diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 0000000..4db0407
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,40 @@
+{
+ "branches": ["main", "master"],
+ "ci": false,
+ "plugins": [
+ [
+ "@semantic-release/commit-analyzer",
+ {
+ "preset": "conventionalcommits"
+ }
+ ],
+ [
+ "@semantic-release/release-notes-generator",
+ {
+ "preset": "conventionalcommits"
+ }
+ ],
+ [
+ "@semantic-release/github",
+ {
+ "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+ "labels": false,
+ "releasedLabels": false
+ }
+ ],
+ [
+ "@semantic-release/changelog",
+ {
+ "changelogFile": "CHANGELOG.md",
+ "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+ }
+ ],
+ [
+ "@semantic-release/git",
+ {
+ "assets": ["CHANGELOG.md"],
+ "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+ }
+ ]
+ ]
+ }
\ No newline at end of file
diff --git a/README.md b/README.md
index 6f34882..4bd9fa2 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ In the above diagram, you can see the components and their relations (PostgreSQL
|------|---------|
| [aws](#provider\_aws) | 5.36.0 |
| [helm](#provider\_helm) | 2.11.0 |
-| [kubernetes](#provider\_kubernetes) | 2.38.0 |
+| [kubernetes](#provider\_kubernetes) | 3.0.1 |
## Modules
@@ -42,14 +42,15 @@ In the above diagram, you can see the components and their relations (PostgreSQL
| Name | Type |
|------|------|
| [helm_release.gitlab](https://registry.terraform.io/providers/hashicorp/helm/2.11.0/docs/resources/release) | resource |
-| [kubernetes_namespace.gitlab](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_secret.gitlab_omniauth_providers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.gitlab_rails_storage](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.gitlab_registry_storage](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.ldap](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.postgres](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.smtp](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_namespace_v1.gitlab](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [kubernetes_secret_v1.gitlab_omniauth_providers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.gitlab_rails_storage](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.gitlab_registry_storage](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.ldap](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.postgres](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.registry_postgres](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.smtp](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
| [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/5.36.0/docs/data-sources/eks_cluster) | data source |
| [aws_iam_policy_document.s3_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.36.0/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.36.0/docs/data-sources/region) | data source |
@@ -67,6 +68,7 @@ In the above diagram, you can see the components and their relations (PostgreSQL
| [namespace\_labels](#input\_namespace\_labels) | Labels for GitLab namespace | `map(string)` | `{}` | no |
| [omniauth\_providers](#input\_omniauth\_providers) | OmniAuth providers | `map(string)` | `{}` | no |
| [redis\_password](#input\_redis\_password) | Password to access Redis database | `string` | n/a | yes |
+| [registry\_database\_password](#input\_registry\_database\_password) | Password to access Registry PostgreSQL database | `string` | `null` | no |
| [release\_max\_history](#input\_release\_max\_history) | Maximum saved revisions per release | `number` | `10` | no |
| [release\_name](#input\_release\_name) | This is the name of the release which also used as a prefix or suffix for the resources | `string` | `"gitlab"` | no |
| [release\_namespace](#input\_release\_namespace) | Namespace name where you want to deploy the release. If empty, `release_name` will be used. | `string` | `""` | no |
diff --git a/examples/main.tf b/examples/main.tf
index 5b0120d..2352b84 100644
--- a/examples/main.tf
+++ b/examples/main.tf
@@ -24,10 +24,11 @@ module "gitlab" {
release_name = "gitlab"
gitlab_chart_version = "7.8.1"
- database_password = "database_password"
- redis_password = "redis_password"
- smtp_user = "postfix"
- smtp_password = "smtp_password"
+ database_password = "database_password"
+ registry_database_password = "registry_datatabase_password"
+ redis_password = "redis_password"
+ smtp_user = "postfix"
+ smtp_password = "smtp_password"
omniauth_providers = {
"gitlab-omniauth-saml" = local.saml_google_provider
}
@@ -67,15 +68,16 @@ EOF
values = [
templatefile("values.yaml", {
- database_host = "gitlab.xxxxxxxxxxxx.eu-central-1.rds.amazonaws.com"
- database_port = "5432"
- database_username = "postgres"
- redis_host = "master.gitlab.xxxxxx.euc1.cache.amazonaws.com"
- redis_port = "6379"
- release_name = "gitlab"
- bucket_prefix = local.bucket_prefix
- domain = "example.com"
- smtp_address = "smtp.gmail.com"
+ database_host = "gitlab.xxxxxxxxxxxx.eu-central-1.rds.amazonaws.com"
+ database_port = "5432"
+ database_username = "postgres"
+ registry_database_username = "gitlab_registry"
+ redis_host = "master.gitlab.xxxxxx.euc1.cache.amazonaws.com"
+ redis_port = "6379"
+ release_name = "gitlab"
+ bucket_prefix = local.bucket_prefix
+ domain = "example.com"
+ smtp_address = "smtp.gmail.com"
})
]
diff --git a/examples/values.yaml b/examples/values.yaml
index 3d45271..8ccfc82 100644
--- a/examples/values.yaml
+++ b/examples/values.yaml
@@ -29,6 +29,12 @@ global:
username: ${database_username}
database: gitlab
+
+ # Mainly for backups, https://docs.gitlab.com/charts/charts/registry/#installation-parameters, https://gitlab.com/gitlab-org/charts/gitlab/-/issues/1464
+ # https://gitlab.com/gitlab-org/gitlab/-/issues/532507
+ registry:
+ bucket: ${bucket_prefix}-registry
+
redis:
host: ${redis_host}
port: ${redis_port}
@@ -195,6 +201,16 @@ registry:
storage:
secret: ${release_name}-registry-storage
key: config
+ database:
+ enabled: true
+ sslmode: require
+ host: ${database_host}
+ port: ${database_port}
+ user: ${registry_database_username}
+ name: gitlab_registry # if empty, defaults to `registry`
+ password:
+ secret: gitlab-registry-postgresql-password
+ key: registry-postgresql-password
redis:
cache:
password:
diff --git a/main.tf b/main.tf
index a034038..89484ac 100644
--- a/main.tf
+++ b/main.tf
@@ -4,14 +4,14 @@ locals {
data "aws_region" "current" {}
-resource "kubernetes_namespace" "gitlab" {
+resource "kubernetes_namespace_v1" "gitlab" {
metadata {
name = local.release_namespace
labels = var.namespace_labels
}
}
-resource "kubernetes_secret" "postgres" {
+resource "kubernetes_secret_v1" "postgres" {
metadata {
name = "${var.release_name}-postgresql-password"
namespace = local.release_namespace
@@ -27,7 +27,25 @@ resource "kubernetes_secret" "postgres" {
type = "Opaque"
}
-resource "kubernetes_secret" "redis" {
+resource "kubernetes_secret_v1" "registry_postgres" {
+ # Optional, at this moment S3-only can be used https://docs.gitlab.com/administration/packages/container_registry_metadata_database/
+ count = var.registry_database_password != null ? 1 : 0
+ metadata {
+ name = "${var.release_name}-registry-postgresql-password"
+ namespace = local.release_namespace
+ }
+
+ data = {
+ registry-postgresql-password = var.registry_database_password
+ #We need below if we are going to deploy PostgreSQL next to the Gitlab in the EKS
+ #not as RDS for PostgreSQL
+ registry-postgresql-postgres-password = var.registry_database_password
+ }
+
+ type = "Opaque"
+}
+
+resource "kubernetes_secret_v1" "redis" {
metadata {
name = "${var.release_name}-redis-password"
namespace = local.release_namespace
@@ -40,7 +58,7 @@ resource "kubernetes_secret" "redis" {
type = "Opaque"
}
-resource "kubernetes_secret" "smtp" {
+resource "kubernetes_secret_v1" "smtp" {
#count = local.values.global.smtp.authentication == "false" ? 0 : 1
metadata {
@@ -55,7 +73,7 @@ resource "kubernetes_secret" "smtp" {
type = "Opaque"
}
-resource "kubernetes_secret" "gitlab_rails_storage" {
+resource "kubernetes_secret_v1" "gitlab_rails_storage" {
metadata {
name = "${var.release_name}-rails-storage"
namespace = local.release_namespace
@@ -64,12 +82,12 @@ resource "kubernetes_secret" "gitlab_rails_storage" {
data = {
connection = <