Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update helm release gitlab to v8.7.1 #3711

Merged
merged 1 commit into from
Dec 21, 2024
Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 21, 2024

This PR contains the following updates:

Package Update Change
gitlab (source) patch 8.7.0 -> 8.7.1

Release Notes

gitlab-org/charts/gitlab (gitlab)

v8.7.1

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

Path: apps/gitlab/gitlab/gitlab/helmrelease.yaml
Version: 8.7.0 -> 8.7.1

@@ -1290,7 +1290,7 @@
 heritage: Helm
 data:
 gitlabVersion: "17.7.0"
- gitlabChartVersion: "8.7.0"
+ gitlabChartVersion: "8.7.1"
 ---
 # Source: gitlab/charts/minio/templates/minio_pvc.yaml
 kind: PersistentVolumeClaim
@@ -4127,7 +4127,7 @@
 "helm.sh/hook-weight": "-3"
 "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
 data:
- generate-secrets: "# vim: set filetype=sh:\n\nnamespace=default\nrelease=gitlab\nenv=production\n\npushd $(mktemp -d)\n\n# Args pattern, length\nfunction gen_random(){\n head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2\n}\n\n# Args: length\nfunction gen_random_base64(){\n local len=\"$1\"\n head -c \"$len\" /dev/urandom | base64 -w0\n}\n\n# Args: yaml file, search path\nfunction fetch_rails_value(){\n local value=$(yq \".${2}\" $1)\n\n # Don't return null values\n if [ \"${value}\" != \"null\" ]; then echo \"${value}\"; fi\n}\n\n# Args: secretname\nfunction label_secret(){\n local secret_name=$1\n# Remove application labels if they exist\n kubectl --namespace=$namespace label \\\n secret $secret_name $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\n\n kubectl --namespace=$namespace label \\\n --overwrite \\\n secret $secret_name app=gitlab chart=gitlab-8.7.0 release=gitlab heritage=Helm \n}\n\n# Args: secretname, args\nfunction generate_secret_if_needed(){\n local secret_args=( \"${@:2}\")\n local secret_name=$1\n\n if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then\n kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]}\n else\n echo \"secret \\\"$secret_name\\\" already exists.\"\n\n for arg in \"${secret_args[@]}\"; do\n local from=$(echo -n ${arg} | cut -d '=' -f1)\n\n if [ -z \"${from##*literal*}\" ]; then\n local key=$(echo -n ${arg} | cut -d '=' -f2)\n local desiredValue=$(echo -n ${arg} | cut -d '=' -f3-)\n local flags=\"--namespace=$namespace --allow-missing-template-keys=false\"\n\n if ! $(kubectl $flags get secret $secret_name -ojsonpath=\"{.data.${key}}\" > /dev/null 2>&1); then\n echo \"key \\\"${key}\\\" does not exist. patching it in.\"\n\n if [ \"${desiredValue}\" != \"\" ]; then\n desiredValue=$(echo -n \"${desiredValue}\" | base64 -w 0)\n fi\n\n kubectl --namespace=$namespace patch secret ${secret_name} -p \"{\\\"data\\\":{\\\"$key\\\":\\\"${desiredValue}\\\"}}\"\n fi\n fi\n done\n fi\n\n label_secret $secret_name\n}\n\n# Initial root password\ngenerate_secret_if_needed \"gitlab-gitlab-initial-root-password\" --from-literal=\"password\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Redis password\ngenerate_secret_if_needed \"gitlab-redis-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n\n\n# Gitlab shell\ngenerate_secret_if_needed \"gitlab-gitlab-shell-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Gitaly secret\ngenerate_secret_if_needed \"gitlab-gitaly-secret\" --from-literal=\"token\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Minio secret\ngenerate_secret_if_needed \"gitlab-minio-secret\" --from-literal=accesskey=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secretkey=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Gitlab runner secret\ngenerate_secret_if_needed \"gitlab-gitlab-runner-secret\" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token=\"\"\n\n# GitLab Pages API secret\n\n\n# GitLab Pages auth secret for hashing cookie store when using access control\n\n\n# GitLab Pages OAuth secret\n\n\n\n\n# Gitlab-suggested-reviewers secret\ngenerate_secret_if_needed \"gitlab-gitlab-suggested-reviewers\" --from-literal=\"suggested_reviewers_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n\n\n\n\n# Registry certificates\nmkdir -p certs\nopenssl req -new -newkey rsa:4096 -subj \"/CN=gitlab-issuer\" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650\ngenerate_secret_if_needed \"gitlab-registry-secret\" --from-file=registry-auth.key=certs/registry-example-com.key --from-file=registry-auth.crt=certs/registry-example-com.crt\n\n# config/secrets.yaml\nif [ -n \"$env\" ]; then\n rails_secret=\"gitlab-rails-secret\"\n\n # Fetch the values from the existing secret if it exists\n if $(kubectl --namespace=$namespace get secret $rails_secret > /dev/null 2>&1); then\n kubectl --namespace=$namespace get secret $rails_secret -o jsonpath=\"{.data.secrets\\.yml}\" | base64 --decode > secrets.yml\n secret_key_base=$(fetch_rails_value secrets.yml \"${env}.secret_key_base\")\n otp_key_base=$(fetch_rails_value secrets.yml \"${env}.otp_key_base\")\n db_key_base=$(fetch_rails_value secrets.yml \"${env}.db_key_base\")\n openid_connect_signing_key=$(fetch_rails_value secrets.yml \"${env}.openid_connect_signing_key\")\n encrypted_settings_key_base=$(fetch_rails_value secrets.yml \"${env}.encrypted_settings_key_base\")\n\n active_record_encryption_primary_keys=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_primary_key\")\n active_record_encryption_deterministic_keys=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_deterministic_key\")\n active_record_encryption_key_derivation_salt=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_key_derivation_salt\")\n fi;\n\n # Generate defaults for any unset secrets\n secret_key_base=\"${secret_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n otp_key_base=\"${otp_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n db_key_base=\"${db_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n openid_connect_signing_key=\"${openid_connect_signing_key:-$(openssl genrsa 2048)}\"\n encrypted_settings_key_base=\"${encrypted_settings_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n\n # 1. We set the following two keys as an array to support keys rotation.\n # The last key in the array is always used to encrypt data:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/encryption/key_provider.rb#L21\n # while all the keys are used (in the order they're defined) to decrypt data:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/encryption/cipher.rb#L26.\n # This allows to rotate keys by adding a new key as the last key, and start a re-encryption process that\n # runs in the background: https://gitlab.com/gitlab-org/gitlab/-/issues/494976\n # 2. We use the same method and length as Rails' defaults:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/railties/databases.rake#L537-L540\n active_record_encryption_primary_keys=${active_record_encryption_primary_keys:-\"- $(gen_random 'a-zA-Z0-9' 32)\"}\n active_record_encryption_deterministic_keys=${active_record_encryption_deterministic_keys:-\"- $(gen_random 'a-zA-Z0-9' 32)\"}\n active_record_encryption_key_derivation_salt=${active_record_encryption_key_derivation_salt:-$(gen_random 'a-zA-Z0-9' 32)}\n\n # Update the existing secret\n cat << EOF > rails-secrets.yml\napiVersion: v1\nkind: Secret\nmetadata:\n name: $rails_secret\ntype: Opaque\nstringData:\n secrets.yml: |-\n $env:\n secret_key_base: $secret_key_base\n otp_key_base: $otp_key_base\n db_key_base: $db_key_base\n encrypted_settings_key_base: $encrypted_settings_key_base\n openid_connect_signing_key: |\n$(echo \"${openid_connect_signing_key}\" | awk '{print \" \" $0}')\n active_record_encryption_primary_key:\n $active_record_encryption_primary_keys\n active_record_encryption_deterministic_key:\n $active_record_encryption_deterministic_keys\n active_record_encryption_key_derivation_salt: $active_record_encryption_key_derivation_salt\nEOF\n kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml\n label_secret $rails_secret\nfi\n\n# Shell ssh host keys\nssh-keygen -A\nmkdir -p host_keys\ncp /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub host_keys/\ngenerate_secret_if_needed \"gitlab-gitlab-shell-host-keys\" --from-file host_keys\n\n# Gitlab-workhorse secret\ngenerate_secret_if_needed \"gitlab-gitlab-workhorse-secret\" --from-literal=\"shared_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n# Registry http.secret secret\ngenerate_secret_if_needed \"gitlab-registry-httpsecret\" --from-literal=\"secret\"=$(gen_random 'a-z0-9' 128 | base64 -w 0)\n\n# Container Registry notification_secret\ngenerate_secret_if_needed \"gitlab-registry-notification\" --from-literal=\"secret\"=[\\\"$(gen_random 'a-zA-Z0-9' 32)\\\"]\n\n\n\n# Zoekt basic auth credentials\ngenerate_secret_if_needed gitlab-zoekt-basicauth --from-literal=gitlab_username=gitlab --from-literal=gitlab_password=$(gen_random 'a-zA-Z0-9' 64)\n"
+ generate-secrets: "# vim: set filetype=sh:\n\nnamespace=default\nrelease=gitlab\nenv=production\n\npushd $(mktemp -d)\n\n# Args pattern, length\nfunction gen_random(){\n head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2\n}\n\n# Args: length\nfunction gen_random_base64(){\n local len=\"$1\"\n head -c \"$len\" /dev/urandom | base64 -w0\n}\n\n# Args: yaml file, search path\nfunction fetch_rails_value(){\n local value=$(yq --prettyPrint --no-colors \".${2}\" $1)\n\n # Don't return null values\n if [ \"${value}\" != \"null\" ]; then echo \"${value}\"; fi\n}\n\n# Args: secretname\nfunction label_secret(){\n local secret_name=$1\n# Remove application labels if they exist\n kubectl --namespace=$namespace label \\\n secret $secret_name $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\n\n kubectl --namespace=$namespace label \\\n --overwrite \\\n secret $secret_name app=gitlab chart=gitlab-8.7.1 release=gitlab heritage=Helm \n}\n\n# Args: secretname, args\nfunction generate_secret_if_needed(){\n local secret_args=( \"${@:2}\")\n local secret_name=$1\n\n if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then\n kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]}\n else\n echo \"secret \\\"$secret_name\\\" already exists.\"\n\n for arg in \"${secret_args[@]}\"; do\n local from=$(echo -n ${arg} | cut -d '=' -f1)\n\n if [ -z \"${from##*literal*}\" ]; then\n local key=$(echo -n ${arg} | cut -d '=' -f2)\n local desiredValue=$(echo -n ${arg} | cut -d '=' -f3-)\n local flags=\"--namespace=$namespace --allow-missing-template-keys=false\"\n\n if ! $(kubectl $flags get secret $secret_name -ojsonpath=\"{.data.${key}}\" > /dev/null 2>&1); then\n echo \"key \\\"${key}\\\" does not exist. patching it in.\"\n\n if [ \"${desiredValue}\" != \"\" ]; then\n desiredValue=$(echo -n \"${desiredValue}\" | base64 -w 0)\n fi\n\n kubectl --namespace=$namespace patch secret ${secret_name} -p \"{\\\"data\\\":{\\\"$key\\\":\\\"${desiredValue}\\\"}}\"\n fi\n fi\n done\n fi\n\n label_secret $secret_name\n}\n\n# Initial root password\ngenerate_secret_if_needed \"gitlab-gitlab-initial-root-password\" --from-literal=\"password\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Redis password\ngenerate_secret_if_needed \"gitlab-redis-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n\n\n\n# Gitlab shell\ngenerate_secret_if_needed \"gitlab-gitlab-shell-secret\" --from-literal=\"secret\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Gitaly secret\ngenerate_secret_if_needed \"gitlab-gitaly-secret\" --from-literal=\"token\"=$(gen_random 'a-zA-Z0-9' 64)\n\n# Minio secret\ngenerate_secret_if_needed \"gitlab-minio-secret\" --from-literal=accesskey=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secretkey=$(gen_random 'a-zA-Z0-9' 64)\n\n\n# Gitlab runner secret\ngenerate_secret_if_needed \"gitlab-gitlab-runner-secret\" --from-literal=runner-registration-token=$(gen_random 'a-zA-Z0-9' 64) --from-literal=runner-token=\"\"\n\n# GitLab Pages API secret\n\n\n# GitLab Pages auth secret for hashing cookie store when using access control\n\n\n# GitLab Pages OAuth secret\n\n\n\n\n# Gitlab-suggested-reviewers secret\ngenerate_secret_if_needed \"gitlab-gitlab-suggested-reviewers\" --from-literal=\"suggested_reviewers_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n\n\n\n\n# Registry certificates\nmkdir -p certs\nopenssl req -new -newkey rsa:4096 -subj \"/CN=gitlab-issuer\" -nodes -x509 -keyout certs/registry-example-com.key -out certs/registry-example-com.crt -days 3650\ngenerate_secret_if_needed \"gitlab-registry-secret\" --from-file=registry-auth.key=certs/registry-example-com.key --from-file=registry-auth.crt=certs/registry-example-com.crt\n\n# config/secrets.yaml\nif [ -n \"$env\" ]; then\n rails_secret=\"gitlab-rails-secret\"\n\n # Fetch the values from the existing secret if it exists\n if $(kubectl --namespace=$namespace get secret $rails_secret > /dev/null 2>&1); then\n kubectl --namespace=$namespace get secret $rails_secret -o jsonpath=\"{.data.secrets\\.yml}\" | base64 --decode > secrets.yml\n secret_key_base=$(fetch_rails_value secrets.yml \"${env}.secret_key_base\")\n otp_key_base=$(fetch_rails_value secrets.yml \"${env}.otp_key_base\")\n db_key_base=$(fetch_rails_value secrets.yml \"${env}.db_key_base\")\n openid_connect_signing_key=$(fetch_rails_value secrets.yml \"${env}.openid_connect_signing_key\")\n encrypted_settings_key_base=$(fetch_rails_value secrets.yml \"${env}.encrypted_settings_key_base\")\n\n active_record_encryption_primary_keys=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_primary_key\")\n active_record_encryption_deterministic_keys=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_deterministic_key\")\n active_record_encryption_key_derivation_salt=$(fetch_rails_value secrets.yml \"${env}.active_record_encryption_key_derivation_salt\")\n fi;\n\n # Generate defaults for any unset secrets\n secret_key_base=\"${secret_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n otp_key_base=\"${otp_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n db_key_base=\"${db_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n openid_connect_signing_key=\"${openid_connect_signing_key:-$(openssl genrsa 2048)}\"\n encrypted_settings_key_base=\"${encrypted_settings_key_base:-$(gen_random 'a-f0-9' 128)}\" # equivalent to secureRandom.hex(64)\n\n # 1. We set the following two keys as an array to support keys rotation.\n # The last key in the array is always used to encrypt data:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/encryption/key_provider.rb#L21\n # while all the keys are used (in the order they're defined) to decrypt data:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/encryption/cipher.rb#L26.\n # This allows to rotate keys by adding a new key as the last key, and start a re-encryption process that\n # runs in the background: https://gitlab.com/gitlab-org/gitlab/-/issues/494976\n # 2. We use the same method and length as Rails' defaults:\n # https://github.com/rails/rails/blob/v7.0.8.4/activerecord/lib/active_record/railties/databases.rake#L537-L540\n active_record_encryption_primary_keys=${active_record_encryption_primary_keys:-\"- $(gen_random 'a-zA-Z0-9' 32)\"}\n active_record_encryption_deterministic_keys=${active_record_encryption_deterministic_keys:-\"- $(gen_random 'a-zA-Z0-9' 32)\"}\n active_record_encryption_key_derivation_salt=${active_record_encryption_key_derivation_salt:-$(gen_random 'a-zA-Z0-9' 32)}\n\n # Update the existing secret\n cat << EOF > rails-secrets.yml\napiVersion: v1\nkind: Secret\nmetadata:\n name: $rails_secret\ntype: Opaque\nstringData:\n secrets.yml: |-\n $env:\n secret_key_base: $secret_key_base\n otp_key_base: $otp_key_base\n db_key_base: $db_key_base\n encrypted_settings_key_base: $encrypted_settings_key_base\n openid_connect_signing_key: |\n$(echo \"${openid_connect_signing_key}\" | awk '{print \" \" $0}')\n active_record_encryption_primary_key:\n $active_record_encryption_primary_keys\n active_record_encryption_deterministic_key:\n $active_record_encryption_deterministic_keys\n active_record_encryption_key_derivation_salt: $active_record_encryption_key_derivation_salt\nEOF\n kubectl --validate=false --namespace=$namespace apply -f rails-secrets.yml\n label_secret $rails_secret\nfi\n\n# Shell ssh host keys\nssh-keygen -A\nmkdir -p host_keys\ncp /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub host_keys/\ngenerate_secret_if_needed \"gitlab-gitlab-shell-host-keys\" --from-file host_keys\n\n# Gitlab-workhorse secret\ngenerate_secret_if_needed \"gitlab-gitlab-workhorse-secret\" --from-literal=\"shared_secret\"=$(gen_random 'a-zA-Z0-9' 32 | base64)\n\n# Registry http.secret secret\ngenerate_secret_if_needed \"gitlab-registry-httpsecret\" --from-literal=\"secret\"=$(gen_random 'a-z0-9' 128 | base64 -w 0)\n\n# Container Registry notification_secret\ngenerate_secret_if_needed \"gitlab-registry-notification\" --from-literal=\"secret\"=[\\\"$(gen_random 'a-zA-Z0-9' 32)\\\"]\n\n\n\n# Zoekt basic auth credentials\ngenerate_secret_if_needed gitlab-zoekt-basicauth --from-literal=gitlab_username=gitlab --from-literal=gitlab_password=$(gen_random 'a-zA-Z0-9' 64)\n"
 ---
 # Source: gitlab/templates/upgrade_check_hook.yaml
 apiVersion: v1
@@ -4277,7 +4277,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
- name: gitlab-webservice-test-runner-euy6v
+ name: gitlab-webservice-test-runner-u9msw
 namespace: default
 annotations:
 "helm.sh/hook": test
@@ -4314,7 +4314,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-shared-secrets-9939bf8
+ name: gitlab-shared-secrets-a7d847e
 namespace: default
 labels:
 app: gitlab
@@ -4368,7 +4368,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
- name: gitlab-shared-secrets-9939bf8-selfsign
+ name: gitlab-shared-secrets-a7d847e-selfsign
 namespace: default
 labels:
 app: gitlab
@@ -4422,7 +4422,7 @@
 command:
 - /bin/bash
 - -exc
- - "certname=gitlab-wildcard-tls\n# create wildcard certificate secret\nkubectl create secret tls $certname \\\n --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true\nkubectl --namespace=$namespace label \\\n secret $certname $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret $certname app=gitlab chart=gitlab-8.7.0 release=gitlab heritage=Helm \n# create CA certificate secret\nkubectl create secret generic ${certname}-ca \\\n --from-file=cfssl_ca=/output/ca.pem || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-ca $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-ca app=gitlab chart=gitlab-8.7.0 release=gitlab heritage=Helm \n# create certificate chain for GitLab Runner\ncat /output/ca.pem /output/wildcard.pem > /tmp/git.${BASE_DOMAIN}.crt\nkubectl create secret generic ${certname}-chain \\\n --from-file=/tmp/git.${BASE_DOMAIN}.crt || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-chain $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-chain app=gitlab chart=gitlab-8.7.0 release=gitlab heritage=Helm \n"
+ - "certname=gitlab-wildcard-tls\n# create wildcard certificate secret\nkubectl create secret tls $certname \\\n --cert=/output/wildcard.pem --key=/output/wildcard-key.pem || true\nkubectl --namespace=$namespace label \\\n secret $certname $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret $certname app=gitlab chart=gitlab-8.7.1 release=gitlab heritage=Helm \n# create CA certificate secret\nkubectl create secret generic ${certname}-ca \\\n --from-file=cfssl_ca=/output/ca.pem || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-ca $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-ca app=gitlab chart=gitlab-8.7.1 release=gitlab heritage=Helm \n# create certificate chain for GitLab Runner\ncat /output/ca.pem /output/wildcard.pem > /tmp/git.${BASE_DOMAIN}.crt\nkubectl create secret generic ${certname}-chain \\\n --from-file=/tmp/git.${BASE_DOMAIN}.crt || true\nkubectl --namespace=$namespace label \\\n secret ${certname}-chain $(echo 'app.kubernetes.io/name=gitlab' | sed -E 's/=[^ ]*/-/g')\nkubectl --namespace=$namespace label --overwrite \\\n secret ${certname}-chain app=gitlab chart=gitlab-8.7.1 release=gitlab heritage=Helm \n"
 volumeMounts:
 - name: certs-path
 mountPath: /output
@@ -4476,7 +4476,7 @@
 - name: GITLAB_VERSION
 value: '17.7.0'
 - name: CHART_VERSION
- value: '8.7.0'
+ value: '8.7.1'
 volumeMounts:
 - name: chart-info
 mountPath: /chart-info

@rxbn rxbn merged commit 703ddac into master Dec 21, 2024
2 checks passed
@rxbn rxbn deleted the renovate/gitlab-8.x branch December 21, 2024 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant