Commit 79e8dd0f authored by Dominik Hebeler's avatar Dominik Hebeler

Merge branch '999-modify-deployment-to-be-valid-for-1-16' into 'development'

Resolve "Modify Deployment to be valid for 1.16"

Closes #999

See merge request !1650
parents a24d05f7 52858ed9
......@@ -75,20 +75,29 @@ review:
variables:
HELM_UPGRADE_VALUES_FILE: .gitlab/review-apps-values.yaml
ROLLOUT_RESOURCE_TYPE: deployment
except:
refs:
- master
- development
variables:
- $REVIEW_DISABLED
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$CI_COMMIT_BRANCH == "master"'
when: never
- if: '$CI_COMMIT_BRANCH == "development"'
when: never
- if: '$REVIEW_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
stop_review:
except:
refs:
- master
- development
variables:
- $REVIEW_DISABLED
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$CI_COMMIT_BRANCH == "master"'
when: never
- if: '$CI_COMMIT_BRANCH == "development"'
when: never
- if: '$REVIEW_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
.development: &development_template
extends: .auto-deploy
......
......@@ -12,6 +12,7 @@ podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "80"
deploymentApiVersion: apps/v1
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
......
......@@ -19,6 +19,7 @@ podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "80"
deploymentApiVersion: apps/v1
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
......
......@@ -11,3 +11,4 @@ service:
commonName: ""
externalPort: 80
internalPort: 80
deploymentApiVersion: apps/v1
\ No newline at end of file
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:alpine-helm"
stages:
- test
- release
lint:
stage: test
script:
- helm lint .
release-chart:
stage: release
script:
- curl --fail --request POST --form "token=$CI_JOB_TOKEN" --form ref=master https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
only:
- master@gitlab-org/charts/auto-deploy-app
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
......@@ -23,4 +23,31 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._
We want to create a welcoming environment for everyone who is interested
in contributing. Please visit our [Code of Conduct
page](https://about.gitlab.com/contributing/code-of-conduct) to learn
more about our committment to an open and welcoming environment.
more about our commitment to an open and welcoming environment.
## Merge request guidelines
Below are some guidelines for merge requests:
- Any new configuration option should be documented in
the `Configuration` section in README.md.
- For any template changes, we encourage a test case be added or
updated in the
[template tests](https://gitlab.com/gitlab-org/charts/auto-deploy-app/-/blob/master/test/template_test.go).
### Working with the tests
The tests are written in [Go](https://golang.org) (version 1.13 or later,
with [modules enabled](https://golang.org/cmd/go/#hdr-Module_support)) using
the [Terratest](https://github.com/gruntwork-io/terratest) library. To work
on the tests, you need to have [Helm 2](https://v2.helm.sh/docs/) and
[Go](https://golang.org) installed.
To run the tests, run the following commands from the root of your copy of `auto-deploy-app`:
```shell
helm init --client-only # required only once
helm dependency build . # required only once
cd test
GO111MODULE=auto go test . # required for every change to the tests or the template
```
apiVersion: v1
description: GitLab's Auto-deploy Helm Chart
name: auto-deploy-app
version: 0.4.0
version: 1.0.3
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
# GitLab's Auto-deploy Helm Chart
## Deprecation Notice
GitLab is moving all development for `auto-deploy-app` into [`auto-deploy-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image).
Going forward, the `auto-deploy-app` Helm chart will be bundled with `auto-deploy-image`
and will no longer released as a stand-alone Helm chart. Existing releases of `auto-deploy-app`
will remain in [GitLab's chart registry](http://charts.gitlab.io/).
If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/auto-deploy-app/-/issues/70>.
## Requirements
- Helm `2.9.0` and above is required in order support `"helm.sh/hook-delete-policy": before-hook-creation` for migrations
......@@ -9,6 +18,9 @@
| Parameter | Description | Default |
| --- | --- | --- |
| replicaCount | | `1` |
| strategyType | Pod deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` |
| enableSelector | If `true`, enables selector field for the deployment. Only applicable for `extensions/v1beta1`, as selector field will always be included for `apps/v1` | `nil` |
| deploymentApiVersion | Sets `apiVersion` field for the deployment. Can be set to either `extensions/v1beta1` or `apps/v1`. | `extensions/v1beta1` |
| image.repository | | `gitlab.example.com/group/project` |
| image.tag | | `stable` |
| image.pullPolicy | | `Always` |
......@@ -17,7 +29,7 @@
| application.track | | `stable` |
| application.tier | | `web` |
| application.migrateCommand | If present, this variable will run as a shell command within an application Container as a Helm pre-upgrade Hook. Intended to run migration commands. | `nil` |
| application.initializeCommand | If present, this variable will run as shall command within an application Container as a Helm post-install Hook. Intended to run database initialization commands. | `nil` |
| application.initializeCommand | If present, this variable will run as shell command within an application Container as a Helm post-install Hook. Intended to run database initialization commands. When set, the Deployment resource will be skipped.| `nil` |
| application.secretName | Pass in the name of a Secret which the deployment will [load all key-value pairs from the Secret as environment variables](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables) in the application container. | `nil` |
| application.secretChecksum | Pass in the checksum of the secrets referenced by `application.secretName`. | `nil` |
| hpa.enabled | If true, enables horizontal pod autoscaler. A resource request is also required to be set, such as `resources.requests.cpu: 200m`.| `false` |
......@@ -37,21 +49,25 @@
| service.commonName | If present, this will define the ssl certificate common name to be used by CertManager. `service.url` and `service.additionalHosts` will be added as Subject Alternative Names (SANs) | `nil` |
| service.externalPort | | `5000` |
| service.internalPort | | `5000` |
| ingress.enabled | If true, enables ingress | `true` |
| ingress.tls.enabled | If true, enables SSL | `true` |
| ingress.tls.secretName | Name of the secret used to terminate SSL traffic | `""` |
| ingress.modSecurity.enabled | Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) | `false` |
| ingress.modSecurity.secRuleEngine | Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) | `DetectionOnly` |
| ingress.modSecurity.secRules | Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) | `nil` |
| ingress.annotations | Ingress annotations | `{kubernetes.io/tls-acme: "true", kubernetes.io/ingress.class: "nginx"}` |
| livenessProbe.path | Path to access on the HTTP server on periodic probe of container liveness. | `/` |
| livenessProbe.scheme | Scheme to access the HTTP server (HTTP or HTTPS). | `HTTP` |
| livenessProbe.initialDelaySeconds | # of seconds after the container has started before liveness probes are initiated. | `15` |
| livenessProbe.timeoutSeconds | # of seconds after which the liveness probe times out. | `15` |
| livenessProbe.probeType | Type of [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes) to use. | `httpGet`
| livenessProbe.command | Commands for use with probe type 'exec'. | `{}`
| readinessProbe.path | Path to access on the HTTP server on periodic probe of container readiness. | `/` |
| readinessProbe.scheme | Scheme to access the HTTP server (HTTP or HTTPS). | `HTTP` |
| readinessProbe.initialDelaySeconds | # of seconds after the container has started before readiness probes are initiated. | `5` |
| readinessProbe.timeoutSeconds | # of seconds after which the readiness probe times out. | `3` |
| readinessProbe.probeType | Type of [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes) to use. | `httpGet`
| readinessProbe.command | Commands for use with probe type 'exec'. | `{}`
| postgresql.enabled | | `true` |
| postgresql.managed | If true, this will provision a managed Postgres instance via crossplane. | `false` |
| postgresql.managedClassSelector | This will allow provisioning a Postgres instance based on label selectors via Crossplane, eg: `managedClassSelector.matchLabels.stack: gitlab`. The `postgresql.managed` value should be true as well for this to be honoured. [Crossplane Configuration](https://docs.gitlab.com/ee/user/clusters/applications.html#crossplane) | `{}` |
......@@ -59,3 +75,10 @@
| podDisruptionBudget.maxUnavailable | | `1` |
| podDisruptionBudget.minAvailable | If present, this variable will configure minAvailable in the PodDisruptionBudget. :warning: if you have `replicaCount: 1` and `podDisruptionBudget.minAvailable: 1` `kubectl drain` will be blocked. | `nil` |
| prometheus.metrics | Annotates the service for prometheus auto-discovery. Also denies access to the `/metrics` endpoint from external addresses with Ingress. | `false` |
| networkPolicy.enabled | Enable container network policy | `false` |
| networkPolicy.spec | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) definition | `{ podSelector: { matchLabels: {} }, ingress: [{ from: [{ podSelector: { matchLabels: {} } }, { namespaceSelector: { matchLabels: { app.gitlab.com/managed_by: gitlab } } }] }] }` |
## PostgreSQL
This chart depends on version 0.7.1 of the `stable/postgresql` chart.
For reference the source code for this specific version can be found at https://github.com/helm/charts/tree/b90ad657e1a226eb52c3eb6a2a95ba3d6d494f58/stable/postgresql
\ No newline at end of file
{{- if .Values.service.enabled -}}
Application should be accessible at: {{ .Values.service.url }}
{{- if and .Values.ingress.enabled .Values.service.enabled -}}
Application should be accessible at
{{ .Values.service.url }}
{{- else -}}
Application will be accessible at: {{ .Values.service.url }} when you deploy stable track.
Application was deployed reusing the service at
{{ .Values.service.url }}
It will share a load balancer with the previous release (or be unavailable if
no service or ingress was previously deployed).
{{- end -}}
......@@ -20,6 +20,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s" $releaseName | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "imagename" -}}
{{- if eq .Values.image.tag "" -}}
{{- .Values.image.repository -}}
{{- else -}}
{{- printf "%s:%s" .Values.image.repository .Values.image.tag -}}
{{- end -}}
{{- end -}}
{{- define "trackableappname" -}}
{{- $trackableName := printf "%s-%s" (include "appname" .) .Values.application.track -}}
{{- $trackableName | trimSuffix "-stable" | trunc 63 | trimSuffix "-" -}}
......@@ -29,5 +37,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
Get a hostname from URL
*/}}
{{- define "hostname" -}}
{{- . | trimPrefix "http://" | trimPrefix "https://" | trimSuffix "/" | quote -}}
{{- . | trimPrefix "http://" | trimPrefix "https://" | trimSuffix "/" | trim | quote -}}
{{- end -}}
{{/*
Get SecRule's arguments with unescaped single&double quotes
*/}}
{{- define "secrule" -}}
{{- $operator := .operator | quote | replace "\"" "\\\"" | replace "'" "\\'" -}}
{{- $action := .action | quote | replace "\"" "\\\"" | replace "'" "\\'" -}}
{{- printf "SecRule %s %s %s" .variable $operator $action -}}
{{- end -}}
\ No newline at end of file
......@@ -24,7 +24,7 @@ spec:
{{ toYaml .Values.image.secrets | indent 10 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: {{ template "imagename" . }}
command: ["/bin/sh"]
args: ["-c", "{{ .Values.application.initializeCommand }}"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
......@@ -36,4 +36,8 @@ spec:
env:
- name: DATABASE_URL
value: {{ .Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ .Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
value: {{ .Values.gitlab.envURL | quote }}
{{- end -}}
......@@ -24,7 +24,7 @@ spec:
{{ toYaml .Values.image.secrets | indent 10 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
image: {{ template "imagename" . }}
command: ["/bin/sh"]
args: ["-c", "{{ .Values.application.migrateCommand }}"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
......@@ -36,4 +36,8 @@ spec:
env:
- name: DATABASE_URL
value: {{ .Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ .Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
value: {{ .Values.gitlab.envURL | quote }}
{{- end -}}
{{- if not .Values.application.initializeCommand -}}
apiVersion: extensions/v1beta1
apiVersion: {{ default "extensions/v1beta1" .Values.deploymentApiVersion }}
kind: Deployment
metadata:
name: {{ template "trackableappname" . }}
......@@ -14,7 +14,19 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- if or .Values.enableSelector (eq (default "extensions/v1beta1" .Values.deploymentApiVersion) "apps/v1") }}
selector:
matchLabels:
app: {{ template "appname" . }}
track: "{{ .Values.application.track }}"
tier: "{{ .Values.application.tier }}"
release: {{ .Release.Name }}
{{- end }}
replicas: {{ .Values.replicaCount }}
{{- if .Values.strategyType }}
strategy:
type: {{ .Values.strategyType | quote }}
{{- end }}
template:
metadata:
annotations:
......@@ -30,19 +42,8 @@ spec:
tier: "{{ .Values.application.tier }}"
release: {{ .Release.Name }}
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: worker
operator: NotIn
values:
- temp
imagePullSecrets:
{{ toYaml .Values.image.secrets | indent 10 }}
securityContext:
fsGroup: 2000
volumes:
- name: mglogs-persistent-storage
persistentVolumeClaim:
......@@ -63,7 +64,6 @@ spec:
secret:
secretName: metager-ad-blacklist
containers:
# Main PHP-FPM Container
- name: {{ .Chart.Name }}-phpfpm
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
......
{{- if .Values.service.enabled -}}
{{- if and (.Values.service.enabled) (eq .Values.application.track "stable") (or (.Values.ingress.enabled) (not (hasKey .Values.ingress "enabled"))) -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
......@@ -12,10 +12,15 @@ metadata:
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations | indent 4 }}
{{- end }}
{{- if and .Values.ingress.modSecurity .Values.ingress.modSecurity.enabled }}
{{- with .Values.ingress.modSecurity }}
{{- if .enabled }}
nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$server_name-$request_id"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine {{ .Values.ingress.modSecurity.secRuleEngine | default "DetectionOnly" | title }}
SecRuleEngine {{ .secRuleEngine | default "DetectionOnly" | title }}
{{- range $rule := .secRules }}
{{ (include "secrule" $rule) | indent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.metrics }}
nginx.ingress.kubernetes.io/server-snippet: |-
......@@ -34,7 +39,7 @@ spec:
- {{ template "hostname" .Values.service.url }}
{{- if .Values.service.additionalHosts }}
{{- range $host := .Values.service.additionalHosts }}
- {{ $host }}
- {{ template "hostname" $host }}
{{- end -}}
{{- end }}
secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "fullname" .)) }}
......@@ -48,10 +53,6 @@ spec:
backend:
serviceName: {{ template "fullname" . }}
servicePort: {{ .Values.service.externalPort }}
- path: /wsb
backend:
serviceName: wsb
servicePort: 80
{{- if .Values.service.commonName }}
- host: {{ template "hostname" .Values.service.commonName }}
http:
......@@ -59,7 +60,7 @@ spec:
{{- end -}}
{{- if .Values.service.additionalHosts }}
{{- range $host := .Values.service.additionalHosts }}
- host: {{ $host }}
- host: {{ template "hostname" $host }}
http:
<<: *httpRule
{{- end -}}
......
{{- if .Values.networkPolicy.enabled -}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{ toYaml .Values.networkPolicy.spec | indent 2 }}
{{- end -}}
{{- if .Values.service.enabled -}}
{{- if and (.Values.service.enabled) (eq .Values.application.track "stable") -}}
apiVersion: v1
kind: Service
metadata:
......
......@@ -3,7 +3,7 @@ apiVersion: v1
kind: List
items:
{{- range $workerName, $workerConfig := .Values.workers }}
- apiVersion: extensions/v1beta1
- apiVersion: {{ default "extensions/v1beta1" $.Values.deploymentApiVersion }}
kind: Deployment
metadata:
name: {{ template "trackableappname" $ }}-{{ $workerName }}
......@@ -17,7 +17,18 @@ items:
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
spec:
{{- if or $.Values.enableSelector (eq (default "extensions/v1beta1" $.Values.deploymentApiVersion) "apps/v1") }}
selector:
matchLabels:
track: "{{ $.Values.application.track }}"
tier: worker
release: {{ $.Release.Name }}
{{- end }}
replicas: {{ $workerConfig.replicaCount }}
{{- if $workerConfig.strategyType }}
strategy:
type: {{ $workerConfig.strategyType | quote }}
{{- end }}
template:
metadata:
annotations:
......@@ -37,7 +48,7 @@ items:
terminationGracePeriodSeconds: {{ $workerConfig.terminationGracePeriodSeconds }}
containers:
- name: {{ $.Chart.Name }}-{{ $workerName }}
image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
image: {{ template "imagename" $ }}
command:
{{- range $workerConfig.command }}
- {{ . }}
......@@ -52,7 +63,7 @@ items:
- name: DATABASE_URL
value: {{ $.Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ $.Values.gitlab.envName }}
value: {{ $.Values.gitlab.envName | quote }}
livenessProbe:
{{- if eq $.Values.livenessProbe.probeType "httpGet" }}
httpGet:
......@@ -87,6 +98,6 @@ items:
{{- end }}
{{- end }}
resources:
{{ toYaml $.Values.resources | indent 14 }}
{{ toYaml $.Values.resources | indent 12 }}
{{- end -}}
{{- end -}}
module gitlab.com/gitlab-org/charts/auto-deploy-app/test
go 1.13
require (
github.com/gruntwork-io/terratest v0.23.0
github.com/stretchr/testify v1.4.0
k8s.io/api v0.0.0-20181110191121-a33c8200050f
k8s.io/apimachinery v0.0.0-20190704094520-6f131bee5e2c
)
This diff is collapsed.
This diff is collapsed.
networkPolicy:
enabled: true
spec:
podSelector:
matchLabels:
foo: bar
ingress:
- from:
- podSelector:
matchLabels: {}
- namespaceSelector:
matchLabels:
name: foo
networkPolicy:
enabled: true
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels: {}
egress:
- to:
- namespaceSelector:
matchLabels:
name: gitlab-managed-apps
ingress:
modSecurity:
enabled: true
secRules:
- variable: "REQUEST_HEADERS:User-Agent"
operator: "scanner"
action: "log,deny,id:107,status:403,msg:'Scanner Identified'"
- variable: "REQUEST_HEADERS:Content-Type"
operator: "text/plain"
action: "log,deny,id:'20010',status:403,msg:'Text plain not allowed'"
\ No newline at end of file
......@@ -2,10 +2,13 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
strategyType:
enableSelector:
deploymentApiVersion: extensions/v1beta1
image:
repository: gitlab.example.com/group/project
tag: stable
pullPolicy: Always
pullPolicy: IfNotPresent
secrets:
- name: gitlab-registry
podAnnotations: {}
......@@ -17,9 +20,9 @@ application:
secretName:
secretChecksum:
hpa:
enabled: true
minReplicas: 2
maxReplicas: 20
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
gitlab:
app:
......@@ -37,6 +40,7 @@ service:
externalPort: 5000
internalPort: 5000
ingress:
enabled: true
tls:
enabled: true
secretName: ""
......@@ -46,34 +50,38 @@ ingress:
modSecurity:
enabled: false
secRuleEngine: "DetectionOnly"
# secRules:
# - variable: ""
# operator: ""
# action: ""
prometheus:
metrics: false
livenessProbe:
path: "/"
initialDelaySeconds: 20
initialDelaySeconds: 15
timeoutSeconds: 15
scheme: "HTTP"
probeType: "httpGet"
readinessProbe:
path: "/"
initialDelaySeconds: 15
timeoutSeconds: 15
initialDelaySeconds: 5
timeoutSeconds: 3
scheme: "HTTP"
probeType: "httpGet"
postgresql:
enabled: false
enabled: true
managed: false
managedClassSelector:
# matchLabels:
# stack: gitlab (This is an example. The labels should match the labels on the CloudSQLInstanceClass)
resources:
limits:
cpu: 1
memory: 1Gi
# limits:
# cpu: 100m
# memory: 128Mi
requests:
cpu: 1
memory: 1Gi
# cpu: 100m
# memory: 128Mi
## Configure PodDisruptionBudget
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
......@@ -83,7 +91,23 @@ podDisruptionBudget:
# minAvailable: 1
maxUnavailable: 1
workers:
## Configure NetworkPolicy
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
#
networkPolicy:
enabled: false
spec:
podSelector:
matchLabels: {}
ingress:
- from:
- podSelector:
matchLabels: {}
- namespaceSelector:
matchLabels:
app.gitlab.com/managed_by: gitlab
workers: {}
# worker:
# replicaCount: 1
# terminationGracePeriodSeconds: 60
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment