Commit 5e82035e authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

Merge branch '28-update-ci' into 'master'

Resolve "Update CI"

Closes #28

See merge request !27
parents c30618e1 632343cb
......@@ -3,11 +3,11 @@
/public/storage
/storage/*.key
/vendor
.npm
.env
.env.backup
.phpunit.result.cache
Homestead.json
Homestead.yaml
npm-debug.log
yarn-error.log
package-lock.json
\ No newline at end of file
yarn-error.log
\ No newline at end of file
variables:
DOCKER_HOST: "tcp://docker-dind.gitlab-suma:2375"
AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS: "--network host"
BROWSER_PERFORMANCE_DISABLED: "true"
POSTGRES_ENABLED: "false"
CODE_QUALITY_DISABLED: "true"
CODE_INTELLIGENCE_DISABLED: "true"
CONTAINER_SCANNING_DISABLED: "true"
DAST_DISABLED: "true"
DEPENDENCY_SCANNING_DISABLED: "true"
LICENSE_MANAGEMENT_DISABLED: "true"
PERFORMANCE_DISABLED: "true"
SECRET_DETECTION_DISABLED: "true"
SAST_DISABLED: "true"
TEST_DISABLED: "true"
CACHE_FALLBACK_KEY: proxy-master
MIGRATE_HELM_2TO3: "true" # Temp: Remove after all deployments updated
AUTO_DEVOPS_FORCE_DEPLOY_V2: "1" # Temp: Remove after all deployments updated
include:
- template: Jobs/Build.gitlab-ci.yml
- template: Jobs/Deploy.gitlab-ci.yml
# Temp: Remove after all deployments updated
include:
- template: Auto-DevOps.gitlab-ci.yml
- remote: https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
.auto-deploy:
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v1.0.6"
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0"
stages:
- prepare
......@@ -37,12 +48,9 @@ stages:
prepare_node:
stage: prepare
image: node:10
variables:
npm_config_cache: "$CI_PROJECT_DIR/.npm"
image: node:16
before_script:
- npm install -g npm-cache
- npm-cache install --cacheDirectory "$CI_PROJECT_DIR/.npm-package-cache" npm
- npm i --cache .npm --prefer-offline --no-audit --progress=false
script:
- npm run prod
artifacts:
......@@ -51,11 +59,13 @@ prepare_node:
- public/css/
- public/mix-manifest.json
cache:
# Cache per Branch
key: "metager-${CI_JOB_NAME}"
# Reuse existing cache or create new one if package-lock changed
key:
files:
- package-lock.json
paths:
- .npm
- .npm-package-cache
- node_modules
only:
- branches
- tags
......
......@@ -46,8 +46,12 @@ on the tests, you need to have [Helm 2](https://v2.helm.sh/docs/) and
To run the tests, run the following commands from the root of your copy of `auto-deploy-app`:
```shell
helm init --client-only # required only once
helm dependency build . # required only once
helm repo add stable https://charts.helm.sh/stable # required only once
helm dependency build . # required any time the dependencies change
cd test
GO111MODULE=auto go test . # required for every change to the tests or the template
GO111MODULE=auto go test ./... # required for every change to the tests or the template
```
### Windows users
Some of the dependencies might not be available on Windows (e.g., `github.com/sirupsen/logrus/hooks/syslog`). Therefore we recommend running tests on docker, vagrant boxes or similar virtualization tools.
\ No newline at end of file
apiVersion: v1
description: GitLab's Auto-deploy Helm Chart
name: auto-deploy-app
version: 1.0.6
version: 2.11.3
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
# GitLab's Auto-deploy Helm Chart
## Deprecation Notice
GitLab is moving all development for `auto-deploy-app` into [`auto-deploy-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image).
Going forward, the `auto-deploy-app` Helm chart will be bundled with `auto-deploy-image`
and will no longer released as a stand-alone Helm chart. Existing releases of `auto-deploy-app`
will remain in [GitLab's chart registry](http://charts.gitlab.io/).
If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/auto-deploy-app/-/issues/70>.
## Requirements
- Helm `2.9.0` and above is required in order support `"helm.sh/hook-delete-policy": before-hook-creation` for migrations
......@@ -19,13 +10,20 @@ If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/a
| --- | --- | --- |
| replicaCount | | `1` |
| strategyType | Pod deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` |
| enableSelector | If `true`, enables selector field for the deployment. Only applicable for `extensions/v1beta1`, as selector field will always be included for `apps/v1` | `nil` |
| deploymentApiVersion | Sets `apiVersion` field for the deployment. Can be set to either `extensions/v1beta1` or `apps/v1`. | `extensions/v1beta1` |
| serviceAccountName(**DEPRECATED**) | Pod service account name override | `nil` |
| serviceAccount.name | Name of service account to use for running the pods | `nil` |
| serviceAccount.createNew | If set to `true`, a new service account will be created with the details specified in the other fields under `serviceAccount`. If set to `false`, the service account specified in `serviceAccount.name` is expected to already exist. | `false` |
| serviceAccount.annotations | Annotations for the service account to be created | `nil` |
| image.repository | | `gitlab.example.com/group/project` |
| image.tag | | `stable` |
| image.pullPolicy | | `Always` |
| image.secrets | | `[name: gitlab-registry]` |
| extraLabels | Allow labelling resources with custom key/value pairs | `{}` |
| lifecycle | [Container lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | `{}` |
| podAnnotations | Pod annotations | `{}` |
| nodeSelector | Node labels for pod assignment | `{}` |
| tolerations | List of node taints to tolerate | `[]` |
| affinity | Node affinity for pod assignment | `{}` |
| application.track | | `stable` |
| application.tier | | `web` |
| application.migrateCommand | If present, this variable will run as a shell command within an application Container as a Helm pre-upgrade Hook. Intended to run migration commands. | `nil` |
......@@ -40,6 +38,7 @@ If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/a
| gitlab.env | GitLab environment slug. | `nil` |
| gitlab.envName | GitLab environment name. | `nil` |
| gitlab.envURL | GitLab environment URL. | `nil` |
| gitlab.projectID | Gitlab project ID. | `nil` |
| service.enabled | | `true` |
| service.annotations | Service annotations | `{}` |
| service.name | | `web` |
......@@ -50,12 +49,15 @@ If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/a
| service.externalPort | | `5000` |
| service.internalPort | | `5000` |
| ingress.enabled | If true, enables ingress | `true` |
| ingress.path | Default path for the ingress | `/` |
| ingress.tls.enabled | If true, enables SSL | `true` |
| ingress.tls.acme | Controls `kubernetes.io/tls-acme` annotation | `true` |
| ingress.tls.secretName | Name of the secret used to terminate SSL traffic | `""` |
| ingress.tls.useDefaultSecret | If set to `true`, the `secretName` is not used, which makes Ingress fall back to the default secret (certificate). This requires [configuration of the default secret](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate). | `false` |
| ingress.modSecurity.enabled | Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) | `false` |
| ingress.modSecurity.secRuleEngine | Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) | `DetectionOnly` |
| ingress.modSecurity.secRules | Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) | `nil` |
| ingress.annotations | Ingress annotations | `{kubernetes.io/tls-acme: "true", kubernetes.io/ingress.class: "nginx"}` |
| ingress.annotations | Ingress annotations | `{kubernetes.io/ingress.class: "nginx"}` |
| livenessProbe.path | Path to access on the HTTP server on periodic probe of container liveness. | `/` |
| livenessProbe.scheme | Scheme to access the HTTP server (HTTP or HTTPS). | `HTTP` |
| livenessProbe.initialDelaySeconds | # of seconds after the container has started before liveness probes are initiated. | `15` |
......@@ -68,17 +70,14 @@ If you have any questions, please ask in <https://gitlab.com/gitlab-org/charts/a
| readinessProbe.timeoutSeconds | # of seconds after which the readiness probe times out. | `3` |
| readinessProbe.probeType | Type of [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes) to use. | `httpGet`
| readinessProbe.command | Commands for use with probe type 'exec'. | `{}`
| postgresql.enabled | | `true` |
| postgresql.managed | If true, this will provision a managed Postgres instance via crossplane. | `false` |
| postgresql.managedClassSelector | This will allow provisioning a Postgres instance based on label selectors via Crossplane, eg: `managedClassSelector.matchLabels.stack: gitlab`. The `postgresql.managed` value should be true as well for this to be honoured. [Crossplane Configuration](https://docs.gitlab.com/ee/user/clusters/applications.html#crossplane) | `{}` |
| podDisruptionBudget.enabled | | `false` |
| podDisruptionBudget.maxUnavailable | | `1` |
| podDisruptionBudget.minAvailable | If present, this variable will configure minAvailable in the PodDisruptionBudget. :warning: if you have `replicaCount: 1` and `podDisruptionBudget.minAvailable: 1` `kubectl drain` will be blocked. | `nil` |
| prometheus.metrics | Annotates the service for prometheus auto-discovery. Also denies access to the `/metrics` endpoint from external addresses with Ingress. | `false` |
| networkPolicy.enabled | Enable container network policy | `false` |
| networkPolicy.spec | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) definition | `{ podSelector: { matchLabels: {} }, ingress: [{ from: [{ podSelector: { matchLabels: {} } }, { namespaceSelector: { matchLabels: { app.gitlab.com/managed_by: gitlab } } }] }] }` |
## PostgreSQL
This chart depends on version 0.7.1 of the `stable/postgresql` chart.
For reference the source code for this specific version can be found at https://github.com/helm/charts/tree/b90ad657e1a226eb52c3eb6a2a95ba3d6d494f58/stable/postgresql
\ No newline at end of file
| networkPolicy.enabled(**DEPRECATED**) | Enable container network policy | `false` |
| networkPolicy.spec(**DEPRECATED**) | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) definition | `{ podSelector: { matchLabels: {} }, ingress: [{ from: [{ podSelector: { matchLabels: {} } }, { namespaceSelector: { matchLabels: { app.gitlab.com/managed_by: gitlab } } }] }] }` |
| ciliumNetworkPolicy.enabled | Enable container cilium network policy | `false` |
| ciliumNetworkPolicy.alerts.enabled | Enable alert generation for container cilium network policy | `false` |
| ciliumNetworkPolicy.spec | [Cilium network policy](https://docs.cilium.io/en/v1.8/concepts/kubernetes/policy/#ciliumnetworkpolicy/) definition | `{ endpointSelector: {}, ingress: [{ fromEndpoints: [{ matchLabels: { app.gitlab.com/managed_by: gitlab } }] }] }` |
dependencies:
- name: postgresql
repository: https://gitlab-org.gitlab.io/cluster-integration/helm-stable-archive
version: 0.7.1
digest: sha256:0a7e2f279e3b8063cfe6365a56601227ff8934fa70a0434df0485bce9590be56
generated: "2020-10-21T09:35:20.464079556+07:00"
dependencies:
# This is a legacy in-cluster PostgreSQL dependency that is no longer used for newer installations.
# We can remove this dependency when we drop support for the legacy instances.
- name: postgresql
version: "0.7.1"
repository: "@stable-archive"
condition: postgresql.enabled
......@@ -47,4 +47,18 @@ Get SecRule's arguments with unescaped single&double quotes
{{- $operator := .operator | quote | replace "\"" "\\\"" | replace "'" "\\'" -}}
{{- $action := .action | quote | replace "\"" "\\\"" | replace "'" "\\'" -}}
{{- printf "SecRule %s %s %s" .variable $operator $action -}}
{{- end -}}
{{- define "sharedlabels" -}}
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "appname" . }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.extraLabels }}
{{ toYaml $.Values.extraLabels }}
{{- end }}
{{- end -}}
\ No newline at end of file
{{- if .Values.ciliumNetworkPolicy.enabled -}}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ template "fullname" . }}
{{- if .Values.ciliumNetworkPolicy.alerts.enabled }}
annotations:
"app.gitlab.com/alert": "true"
{{- end }}
labels:
app.gitlab.com/proj: {{ .Values.gitlab.projectID | quote }}
{{ include "sharedlabels" . | indent 4}}
spec:
{{ toYaml .Values.ciliumNetworkPolicy.spec | indent 2 }}
{{- end -}}
......@@ -4,10 +4,7 @@ kind: Job
metadata:
name: {{ template "trackableappname" . }}-db-initialize
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation
......
......@@ -4,10 +4,7 @@ kind: Job
metadata:
name: {{ template "trackableappname" . }}-db-migrate
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
......
{{- if not .Values.application.initializeCommand -}}
apiVersion: {{ default "extensions/v1beta1" .Values.deploymentApiVersion }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "trackableappname" . }}
......@@ -7,25 +7,20 @@ metadata:
{{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }}
{{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }}
labels:
app: {{ template "appname" . }}
track: "{{ .Values.application.track }}"
tier: "{{ .Values.application.tier }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
spec:
{{- if or .Values.enableSelector (eq (default "extensions/v1beta1" .Values.deploymentApiVersion) "apps/v1") }}
selector:
matchLabels:
app: {{ template "appname" . }}
track: "{{ .Values.application.track }}"
tier: "{{ .Values.application.tier }}"
release: {{ .Release.Name }}
{{- end }}
replicas: {{ .Values.replicaCount }}
{{- if .Values.strategyType }}
strategy:
type: {{ .Values.strategyType | quote }}
type: {{ .Values.strategyType | quote }}
{{- end }}
template:
metadata:
......@@ -37,13 +32,27 @@ spec:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "appname" . }}
track: "{{ .Values.application.track }}"
tier: "{{ .Values.application.tier }}"
release: {{ .Release.Name }}
{{ include "sharedlabels" . | indent 8 }}
spec:
{{- if or (.Values.serviceAccount.name) (.Values.serviceAccountName) }}
serviceAccountName: {{ .Values.serviceAccount.name | default .Values.serviceAccountName | quote }}
{{- end }}
imagePullSecrets:
{{ toYaml .Values.image.secrets | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
volumes:
- name: env-files
secret:
......@@ -58,8 +67,6 @@ spec:
name: {{ .Values.application.secretName }}
{{- end }}
env:
- name: DATABASE_URL
value: {{ .Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ .Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
......@@ -69,6 +76,10 @@ spec:
mountPath: /html/.env
subPath: ENV_FILE
readOnly: true
{{- if .Values.lifecycle }}
lifecycle:
{{ toYaml .Values.lifecycle | indent 10 }}
{{- end }}
ports:
- name: "{{ .Values.service.name }}-phpfpm"
containerPort: 9000
......@@ -83,8 +94,7 @@ spec:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.resources | indent 12 }}
# NGINX
# NGINX
- name: {{ .Chart.Name }}-nginx
image: {{ template "imagename" . }}
command: ["nginx"]
......@@ -95,8 +105,6 @@ spec:
name: {{ .Values.application.secretName }}
{{- end }}
env:
- name: DATABASE_URL
value: {{ .Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ .Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
......@@ -121,7 +129,8 @@ spec:
resources:
requests:
cpu: 100m
memory: 100M
memory: 100M
# WORKER
- name: {{ .Chart.Name }}-worker
image: {{ template "imagename" . }}
command: ["su"]
......@@ -133,8 +142,6 @@ spec:
name: {{ .Values.application.secretName }}
{{- end }}
env:
- name: DATABASE_URL
value: {{ .Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ .Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
......@@ -161,7 +168,7 @@ spec:
resources:
requests:
cpu: 1
memory: 1Gi
memory: 1Gi
# REDIS
- name: {{ .Chart.Name }}-redis
image: "redis:5.0.3-alpine"
......@@ -182,5 +189,5 @@ spec:
resources:
requests:
cpu: 100m
memory: 500M
memory: 500M
{{- end -}}
......@@ -4,15 +4,12 @@ kind: HorizontalPodAutoscaler
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
spec:
scaleTargetRef:
kind: Deployment
name: {{ template "appname" . }}
apiVersion: apps/v1beta1
apiVersion: apps/v1
minReplicas: {{ .Values.hpa.minReplicas }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }}
......
{{- if and (.Values.service.enabled) (eq .Values.application.track "stable") (or (.Values.ingress.enabled) (not (hasKey .Values.ingress "enabled"))) -}}
{{- if and (.Values.service.enabled) (or (.Values.ingress.enabled) (not (hasKey .Values.ingress "enabled"))) -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress"}}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
annotations:
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations | indent 4 }}
{{- end }}
{{- if .Values.ingress.tls.enabled }}
kubernetes.io/tls-acme: {{ .Values.ingress.tls.acme | quote }}
{{- end }}
{{- if eq .Values.application.track "canary" }}
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "canary"
{{- if .Values.ingress.canary.weight }}
nginx.ingress.kubernetes.io/canary-weight: {{ .Values.ingress.canary.weight | quote }}
{{- end }}
{{- end }}
{{- with .Values.ingress.modSecurity }}
{{- if .enabled }}
nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$server_name-$request_id"
......@@ -42,17 +55,29 @@ spec:
- {{ template "hostname" $host }}
{{- end -}}
{{- end }}
{{- if not .Values.ingress.tls.useDefaultSecret }}
secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "fullname" .)) }}
{{- end }}
{{- end }}
rules:
- host: {{ template "hostname" .Values.service.url }}
http:
&httpRule
paths:
- path: /
- path: {{ .Values.ingress.path | default "/" | quote }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
pathType: Prefix
{{- end }}
backend:
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
service:
name: {{ template "fullname" . }}
port:
number: {{ .Values.service.externalPort }}
{{ else }}
serviceName: {{ template "fullname" . }}
servicePort: {{ .Values.service.externalPort }}
{{- end }}
{{- if .Values.service.commonName }}
- host: {{ template "hostname" .Values.service.commonName }}
http:
......
......@@ -4,10 +4,7 @@ kind: NetworkPolicy
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4}}
spec:
{{ toYaml .Values.networkPolicy.spec | indent 2 }}
{{- end -}}
......@@ -4,10 +4,7 @@ kind: PodDisruptionBudget
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{ include "sharedlabels" . | indent 4 }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
......
{{- with .Values.serviceAccount -}}
{{- if .createNew }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .name | quote }}
{{- if .annotations }}
annotations:
{{ toYaml .annotations | indent 4 }}
{{- end }}
{{- end }}
{{- end -}}
{{- if and (.Values.service.enabled) (eq .Values.application.track "stable") -}}
{{- if .Values.service.enabled -}}
apiVersion: v1
kind: Service
metadata:
......@@ -12,10 +12,8 @@ metadata:
prometheus.io/port: "{{ .Values.service.internalPort }}"
{{- end }}
labels:
app: {{ template "appname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
track: "{{ .Values.application.track }}"
{{ include "sharedlabels" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
......@@ -26,4 +24,5 @@ spec:
selector:
app: {{ template "appname" . }}
tier: "{{ .Values.application.tier }}"
track: "{{ .Values.application.track }}"
{{- end -}}
......@@ -3,7 +3,7 @@ apiVersion: v1
kind: List
items:
{{- range $workerName, $workerConfig := .Values.workers }}
- apiVersion: {{ default "extensions/v1beta1" $.Values.deploymentApiVersion }}
- apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "trackableappname" $ }}-{{ $workerName }}
......@@ -17,13 +17,11 @@ items:
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
spec:
{{- if or $.Values.enableSelector (eq (default "extensions/v1beta1" $.Values.deploymentApiVersion) "apps/v1") }}
selector:
matchLabels:
track: "{{ $.Values.application.track }}"
tier: worker
release: {{ $.Release.Name }}
{{- end }}
replicas: {{ $workerConfig.replicaCount }}
{{- if $workerConfig.strategyType }}
strategy:
......@@ -35,9 +33,9 @@ items:
checksum/application-secrets: "{{ $.Values.application.secretChecksum }}"
{{ if $.Values.gitlab.app }}app.gitlab.com/app: {{ $.Values.gitlab.app | quote }}{{ end }}
{{ if $.Values.gitlab.env }}app.gitlab.com/env: {{ $.Values.gitlab.env | quote }}{{ end }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 10 }}
{{- end }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 10 }}
{{- end }}
labels:
track: "{{ $.Values.application.track }}"
tier: worker
......@@ -45,6 +43,24 @@ items:
spec:
imagePullSecrets:
{{ toYaml $.Values.image.secrets | indent 12 }}
{{- with $nodeSelectorConfig := default $.Values.nodeSelector $workerConfig.nodeSelector -}}
{{- if $nodeSelectorConfig }}
nodeSelector:
{{ toYaml $nodeSelectorConfig | indent 10 }}
{{- end }}
{{- end }}
{{- with $tolerationsConfig := default $.Values.tolerations $workerConfig.tolerations -}}
{{- if $tolerationsConfig }}
tolerations:
{{ toYaml $tolerationsConfig | indent 10 }}
{{- end }}
{{- end }}
{{- with $affinityConfig := default $.Values.affinity $workerConfig.affinity -}}
{{- if $affinityConfig }}
affinity:
{{ toYaml $affinityConfig | indent 10 }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ $workerConfig.terminationGracePeriodSeconds }}
containers:
- name: {{ $.Chart.Name }}-{{ $workerName }}
......@@ -64,38 +80,61 @@ items:
value: {{ $.Values.application.database_url | quote }}
- name: GITLAB_ENVIRONMENT_NAME
value: {{ $.Values.gitlab.envName | quote }}
- name: GITLAB_ENVIRONMENT_URL
value: {{ $.Values.gitlab.envURL | quote }}
{{- with $livenessProbeConfig := default $.Values.livenessProbe $workerConfig.livenessProbe -}}
{{- if $livenessProbeConfig }}
livenessProbe:
{{- if eq $.Values.livenessProbe.probeType "httpGet" }}
{{- if eq $livenessProbeConfig.probeType "httpGet" }}
httpGet: