gitlab-org/gitlab-environment-toolkit 3.8.0

on GitLab

[!important]

The GitLab Environment Toolkit is a collection of opinionated Terraform and Ansible scripts to assist with the deployment of a self managed GitLab environment. It's recommended that users review the Before You Start section before use. Users should have a good working knowledge of Infrastructure management, Terraform, Ansible and GitLab administration as well as be aware that ultimately self managed environments are the responsibility of the user. As such, it's strongly recommended that you independently review the Toolkit in full to ensure it meets your requirements, especially around security or data integrity.

If upgrading, it's always recommended to review the release notes in full as well as the relevant documentation and to upgrade the Toolkit first before the environment.

[[TOC]]

New Key Features

Azure Data Disks support

• Merge Request(s): !1664 (thanks @lucas-drago-bib!)
  
• Documentation
  

Data Disks can now be configured in Azure based environments!

GitLab Pages support (Linux Package)

• Merge Request(s): !1611 (thanks @psingh29!)
  
• Documentation
  

GitLab Pages can now be configured for Linux Package based environments.

Container Registry Metadata Database external support (Beta)

• Merge Request(s): !1691 (thanks @nwestbury!)
  
• Documentation
  

Support for configuring and deploying the Container Registry Metadata Database on external services is now available!

[!note]
This feature in the Toolkit is available as Beta.

Gitaly on Kubernetes support (Beta)

• Merge Request(s): !1698
  
• Documentation
  

The long-awaited Toolkit support for Gitaly on Kubernetes is now available! You can now provision dedicated node groups and configure GitLab Charts to deploy Gitaly fully within your Kubernetes infrastructure.

[!note]
This feature in the Toolkit is available as Beta.

AWS RDS Unified Database Configuration (Beta)

• Merge Request(s): !1693
  
• Documentation
  

AWS RDS databases can now be provisioned through unified configuration. This allows you to configure as many database servers as required.

[!note]
This feature in the Toolkit is available as Beta.

Further Updates and Improvements

• Minimum Terraform version updated to 1.12.0. !1674 (thanks @niskhakova!)
  
• Ansible 12 support has been added. !1700 !1707 !1710
  
• Terraform AWS provider updated to 6.x. !1635
  
• Terraform GCP provider updated to 7.x. !1704
  
• Updated versions for HAProxy, OpenSearch VMs, kube-prometheus-stack monitoring chart, and Ansible Docker / Node Exporter roles. !1705
  
• The PostgreSQL amcheck extension is now enabled by default as recommended. !1655
  
• AWS EKS CoreDNS addon configuration options can now be adjusted. !1683
  
• Added new AWS S3 versioning status variable to allow configuring all potential statuses. !1695
  
• AWS Elasticache engine type can now be configured. !1670
  
• Improved Praefect Postgres database user handling - details will now correctly update if changed. !1676
  
• Refactored Postgres CIDR-based authentication to follow best practices. !1651 !1660 !1668 !1680
  
• HAProxy internal access control for database replication can now be configured for Geo environments to restrict access as desired. !1669 !1679 (thanks @nwestbury!)
  
• Ansible PostgreSQL options login_db and maintenance_db can now be configured. !1677 !1678 (thanks @sven.rediske!)
  
• Improved Linux package Postgres HA upgrade order for more graceful rollouts. !1699 !1706
  
• User and Group IDs can now be configured for Linux Package NFS setups including optional Registry user support. !1712 (thanks @shenson!)
  
• Fixed authentication handling in Kubernetes for Postgres external database preparation steps. !1650 !1658
  
• Fixed missing Container Registry key on Sidekiq to enable cleanup jobs. !1663 (thanks @niskhakova!)
  
• Fixed precedence of AWS EKS namespace variables. !1689 (thanks @niskhakova!)
  
• Improved Omnibus deprecated config handling. !1648
  
• Improved Ansible inventory group detection with Zero Downtime Upgrades and Data Disks when custom groups are present. !1649
  
• Added documentation guidance noting that gitlab_version is required when using a custom GitLab package. !1686 (thanks @shenson!)
  
• Existing AWS SSH key pairs can now be used when creating VMs. !1690 (thanks @shenson!)
  
• Uninstall playbook now also uninstalls kube-prometheus-stack. !1688 (thanks @dat.tang.gitlab!)
  
• Docker image builds will now use the latest minor Ansible version when built. !1694
  
• Several improvements and fixes for Geo deployments. !1632 !1634 !1665 !1661 !1681 !1696 !1708
  
• Various other small updates, improvements, and fixes.
  

Upgrade Notes

Ansible 12 Variable Handling

In this release, Ansible 12 support has been added and is now the default. However, it's worth noting that this release contains several changes to how it handles variables. The Toolkit has been tested and updated to work with these changes, but if you're using any custom hooks, you may need to test and review accordingly.

To help with this transition, Ansible 11 continues to be supported for as long as it's supported by Ansible.

Expected Terraform Changes

• AWS
  
  • Elasticache auth_token_update_strategy setting will be changed to null. This is an upstream provider change.
    
  • S3 Bucket Versioning is no longer configured by default in Terraform. This change is safe as the upstream cloud provider default is the same.
    
  • Several outputs have been added.
    
• GCP
  
  • Several outputs have been added.
    
• Azure
  
  • Several outputs have been added.
    

Deprecation Notices

Terraform variable name changes

The following Terraform variables have been renamed. The old names are now deprecated but will continue to work until the next major release (4.x):

• object_storage_versioning > object_storage_versioning_status (AWS)
  

Feedback

Got any feedback or found an issue? Please feel free to create an issue on our tracker.