Consolidate webservice TLS configuration
What does this MR do?
Make the TLS configuration of the webservice chart more convenient by:
- inheriting the TLS config of the metrics webservice listener from
gitlab.webservice.tls
- inheriting the TLS config of the workhorse monitoring listener from
global.workhorse.tls
- validating the workhorse exporter listener's TLS config
This may change the behavior of installations that do not explicitly override the webservice metrics/workhorse exporter TLS config. Therefore, marking this as a breaking change.
Related issues
Relates #3404 (closed)
Testing
-
Create a webservice TLS secret (See: https://docs.gitlab.com/charts/charts/gitlab/webservice/#webservice)
-
Render chart with the following values
gitlab:
webservice:
tls:
enabled: true # default: false
secretName: web-tls
workhorse:
monitoring:
exporter:
enabled: true # default: false
global:
workhorse:
tls:
enabled: true # default: false
helm template \
--set certmanager-issuer.email=test@example.com \
-f ~/values/gitlab-chart/consol-tls.yaml \
--show-only=charts/gitlab/charts/webservice/templates/service.yaml \
--show-only=charts/gitlab/charts/webservice/templates/deployment.yaml \
~/repos/gitlab-chart/
Verify the TLS configuration was inherited.
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Clemens Beck