chore: allow GL pages through istio (#106)

## Description

This PR allows GL pages to work through istio in the UDS package CR

## Related Issue

Fixes #15 

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [X] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-gitlab/blob/main/CONTRIBUTING.md#developer-workflow)
followed

README.md

@@ -8,25 +8,22 @@ This package is designed for use as part of a [UDS Software Factory](https://git
 
 ## Pre-requisites
 
-The GitLab Package expects the pieces listed below to exist in the cluster before being deployed.
+The GitLab Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core) with the dependencies listed below being configured prior to deployment.
 
-#### General
-
-- Create `gitlab` namespace
-- Label `gitlab` namespace with `istio-injection: enabled`
+> :warning: **NOTE**: Some GitLab features (such as GitLab pages) will also require a [GitLab runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) along with additional configuration such as an additional certificate SAN for `*.pages.<your-domain>`.
 
 #### Database
 
-- A Postgres database is running on port `5432` and accessible to the cluster
-- This database can be logged into via the username configured with the zarf var `GITLAB_DB_USERNAME`. Default is `gitlab`
-- This database instance has a psql database created matching what is defined in the zarf var `GITLAB_DB_NAME`. Default is `gitlabdb`
+- A Postgres database is running on port `5432` and accessible to the cluster via the `GITLAB_DB_ENDPOINT` Zarf var.
+- This database can be logged into via the username configured with the Zarf var `GITLAB_DB_USERNAME`. Default is `gitlab`
+- This database instance has a psql database created matching what is defined in the Zarf var `GITLAB_DB_NAME`. Default is `gitlabdb`
 - The user has read/write access to the above mentioned database
 - Create `gitlab-postgres` service in `gitlab` namespace that points to the psql database
 - Create `gitlab-postgres` secret in `gitlab` namespace with the key `password` that contains the password to the user for the psql database
 
 #### Redis / Redis Equivalent
 
-- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster
+- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster via the `GITLAB_REDIS_ENDPOINT` Zarf var.
 - The redis instance accepts anonymous auth (password only)
 - Create `gitlab-redis` service in `gitlab` namespace that points to the redis instance
 - Create `gitlab-redis` secret in `gitlab` namespace with the key `password` that contains the password to the redis instance
@@ -36,14 +33,15 @@ The GitLab Package expects the pieces listed below to exist in the cluster befor
 Object Storage works a bit differently as there are many kinds of file stores GitLab can be configured to use.
 
 - Create the secret `gitlab-object-store` in the `gitlab` namespace with the following keys:
-  - An example for in-cluster Minio can be found in this repository at the path `utils/pkg-deps/gitlab/minio/secret.yaml`
+  - An example for in-cluster Minio can be found in this repository at the path `src/dev-secrets/minio-secret.yaml`
   - `connection`
     - This key refers to the configuration for the main GitLab service. The documentation for what goes in this key is located [here](https://docs.gitlab.com/16.0/ee/administration/object_storage.html#configure-the-connection-settings)
   - `registry`
     - This key refers to the configuration for the gitlab registry. The documentation for what goes in this key is located [here](https://docs.docker.com/registry/configuration/#storage)
   - `backups`
     - This key refers to the configuration for the gitlab-toolbox backup tool. It relies on a program called `s3cmd`. The documentation for what goes in this key is located [here](https://s3tools.org/kb/item14.htm)
 - Below are the list of buckets that need to be created before starting GitLab:
+```yaml
   - uds-gitlab-pages
   - uds-gitlab-registry
   - uds-gitlab-lfs
@@ -56,7 +54,8 @@ Object Storage works a bit differently as there are many kinds of file stores Gi
   - uds-gitlab-dependency-proxy
   - uds-gitlab-backups
   - uds-gitlab-tmp
-- These buckets can have a suffix applied via the `BUCKET_SUFFIX` zarf variable (e.x. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`)
+```
+- These buckets can have a suffix applied via the `BUCKET_SUFFIX` Zarf variable (e.g. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`)
 
 ## Flavors
 

bundle/uds-bundle.yaml

@@ -74,6 +74,9 @@ packages:
             - name: SIDEKIQ_RESOURCES
               description: "Gitlab Sidekiq Resources"
               path: "gitlab.sidekiq.resources"
+            - name: PAGES_RESOURCES
+              description: "GitLab Pages Resources"
+              path: "gitlab.gitlab-pages.resources"
             - name: REGISTRY_REPLICAS
               description: "Gitlab Registry Min Replicas"
               path: "registry.hpa.minReplicas"

bundle/uds-config.yaml

@@ -31,6 +31,7 @@ variables:
     gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local"
     gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local"
     DISABLE_REGISTRY_REDIRECT: "true"
+    GITLAB_PAGES_ENABLED: true
     GITLAB_SSO_ENABLED: false
     # # Overrides for scaled down cluster for local dev and CI
     webservice_replicas: 1
@@ -57,5 +58,11 @@ variables:
       requests:
         cpu: 50m
         memory: 625M
+    pages_resources:
+      limits:
+        memory: 1.5G
+      requests:
+        cpu: 50m
+        memory: 625M
     registry_replicas: 1
     shell_replicas: 1

charts/config/templates/uds-package.yaml

@@ -19,6 +19,12 @@ spec:
         host: gitlab
         gateway: tenant
         port: 8181
+      - service: gitlab-gitlab-pages
+        podLabels:
+          app: gitlab-pages
+        host: "*.pages"
+        gateway: tenant
+        port: 8090
       - service: gitlab-registry
         podLabels:
           app: registry
@@ -104,3 +110,15 @@ spec:
           app: webservice
         remoteGenerated: Anywhere
         description: "Webservice Storage"
+
+      - direction: Ingress
+        podLabels:
+          app: gitlab-pages
+        port: 8090
+        description: GitLab Pages Ingress
+
+      - direction: Egress
+        podLabels:
+          app: gitlab-pages
+        remoteGenerated: Anywhere
+        description: "GitLab Pages Storage"

tasks/test.yaml

@@ -49,6 +49,14 @@ tasks:
             namespace: gitlab
             condition: Available
 
+      - description: Gitlab Pages Health Check
+        wait:
+          cluster:
+            kind: Deployment
+            name: gitlab-gitlab-pages
+            namespace: gitlab
+            condition: Available
+
       # StatefulSets don't show conditions themselves so we look for an underlying Pod
       - description: Gitlab Gitaly Health Check
         wait:
@@ -74,3 +82,8 @@ tasks:
             protocol: https
             address: gitlab.uds.dev
             code: 200
+
+  - name: root-password
+    actions:
+      - description: Get the root password for GitLab (useful for local dev)
+        cmd: ./uds zarf tools kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath={.data.password} | base64 -d

values/common-values.yaml

@@ -1,8 +1,4 @@
 global:
-  istio:
-    enabled: true
-    injection: enabled
-
   image:
     pullPolicy: IfNotPresent
 
@@ -130,26 +126,4 @@ gitlab:
       serviceMonitor:
         enabled: true
 
-istio:
-  enabled: false
-  injection: enabled
-  gitlab:
-    gateways:
-      - istio-tenant-gateway/tenant-gateway
-  registry:
-    gateways:
-      - istio-tenant-gateway/tenant-gateway
-  pages:
-    enabled: true
-    port: 8090
-    ingressLabels:
-      app: tenant-ingressgateway
-    gateways:
-      - istio-tenant-gatway/tenant-gateway
-    customDomains:
-      enabled: false
-    hosts:
-      - "*.pages.###ZARF_VAR_DOMAIN###"
-
-
 domain: ###ZARF_VAR_DOMAIN###