Upgraded gitlab (#15)

Co-authored-by: Anthony <anthony@defenseunicorns.com>

Makefile

@@ -6,7 +6,7 @@ ZARF_VERSION := v0.28.2
 BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness
 BUILD_HARNESS_VERSION := 1.7.1
 
-DUBBD_K3D_VERSION := 0.4.1
+DUBBD_K3D_VERSION := 0.5.0
 
 # Figure out which Zarf binary we should use based on the operating system we are on
 ZARF_BIN := zarf

gitlab-flux-values.yaml

@@ -5,7 +5,7 @@ application:
   path: chart
   repository: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
   ref:
-    tag: 6.11.3-bb.0
+    tag: 7.0.4-bb.0
   values: |
     ###ZARF_VAR_GITLAB_VALUES###
   dependsOn:

test/e2e/e2e_basic_smoke_test.go

@@ -39,5 +39,13 @@ func TestAllServicesRunning(t *testing.T) { //nolint:funlen
 		// Ensure that GitLab does not accept TLSv1.1
 		output, err = platform.RunSSHCommandAsSudo(`sslscan gitlab.bigbang.dev | grep "TLSv1.1" | grep "disabled"`)
 		require.NoError(t, err, output)
+
+		// Setup DNS records for cluster services
+		output, err = platform.RunSSHCommandAsSudo(`cd ~/app && utils/metallb/dns.sh && utils/metallb/hosts-write.sh`)
+		require.NoError(t, err, output)
+
+		// Ensure that GitLab is available outside of the cluster.
+		output, err = platform.RunSSHCommandAsSudo(`timeout 1200 bash -c "while ! curl -L -s --fail --show-error https://gitlab.bigbang.dev/-/health > /dev/null; do sleep 5; done"`)
+		require.NoError(t, err, output)
 	})
 }

test/e2e/utils/utils.go

@@ -112,6 +112,10 @@ func SetupTestPlatform(t *testing.T, platform *types.TestPlatform) { //nolint:fu
 		output, err = platform.RunSSHCommandAsSudo(`cd ~/app && make build/zarf`)
 		require.NoError(t, err, output)
 
+		// Copy zarf-config.toml to the build folder
+		output, err = platform.RunSSHCommandAsSudo(`cd ~/app && cp test/e2e/zarf-config.toml build/zarf-config.toml`)
+		require.NoError(t, err, output)
+
 		// Log into registry1.dso.mil
 		output, err = platform.RunSSHCommandAsSudo(fmt.Sprintf(`~/app/build/zarf tools registry login registry1.dso.mil -u %v -p %v`, registry1Username, registry1Password))
 		require.NoError(t, err, output)

utils/metallb/dns.sh

@@ -2,26 +2,24 @@
 
 HOST_LIST=$(kubectl get vs -A -o=jsonpath='{range .items[*]}{.spec.gateways[*]}{" "}{.spec.hosts[*]}{"\n"}{end}' | sort -u)
 
-PUBLIC_HOSTS=$(echo "${HOST_LIST}" | grep public | cut -d ' ' -f2)
-PRIVATE_HOSTS=$(echo "${HOST_LIST}" | grep private | cut -d ' ' -f2)
+TENANT_HOSTS=$(echo "${HOST_LIST}" | grep tenant | cut -d ' ' -f2)
+ADMIN_HOSTS=$(echo "${HOST_LIST}" | grep admin | cut -d ' ' -f2)
 
-PUBLIC_LB_IP=$(kubectl get svc -n istio-system public-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
-PRIVATE_LB_IP=$(kubectl get svc -n istio-system private-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
+TENANT_LB_IP=$(kubectl get svc -n istio-system tenant-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ADMIN_LB_IP=$(kubectl get svc -n istio-system admin-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
 
-sed -i -z 's/\n# Following entries are from metallb dns.sh.*# End of metallb dns.sh//' /etc/hosts
+echo "# Following entries are from metallb dns.sh" >> hosts.patch
 
-echo "# Following entries are from metallb dns.sh" >> /etc/hosts
+echo "# Tenant hostnames" >> hosts.patch
 
-echo "# Public hostnames" >> /etc/hosts
-
-for host in $PUBLIC_HOSTS; do
-    echo "${PUBLIC_LB_IP} ${host}" >> /etc/hosts
+for host in $TENANT_HOSTS; do
+    echo "${TENANT_LB_IP} ${host}" >> hosts.patch
 done
 
-echo "# Private hostnames" >> /etc/hosts
+echo "# Admin hostnames" >> hosts.patch
 
-for host in $PRIVATE_HOSTS; do
-    echo "${PRIVATE_LB_IP} ${host}" >> /etc/hosts
+for host in $ADMIN_HOSTS; do
+    echo "${ADMIN_LB_IP} ${host}" >> hosts.patch
 done
 
-echo "# End of metallb dns.sh" >> /etc/hosts
+echo "# End of metallb dns.sh" >> hosts.patch

utils/metallb/hosts-write.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sed -i -z 's/\n# Following entries are from metallb dns.sh.*# End of metallb dns.sh//' /etc/hosts
+
+cat hosts.patch >> /etc/hosts

values-gitlab.yaml

@@ -32,20 +32,20 @@ redis:
       namespace: gitlab
   master:
     podAnnotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   slave:
     podAnnotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
 postgresql:
   master:
     podAnnotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   slave:
     podAnnotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
 registry:
   annotations:
-    bigbang.dev/istioVersion: 1.17.2
+    bigbang.dev/istioVersion: 1.17.3
   metrics:
     serviceMonitor:
       endpointConfig:
@@ -59,12 +59,12 @@ registry:
 gitlab:
   toolbox:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   gitlab-exporter:
     enabled: true
     metrics:
       annotations:
-        bigbang.dev/istioVersion: 1.17.2
+        bigbang.dev/istioVersion: 1.17.3
       serviceMonitor:
         endpointConfig:
           scheme: https
@@ -94,16 +94,16 @@ gitlab:
               keyFile: /etc/prom-certs/key.pem
               insecureSkipVerify: true  # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   sidekiq:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   migrations:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   gitaly:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
     metrics:
       serviceMonitor:
         endpointConfig:
@@ -115,7 +115,7 @@ gitlab:
             insecureSkipVerify: true  # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
   gitlab-shell:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
     metrics:
       serviceMonitor:
         endpointConfig:
@@ -128,16 +128,16 @@ gitlab:
 
   praefect:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
   gitlab-grafana:
     annotations:
-      bigbang.dev/istioVersion: 1.17.2
+      bigbang.dev/istioVersion: 1.17.3
 shared-secrets:
   annotations:
-    bigbang.dev/istioVersion: 1.17.2
+    bigbang.dev/istioVersion: 1.17.3
 minio:
   podAnnotations:
-    bigbang.dev/istioVersion: 1.17.2
+    bigbang.dev/istioVersion: 1.17.3
 
 global:
 

zarf.yaml

@@ -3,7 +3,7 @@ kind: ZarfPackageConfig
 metadata:
   name: gitlab
   description: "UDS GitLab capability deployed via flux"
-  version: "0.0.2"
+  version: "0.0.3"
   architecture: amd64
 
 variables:
@@ -40,21 +40,21 @@ components:
     repos:
       - https://repo1.dso.mil/big-bang/product/packages/gitlab.git
     images:
-    - registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.50.0
-    - registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/certificates:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:15.11.3
-    - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:15.11.3
-    - registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2022-12-24T15-21-38Z
-    - registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2022-12-12T19-27-27Z
-    - registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.15
-    - registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.8
-    - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:15.11.3
+      - "registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.50.0"
+      - "registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/certificates:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:16.0.3"
+      - "registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2022-12-24T15-21-38Z"
+      - "registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2022-12-12T19-27-27Z"
+      - "registry1.dso.mil/ironbank/opensource/postgres/postgresql:14.8"
+      - "registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.8"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:16.0.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:16.0.3"