diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 29046e2a1a..34d25d076e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,38 @@ .. _changelog: +0.62.0 +------ + +This release removes the Gitlab omnibus Helm chart that we created and used to have as a dependency +of the Renku Helm chart. We have been discouraging anyone from using +this chart in production and we specified this in our documentation as well. + +If you are using the internal Gitlab Helm chart then ensure to migrate to a separate +Gitlab deployment as specified in our `documentation `_. +before installing this or any subsequent Renku version. Gitlab publishes an official Helm chart and +that is what should be used for deploying Gitlab with Helm. + +Internal Changes +~~~~~~~~~~~~~~~~ + +**Improvements** + +- **Infrastructure Components**: ``redis`` has been upgraded from version ``7.0.7`` to ``7.4.1`` +- **Helm chart**: remove the custom-made Gitlab Omnibus Helm chart from Renku dependencies +- **Search services**: Add support for sentry + + +**Bug Fixes** + +- **Search services**: Don't return results without linked namespaces + + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-search 0.7.0 `_ + + 0.61.1 ------ @@ -11,7 +44,7 @@ User-Facing Changes **🐞 Bug Fixes** -- **Sessions**: Correctly launch sessions that request dedicated resources classes +- **Sessions**: Correctly launch sessions that request dedicated resource classes Internal Changes ~~~~~~~~~~~~~~~~ @@ -40,7 +73,7 @@ Individual components Renku 0.61.0 introduces a new version of Amalthea that supports running sessions with Docker images that do not contain Jupyter server. -NOTES to administrators: +NOTES to administrators: - This upgrade introduces a brand new CRD for sessions. All services that support sessions for Renku v2 will switch to this new CRD. Renku v1 sessions remain unchanged. @@ -50,15 +83,15 @@ NOTES to administrators: notify users of the change and allow for enough time so that existing Renku v2 sessions can be saved and cleaned up, rather than asking users to save the url to their sessions. In addition to users not being able to see old Renku v2 sessions, they will also not be able to pause, resume or delete old Renku v2 sessions. - Therefore it's best if most sessions are properly saved and cleaned up before this update is rolled out. In order + Therefore it's best if most sessions are properly saved and cleaned up before this update is rolled out. In order to support the new CRD we have also created a new operator that will manage the new `amaltheasession` resources. -- The network policies for Renku have been consolidated and revamped. The most notable change here is the +- The network policies for Renku have been consolidated and revamped. The most notable change here is the removal of the egress policy that prevented egress to internal IP addresses from sessions. Now we disallow all ingress in the Renku release namespace by default and explicitly grant permissions to any pods that need to access other pods inside the Renku release namespace. Two properties relevant to this have been added to the Helm chart values file that allows administrators to grant access to all Renku services from a specific namespace - or to do the same for specific pods within the Renku namespace. These are not needed for Renku to function and the + or to do the same for specific pods within the Renku namespace. These are not needed for Renku to function and the default network policies should be sufficient, they have been added so that administrators can allow ingress for other services that may not come with the Renku Helm chart such as logging or monitoring. This change will result in the removal of some network policies and the creation of several new policies. @@ -183,16 +216,11 @@ Internal Changes **Bug Fixes** - **Data services**: Handle spaces in ``provider_id`` for connected services (`#482 `__). -- **csi-rclone**: Do not log potentially sensitive data in error messages. -- **csi-rclone**: Properly handle encrypted secrets with the new annotation-based storage class. - Individual Components ~~~~~~~~~~~~~~~~~~~~~ - `renku-data-services 0.24.2 `__ -- `csi-rclone 0.3.4 `__ -- `csi-rclone 0.3.5 `__ 0.59.1 ------ @@ -211,6 +239,7 @@ Individual Components - `renku-notebooks 1.27.1 `_ + 0.59.0 ------ @@ -271,6 +300,7 @@ Individual Components - `renku-ui 3.40.0 `_ - `renku-ui 3.40.1 `_ + 0.58.1 ------ @@ -354,8 +384,10 @@ Internal Changes Individual Components ~~~~~~~~~~~~~~~~~~~~~ -- `renku-search 0.6.1 `_ +- `renku-search 0.6.1 `_ - `renku-ui 3.36.0 `_ +- `renku-gateway 1.1.0 `_ +- `renku-data-services 0.21.0 `__ - `renku-ui 3.37.0 `_ - `renku-ui 3.37.1 `_ - `renku-gateway 1.1.0 `_ diff --git a/cypress-tests/cypress/e2e/dashboardV2.cy.ts b/cypress-tests/cypress/e2e/dashboardV2.cy.ts index 1bb9d6d7b9..df89a5174d 100644 --- a/cypress-tests/cypress/e2e/dashboardV2.cy.ts +++ b/cypress-tests/cypress/e2e/dashboardV2.cy.ts @@ -72,9 +72,7 @@ describe("Dashboard v2 - Authenticated user", () => { describe("Dashboard v2 - Non-Authenticated user", () => { it("Cannot see projects and groups on Dashboard when logged out", () => { cy.visit("v2"); - cy.getDataCy("projects-container").contains("No 2.0 projects."); - cy.getDataCy("view-other-projects-btn").should("be.visible"); - cy.getDataCy("groups-container").contains("No 2.0 groups."); - cy.getDataCy("view-other-groups-btn").should("be.visible"); + cy.getDataCy("user-container").should("be.visible"); + cy.getDataCy("user-container").should("contain.text", "You are not logged in."); }); }); diff --git a/cypress-tests/package-lock.json b/cypress-tests/package-lock.json index 4425403e6b..2311cc598c 100644 --- a/cypress-tests/package-lock.json +++ b/cypress-tests/package-lock.json @@ -9,7 +9,7 @@ "version": "0.1.0", "dependencies": { "@actions/core": "^1.10.0", - "@renku/notebooks-cypress-tests": "^0.0.10", + "@renku/notebooks-cypress-tests": "^0.0.13", "cypress": "^12.17.1", "cypress-localstorage-commands": "^2.2.3", "typescript": "^4.8.4", @@ -214,9 +214,9 @@ } }, "node_modules/@renku/notebooks-cypress-tests": { - "version": "0.0.10", - "resolved": "https://registry.npmjs.org/@renku/notebooks-cypress-tests/-/notebooks-cypress-tests-0.0.10.tgz", - "integrity": "sha512-PVK91sEcM0qi/+b1wVn/qEUGcD8eWWgwcAgr8fTp5VjEvK781rdqUG+sItsNSmvdaP5at5/5U5C2RU8YxnosjQ==", + "version": "0.0.13", + "resolved": "https://registry.npmjs.org/@renku/notebooks-cypress-tests/-/notebooks-cypress-tests-0.0.13.tgz", + "integrity": "sha512-0GU+iHG/vMg8cpYXhAuo4ztMA4ZxlEnJuQJThSpEMN9BjzUL5Bhj2Ia64a83ryW3mrYe5UDIrvWjKFoCDvd4tQ==", "dependencies": { "cypress": "^11.0.1" } @@ -3334,9 +3334,9 @@ } }, "@renku/notebooks-cypress-tests": { - "version": "0.0.10", - "resolved": "https://registry.npmjs.org/@renku/notebooks-cypress-tests/-/notebooks-cypress-tests-0.0.10.tgz", - "integrity": "sha512-PVK91sEcM0qi/+b1wVn/qEUGcD8eWWgwcAgr8fTp5VjEvK781rdqUG+sItsNSmvdaP5at5/5U5C2RU8YxnosjQ==", + "version": "0.0.13", + "resolved": "https://registry.npmjs.org/@renku/notebooks-cypress-tests/-/notebooks-cypress-tests-0.0.13.tgz", + "integrity": "sha512-0GU+iHG/vMg8cpYXhAuo4ztMA4ZxlEnJuQJThSpEMN9BjzUL5Bhj2Ia64a83ryW3mrYe5UDIrvWjKFoCDvd4tQ==", "requires": { "cypress": "^11.0.1" }, diff --git a/cypress-tests/package.json b/cypress-tests/package.json index 5b15f66c04..92d3115f5f 100644 --- a/cypress-tests/package.json +++ b/cypress-tests/package.json @@ -14,7 +14,7 @@ "author": "Swiss Data Science Center", "dependencies": { "@actions/core": "^1.10.0", - "@renku/notebooks-cypress-tests": "^0.0.10", + "@renku/notebooks-cypress-tests": "^0.0.13", "cypress": "^12.17.1", "cypress-localstorage-commands": "^2.2.3", "typescript": "^4.8.4", diff --git a/docs/how-to-guides/admin/gitlab.rst b/docs/how-to-guides/admin/gitlab.rst index be3ef7cab1..9f1b76f3c6 100644 --- a/docs/how-to-guides/admin/gitlab.rst +++ b/docs/how-to-guides/admin/gitlab.rst @@ -81,19 +81,8 @@ and existing GitLab users can use Renku without creating a separate Renku accoun GitLab deployed as part of Renku -------------------------------- -We do *not* recommend deploying the Renku-bundled GitLab as part of a production Renku deployment, -and instead suggest deploying GitLab using the `official GitLab cloud-native Kubernetes chart -`_. Deploying GitLab as part of Renku may be deprecated in the future. - -If your Renku deployment includes GitLab you need to follow some additional steps to configure an admin user on GitLab. - -To grant a GitLab user the GitLab admin role without having access to the GitLab Web UI, the following steps can be taken in the GitLab container console. - -#. Run ``gitlab-rails console -e production`` (this might take a while). -#. Find the user you would like to grant the admin role, for example by running ``user = User.find_by(email: 'renku@renkulab.io')`` or ``user = User.find_by(username: 'renku')``. -#. Grant the user the administrator role by running ``user.admin = true``. -#. Save the user's profile by running ``user.save!``. -#. Leave the console by running ``exit``. +Deploying the GitLab Helm chart as part of the Renku Helm chart has been deprecated. If you have a Renku deployment that uses +the Gitlab version that used to come bundled with Renku, then please follow the instructions below to migrate. Migrate from Renku-bundled Omnibus GitLab to cloud-native Gitlab Helm chart --------------------------------------------------------------------------- diff --git a/helm-chart/gitlab/.helmignore b/helm-chart/gitlab/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm-chart/gitlab/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm-chart/gitlab/Chart.yaml b/helm-chart/gitlab/Chart.yaml deleted file mode 100644 index 596260baa4..0000000000 --- a/helm-chart/gitlab/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for the Renku Gitlab server -name: gitlab -version: 0.8.0 diff --git a/helm-chart/gitlab/requirements.yaml b/helm-chart/gitlab/requirements.yaml deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/helm-chart/gitlab/templates/_gitlab.rb.tpl b/helm-chart/gitlab/templates/_gitlab.rb.tpl deleted file mode 100644 index 6c9d8880a5..0000000000 --- a/helm-chart/gitlab/templates/_gitlab.rb.tpl +++ /dev/null @@ -1,133 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -GitLab Omnibus configuration -*/}} -{{- define "gitlab.config" -}} -## GitLab configuration settings -##! Check out the latest version of this file to know about the different -##! settings that can be configured by this file, which may be found at: -##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template - - -## GitLab URL -##! URL on which GitLab will be reachable. -##! For more details on configuring external_url see: -##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab -external_url '{{ template "renku.http" . }}://{{ .Values.global.renku.domain }}/gitlab' - -##! **Override only if you use a reverse proxy** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port -nginx['listen_port'] = 80 - -##! **Override only if your reverse proxy internally communicates over HTTP** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl -nginx['listen_https'] = false - -## Configure SSH port to be displayed correctly -gitlab_rails['gitlab_shell_ssh_port'] = {{ default 22 .Values.ssh.externalPort }} - -### OmniAuth Settings -###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html -gitlab_rails['omniauth_enabled'] = true -{{- if .Values.oauth.autoSignIn }} -gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'oauth2_generic' -{{- end }} -gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic'] -gitlab_rails['omniauth_block_auto_created_users'] = false -gitlab_rails['omniauth_providers'] = [ - { - 'name' => 'oauth2_generic', - 'app_id' => 'gitlab', - 'app_secret' => ENV['GITLAB_CLIENT_SECRET'], - 'args' => { - client_options: { - # Traefik maps keycloak to the URL below - # CAREFUL: This must be accessible from inside the keycloak container - # for server-to-server communication. - 'site' => '{{ template "renku.http" . }}://{{ .Values.global.renku.domain }}/auth/', - 'authorize_url' => '/auth/realms/Renku/protocol/openid-connect/auth', - 'user_info_url' => '/auth/realms/Renku/protocol/openid-connect/userinfo', - 'token_url' => '/auth/realms/Renku/protocol/openid-connect/token' - }, - user_response_structure: { - attributes: { email:'email', first_name:'given_name', last_name:'family_name', name:'name', nickname:'preferred_username' }, # if the nickname attribute of a user is called 'username' - id_path: 'sub' - }, - authorize_params: { - scope: "openid profile email" - } - }, - label: 'Renku Login' - } - ] - -gitlab_rails['initial_root_password'] = ENV['GITLAB_PASSWORD'] - -### GitLab database settings -###! Docs: https://docs.gitlab.com/omnibus/settings/database.html -###! **Only needed if you use an external database.** -postgresql['enable'] = false -gitlab_rails['db_adapter'] = "postgresql" -gitlab_rails['db_encoding'] = "utf-8" -gitlab_rails['db_database'] = ENV['POSTGRES_DATABASE'] -gitlab_rails['db_username'] = ENV['POSTGRES_USER'] -gitlab_rails['db_password'] = ENV['PGPASSWORD'] -gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}' -gitlab_rails['db_port'] = 5432 - -### GitLab Redis settings -###! Connect to your own Redis instance -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html - -#### Redis TCP connection -# gitlab_rails['redis_host'] = localhost -# gitlab_rails['redis_port'] = 6379 -# gitlab_rails['redis_password'] = nil -# gitlab_rails['redis_database'] = 0 - -### GitLab LFS object store -### Docs: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html -{{ if .Values.lfsObjects.enabled -}} -gitlab_rails['lfs_object_store_enabled'] = true -gitlab_rails['lfs_object_store_remote_directory'] = "{{ .Values.lfsObjects.bucketName }}" -gitlab_rails['lfs_object_store_direct_upload'] = {{ .Values.lfsObjects.directUpload }} -gitlab_rails['lfs_object_store_background_upload'] = {{ .Values.lfsObjects.backgroundUpload }} -gitlab_rails['lfs_object_store_proxy_download'] = {{ .Values.lfsObjects.proxyDownload }} -gitlab_rails['lfs_object_store_connection'] = eval(ENV['GITLAB_LFS_CONNECTION']) -{{- end }} - -prometheus['enable'] = false -gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '10.0.0.0/8'] -gitlab_rails['env'] = { 'prometheus_multiproc_dir' => '/dev/shm' } - -### GitLab Registry settings -registry_external_url '{{ .Values.registry.externalUrl }}' -gitlab_rails['registry_enabled'] = {{ .Values.registry.enabled }} -registry_nginx['enable'] = false -registry['registry_http_addr'] = '0.0.0.0:8105' -### Registry backend storage -###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver -{{- if .Values.registry.storage }} -registry['storage'] = eval(ENV['GITLAB_REGISTRY_STORAGE']) -{{- end }} -registry['health_storagedriver_enabled'] = {{ .Values.registry.backendHealthcheck }} - -### GitLab rack-attack -### See: https://docs.gitlab.com/ce/security/rack_attack.html -### Disabled, as it is banning ingress controller IPs -gitlab_rails['rack_attack_git_basic_auth'] = { - 'enabled' => false -} - -{{ if .Values.logging.useJson -}} -gitaly['logging_format'] = 'json' -gitlab_shell['log_format'] = 'json' -gitlab_workhorse['log_format'] = 'json' -registry['log_formatter'] = 'json' -sidekiq['log_format'] = 'json' -gitlab_pages['log_format'] = 'json' -{{- end }} - -{{ .Values.extraConfig }} - -{{- end -}} diff --git a/helm-chart/gitlab/templates/_helpers.tpl b/helm-chart/gitlab/templates/_helpers.tpl deleted file mode 100644 index 4244a185db..0000000000 --- a/helm-chart/gitlab/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gitlab.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gitlab.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Hack for calling templates in a fake scope (until this is solved https://github.com/helm/helm/issues/4535) -*/}} -{{- define "call-nested" }} -{{- $dot := index . 0 }} -{{- $subchart := index . 1 }} -{{- $template := index . 2 }} -{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }} -{{- end }} diff --git a/helm-chart/gitlab/templates/configmap.yaml b/helm-chart/gitlab/templates/configmap.yaml deleted file mode 100644 index 6ab6774837..0000000000 --- a/helm-chart/gitlab/templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "gitlab.fullname" . }}-config - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - gitlab.rb: |- -{{ include "gitlab.config" . | indent 4 }} diff --git a/helm-chart/gitlab/templates/deployment.yaml b/helm-chart/gitlab/templates/deployment.yaml deleted file mode 100644 index 271a586665..0000000000 --- a/helm-chart/gitlab/templates/deployment.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - spec: - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: POSTGRES_DATABASE - value: {{ .Values.global.gitlab.postgresDatabase }} - - name: POSTGRES_USER - value: {{ .Values.global.gitlab.postgresUser }} - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }}-postgres - key: gitlab-postgres-password - - name: GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-client-secret - - name: GITLAB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-password - - name: RENKU_DOMAIN - value: {{ .Values.global.renku.domain }} - - name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: shared-runners-registration-token - {{- if .Values.lfsObjects.enabled }} - - name: GITLAB_LFS_CONNECTION - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-lfs-connection - {{- end }} - {{- if .Values.registry.storage }} - - name: GITLAB_REGISTRY_STORAGE - valueFrom: - secretKeyRef: - name: {{ template "gitlab.fullname" . }} - key: gitlab-registry-storage - {{- end }} - ports: - - name: ssh - containerPort: 22 - - name: http - containerPort: 80 - - name: registry - containerPort: 8105 - livenessProbe: - httpGet: - path: /gitlab/help - port: http - # This pod takes a very long time to start up. Be cautious when - # lowering this value to avoid Pod death during startup. - initialDelaySeconds: 600 - timeoutSeconds: 15 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /gitlab/help - port: http - initialDelaySeconds: 60 - timeoutSeconds: 15 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_data.mountPath }} - subPath: {{ .Values.persistence.gitlab_data.subPath }} - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_config.mountPath }} - subPath: {{ .Values.persistence.gitlab_config.subPath }} - - name: gitlab-persistence - mountPath: {{ .Values.persistence.gitlab_logs.mountPath }} - subPath: {{ .Values.persistence.gitlab_logs.subPath }} - - name: config - mountPath: /etc/gitlab/gitlab.rb - subPath: gitlab.rb - volumes: - - name: gitlab-persistence - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "gitlab.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config - configMap: - name: {{ template "gitlab.fullname" . }}-config - - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/helm-chart/gitlab/templates/metrics-service.yaml b/helm-chart/gitlab/templates/metrics-service.yaml deleted file mode 100644 index 7c3cb5cf5f..0000000000 --- a/helm-chart/gitlab/templates/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.service.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if.Values.service.metrics.annotations }} - annotations: -{{ toYaml .Values.service.metrics.annotations | indent 4 }} -{{- end }} - name: {{ template "gitlab.fullname" . }}-metrics - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/helm-chart/gitlab/templates/pvc.yaml b/helm-chart/gitlab/templates/pvc.yaml deleted file mode 100644 index b508c61c3d..0000000000 --- a/helm-chart/gitlab/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end -}} diff --git a/helm-chart/gitlab/templates/registry-ingress.yaml b/helm-chart/gitlab/templates/registry-ingress.yaml deleted file mode 100644 index 4f542363b2..0000000000 --- a/helm-chart/gitlab/templates/registry-ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if not (empty .Values.registry.exposedAs) -}} -{{- if eq .Values.registry.exposedAs "Ingress" -}} -{{- $gitlabFullname := include "gitlab.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "gitlab.fullname" . }}-registry - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: -{{- range $key, $value := .Values.registry.ingress.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: -{{- if .Values.registry.ingress.tls }} - tls: - {{- range .Values.registry.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.registry.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $gitlabFullname }} - port: - number: {{ 8105 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/helm-chart/gitlab/templates/registry-service.yaml b/helm-chart/gitlab/templates/registry-service.yaml deleted file mode 100644 index a5ca95c13f..0000000000 --- a/helm-chart/gitlab/templates/registry-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if not (empty .Values.registry.exposedAs) -}} -{{- if eq .Values.registry.exposedAs "NodePort" -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }}-registry - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - clusterIP: 10.100.123.45 - type: NodePort - ports: - - port: 8105 - nodePort: 30105 - targetPort: registry - protocol: TCP - name: registry - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/helm-chart/gitlab/templates/secret.yaml b/helm-chart/gitlab/templates/secret.yaml deleted file mode 100644 index 69d18b1284..0000000000 --- a/helm-chart/gitlab/templates/secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - gitlab-password: {{ required "Fill in .Values.password with `openssl rand -hex 16`" .Values.password | b64enc | quote }} - gitlab-client-secret: {{ required "Fill in .Values.global.gitlab.clientSecret with `uuidgen -r`" .Values.global.gitlab.clientSecret | b64enc | quote }} - shared-runners-registration-token: {{ required "Fill in .Values.sharedRunnersRegistrationToken with `openssl rand -hex 32`" .Values.sharedRunnersRegistrationToken | b64enc | quote }} - -{{- if .Values.lfsObjects.enabled }} - gitlab-lfs-connection: {{ .Values.lfsObjects.connection | b64enc | quote }} -{{- end }} - -{{- if .Values.registry.storage }} - gitlab-registry-storage: {{ .Values.registry.storage | b64enc | quote }} -{{- end }} diff --git a/helm-chart/gitlab/templates/service.yaml b/helm-chart/gitlab/templates/service.yaml deleted file mode 100644 index 1fbe666f88..0000000000 --- a/helm-chart/gitlab/templates/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }} - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - - port: 22 - targetPort: ssh - protocol: TCP - name: ssh - - port: 8105 - targetPort: registry - protocol: TCP - name: registry - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} diff --git a/helm-chart/gitlab/templates/ssh-nodeport-service.yaml b/helm-chart/gitlab/templates/ssh-nodeport-service.yaml deleted file mode 100644 index 0a41ef4ce4..0000000000 --- a/helm-chart/gitlab/templates/ssh-nodeport-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if not (empty .Values.ssh.nodePortService) -}} -{{- if .Values.ssh.nodePortService.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gitlab.fullname" . }}-ssh - labels: - app: {{ template "gitlab.name" . }} - chart: {{ template "gitlab.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: NodePort - ports: - - port: 22 - nodePort: {{ .Values.ssh.nodePortService.nodePort }} - targetPort: ssh - protocol: TCP - name: ssh - selector: - app: {{ template "gitlab.name" . }} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/helm-chart/gitlab/values.yaml b/helm-chart/gitlab/values.yaml deleted file mode 100644 index b57f908fb9..0000000000 --- a/helm-chart/gitlab/values.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Default values for gitlab. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: gitlab/gitlab-ce - tag: 14.10.5-ce.0 - pullPolicy: IfNotPresent - -ssh: - externalPort: 22 - nodePortService: - enabled: false - nodePort: 30022 - -oauth: - autoSignIn: false - -## LFS objects in remote object storage -## Follows: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html#storing-lfs-objects-in-remote-object-storage -lfsObjects: - enabled: false - bucketName: lfs-objects - directUpload: false - backgroundUpload: true - proxyDownload: false - # connection: |- - # { - # 'provider' => 'AWS', - # 'region' => 'eu-central-1', - # 'aws_access_key_id' => '1ABCD2EFGHI34JKLM567N', - # 'aws_secret_access_key' => 'abcdefhijklmnopQRSTUVwxyz0123456789ABCDE', - # # The below options configure an S3 compatible host instead of AWS - # 'host' => 'localhost', - # 'endpoint' => 'http://127.0.0.1:9000', - # 'path_style' => true - # } - -service: - type: ClusterIP - port: 80 - metrics: - enabled: true - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: /gitlab/-/metrics - prometheus.io/port: "80" - -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - # storageClass: "-" - accessMode: ReadWriteOnce - size: 30Gi - - gitlab_data: - subPath: data - mountPath: /var/opt/gitlab - gitlab_config: - subPath: config - mountPath: /etc/gitlab - gitlab_logs: - subPath: logs - mountPath: /var/log/gitlab - - -registry: - enabled: false - exposedAs: Ingress - # exposedAs: NodePort - backendHealthcheck: true - # storage: |- - # { - # 's3' => { - # 'accesskey' => 's3-access-key', - # 'secretkey' => 's3-secret-key-for-access-key', - # 'bucket' => 'your-s3-bucket', - # 'region' => 'your-s3-region' - # } - # } - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Enable json logs for all services -logging: - useJson: true - -## Add some extra configuration to gitlab.rb -# extraConfig: | -# ## Fix number of unicorn workers -# unicorn['worker_processes'] = 7 - -# ## Fix something else -# ... diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index 061692e12b..95376234d2 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -1,8 +1,4 @@ dependencies: - - name: gitlab - repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: 0.8.0 - condition: gitlab.enabled - name: postgresql version: "14.2.4" repository: "oci://registry-1.docker.io/bitnamicharts" @@ -12,10 +8,8 @@ dependencies: repository: "https://codecentric.github.io/helm-charts" condition: keycloakx.enabled - name: redis - # bitnami claims that this will always contain a full set of charts - let us pray... - # this index was 19MB as of the date of this commit and contained redis 17.4.2 - repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" - version: 17.4.2 + repository: "oci://registry-1.docker.io/bitnamicharts" + version: 20.3.0 condition: redis.install - name: renku-jena version: "0.0.25" @@ -43,5 +37,5 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts tags: - - bitnami-common + - bitnami-common version: 2.x.x diff --git a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml index a16e20590f..09c89e04bc 100644 --- a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml +++ b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml @@ -41,7 +41,7 @@ spec: initContainers: {{- include "certificates.initContainer" . | nindent 8 }} containers: - - name: gateway + - name: gateway image: "{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}" imagePullPolicy: {{ .Values.gateway.image.pullPolicy }} securityContext: @@ -66,7 +66,7 @@ spec: secretKeyRef: name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: cookieHashKey - - name: GATEWAY_LOGIN_PROVIDERS_RENKU_CLIENTSECRET + - name: GATEWAY_LOGIN_PROVIDERS_RENKU_CLIENTSECRET valueFrom: secretKeyRef: name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} @@ -140,4 +140,3 @@ spec: - name: public-config configMap: name: {{ template "renku.fullname" . }}-gateway - diff --git a/helm-chart/renku/templates/gateway/secret.yaml b/helm-chart/renku/templates/gateway/secret.yaml index 02feb32174..189c0638b4 100644 --- a/helm-chart/renku/templates/gateway/secret.yaml +++ b/helm-chart/renku/templates/gateway/secret.yaml @@ -2,11 +2,7 @@ {{- $oidcClientSecret := .Values.gateway.oidcClientSecret | default .Values.global.gateway.clientSecret | default (randAlphaNum 64) | b64enc | quote }} {{- $gitlabClientSecret := "" -}} -{{- if .Values.gitlab.enabled -}} -{{- $gitlabClientSecret = .Values.gateway.gitlabClientSecret | default .Values.global.gateway.gitlabClientSecret | default (randAlphaNum 64) | b64enc | quote }} -{{- else -}} {{- $gitlabClientSecret = required "Fill in .Values.gateway.gitlabClientSecret or .Values.global.gateway.gitlabClientSecret with the OIDC client secret you created in Gitlab" (.Values.gateway.gitlabClientSecret | default .Values.global.gateway.gitlabClientSecret) | b64enc | quote -}} -{{- end -}} {{- $gatewaySecret := .Values.gateway.secretKey | default (randAlphaNum 64) | b64enc | quote }} {{- $cliClientSecret := .Values.gateway.cliClientSecret | default .Values.global.gateway.cliClientSecret | default (randAlphaNum 64) | b64enc | quote }} {{- $notebooksClientSecret := .Values.notebooks.oidc.clientSecret | default (randAlphaNum 64) | b64enc | quote }} @@ -58,15 +54,6 @@ {{- end -}} {{- end -}} -{{- if .Values.gitlab.enabled -}} -{{- if not .Values.global.gitlab.clientSecret -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} -{{- if $secret }} -{{- $gitlabClientInKeycloakSecret = index $secret.data "gitlabClientInKeycloakSecret" }} -{{- end -}} -{{- end -}} -{{- end }} - {{- $tokenEncryptionSecretKey := randAlphaNum 32 | b64enc | quote }} {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} {{- if $secret }} @@ -112,11 +99,6 @@ data: notebooksClientSecret: {{ $notebooksClientSecret }} # A secret for the UI server client in Keycloak uiserverClientSecret: {{ $uiserverClientSecret }} - {{- if .Values.gitlab.enabled }} - # A secret for the Gitlab client in Keycloak if an internal Gitlab is used - gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }} - {{- end }} cookieEncodingKey: {{ $csrfCookieEncodingKey }} cookieHashKey: {{ $csrfCookieHashKey }} tokenEncryption: {{ $tokenEncryptionSecretKey }} - diff --git a/helm-chart/renku/templates/gitlab-postgres-secret.yaml b/helm-chart/renku/templates/gitlab-postgres-secret.yaml deleted file mode 100644 index b8ce7270e8..0000000000 --- a/helm-chart/renku/templates/gitlab-postgres-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -{{- if .Values.gitlab.enabled }} -{{- $db_password := default (randAlphaNum 64) .Values.global.gitlab.postgresPassword.value | b64enc | quote }} - -{{- $renkuFullname := include "renku.fullname" . -}} - -{{- if not .Values.global.gitlab.postgresPassword.value -}} -{{- $secretName := cat $renkuFullname "-gitlab-postgres" | nospace }} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} -{{- if $secret }} -{{- $db_password = index $secret.data "gitlab-postgres-password" }} -{{- end -}} -{{- end -}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "renku.fullname" . }}-gitlab-postgres - labels: - app: {{ template "renku.name" . }} - chart: {{ template "renku.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback" -type: Opaque -data: - gitlab-postgres-password: {{ $db_password }} -{{- end }} diff --git a/helm-chart/renku/templates/ingress.yaml b/helm-chart/renku/templates/ingress.yaml index 17cd9794ff..5f52d16be2 100644 --- a/helm-chart/renku/templates/ingress.yaml +++ b/helm-chart/renku/templates/ingress.yaml @@ -2,7 +2,6 @@ {{- $keycloakEnabled := .Values.keycloakx.enabled -}} {{- $keycloakFullname := include "keycloak.fullname" . -}} {{- $keycloakServicePort := .Values.keycloakx.ingress.servicePort -}} -{{- $gitlabEnabled := .Values.gitlab.enabled -}} {{- $gitlabFullname := include "gitlab.fullname" . -}} {{- $gitlabServicePort := 80 -}} {{- $uiFullname := include "ui.fullname" . -}} @@ -67,15 +66,9 @@ spec: pathType: Prefix backend: service: - {{- if $gitlabEnabled }} - name: {{ $gitlabFullname }} - port: - number: {{ $gitlabServicePort }} - {{ else }} name: {{ template "renku.fullname" $ }}-gateway port: number: 80 - {{- end }} - path: /repos pathType: Prefix backend: diff --git a/helm-chart/renku/templates/network-policies.yaml b/helm-chart/renku/templates/network-policies.yaml index 6dc5ac286e..48425c0ff0 100644 --- a/helm-chart/renku/templates/network-policies.yaml +++ b/helm-chart/renku/templates/network-policies.yaml @@ -38,20 +38,6 @@ spec: matchLabels: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} - {{- if .Values.gitlab.enabled }} - - podSelector: - matchLabels: - app: gitlab - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - - podSelector: - matchLabels: - app: post-install-gitlab - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - {{- end }} - podSelector: matchLabels: app: event-log diff --git a/helm-chart/renku/templates/search/search-api-deployment.yaml b/helm-chart/renku/templates/search/search-api-deployment.yaml index 55e7182525..48a0050304 100644 --- a/helm-chart/renku/templates/search/search-api-deployment.yaml +++ b/helm-chart/renku/templates/search/search-api-deployment.yaml @@ -50,6 +50,12 @@ spec: value: "false" - name: "RS_JWT_ALLOWED_ISSUER_URL_PATTERNS" value: "{{ include "renku.keycloakUrl" . }}*/*" + - name: "RS_SENTRY_DSN" + value: {{ .Values.search.sentry.dsn | quote }} + - name: "RS_SENTRY_ENV" + value: {{ .Values.search.sentry.environment | quote }} + - name: "RS_SENTRY_ENABLED" + value: {{ .Values.search.sentry.enabled | quote}} - name: JAVA_OPTS value: "-Xmx{{ .Values.search.searchApi.jvmXmx }} -XX:+UseZGC -XX:+ZGenerational" ports: diff --git a/helm-chart/renku/templates/search/search-provision-deployment.yaml b/helm-chart/renku/templates/search/search-provision-deployment.yaml index 946d6491b5..dcc676d2a6 100644 --- a/helm-chart/renku/templates/search/search-provision-deployment.yaml +++ b/helm-chart/renku/templates/search/search-provision-deployment.yaml @@ -66,6 +66,12 @@ spec: value: "500ms" - name: RS_SOLR_LOG_MESSAGE_BODIES value: "false" + - name: "RS_SENTRY_DSN" + value: {{ .Values.search.sentry.dsn | quote }} + - name: "RS_SENTRY_ENV" + value: {{ .Values.search.sentry.environment | quote }} + - name: "RS_SENTRY_ENABLED" + value: {{ .Values.search.sentry.enabled | quote }} - name: JAVA_OPTS value: "-Xmx{{ .Values.search.searchProvision.jvmXmx }} -XX:+UseZGC -XX:+ZGenerational" ports: diff --git a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml index 8c91721c55..1971f576a1 100644 --- a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml +++ b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml @@ -63,26 +63,17 @@ spec: - name: DEMO_USER_PASSWORD valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-kc-demo-user" | nospace }} + name: {{ cat (include "renku.fullname" .) "-kc-demo-user" | nospace }} key: keycloakDemoUserPassword {{- end }} - name: INTERNAL_GITLAB_ENABLED - value: {{ .Values.gitlab.enabled | toString | lower | quote }} - {{- if .Values.gitlab.enabled }} - - name: INTERNAL_GITLAB_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} - key: gitlabClientInKeycloakSecret - - name: INTERNAL_GITLAB_OIDC_CLIENT_ID - value: "gitlab" - {{- end }} + value: "false" - name: RENKU_KC_CLIENT_ID value: renku - name: RENKU_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: oidcClientSecret - name: RENKU_KC_CLIENT_PUBLIC value: "false" diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 4790c3d352..3acdb83936 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -513,146 +513,6 @@ solr: size: 8Gi zookeeper: enabled: false -## Gitlab configuration -gitlab: - ## Spawn a gitlab instance - enabled: true - ## Password for the `root` user - password: gitlabadmin - ## Gitlab image - image: - # pullPolicy: IfNotPresent - repository: gitlab/gitlab-ce - # Check out the gitlab docs on upgrading versions before changing the image tag. - # https://docs.gitlab.com/ee/update/#upgrade-paths - # in particular major versions https://docs.gitlab.com/ce/update/#upgrading-to-a-new-major-version - tag: 14.10.5-ce.0 - ## automatically log in to gitlab - oauth: - autoSignIn: true - ## Pod affinity for Gitlab deployment - # affinity: {} - ## Node selector for Gitlab deployment - # nodeSelector: {} - ## Pod tolerations for Gitlab deployment - # tolerations: [] - - ## Resource requests/limits for Gitlab - # resources: {} - - ## Registration token for gitlab runners (initial value, can be regenerated from gitlab admin ui) - ## Generated using: `openssl rand -hex 32` - sharedRunnersRegistrationToken: - ## Set to true to make the user 'demo' a GitLab admin - demoUserIsAdmin: false - ## External port for git ssh protocol - ## This setting affects the copy-paste repo git+ssh URL - # sshPort: 22 - - ## LFS objects settings - ## Used to store git-lfs objects externally - ## Note: bucket must exist before use, GitLab won't do it - ## Follows: https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html#storing-lfs-objects-in-remote-object-storage - # lfsObjects: - ## Set to true to enable remote LFS objects - # enabled: false - ## Bucket name - # bucketName: lfs-objects - # directUpload: false - # backgroundUpload: true - # proxyDownload: false - # connection: |- - # { - # 'provider' => 'AWS', - # 'region' => 'eu-central-1', - # 'aws_access_key_id' => '1ABCD2EFGHI34JKLM567N', - # 'aws_secret_access_key' => 'abcdefhijklmnopQRSTUVwxyz0123456789ABCDE', - # # The below options configure an S3 compatible host instead of AWS - # 'host' => 'localhost', - # 'endpoint' => 'http://127.0.0.1:9000', - # 'path_style' => true - # } - - ## Persistent Volume settings - persistence: - # accessMode: ReadWriteOnce - size: 30Gi - ## Mount points for the PV - ## Setup according to the volumes declared in the Gitlab image - # gitlab_data: - # subPath: data - # mountPath: /var/opt/gitlab - # gitlab_config: - # subPath: config - # mountPath: /etc/gitlab - # gitlab_logs: - # subPath: logs - # mountPath: /var/log/gitlab - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## Set to false to disable the use of Persistent Volume - ## The databases will be lost when the pod is terminated! - # enabled: true - - ## Service configuration for Gitlab - ## Modify service.type according to your setup - # service: - # port: 80 - # type: ClusterIP - - ## Container image registry settings - registry: - ## Set to true to enable Gitlab registry - enabled: false - ## The URL to access the registry - # externalUrl: - ## Set `exposedAs` to "NodePort" when deploying on minikube - ## Set `exposedAs` to "Ingress" to expose the registry on an alternate domain. - # exposedAs: NodePort - ## Storage driver configuration for the registry - ## See: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-storage-driver - # storage: |- - # { - # 's3' => { - # 'accesskey' => 's3-access-key', - # 'secretkey' => 's3-secret-key-for-access-key', - # 'bucket' => 'your-s3-bucket', - # 'region' => 'your-s3-region' - # } - # } - ## Registry ingress, when `exposedAs` is set to "Ingress" - ## Uses conventional settings for ingress - ## Find below an example of values - # ingress: - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt-production - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-body-size: '0' - # hosts: - # - registry.example.com - # tls: - # - hosts: - # - registry.example.com - # secretName: registry-tls - ## Add some extra configuration to gitlab.rb - # extraConfig: | - # ## Fix number of unicorn workers - # unicorn['worker_processes'] = 7 -# ## Fix something else -# ... - ## Configuration for the UI service ui: client: @@ -716,10 +576,10 @@ ui: custom: true repositories: - url: https://github.com/SwissDataScienceCenter/renku-project-template - ref: 0.7.2 + ref: 0.9.0 name: Renku - url: https://github.com/SwissDataScienceCenter/contributed-project-templates - ref: 0.7.0 + ref: 0.10.0 name: Community # This defines the threshold for automatically showing a preview when browsing projects' files. # Above the soft limit, the user receives a warning. Above the hard limit, no preview is available. @@ -1377,11 +1237,15 @@ jena: enabled: false ## Configuration for renku-search services search: + sentry: + enabled: false + dsn: + environment: searchApi: replicas: 1 image: repository: renku/search-api - tag: "0.6.2" + tag: "0.7.0" pullPolicy: IfNotPresent service: type: ClusterIP @@ -1394,7 +1258,7 @@ search: replicas: 1 image: repository: renku/search-provision - tag: "0.6.2" + tag: "0.7.0" pullPolicy: IfNotPresent service: type: ClusterIP diff --git a/helm-chart/values.yaml.changelog.md b/helm-chart/values.yaml.changelog.md index d65846f1c9..3fd436c08b 100644 --- a/helm-chart/values.yaml.changelog.md +++ b/helm-chart/values.yaml.changelog.md @@ -5,6 +5,11 @@ For changes that require manual steps other than changing values, please check o Please follow this convention when adding a new row * ` - **:
` +## Upgrading to Renku 0.62.0 + +* DELETE ``gitlab.*`` - all values related to the bundled GitLab have been removed. GitLab must from now on be provided as an external service and is no longer supplied as a part of the Renku Helm chart. +* NEW `search.sentry.environment|dsn|enabled` to set the sentry environment for the search services + ## Upgrading to Renku 0.61.0 * NEW ``networkPolicies.allowAllIngressFromPods`` specify pod selectors that will allow the selected pods to access all other services in the Renku release namespace. @@ -78,7 +83,7 @@ New (either `running`, `finished` or `errored`) for the overall state of the rotation. Please make sure to unset `secretServicePreviousPrivateKey` once rotation is finished as a matter of best practice. - NOTE: Make sure that you do not redeploy or rollback the Renku Helm chart while a key rotation is underway. Even if the + NOTE: Make sure that you do not redeploy or rollback the Renku Helm chart while a key rotation is underway. Even if the deployment is broken it is best to wait for the key rotation to finish before attempting another deployment or a rollback. ## Upgrading to Renku 0.53.0 diff --git a/scripts/generate-values/base-renku-values.yaml.template b/scripts/generate-values/base-renku-values.yaml.template index 731296e5b5..d78ac6d1b9 100644 --- a/scripts/generate-values/base-renku-values.yaml.template +++ b/scripts/generate-values/base-renku-values.yaml.template @@ -18,29 +18,9 @@ global: useHTTPS: true gateway: secretKey: -gitlab: - enabled: false - password: - sharedRunnersRegistrationToken: - lfsObjects: - enabled: false - connection: {{}} - registry: - enabled: false - externalUrl: https://registry.{renku_domain} - storage: {{}} - ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: '0' - hosts: - - {gitlab_registry} - tls: - - hosts: - - {gitlab_registry} - secretName: registry-tls graph: + gitlab: + url: {gitlab_url} tokenRepository: tokenEncryption: secret: @@ -60,13 +40,11 @@ ingress: - hosts: - {renku_domain} secretName: {namespace}-renku-ch-tls -jena: - users: - admin: - password: - renku: - password: notebooks: + gitlab: + registry: + host: {gitlab_registry} + url: {gitlab_url} oidc: allowUnverifiedEmail: true authUrl: https://{renku_domain}/auth/realms/Renku/protocol/openid-connect/auth