Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update helm release gitlab to v8.4.2 #3553

Merged
merged 1 commit into from
Oct 10, 2024
Merged

chore(deps): update helm release gitlab to v8.4.2 #3553

merged 1 commit into from
Oct 10, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 9, 2024

This PR contains the following updates:

Package Update Change
gitlab (source) patch 8.4.1 -> 8.4.2

Release Notes

gitlab-org/charts/gitlab (gitlab)

v8.4.2

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot assigned rxbn Oct 9, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

Path: apps/gitlab/gitlab/gitlab/helmrelease.yaml
Version: 8.4.1 -> 8.4.2

@@ -1285,8 +1285,8 @@
 release: gitlab
 heritage: Helm
 data:
- gitlabVersion: "17.4.1"
- gitlabChartVersion: "8.4.1"
+ gitlabVersion: "17.4.2"
+ gitlabChartVersion: "8.4.2"
 ---
 # Source: gitlab/charts/minio/templates/minio_pvc.yaml
 kind: PersistentVolumeClaim
@@ -1503,13 +1503,13 @@
 release: gitlab
 heritage: Helm
 annotations:
- checksum/config: d9e870797f9996a24e91c1b11f235f113d8c9cd691243519d4afb3aa084561b1
- checksum/config-sshd: 3eaa9fc81963c637b026c9f9db323b5e2aab80dbf890e4270a8345b622fa067b
+ checksum/config: 675f8b587809065cbbd8f2efd86d1207f52c6cf170c6007279fe10ffc1a1f7ab
+ checksum/config-sshd: b314300b4a1951bb3ba37f20b4cd1d78253e4d324a98d86cfc0883abd13041b1
 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 spec:
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -1523,7 +1523,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: shell-config
@@ -1670,7 +1670,7 @@
 heritage: Helm
 queue-pod-name: all-in-1
 annotations:
- checksum/configmap: 8a1d690aa257e57012a031364ac7226d1b7571909f3d8471a7be21b8e696cb2b
+ checksum/configmap: b4ac43e395d5fd83e3a4ffaaf53b752d4546dd8e5c70ffc9ee6fb7d19b823297
 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 gitlab.com/prometheus_scrape: "true"
 gitlab.com/prometheus_port: "3807"
@@ -1696,7 +1696,7 @@
 terminationGracePeriodSeconds: 30
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -1710,7 +1710,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: sidekiq-config
@@ -1726,7 +1726,7 @@
 requests:
 cpu: 50m
 - name: dependencies
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v17.4.2"
 args:
 - /scripts/wait-for-deps
 env:
@@ -1764,7 +1764,7 @@
 cpu: 50m
 containers:
 - name: sidekiq
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ce:v17.4.2"
 securityContext:
 runAsUser: 1000
 env:
@@ -1980,7 +1980,7 @@
 release: gitlab
 heritage: Helm
 annotations:
- checksum/config: 2165f8b48c94ebb294443abd7a3a39fe8d46ab8f75048f4a4a98b9caebf590b4
+ checksum/config: d6430b16e25a9e96189abddba4c5a385b69bf688d9aa08c880d88d2b19d26358
 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 spec:
 securityContext:
@@ -1990,7 +1990,7 @@
 automountServiceAccountToken: false
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -2004,7 +2004,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: toolbox-config
@@ -2035,7 +2035,7 @@
 - /bin/bash
 - -c
 - cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.2"
 securityContext:
 runAsUser: 1000
 env:
@@ -2237,7 +2237,7 @@
 heritage: Helm
 gitlab.com/webservice-name: default
 annotations:
- checksum/config: 28b4d83798729654828fe45cccd5be12608431fc1deb5fd79ff16303cb9b83dc
+ checksum/config: 15bcac3d0c45aaf63cf8ec1d61865a03e4ad04d29154c07c20600d36db5b9be7
 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 gitlab.com/prometheus_scrape: "true"
 gitlab.com/prometheus_port: "8083"
@@ -2263,7 +2263,7 @@
 automountServiceAccountToken: false
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -2278,7 +2278,7 @@
 - name: configure
 command: ['sh']
 args: ['-c', 'sh -x /config-webservice/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: webservice-config
@@ -2303,7 +2303,7 @@
 requests:
 cpu: 50m
 - name: dependencies
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.2
 args:
 - /scripts/wait-for-deps
 env:
@@ -2338,7 +2338,7 @@
 cpu: 50m
 containers:
 - name: webservice
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.2
 securityContext:
 runAsUser: 1000
 ports:
@@ -2438,7 +2438,7 @@
 cpu: 300m
 memory: 2.5G
 - name: gitlab-workhorse
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ce:v17.4.2"
 ports:
 - containerPort: 8181
 name: http-workhorse
@@ -2685,7 +2685,7 @@
 medium: "Memory"
 initContainers:
 - name: configure
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 command: ["sh", "/config/configure"]
 volumeMounts:
 - name: minio-configuration
@@ -2764,7 +2764,7 @@
 automountServiceAccountToken: false
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -2777,7 +2777,7 @@
 requests:
 cpu: 50m
 - name: configure
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 args: ["sh", "/config/configure"]
 volumeMounts:
 - name: registry-secrets
@@ -2998,7 +2998,7 @@
 release: gitlab
 heritage: Helm
 annotations:
- checksum/config: af5ef07eb399feb0c0941845f0bf1150419604d5f3127139101b165ab84e9415
+ checksum/config: f43e8a70462e126459d1753529786e68f1421dba7170424c8b0d94fb948d4ac2
 gitlab.com/prometheus_scrape: "true"
 gitlab.com/prometheus_port: "9236"
 gitlab.com/prometheus_path: /metrics
@@ -3009,7 +3009,7 @@
 terminationGracePeriodSeconds: 30
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -3023,7 +3023,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: gitaly-config
@@ -3054,7 +3054,7 @@
 automountServiceAccountToken: false
 containers:
 - name: gitaly
- image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.4.2"
 securityContext:
 runAsUser: 1000
 ports:
@@ -3321,7 +3321,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-migrations-8a851ea
+ name: gitlab-migrations-96572ac
 namespace: default
 labels:
 app: migrations
@@ -3343,7 +3343,7 @@
 automountServiceAccountToken: false
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -3357,7 +3357,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: migrations-config
@@ -3375,7 +3375,7 @@
 restartPolicy: OnFailure
 containers:
 - name: migrations
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.2"
 args:
 - /scripts/wait-for-deps
 - /scripts/db-migrate
@@ -3472,7 +3472,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-minio-create-buckets-1d0157c
+ name: gitlab-minio-create-buckets-56967d7
 namespace: default
 labels:
 app: minio
@@ -3539,11 +3539,11 @@
 metadata:
 labels:
 app: toolbox
- chart: toolbox-8.4.1
+ chart: toolbox-8.4.2
 release: gitlab
 heritage: Helm
 annotations:
- checksum/config: 2165f8b48c94ebb294443abd7a3a39fe8d46ab8f75048f4a4a98b9caebf590b4
+ checksum/config: d6430b16e25a9e96189abddba4c5a385b69bf688d9aa08c880d88d2b19d26358
 cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 spec:
 restartPolicy: OnFailure
@@ -3553,7 +3553,7 @@
 fsGroup: 1000
 initContainers:
 - name: certificates
- image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/certificates:v17.4.2
 env:
 volumeMounts:
 - name: etc-ssl-certs
@@ -3567,7 +3567,7 @@
 cpu: 50m
 - name: configure
 command: ['sh', '/config/configure']
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 env:
 volumeMounts:
 - name: toolbox-config
@@ -3588,7 +3588,7 @@
 - /bin/bash
 - -c
 - cp /etc/gitlab/.s3cfg $HOME/.s3cfg && backup-utility # alpine sleep has no infinity
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ce:v17.4.2"
 securityContext:
 runAsUser: 1000
 env:
@@ -3851,7 +3851,7 @@
 "helm.sh/hook-weight": "-3"
 "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
 data:
- generate-secrets: "# vim: set filetype=sh:\n\nnamespace=default\nrelease=gitlab\nenv=production\n\npushd $(mktemp -d)\n\n# Args pattern, length\nfunction gen_random(){\n head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2\n}\n\n# Args: yaml file, search path\nfunction fetch_rails_value(){\n local value=$(yq \".${2}\" $1)\n\n # Don't return null values\n if [ \"${value}\" != \"null\" ]; then echo \"${value}\"; fi\n}\n\n# Args: secretname\nfunction label_secret(){\n local secret_name=$1\n# Remove application labels if they exist\n kubectl --namespace=$namespace label \\\n secret $secret_name $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\n\n kubectl --namespace=$namespace label \\\n --overwrite \\\n secret $secret_name app=gitlab chart=gitlab-8.4.1 release=gitlab heritage=Helm \n}\n\n# Args: secretname, args\nfunction generate_secret_if_needed(){\n local secret_args=( \"${@:2}\")\n local secret_name=$1\n\n if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then\n kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]}\n else\n echo \"secret \\\"$secret_name\\\" already exists.\"\n\n for arg in \"${secret_args[@]}\"; do\n local from=$(echo -n ${arg} | cut -d '=' -f1)\n\n if [ -z \"${from##*literal*}\" ]; then\n local key=$(echo -n ${arg} | cut -d '=' -f2)\n local desiredValue=$(echo -n ${arg} | cut -d '=' -f3-)\n local flags=\"--namespace=$namespace --allow-missing-template-keys=false\"\n\n if ! $(kubectl $flags get secret $secret_name -ojsonpath=\"{.data.${key}}\" > /dev/null 2>&1); then\n echo \"key \\\"${key}\\\" does not exist. patching it in.\"\n\n if [ \"${desiredValue}\" != \"\" ]; then\n desiredValue=$(echo -n \"${desiredValue}\" | base64 -w 0)\n fi\n\n kubectl --namespace=$namespace patch secret ${secret_name} -p \"{\\\"data\\\":{\\\"$key\\\":\\\"${desiredValue}\\\"}}\"\n fi\n fi\n done\n fi\n\n label_secret $secret_name\n}\n\n# Initial root password\ngenerate_secret_if_needed \"gitlab-gitlab-initial-root-password\" --from-literal=\"password\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Redis password\ngenerate_secret_if_needed \"gitlab-redis-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n\n\n# Gitlab shell\ngenerate_secret_if_needed \"gitlab-gitlab-shell-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Gitaly secret\ngenerate_secret_if_needed \"gitlab-gitaly-secret\" --from-literal=\"token\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Minio secret\ngenerate_secret_if_needed \"gitlab-minio-secret\" --from-literal=accesskey=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secretkey=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Gitlab runner secret\ngenerate_secret_if_needed \"gitlab-gitlab-runner-secret\" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token=\"\"\n\n# GitLab Pages API secret\n\n\n# GitLab Pages auth secret for hashing cookie store when using access control\n\n\n# GitLab Pages OAuth secret\n\n\n\n\n# Gitlab-suggested-reviewers secret\ngenerate_secret_if_needed \"gitlab-gitlab-suggested-reviewers\" --from-literal=\"suggested_reviewers_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n\n\n\n\n# Registry certificates\nmkdir -p certs\nopenssl req -new -newkey rsa:4096 -subj \"/CN=gitlab-issuer\" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650\ngenerate_secret_if_needed \"gitlab-registry-secret\" --from-file=registry-auth.key=certs/registry-example-com.key --from-file=registry-auth.crt=certs/registry-example-com.crt\n\n# config/secrets.yaml\nif [ -n \"$env\" ]; then\n rails_secret=\"gitlab-rails-secret\"\n\n # Fetch the values from the existing secret if it exists\n if $(kubectl --namespace=$namespace get secret $rails_secret > /dev/null 2>&1); then\n kubectl --namespace=$namespace get secret $rails_secret -o jsonpath=\"{.data.secrets\\.yml}\" | base64 --decode > secrets.yml\n secret_key_base=$(fetch_rails_value secrets.yml \"${env}.secret_key_base\")\n otp_key_base=$(fetch_rails_value secrets.yml \"${env}.otp_key_base\")\n db_key_base=$(fetch_rails_value secrets.yml \"${env}.db_key_base\")\n openid_connect_signing_key=$(fetch_rails_value secrets.yml \"${env}.openid_connect_signing_key\")\n ci_jwt_signing_key=$(fetch_rails_value secrets.yml \"${env}.ci_jwt_signing_key\")\n encrypted_settings_key_base=$(fetch_rails_value secrets.yml \"${env}.encrypted_settings_key_base\")\n fi;\n\n # Generate defaults for any unset secrets\n secret_key_base=\"${secret_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n otp_key_base=\"${otp_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n db_key_base=\"${db_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n openid_connect_signing_key=\"${openid_connect_signing_key:-$(openssl genrsa 2048)}\"\n ci_jwt_signing_key=\"${ci_jwt_signing_key:-$(openssl genrsa 2048)}\"\n encrypted_settings_key_base=\"${encrypted_settings_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n\n # Update the existing secret\n cat << EOF > rails-secrets.yml\napiVersion: v1\nkind: Secret\nmetadata:\n name: $rails_secret\ntype: Opaque\nstringData:\n secrets.yml: |-\n $env:\n secret_key_base: $secret_key_base\n otp_key_base: $otp_key_base\n db_key_base: $db_key_base\n encrypted_settings_key_base: $encrypted_settings_key_base\n openid_connect_signing_key: |\n$(echo \"${openid_connect_signing_key}\" | awk '{print \" \" $0}')\n ci_jwt_signing_key: |\n$(echo \"${ci_jwt_signing_key}\" | awk '{print \" \" $0}')\nEOF\n kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml\n label_secret $rails_secret\nfi\n\n# Shell ssh host keys\nssh-keygen -A\nmkdir -p host_keys\ncp /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub host_keys/\ngenerate_secret_if_needed \"gitlab-gitlab-shell-host-keys\" --from-file host_keys\n\n# Gitlab-workhorse secret\ngenerate_secret_if_needed \"gitlab-gitlab-workhorse-secret\" --from-literal=\"shared_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n# Registry http.secret secret\ngenerate_secret_if_needed \"gitlab-registry-httpsecret\" --from-literal=\"secret\"=$(gen_random 'a-z0-9' 128 | base64 -w 0)\n\n# Container Registry notification_secret\ngenerate_secret_if_needed \"gitlab-registry-notification\" --from-literal=\"secret\"=[\\\"$(gen_random 'a-zA-Z0-9' 32)\\\"]\n\n\n\n# Zoekt basic auth credentials\ngenerate_secret_if_needed gitlab-zoekt-basicauth --from-literal=gitlab_username=gitlab --from-literal=gitlab_password=$(gen_random 'a-zA-Z0-9' 64)\n"
+ generate-secrets: "# vim: set filetype=sh:\n\nnamespace=default\nrelease=gitlab\nenv=production\n\npushd $(mktemp -d)\n\n# Args pattern, length\nfunction gen_random(){\n head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2\n}\n\n# Args: yaml file, search path\nfunction fetch_rails_value(){\n local value=$(yq \".${2}\" $1)\n\n # Don't return null values\n if [ \"${value}\" != \"null\" ]; then echo \"${value}\"; fi\n}\n\n# Args: secretname\nfunction label_secret(){\n local secret_name=$1\n# Remove application labels if they exist\n kubectl --namespace=$namespace label \\\n secret $secret_name $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\n\n kubectl --namespace=$namespace label \\\n --overwrite \\\n secret $secret_name app=gitlab chart=gitlab-8.4.2 release=gitlab heritage=Helm \n}\n\n# Args: secretname, args\nfunction generate_secret_if_needed(){\n local secret_args=( \"${@:2}\")\n local secret_name=$1\n\n if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then\n kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]}\n else\n echo \"secret \\\"$secret_name\\\" already exists.\"\n\n for arg in \"${secret_args[@]}\"; do\n local from=$(echo -n ${arg} | cut -d '=' -f1)\n\n if [ -z \"${from##*literal*}\" ]; then\n local key=$(echo -n ${arg} | cut -d '=' -f2)\n local desiredValue=$(echo -n ${arg} | cut -d '=' -f3-)\n local flags=\"--namespace=$namespace --allow-missing-template-keys=false\"\n\n if ! $(kubectl $flags get secret $secret_name -ojsonpath=\"{.data.${key}}\" > /dev/null 2>&1); then\n echo \"key \\\"${key}\\\" does not exist. patching it in.\"\n\n if [ \"${desiredValue}\" != \"\" ]; then\n desiredValue=$(echo -n \"${desiredValue}\" | base64 -w 0)\n fi\n\n kubectl --namespace=$namespace patch secret ${secret_name} -p \"{\\\"data\\\":{\\\"$key\\\":\\\"${desiredValue}\\\"}}\"\n fi\n fi\n done\n fi\n\n label_secret $secret_name\n}\n\n# Initial root password\ngenerate_secret_if_needed \"gitlab-gitlab-initial-root-password\" --from-literal=\"password\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Redis password\ngenerate_secret_if_needed \"gitlab-redis-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n\n\n# Gitlab shell\ngenerate_secret_if_needed \"gitlab-gitlab-shell-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Gitaly secret\ngenerate_secret_if_needed \"gitlab-gitaly-secret\" --from-literal=\"token\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Minio secret\ngenerate_secret_if_needed \"gitlab-minio-secret\" --from-literal=accesskey=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secretkey=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Gitlab runner secret\ngenerate_secret_if_needed \"gitlab-gitlab-runner-secret\" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token=\"\"\n\n# GitLab Pages API secret\n\n\n# GitLab Pages auth secret for hashing cookie store when using access control\n\n\n# GitLab Pages OAuth secret\n\n\n\n\n# Gitlab-suggested-reviewers secret\ngenerate_secret_if_needed \"gitlab-gitlab-suggested-reviewers\" --from-literal=\"suggested_reviewers_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n\n\n\n\n# Registry certificates\nmkdir -p certs\nopenssl req -new -newkey rsa:4096 -subj \"/CN=gitlab-issuer\" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650\ngenerate_secret_if_needed \"gitlab-registry-secret\" --from-file=registry-auth.key=certs/registry-example-com.key --from-file=registry-auth.crt=certs/registry-example-com.crt\n\n# config/secrets.yaml\nif [ -n \"$env\" ]; then\n rails_secret=\"gitlab-rails-secret\"\n\n # Fetch the values from the existing secret if it exists\n if $(kubectl --namespace=$namespace get secret $rails_secret > /dev/null 2>&1); then\n kubectl --namespace=$namespace get secret $rails_secret -o jsonpath=\"{.data.secrets\\.yml}\" | base64 --decode > secrets.yml\n secret_key_base=$(fetch_rails_value secrets.yml \"${env}.secret_key_base\")\n otp_key_base=$(fetch_rails_value secrets.yml \"${env}.otp_key_base\")\n db_key_base=$(fetch_rails_value secrets.yml \"${env}.db_key_base\")\n openid_connect_signing_key=$(fetch_rails_value secrets.yml \"${env}.openid_connect_signing_key\")\n ci_jwt_signing_key=$(fetch_rails_value secrets.yml \"${env}.ci_jwt_signing_key\")\n encrypted_settings_key_base=$(fetch_rails_value secrets.yml \"${env}.encrypted_settings_key_base\")\n fi;\n\n # Generate defaults for any unset secrets\n secret_key_base=\"${secret_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n otp_key_base=\"${otp_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n db_key_base=\"${db_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n openid_connect_signing_key=\"${openid_connect_signing_key:-$(openssl genrsa 2048)}\"\n ci_jwt_signing_key=\"${ci_jwt_signing_key:-$(openssl genrsa 2048)}\"\n encrypted_settings_key_base=\"${encrypted_settings_key_base:-$(gen_random 'a-f0-9' 128)}\" # equavilent to secureRandom.hex(64)\n\n # Update the existing secret\n cat << EOF > rails-secrets.yml\napiVersion: v1\nkind: Secret\nmetadata:\n name: $rails_secret\ntype: Opaque\nstringData:\n secrets.yml: |-\n $env:\n secret_key_base: $secret_key_base\n otp_key_base: $otp_key_base\n db_key_base: $db_key_base\n encrypted_settings_key_base: $encrypted_settings_key_base\n openid_connect_signing_key: |\n$(echo \"${openid_connect_signing_key}\" | awk '{print \" \" $0}')\n ci_jwt_signing_key: |\n$(echo \"${ci_jwt_signing_key}\" | awk '{print \" \" $0}')\nEOF\n kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml\n label_secret $rails_secret\nfi\n\n# Shell ssh host keys\nssh-keygen -A\nmkdir -p host_keys\ncp /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub host_keys/\ngenerate_secret_if_needed \"gitlab-gitlab-shell-host-keys\" --from-file host_keys\n\n# Gitlab-workhorse secret\ngenerate_secret_if_needed \"gitlab-gitlab-workhorse-secret\" --from-literal=\"shared_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n# Registry http.secret secret\ngenerate_secret_if_needed \"gitlab-registry-httpsecret\" --from-literal=\"secret\"=$(gen_random 'a-z0-9' 128 | base64 -w 0)\n\n# Container Registry notification_secret\ngenerate_secret_if_needed \"gitlab-registry-notification\" --from-literal=\"secret\"=[\\\"$(gen_random 'a-zA-Z0-9' 32)\\\"]\n\n\n\n# Zoekt basic auth credentials\ngenerate_secret_if_needed gitlab-zoekt-basicauth --from-literal=gitlab_username=gitlab --from-literal=gitlab_password=$(gen_random 'a-zA-Z0-9' 64)\n"
 ---
 # Source: gitlab/templates/upgrade_check_hook.yaml
 apiVersion: v1
@@ -4001,7 +4001,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
- name: gitlab-webservice-test-runner-b7vqy
+ name: gitlab-webservice-test-runner-curkr
 namespace: default
 annotations:
 "helm.sh/hook": test
@@ -4013,7 +4013,7 @@
 spec:
 containers:
 - name: test-runner
- image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ce:v17.4.2
 command: ['sh', '/tests/test_login']
 volumeMounts:
 - name: tests
@@ -4038,7 +4038,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-shared-secrets-dac943b
+ name: gitlab-shared-secrets-a2fc331
 namespace: default
 labels:
 app: gitlab
@@ -4063,7 +4063,7 @@
 restartPolicy: Never
 containers:
 - name: gitlab
- image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.4.2
 command: ['/bin/bash', '/scripts/generate-secrets']
 volumeMounts:
 - name: scripts
@@ -4084,7 +4084,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-shared-secrets-dac943b-selfsign
+ name: gitlab-shared-secrets-a2fc331-selfsign
 namespace: default
 labels:
 app: gitlab
@@ -4108,7 +4108,7 @@
 restartPolicy: Never
 initContainers:
 - name: cfssl-self-sign
- image: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.4.2
 env:
 - name: CA_SUBJECT
 value: "GitLab Helm Chart" # defaults to GitLab in container
@@ -4134,11 +4134,11 @@
 cpu: 50m
 containers:
 - name: kubectl
- image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.4.1
+ image: registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.4.2
 command:
 - /bin/bash
 - -exc
- - "certname=gitlab-wildcard-tls\n# create wildcard certificate secret\nkubectl create secret tls $certname \\\n --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true\nkubectl --namespace=$namespace label \\\n secret $certname $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret $certname app=gitlab chart=gitlab-8.4.1 release=gitlab heritage=Helm \n# create CA certificate secret\nkubectl create secret generic ${certname}-ca \\\n --from-file=cfssl_ca=/output/ca.pem || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-ca $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-ca app=gitlab chart=gitlab-8.4.1 release=gitlab heritage=Helm \n# create certificate chain for GitLab Runner\ncat /output/ca.pem /output/wildcard.pem > /tmp/git.${BASE_DOMAIN}.crt\nkubectl create secret generic ${certname}-chain \\\n --from-file=/tmp/git.${BASE_DOMAIN}.crt || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-chain $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-chain app=gitlab chart=gitlab-8.4.1 release=gitlab heritage=Helm \n"
+ - "certname=gitlab-wildcard-tls\n# create wildcard certificate secret\nkubectl create secret tls $certname \\\n --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true\nkubectl --namespace=$namespace label \\\n secret $certname $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret $certname app=gitlab chart=gitlab-8.4.2 release=gitlab heritage=Helm \n# create CA certificate secret\nkubectl create secret generic ${certname}-ca \\\n --from-file=cfssl_ca=/output/ca.pem || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-ca $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-ca app=gitlab chart=gitlab-8.4.2 release=gitlab heritage=Helm \n# create certificate chain for GitLab Runner\ncat /output/ca.pem /output/wildcard.pem > /tmp/git.${BASE_DOMAIN}.crt\nkubectl create secret generic ${certname}-chain \\\n --from-file=/tmp/git.${BASE_DOMAIN}.crt || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-chain $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-chain app=gitlab chart=gitlab-8.4.2 release=gitlab heritage=Helm \n"
 volumeMounts:
 - name: certs-path
 mountPath: /output
@@ -4177,13 +4177,13 @@
 restartPolicy: Never
 containers:
 - name: run-check
- image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.1"
+ image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.4.2"
 command: ['/bin/sh', '/scripts/runcheck']
 env:
 - name: GITLAB_VERSION
- value: '17.4.1'
+ value: '17.4.2'
 - name: CHART_VERSION
- value: '8.4.1'
+ value: '8.4.2'
 volumeMounts:
 - name: chart-info
 mountPath: /chart-info

@rxbn rxbn merged commit 2ec7405 into master Oct 10, 2024
2 checks passed
@rxbn rxbn deleted the renovate/gitlab-8.x branch October 10, 2024 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rxbn rxbn

Labels
dep/patch renovate/helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rxbn