From 9613f765ee346a370f1baaa10e0d35779532ca77 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Tue, 16 Apr 2024 19:35:53 -0600 Subject: [PATCH] chore: allow GL pages through istio (#106) ## Description This PR allows GL pages to work through istio in the UDS package CR ## Related Issue Fixes #15 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-gitlab/blob/main/CONTRIBUTING.md#developer-workflow) followed --- README.md | 21 +++++++++--------- bundle/uds-bundle.yaml | 3 +++ bundle/uds-config.yaml | 7 ++++++ charts/config/templates/uds-package.yaml | 18 ++++++++++++++++ docs/DEVELOPMENT_MAINTENANCE.md | 27 ------------------------ tasks/test.yaml | 13 ++++++++++++ values/common-values.yaml | 26 ----------------------- 7 files changed, 51 insertions(+), 64 deletions(-) delete mode 100644 docs/DEVELOPMENT_MAINTENANCE.md diff --git a/README.md b/README.md index e4f02bf9..2526891d 100644 --- a/README.md +++ b/README.md @@ -8,25 +8,22 @@ This package is designed for use as part of a [UDS Software Factory](https://git ## Pre-requisites -The GitLab Package expects the pieces listed below to exist in the cluster before being deployed. +The GitLab Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core) with the dependencies listed below being configured prior to deployment. -#### General - -- Create `gitlab` namespace -- Label `gitlab` namespace with `istio-injection: enabled` +> :warning: **NOTE**: Some GitLab features (such as GitLab pages) will also require a [GitLab runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) along with additional configuration such as an additional certificate SAN for `*.pages.`. #### Database -- A Postgres database is running on port `5432` and accessible to the cluster -- This database can be logged into via the username configured with the zarf var `GITLAB_DB_USERNAME`. Default is `gitlab` -- This database instance has a psql database created matching what is defined in the zarf var `GITLAB_DB_NAME`. Default is `gitlabdb` +- A Postgres database is running on port `5432` and accessible to the cluster via the `GITLAB_DB_ENDPOINT` Zarf var. +- This database can be logged into via the username configured with the Zarf var `GITLAB_DB_USERNAME`. Default is `gitlab` +- This database instance has a psql database created matching what is defined in the Zarf var `GITLAB_DB_NAME`. Default is `gitlabdb` - The user has read/write access to the above mentioned database - Create `gitlab-postgres` service in `gitlab` namespace that points to the psql database - Create `gitlab-postgres` secret in `gitlab` namespace with the key `password` that contains the password to the user for the psql database #### Redis / Redis Equivalent -- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster +- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port `6379` and accessible to the cluster via the `GITLAB_REDIS_ENDPOINT` Zarf var. - The redis instance accepts anonymous auth (password only) - Create `gitlab-redis` service in `gitlab` namespace that points to the redis instance - Create `gitlab-redis` secret in `gitlab` namespace with the key `password` that contains the password to the redis instance @@ -36,7 +33,7 @@ The GitLab Package expects the pieces listed below to exist in the cluster befor Object Storage works a bit differently as there are many kinds of file stores GitLab can be configured to use. - Create the secret `gitlab-object-store` in the `gitlab` namespace with the following keys: - - An example for in-cluster Minio can be found in this repository at the path `utils/pkg-deps/gitlab/minio/secret.yaml` + - An example for in-cluster Minio can be found in this repository at the path `src/dev-secrets/minio-secret.yaml` - `connection` - This key refers to the configuration for the main GitLab service. The documentation for what goes in this key is located [here](https://docs.gitlab.com/16.0/ee/administration/object_storage.html#configure-the-connection-settings) - `registry` @@ -44,6 +41,7 @@ Object Storage works a bit differently as there are many kinds of file stores Gi - `backups` - This key refers to the configuration for the gitlab-toolbox backup tool. It relies on a program called `s3cmd`. The documentation for what goes in this key is located [here](https://s3tools.org/kb/item14.htm) - Below are the list of buckets that need to be created before starting GitLab: +```yaml - uds-gitlab-pages - uds-gitlab-registry - uds-gitlab-lfs @@ -56,7 +54,8 @@ Object Storage works a bit differently as there are many kinds of file stores Gi - uds-gitlab-dependency-proxy - uds-gitlab-backups - uds-gitlab-tmp -- These buckets can have a suffix applied via the `BUCKET_SUFFIX` zarf variable (e.x. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`) +``` +- These buckets can have a suffix applied via the `BUCKET_SUFFIX` Zarf variable (e.g. `-some-deployment-name` plus `uds-gitlab-backups` would be `uds-gitlab-backups-some-deployment-name`) ## Flavors diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml index 23ba1b2a..3c55cd11 100644 --- a/bundle/uds-bundle.yaml +++ b/bundle/uds-bundle.yaml @@ -74,6 +74,9 @@ packages: - name: SIDEKIQ_RESOURCES description: "Gitlab Sidekiq Resources" path: "gitlab.sidekiq.resources" + - name: PAGES_RESOURCES + description: "GitLab Pages Resources" + path: "gitlab.gitlab-pages.resources" - name: REGISTRY_REPLICAS description: "Gitlab Registry Min Replicas" path: "registry.hpa.minReplicas" diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml index a31b7928..504543be 100644 --- a/bundle/uds-config.yaml +++ b/bundle/uds-config.yaml @@ -31,6 +31,7 @@ variables: gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local" gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local" DISABLE_REGISTRY_REDIRECT: "true" + GITLAB_PAGES_ENABLED: true GITLAB_SSO_ENABLED: false # # Overrides for scaled down cluster for local dev and CI webservice_replicas: 1 @@ -57,5 +58,11 @@ variables: requests: cpu: 50m memory: 625M + pages_resources: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M registry_replicas: 1 shell_replicas: 1 diff --git a/charts/config/templates/uds-package.yaml b/charts/config/templates/uds-package.yaml index 6dc625e3..55f441c0 100644 --- a/charts/config/templates/uds-package.yaml +++ b/charts/config/templates/uds-package.yaml @@ -19,6 +19,12 @@ spec: host: gitlab gateway: tenant port: 8181 + - service: gitlab-gitlab-pages + podLabels: + app: gitlab-pages + host: "*.pages" + gateway: tenant + port: 8090 - service: gitlab-registry podLabels: app: registry @@ -104,3 +110,15 @@ spec: app: webservice remoteGenerated: Anywhere description: "Webservice Storage" + + - direction: Ingress + podLabels: + app: gitlab-pages + port: 8090 + description: GitLab Pages Ingress + + - direction: Egress + podLabels: + app: gitlab-pages + remoteGenerated: Anywhere + description: "GitLab Pages Storage" diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md deleted file mode 100644 index 841f6289..00000000 --- a/docs/DEVELOPMENT_MAINTENANCE.md +++ /dev/null @@ -1,27 +0,0 @@ -# UDS Capability Gitlab - -## How to upgrade this capability - - - -This package is pulling in the [bigbang gitlab chart](https://repo1.dso.mil/big-bang/product/packages/gitlab) - -The [gitlab-flux-values.yaml](../gitlab-flux-values.yaml) file contains values used when creating the flux resources for this capability. This includes the version of the chart and the base values used for this capability. - -To upgrade -1) Point `application.ref.tag` to the updated version of the chart. -1) Update any base values if necessary. -1) Update the `gitlab` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart. - -## How to test this package locally - -Prerequisites: -- Docker -- latest version of UDS CLI -- K3d - -Note: If developing on an Apple Silicon Mac, colima is an excellent option. If using colima, the following command will provision a VM that should be adequate to deploy this package: - -`colima start --cpu 8 --memory 25 --disk 50 --vm-type vz --vz-rosetta --profile uds --arch aarch64` - - 1) From the root of the repository run `uds run`. To test a specific package flavor, specify that via the --set flag. For example: `uds run --set FLAVOR=upstream` diff --git a/tasks/test.yaml b/tasks/test.yaml index db95e25a..b4e4b90c 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -49,6 +49,14 @@ tasks: namespace: gitlab condition: Available + - description: Gitlab Pages Health Check + wait: + cluster: + kind: Deployment + name: gitlab-gitlab-pages + namespace: gitlab + condition: Available + # StatefulSets don't show conditions themselves so we look for an underlying Pod - description: Gitlab Gitaly Health Check wait: @@ -74,3 +82,8 @@ tasks: protocol: https address: gitlab.uds.dev code: 200 + + - name: root-password + actions: + - description: Get the root password for GitLab (useful for local dev) + cmd: ./uds zarf tools kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath={.data.password} | base64 -d diff --git a/values/common-values.yaml b/values/common-values.yaml index 57455a13..b1a8b574 100644 --- a/values/common-values.yaml +++ b/values/common-values.yaml @@ -1,8 +1,4 @@ global: - istio: - enabled: true - injection: enabled - image: pullPolicy: IfNotPresent @@ -130,26 +126,4 @@ gitlab: serviceMonitor: enabled: true -istio: - enabled: false - injection: enabled - gitlab: - gateways: - - istio-tenant-gateway/tenant-gateway - registry: - gateways: - - istio-tenant-gateway/tenant-gateway - pages: - enabled: true - port: 8090 - ingressLabels: - app: tenant-ingressgateway - gateways: - - istio-tenant-gatway/tenant-gateway - customDomains: - enabled: false - hosts: - - "*.pages.###ZARF_VAR_DOMAIN###" - - domain: ###ZARF_VAR_DOMAIN###