🏭 UDS GitLab Zarf Package
This package is designed for use as part of a UDS Software Factory bundle deployed on UDS Core, and is based on the Bigbang GitLab chart.
[!IMPORTANT]
Thearm64package includesamd64images due to lack of availability ofarm64images from upstream projects at this time. This means you can deploy thearm64package on anarm64kubernetes cluster, but some of the images contained in the package will require emulation (e.g., qemu or rosetta) to run properly.
Pre-requisites
The GitLab Package expects to be deployed on top of UDS Core with the dependencies listed below being configured prior to deployment.
[!IMPORTANT] NOTE: Some GitLab features (such as GitLab pages) will also require a GitLab runner along with additional configuration such as an additional certificate SAN for
*.pages.<your-domain>.
GitLab is configured by default to assume the internal dependencies that are used for testing (see minio, redis and postgres in the bundle).
[!IMPORTANT] If you are using different internal services, cloud services or a mix you will have to configure values in the config chart accordingly via bundle overrides. See the networking docs for details
Database
- A Postgres database is running on port
5432and accessible to the cluster via theGITLAB_DB_ENDPOINTZarf var. - This database can be logged into via the username configured with the Zarf var
GITLAB_DB_USERNAME. Default isgitlab - This database instance has a psql database created matching what is defined in the Zarf var
GITLAB_DB_NAME. Default isgitlabdb - The user has read/write access to the above mentioned database
- Create
gitlab-postgresservice ingitlabnamespace that points to the psql database - Create
gitlab-postgressecret ingitlabnamespace with the keypasswordthat contains the password to the user for the psql database
Redis / Redis Equivalent
- An instance of Redis or Redis equivalent (elasticache, etc.) is running on port
6379and accessible to the cluster via theGITLAB_REDIS_ENDPOINTZarf var. - The redis instance accepts anonymous auth (password only)
- Create
gitlab-redisservice ingitlabnamespace that points to the redis instance - Create
gitlab-redissecret ingitlabnamespace with the keypasswordthat contains the password to the redis instance
Object Storage
Object Storage works a bit differently as there are many kinds of file stores GitLab can be configured to use.
- Create the secret
gitlab-object-storein thegitlabnamespace with the following keys:- An example for in-cluster Minio can be found in this repository at the path
src/dev-secrets/minio-secret.yaml connection- This key refers to the configuration for the main GitLab service. The documentation for what goes in this key is located here
registry- This key refers to the configuration for the gitlab registry. The documentation for what goes in this key is located here
backups- This key refers to the configuration for the gitlab-toolbox backup tool. It relies on a program called
s3cmd. The documentation for what goes in this key is located here
- An example for in-cluster Minio can be found in this repository at the path
- Below are the list of buckets that need to be created before starting GitLab:
- uds-gitlab-pages
- uds-gitlab-registry
- uds-gitlab-lfs
- uds-gitlab-artifacts
- uds-gitlab-uploads
- uds-gitlab-packages
- uds-gitlab-mr-diffs
- uds-gitlab-terraform-state
- uds-gitlab-ci-secure-files
- uds-gitlab-dependency-proxy
- uds-gitlab-backups
- uds-gitlab-tmp- These buckets can have a suffix applied via the
BUCKET_SUFFIXZarf variable (e.g.-some-deployment-nameplusuds-gitlab-backupswould beuds-gitlab-backups-some-deployment-name)
Flavors
| Flavor | Description | Example Creation |
|---|---|---|
| upstream | Uses upstream images within the package. | zarf package create . -f upstream |
| registry1 | Uses images from registry1.dso.mil within the package. | zarf package create . -f registry1 |
[!IMPORTANT] NOTE: To create the registry1 flavor you will need to be logged into Iron Bank - you can find instructions on how to do this in the Big Bang Zarf Tutorial.
Releases
The released packages can be found in ghcr.
UDS Tasks (for local dev and CI)
*For local dev, this requires you install uds-cli
[!TIP] To get a list of tasks to run you can use
uds run --list!
Contributing
Please see the CONTRIBUTING.md
Development
When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the guide in uds-common.