Allow to pass an EE license when installing the chart
This new feature will allow to specify a license secret to be used by the Review App during its initial seeding.
All you have to do is to create a secret:
kubectl create secret generic <name>-gitlab-license --from-file=license=/tmp/license.gitlab
Then use --set global.gitlab.license.secret=<name>-gitlab-license
to
inject the license into your configuration.
You can also use the global.gitlab.license.key
option to change the default
license
key pointing to the license in the license secret.
Tested with:
› helm template . --set certmanager-issuer.email=foo@bar.com -x charts/gitlab/charts/migrations/templates/job.yaml --set global.gitlab.license.secret="license-secret-name" --set global.gitlab.license.key="my-license"
---
# Source: gitlab/charts/gitlab/charts/migrations/templates/job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: release-name-migrations.0
namespace: review-apps-ee
labels:
app: migrations
chart: migrations-2.4.5
release: release-name
heritage: Tiller
spec:
activeDeadlineSeconds: 3600
backoffLimit: 6
template:
metadata:
labels:
app: migrations
release: release-name
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
initContainers:
- name: certificates
image: "registry.gitlab.com/gitlab-org/build/cng/alpine-certificates:20171114-r3"
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
resources:
requests:
cpu: 50m
- name: configure
command: ['sh', '/config/configure']
image: busybox:latest
volumeMounts:
- name: migrations-config
mountPath: /config
readOnly: true
- name: init-migrations-secrets
mountPath: /init-config
readOnly: true
- name: migrations-secrets
mountPath: /init-secrets
readOnly: false
resources:
requests:
cpu: 50m
restartPolicy: OnFailure
containers:
- name: migrations
image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:latest"
args:
- /scripts/wait-for-deps
- /scripts/db-migrate
env:
- name: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "release-name-gitlab-runner-secret"
key: runner-registration-token
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab/templates'
- name: CONFIG_DIRECTORY
value: '/srv/gitlab/config'
- name: BYPASS_SCHEMA_VERSION
value: 'true'
volumeMounts:
- name: migrations-config
mountPath: '/var/opt/gitlab/templates'
- name: migrations-secrets
mountPath: '/etc/gitlab'
readOnly: true
- name: migrations-secrets
mountPath: /srv/gitlab/config/secrets.yml
subPath: rails-secrets/secrets.yml
- name: migrations-secrets
mountPath: /srv/gitlab/config/initial_root_password
subPath: migrations/initial_root_password
- name: migrations-secrets
mountPath: /srv/gitlab/config/Gitlab.gitlab-license
subPath: migrations/enterprise_license
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: true
resources:
requests:
cpu: 50m
memory: 200Mi
volumes:
- name: migrations-config
configMap:
name: release-name-migrations
- name: init-migrations-secrets
projected:
defaultMode: 0400
sources:
- secret:
name: "release-name-rails-secret"
items:
- key: secrets.yml
path: rails-secrets/secrets.yml
- secret:
name: "release-name-gitaly-secret"
items:
- key: "token"
path: gitaly/gitaly_token
- secret:
name: "release-name-redis-secret"
items:
- key: "secret"
path: redis/password
- secret:
name: "release-name-postgresql-password"
items:
- key: "postgres-password"
path: postgres/psql-password
- secret:
name: "release-name-gitlab-initial-root-password"
items:
- key: "password"
path: migrations/initial_root_password
- secret:
name: license-secret-name
items:
- key: "my-license"
path: migrations/enterprise_license
- name: migrations-secrets
emptyDir:
medium: "Memory"
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
GitLab Review Apps MR: gitlab-org/gitlab!19099 (merged)
Closes #1616 (closed)
Edited by Rémy Coutable