Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: allow GL pages through istio #106

Merged
merged 9 commits into from
Apr 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 10 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,22 @@ This package is designed for use as part of a [UDS Software Factory](https://git

## Pre-requisites

The GitLab Package expects the pieces listed below to exist in the cluster before being deployed.
The GitLab Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core) with the dependencies listed below being configured prior to deployment.

#### General

- Create `gitlab` namespace
- Label `gitlab` namespace with `istio-injection: enabled`
> :warning: **NOTE**: Some GitLab features (such as GitLab pages) will also require a [GitLab runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) along with additional configuration such as an additional certificate SAN for `*.pages.<your-domain>`.

#### Database

- A Postgres database is running on port `5432` and accessible to the cluster
- This database can be logged into via the username configured with the zarf var `GITLAB_DB_USERNAME`. Default is `gitlab`
- This database instance has a psql database created matching what is defined in the zarf var `GITLAB_DB_NAME`. Default is `gitlabdb`
- A Postgres database is running on port `5432` and accessible to the cluster via the `GITLAB_DB_ENDPOINT` Zarf var.
- This database can be logged into via the username configured with the Zarf var `GITLAB_DB_USERNAME`. Default is `gitlab`
- This database instance has a psql database created matching what is defined in the Zarf var `GITLAB_DB_NAME`. Default is `gitlabdb`
- The user has read/write access to the above mentioned database
- Create `gitlab-postgres` service in `gitlab` namespace that points to the psql database
- Create `gitlab-postgres` secret in `gitlab` namespace with the key `password` that contains the password to the user for the psql database

#### Redis / Redis Equivalent

- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster
- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster via the `GITLAB_REDIS_ENDPOINT` Zarf var.
- The redis instance accepts anonymous auth (password only)
- Create `gitlab-redis` service in `gitlab` namespace that points to the redis instance
- Create `gitlab-redis` secret in `gitlab` namespace with the key `password` that contains the password to the redis instance
Expand All @@ -36,14 +33,15 @@ The GitLab Package expects the pieces listed below to exist in the cluster befor
Object Storage works a bit differently as there are many kinds of file stores GitLab can be configured to use.

- Create the secret `gitlab-object-store` in the `gitlab` namespace with the following keys:
- An example for in-cluster Minio can be found in this repository at the path `utils/pkg-deps/gitlab/minio/secret.yaml`
- An example for in-cluster Minio can be found in this repository at the path `src/dev-secrets/minio-secret.yaml`
- `connection`
- This key refers to the configuration for the main GitLab service. The documentation for what goes in this key is located [here](https://docs.gitlab.com/16.0/ee/administration/object_storage.html#configure-the-connection-settings)
- `registry`
- This key refers to the configuration for the gitlab registry. The documentation for what goes in this key is located [here](https://docs.docker.com/registry/configuration/#storage)
- `backups`
- This key refers to the configuration for the gitlab-toolbox backup tool. It relies on a program called `s3cmd`. The documentation for what goes in this key is located [here](https://s3tools.org/kb/item14.htm)
- Below are the list of buckets that need to be created before starting GitLab:
```yaml
- uds-gitlab-pages
- uds-gitlab-registry
- uds-gitlab-lfs
Expand All @@ -56,7 +54,8 @@ Object Storage works a bit differently as there are many kinds of file stores Gi
- uds-gitlab-dependency-proxy
- uds-gitlab-backups
- uds-gitlab-tmp
- These buckets can have a suffix applied via the `BUCKET_SUFFIX` zarf variable (e.x. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`)
```
- These buckets can have a suffix applied via the `BUCKET_SUFFIX` Zarf variable (e.g. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`)

## Flavors

Expand Down
3 changes: 3 additions & 0 deletions bundle/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ packages:
- name: SIDEKIQ_RESOURCES
description: "Gitlab Sidekiq Resources"
path: "gitlab.sidekiq.resources"
- name: PAGES_RESOURCES
description: "GitLab Pages Resources"
path: "gitlab.gitlab-pages.resources"
- name: REGISTRY_REPLICAS
description: "Gitlab Registry Min Replicas"
path: "registry.hpa.minReplicas"
Expand Down
7 changes: 7 additions & 0 deletions bundle/uds-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ variables:
gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local"
gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local"
DISABLE_REGISTRY_REDIRECT: "true"
GITLAB_PAGES_ENABLED: true
GITLAB_SSO_ENABLED: false
# # Overrides for scaled down cluster for local dev and CI
webservice_replicas: 1
Expand All @@ -57,5 +58,11 @@ variables:
requests:
cpu: 50m
memory: 625M
pages_resources:
limits:
memory: 1.5G
requests:
cpu: 50m
memory: 625M
registry_replicas: 1
shell_replicas: 1
18 changes: 18 additions & 0 deletions charts/config/templates/uds-package.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ spec:
host: gitlab
gateway: tenant
port: 8181
- service: gitlab-gitlab-pages
podLabels:
app: gitlab-pages
host: "*.pages"
gateway: tenant
port: 8090
- service: gitlab-registry
podLabels:
app: registry
Expand Down Expand Up @@ -104,3 +110,15 @@ spec:
app: webservice
remoteGenerated: Anywhere
description: "Webservice Storage"

- direction: Ingress
podLabels:
app: gitlab-pages
port: 8090
description: GitLab Pages Ingress

- direction: Egress
podLabels:
app: gitlab-pages
remoteGenerated: Anywhere
description: "GitLab Pages Storage"
27 changes: 0 additions & 27 deletions docs/DEVELOPMENT_MAINTENANCE.md

This file was deleted.

13 changes: 13 additions & 0 deletions tasks/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,14 @@ tasks:
namespace: gitlab
condition: Available

- description: Gitlab Pages Health Check
wait:
cluster:
kind: Deployment
name: gitlab-gitlab-pages
namespace: gitlab
condition: Available

# StatefulSets don't show conditions themselves so we look for an underlying Pod
- description: Gitlab Gitaly Health Check
wait:
Expand All @@ -74,3 +82,8 @@ tasks:
protocol: https
address: gitlab.uds.dev
code: 200

- name: root-password
actions:
- description: Get the root password for GitLab (useful for local dev)
cmd: ./uds zarf tools kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath={.data.password} | base64 -d
26 changes: 0 additions & 26 deletions values/common-values.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
global:
istio:
enabled: true
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
injection: enabled

image:
pullPolicy: IfNotPresent

Expand Down Expand Up @@ -130,26 +126,4 @@ gitlab:
serviceMonitor:
enabled: true

istio:
enabled: false
injection: enabled
gitlab:
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
gateways:
- istio-tenant-gateway/tenant-gateway
registry:
gateways:
- istio-tenant-gateway/tenant-gateway
pages:
enabled: true
port: 8090
ingressLabels:
app: tenant-ingressgateway
gateways:
- istio-tenant-gatway/tenant-gateway
customDomains:
enabled: false
hosts:
- "*.pages.###ZARF_VAR_DOMAIN###"


domain: ###ZARF_VAR_DOMAIN###