Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
59b0e2f45d
commit
ee2c09733d
|
@ -96,9 +96,10 @@
|
|||
}
|
||||
|
||||
@mixin line-number-link($color) {
|
||||
min-width: $gl-spacing-scale-9;
|
||||
|
||||
&::before {
|
||||
@include gl-visibility-hidden;
|
||||
@include gl-display-inline-block;
|
||||
@include gl-display-none;
|
||||
@include gl-align-self-center;
|
||||
@include gl-mt-2;
|
||||
@include gl-mr-2;
|
||||
|
@ -114,10 +115,10 @@
|
|||
}
|
||||
|
||||
&:hover::before {
|
||||
@include gl-visibility-visible;
|
||||
@include gl-display-inline-block;
|
||||
}
|
||||
|
||||
&:focus::before {
|
||||
@include gl-visibility-visible;
|
||||
@include gl-display-inline-block;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -159,9 +159,9 @@ module IssuableActions
|
|||
discussions = Discussion.build_collection(notes, issuable)
|
||||
|
||||
if issuable.is_a?(MergeRequest)
|
||||
cache_context = [current_user&.cache_key, project.team.human_max_access(current_user&.id)].join(':')
|
||||
|
||||
render_cached(discussions, with: discussion_serializer, cache_context: -> (_) { cache_context }, context: self)
|
||||
render_cached(discussions, with: discussion_serializer, cache_context: -> (_) { discussion_cache_context }, context: self)
|
||||
elsif issuable.is_a?(Issue) && Feature.enabled?(:issue_discussions_http_cache, default_enabled: :yaml)
|
||||
render json: discussion_serializer.represent(discussions, context: self) if stale?(etag: [discussion_cache_context, discussions])
|
||||
else
|
||||
render json: discussion_serializer.represent(discussions, context: self)
|
||||
end
|
||||
|
@ -197,6 +197,10 @@ module IssuableActions
|
|||
current_user&.user_preference&.previous_changes&.any?
|
||||
end
|
||||
|
||||
def discussion_cache_context
|
||||
[current_user&.cache_key, project.team.human_max_access(current_user&.id)].join(':')
|
||||
end
|
||||
|
||||
def discussion_serializer
|
||||
DiscussionSerializer.new(project: project, noteable: issuable, current_user: current_user, note_entity: ProjectNoteEntity)
|
||||
end
|
||||
|
|
|
@ -59,7 +59,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
|
|||
def authorize_upload_blob
|
||||
set_workhorse_internal_api_content_type
|
||||
|
||||
render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false)
|
||||
render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: 5.gigabytes)
|
||||
end
|
||||
|
||||
def upload_blob
|
||||
|
|
|
@ -112,6 +112,10 @@ class BulkImports::Entity < ApplicationRecord
|
|||
@export_relations_url_path ||= EXPORT_RELATIONS_URL % { resource: pluralized_name, full_path: encoded_source_full_path }
|
||||
end
|
||||
|
||||
def relation_download_url_path(relation)
|
||||
"#{export_relations_url_path}/download?relation=#{relation}"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def validate_parent_is_a_group
|
||||
|
|
|
@ -7,8 +7,16 @@ module BulkImports
|
|||
|
||||
REMOTE_FILENAME_PATTERN = %r{filename="(?<filename>[^"]+)"}.freeze
|
||||
FILENAME_SIZE_LIMIT = 255 # chars before the extension
|
||||
DEFAULT_FILE_SIZE_LIMIT = 5.gigabytes
|
||||
DEFAULT_ALLOWED_CONTENT_TYPES = %w(application/gzip application/octet-stream).freeze
|
||||
|
||||
def initialize(configuration:, relative_url:, dir:, file_size_limit:, allowed_content_types:, filename: nil)
|
||||
def initialize(
|
||||
configuration:,
|
||||
relative_url:,
|
||||
dir:,
|
||||
file_size_limit: DEFAULT_FILE_SIZE_LIMIT,
|
||||
allowed_content_types: DEFAULT_ALLOWED_CONTENT_TYPES,
|
||||
filename: nil)
|
||||
@configuration = configuration
|
||||
@relative_url = relative_url
|
||||
@filename = filename
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
module Packages
|
||||
module Rubygems
|
||||
class CreateDependenciesService
|
||||
include BulkInsertSafe
|
||||
|
||||
def initialize(package, gemspec)
|
||||
@package = package
|
||||
@gemspec = gemspec
|
||||
|
|
|
@ -148,3 +148,5 @@ module Snippets
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
Snippets::UpdateService.prepend_mod_with('Snippets::UpdateService')
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: issue_discussions_http_cache
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72589
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/343309
|
||||
milestone: '14.5'
|
||||
type: development
|
||||
group: group::project management
|
||||
default_enabled: false
|
|
@ -10,7 +10,7 @@ The Kubernetes Agent Server (KAS) is a GitLab backend service dedicated to
|
|||
managing [Kubernetes Agents](../../user/clusters/agent/index.md).
|
||||
|
||||
The KAS is already installed and available in GitLab.com under `wss://kas.gitlab.com`.
|
||||
See [how to use GitLab.com's KAS](../../user/clusters/agent/index.md#set-up-the-kubernetes-agent-server).
|
||||
See [how to use GitLab.com's KAS](../../user/clusters/agent/install/index.md#set-up-the-kubernetes-agent-server).
|
||||
This document describes how to install a KAS for GitLab self-managed instances.
|
||||
|
||||
## Installation options
|
||||
|
|
|
@ -455,7 +455,7 @@ To solve this:
|
|||
|
||||
1. Back up [the `.git` folder](../../repository_storage_types.md#translate-hashed-storage-paths).
|
||||
|
||||
1. Optional: [Spot-check](../../troubleshooting/log_parsing.md#find-all-projects-affected-by-a-fatal-git-problem))
|
||||
1. Optional: [Spot-check](../../troubleshooting/log_parsing.md#find-all-projects-affected-by-a-fatal-git-problem)
|
||||
a few of those IDs whether they indeed correspond
|
||||
to a project with known Geo replication failures.
|
||||
Use `fatal: 'geo'` as the `grep` term and the following API call:
|
||||
|
|
|
@ -7,7 +7,7 @@ type: reference
|
|||
|
||||
# Load Balancer for multi-node GitLab **(FREE SELF)**
|
||||
|
||||
In an multi-node GitLab configuration, you need a load balancer to route
|
||||
In a multi-node GitLab configuration, you need a load balancer to route
|
||||
traffic to the application servers. The specifics on which load balancer to use
|
||||
or the exact configuration is beyond the scope of GitLab documentation. We hope
|
||||
that if you're managing HA systems like GitLab you have a load balancer of
|
||||
|
|
|
@ -84,7 +84,7 @@ This content has been moved to a [new location](replication_and_failover.md#conf
|
|||
|
||||
Do not backup or restore GitLab through a PgBouncer connection: it causes a GitLab outage.
|
||||
|
||||
[Read more about this and how to reconfigure backups](../../raketasks/backup_restore.md#backup-and-restore-for-installations-using-pgbouncer).
|
||||
[Read more about this and how to reconfigure backups](../../raketasks/backup_restore.md#back-up-and-restore-for-installations-using-pgbouncer).
|
||||
|
||||
## Enable Monitoring
|
||||
|
||||
|
@ -172,7 +172,7 @@ ote_pid | tls
|
|||
|
||||
Some database changes have to be done directly, and not through PgBouncer.
|
||||
|
||||
Read more about the affected tasks: [database restores](../../raketasks/backup_restore.md#backup-and-restore-for-installations-using-pgbouncer)
|
||||
Read more about the affected tasks: [database restores](../../raketasks/backup_restore.md#back-up-and-restore-for-installations-using-pgbouncer)
|
||||
and [GitLab upgrades](../../update/zero_downtime.md#use-postgresql-ha).
|
||||
|
||||
1. To find the primary node, run the following on a database node:
|
||||
|
|
|
@ -501,7 +501,7 @@ in the Troubleshooting section before proceeding.
|
|||
|
||||
Do not backup or restore GitLab through a PgBouncer connection: this causes a GitLab outage.
|
||||
|
||||
[Read more about this and how to reconfigure backups](../../raketasks/backup_restore.md#backup-and-restore-for-installations-using-pgbouncer).
|
||||
[Read more about this and how to reconfigure backups](../../raketasks/backup_restore.md#back-up-and-restore-for-installations-using-pgbouncer).
|
||||
|
||||
### Ensure GitLab is running
|
||||
|
||||
|
|
|
@ -97,20 +97,13 @@ mechanics of what is required is [documented below](#data-file) but, in principl
|
|||
|
||||
The global nav has five levels:
|
||||
|
||||
- **Section**
|
||||
- Section
|
||||
- Category
|
||||
- Doc
|
||||
- Doc
|
||||
- Doc
|
||||
|
||||
The majority of the links available on the nav were added according to the UI.
|
||||
The match is not perfect, as for some UI nav items the documentation doesn't
|
||||
apply, and there are also other links to help the new users to discover the
|
||||
documentation. The docs under **Administration** are ordered alphabetically
|
||||
for clarity.
|
||||
|
||||
To see the improvements planned, check the
|
||||
[global nav epic](https://gitlab.com/groups/gitlab-org/-/epics/1599).
|
||||
You can view this structure in [the navigation.yml file](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/content/_data/navigation.yaml).
|
||||
|
||||
**Do not** [add items](#add-a-navigation-entry) to the global nav without
|
||||
the consent of one of the technical writers.
|
||||
|
|
|
@ -93,7 +93,7 @@ the indexer itself.
|
|||
|
||||
This project relies on [International Components for Unicode](https://icu.unicode.org/) (ICU) for text encoding,
|
||||
therefore we must ensure the development packages for your platform are
|
||||
installed before running `make`.
|
||||
installed before running `make`.
|
||||
|
||||
#### Debian / Ubuntu
|
||||
|
||||
|
@ -113,6 +113,9 @@ sudo yum install libicu-devel
|
|||
|
||||
#### macOS
|
||||
|
||||
NOTE:
|
||||
You must first [install Homebrew](https://brew.sh/).
|
||||
|
||||
To install on macOS, run:
|
||||
|
||||
```shell
|
||||
|
|
|
@ -22,7 +22,7 @@ backups with your object storage provider, if desired.
|
|||
|
||||
## Requirements
|
||||
|
||||
To be able to backup and restore, ensure that Rsync is installed on your
|
||||
To be able to back up and restore, ensure that Rsync is installed on your
|
||||
system. If you installed GitLab:
|
||||
|
||||
- _Using the Omnibus package_, you're all set.
|
||||
|
@ -74,7 +74,7 @@ GitLab does not back up any configuration files, SSL certificates, or system
|
|||
files. You are highly advised to read about [storing configuration files](#storing-configuration-files).
|
||||
|
||||
WARNING:
|
||||
The backup command requires [additional parameters](#backup-and-restore-for-installations-using-pgbouncer) when
|
||||
The backup command requires [additional parameters](#back-up-and-restore-for-installations-using-pgbouncer) when
|
||||
your installation is using PgBouncer, for either performance reasons or when using it with a Patroni cluster.
|
||||
|
||||
Depending on your version of GitLab, use the following command if you installed
|
||||
|
@ -168,7 +168,7 @@ as its key defeats the purpose of using encryption in the first place.
|
|||
WARNING:
|
||||
The secrets file is essential to preserve your database encryption key.
|
||||
|
||||
At the very **minimum**, you must backup:
|
||||
At the very **minimum**, you must back up:
|
||||
|
||||
For Omnibus:
|
||||
|
||||
|
@ -187,7 +187,7 @@ the GitLab container according to the documentation, it should be in the
|
|||
|
||||
For [GitLab Helm chart installations](https://gitlab.com/gitlab-org/charts/gitlab)
|
||||
on a Kubernetes cluster, you must follow the
|
||||
[Backup the secrets](https://docs.gitlab.com/charts/backup-restore/backup.html#backup-the-secrets)
|
||||
[Back up the secrets](https://docs.gitlab.com/charts/backup-restore/backup.html#backup-the-secrets)
|
||||
instructions.
|
||||
|
||||
You may also want to back up any TLS keys and certificates, and your
|
||||
|
@ -787,7 +787,7 @@ For installations from source:
|
|||
#### Configuring cron to make daily backups
|
||||
|
||||
WARNING:
|
||||
The following cron jobs do not [backup your GitLab configuration files](#storing-configuration-files)
|
||||
The following cron jobs do not [back up your GitLab configuration files](#storing-configuration-files)
|
||||
or [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079).
|
||||
|
||||
You can schedule a cron job that backs up your repositories and GitLab metadata.
|
||||
|
@ -974,7 +974,7 @@ message. Install the [correct GitLab version](https://packages.gitlab.com/gitlab
|
|||
and then try again.
|
||||
|
||||
WARNING:
|
||||
The restore command requires [additional parameters](#backup-and-restore-for-installations-using-pgbouncer) when
|
||||
The restore command requires [additional parameters](#back-up-and-restore-for-installations-using-pgbouncer) when
|
||||
your installation is using PgBouncer, for either performance reasons or when using it with a Patroni cluster.
|
||||
|
||||
Next, restore `/etc/gitlab/gitlab-secrets.json` if necessary,
|
||||
|
@ -1215,9 +1215,9 @@ There are a few possible downsides to this:
|
|||
There is an **experimental** script that attempts to automate this process in
|
||||
[the Geo team Runbooks project](https://gitlab.com/gitlab-org/geo-team/runbooks/-/tree/main/experimental-online-backup-through-rsync).
|
||||
|
||||
## Backup and restore for installations using PgBouncer
|
||||
## Back up and restore for installations using PgBouncer
|
||||
|
||||
Do NOT backup or restore GitLab through a PgBouncer connection. These
|
||||
Do NOT back up or restore GitLab through a PgBouncer connection. These
|
||||
tasks must [bypass PgBouncer and connect directly to the PostgreSQL primary database node](#bypassing-pgbouncer),
|
||||
or they cause a GitLab outage.
|
||||
|
||||
|
|
|
@ -159,7 +159,7 @@ at the bottom of the editor.
|
|||
|
||||
You can use policy alerts to track your policy's impact. Alerts are only available if you've
|
||||
[installed](../../clusters/agent/repository.md)
|
||||
and [configured](../../clusters/agent/index.md#create-an-agent-record-in-gitlab)
|
||||
and [configured](../../clusters/agent/install/index.md#create-an-agent-record-in-gitlab)
|
||||
a Kubernetes Agent for this project.
|
||||
|
||||
There are two ways to create policy alerts:
|
||||
|
|
|
@ -21,11 +21,11 @@ Only CI/CD jobs set in the configuration project can access one of the configure
|
|||
|
||||
## Prerequisites
|
||||
|
||||
- A running [`kas` instance](index.md#set-up-the-kubernetes-agent-server).
|
||||
- A [configuration repository](index.md#define-a-configuration-repository) with an Agent config file
|
||||
- A running [`kas` instance](install/index.md#set-up-the-kubernetes-agent-server).
|
||||
- A [configuration repository](install/index.md#define-a-configuration-repository) with an Agent config file
|
||||
installed (`.gitlab/agents/<agent-name>/config.yaml`).
|
||||
- An [Agent record](index.md#create-an-agent-record-in-gitlab).
|
||||
- The Agent [installed in the cluster](index.md#install-the-agent-into-the-cluster).
|
||||
- An [Agent record](install/index.md#create-an-agent-record-in-gitlab).
|
||||
- The Agent [installed in the cluster](install/index.md#install-the-agent-into-the-cluster).
|
||||
|
||||
## Use the CI/CD Tunnel to run Kubernetes commands from GitLab CI/CD
|
||||
|
||||
|
@ -37,6 +37,12 @@ there isn't any context selected.
|
|||
Contexts are named in the following format: `<agent-configuration-project-path>:<agent-name>`.
|
||||
To get the list of available contexts, run `kubectl config get-contexts`.
|
||||
|
||||
## Share the CI/CD Tunnel provided by an Agent with other projects and group
|
||||
|
||||
The Agent can be configured to enable access to the CI/CD Tunnel to other projects or all the projects under a given group. This way you can have a single agent serving all the requests for several projects saving on resources and maintenance.
|
||||
|
||||
You can read more on how to [authorize access to groups in the Agent configuration reference](repository.md#authorize-groups-to-use-an-agent).
|
||||
|
||||
## Example for a `kubectl` command using the CI/CD Tunnel
|
||||
|
||||
The following example shows a CI/CD job that runs a `kubectl` command using the CI/CD Tunnel.
|
||||
|
|
|
@ -7,28 +7,54 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
# GitLab Kubernetes Agent **(PREMIUM)**
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/223061) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.4.
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/issues/7) in GitLab 13.6, `grpcs` is supported.
|
||||
> - Support for `grpcs` [introduced](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/issues/7) in GitLab 13.6.
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/300960) in GitLab 13.10, KAS became available on GitLab.com under `wss://kas.gitlab.com` through an Early Adopter Program.
|
||||
> - Introduced in GitLab 13.11, the GitLab Kubernetes Agent became available to every project on GitLab.com.
|
||||
|
||||
The [GitLab Kubernetes Agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent)
|
||||
is an active in-cluster component for solving GitLab and Kubernetes integration
|
||||
tasks in a secure and cloud-native way. It enables:
|
||||
The [GitLab Kubernetes Agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) ("Agent", for short)
|
||||
is an active in-cluster component for connecting Kubernetes clusters to GitLab safely to support cloud-native deployment, management, and monitoring.
|
||||
|
||||
- GitLab integration with a Kubernetes cluster behind a firewall or NAT
|
||||
(network address translation).
|
||||
- Pull-based GitOps deployments.
|
||||
- [Inventory object](../../infrastructure/clusters/deploy/inventory_object.md) to keep track of objects applied to your cluster.
|
||||
- Real-time access to API endpoints in a cluster.
|
||||
- Alert generation based on [Container network policy](../../application_security/policies/index.md#container-network-policy).
|
||||
- [CI/CD Tunnel](ci_cd_tunnel.md) that enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster.
|
||||
The Agent is installed into the cluster through code, providing you with a fast, safe, stable, and scalable solution.
|
||||
|
||||
Many more features are planned. Please review [our roadmap](https://gitlab.com/groups/gitlab-org/-/epics/3329)
|
||||
and [our development documentation](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/doc).
|
||||
With GitOps, you can manage containerized clusters and applications from a Git repository that:
|
||||
|
||||
## GitLab Agent GitOps workflow
|
||||
- Is the single source of truth of your system.
|
||||
- Is the single place where you operate your system.
|
||||
- Is a single resource to monitor your system.
|
||||
|
||||
The GitLab Agent, herein _Agent_, uses multiple GitLab projects to provide a flexible workflow
|
||||
By combining GitLab, Kubernetes, and GitOps, it results in a robust infrastructure:
|
||||
|
||||
- GitLab as the GitOps operator.
|
||||
- Kubernetes as the automation and convergence system.
|
||||
- GitLab CI/CD as the Continuous Integration and Continuous Deployment engine.
|
||||
|
||||
Beyond that, you can use all the features offered by GitLab as
|
||||
the all-in-one DevOps platform for your product and your team.
|
||||
|
||||
## Agent's features
|
||||
|
||||
By using the GitLab Kubernetes Agent, you can:
|
||||
|
||||
- Connect GitLab with a Kubernetes cluster behind a firewall or a
|
||||
Network Address Translation (NAT).
|
||||
- Have real-time access to API endpoints in your cluster from GitLab CI/CD.
|
||||
- Use GitOps to configure your cluster through the [Agent's repository](repository.md).
|
||||
- Perform pull-based or push-based GitOps deployments.
|
||||
- Configure [Network Security Alerts](#kubernetes-network-security-alerts)
|
||||
based on [Container Network Policies](../../application_security/policies/index.md#container-network-policy).
|
||||
- Track objects applied to your cluster through [inventory objects](../../infrastructure/clusters/deploy/inventory_object.md).
|
||||
- Use the [CI/CD Tunnel](ci_cd_tunnel.md) to access Kubernetes clusters
|
||||
from GitLab CI/CD jobs while keeping the cluster's APIs safe and unexposed
|
||||
to the internet.
|
||||
- [Deploy the GitLab Runner in a Kubernetes cluster](https://docs.gitlab.com/runner/install/kubernetes-agent.html).
|
||||
|
||||
See the [GitLab Kubernetes Agent roadmap](https://gitlab.com/groups/gitlab-org/-/epics/3329) to track its development.
|
||||
|
||||
To contribute to the Agent, see the [Agent's development documentation](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/doc).
|
||||
|
||||
## Agent's workflow
|
||||
|
||||
The Agent uses multiple GitLab projects to provide a flexible workflow
|
||||
that can suit various needs. This diagram shows these repositories and the main
|
||||
actors involved in a deployment:
|
||||
|
||||
|
@ -50,363 +76,33 @@ sequenceDiagram
|
|||
end
|
||||
```
|
||||
|
||||
There are several components that work in concert for the Agent to accomplish GitOps deployments:
|
||||
For more details, refer to our [architecture documentation](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/architecture.md#high-level-architecture) in the Agent project.
|
||||
|
||||
## Install the Agent in your cluster
|
||||
|
||||
See how to [install the GitLab Kubernetes Agent in your cluster](install/index.md).
|
||||
|
||||
## GitOps deployments
|
||||
|
||||
To perform GitOps deployments with the Agent, you need:
|
||||
|
||||
- A properly-configured Kubernetes cluster where the Agent is running.
|
||||
- A configuration repository that contains a `config.yaml` file, which tells the
|
||||
Agent the repositories to synchronize with the cluster.
|
||||
- A [configuration repository](repository.md) that contains a
|
||||
`config.yaml` file, which tells the Agent the repositories to synchronize
|
||||
with the cluster.
|
||||
- A manifest repository that contains manifest files. Any changes to manifest files are applied to the cluster.
|
||||
|
||||
You can use the same GitLab project or projects for configuration and manifest files, as follows:
|
||||
You can use a single GitLab project or different projects for the Agent
|
||||
configuration and manifest files, as follows:
|
||||
|
||||
- Single GitLab project (recommended): when you use a single repository to hold both the manifest and the configuration files, these projects can be either private or public, as you prefer.
|
||||
- Two GitLab projects: when you opt to use two different GitLab projects, one for manifest files, and another for configuration files, the manifests project must be public, while the configuration project can be either private or public. Our backlog contains issues for adding support for
|
||||
[private manifest repositories outside of the configuration project](https://gitlab.com/gitlab-org/gitlab/-/issues/220912) and
|
||||
[group level agents](https://gitlab.com/gitlab-org/gitlab/-/issues/283885) in the future.
|
||||
- Single GitLab project (recommended): When you use a single repository to hold
|
||||
both the manifest and the configuration files, these projects can be either
|
||||
private or public.
|
||||
- Two GitLab projects: When you use two different GitLab projects (one for
|
||||
manifest files and another for configuration files), the manifests project must
|
||||
be public, while the configuration project can be either private or public.
|
||||
|
||||
For more details, please refer to our [full architecture documentation](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/architecture.md#high-level-architecture) in the Agent project.
|
||||
|
||||
## Get started with GitOps and the GitLab Agent
|
||||
|
||||
The setup process involves a few steps to enable GitOps deployments:
|
||||
|
||||
1. [Set up the Kubernetes Agent Server](#set-up-the-kubernetes-agent-server) for your GitLab instance.
|
||||
1. [Define a configuration repository](#define-a-configuration-repository).
|
||||
1. [Create an Agent record in GitLab](#create-an-agent-record-in-gitlab).
|
||||
1. [Install the Agent into the cluster](#install-the-agent-into-the-cluster).
|
||||
1. [Generate and copy a Secret token used to connect to the Agent](#create-the-kubernetes-secret).
|
||||
1. [Create manifest files](#create-manifest-files).
|
||||
|
||||
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> Watch a GitLab 14.2 [walking-through video](https://www.youtube.com/watch?v=XuBpKtsgGkE) with this process.
|
||||
|
||||
### Upgrades and version compatibility
|
||||
|
||||
As the GitLab Kubernetes Agent is a new product, we are constantly adding new features
|
||||
to it. As a result, while shipped features are production ready, its internal API is
|
||||
neither stable nor versioned yet. For this reason, GitLab only guarantees compatibility
|
||||
between corresponding major.minor (X.Y) versions of GitLab and its cluster side
|
||||
component, `agentk`.
|
||||
|
||||
Upgrade your agent installations together with GitLab upgrades. To decide which version of `agentk` to install follow:
|
||||
|
||||
1. Open the [`GITLAB_KAS_VERSION`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/GITLAB_KAS_VERSION) file from the GitLab Repository, which contains the latest `agentk` version associated with the `master` branch.
|
||||
1. Change the `master` branch and select the Git tag associated with your version. For instance, you could change it to GitLab [v13.5.3-ee release](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.5.3-ee/GITLAB_KAS_VERSION)
|
||||
|
||||
The available `agentk` and `kas` versions can be found in
|
||||
[the container registry](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/container_registry/).
|
||||
|
||||
### Set up the Kubernetes Agent Server
|
||||
|
||||
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3834) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.10, the GitLab Kubernetes Agent Server (KAS) became available on GitLab.com under `wss://kas.gitlab.com`.
|
||||
|
||||
To use the KAS:
|
||||
|
||||
- If you are a self-managed user, follow the instructions to [install the Kubernetes Agent Server](../../../administration/clusters/kas.md).
|
||||
- If you are a GitLab.com user, when you [set up the configuration repository](#define-a-configuration-repository) for your agent, use `wss://kas.gitlab.com` as the `--kas-address`.
|
||||
|
||||
### Define a configuration repository
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7, the Agent manifest configuration can be added to multiple directories (or subdirectories) of its repository.
|
||||
> - Group authorization was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
|
||||
|
||||
To configure an Agent, you need:
|
||||
|
||||
1. A GitLab repository to hold the configuration file.
|
||||
1. Install the Agent in a cluster.
|
||||
|
||||
After installed, when you update the configuration file, GitLab transmits the
|
||||
information to the cluster automatically without downtime.
|
||||
|
||||
In your repository, add the Agent configuration file under:
|
||||
|
||||
```plaintext
|
||||
.gitlab/agents/<agent-name>/config.yaml
|
||||
```
|
||||
|
||||
Your `config.yaml` file specifies all configurations of the Agent, such as:
|
||||
|
||||
- The manifest projects to synchronize.
|
||||
- The groups that can access this Agent via the [CI/CD Tunnel](ci_cd_tunnel.md).
|
||||
- The address of the `hubble-relay` for the Network Security policy integrations.
|
||||
|
||||
As an example, a minimal Agent configuration that sets up only the manifest
|
||||
synchronizations is:
|
||||
|
||||
```yaml
|
||||
gitops:
|
||||
manifest_projects:
|
||||
- id: "path-to/your-manifest-project-1"
|
||||
paths:
|
||||
- glob: '/**/*.{yaml,yml,json}'
|
||||
```
|
||||
|
||||
All the options for the [Kubernetes Agent configuration repository](repository.md) are documented separately.
|
||||
|
||||
### Create an Agent record in GitLab
|
||||
|
||||
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5786) in GitLab 14.1, you can create a new Agent record directly from the GitLab UI.
|
||||
|
||||
Next, create a GitLab Rails Agent record to associate it with
|
||||
the configuration repository project. Creating this record also creates a Secret needed to configure
|
||||
the Agent in subsequent steps.
|
||||
|
||||
In GitLab:
|
||||
|
||||
1. From your project's sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||
1. Select the **GitLab Agent managed clusters** tab.
|
||||
1. Select **Integrate with the GitLab Agent**.
|
||||
1. From the **Select an Agent** dropdown menu, select the Agent you want to connect and select **Next** to access the installation form.
|
||||
1. The form reveals your registration token. Securely store this secret token as you cannot view it again.
|
||||
1. Copy the command under **Recommended installation method**.
|
||||
|
||||
In your computer:
|
||||
|
||||
1. Open your local terminal and connect to your cluster.
|
||||
1. Run the command you copied from the installation form.
|
||||
|
||||
### Install the Agent into the cluster
|
||||
|
||||
To install the in-cluster component of the Agent, first you need to define a namespace. To create a new namespace,
|
||||
for example, `gitlab-kubernetes-agent`, run:
|
||||
|
||||
```shell
|
||||
kubectl create namespace gitlab-kubernetes-agent
|
||||
```
|
||||
|
||||
To perform a one-liner installation, run the command below. Make sure to replace:
|
||||
|
||||
- `your-agent-token` with the token received from the previous step (identified as `secret` in the JSON output).
|
||||
- `gitlab-kubernetes-agent` with the namespace you defined in the previous step.
|
||||
- `wss://kas.gitlab.example.com` with the configured access of the Kubernetes Agent Server (KAS). For GitLab.com users, the KAS is available under `wss://kas.gitlab.com`.
|
||||
- `--agent-version=vX.Y.Z` with the latest released patch version matching your GitLab installation's major and minor versions. For example, for GitLab v13.9.0, use `--agent-version=v13.9.1`. You can find your GitLab version under the "Help/Help" menu.
|
||||
|
||||
```shell
|
||||
docker run --pull=always --rm registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate --agent-token=your-agent-token --kas-address=wss://kas.gitlab.example.com --agent-version=vX.Y.Z --namespace gitlab-kubernetes-agent | kubectl apply -f -
|
||||
```
|
||||
|
||||
WARNING:
|
||||
`--agent-version stable` can be used to refer to the latest stable release at the time when the command runs. It's fine for
|
||||
testing purposes but for production please make sure to specify a matching version explicitly.
|
||||
|
||||
To find out the various options the above Docker container supports, run:
|
||||
|
||||
```shell
|
||||
docker run --pull=always --rm registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate --help
|
||||
```
|
||||
|
||||
#### Advanced installation
|
||||
|
||||
For more advanced configurations, we recommend to use [the `kpt` based installation method](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/build/deployment/gitlab-agent).
|
||||
|
||||
Otherwise, follow the manual installation steps described below.
|
||||
|
||||
### Create the Kubernetes secret
|
||||
|
||||
After generating the token, you must apply it to the Kubernetes cluster.
|
||||
|
||||
To create your Secret, run:
|
||||
|
||||
```shell
|
||||
kubectl create secret generic -n gitlab-kubernetes-agent gitlab-kubernetes-agent-token --from-literal=token='YOUR_AGENT_TOKEN'
|
||||
```
|
||||
|
||||
The following example file contains the
|
||||
Kubernetes resources required for the Agent to be installed. You can modify this
|
||||
example [`resources.yml` file](#example-resourcesyml-file) in the following ways:
|
||||
|
||||
- Replace `namespace: gitlab-kubernetes-agent` with `namespace: <YOUR-DESIRED-NAMESPACE>`.
|
||||
- You can configure `kas-address` (Kubernetes Agent Server) in several ways.
|
||||
The agent can use the WebSockets or gRPC protocols to connect to the Agent Server.
|
||||
Select the option appropriate for your cluster configuration and GitLab architecture:
|
||||
- The `wss` scheme (an encrypted WebSockets connection) is specified by default
|
||||
after you install the `gitlab-kas` sub-chart, or enable `gitlab-kas` for Omnibus GitLab.
|
||||
When using the sub-chart, you must set `wss://kas.host.tld:443` as
|
||||
`kas-address`, where `host.tld` is the domain you've setup for your GitLab installation.
|
||||
When using Omnibus GitLab, you must set `wss://GitLab.host.tld:443/-/kubernetes-agent/` as
|
||||
`kas-address`, where `GitLab.host.tld` is your GitLab hostname.
|
||||
- When using the sub-chart, specify the `ws` scheme (such as `ws://kas.host.tld:80`)
|
||||
to use an unencrypted WebSockets connection.
|
||||
When using the Omnibus GitLab, specify the `ws` scheme (such as `ws://GitLab.host.tld:80/-/kubernetes-agent/`).
|
||||
- Specify the `grpc` scheme if both Agent and Server are installed in one cluster.
|
||||
In this case, you may specify `kas-address` value as
|
||||
`grpc://gitlab-kas.<your-namespace>:8150`) to use gRPC directly, where `gitlab-kas`
|
||||
is the name of the service created by `gitlab-kas` chart, and `<your-namespace>`
|
||||
is the namespace where the chart was installed.
|
||||
- Specify the `grpcs` scheme to use an encrypted gRPC connection.
|
||||
- When deploying KAS through the [GitLab chart](https://docs.gitlab.com/charts/), it's possible to customize the
|
||||
`kas-address` for `wss` and `ws` schemes to whatever you need.
|
||||
Check the [chart's KAS Ingress documentation](https://docs.gitlab.com/charts/charts/gitlab/kas/#ingress)
|
||||
to learn more about it.
|
||||
- In the near future, Omnibus GitLab intends to provision `gitlab-kas` under a sub-domain by default, instead of the `/-/kubernetes-agent/` path. Please follow [this issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5784) for details.
|
||||
- If you defined your own secret name, replace `gitlab-kubernetes-agent-token` with your
|
||||
secret name in the `secretName:` section.
|
||||
|
||||
To apply this file, run the following command:
|
||||
|
||||
```shell
|
||||
kubectl apply -n gitlab-kubernetes-agent -f ./resources.yml
|
||||
```
|
||||
|
||||
To review your configuration, run the following command:
|
||||
|
||||
```shell
|
||||
$ kubectl get pods -n gitlab-kubernetes-agent
|
||||
|
||||
NAMESPACE NAME READY STATUS RESTARTS AGE
|
||||
gitlab-kubernetes-agent gitlab-kubernetes-agent-77689f7dcb-5skqk 1/1 Running 0 51s
|
||||
```
|
||||
|
||||
#### Example `resources.yml` file
|
||||
|
||||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gitlab-kubernetes-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gitlab-kubernetes-agent
|
||||
spec:
|
||||
serviceAccountName: gitlab-kubernetes-agent
|
||||
containers:
|
||||
- name: agent
|
||||
# Make sure to specify a matching version for production
|
||||
image: "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:vX.Y.Z
|
||||
args:
|
||||
- --token-file=/config/token
|
||||
- --kas-address
|
||||
- wss://kas.host.tld:443 # replace this line with the line below if using Omnibus GitLab or GitLab.com.
|
||||
# - wss://gitlab.host.tld:443/-/kubernetes-agent/
|
||||
# - wss://kas.gitlab.com # for GitLab.com users, use this KAS.
|
||||
# - grpc://host.docker.internal:8150 # use this attribute when connecting from Docker.
|
||||
volumeMounts:
|
||||
- name: token-volume
|
||||
mountPath: /config
|
||||
volumes:
|
||||
- name: token-volume
|
||||
secret:
|
||||
secretName: gitlab-kubernetes-agent-token
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
maxUnavailable: 1
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-write
|
||||
rules:
|
||||
- resources:
|
||||
- '*'
|
||||
apiGroups:
|
||||
- '*'
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-write-binding
|
||||
roleRef:
|
||||
name: gitlab-kubernetes-agent-write
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- name: gitlab-kubernetes-agent
|
||||
kind: ServiceAccount
|
||||
namespace: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-read
|
||||
rules:
|
||||
- resources:
|
||||
- '*'
|
||||
apiGroups:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-read-binding
|
||||
roleRef:
|
||||
name: gitlab-kubernetes-agent-read
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- name: gitlab-kubernetes-agent
|
||||
kind: ServiceAccount
|
||||
namespace: gitlab-kubernetes-agent
|
||||
```
|
||||
|
||||
### Create manifest files
|
||||
|
||||
In a previous step, you configured a `config.yaml` to point to the GitLab projects
|
||||
the Agent should synchronize. Agent monitors each of those projects for changes to the manifest files it contains. You can auto-generate manifest files with a
|
||||
templating engine or other means.
|
||||
|
||||
The agent is authorized to download manifests for the configuration
|
||||
project, and public projects. Support for other private projects is
|
||||
planned in the issue [Agent authorization for private manifest
|
||||
projects](https://gitlab.com/gitlab-org/gitlab/-/issues/220912).
|
||||
|
||||
Each time you push a change to a monitored manifest repository, the Agent logs the change:
|
||||
|
||||
```plaintext
|
||||
2020-09-15_14:09:04.87946 gitlab-k8s-agent : time="2020-09-15T10:09:04-04:00" level=info msg="Config: new commit" agent_id=1 commit_id=e6a3651f1faa2e928fe6120e254c122451be4eea
|
||||
```
|
||||
|
||||
#### Example manifest file
|
||||
|
||||
This file creates a minimal `ConfigMap`:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: demo-map
|
||||
namespace: gitlab-kubernetes-agent # Can be any namespace managed by you that the agent has access to.
|
||||
data:
|
||||
key: value
|
||||
```
|
||||
|
||||
## Example projects
|
||||
|
||||
The following example projects can help you get started with the Kubernetes Agent.
|
||||
|
||||
- [Configuration repository](https://gitlab.com/gitlab-org/configure/examples/kubernetes-agent)
|
||||
- This basic GitOps example deploys NGINX: [Manifest repository](https://gitlab.com/gitlab-org/configure/examples/gitops-project)
|
||||
|
||||
### GitLab Runner Deployment with the Agent
|
||||
|
||||
You can use the Kubernetes Agent to
|
||||
[deploy GitLab Runner in a Kubernetes cluster](https://docs.gitlab.com/runner/install/kubernetes-agent.html).
|
||||
Support for private manifest repositories is tracked in this [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/220912).
|
||||
|
||||
## Kubernetes Network Security Alerts
|
||||
|
||||
|
@ -426,24 +122,12 @@ There are several components that work in concert for the Agent to generate the
|
|||
- Add the required labels and annotations to existing network policies.
|
||||
- A configuration repository with [Cilium configured in `config.yaml`](repository.md#surface-network-security-alerts-from-cluster-to-gitlab)
|
||||
|
||||
The setup process follows the same steps as [GitOps](#get-started-with-gitops-and-the-gitlab-agent),
|
||||
The setup process follows the same [Agent's installation steps](install/index.md),
|
||||
with the following differences:
|
||||
|
||||
- When you define a configuration repository, you must do so with [Cilium settings](repository.md#surface-network-security-alerts-from-cluster-to-gitlab).
|
||||
- You do not need to specify the `gitops` configuration section.
|
||||
|
||||
## Management interfaces
|
||||
|
||||
Users with at least the [Developer](../../permissions.md) can access the user interface
|
||||
for the GitLab Kubernetes agent at **Infrastructure > Kubernetes clusters**, under the
|
||||
**GitLab Agent managed clusters** tab. This page lists all registered agents for
|
||||
the current project, and the configuration directory for each agent:
|
||||
|
||||
![GitLab Kubernetes Agent list UI](../img/kubernetes-agent-ui-list_v13_8.png)
|
||||
|
||||
Additional management interfaces are planned for the GitLab Kubernetes Agent.
|
||||
[Provide more feedback in the related epic](https://gitlab.com/groups/gitlab-org/-/epics/4739).
|
||||
|
||||
## Remove the GitLab Kubernetes Agent
|
||||
|
||||
1. Remove an Agent record with GraphQL by deleting the `clusterAgent` and the `clusterAgentToken`.
|
||||
|
|
|
@ -0,0 +1,363 @@
|
|||
---
|
||||
stage: Configure
|
||||
group: Configure
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Install the GitLab Kubernetes Agent **(PREMIUM)**
|
||||
|
||||
To get started with the GitLab Kubernetes Agent, install it in your cluster.
|
||||
|
||||
Pre-requisites:
|
||||
|
||||
- An existing Kubernetes cluster.
|
||||
- An account on GitLab.
|
||||
|
||||
## Installation steps
|
||||
|
||||
To install the [GitLab Kubernetes Agent](../index.md) in your cluster:
|
||||
|
||||
1. [Set up the Kubernetes Agent Server](#set-up-the-kubernetes-agent-server) for your GitLab instance.
|
||||
1. [Define a configuration repository](#define-a-configuration-repository).
|
||||
1. [Create an Agent record in GitLab](#create-an-agent-record-in-gitlab).
|
||||
1. [Install the Agent into the cluster](#install-the-agent-into-the-cluster).
|
||||
1. [Generate and copy a Secret token used to connect to the Agent](#create-the-kubernetes-secret).
|
||||
1. [Create manifest files](#create-manifest-files).
|
||||
|
||||
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> Watch a GitLab 14.2 [walking-through video](https://www.youtube.com/watch?v=XuBpKtsgGkE) with this process.
|
||||
|
||||
### Set up the Kubernetes Agent Server
|
||||
|
||||
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3834) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.10, the GitLab Kubernetes Agent Server (KAS) became available on GitLab.com under `wss://kas.gitlab.com`.
|
||||
|
||||
To use the KAS:
|
||||
|
||||
- If you are a self-managed user, follow the instructions to [install the Kubernetes Agent Server](../../../../administration/clusters/kas.md).
|
||||
- If you are a GitLab.com user, when you [set up the configuration repository](#define-a-configuration-repository) for your agent, use `wss://kas.gitlab.com` as the `--kas-address`.
|
||||
|
||||
### Define a configuration repository
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7, the Agent manifest configuration can be added to multiple directories (or subdirectories) of its repository.
|
||||
> - Group authorization was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
|
||||
|
||||
To configure an Agent, you need:
|
||||
|
||||
1. A GitLab repository to hold the configuration file.
|
||||
1. Install the Agent in a cluster.
|
||||
|
||||
After installed, when you update the configuration file, GitLab transmits the
|
||||
information to the cluster automatically without downtime.
|
||||
|
||||
In your repository, add the Agent configuration file under:
|
||||
|
||||
```plaintext
|
||||
.gitlab/agents/<agent-name>/config.yaml
|
||||
```
|
||||
|
||||
Your `config.yaml` file specifies all configurations of the Agent, such as:
|
||||
|
||||
- The manifest projects to synchronize.
|
||||
- The groups that can access this Agent via the [CI/CD Tunnel](../ci_cd_tunnel.md).
|
||||
- The address of the `hubble-relay` for the Network Security policy integrations.
|
||||
|
||||
As an example, a minimal Agent configuration that sets up only the manifest
|
||||
synchronizations is:
|
||||
|
||||
```yaml
|
||||
gitops:
|
||||
manifest_projects:
|
||||
- id: "path-to/your-manifest-project-1"
|
||||
paths:
|
||||
- glob: '/**/*.{yaml,yml,json}'
|
||||
```
|
||||
|
||||
All the options for the [Kubernetes Agent configuration repository](../repository.md) are documented separately.
|
||||
|
||||
### Create an Agent record in GitLab
|
||||
|
||||
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5786) in GitLab 14.1, you can create a new Agent record directly from the GitLab UI.
|
||||
|
||||
Next, create a GitLab Rails Agent record to associate it with
|
||||
the configuration repository project. Creating this record also creates a Secret needed to configure
|
||||
the Agent in subsequent steps.
|
||||
|
||||
In GitLab:
|
||||
|
||||
1. From your project's sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||
1. Select the **GitLab Agent managed clusters** tab.
|
||||
1. Select **Integrate with the GitLab Agent**.
|
||||
1. From the **Select an Agent** dropdown menu, select the Agent you want to connect and select **Next** to access the installation form.
|
||||
1. The form reveals your registration token. Securely store this secret token as you cannot view it again.
|
||||
1. Copy the command under **Recommended installation method**.
|
||||
|
||||
In your computer:
|
||||
|
||||
1. Open your local terminal and connect to your cluster.
|
||||
1. Run the command you copied from the installation form.
|
||||
|
||||
### Install the Agent into the cluster
|
||||
|
||||
To install the in-cluster component of the Agent, first you need to define a namespace. To create a new namespace,
|
||||
for example, `gitlab-kubernetes-agent`, run:
|
||||
|
||||
```shell
|
||||
kubectl create namespace gitlab-kubernetes-agent
|
||||
```
|
||||
|
||||
To perform a one-liner installation, run the command below. Make sure to replace:
|
||||
|
||||
- `your-agent-token` with the token received from the previous step (identified as `secret` in the JSON output).
|
||||
- `gitlab-kubernetes-agent` with the namespace you defined in the previous step.
|
||||
- `wss://kas.gitlab.example.com` with the configured access of the Kubernetes Agent Server (KAS). For GitLab.com users, the KAS is available under `wss://kas.gitlab.com`.
|
||||
- `--agent-version=vX.Y.Z` with the latest released patch version matching your GitLab installation's major and minor versions. For example, for GitLab v13.9.0, use `--agent-version=v13.9.1`. You can find your GitLab version under the "Help/Help" menu.
|
||||
|
||||
```shell
|
||||
docker run --pull=always --rm registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate --agent-token=your-agent-token --kas-address=wss://kas.gitlab.example.com --agent-version=vX.Y.Z --namespace gitlab-kubernetes-agent | kubectl apply -f -
|
||||
```
|
||||
|
||||
WARNING:
|
||||
`--agent-version stable` can be used to refer to the latest stable release at the time when the command runs. It's fine for
|
||||
testing purposes but for production please make sure to specify a matching version explicitly.
|
||||
|
||||
To find out the various options the above Docker container supports, run:
|
||||
|
||||
```shell
|
||||
docker run --pull=always --rm registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate --help
|
||||
```
|
||||
|
||||
## Advanced installation
|
||||
|
||||
For more advanced configurations, we recommend to use [the `kpt` based installation method](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/build/deployment/gitlab-agent).
|
||||
|
||||
Otherwise, follow the manual installation steps described below.
|
||||
|
||||
### Create the Kubernetes secret
|
||||
|
||||
After generating the token, you must apply it to the Kubernetes cluster.
|
||||
|
||||
To create your Secret, run:
|
||||
|
||||
```shell
|
||||
kubectl create secret generic -n gitlab-kubernetes-agent gitlab-kubernetes-agent-token --from-literal=token='YOUR_AGENT_TOKEN'
|
||||
```
|
||||
|
||||
The following example file contains the
|
||||
Kubernetes resources required for the Agent to be installed. You can modify this
|
||||
example [`resources.yml` file](#example-resourcesyml-file) in the following ways:
|
||||
|
||||
- Replace `namespace: gitlab-kubernetes-agent` with `namespace: <YOUR-DESIRED-NAMESPACE>`.
|
||||
- You can configure `kas-address` (Kubernetes Agent Server) in several ways.
|
||||
The agent can use the WebSockets or gRPC protocols to connect to the Agent Server.
|
||||
Select the option appropriate for your cluster configuration and GitLab architecture:
|
||||
- The `wss` scheme (an encrypted WebSockets connection) is specified by default
|
||||
after you install the `gitlab-kas` sub-chart, or enable `gitlab-kas` for Omnibus GitLab.
|
||||
When using the sub-chart, you must set `wss://kas.host.tld:443` as
|
||||
`kas-address`, where `host.tld` is the domain you've setup for your GitLab installation.
|
||||
When using Omnibus GitLab, you must set `wss://GitLab.host.tld:443/-/kubernetes-agent/` as
|
||||
`kas-address`, where `GitLab.host.tld` is your GitLab hostname.
|
||||
- When using the sub-chart, specify the `ws` scheme (such as `ws://kas.host.tld:80`)
|
||||
to use an unencrypted WebSockets connection.
|
||||
When using the Omnibus GitLab, specify the `ws` scheme (such as `ws://GitLab.host.tld:80/-/kubernetes-agent/`).
|
||||
- Specify the `grpc` scheme if both Agent and Server are installed in one cluster.
|
||||
In this case, you may specify `kas-address` value as
|
||||
`grpc://gitlab-kas.<your-namespace>:8150`) to use gRPC directly, where `gitlab-kas`
|
||||
is the name of the service created by `gitlab-kas` chart, and `<your-namespace>`
|
||||
is the namespace where the chart was installed.
|
||||
- Specify the `grpcs` scheme to use an encrypted gRPC connection.
|
||||
- When deploying KAS through the [GitLab chart](https://docs.gitlab.com/charts/), it's possible to customize the
|
||||
`kas-address` for `wss` and `ws` schemes to whatever you need.
|
||||
Check the [chart's KAS Ingress documentation](https://docs.gitlab.com/charts/charts/gitlab/kas/#ingress)
|
||||
to learn more about it.
|
||||
- In the near future, Omnibus GitLab intends to provision `gitlab-kas` under a sub-domain by default, instead of the `/-/kubernetes-agent/` path. Please follow [this issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5784) for details.
|
||||
- If you defined your own secret name, replace `gitlab-kubernetes-agent-token` with your
|
||||
secret name in the `secretName:` section.
|
||||
|
||||
To apply this file, run the following command:
|
||||
|
||||
```shell
|
||||
kubectl apply -n gitlab-kubernetes-agent -f ./resources.yml
|
||||
```
|
||||
|
||||
To review your configuration, run the following command:
|
||||
|
||||
```shell
|
||||
$ kubectl get pods -n gitlab-kubernetes-agent
|
||||
|
||||
NAMESPACE NAME READY STATUS RESTARTS AGE
|
||||
gitlab-kubernetes-agent gitlab-kubernetes-agent-77689f7dcb-5skqk 1/1 Running 0 51s
|
||||
```
|
||||
|
||||
#### Example `resources.yml` file
|
||||
|
||||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gitlab-kubernetes-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gitlab-kubernetes-agent
|
||||
spec:
|
||||
serviceAccountName: gitlab-kubernetes-agent
|
||||
containers:
|
||||
- name: agent
|
||||
# Make sure to specify a matching version for production
|
||||
image: "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:vX.Y.Z
|
||||
args:
|
||||
- --token-file=/config/token
|
||||
- --kas-address
|
||||
- wss://kas.host.tld:443 # replace this line with the line below if using Omnibus GitLab or GitLab.com.
|
||||
# - wss://gitlab.host.tld:443/-/kubernetes-agent/
|
||||
# - wss://kas.gitlab.com # for GitLab.com users, use this KAS.
|
||||
# - grpc://host.docker.internal:8150 # use this attribute when connecting from Docker.
|
||||
volumeMounts:
|
||||
- name: token-volume
|
||||
mountPath: /config
|
||||
volumes:
|
||||
- name: token-volume
|
||||
secret:
|
||||
secretName: gitlab-kubernetes-agent-token
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
maxUnavailable: 1
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-write
|
||||
rules:
|
||||
- resources:
|
||||
- '*'
|
||||
apiGroups:
|
||||
- '*'
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-write-binding
|
||||
roleRef:
|
||||
name: gitlab-kubernetes-agent-write
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- name: gitlab-kubernetes-agent
|
||||
kind: ServiceAccount
|
||||
namespace: gitlab-kubernetes-agent
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-read
|
||||
rules:
|
||||
- resources:
|
||||
- '*'
|
||||
apiGroups:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gitlab-kubernetes-agent-read-binding
|
||||
roleRef:
|
||||
name: gitlab-kubernetes-agent-read
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- name: gitlab-kubernetes-agent
|
||||
kind: ServiceAccount
|
||||
namespace: gitlab-kubernetes-agent
|
||||
```
|
||||
|
||||
### Create manifest files
|
||||
|
||||
In a previous step, you configured a `config.yaml` to point to the GitLab projects
|
||||
the Agent should synchronize. Agent monitors each of those projects for changes to the manifest files it contains. You can auto-generate manifest files with a
|
||||
templating engine or other means.
|
||||
|
||||
The agent is authorized to download manifests for the configuration
|
||||
project, and public projects. Support for other private projects is
|
||||
planned in the issue [Agent authorization for private manifest
|
||||
projects](https://gitlab.com/gitlab-org/gitlab/-/issues/220912).
|
||||
|
||||
Each time you push a change to a monitored manifest repository, the Agent logs the change:
|
||||
|
||||
```plaintext
|
||||
2020-09-15_14:09:04.87946 gitlab-k8s-agent : time="2020-09-15T10:09:04-04:00" level=info msg="Config: new commit" agent_id=1 commit_id=e6a3651f1faa2e928fe6120e254c122451be4eea
|
||||
```
|
||||
|
||||
#### Example manifest file
|
||||
|
||||
This file creates a minimal `ConfigMap`:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: demo-map
|
||||
namespace: gitlab-kubernetes-agent # Can be any namespace managed by you that the agent has access to.
|
||||
data:
|
||||
key: value
|
||||
```
|
||||
|
||||
## Example projects
|
||||
|
||||
The following example projects can help you get started with the Kubernetes Agent.
|
||||
|
||||
- [Configuration repository](https://gitlab.com/gitlab-org/configure/examples/kubernetes-agent)
|
||||
- This basic GitOps example deploys NGINX: [Manifest repository](https://gitlab.com/gitlab-org/configure/examples/gitops-project)
|
||||
|
||||
## View installed Agents
|
||||
|
||||
Users with at least the [Developer](../../../permissions.md) can access the user interface
|
||||
for the GitLab Kubernetes Agent at **Infrastructure > Kubernetes clusters**, under the
|
||||
**GitLab Agent managed clusters** tab. This page lists all registered agents for
|
||||
the current project, and the configuration directory for each agent:
|
||||
|
||||
![GitLab Kubernetes Agent list UI](../../img/kubernetes-agent-ui-list_v13_8.png)
|
||||
|
||||
Additional management interfaces are planned for the GitLab Kubernetes Agent.
|
||||
[Provide more feedback in the related epic](https://gitlab.com/groups/gitlab-org/-/epics/4739).
|
||||
|
||||
## Upgrades and version compatibility
|
||||
|
||||
As the GitLab Kubernetes Agent is a new product, we are constantly adding new features
|
||||
to it. As a result, while shipped features are production ready, its internal API is
|
||||
neither stable nor versioned yet. For this reason, GitLab only guarantees compatibility
|
||||
between corresponding major.minor (X.Y) versions of GitLab and its cluster side
|
||||
component, `agentk`.
|
||||
|
||||
Upgrade your agent installations together with GitLab upgrades. To decide which version of `agentk` to install follow:
|
||||
|
||||
1. Open the [`GITLAB_KAS_VERSION`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/GITLAB_KAS_VERSION) file from the GitLab Repository, which contains the latest `agentk` version associated with the `master` branch.
|
||||
1. Change the `master` branch and select the Git tag associated with your version. For instance, you could change it to GitLab [v13.5.3-ee release](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.5.3-ee/GITLAB_KAS_VERSION)
|
||||
|
||||
The available `agentk` and `kas` versions can be found in
|
||||
[the container registry](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/container_registry/).
|
|
@ -177,6 +177,17 @@ module API
|
|||
|
||||
def filter_attributes_using_license!(attrs)
|
||||
end
|
||||
|
||||
def validate_git_import_url!(import_url, import_enabled: true)
|
||||
return if import_url.blank?
|
||||
return unless import_enabled
|
||||
|
||||
result = Import::ValidateRemoteGitEndpointService.new(url: import_url).execute # network call
|
||||
|
||||
if result.error?
|
||||
render_api_error!(result.message, 422)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -91,7 +91,7 @@ module API
|
|||
end
|
||||
|
||||
def check_import_by_url_is_enabled
|
||||
forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('git')
|
||||
Gitlab::CurrentSettings.import_sources&.include?('git') || forbidden!
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -269,7 +269,9 @@ module API
|
|||
attrs = declared_params(include_missing: false)
|
||||
attrs = translate_params_for_compatibility(attrs)
|
||||
filter_attributes_using_license!(attrs)
|
||||
check_import_by_url_is_enabled if params[:import_url].present?
|
||||
|
||||
validate_git_import_url!(params[:import_url], import_enabled: check_import_by_url_is_enabled)
|
||||
|
||||
project = ::Projects::CreateService.new(current_user, attrs).execute
|
||||
|
||||
if project.saved?
|
||||
|
@ -307,6 +309,8 @@ module API
|
|||
attrs = declared_params(include_missing: false)
|
||||
attrs = translate_params_for_compatibility(attrs)
|
||||
filter_attributes_using_license!(attrs)
|
||||
validate_git_import_url!(params[:import_url])
|
||||
|
||||
project = ::Projects::CreateService.new(user, attrs).execute
|
||||
|
||||
if project.saved?
|
||||
|
|
|
@ -7,10 +7,6 @@ module BulkImports
|
|||
include Gitlab::ImportExport::CommandLineUtil
|
||||
include Gitlab::Utils::StrongMemoize
|
||||
|
||||
FILE_SIZE_LIMIT = 5.gigabytes
|
||||
ALLOWED_CONTENT_TYPES = %w(application/gzip application/octet-stream).freeze
|
||||
EXPORT_DOWNLOAD_URL_PATH = "/%{resource}/%{full_path}/export_relations/download?relation=%{relation}"
|
||||
|
||||
def initialize(relation:)
|
||||
@relation = relation
|
||||
@tmp_dir = Dir.mktmpdir
|
||||
|
@ -39,32 +35,18 @@ module BulkImports
|
|||
def download_service(tmp_dir, context)
|
||||
@download_service ||= BulkImports::FileDownloadService.new(
|
||||
configuration: context.configuration,
|
||||
relative_url: relative_resource_url(context),
|
||||
dir: tmp_dir,
|
||||
filename: filename,
|
||||
file_size_limit: FILE_SIZE_LIMIT,
|
||||
allowed_content_types: ALLOWED_CONTENT_TYPES
|
||||
)
|
||||
end
|
||||
|
||||
def decompression_service(tmp_dir)
|
||||
@decompression_service ||= BulkImports::FileDecompressionService.new(
|
||||
relative_url: context.entity.relation_download_url_path(relation),
|
||||
dir: tmp_dir,
|
||||
filename: filename
|
||||
)
|
||||
end
|
||||
|
||||
def ndjson_reader(tmp_dir)
|
||||
@ndjson_reader ||= Gitlab::ImportExport::Json::NdjsonReader.new(tmp_dir)
|
||||
def decompression_service(tmp_dir)
|
||||
@decompression_service ||= BulkImports::FileDecompressionService.new(dir: tmp_dir, filename: filename)
|
||||
end
|
||||
|
||||
def relative_resource_url(context)
|
||||
strong_memoize(:relative_resource_url) do
|
||||
resource = context.entity.pluralized_name
|
||||
encoded_full_path = context.entity.encoded_source_full_path
|
||||
|
||||
EXPORT_DOWNLOAD_URL_PATH % { resource: resource, full_path: encoded_full_path, relation: relation }
|
||||
end
|
||||
def ndjson_reader(tmp_dir)
|
||||
@ndjson_reader ||= Gitlab::ImportExport::Json::NdjsonReader.new(tmp_dir)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module BulkImports
|
||||
module Common
|
||||
module Pipelines
|
||||
class UploadsPipeline
|
||||
include Pipeline
|
||||
include Gitlab::ImportExport::CommandLineUtil
|
||||
|
||||
FILENAME = 'uploads.tar.gz'
|
||||
|
||||
def extract(context)
|
||||
download_service(tmp_dir, context).execute
|
||||
untar_zxf(archive: File.join(tmp_dir, FILENAME), dir: tmp_dir)
|
||||
upload_file_paths = Dir.glob(File.join(tmp_dir, '**', '*'))
|
||||
|
||||
BulkImports::Pipeline::ExtractedData.new(data: upload_file_paths)
|
||||
end
|
||||
|
||||
def load(context, file_path)
|
||||
dynamic_path = FileUploader.extract_dynamic_path(file_path)
|
||||
|
||||
return unless dynamic_path
|
||||
return if File.directory?(file_path)
|
||||
|
||||
named_captures = dynamic_path.named_captures.symbolize_keys
|
||||
|
||||
UploadService.new(context.portable, File.open(file_path, 'r'), FileUploader, **named_captures).execute
|
||||
end
|
||||
|
||||
def after_run(_)
|
||||
FileUtils.remove_entry(tmp_dir)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def download_service(tmp_dir, context)
|
||||
BulkImports::FileDownloadService.new(
|
||||
configuration: context.configuration,
|
||||
relative_url: context.entity.relation_download_url_path('uploads'),
|
||||
dir: tmp_dir,
|
||||
filename: FILENAME
|
||||
)
|
||||
end
|
||||
|
||||
def tmp_dir
|
||||
@tmp_dir ||= Dir.mktmpdir('bulk_imports')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -27,9 +27,13 @@ module BulkImports
|
|||
pipeline: BulkImports::Common::Pipelines::BoardsPipeline,
|
||||
stage: 4
|
||||
},
|
||||
uploads: {
|
||||
pipeline: BulkImports::Common::Pipelines::UploadsPipeline,
|
||||
stage: 5
|
||||
},
|
||||
finisher: {
|
||||
pipeline: BulkImports::Common::Pipelines::EntityFinisher,
|
||||
stage: 5
|
||||
stage: 6
|
||||
}
|
||||
}
|
||||
end
|
||||
|
|
|
@ -19,7 +19,7 @@ module Gitlab
|
|||
'font_src' => "'self'",
|
||||
'form_action' => "'self' https: http:",
|
||||
'frame_ancestors' => "'self'",
|
||||
'frame_src' => "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com",
|
||||
'frame_src' => "#{framed_gitlab_paths.join(' ')} https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com",
|
||||
'img_src' => "'self' data: blob: http: https:",
|
||||
'manifest_src' => "'self'",
|
||||
'media_src' => "'self'",
|
||||
|
@ -30,11 +30,6 @@ module Gitlab
|
|||
'report_uri' => nil
|
||||
}
|
||||
|
||||
# frame-src was deprecated in CSP level 2 in favor of child-src
|
||||
# CSP level 3 "undeprecated" frame-src and browsers fall back on child-src if it's missing
|
||||
# However Safari seems to read child-src first so we'll just keep both equal
|
||||
directives['child_src'] = directives['frame_src']
|
||||
|
||||
# connect_src with 'self' includes https/wss variations of the origin,
|
||||
# however, safari hasn't covered this yet and we need to explicitly add
|
||||
# support for websocket origins until Safari catches up with the specs
|
||||
|
@ -44,6 +39,11 @@ module Gitlab
|
|||
allow_customersdot(directives) if Rails.env.development? && ENV['CUSTOMER_PORTAL_URL'].present?
|
||||
allow_sentry(directives) if Gitlab.config.sentry&.enabled && Gitlab.config.sentry&.clientside_dsn
|
||||
|
||||
# frame-src was deprecated in CSP level 2 in favor of child-src
|
||||
# CSP level 3 "undeprecated" frame-src and browsers fall back on child-src if it's missing
|
||||
# However Safari seems to read child-src first so we'll just keep both equal
|
||||
directives['child_src'] = directives['frame_src']
|
||||
|
||||
directives
|
||||
end
|
||||
|
||||
|
@ -119,6 +119,14 @@ module Gitlab
|
|||
|
||||
append_to_directive(directives, 'connect_src', sentry_uri.to_s)
|
||||
end
|
||||
|
||||
# Using 'self' in the CSP introduces several CSP bypass opportunities
|
||||
# for this reason we list the URLs where GitLab frames itself instead
|
||||
def self.framed_gitlab_paths
|
||||
['/admin/sidekiq', '/-/speedscope/index.html'].map do |path|
|
||||
Gitlab::Utils.append_path(Gitlab.config.gitlab.url, path)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -28,15 +28,21 @@ module Gitlab
|
|||
#
|
||||
# The worker classes aren't constants here, because that would force
|
||||
# Application Settings to be loaded earlier causing failures loading
|
||||
# the environmant in rake tasks
|
||||
# the environment in rake tasks
|
||||
EXEMPT_WORKER_NAMES = ["BackgroundMigrationWorker", "Database::BatchedBackgroundMigrationWorker"].to_set
|
||||
JOB_STATUS_KEY = 'size_limiter'
|
||||
|
||||
class << self
|
||||
def validate!(worker_class, job)
|
||||
return if EXEMPT_WORKER_NAMES.include?(worker_class.to_s)
|
||||
return if validated?(job)
|
||||
|
||||
new(worker_class, job).validate!
|
||||
end
|
||||
|
||||
def validated?(job)
|
||||
job.has_key?(JOB_STATUS_KEY)
|
||||
end
|
||||
end
|
||||
|
||||
DEFAULT_SIZE_LIMIT = 0
|
||||
|
@ -64,6 +70,8 @@ module Gitlab
|
|||
end
|
||||
|
||||
def validate!
|
||||
@job[JOB_STATUS_KEY] = 'validated'
|
||||
|
||||
job_args = compress_if_necessary(::Sidekiq.dump_json(@job['args']))
|
||||
|
||||
return if @size_limit == 0
|
||||
|
@ -72,8 +80,10 @@ module Gitlab
|
|||
|
||||
exception = exceed_limit_error(job_args)
|
||||
if compress_mode?
|
||||
@job.delete(JOB_STATUS_KEY)
|
||||
raise exception
|
||||
else
|
||||
@job[JOB_STATUS_KEY] = 'tracked'
|
||||
track(exception)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -16215,12 +16215,6 @@ msgstr ""
|
|||
msgid "GroupRoadmap|No start date – %{dateWord}"
|
||||
msgstr ""
|
||||
|
||||
msgid "GroupRoadmap|Roadmaps can display up to 1,000 epics. These appear in your selected sort order."
|
||||
msgstr ""
|
||||
|
||||
msgid "GroupRoadmap|Some of your epics might not be visible"
|
||||
msgstr ""
|
||||
|
||||
msgid "GroupRoadmap|Something went wrong while fetching epics"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -354,7 +354,7 @@ module QA
|
|||
end
|
||||
|
||||
def apply_suggestion_with_message(message)
|
||||
click_element(:apply_suggestion_dropdown)
|
||||
all_elements(:apply_suggestion_dropdown, minimum: 1).first.click
|
||||
fill_element(:commit_message_field, message)
|
||||
click_element(:commit_with_custom_message_button)
|
||||
end
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
module QA
|
||||
RSpec.describe 'Create' do
|
||||
context 'Add batch suggestions to a Merge Request', :transient do
|
||||
context 'Add batch suggestions to a Merge Request' do
|
||||
let(:project) do
|
||||
Resource::Project.fabricate_via_api! do |project|
|
||||
project.name = 'suggestions_project'
|
||||
|
@ -46,7 +46,7 @@ module QA
|
|||
merge_request.visit!
|
||||
end
|
||||
|
||||
it 'applies multiple suggestions', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1838', quarantine: { issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/342131', type: :stale } do
|
||||
it 'applies multiple suggestions', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1838' do
|
||||
Page::MergeRequest::Show.perform do |merge_request|
|
||||
merge_request.click_diffs_tab
|
||||
4.times { merge_request.add_suggestion_to_batch }
|
||||
|
|
|
@ -397,11 +397,24 @@ RSpec.describe Groups::DependencyProxyForContainersController do
|
|||
group.add_guest(user)
|
||||
end
|
||||
|
||||
it 'sends Workhorse file upload instructions', :aggregate_failures do
|
||||
it 'sends Workhorse local file instructions', :aggregate_failures do
|
||||
authorize_upload_blob
|
||||
|
||||
expect(response.headers['Content-Type']).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
|
||||
expect(json_response['TempPath']).to eq(DependencyProxy::FileUploader.workhorse_local_upload_path)
|
||||
expect(json_response['RemoteObject']).to be_nil
|
||||
expect(json_response['MaximumSize']).to eq(5.gigabytes)
|
||||
end
|
||||
|
||||
it 'sends Workhorse remote object instructions', :aggregate_failures do
|
||||
stub_dependency_proxy_object_storage(direct_upload: true)
|
||||
|
||||
authorize_upload_blob
|
||||
|
||||
expect(response.headers['Content-Type']).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
|
||||
expect(json_response['TempPath']).to be_nil
|
||||
expect(json_response['RemoteObject']).not_to be_nil
|
||||
expect(json_response['MaximumSize']).to eq(5.gigabytes)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe BulkImports::Common::Pipelines::UploadsPipeline do
|
||||
let_it_be(:tmpdir) { Dir.mktmpdir }
|
||||
let_it_be(:project) { create(:project) }
|
||||
let_it_be(:entity) { create(:bulk_import_entity, :project_entity, project: project, source_full_path: 'test') }
|
||||
let_it_be(:tracker) { create(:bulk_import_tracker, entity: entity) }
|
||||
let_it_be(:context) { BulkImports::Pipeline::Context.new(tracker) }
|
||||
let_it_be(:uploads_dir_path) { File.join(tmpdir, '72a497a02fe3ee09edae2ed06d390038') }
|
||||
let_it_be(:upload_file_path) { File.join(uploads_dir_path, 'upload.txt')}
|
||||
|
||||
subject(:pipeline) { described_class.new(context) }
|
||||
|
||||
before do
|
||||
stub_uploads_object_storage(FileUploader)
|
||||
|
||||
FileUtils.mkdir_p(uploads_dir_path)
|
||||
FileUtils.touch(upload_file_path)
|
||||
end
|
||||
|
||||
after do
|
||||
FileUtils.remove_entry(tmpdir) if Dir.exist?(tmpdir)
|
||||
end
|
||||
|
||||
describe '#run' do
|
||||
it 'imports uploads into destination portable and removes tmpdir' do
|
||||
allow(Dir).to receive(:mktmpdir).with('bulk_imports').and_return(tmpdir)
|
||||
allow(pipeline).to receive(:extract).and_return(BulkImports::Pipeline::ExtractedData.new(data: [upload_file_path]))
|
||||
|
||||
pipeline.run
|
||||
|
||||
expect(project.uploads.map { |u| u.retrieve_uploader.filename }).to include('upload.txt')
|
||||
|
||||
expect(Dir.exist?(tmpdir)).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#extract' do
|
||||
it 'downloads & extracts upload paths' do
|
||||
allow(Dir).to receive(:mktmpdir).and_return(tmpdir)
|
||||
expect(pipeline).to receive(:untar_zxf)
|
||||
file_download_service = instance_double("BulkImports::FileDownloadService")
|
||||
|
||||
expect(BulkImports::FileDownloadService)
|
||||
.to receive(:new)
|
||||
.with(
|
||||
configuration: context.configuration,
|
||||
relative_url: "/projects/test/export_relations/download?relation=uploads",
|
||||
dir: tmpdir,
|
||||
filename: 'uploads.tar.gz')
|
||||
.and_return(file_download_service)
|
||||
|
||||
expect(file_download_service).to receive(:execute)
|
||||
|
||||
extracted_data = pipeline.extract(context)
|
||||
|
||||
expect(extracted_data.data).to contain_exactly(uploads_dir_path, upload_file_path)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#load' do
|
||||
it 'creates a file upload' do
|
||||
expect { pipeline.load(context, upload_file_path) }.to change { project.uploads.count }.by(1)
|
||||
end
|
||||
|
||||
context 'when dynamic path is nil' do
|
||||
it 'returns' do
|
||||
expect { pipeline.load(context, File.join(tmpdir, 'test')) }.not_to change { project.uploads.count }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when path is a directory' do
|
||||
it 'returns' do
|
||||
expect { pipeline.load(context, uploads_dir_path) }.not_to change { project.uploads.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -10,7 +10,8 @@ RSpec.describe BulkImports::Projects::Stage do
|
|||
[2, BulkImports::Common::Pipelines::LabelsPipeline],
|
||||
[3, BulkImports::Projects::Pipelines::IssuesPipeline],
|
||||
[4, BulkImports::Common::Pipelines::BoardsPipeline],
|
||||
[5, BulkImports::Common::Pipelines::EntityFinisher]
|
||||
[5, BulkImports::Common::Pipelines::UploadsPipeline],
|
||||
[6, BulkImports::Common::Pipelines::EntityFinisher]
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -109,7 +109,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
|
|||
end
|
||||
|
||||
it 'does not add CUSTOMER_PORTAL_URL to CSP' do
|
||||
expect(directives['frame_src']).to eq("'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com")
|
||||
expect(directives['frame_src']).to eq("http://localhost/admin/sidekiq http://localhost/-/speedscope/index.html https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -119,12 +119,36 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
|
|||
end
|
||||
|
||||
it 'adds CUSTOMER_PORTAL_URL to CSP' do
|
||||
expect(directives['frame_src']).to eq("'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://customers.example.com")
|
||||
expect(directives['frame_src']).to eq("http://localhost/admin/sidekiq http://localhost/-/speedscope/index.html https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://customers.example.com")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#framed_gitlab_paths' do
|
||||
context 'generates URLs to be added to child-src' do
|
||||
it 'with insecure domain' do
|
||||
stub_config_setting(url: 'http://example.com')
|
||||
expect(described_class.framed_gitlab_paths).to eq(%w[http://example.com/admin/sidekiq http://example.com/-/speedscope/index.html])
|
||||
end
|
||||
|
||||
it 'with secure domain' do
|
||||
stub_config_setting(url: 'https://example.com')
|
||||
expect(described_class.framed_gitlab_paths).to eq(%w[https://example.com/admin/sidekiq https://example.com/-/speedscope/index.html])
|
||||
end
|
||||
|
||||
it 'with custom port' do
|
||||
stub_config_setting(url: 'http://example.com:1234')
|
||||
expect(described_class.framed_gitlab_paths).to eq(%w[http://example.com:1234/admin/sidekiq http://example.com:1234/-/speedscope/index.html])
|
||||
end
|
||||
|
||||
it 'with custom port and secure domain' do
|
||||
stub_config_setting(url: 'https://example.com:1234')
|
||||
expect(described_class.framed_gitlab_paths).to eq(%w[https://example.com:1234/admin/sidekiq https://example.com:1234/-/speedscope/index.html])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#load' do
|
||||
subject { described_class.new(csp_config[:directives]) }
|
||||
|
||||
|
|
|
@ -187,37 +187,51 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
|
||||
context 'when size limit is 0' do
|
||||
let(:size_limit) { 0 }
|
||||
let(:job) { job_payload(a: 'a' * 300) }
|
||||
|
||||
it 'does not track jobs' do
|
||||
expect(Gitlab::ErrorTracking).not_to receive(:track_exception)
|
||||
|
||||
validate.call(TestSizeLimiterWorker, job_payload(a: 'a' * 300))
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end
|
||||
|
||||
it 'does not raise exception' do
|
||||
expect do
|
||||
validate.call(TestSizeLimiterWorker, job_payload(a: 'a' * 300))
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when job size is bigger than size limit' do
|
||||
let(:size_limit) { 50 }
|
||||
let(:job) { job_payload(a: 'a' * 300) }
|
||||
|
||||
it 'tracks job' do
|
||||
expect(Gitlab::ErrorTracking).to receive(:track_exception).with(
|
||||
be_a(Gitlab::SidekiqMiddleware::SizeLimiter::ExceedLimitError)
|
||||
)
|
||||
|
||||
validate.call(TestSizeLimiterWorker, job_payload(a: 'a' * 100))
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end
|
||||
|
||||
it 'does not raise an exception' do
|
||||
expect do
|
||||
validate.call(TestSizeLimiterWorker, job_payload(a: 'a' * 300))
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as tracked' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('tracked')
|
||||
end
|
||||
|
||||
context 'when the worker has big_payload attribute' do
|
||||
before do
|
||||
worker_class.big_payload!
|
||||
|
@ -238,20 +252,33 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
validate.call('TestSizeLimiterWorker', job_payload(a: 'a' * 300))
|
||||
end.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when job size is less than size limit' do
|
||||
let(:size_limit) { 50 }
|
||||
let(:job) { job_payload(a: 'a') }
|
||||
|
||||
it 'does not track job' do
|
||||
expect(Gitlab::ErrorTracking).not_to receive(:track_exception)
|
||||
|
||||
validate.call(TestSizeLimiterWorker, job_payload(a: 'a'))
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end
|
||||
|
||||
it 'does not raise an exception' do
|
||||
expect { validate.call(TestSizeLimiterWorker, job_payload(a: 'a')) }.not_to raise_error
|
||||
expect { validate.call(TestSizeLimiterWorker, job) }.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -266,7 +293,13 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
|
||||
it 'does not raise an exception' do
|
||||
expect(::Gitlab::SidekiqMiddleware::SizeLimiter::Compressor).not_to receive(:compress)
|
||||
expect { validate.call(TestSizeLimiterWorker, job_payload(a: 'a')) }.not_to raise_error
|
||||
expect { validate.call(TestSizeLimiterWorker, job) }.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -283,6 +316,12 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when job size is bigger than compression threshold and size limit is 0' do
|
||||
|
@ -299,6 +338,12 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.not_to raise_error
|
||||
end
|
||||
|
||||
it 'marks the job as validated' do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the job was already compressed' do
|
||||
|
@ -326,6 +371,8 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
expect do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.to raise_error(Gitlab::SidekiqMiddleware::SizeLimiter::ExceedLimitError)
|
||||
|
||||
expect(job['size_limiter']).to eq(nil)
|
||||
end
|
||||
|
||||
it 'does not raise an exception when the worker allows big payloads' do
|
||||
|
@ -338,6 +385,8 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
expect do
|
||||
validate.call(TestSizeLimiterWorker, job)
|
||||
end.not_to raise_error
|
||||
|
||||
expect(job['size_limiter']).to eq('validated')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -363,6 +412,29 @@ RSpec.describe Gitlab::SidekiqMiddleware::SizeLimiter::Validator, :aggregate_fai
|
|||
validate.call(class_name.constantize, job_payload)
|
||||
end
|
||||
end
|
||||
|
||||
it "skips jobs that are already validated" do
|
||||
expect(described_class).to receive(:new).once.and_call_original
|
||||
|
||||
job = job_payload
|
||||
|
||||
described_class.validate!(TestSizeLimiterWorker, job)
|
||||
described_class.validate!(TestSizeLimiterWorker, job)
|
||||
end
|
||||
end
|
||||
|
||||
describe '.validated?' do
|
||||
let(:job) { job_payload }
|
||||
|
||||
it 'returns true when the job is already validated' do
|
||||
described_class.validate!(TestSizeLimiterWorker, job)
|
||||
|
||||
expect(described_class.validated?(job)).to eq(true)
|
||||
end
|
||||
|
||||
it 'returns false when job is not yet validated' do
|
||||
expect(described_class.validated?(job)).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#validate!' do
|
||||
|
|
|
@ -243,4 +243,13 @@ RSpec.describe BulkImports::Entity, type: :model do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#relation_download_url_path' do
|
||||
it 'returns export relations url with download query string' do
|
||||
entity = build(:bulk_import_entity)
|
||||
|
||||
expect(entity.relation_download_url_path('test'))
|
||||
.to eq("/groups/#{entity.encoded_source_full_path}/export_relations/download?relation=test")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -48,6 +48,7 @@ end
|
|||
|
||||
RSpec.describe API::Projects do
|
||||
include ProjectForksHelper
|
||||
include StubRequests
|
||||
|
||||
let_it_be(:user) { create(:user) }
|
||||
let_it_be(:user2) { create(:user) }
|
||||
|
@ -1159,6 +1160,34 @@ RSpec.describe API::Projects do
|
|||
expect(response).to have_gitlab_http_status(:forbidden)
|
||||
end
|
||||
|
||||
it 'disallows creating a project with an import_url that is not reachable', :aggregate_failures do
|
||||
url = 'http://example.com'
|
||||
endpoint_url = "#{url}/info/refs?service=git-upload-pack"
|
||||
stub_full_request(endpoint_url, method: :get).to_return({ status: 301, body: '', headers: nil })
|
||||
project_params = { import_url: url, path: 'path-project-Foo', name: 'Foo Project' }
|
||||
|
||||
expect { post api('/projects', user), params: project_params }.not_to change { Project.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
||||
expect(json_response['message']).to eq("#{url} is not a valid HTTP Git repository")
|
||||
end
|
||||
|
||||
it 'creates a project with an import_url that is valid', :aggregate_failures do
|
||||
url = 'http://example.com'
|
||||
endpoint_url = "#{url}/info/refs?service=git-upload-pack"
|
||||
git_response = {
|
||||
status: 200,
|
||||
body: '001e# service=git-upload-pack',
|
||||
headers: { 'Content-Type': 'application/x-git-upload-pack-advertisement' }
|
||||
}
|
||||
stub_full_request(endpoint_url, method: :get).to_return(git_response)
|
||||
project_params = { import_url: url, path: 'path-project-Foo', name: 'Foo Project' }
|
||||
|
||||
expect { post api('/projects', user), params: project_params }.to change { Project.count }.by(1)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:created)
|
||||
end
|
||||
|
||||
it 'sets a project as public' do
|
||||
project = attributes_for(:project, visibility: 'public')
|
||||
|
||||
|
|
|
@ -0,0 +1,131 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe 'issue discussions' do
|
||||
describe 'GET /:namespace/:project/-/issues/:iid/discussions' do
|
||||
let_it_be(:user) { create(:user) }
|
||||
let_it_be(:project) { create(:project) }
|
||||
let_it_be(:issue) { create(:issue, project: project) }
|
||||
let_it_be(:note_author) { create(:user) }
|
||||
let_it_be(:notes) { create_list(:note, 5, project: project, noteable: issue, author: note_author) }
|
||||
|
||||
before_all do
|
||||
project.add_maintainer(user)
|
||||
end
|
||||
|
||||
def get_discussions
|
||||
get discussions_namespace_project_issue_path(namespace_id: project.namespace, project_id: project, id: issue.iid), headers: {
|
||||
'If-None-Match' => @etag
|
||||
}
|
||||
|
||||
@etag = response.etag
|
||||
end
|
||||
|
||||
before do
|
||||
sign_in(user)
|
||||
|
||||
get_discussions
|
||||
end
|
||||
|
||||
shared_examples 'cache miss' do
|
||||
it 'returns 200 and serializes JSON' do
|
||||
expect(DiscussionSerializer).to receive(:new).and_call_original
|
||||
|
||||
get_discussions
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'cache hit' do
|
||||
it 'returns 304 without serializing JSON' do
|
||||
expect(DiscussionSerializer).not_to receive(:new)
|
||||
|
||||
get_discussions
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_modified)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when issue_discussions_http_cache is disabled' do
|
||||
before do
|
||||
stub_feature_flags(issue_discussions_http_cache: false)
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when issue_discussions_http_cache is enabled' do
|
||||
before do
|
||||
stub_feature_flags(issue_discussions_http_cache: true)
|
||||
end
|
||||
|
||||
it_behaves_like 'cache hit'
|
||||
|
||||
context 'when user role changes' do
|
||||
before do
|
||||
project.add_guest(user)
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when emoji is awarded to a note' do
|
||||
before do
|
||||
travel_to(1.minute.from_now) { create(:award_emoji, awardable: notes.first) }
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note author name changes' do
|
||||
before do
|
||||
note_author.update!(name: 'New name')
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note author status changes' do
|
||||
before do
|
||||
Users::SetStatusService.new(note_author, message: "updated status").execute
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note author role changes' do
|
||||
before do
|
||||
project.add_developer(note_author)
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note is added' do
|
||||
before do
|
||||
create(:note, project: project, noteable: issue)
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note is modified' do
|
||||
before do
|
||||
notes.first.update!(note: 'edited text')
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
|
||||
context 'when note is deleted' do
|
||||
before do
|
||||
notes.first.destroy!
|
||||
end
|
||||
|
||||
it_behaves_like 'cache miss'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue