zarf.yaml

# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json
kind: ZarfPackageConfig
metadata:
  name: gitlab
  description: "UDS GitLab capability deployed via flux"
  # x-release-please-start-version
  version: "0.1.17"
  # x-release-please-end
  architecture: amd64

variables:
  - name: GITLAB_DEPENDS_ON
    default: "[]"
  - name: GITLAB_CREATE_NAMESPACE
    default: "false"
  - name: DOMAIN
    default: "bigbang.dev"
  - name: BUCKET_SUFFIX
    default: ""
  - name: ISTIO_VERSION
    default: "unset"
  - name: GITLAB_REDIS_ENDPOINT
    default: "gitlab-redis"
  - name: GITLAB_REDIS_SCHEME
    default: "redis"
  - name: GITLAB_IDAM_ENABLED
    default: "false"
  - name: GITLAB_IDAM_ALLOWED_SSOS
    default: "[]"
  - name: GITLAB_IDAM_BLOCK_AUTO_USERS
    default: "false"
  - name: GITLAB_IDAM_AUTO_LINK_USER
    default: ""
  - name: GITLAB_IDAM_AUTO_SIGNIN
    default: ""
  - name: GITLAB_IDAM_EXTERNAL_PROVIDERS
    default: "[]"
  - name: GITLAB_IDAM_PROVIDERS
    default: "[]"
    autoIndent: true
  - name: GITLAB_IDAM_SYNC_ATTRIBUTES
    default: "[]"
  - name: GITLAB_IDAM_SYNC_PROVIDERS
    default: "[]"
  - name: GITLAB_DB_NAME
    default: "gitlabdb"
  - name: GITLAB_DB_USERNAME
    default: "gitlab"
  - name: GITLAB_PAGES_ENABLED
    default: "false"
  - name: GITLAB_SIGNUP_ENABLED
    default: "true"
  - name: GITLAB_BACKUP_ENABLED
    default: "true"
  - name: GITLAB_BACKUP_SCHEDULE
    default: "0 3 * * *"
  - name: GITLAB_BACKUP_EXTRA_ARGS
    default: ""
  - name: GITLAB_BACKUP_PVC_SIZE
    default: "500Gi"
  - name: GITLAB_TOOLBOX_PVC_SIZE
    default: "250Gi"
  - name: DISABLE_REGISTRY_REDIRECT
    default: "false"
    description: "If your storage endpoint is not publicly accessible set this to true"

components:
  - name: istio-version
    required: true
    actions:
      onDeploy:
        before:
          - cmd: kubectl get deployment -n monitoring monitoring-monitoring-kube-operator -o=jsonpath='{.spec.template.metadata.annotations.bigbang\.dev/istioVersion}'
            setVariable: ISTIO_VERSION
  - name: gitlab
    required: true
    description: "Deploy gitlab via flux"
    charts:
    # renovate: datasource=helm
      - name: flux-app
        url: https://defenseunicorns.github.io/uds-support-charts/
        version: 1.0.7
        namespace: gitlab
        valuesFiles:
          - gitlab-flux-values.yaml
    repos:
      - https://repo1.dso.mil/big-bang/product/packages/gitlab.git@7.8.1-bb.0
    images:
      - registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.57.0
      - registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3
      - registry1.dso.mil/ironbank/gitlab/gitlab/certificates:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:16.8.1
      - registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2022-12-24T15-21-38Z
      - registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2022-12-12T19-27-27Z
      - registry1.dso.mil/ironbank/opensource/postgres/postgresql:14.9
      - registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.3
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:16.8.1
      - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:16.8.1
    actions:
      onDeploy:
        after:
          - wait:
              cluster:
                kind: CronJob
                name: gitlab-toolbox-backup
                namespace: gitlab
            maxTotalSeconds: 900
            description: GitLab Backup CronJob Exists
          # This is needed on initial deployment to bind the PVC and allow the helmrelease to become ready
          - cmd: "kubectl create job -n gitlab --from=cronjob/gitlab-toolbox-backup deployment-gitlab-toolbox-backup-$(date +%s)"
            description: Triggger Gitlab Backup
          - wait:
              cluster:
                kind: helmRelease
                name: gitlab
                condition: Ready
                namespace: bigbang
            maxTotalSeconds: 900
            description: GitLab HelmRelease to be Ready