From f62fac258738359a2e26620649546362a1a5f2aa Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 9 Oct 2023 21:19:16 +0200 Subject: [PATCH 1/6] feat: remove internal gitlab --- docs/how-to-guides/admin/gitlab.rst | 15 +- helm-chart/gitlab/.helmignore | 21 --- helm-chart/gitlab/Chart.yaml | 5 - helm-chart/gitlab/requirements.yaml | 0 helm-chart/gitlab/templates/_gitlab.rb.tpl | 133 ----------------- helm-chart/gitlab/templates/_helpers.tpl | 24 --- helm-chart/gitlab/templates/configmap.yaml | 13 -- helm-chart/gitlab/templates/deployment.yaml | 136 ----------------- .../gitlab/templates/metrics-service.yaml | 25 ---- helm-chart/gitlab/templates/pvc.yaml | 29 ---- .../gitlab/templates/registry-ingress.yaml | 42 ------ .../gitlab/templates/registry-service.yaml | 25 ---- helm-chart/gitlab/templates/secret.yaml | 23 --- helm-chart/gitlab/templates/service.yaml | 31 ---- .../templates/ssh-nodeport-service.yaml | 24 --- helm-chart/gitlab/values.yaml | 115 -------------- helm-chart/renku/requirements.yaml | 4 - .../gateway/deployment-revproxy.yaml | 5 +- .../renku/templates/gateway/secret.yaml | 16 +- .../templates/gitlab-postgres-secret.yaml | 29 ---- helm-chart/renku/templates/ingress.yaml | 7 - .../renku/templates/network-policies.yaml | 14 -- .../templates/setup-job-keycloak-realms.yaml | 15 +- helm-chart/renku/values.yaml | 140 ------------------ .../base-renku-values.yaml.template | 40 ++--- 25 files changed, 22 insertions(+), 909 deletions(-) delete mode 100644 helm-chart/gitlab/.helmignore delete mode 100644 helm-chart/gitlab/Chart.yaml delete mode 100644 helm-chart/gitlab/requirements.yaml delete mode 100644 helm-chart/gitlab/templates/_gitlab.rb.tpl delete mode 100644 helm-chart/gitlab/templates/_helpers.tpl delete mode 100644 helm-chart/gitlab/templates/configmap.yaml delete mode 100644 helm-chart/gitlab/templates/deployment.yaml delete mode 100644 helm-chart/gitlab/templates/metrics-service.yaml delete mode 100644 helm-chart/gitlab/templates/pvc.yaml delete mode 100644 helm-chart/gitlab/templates/registry-ingress.yaml delete mode 100644 helm-chart/gitlab/templates/registry-service.yaml delete mode 100644 helm-chart/gitlab/templates/secret.yaml delete mode 100644 helm-chart/gitlab/templates/service.yaml delete mode 100644 helm-chart/gitlab/templates/ssh-nodeport-service.yaml delete mode 100644 helm-chart/gitlab/values.yaml delete mode 100644 helm-chart/renku/templates/gitlab-postgres-secret.yaml diff --git a/docs/how-to-guides/admin/gitlab.rst b/docs/how-to-guides/admin/gitlab.rst index be3ef7cab1..9f1b76f3c6 100644 --- a/docs/how-to-guides/admin/gitlab.rst +++ b/docs/how-to-guides/admin/gitlab.rst @@ -81,19 +81,8 @@ and existing GitLab users can use Renku without creating a separate Renku accoun GitLab deployed as part of Renku -------------------------------- -We do *not* recommend deploying the Renku-bundled GitLab as part of a production Renku deployment, -and instead suggest deploying GitLab using the `official GitLab cloud-native Kubernetes chart -`_. Deploying GitLab as part of Renku may be deprecated in the future. - -If your Renku deployment includes GitLab you need to follow some additional steps to configure an admin user on GitLab. - -To grant a GitLab user the GitLab admin role without having access to the GitLab Web UI, the following steps can be taken in the GitLab container console. - -#. Run ``gitlab-rails console -e production`` (this might take a while). -#. Find the user you would like to grant the admin role, for example by running ``user = User.find_by(email: 'renku@renkulab.io')`` or ``user = User.find_by(username: 'renku')``. -#. Grant the user the administrator role by running ``user.admin = true``. -#. Save the user's profile by running ``user.save!``. -#. Leave the console by running ``exit``. +Deploying the GitLab Helm chart as part of the Renku Helm chart has been deprecated. If you have a Renku deployment that uses +the Gitlab version that used to come bundled with Renku, then please follow the instructions below to migrate. Migrate from Renku-bundled Omnibus GitLab to cloud-native Gitlab Helm chart --------------------------------------------------------------------------- diff --git a/helm-chart/gitlab/.helmignore b/helm-chart/gitlab/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm-chart/gitlab/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm-chart/gitlab/Chart.yaml b/helm-chart/gitlab/Chart.yaml deleted file mode 100644 index 596260baa4..0000000000 --- a/helm-chart/gitlab/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for the Renku Gitlab server -name: gitlab -version: 0.8.0 diff --git a/helm-chart/gitlab/requirements.yaml b/helm-chart/gitlab/requirements.yaml deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/helm-chart/gitlab/templates/_gitlab.rb.tpl b/helm-chart/gitlab/templates/_gitlab.rb.tpl deleted file mode 100644 index 6c9d8880a5..0000000000 --- a/helm-chart/gitlab/templates/_gitlab.rb.tpl +++ /dev/null @@ -1,133 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -GitLab Omnibus configuration -*/}} -{{- define "gitlab.config" -}} -## GitLab configuration settings -##! Check out the latest version of this file to know about the different -##! settings that can be configured by this file, which may be found at: -##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template - - -## GitLab URL -##! URL on which GitLab will be reachable. -##! For more details on configuring external_url see: -##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab -external_url '{{ template "renku.http" . }}://{{ .Values.global.renku.domain }}/gitlab' - -##! **Override only if you use a reverse proxy** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port -nginx['listen_port'] = 80 - -##! **Override only if your reverse proxy internally communicates over HTTP** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl -nginx['listen_https'] = false - -## Configure SSH port to be displayed correctly -gitlab_rails['gitlab_shell_ssh_port'] = {{ default 22 .Values.ssh.externalPort }} - -### OmniAuth Settings -###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html -gitlab_rails['omniauth_enabled'] = true -{{- if .Values.oauth.autoSignIn }} -gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'oauth2_generic' -{{- end }} -gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic'] -gitlab_rails['omniauth_block_auto_created_users'] = false -gitlab_rails['omniauth_providers'] = [ - { - 'name' => 'oauth2_generic', - 'app_id' => 'gitlab', - 'app_secret' => ENV['GITLAB_CLIENT_SECRET'], - 'args' => { - client_options: { - # Traefik maps keycloak to the URL below - # CAREFUL: This must be accessible from inside the keycloak container - # for server-to-server communication. - 'site' => '{{ template "renku.http" . }}://{{ .Values.global.renku.domain }}/auth/', - 'authorize_url' => '/auth/realms/Renku/protocol/openid-connect/auth', - 'user_info_url' => '/auth/realms/Renku/protocol/openid-connect/userinfo', - 'token_url' => '/auth/realms/Renku/protocol/openid-connect/token' - }, - user_response_structure: { - attributes: { email:'email', first_name:'given_name', last_name:'family_name', name:'name', nickname:'preferred_username' }, # if the nickname attribute of a user is called 'username' - id_path: 'sub' - }, - authorize_params: { - scope: "openid profile email" - } - }, - label: 'Renku Login' - } - ] - -gitlab_rails['initial_root_password'] = ENV['GITLAB_PASSWORD'] - -### GitLab database settings -###! Docs: https://docs.gitlab.com/omnibus/settings/database.html -###! **Only needed if you use an external database.** -postgresql['enable'] = false -gitlab_rails['db_adapter'] = "postgresql" -gitlab_rails['db_encoding'] = "utf-8" -gitlab_rails['db_database'] = ENV['POSTGRES_DATABASE'] -gitlab_rails['db_username'] = ENV['POSTGRES_USER'] -gitlab_rails['db_password'] = ENV['PGPASSWORD'] -gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}' -gitlab_rails['db_port'] = 5432 - -### GitLab Redis settings -###! Connect to your own Redis instance -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html - -#### Redis TCP connection -# gitlab_rails['redis_host'] = localhost -# gitlab_rails['redis_port'] = 6379 -# gitlab_rails['redis_password'] = nil -# gitlab_rails['redis_database'] = 0 - -### GitLab LFS object store -### Docs: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html -{{ if .Values.lfsObjects.enabled -}} -gitlab_rails['lfs_object_store_enabled'] = true -gitlab_rails['lfs_object_store_remote_directory'] = "{{ .Values.lfsObjects.bucketName }}" -gitlab_rails['lfs_object_store_direct_upload'] = {{ .Values.lfsObjects.directUpload }} -gitlab_rails['lfs_object_store_background_upload'] = {{ .Values.lfsObjects.backgroundUpload }} -gitlab_rails['lfs_object_store_proxy_download'] = {{ .Values.lfsObjects.proxyDownload }} -gitlab_rails['lfs_object_store_connection'] = eval(ENV['GITLAB_LFS_CONNECTION']) -{{- end }} - -prometheus['enable'] = false -gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '10.0.0.0/8'] -gitlab_rails['env'] = { 'prometheus_multiproc_dir' => '/dev/shm' } - -### GitLab Registry settings -registry_external_url '{{ .Values.registry.externalUrl }}' -gitlab_rails['registry_enabled'] = {{ .Values.registry.enabled }} -registry_nginx['enable'] = false -registry['registry_http_addr'] = '0.0.0.0:8105' -### Registry backend storage -###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver -{{- if .Values.registry.storage }} -registry['storage'] = eval(ENV['GITLAB_REGISTRY_STORAGE']) -{{- end }} -registry['health_storagedriver_enabled'] = {{ .Values.registry.backendHealthcheck }} - -### GitLab rack-attack -### See: https://docs.gitlab.com/ce/security/rack_attack.html -### Disabled, as it is banning ingress controller IPs -gitlab_rails['rack_attack_git_basic_auth'] = { - 'enabled' => false -} - -{{ if .Values.logging.useJson -}} -gitaly['logging_format'] = 'json' -gitlab_shell['log_format'] = 'json' -gitlab_workhorse['log_format'] = 'json' -registry['log_formatter'] = 'json' -sidekiq['log_format'] = 'json' -gitlab_pages['log_format'] = 'json' -{{- end }} - -{{ .Values.extraConfig }} - -{{- end -}} diff --git a/helm-chart/gitlab/templates/_helpers.tpl b/helm-chart/gitlab/templates/_helpers.tpl deleted file mode 100644 index 4244a185db..0000000000 --- a/helm-chart/gitlab/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gitlab.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gitlab.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Hack for calling templates in a fake scope (until this is solved https://github.com/helm/helm/issues/4535) -*/}} -{{- define "call-nested" }} -{{- $dot := index . 0 }} -{{- $subchart := index . 1 }} -{{- $template := index . 2 }} -{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }} -{{- end }} diff --git a/helm-chart/gitlab/templates/configmap.yaml b/helm-chart/gitlab/templates/configmap.yaml deleted file mode 100644 index 6ab6774837..0000000000 --- a/helm-chart/gitlab/templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "gitlab.fullname" . }}-config - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - gitlab.rb: |- -{{ include "gitlab.config" . | indent 4 }} diff --git a/helm-chart/gitlab/templates/deployment.yaml b/helm-chart/gitlab/templates/deployment.yaml deleted file mode 100644 index 271a586665..0000000000 --- a/helm-chart/gitlab/templates/deployment.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - spec: - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: POSTGRES_DATABASE - value: {{ .Values.global.gitlab.postgresDatabase }} - - name: POSTGRES_USER - value: {{ .Values.global.gitlab.postgresUser }} - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }}-postgres - key: gitlab-postgres-password - - name: GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-client-secret - - name: GITLAB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-password - - name: RENKU_DOMAIN - value: {{ .Values.global.renku.domain }} - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: shared-runners-registration-token - {{- if .Values.lfsObjects.enabled }} - - name: GITLAB_LFS_CONNECTION - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-lfs-connection - {{- end }} - {{- if .Values.registry.storage }} - - name: GITLAB_REGISTRY_STORAGE - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-registry-storage - {{- end }} - ports: - - name: ssh - containerPort: 22 - - name: http - containerPort: 80 - - name: registry - containerPort: 8105 - livenessProbe: - httpGet: - path: /gitlab/help - port: http - # This pod takes a very long time to start up. Be cautious when - # lowering this value to avoid Pod death during startup. - initialDelaySeconds: 600 - timeoutSeconds: 15 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /gitlab/help - port: http - initialDelaySeconds: 60 - timeoutSeconds: 15 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_data.mountPath }} - subPath: {{ .Values.persistence.gitlab_data.subPath }} - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_config.mountPath }} - subPath: {{ .Values.persistence.gitlab_config.subPath }} - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_logs.mountPath }} - subPath: {{ .Values.persistence.gitlab_logs.subPath }} - - name: config - mountPath: /etc/gitlab/gitlab.rb - subPath: gitlab.rb - volumes: - - name: gitlab-persistence - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "gitlab.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config - configMap: - name: {{ template "gitlab.fullname" . }}-config - - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/helm-chart/gitlab/templates/metrics-service.yaml b/helm-chart/gitlab/templates/metrics-service.yaml deleted file mode 100644 index 7c3cb5cf5f..0000000000 --- a/helm-chart/gitlab/templates/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.service.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if.Values.service.metrics.annotations }} - annotations: -{{ toYaml .Values.service.metrics.annotations | indent 4 }} -{{- end }} - name: {{ template "gitlab.fullname" . }}-metrics - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/helm-chart/gitlab/templates/pvc.yaml b/helm-chart/gitlab/templates/pvc.yaml deleted file mode 100644 index b508c61c3d..0000000000 --- a/helm-chart/gitlab/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end -}} diff --git a/helm-chart/gitlab/templates/registry-ingress.yaml b/helm-chart/gitlab/templates/registry-ingress.yaml deleted file mode 100644 index 4f542363b2..0000000000 --- a/helm-chart/gitlab/templates/registry-ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if not (empty .Values.registry.exposedAs) -}} -{{- if eq .Values.registry.exposedAs "Ingress" -}} -{{- $gitlabFullname := include "gitlab.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "gitlab.fullname" . }}-registry - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: -{{- range $key, $value := .Values.registry.ingress.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: -{{- if .Values.registry.ingress.tls }} - tls: - {{- range .Values.registry.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.registry.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $gitlabFullname }} - port: - number: {{ 8105 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/helm-chart/gitlab/templates/registry-service.yaml b/helm-chart/gitlab/templates/registry-service.yaml deleted file mode 100644 index a5ca95c13f..0000000000 --- a/helm-chart/gitlab/templates/registry-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if not (empty .Values.registry.exposedAs) -}} -{{- if eq .Values.registry.exposedAs "NodePort" -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }}-registry - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - clusterIP: 10.100.123.45 - type: NodePort - ports: - - port: 8105 - nodePort: 30105 - targetPort: registry - protocol: TCP - name: registry - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/helm-chart/gitlab/templates/secret.yaml b/helm-chart/gitlab/templates/secret.yaml deleted file mode 100644 index 69d18b1284..0000000000 --- a/helm-chart/gitlab/templates/secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - gitlab-password: {{ required "Fill in .Values.password with `openssl rand -hex 16`" .Values.password | b64enc | quote }} - gitlab-client-secret: {{ required "Fill in .Values.global.gitlab.clientSecret with `uuidgen -r`" .Values.global.gitlab.clientSecret | b64enc | quote }} - shared-runners-registration-token: {{ required "Fill in .Values.sharedRunnersRegistrationToken with `openssl rand -hex 32`" .Values.sharedRunnersRegistrationToken | b64enc | quote }} - -{{- if .Values.lfsObjects.enabled }} - gitlab-lfs-connection: {{ .Values.lfsObjects.connection | b64enc | quote }} -{{- end }} - -{{- if .Values.registry.storage }} - gitlab-registry-storage: {{ .Values.registry.storage | b64enc | quote }} -{{- end }} diff --git a/helm-chart/gitlab/templates/service.yaml b/helm-chart/gitlab/templates/service.yaml deleted file mode 100644 index 1fbe666f88..0000000000 --- a/helm-chart/gitlab/templates/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - - port: 22 - targetPort: ssh - protocol: TCP - name: ssh - - port: 8105 - targetPort: registry - protocol: TCP - name: registry - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} diff --git a/helm-chart/gitlab/templates/ssh-nodeport-service.yaml b/helm-chart/gitlab/templates/ssh-nodeport-service.yaml deleted file mode 100644 index 0a41ef4ce4..0000000000 --- a/helm-chart/gitlab/templates/ssh-nodeport-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if not (empty .Values.ssh.nodePortService) -}} -{{- if .Values.ssh.nodePortService.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }}-ssh - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: NodePort - ports: - - port: 22 - nodePort: {{ .Values.ssh.nodePortService.nodePort }} - targetPort: ssh - protocol: TCP - name: ssh - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/helm-chart/gitlab/values.yaml b/helm-chart/gitlab/values.yaml deleted file mode 100644 index b57f908fb9..0000000000 --- a/helm-chart/gitlab/values.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Default values for gitlab. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: gitlab/gitlab-ce - tag: 14.10.5-ce.0 - pullPolicy: IfNotPresent - -ssh: - externalPort: 22 - nodePortService: - enabled: false - nodePort: 30022 - -oauth: - autoSignIn: false - -## LFS objects in remote object storage -## Follows: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html#storing-lfs-objects-in-remote-object-storage -lfsObjects: - enabled: false - bucketName: lfs-objects - directUpload: false - backgroundUpload: true - proxyDownload: false - # connection: |- - # { - # 'provider' => 'AWS', - # 'region' => 'eu-central-1', - # 'aws_access_key_id' => '1ABCD2EFGHI34JKLM567N', - # 'aws_secret_access_key' => 'abcdefhijklmnopQRSTUVwxyz0123456789ABCDE', - # # The below options configure an S3 compatible host instead of AWS - # 'host' => 'localhost', - # 'endpoint' => 'http://127.0.0.1:9000', - # 'path_style' => true - # } - -service: - type: ClusterIP - port: 80 - metrics: - enabled: true - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: /gitlab/-/metrics - prometheus.io/port: "80" - -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - # storageClass: "-" - accessMode: ReadWriteOnce - size: 30Gi - - gitlab_data: - subPath: data - mountPath: /var/opt/gitlab - gitlab_config: - subPath: config - mountPath: /etc/gitlab - gitlab_logs: - subPath: logs - mountPath: /var/log/gitlab - - -registry: - enabled: false - exposedAs: Ingress - # exposedAs: NodePort - backendHealthcheck: true - # storage: |- - # { - # 's3' => { - # 'accesskey' => 's3-access-key', - # 'secretkey' => 's3-secret-key-for-access-key', - # 'bucket' => 'your-s3-bucket', - # 'region' => 'your-s3-region' - # } - # } - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Enable json logs for all services -logging: - useJson: true - -## Add some extra configuration to gitlab.rb -# extraConfig: | -# ## Fix number of unicorn workers -# unicorn['worker_processes'] = 7 - -# ## Fix something else -# ... diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index 7a214673d5..781c6a4d23 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -1,8 +1,4 @@ dependencies: - - name: gitlab - repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: 0.8.0 - condition: gitlab.enabled - name: postgresql version: "14.2.4" repository: "oci://registry-1.docker.io/bitnamicharts" diff --git a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml index 3fc1b30214..1950083500 100644 --- a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml +++ b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml @@ -41,7 +41,7 @@ spec: initContainers: {{- include "certificates.initContainer" . | nindent 8 }} containers: - - name: gateway + - name: gateway image: "{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}" imagePullPolicy: {{ .Values.gateway.image.pullPolicy }} securityContext: @@ -56,7 +56,7 @@ spec: secretKeyRef: name: {{ .Values.global.redis.existingSecret }} key: {{ .Values.global.redis.existingSecretPasswordKey }} - - name: GATEWAY_LOGIN_PROVIDERS_RENKU_CLIENTSECRET + - name: GATEWAY_LOGIN_PROVIDERS_RENKU_CLIENTSECRET valueFrom: secretKeyRef: name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} @@ -130,4 +130,3 @@ spec: - name: public-config configMap: name: {{ template "renku.fullname" . }}-gateway - diff --git a/helm-chart/renku/templates/gateway/secret.yaml b/helm-chart/renku/templates/gateway/secret.yaml index 02feb32174..e52f093362 100644 --- a/helm-chart/renku/templates/gateway/secret.yaml +++ b/helm-chart/renku/templates/gateway/secret.yaml @@ -2,11 +2,7 @@ {{- $oidcClientSecret := .Values.gateway.oidcClientSecret | default .Values.global.gateway.clientSecret | default (randAlphaNum 64) | b64enc | quote }} {{- $gitlabClientSecret := "" -}} -{{- if .Values.gitlab.enabled -}} -{{- $gitlabClientSecret = .Values.gateway.gitlabClientSecret | default .Values.global.gateway.gitlabClientSecret | default (randAlphaNum 64) | b64enc | quote }} -{{- else -}} {{- $gitlabClientSecret = required "Fill in .Values.gateway.gitlabClientSecret or .Values.global.gateway.gitlabClientSecret with the OIDC client secret you created in Gitlab" (.Values.gateway.gitlabClientSecret | default .Values.global.gateway.gitlabClientSecret) | b64enc | quote -}} -{{- end -}} {{- $gatewaySecret := .Values.gateway.secretKey | default (randAlphaNum 64) | b64enc | quote }} {{- $cliClientSecret := .Values.gateway.cliClientSecret | default .Values.global.gateway.cliClientSecret | default (randAlphaNum 64) | b64enc | quote }} {{- $notebooksClientSecret := .Values.notebooks.oidc.clientSecret | default (randAlphaNum 64) | b64enc | quote }} @@ -58,15 +54,6 @@ {{- end -}} {{- end -}} -{{- if .Values.gitlab.enabled -}} -{{- if not .Values.global.gitlab.clientSecret -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} -{{- if $secret }} -{{- $gitlabClientInKeycloakSecret = index $secret.data "gitlabClientInKeycloakSecret" }} -{{- end -}} -{{- end -}} -{{- end }} - {{- $tokenEncryptionSecretKey := randAlphaNum 32 | b64enc | quote }} {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} {{- if $secret }} @@ -112,6 +99,7 @@ data: notebooksClientSecret: {{ $notebooksClientSecret }} # A secret for the UI server client in Keycloak uiserverClientSecret: {{ $uiserverClientSecret }} +<<<<<<< HEAD {{- if .Values.gitlab.enabled }} # A secret for the Gitlab client in Keycloak if an internal Gitlab is used gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }} @@ -120,3 +108,5 @@ data: cookieHashKey: {{ $csrfCookieHashKey }} tokenEncryption: {{ $tokenEncryptionSecretKey }} +======= +>>>>>>> 3a1c9a47 (feat: remove internal gitlab) diff --git a/helm-chart/renku/templates/gitlab-postgres-secret.yaml b/helm-chart/renku/templates/gitlab-postgres-secret.yaml deleted file mode 100644 index b8ce7270e8..0000000000 --- a/helm-chart/renku/templates/gitlab-postgres-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -{{- if .Values.gitlab.enabled }} -{{- $db_password := default (randAlphaNum 64) .Values.global.gitlab.postgresPassword.value | b64enc | quote }} - -{{- $renkuFullname := include "renku.fullname" . -}} - -{{- if not .Values.global.gitlab.postgresPassword.value -}} -{{- $secretName := cat $renkuFullname "-gitlab-postgres" | nospace }} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} -{{- if $secret }} -{{- $db_password = index $secret.data "gitlab-postgres-password" }} -{{- end -}} -{{- end -}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "renku.fullname" . }}-gitlab-postgres - labels: - app: {{ template "renku.name" . }} - chart: {{ template "renku.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback" -type: Opaque -data: - gitlab-postgres-password: {{ $db_password }} -{{- end }} diff --git a/helm-chart/renku/templates/ingress.yaml b/helm-chart/renku/templates/ingress.yaml index 17cd9794ff..5f52d16be2 100644 --- a/helm-chart/renku/templates/ingress.yaml +++ b/helm-chart/renku/templates/ingress.yaml @@ -2,7 +2,6 @@ {{- $keycloakEnabled := .Values.keycloakx.enabled -}} {{- $keycloakFullname := include "keycloak.fullname" . -}} {{- $keycloakServicePort := .Values.keycloakx.ingress.servicePort -}} -{{- $gitlabEnabled := .Values.gitlab.enabled -}} {{- $gitlabFullname := include "gitlab.fullname" . -}} {{- $gitlabServicePort := 80 -}} {{- $uiFullname := include "ui.fullname" . -}} @@ -67,15 +66,9 @@ spec: pathType: Prefix backend: service: - {{- if $gitlabEnabled }} - name: {{ $gitlabFullname }} - port: - number: {{ $gitlabServicePort }} - {{ else }} name: {{ template "renku.fullname" $ }}-gateway port: number: 80 - {{- end }} - path: /repos pathType: Prefix backend: diff --git a/helm-chart/renku/templates/network-policies.yaml b/helm-chart/renku/templates/network-policies.yaml index 3aa0a88615..dc695fc3ce 100644 --- a/helm-chart/renku/templates/network-policies.yaml +++ b/helm-chart/renku/templates/network-policies.yaml @@ -25,20 +25,6 @@ spec: matchLabels: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} - {{- if .Values.gitlab.enabled }} - - podSelector: - matchLabels: - app: gitlab - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - - podSelector: - matchLabels: - app: post-install-gitlab - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - {{- end }} - podSelector: matchLabels: app: event-log diff --git a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml index 8c91721c55..1971f576a1 100644 --- a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml +++ b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml @@ -63,26 +63,17 @@ spec: - name: DEMO_USER_PASSWORD valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-kc-demo-user" | nospace }} + name: {{ cat (include "renku.fullname" .) "-kc-demo-user" | nospace }} key: keycloakDemoUserPassword {{- end }} - name: INTERNAL_GITLAB_ENABLED - value: {{ .Values.gitlab.enabled | toString | lower | quote }} - {{- if .Values.gitlab.enabled }} - - name: INTERNAL_GITLAB_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} - key: gitlabClientInKeycloakSecret - - name: INTERNAL_GITLAB_OIDC_CLIENT_ID - value: "gitlab" - {{- end }} + value: "false" - name: RENKU_KC_CLIENT_ID value: renku - name: RENKU_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: oidcClientSecret - name: RENKU_KC_CLIENT_PUBLIC value: "false" diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 8a75fb54b8..37b6588f2b 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -508,146 +508,6 @@ solr: size: 8Gi zookeeper: enabled: false -## Gitlab configuration -gitlab: - ## Spawn a gitlab instance - enabled: true - ## Password for the `root` user - password: gitlabadmin - ## Gitlab image - image: - # pullPolicy: IfNotPresent - repository: gitlab/gitlab-ce - # Check out the gitlab docs on upgrading versions before changing the image tag. - # https://docs.gitlab.com/ee/update/#upgrade-paths - # in particular major versions https://docs.gitlab.com/ce/update/#upgrading-to-a-new-major-version - tag: 14.10.5-ce.0 - ## automatically log in to gitlab - oauth: - autoSignIn: true - ## Pod affinity for Gitlab deployment - # affinity: {} - ## Node selector for Gitlab deployment - # nodeSelector: {} - ## Pod tolerations for Gitlab deployment - # tolerations: [] - - ## Resource requests/limits for Gitlab - # resources: {} - - ## Registration token for gitlab runners (initial value, can be regenerated from gitlab admin ui) - ## Generated using: `openssl rand -hex 32` - sharedRunnersRegistrationToken: - ## Set to true to make the user 'demo' a GitLab admin - demoUserIsAdmin: false - ## External port for git ssh protocol - ## This setting affects the copy-paste repo git+ssh URL - # sshPort: 22 - - ## LFS objects settings - ## Used to store git-lfs objects externally - ## Note: bucket must exist before use, GitLab won't do it - ## Follows: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html#storing-lfs-objects-in-remote-object-storage - # lfsObjects: - ## Set to true to enable remote LFS objects - # enabled: false - ## Bucket name - # bucketName: lfs-objects - # directUpload: false - # backgroundUpload: true - # proxyDownload: false - # connection: |- - # { - # 'provider' => 'AWS', - # 'region' => 'eu-central-1', - # 'aws_access_key_id' => '1ABCD2EFGHI34JKLM567N', - # 'aws_secret_access_key' => 'abcdefhijklmnopQRSTUVwxyz0123456789ABCDE', - # # The below options configure an S3 compatible host instead of AWS - # 'host' => 'localhost', - # 'endpoint' => 'http://127.0.0.1:9000', - # 'path_style' => true - # } - - ## Persistent Volume settings - persistence: - # accessMode: ReadWriteOnce - size: 30Gi - ## Mount points for the PV - ## Setup according to the volumes declared in the Gitlab image - # gitlab_data: - # subPath: data - # mountPath: /var/opt/gitlab - # gitlab_config: - # subPath: config - # mountPath: /etc/gitlab - # gitlab_logs: - # subPath: logs - # mountPath: /var/log/gitlab - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## Set to false to disable the use of Persistent Volume - ## The databases will be lost when the pod is terminated! - # enabled: true - - ## Service configuration for Gitlab - ## Modify service.type according to your setup - # service: - # port: 80 - # type: ClusterIP - - ## Container image registry settings - registry: - ## Set to true to enable Gitlab registry - enabled: false - ## The URL to access the registry - # externalUrl: - ## Set `exposedAs` to "NodePort" when deploying on minikube - ## Set `exposedAs` to "Ingress" to expose the registry on an alternate domain. - # exposedAs: NodePort - ## Storage driver configuration for the registry - ## See: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-storage-driver - # storage: |- - # { - # 's3' => { - # 'accesskey' => 's3-access-key', - # 'secretkey' => 's3-secret-key-for-access-key', - # 'bucket' => 'your-s3-bucket', - # 'region' => 'your-s3-region' - # } - # } - ## Registry ingress, when `exposedAs` is set to "Ingress" - ## Uses conventional settings for ingress - ## Find below an example of values - # ingress: - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt-production - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-body-size: '0' - # hosts: - # - registry.example.com - # tls: - # - hosts: - # - registry.example.com - # secretName: registry-tls - ## Add some extra configuration to gitlab.rb - # extraConfig: | - # ## Fix number of unicorn workers - # unicorn['worker_processes'] = 7 -# ## Fix something else -# ... - ## Configuration for the UI service ui: client: diff --git a/scripts/generate-values/base-renku-values.yaml.template b/scripts/generate-values/base-renku-values.yaml.template index 731296e5b5..6afe1b75a5 100644 --- a/scripts/generate-values/base-renku-values.yaml.template +++ b/scripts/generate-values/base-renku-values.yaml.template @@ -18,29 +18,15 @@ global: useHTTPS: true gateway: secretKey: -gitlab: - enabled: false - password: - sharedRunnersRegistrationToken: - lfsObjects: - enabled: false - connection: {{}} - registry: - enabled: false - externalUrl: https://registry.{renku_domain} - storage: {{}} - ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: '0' - hosts: - - {gitlab_registry} - tls: - - hosts: - - {gitlab_registry} - secretName: registry-tls +jena: + users: + admin: + password: + renku: + password: graph: + gitlab: + url: {gitlab_url} tokenRepository: tokenEncryption: secret: @@ -60,13 +46,11 @@ ingress: - hosts: - {renku_domain} secretName: {namespace}-renku-ch-tls -jena: - users: - admin: - password: - renku: - password: notebooks: + gitlab: + registry: + host: {gitlab_registry} + url: {gitlab_url} oidc: allowUnverifiedEmail: true authUrl: https://{renku_domain}/auth/realms/Renku/protocol/openid-connect/auth From 7abbfdecea5e29649e26d9de51aad4ebabbf92a4 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 9 Oct 2023 21:38:58 +0200 Subject: [PATCH 2/6] chore: update changelog --- CHANGELOG.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2ca04ad1de..7b727afb97 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,16 @@ 0.60.0 ------ +This release also removes the Gitlab omnibus Helm chart that we created and used to have as a dependency +of the Renku Helm chart. However, we have been discouraging anyone from using +this chart in production and we specified this in our documentation as well. + +If you are using the internal Gitlab Helm chart then ensure to migrate to a separate +Gitlab deployment as specified in our `documentation `_. +before installing this Renku version. You could also simply install the Renku Gitlab Omnibus +Helm chart separtely from Renku, instead of migrating, but this is strongly discouraged as we will not be +maintaing or supporting the chart any longer. Gitlab publishes an official Helm chart and +that is what should be used for deploying Gitlab with Helm. 0.59.0 @@ -117,6 +127,10 @@ User-facing Changes Internal Changes ~~~~~~~~~~~~~~~~ +**Features** + +- **Helm chart**: remove the custom-made Gitlab Omnibus Helm chart from Renku dependencies + **Bug Fixes** - **Gateway**: Fix path rewrite middleware when the path contains escaped characters (`#726 `__). From 2ccf14eb5043ed57b2b0998a22b74c8b82596c73 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 9 Oct 2023 22:22:25 +0200 Subject: [PATCH 3/6] squashme: fix spelling --- CHANGELOG.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7b727afb97..0a610ce24f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,8 +10,8 @@ this chart in production and we specified this in our documentation as well. If you are using the internal Gitlab Helm chart then ensure to migrate to a separate Gitlab deployment as specified in our `documentation `_. before installing this Renku version. You could also simply install the Renku Gitlab Omnibus -Helm chart separtely from Renku, instead of migrating, but this is strongly discouraged as we will not be -maintaing or supporting the chart any longer. Gitlab publishes an official Helm chart and +Helm chart separately from Renku, instead of migrating, but this is strongly discouraged as we will not be +maintaining or supporting the chart any longer. Gitlab publishes an official Helm chart and that is what should be used for deploying Gitlab with Helm. From c792721031fa04ce187092bbb059e34fdc1c1ee8 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Tue, 31 Oct 2023 21:16:27 +0100 Subject: [PATCH 4/6] squashme: minor fix --- scripts/generate-values/base-renku-values.yaml.template | 6 ------ 1 file changed, 6 deletions(-) diff --git a/scripts/generate-values/base-renku-values.yaml.template b/scripts/generate-values/base-renku-values.yaml.template index 6afe1b75a5..d78ac6d1b9 100644 --- a/scripts/generate-values/base-renku-values.yaml.template +++ b/scripts/generate-values/base-renku-values.yaml.template @@ -18,12 +18,6 @@ global: useHTTPS: true gateway: secretKey: -jena: - users: - admin: - password: - renku: - password: graph: gitlab: url: {gitlab_url} From 82c9265ec6762c8db1aeeef4fb22c24495d27d1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rok=20Ro=C5=A1kar?= Date: Fri, 11 Oct 2024 12:55:11 -0600 Subject: [PATCH 5/6] chore: fix rebase error --- helm-chart/renku/templates/gateway/secret.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/helm-chart/renku/templates/gateway/secret.yaml b/helm-chart/renku/templates/gateway/secret.yaml index e52f093362..189c0638b4 100644 --- a/helm-chart/renku/templates/gateway/secret.yaml +++ b/helm-chart/renku/templates/gateway/secret.yaml @@ -99,14 +99,6 @@ data: notebooksClientSecret: {{ $notebooksClientSecret }} # A secret for the UI server client in Keycloak uiserverClientSecret: {{ $uiserverClientSecret }} -<<<<<<< HEAD - {{- if .Values.gitlab.enabled }} - # A secret for the Gitlab client in Keycloak if an internal Gitlab is used - gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }} - {{- end }} cookieEncodingKey: {{ $csrfCookieEncodingKey }} cookieHashKey: {{ $csrfCookieHashKey }} tokenEncryption: {{ $tokenEncryptionSecretKey }} - -======= ->>>>>>> 3a1c9a47 (feat: remove internal gitlab) From 63adb083c386d8d4aa695ce0de42c4054bdc5509 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Tue, 31 Oct 2023 21:21:38 +0100 Subject: [PATCH 6/6] squshme: minor change --- CHANGELOG.rst | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0a610ce24f..162c2abd1a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,15 +3,13 @@ 0.60.0 ------ -This release also removes the Gitlab omnibus Helm chart that we created and used to have as a dependency -of the Renku Helm chart. However, we have been discouraging anyone from using +This release removes the Gitlab omnibus Helm chart that we created and used to have as a dependency +of the Renku Helm chart. We have been discouraging anyone from using this chart in production and we specified this in our documentation as well. If you are using the internal Gitlab Helm chart then ensure to migrate to a separate Gitlab deployment as specified in our `documentation `_. -before installing this Renku version. You could also simply install the Renku Gitlab Omnibus -Helm chart separately from Renku, instead of migrating, but this is strongly discouraged as we will not be -maintaining or supporting the chart any longer. Gitlab publishes an official Helm chart and +before installing this or any subsequent Renku version. Gitlab publishes an official Helm chart and that is what should be used for deploying Gitlab with Helm.