000 --- a/charts/gitlab/charts/migrations/templates/_podspec.yaml +++ /dev/null @@ -1,92 +0,0 @@ -{{- if .Values.enabled }} -securityContext: - runAsUser: 1000 - fsGroup: 1000 -initContainers: -{{ include "gitlab.certificates.initContainer" . | indent 8 }} - - name: configure - command: ['sh', '/config/configure'] - image: {{ .Values.init.image }}:{{ .Values.init.tag }} - volumeMounts: - - name: migrations-config - mountPath: /config - readOnly: true - - name: init-migrations-secrets - mountPath: /init-config - readOnly: true - - name: migrations-secrets - mountPath: /init-secrets - readOnly: false -restartPolicy: OnFailure -{{- include "pullsecrets" .Values.image | indent 6}} -containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" - args: - - /scripts/wait-for-deps - - /scripts/db-migrate - {{ template "gitlab.imagePullPolicy" . }} - env: - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.gitlab-runner.registrationToken.secret" . }} - key: runner-registration-token - - name: CONFIG_TEMPLATE_DIRECTORY - value: '/var/opt/gitlab/templates' - - name: CONFIG_DIRECTORY - value: '/var/opt/gitlab/config/gitlab/' - - name: BYPASS_SCHEMA_VERSION - value: 'true' - volumeMounts: - - name: migrations-config - mountPath: '/var/opt/gitlab/templates' - - name: migrations-secrets - mountPath: '/etc/gitlab' - readOnly: true - - name: migrations-secrets - mountPath: /srv/gitlab/config/secrets.yml - subPath: rails-secrets/secrets.yml - - name: migrations-secrets - mountPath: /srv/gitlab/config/initial_root_password - subPath: migrations/initial_root_password -{{ include "gitlab.certificates.volumeMount" . | indent 12 }} - resources: -{{ toYaml .Values.resources | indent 12 }} -volumes: -- name: migrations-config - configMap: - name: {{ template "fullname" . }} -- name: init-migrations-secrets - projected: - defaultMode: 0400 - sources: - - secret: - name: {{ template "gitlab.rails-secrets.secret" . }} - items: - - key: secrets.yml - path: rails-secrets/secrets.yml - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - - secret: - name: {{ template "gitlab.psql.password.secret" . }} - items: - - key: {{ template "gitlab.psql.password.key" . }} - path: postgres/psql-password - - secret: - name: {{ template "gitlab.migrations.initialRootPassword.secret" . }} - items: - - key: {{ template "gitlab.migrations.initialRootPassword.key" . }} - path: migrations/initial_root_password -- name: migrations-secrets - emptyDir: - medium: "Memory" -{{ include "gitlab.certificates.volumes" . | indent 6 }} -{{- if .Values.nodeSelector }} -nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index 7568f1fb88..0dbe9f6a63 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -44,12 +44,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-migrations-podspec + name: {{ .Release.Name }}-migrations-jobspec labels: {{ include "gitlab.standardLabels" . | indent 4 }} data: template: |- -{{ include (print $.Template.BasePath "/_podspec.yaml") . | indent 4 }} +{{ include (print $.Template.BasePath "/_jobspec.yaml") . | indent 4 }} {{- end }} # Leave this here - This line denotes end of block to the parser. {{- end }} diff --git a/charts/gitlab/charts/migrations/templates/job.yaml b/charts/gitlab/charts/migrations/templates/job.yaml index d799053c42..7a5d804888 100644 --- a/charts/gitlab/charts/migrations/templates/job.yaml +++ b/charts/gitlab/charts/migrations/templates/job.yaml @@ -1,16 +1,3 @@ {{- if and .Values.enabled (not .Values.global.operator.enabled) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "migrations.jobname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: -{{ include (print $.Template.BasePath "/_podspec.yaml") . | indent 6 }} +{{ include (print $.Template.BasePath "/_jobspec.yaml") . }} {{- end }} diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index e143e5140f..a4b36c5f20 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -38,18 +38,21 @@ data: properties: helmRelease: type: string - migrationsJob: + migrationsTemplate: + type: object properties: - template: - type: object + configMapName: + type: string + configMapKey: + type: string required: - - template - type: object + - configMapName + - configMapKey version: type: string required: - version - - migrationsJob + - migrationsTemplate - helmRelease type: object status: @@ -94,6 +97,7 @@ data: - "" resources: - pods + - configmaps verbs: - get - list diff --git a/charts/gitlab/charts/operator/templates/crd-rbac.yaml b/charts/gitlab/charts/operator/templates/crd-rbac.yaml index f43d11989b..d8a3df724b 100644 --- a/charts/gitlab/charts/operator/templates/crd-rbac.yaml +++ b/charts/gitlab/charts/operator/templates/crd-rbac.yaml @@ -46,6 +46,7 @@ rules: resources: - serviceaccounts - pods + - configmaps verbs: - "*" - apiGroups: diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index e59012f2b1..fdc65bf547 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -24,6 +24,6 @@ data: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} helmRelease: {{ .Release.Name }} migrationsTemplate: - configMapName: {{ .Release.Name }}-migrations-podspec + configMapName: {{ .Release.Name }}-migrations-jobspec configMapKey: template {{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index cc19f6f20c..a19c291e77 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: registry.gitlab.com/gitlab-org/distribution/gitlab-operator - tag: dj-generate-migrations-job + tag: latest pullSecrets: [] pullPolicy: Always -- GitLab From 4aea3203c60f8d1ffb3657430470f6442af57203 Mon Sep 17 00:00:00 2001 From: Ahmad Hassan Date: Thu, 20 Sep 2018 13:09:10 +0200 Subject: [PATCH 24/25] Move shared secrets to the operator --- .../operator/templates/crd-configmap.yaml | 61 ++++++++++++++++--- .../charts/operator/templates/crd-rbac.yaml | 3 + .../operator/templates/gitlab-configmap.yaml | 13 +++- charts/shared-secrets/templates/_jobspec.yaml | 33 ++++++++++ .../shared-secrets/templates/_rbac-role.yaml | 17 ++++++ .../templates/_rbac-rolebinding.yaml | 21 +++++++ .../templates/_rbac-serviceaccount.yaml | 10 +++ .../shared-secrets/templates/configmap.yaml | 20 ++++-- charts/shared-secrets/templates/job.yaml | 41 ++----------- .../shared-secrets/templates/rbac-config.yaml | 55 ++--------------- 10 files changed, 172 insertions(+), 102 deletions(-) create mode 100644 charts/shared-secrets/templates/_jobspec.yaml create mode 100644 charts/shared-secrets/templates/_rbac-role.yaml create mode 100644 charts/shared-secrets/templates/_rbac-rolebinding.yaml create mode 100644 charts/shared-secrets/templates/_rbac-serviceaccount.yaml diff --git a/charts/gitlab/charts/operator/templates/crd-configmap.yaml b/charts/gitlab/charts/operator/templates/crd-configmap.yaml index a4b36c5f20..57e1adcb38 100644 --- a/charts/gitlab/charts/operator/templates/crd-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/crd-configmap.yaml @@ -38,21 +38,46 @@ data: properties: helmRelease: type: string - migrationsTemplate: + templates: type: object properties: - configMapName: - type: string - configMapKey: - type: string + sharedSecretsTemplate: + type: object + properties: + configMapName: + type: string + configMapKey: + type: string + roleKey: + type: string + roleBindingKey: + type: string + serviceAccountKey: + type: string + required: + - configMapKey + - configMapName + - roleKey + - roleKey + - serviceAccountKey + migrationsTemplate: + type: object + properties: + configMapName: + type: string + configMapKey: + type: string + required: + - configMapName + - configMapKey required: - - configMapName - - configMapKey + - migrationsTemplate + - sharedSecretsTemplate version: type: string required: - version - - migrationsTemplate + - templates - helmRelease type: object status: @@ -93,11 +118,28 @@ data: - update - patch - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - watch + - patch + - delete - apiGroups: - "" resources: - pods - configmaps + - serviceaccounts + - secrets verbs: - get - list @@ -162,7 +204,8 @@ data: serviceAccountName: {{ template "fullname" . }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + image: ahmadposten/gitlaboperator + # image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" {{ template "gitlab.imagePullPolicy" . }} resources: {{ toYaml .Values.resources | indent 16 }} diff --git a/charts/gitlab/charts/operator/templates/crd-rbac.yaml b/charts/gitlab/charts/operator/templates/crd-rbac.yaml index d8a3df724b..8c20a28ec7 100644 --- a/charts/gitlab/charts/operator/templates/crd-rbac.yaml +++ b/charts/gitlab/charts/operator/templates/crd-rbac.yaml @@ -39,6 +39,8 @@ rules: resources: - clusterroles - clusterrolebindings + - roles + - rolebindings verbs: - "*" - apiGroups: @@ -47,6 +49,7 @@ rules: - serviceaccounts - pods - configmaps + - secrets verbs: - "*" - apiGroups: diff --git a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml index fdc65bf547..0ad41ffd18 100644 --- a/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab-configmap.yaml @@ -23,7 +23,14 @@ data: spec: version: {{ include "gitlab.operator.gitlabVersion" . | quote }} helmRelease: {{ .Release.Name }} - migrationsTemplate: - configMapName: {{ .Release.Name }}-migrations-jobspec - configMapKey: template + templates: + migrationsTemplate: + configMapName: {{ .Release.Name }}-migrations-jobspec + configMapKey: template + sharedSecretsTemplate: + configMapName: {{ .Release.Name }}-shared-secrets-jobspec + configMapKey: template + roleKey: role + roleBindingKey: roleBinding + serviceAccountKey: serviceAccount {{- end }} diff --git a/charts/shared-secrets/templates/_jobspec.yaml b/charts/shared-secrets/templates/_jobspec.yaml new file mode 100644 index 0000000000..dcbe1615e4 --- /dev/null +++ b/charts/shared-secrets/templates/_jobspec.yaml @@ -0,0 +1,33 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "shared-secrets.jobname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + {{- if .Values.rbac.create }} + serviceAccountName: {{ template "fullname" . }} + {{- end }} + restartPolicy: Never +{{- include "pullsecrets" .Values.image | indent 6}} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ['/bin/bash', '/scripts/generate-secrets'] + {{ template "gitlab.imagePullPolicy" . }} + volumeMounts: + - name: scripts + mountPath: /scripts + volumes: + - name: scripts + configMap: + name: {{ template "fullname" . }} diff --git a/charts/shared-secrets/templates/_rbac-role.yaml b/charts/shared-secrets/templates/_rbac-role.yaml new file mode 100644 index 0000000000..9f528f0fd0 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-role.yaml @@ -0,0 +1,17 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "create", "patch"] diff --git a/charts/shared-secrets/templates/_rbac-rolebinding.yaml b/charts/shared-secrets/templates/_rbac-rolebinding.yaml new file mode 100644 index 0000000000..90ab853a79 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-rolebinding.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/shared-secrets/templates/_rbac-serviceaccount.yaml b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml new file mode 100644 index 0000000000..9d2e1456b4 --- /dev/null +++ b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded diff --git a/charts/shared-secrets/templates/configmap.yaml b/charts/shared-secrets/templates/configmap.yaml index adcf182a55..e0b500badc 100644 --- a/charts/shared-secrets/templates/configmap.yaml +++ b/charts/shared-secrets/templates/configmap.yaml @@ -4,10 +4,22 @@ metadata: name: {{ template "fullname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-3" - "helm.sh/hook-delete-policy": hook-succeeded data: generate-secrets: | {{ include (print $.Template.BasePath "/_generate_secrets.sh") . | indent 4 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-shared-secrets-jobspec + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +data: + template: |- +{{ include (print $.Template.BasePath "/_jobspec.yaml") . | indent 4 }} + role: |- +{{ include (print $.Template.BasePath "/_rbac-role.yaml") . | indent 4}} + serviceAccount: |- +{{ include (print $.Template.BasePath "/_rbac-serviceaccount.yaml") . | indent 4 }} + roleBinding: |- +{{ include (print $.Template.BasePath "/_rbac-rolebinding.yaml") . | indent 4 }} diff --git a/charts/shared-secrets/templates/job.yaml b/charts/shared-secrets/templates/job.yaml index ae10ba0e23..87751c8c8c 100644 --- a/charts/shared-secrets/templates/job.yaml +++ b/charts/shared-secrets/templates/job.yaml @@ -1,36 +1,5 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "shared-secrets.jobname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - {{- if .Values.global.operator.enabled }} - parallelism: 0 - {{- end }} - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ template "fullname" . }} - {{- end }} - restartPolicy: Never -{{- include "pullsecrets" .Values.image | indent 6}} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: ['/bin/bash', '/scripts/generate-secrets'] - {{ template "gitlab.imagePullPolicy" . }} - volumeMounts: - - name: scripts - mountPath: /scripts - volumes: - - name: scripts - configMap: - name: {{ template "fullname" . }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} +{{ include (print $.Template.BasePath "/_jobspec.yaml") . }} +{{- end }} + + diff --git a/charts/shared-secrets/templates/rbac-config.yaml b/charts/shared-secrets/templates/rbac-config.yaml index 19b15a1b4f..c289716408 100644 --- a/charts/shared-secrets/templates/rbac-config.yaml +++ b/charts/shared-secrets/templates/rbac-config.yaml @@ -1,52 +1,7 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }} - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded +{{- if and .Values.enabled .Values.rbac.create (not .Values.global.operatorenabled) -}} +{{ include (print $.Template.BasePath "/_rbac-serviceaccount.yaml") . }} --- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create", "patch"] +{{ include (print $.Template.BasePath "/_rbac-role.yaml") . }} --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} +{{ include (print $.Template.BasePath "/_rbac-rolebinding.yaml") . }} +{{- end}} -- GitLab From b2244a566ee0cb1c8db6414e670507d07cd6c870 Mon Sep 17 00:00:00 2001 From: Ahmad Hassan Date: Tue, 25 Sep 2018 16:01:12 +0200 Subject: [PATCH 25/25] Pause everything by default to work around the shared-secrets moving problem --- .../gitlab-shell/templates/deployment.yaml | 3 + .../charts/sidekiq/templates/deployment.yaml | 4 + .../task-runner/templates/deployment.yaml | 3 + .../charts/unicorn/templates/deployment.yaml | 3 + charts/shared-secrets/templates/_jobspec.yaml | 2 + .../shared-secrets/templates/_rbac-role.yaml | 2 + .../templates/_rbac-rolebinding.yaml | 2 + .../templates/_rbac-serviceaccount.yaml | 2 + .../templates/_self-signed-cert-job.yml | 78 +++++++++++++++++++ .../shared-secrets/templates/configmap.yaml | 2 + .../templates/self-signed-cert-job.yml | 77 +----------------- 11 files changed, 103 insertions(+), 75 deletions(-) create mode 100644 charts/shared-secrets/templates/_self-signed-cert-job.yml diff --git a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml index 1295d5e98c..c8f3fbad02 100644 --- a/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: {{ include "gitlab.standardLabels" . | indent 4 }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} selector: matchLabels: app: {{ template "name" . }} diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 8acf4bace6..df1e817231 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -10,6 +10,7 @@ {{- $resources := .Values.resources -}} {{- $nodeSelector := .Values.nodeSelector -}} {{- $minioEnabled := .Values.global.minio.enabled -}} +{{- $operatorEnabled := .Values.global.operator.enabled -}} {{- $minioSecret := include "gitlab.minio.credentials.secret" . -}} {{- $redisSecret := include "gitlab.redis.password.secret" . -}} {{- $redisKey := include "gitlab.redis.password.key" . -}} @@ -42,6 +43,9 @@ metadata: {{ include "gitlab.standardLabels" $ | indent 4 }} queue-pod-name: {{ .name }} spec: + {{- if $operatorEnabled }} + paused: true + {{- end }} selector: matchLabels: app: {{ $name }} diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index e9bc5fc6e3..2332f8d2a7 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: {{ include "gitlab.standardLabels" . | indent 4 }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} replicas: 1 selector: matchLabels: diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index f0733b4221..220f0423dd 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -10,6 +10,9 @@ metadata: gitlab.com/version: {{ include "gitlab.operator.gitlabVersion" . }} {{- end }} spec: + {{- if .Values.global.operator.enabled }} + paused: true + {{- end }} replicas: {{ .Values.replicaCount }} selector: matchLabels: diff --git a/charts/shared-secrets/templates/_jobspec.yaml b/charts/shared-secrets/templates/_jobspec.yaml index dcbe1615e4..e4e72f6bca 100644 --- a/charts/shared-secrets/templates/_jobspec.yaml +++ b/charts/shared-secrets/templates/_jobspec.yaml @@ -4,9 +4,11 @@ metadata: name: {{ template "shared-secrets.jobname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} spec: template: metadata: diff --git a/charts/shared-secrets/templates/_rbac-role.yaml b/charts/shared-secrets/templates/_rbac-role.yaml index 9f528f0fd0..918f9e524f 100644 --- a/charts/shared-secrets/templates/_rbac-role.yaml +++ b/charts/shared-secrets/templates/_rbac-role.yaml @@ -7,10 +7,12 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} rules: - apiGroups: [""] resources: ["secrets"] diff --git a/charts/shared-secrets/templates/_rbac-rolebinding.yaml b/charts/shared-secrets/templates/_rbac-rolebinding.yaml index 90ab853a79..3bf3147cc7 100644 --- a/charts/shared-secrets/templates/_rbac-rolebinding.yaml +++ b/charts/shared-secrets/templates/_rbac-rolebinding.yaml @@ -7,10 +7,12 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/shared-secrets/templates/_rbac-serviceaccount.yaml b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml index 9d2e1456b4..39445ecff8 100644 --- a/charts/shared-secrets/templates/_rbac-serviceaccount.yaml +++ b/charts/shared-secrets/templates/_rbac-serviceaccount.yaml @@ -4,7 +4,9 @@ metadata: name: {{ template "fullname" . }} labels: {{ include "gitlab.standardLabels" . | indent 4 }} +{{- if and .Values.enabled (not .Values.global.operator.enabled) }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} diff --git a/charts/shared-secrets/templates/_self-signed-cert-job.yml b/charts/shared-secrets/templates/_self-signed-cert-job.yml new file mode 100644 index 0000000000..dee5bc9e3b --- /dev/null +++ b/charts/shared-secrets/templates/_self-signed-cert-job.yml @@ -0,0 +1,78 @@ +{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "shared-secrets.jobname" . }}-selfsign + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +{{- if not .Values.global.operator.enabled }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "fullname" . }} + restartPolicy: Never +{{- include "pullsecrets" .Values.image | indent 6}} + initContainers: + - name: cfssl-self-sign + image: "{{ .Values.selfsign.image.repository }}:{{ .Values.selfsign.image.tag }}" + env: + - name: CA_SUBJECT + value: {{ .Values.selfsign.caSubject | quote }} # defaults to GitLab in container + - name: CA_ORG + value: {{ .Release.Namespace | quote }} # defaults to GitLab in container + - name: CA_ORG_UNIT + value: {{ .Release.Name | quote }} # defaults to Cloud Native in container + - name: CERT_SUBJECT + value: {{ .Values.global.hosts.domain | quote }} # defaults to GitLab in container + - name: CERT_DOMAIN + value: {{ .Values.global.hosts.domain | quote }} # defaults to example.com in container + - name: EXPIRY + value: {{ .Values.selfsign.expiry | quote }} # defaults to 8076h in container + - name: ALGORITHM + value: {{ .Values.selfsign.keyAlgorithm | quote }} # defaults to ecdsa in container + - name: KEY_SIZE + value: {{ .Values.selfsign.keySize | quote }} # defaults to 256 inside container + volumeMounts: + - name: certs-path + mountPath: /output + containers: + - name: kubectl + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: + - /bin/bash + - -exc + - | + certname={{ template "gitlab.wildcard-self-signed-cert-name" . }} + # create wildcard certificate secret + kubectl create secret tls $certname \ + --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true +{{- if not .Values.global.application.create }} + kubectl --namespace=$namespace label \ + secret $certname $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- end }} + kubectl --namespace=$namespace label --overwrite \ + secret $certname {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} + # create CA certificate secret + kubectl create secret generic ${certname}-ca \ + --from-file=cfssl_ca=/output/ca.pem || true +{{- if not .Values.global.application.create }} + kubectl --namespace=$namespace label \ + secret ${certname}-ca $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- end }} + kubectl --namespace=$namespace label --overwrite \ + secret ${certname}-ca {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} + volumeMounts: + - name: certs-path + mountPath: /output + volumes: + - name: certs-path + emptyDir: {} +{{- end -}} diff --git a/charts/shared-secrets/templates/configmap.yaml b/charts/shared-secrets/templates/configmap.yaml index e0b500badc..284d3775a8 100644 --- a/charts/shared-secrets/templates/configmap.yaml +++ b/charts/shared-secrets/templates/configmap.yaml @@ -23,3 +23,5 @@ data: {{ include (print $.Template.BasePath "/_rbac-serviceaccount.yaml") . | indent 4 }} roleBinding: |- {{ include (print $.Template.BasePath "/_rbac-rolebinding.yaml") . | indent 4 }} + selfSignedCertTemplate: |- +{{ include (print $.Template.BasePath "/_self-signed-cert-job.yml") . | indent 4 }} diff --git a/charts/shared-secrets/templates/self-signed-cert-job.yml b/charts/shared-secrets/templates/self-signed-cert-job.yml index 62e6058a3f..e368158af0 100644 --- a/charts/shared-secrets/templates/self-signed-cert-job.yml +++ b/charts/shared-secrets/templates/self-signed-cert-job.yml @@ -1,76 +1,3 @@ -{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "shared-secrets.jobname" . }}-selfsign - labels: -{{ include "gitlab.standardLabels" . | indent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "fullname" . }} - restartPolicy: Never -{{- include "pullsecrets" .Values.image | indent 6}} - initContainers: - - name: cfssl-self-sign - image: "{{ .Values.selfsign.image.repository }}:{{ .Values.selfsign.image.tag }}" - env: - - name: CA_SUBJECT - value: {{ .Values.selfsign.caSubject | quote }} # defaults to GitLab in container - - name: CA_ORG - value: {{ .Release.Namespace | quote }} # defaults to GitLab in container - - name: CA_ORG_UNIT - value: {{ .Release.Name | quote }} # defaults to Cloud Native in container - - name: CERT_SUBJECT - value: {{ .Values.global.hosts.domain | quote }} # defaults to GitLab in container - - name: CERT_DOMAIN - value: {{ .Values.global.hosts.domain | quote }} # defaults to example.com in container - - name: EXPIRY - value: {{ .Values.selfsign.expiry | quote }} # defaults to 8076h in container - - name: ALGORITHM - value: {{ .Values.selfsign.keyAlgorithm | quote }} # defaults to ecdsa in container - - name: KEY_SIZE - value: {{ .Values.selfsign.keySize | quote }} # defaults to 256 inside container - volumeMounts: - - name: certs-path - mountPath: /output - containers: - - name: kubectl - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: - - /bin/bash - - -exc - - | - certname={{ template "gitlab.wildcard-self-signed-cert-name" . }} - # create wildcard certificate secret - kubectl create secret tls $certname \ - --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true -{{- if not .Values.global.application.create }} - kubectl --namespace=$namespace label \ - secret $certname $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') +{{- if not .Values.global.operator.enabled }} +{{ include (print $.Template.BasePath "/_self-signed-cert-job.yaml") . }} {{- end }} - kubectl --namespace=$namespace label --overwrite \ - secret $certname {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} - # create CA certificate secret - kubectl create secret generic ${certname}-ca \ - --from-file=cfssl_ca=/output/ca.pem || true -{{- if not .Values.global.application.create }} - kubectl --namespace=$namespace label \ - secret ${certname}-ca $(echo '{{ include "gitlab.application.labels" . | replace ": " "=" | replace "\n" " " }}' | sed -E 's/=[^ ]*/-/g') -{{- end }} - kubectl --namespace=$namespace label --overwrite \ - secret ${certname}-ca {{ include "gitlab.standardLabels" . | replace ": " "=" | replace "\n" " " }} - volumeMounts: - - name: certs-path - mountPath: /output - volumes: - - name: certs-path - emptyDir: {} -{{- end -}} -- GitLab