feat: gitlab update with SAML sso (#117)

* bump the verison of gitlab to swap OIDC -> SAML * add a secret and config for custom CAs in gitlab * moving gitlab var to the gitlab section * sneaky global key * updating dep list * trying an explict user/group * adding gitlab key * pathing * just user * removing initcontainer user override for now
defenseunicorns · May 29, 2024 · e7fea10 · e7fea10
1 parent 0b89bfd
commit e7fea10
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 2 deletions.
diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
@@ -291,7 +291,7 @@ packages:
 
   - name: gitlab
     repository: ghcr.io/defenseunicorns/packages/uds/gitlab
-    ref: 16.11.1-uds.0-registry1
+    ref: 17.0.1-uds.1-registry1
     overrides:
       gitlab:
         uds-gitlab-config:
@@ -308,6 +308,10 @@ packages:
                 namespace: dev-redis
                 port: 6379
         gitlab:
+          values:
+            - path: global.certificates.customCAs
+              value:
+                - secret: ca-secret
           variables:
             - name: MIGRATIONS_RESOURCES
               description: "Gitlab Migrations Resources"

diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md
@@ -42,7 +42,7 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
 | [uds-core](https://github.com/defenseunicorns/uds-core) | 0.22.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
 | [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.2 | 7.0.12 | A key-value store used as a data backend for several applications in the stack |
-| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | 16.11.1-uds.0-registry1 | 16.11.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
+| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.0.1-uds.1-registry1 | 17.0.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
 | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 16.11.0-uds.0-registry1 | v16.11.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
 | [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
 | [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization |

diff --git a/packages/additional-manifests/gitlab/ca-secret.yaml b/packages/additional-manifests/gitlab/ca-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ca-secret
+  namespace: gitlab
+type: kubernetes.io/opaque
+data:
+  ca.crt: "###ZARF_VAR_ADDITIONAL_CA_CHAIN###"
diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
@@ -24,6 +24,7 @@ components:
           - gitlab/gitlab-ssh-networkpolicies.yaml
           - gitlab/gitlab-ssh-gateway.yaml
           - gitlab/envoy-filter.yaml
+          - gitlab/ca-secret.yaml
   - name: pepr-policy-exemptions
     required: true
     manifests: