From 7154aca064f9c1c43ee74aa269f753b76f359491 Mon Sep 17 00:00:00 2001 From: Grant Young Date: Thu, 3 Mar 2022 10:41:32 +0000 Subject: [PATCH 1/4] Update Ref Arch Omnibus component settings KAS service should be disabled on backends --- .../reference_architectures/10k_users.md | 3 +++ .../reference_architectures/25k_users.md | 3 +++ .../reference_architectures/2k_users.md | 20 ++----------------- .../reference_architectures/3k_users.md | 3 +++ .../reference_architectures/50k_users.md | 3 +++ .../reference_architectures/5k_users.md | 3 +++ 6 files changed, 17 insertions(+), 18 deletions(-) diff --git a/doc/administration/reference_architectures/10k_users.md b/doc/administration/reference_architectures/10k_users.md index a687c5db2b41e0..fcce44f62b21e1 100644 --- a/doc/administration/reference_architectures/10k_users.md +++ b/doc/administration/reference_architectures/10k_users.md @@ -1363,6 +1363,7 @@ To configure the Praefect nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Praefect Configuration @@ -1503,6 +1504,7 @@ On each node: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically @@ -1680,6 +1682,7 @@ To configure the Sidekiq nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # External URL diff --git a/doc/administration/reference_architectures/25k_users.md b/doc/administration/reference_architectures/25k_users.md index b473ef8c96513e..c08fe985b40ce8 100644 --- a/doc/administration/reference_architectures/25k_users.md +++ b/doc/administration/reference_architectures/25k_users.md @@ -1367,6 +1367,7 @@ To configure the Praefect nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Praefect Configuration @@ -1507,6 +1508,7 @@ On each node: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically @@ -1684,6 +1686,7 @@ To configure the Sidekiq nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # External URL diff --git a/doc/administration/reference_architectures/2k_users.md b/doc/administration/reference_architectures/2k_users.md index f6c484b08b1277..6f6c02c309a5c1 100644 --- a/doc/administration/reference_architectures/2k_users.md +++ b/doc/administration/reference_architectures/2k_users.md @@ -286,11 +286,6 @@ further configuration steps. ```ruby # Disable all components except PostgreSQL related ones roles(['postgres_role']) - prometheus['enable'] = false - alertmanager['enable'] = false - pgbouncer_exporter['enable'] = false - redis_exporter['enable'] = false - gitlab_exporter['enable'] = false # Set the network addresses that the exporters used for monitoring will listen on node_exporter['listen_address'] = '0.0.0.0:9100' @@ -365,19 +360,7 @@ Omnibus: ```ruby ## Enable Redis - redis['enable'] = true - - # Avoid running unnecessary services on the Redis server - gitaly['enable'] = false - postgresql['enable'] = false - puma['enable'] = false - sidekiq['enable'] = false - gitlab_workhorse['enable'] = false - prometheus['enable'] = false - alertmanager['enable'] = false - grafana['enable'] = false - gitlab_exporter['enable'] = false - nginx['enable'] = false + roles(["redis_master_role"]) redis['bind'] = '0.0.0.0' redis['port'] = 6379 @@ -481,6 +464,7 @@ To configure the Gitaly server, on the server node you want to use for Gitaly: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically diff --git a/doc/administration/reference_architectures/3k_users.md b/doc/administration/reference_architectures/3k_users.md index 2b4c3d80131dfb..76f81e65580e5e 100644 --- a/doc/administration/reference_architectures/3k_users.md +++ b/doc/administration/reference_architectures/3k_users.md @@ -1307,6 +1307,7 @@ To configure the Praefect nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Praefect Configuration @@ -1447,6 +1448,7 @@ On each node: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically @@ -1626,6 +1628,7 @@ To configure the Sidekiq nodes, one each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # External URL diff --git a/doc/administration/reference_architectures/50k_users.md b/doc/administration/reference_architectures/50k_users.md index 816b55a2f599f2..dfa963d1ad03f2 100644 --- a/doc/administration/reference_architectures/50k_users.md +++ b/doc/administration/reference_architectures/50k_users.md @@ -1376,6 +1376,7 @@ To configure the Praefect nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Praefect Configuration @@ -1516,6 +1517,7 @@ On each node: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically @@ -1693,6 +1695,7 @@ To configure the Sidekiq nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # External URL diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md index 94fe46a549ed1f..f2463afbf3ba55 100644 --- a/doc/administration/reference_architectures/5k_users.md +++ b/doc/administration/reference_architectures/5k_users.md @@ -1305,6 +1305,7 @@ To configure the Praefect nodes, on each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Praefect Configuration @@ -1445,6 +1446,7 @@ On each node: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # Prevent database migrations from running on upgrade automatically @@ -1622,6 +1624,7 @@ To configure the Sidekiq nodes, one each one: alertmanager['enable'] = false grafana['enable'] = false gitlab_exporter['enable'] = false + gitlab_kas['enable'] = false nginx['enable'] = false # External URL -- GitLab From cb4712cda94529f4957e1a865bc03634891849cd Mon Sep 17 00:00:00 2001 From: Ben Prescott Date: Thu, 3 Mar 2022 11:35:13 +0000 Subject: [PATCH 2/4] KAS service enabled in 14.8 --- doc/update/index.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/doc/update/index.md b/doc/update/index.md index 3a9bfc75a1ea52..7b5fb9d393499d 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -334,6 +334,28 @@ NOTE: Specific information that follow related to Ruby and Git versions do not apply to [Omnibus installations](https://docs.gitlab.com/omnibus/) and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with appropriate Ruby and Git versions and are not using system binaries for Ruby and Git. There is no need to install Ruby or Git when utilizing these two approaches. +### 14.8.0 + +- The agent server for Kubernetes [is enabled by default](https://about.gitlab.com/releases/2022/02/22/gitlab-14-8-released/#the-agent-server-for-kubernetes-is-enabled-by-default) + on Omnibus installations. Customers running GitLab at scale, + for example using [the reference architectures](../administration/reference_architectures/index.md) + will need to explicitly disable the agent on the following server types, **if the agent is not required**. + + - Praefect + - Gitaly + - Sidekiq + - Redis (if configured using `redis['enable'] = true` and not via `roles`) + - Container registry + - Any other server types based on `roles(['application_role'])`, such as the GitLab Rails nodes. + + The [the reference architectures](../administration/reference_architectures/index.md) have been updated + with this configuration change and a specific role for standalone Redis servers. + + Steps to disable the agent: + + 1. Add `gitlab_kas['enable'] = false` to `gitlab.rb` + 2. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure` + ### 14.7.0 - See [LFS objects import and mirror issue in GitLab 14.6.0 to 14.7.2](#lfs-objects-import-and-mirror-issue-in-gitlab-1460-to-1472). -- GitLab From f1b2aa76de217db7ac16da76818c544657b07d8f Mon Sep 17 00:00:00 2001 From: Ben Prescott Date: Thu, 3 Mar 2022 11:41:39 +0000 Subject: [PATCH 3/4] KAS service enabled in 14.8 --- doc/update/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/update/index.md b/doc/update/index.md index 7b5fb9d393499d..719179ffe0674e 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -338,8 +338,8 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap - The agent server for Kubernetes [is enabled by default](https://about.gitlab.com/releases/2022/02/22/gitlab-14-8-released/#the-agent-server-for-kubernetes-is-enabled-by-default) on Omnibus installations. Customers running GitLab at scale, - for example using [the reference architectures](../administration/reference_architectures/index.md) - will need to explicitly disable the agent on the following server types, **if the agent is not required**. + such as [the reference architectures](../administration/reference_architectures/index.md), + will need to disable the agent on the following server types, **if the agent is not required**. - Praefect - Gitaly @@ -348,13 +348,13 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap - Container registry - Any other server types based on `roles(['application_role'])`, such as the GitLab Rails nodes. - The [the reference architectures](../administration/reference_architectures/index.md) have been updated + [The reference architectures](../administration/reference_architectures/index.md) have been updated with this configuration change and a specific role for standalone Redis servers. Steps to disable the agent: 1. Add `gitlab_kas['enable'] = false` to `gitlab.rb` - 2. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure` + 1. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure` ### 14.7.0 -- GitLab From 1b6ab0c0cc3ca121bcc101be7022175190353b03 Mon Sep 17 00:00:00 2001 From: Kati Paizee Date: Thu, 3 Mar 2022 19:54:09 +0000 Subject: [PATCH 4/4] TW review gitlab-kas agent --- doc/update/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/update/index.md b/doc/update/index.md index 719179ffe0674e..3ee63a95d8ddcc 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -337,24 +337,24 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap ### 14.8.0 - The agent server for Kubernetes [is enabled by default](https://about.gitlab.com/releases/2022/02/22/gitlab-14-8-released/#the-agent-server-for-kubernetes-is-enabled-by-default) - on Omnibus installations. Customers running GitLab at scale, + on Omnibus installations. If you run GitLab at scale, such as [the reference architectures](../administration/reference_architectures/index.md), - will need to disable the agent on the following server types, **if the agent is not required**. + you must disable the agent on the following server types, **if the agent is not required**. - Praefect - Gitaly - Sidekiq - Redis (if configured using `redis['enable'] = true` and not via `roles`) - Container registry - - Any other server types based on `roles(['application_role'])`, such as the GitLab Rails nodes. + - Any other server types based on `roles(['application_role'])`, such as the GitLab Rails nodes [The reference architectures](../administration/reference_architectures/index.md) have been updated with this configuration change and a specific role for standalone Redis servers. Steps to disable the agent: - 1. Add `gitlab_kas['enable'] = false` to `gitlab.rb` - 1. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure` + 1. Add `gitlab_kas['enable'] = false` to `gitlab.rb`. + 1. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure`. ### 14.7.0 -- GitLab