Installs GitLab on Kubernetes Engine

Home Page: https://registry.terraform.io/modules/terraform-google-modules/gke-gitlab/google

License: Apache License 2.0

Ruby 3.25% Makefile 10.92% Python 7.03% HCL 70.93% Smarty 7.86%

cft-terraform developer-tools

terraform-google-gke-gitlab's People

Contributors

Stargazers

Watchers

terraform-google-gke-gitlab's Issues

Unable to connect to instance

Terraform completes successfully when run from the root directory. In the output, I find

gitlab_address = [GITLAB-IP]
https://[GITLAB-IP].xip.io

where [GITLAB-IP] is the gitlab static ip address terraform created. However, when I go to this ip address, I see only the plaintext

default backend - 404

Appears xip.io shutdown 2021-May, current CI depends on xip.io

TL;DR

Appears xip.io shutdown 2021-May - the current CI depends on xip.io

nip.io might be a drop-in replacement

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

N/A

Terraform Version

N/A

Additional information

No response

Kubernetes provider 1.11.x is a breaking change

Because Kubernetes provider release 1.11.x is a breaking change, we should pin the provider version to 1.10.0, which is known good with this configuration.

Leverage existing network

Leverage an existing network and provide as part of examples

Deploy to an existing cluster

Deploy to an existing GKE cluster and provide example

Update Makefile to standardize lint and integration test

We should consider using a standardized Makefile similar to other CFT modules to allow for lint and possibly integration tests.

Can't get my deployment to work

Here are my following files! Can someone look through them to see if anything I did was wrong? Thanks!

values.yaml.tpl

# Values for gitlab/gitlab chart on GKE
global:
  hosts:
    domain: ${DOMAIN}
    https: true
    externalIP: ${INGRESS_IP}
    ssh: ~
  ingress:
    configureCertmanager: false
    tls:
      secretName: gitlab-tls-secret
  psql:
    host: ${DB_PRIVATE_IP}
    port: 5432
    database: gitlabhq_production
    username: gitlab
    password:
      secret: gitlab-pg
      key: password
    ssl:
      secret: postgres-ssl-secret
      serverCA: postgres-server-ca
      clientCertificate: postgres-client-cert
      clientKey: postgres-client-key
  redis:
    password:
      enabled: false
    host: ${REDIS_PRIVATE_IP}
  minio:
    enabled: false
  appConfig:
    defaultTheme: 6 # Light Indigo
    enableUsagePing: false
    backups:
      bucket: ${PROJECT_ID}-gitlab-backups
      tmpBucket: ${PROJECT_ID}-gitlab-tmp-storage
    lfs:
      bucket: ${PROJECT_ID}-gitlab-lfs
      connection:
        secret: gitlab-rails-storage
        key: connection
    artifacts:
      bucket: ${PROJECT_ID}-gitlab-artifacts
      connection:
        secret: gitlab-rails-storage
        key: connection
    externalDiffs:
      enabled: true
      bucket: ${PROJECT_ID}-gitlab-externaldiffs
      connection:
        secret: gitlab-rails-storage
        key: connection
    uploads:
      bucket: ${PROJECT_ID}-gitlab-uploads
      connection:
        secret: gitlab-rails-storage
        key: connection
    packages:
      bucket: ${PROJECT_ID}-gitlab-packages
      connection:
        secret: gitlab-rails-storage
        key: connection
    registry:
      bucket: ${PROJECT_ID}-gitlab-registry   
    pseudonymizer:
      bucket: ${PROJECT_ID}-gitlab-pseudo
      connection:
        secret: gitlab-rails-storage
        key: connection
certmanager:
  install: false
redis:
  enabled: false
gitlab:
  gitaly:
    persistence:
      size: 200Gi
      storageClass: "pd-ssd"
  task-runner:
    backups:
      objectStorage:
        backend: gcs
        config:
          secret: google-application-credentials
          key: gcs-application-credentials-file
postgresql:
  install: false
gitlab-runner:
  rbac:
    create: true
  runners:
    privileged: true
    cache:
      cacheType: gcs
      gcsBucketname: ${PROJECT_ID}-gitlab-runner-cache
      secretName: google-application-credentials
      cacheShared: true
registry:
  storage:
    secret: gitlab-registry-storage
    key: config
    extraKey: gcs.json

main.tf

/**
provider "google" {
  project = "${var.project_id}"
}

provider "google-beta" {
  project = "${var.project_id}"
}

provider "helm" {
  service_account = "tiller"
  install_tiller  = true
  namespace       = "kube-system"

  kubernetes {
    host                   = "${google_container_cluster.gitlab.endpoint}"
    client_certificate     = "${base64decode(google_container_cluster.gitlab.master_auth.0.client_certificate)}"
    client_key             = "${base64decode(google_container_cluster.gitlab.master_auth.0.client_key)}"
    cluster_ca_certificate = "${base64decode(google_container_cluster.gitlab.master_auth.0.cluster_ca_certificate)}"
  }
}

provider "kubernetes" {
  host                   = "${google_container_cluster.gitlab.endpoint}"
  client_certificate     = "${base64decode(google_container_cluster.gitlab.master_auth.0.client_certificate)}"
  client_key             = "${base64decode(google_container_cluster.gitlab.master_auth.0.client_key)}"
  cluster_ca_certificate = "${base64decode(google_container_cluster.gitlab.master_auth.0.cluster_ca_certificate)}"
}

// IAM
resource "google_project_service" "compute" {
  project            = "${var.project_id}"
  service            = "compute.googleapis.com"
  disable_on_destroy = false
}

resource "google_project_service" "gke" {
  project            = "${var.project_id}"
  service            = "container.googleapis.com"
  disable_on_destroy = false
}

resource "google_project_service" "service_networking" {
  project            = "${var.project_id}"
  service            = "servicenetworking.googleapis.com"
  disable_on_destroy = false
}

resource "google_project_service" "cloudresourcemanager" {
  project            = "${var.project_id}"
  service            = "cloudresourcemanager.googleapis.com"
  disable_on_destroy = false
}

resource "google_project_service" "redis" {
  project            = "${var.project_id}"
  service            = "redis.googleapis.com"
  disable_on_destroy = false
}

resource "google_service_account" "gitlab_gcs" {
  project      = "${var.project_id}"
  account_id   = "gitlab-gcs"
  display_name = "GitLab Cloud Storage"
}

resource "google_service_account_key" "gitlab_gcs" {
  service_account_id = "${google_service_account.gitlab_gcs.name}"
}

resource "google_project_iam_member" "project" {
  project = "${var.project_id}"
  role    = "roles/storage.admin"
  member  = "serviceAccount:${google_service_account.gitlab_gcs.email}"
}

// Networking
resource "google_compute_network" "gitlab" {
  name                    = "gitlab"
  project                 = "${var.project_id}"
  auto_create_subnetworks = false
  depends_on              = ["google_project_service.compute"]
}

resource "google_compute_subnetwork" "us-central" {
  name          = "gitlab"
  ip_cidr_range = "10.0.0.0/16"
  region        = "${var.region}"
  network       = "${google_compute_network.gitlab.self_link}"
}

resource "google_compute_address" "gitlab" {
  name         = "gitlab"
  region       = "${var.region}"
  address_type = "EXTERNAL"
  description  = "Gitlab Ingress IP"
  depends_on   = ["google_project_service.compute"]
}

// Database
resource "google_compute_global_address" "gitlab_sql" {
  provider      = "google-beta"
  project       = "${var.project_id}"
  name          = "gitlab-sql"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  network       = "${google_compute_network.gitlab.self_link}"
  prefix_length = 16
}

resource "google_service_networking_connection" "private_vpc_connection" {
  provider                = "google-beta"
  network                 = "${google_compute_network.gitlab.self_link}"
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = ["${google_compute_global_address.gitlab_sql.name}"]
}

resource "google_sql_database_instance" "gitlab_db" {
  depends_on       = ["google_service_networking_connection.private_vpc_connection"]
  name             = "gitlab-db"
  region           = "${var.region}"
  database_version = "POSTGRES_9_6"

  settings {
    tier            = "db-custom-4-15360"
    disk_autoresize = true

    ip_configuration {
      require_ssl     = true
      ipv4_enabled    = "false"
      private_network = "${google_compute_network.gitlab.self_link}"
    }
  }
}

resource "google_sql_database" "gitlabhq_production" {
  name     = "gitlabhq_production"
  instance = "${google_sql_database_instance.gitlab_db.name}"
}

resource "random_string" "autogenerated_gitlab_db_password" {
  length  = 64
  special = false
}

resource "google_sql_user" "gitlab" {
  name     = "gitlab"
  instance = "${google_sql_database_instance.gitlab_db.name}"

  password = "${var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result}"
}

resource "google_sql_ssl_cert" "client_cert" {
  depends_on  = ["google_sql_database_instance.gitlab_db", "google_sql_database.gitlabhq_production"]

  common_name = "gitlab"
  instance    = "${google_sql_database_instance.gitlab_db.name}"
}

// Redis
resource "google_redis_instance" "gitlab" {
  name               = "gitlab"
  tier               = "STANDARD_HA"
  memory_size_gb     = 1
  region             = "${var.region}"
  authorized_network = "${google_compute_network.gitlab.self_link}"

  depends_on = ["google_project_service.redis"]

  location_id             = "${var.region}-a"
  alternative_location_id = "${var.region}-f"
  display_name            = "GitLab Redis"
}

// Cloud Storage
resource "google_storage_bucket" "gitlab-uploads" {
  name     = "${var.project_id}-gitlab-uploads"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-artifacts" {
  name     = "${var.project_id}-gitlab-artifacts"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-lfs" {
  name     = "${var.project_id}-gitlab-lfs"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-packages" {
  name     = "${var.project_id}-gitlab-packages"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-externaldiffs" {
  name     = "${var.project_id}-gitlab-externaldiffs"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-registry" {
  name     = "${var.project_id}-gitlab-registry"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-pseudonymizer" {
  name     = "${var.project_id}-gitlab-pseudonymizer"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-runner-cache" {
  name     = "${var.project_id}-gitlab-runner-cache"
  location = "${var.region}"
}

resource "google_storage_bucket" "gitlab-backups" {
  name     = "${var.project_id}-gitlab-backups"
  location = "${var.region}"
}
resource "google_storage_bucket" "gitlab-tmp-storage" {
  name     = "${var.project_id}-gitlab-tmp-storage"
  location = "${var.region}"
}

// GKE Cluster
resource "google_container_cluster" "gitlab" {
  project            = "${var.project_id}"
  name               = "gitlab"
  location           = "${var.region}"
  min_master_version = "1.11"

  # We can't create a cluster with no node pool defined, but we want to only use
  # separately managed node pools. So we create the smallest possible default
  # node pool and immediately delete it.
  remove_default_node_pool = true

  initial_node_count = 1

  network    = "${google_compute_network.gitlab.self_link}"
  subnetwork = "${google_compute_subnetwork.us-central.self_link}"

  ip_allocation_policy {
    # Allocate ranges automatically
    cluster_ipv4_cidr_block  = ""
    services_ipv4_cidr_block = ""
  }

  enable_legacy_abac = true

  # Setting an empty username and password explicitly disables basic auth
  master_auth {
    username = ""
    password = ""
  }

  node_config {
    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]
  }

  depends_on = ["google_project_service.gke"]
}

resource "google_container_node_pool" "gitlab" {
  name       = "gitlab"
  location   = "${var.region}"
  cluster    = "${google_container_cluster.gitlab.name}"
  node_count = 1
  depends_on = []

  node_config {
    preemptible  = false
    machine_type = "n1-standard-2"

    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]
  }
}

resource "kubernetes_service_account" "tiller" {
  metadata {
    name      = "tiller"
    namespace = "kube-system"
  }
}

resource "kubernetes_cluster_role_binding" "tiller-admin" {
  metadata {
    name = "tiller-admin"
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }

  subject {
    kind      = "ServiceAccount"
    name      = "tiller"
    namespace = "kube-system"
  }
}

resource "kubernetes_storage_class" "pd-ssd" {
  metadata {
    name = "pd-ssd"
  }

  storage_provisioner = "kubernetes.io/gce-pd"

  parameters {
    type = "pd-ssd"
  }
}

resource "kubernetes_secret" "gitlab_registry_storage" {
  metadata {
    name = "gitlab-registry-storage"
  }

  data {
    config = <<EOT
gcs:
  bucket: ${var.project_id}-gitlab-registry
  keyfile: /etc/docker/registry/storage/gcs.json
EOT
gcs.json = "${base64decode(google_service_account_key.gitlab_gcs.private_key)}"
  }
}

resource "kubernetes_secret" "gitlab_pg" {
  metadata {
    name = "gitlab-pg"
  }

  data {
    password = "${var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result}"
  }
}

resource "kubernetes_secret" "gitlab_rails_storage" {
  metadata {
    name = "gitlab-rails-storage"
  }

  data {
    connection = <<EOT
provider: Google
google_project: ${var.project_id}
google_client_email: ${google_service_account.gitlab_gcs.email}
google_json_key_string: '${base64decode(google_service_account_key.gitlab_gcs.private_key)}'
EOT
  }
}

resource "kubernetes_secret" "gitlab_gcs_credentials" {
  metadata {
    name = "google-application-credentials"
  }

  data {
    gcs-application-credentials-file = "${base64decode(google_service_account_key.gitlab_gcs.private_key)}"
  }
}

resource "kubernetes_secret" "gitlab_tls_secret" {
  type = "kubernetes.io/tls"

  metadata {
    name = "gitlab-tls-secret"
  }

  data {
    tls.crt = "${file("${path.module}/certs/gitlab-nginx.crt")}"
    tls.key = "${file("${path.module}/certs/gitlab-nginx.key")}"
  }
}

resource "kubernetes_secret" "postgres_ssl_secret" {
  depends_on = ["google_sql_ssl_cert.client_cert"]

  metadata {
    name = "postgres-ssl-secret"
  }

  data {
    postgres-server-ca   = "${google_sql_ssl_cert.client_cert.server_ca_cert}"
    postgres-client-cert = "${google_sql_ssl_cert.client_cert.cert}"
    postgres-client-key  = "${google_sql_ssl_cert.client_cert.private_key}"
  }
}

data "helm_repository" "gitlab" {
  name = "gitlab"
  url  = "https://charts.gitlab.io"
}

data "template_file" "helm_values" {
  template = "${file("${path.module}/values.yaml.tpl")}"

  vars = {
    INGRESS_IP         = "${google_compute_address.gitlab.address}"
    DB_PRIVATE_IP      = "${google_sql_database_instance.gitlab_db.private_ip_address}"
    REDIS_PRIVATE_IP   = "${google_redis_instance.gitlab.host}"
    PROJECT_ID         = "${var.project_id}"
    DOMAIN             = "${var.domain}"
  }
}

resource "helm_release" "gitlab" {
  name       = "gitlab"
  repository = "${data.helm_repository.gitlab.0.name}"
  chart      = "gitlab"

  values = ["${data.template_file.helm_values.rendered}"]

  depends_on = ["google_redis_instance.gitlab",
    "google_sql_database.gitlabhq_production",
    "google_container_node_pool.gitlab",
    "google_sql_user.gitlab",
    "kubernetes_secret.gitlab_tls_secret",
    "kubernetes_secret.postgres_ssl_secret",
    "kubernetes_cluster_role_binding.tiller-admin",
    "kubernetes_storage_class.pd-ssd",
  ]
}

variables.tf

variable "project_id" {
  default     = "example"
  description = "GCP Project to deploy resources"
}

variable "region" {
  default     = "us-central1"
  description = "GCP region to deploy resources to"
}

variable "domain" {
  default     = "example.com"
  description = "Domain to use for deployment"
}

variable "gitlab_db_password" {
  description = "Password for the GitLab Postgres user"
  default     = ""
}

Supported versions cause errors (0.12.x) "Unsupported Block Type"

I'm attempting to run from a hashicorp/terraform:0.x.y container.

I tried 0.12.29.1 and it failed with the following.
Bumping to 0.13.2 worked. If I try an unsupported version like 0.15.0 I get an error stating versions should be ">=0.12.6, <0.14" so the message should be changed to > 0.13.0 .

│ Error: Unsupported Terraform Core version
│
│ on .terraform/modules/gke-gitlab.project_services/modules/project_services/versions.tf line 18, in terraform:
│ 18: required_version = ">=0.12.6, <0.14"

Warning: Provider source not supported in Terraform v0.12

on ../../versions.tf line 20, in terraform:
20: google = {
21: source = "hashicorp/google"
22: version = "~> 3.42"
23: }

A source was declared for provider google. Terraform v0.12 does not support
the provider source attribute. It will be ignored.

(and 6 more similar warnings elsewhere)

Error: Reserved argument name in module block

on ../../main.tf line 44, in module "gke_auth":
44: depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]

The name "depends_on" is reserved for use in a future version of Terraform.

Error: Unsupported block type

on ../../versions.tf line 50, in terraform:
50: provider_meta "google" {

Blocks of type "provider_meta" are not expected here.

Error: Unsupported block type

on ../../versions.tf line 54, in terraform:
54: provider_meta "google-beta" {

With Terraform 0.13.6, "Unsupported Terraform Core version" occurred

I want to use gke-gitlab with Terraform 0.13.x.

I try below code:

module "gke-gitlab" {
  source                     = "terraform-google-modules/gke-gitlab/google"
  project_id                 = "xxx"
  certmanager_email          = "[email protected]"
}

I have got a error.

Error: Unsupported Terraform Core version

  on .terraform/modules/gke-gitlab.gke/versions.tf line 18, in terraform:
  18:   required_version = "~> 0.12.6"

I think gke-gitlab 0.4.1 supports terraform 0.13.x.
https://github.com/terraform-google-modules/terraform-google-gke-gitlab/blob/release-v0.4.1/CHANGELOG.md

However, in terraform registry, I cannot found gke-gitlab 0.4.1.
There is 0.4.0 as newest version.
https://registry.terraform.io/modules/terraform-google-modules/gke-gitlab/google/latest

Is gke-gitlab 0.4.1 released officially?

Remove legacy ABAC

Currently, the cluster configuration sets enable_legacy_abac = true but this configuration is less secure and not encouraged.

We should try to remove this requirement, if possible.

Add gitlab_db_random_prefix=true to simple_example and test to enable repeat local testing

TL;DR

Add gitlab_db_random_prefix=true to simple_example and test to enable repeat local testing without week db name cool off.

Terraform Resources

No response

Detailed design

No response

Additional information

No response

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Save provider configuration for deployment

Save configuration of google and google-beta providers for deployment time for consistency with other modules

Explicit Redis zone placement can lead to failures

HA Redis deployments are currently created with hard-coded zones:

location_id             = "${var.region}-a"
alternative_location_id = "${var.region}-f"

This can result in failure if:

Deploying to a region that does not have an -a and/or -f zone, or
Redis instances cannot be created in one of the supplied zones.

Is this module still maintained ?

TL;DR

Hi everyone!

Just wondering if this module is still being actively maintained as the latest release has been released on "May 05, 2021" and some of the new features like the terraform state (https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html) is not taken into consideration.

Should we plan to use it for new projects or not ?

Terraform Resources

No response

Detailed design

No response

Additional information

No response

google_sql_database_instance added gitlab_deletion_protection in TPG v3.44

TL;DR

google_sql_database_instance added gitlab_deletion_protection in TPG v3.44

Terraform Resources

No response

Detailed design

No response

Additional information

No response

Remove activation of services

Rely on project-factory or other service activation methods and call out documentation for consistency with other modules

Backups (via task-runner/backup-utility) error on invalid .s3cfg

Hello,

The configuration for backups via the kubernetes secret gitlab_gcs_credentials is not in the required format.

Documentation of the correct format is available at:
https://gitlab.com/charts/gitlab/blob/master/doc/advanced/external-object-storage/index.md#backups-storage-example

This presents in the following way:

kubectl exec -it gitlab-task-runner-65c756f75b-bwtx7 backup-utility
WARNING: This version of GitLab depends on gitlab-shell 9.0.0, but you're running Unknown. Please update gitlab-shell.
2019-04-24 18:47:28 +0000 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2019-04-24 18:47:31 +0000 -- done
WARNING: This version of GitLab depends on gitlab-shell 9.0.0, but you're running Unknown. Please update gitlab-shell.
2019-04-24 18:47:46 +0000 -- Dumping repositories ...
 * root/test1 ... [SKIPPED]
[SKIPPED] Wiki
2019-04-24 18:47:47 +0000 -- done
Bucket not found: xxx-gitlab-registry. Skipping backup of registry ...
Bucket not found: xxx-gitlab-uploads. Skipping backup of uploads ...
Bucket not found: xxx-gitlab-artifacts. Skipping backup of artifacts ...
Bucket not found: xxx-git-lfs. Skipping backup of lfs ...
Bucket not found: xxx-gitlab-packages. Skipping backup of packages ...
WARNING: This version of GitLab depends on gitlab-shell 9.0.0, but you're running Unknown. Please update gitlab-shell.
Packing up backup tar
WARNING: Ignoring invalid line in '/home/git/.s3cfg': {

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "type": "service_account",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "project_id": "xxx",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "private_key_id": "xxx",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "private_key": "-----BEGIN PRIVATE KEY-----\nhola\n-----END PRIVATE KEY-----\n",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "client_email": "hi",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "client_id": "szia",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "auth_uri": "https://accounts.google.com/o/oauth2/auth",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "token_uri": "https://oauth2.googleapis.com/token",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",

WARNING: Ignoring invalid line in '/home/git/.s3cfg':   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gitlab-gcs%40xxx.iam.gserviceaccount.com"

WARNING: Ignoring invalid line in '/home/git/.s3cfg': }

ERROR: /home/git/.s3cfg: None
ERROR: Configuration file not available.
ERROR: Consider using --configure parameter to create one.
command terminated with exit code 78

This can be fixed by enabling interoperability (https://console.cloud.google.com/storage/settings) and updating the terraform code.

variable "gitlab_bucket_interoperable_access_key" {}
variable "gitlab_bucket_interoperable_secret_key" {}

resource "kubernetes_secret" "gitlab_gcs_credentials" {
  metadata {
    name = "google-application-credentials"
  }

  data {
    gcs-application-credentials-file = <<EOT
[default]
host_base = storage.googleapis.com
host_bucket = storage.googleapis.com
use_https = True
signature_v2 = True

access_key = ${var.gitlab_bucket_interoperable_access_key}
secret_key = ${var.gitlab_bucket_interoperable_secret_key}

# Multipart needs to be disabled for GCS !
enable_multipart = No
EOT
  }
}

Leverage terraform-google-address module for address

The terraform-google-address module will enable the ability to set dns for the ingress ip

Invalid cert using Cloud Endpoints DNS

I deployed the module succcessfully without any errors and most of the time, there are no issues. One out of 20 times or so I get an INVALID_CERT error.

The HTTP link works fine, just not the HTTPS. The gitlab-gitlab-tls secret appears to look alright.
Has anyone run into this or know of a fix without having to rebuild from scratch?

Leverage terraform-google-memorystore module for redis

Leverage the terraform-google-memorystore module for creation of Google Redis instance

Is google-beta still required?

TL;DR

Is google-beta still required? Example

Terraform Resources

No response

Detailed design

No response

Additional information

No response

Non-empty buckets cause deletion to fail

Currently a Terraform delete operation will fail once builds have been run because of non-empty GCS buckets (observed with the "artifacts" bucket). The force_destroy option, if applied to a bucket, will cause the bucket to be deleted along with the objects it contains, which will allow deletion of the resource:

https://www.terraform.io/docs/providers/google/r/storage_bucket.html#force_destroy

If this is considered unsafe then this functionality could be exposed with a top-level option (e.g. force_destroy_buckets or similar).

With CFT tools 1+ and TF v0.13+, CI experiencing terraform-provider-kubernetes#1028

TL;DR

hashicorp/terraform-provider-kubernetes#1028

Expected behavior

No response

Observed behavior

   Error: Get "http://localhost/apis/storage.k8s.io/v1/storageclasses/pd-ssd": dial tcp 127.0.0.1:80: connect: connection refused
   
     with module.gke-gitlab.module.gke-gitlab.kubernetes_storage_class.pd-ssd,
     on ../../../main.tf line 284, in resource "kubernetes_storage_class" "pd-ssd":
    284: resource "kubernetes_storage_class" "pd-ssd" {
   
   
   Error: Get "http://localhost/api/v1/namespaces/default/secrets/gitlab-pg": dial tcp 127.0.0.1:80: connect: connection refused
   
     with module.gke-gitlab.module.gke-gitlab.kubernetes_secret.gitlab_pg,
     on ../../../main.tf line 298, in resource "kubernetes_secret" "gitlab_pg":
    298: resource "kubernetes_secret" "gitlab_pg" {
   
   
   Error: Get "http://localhost/api/v1/namespaces/default/secrets/gitlab-rails-storage": dial tcp 127.0.0.1:80: connect: connection refused
   
     with module.gke-gitlab.module.gke-gitlab.kubernetes_secret.gitlab_rails_storage,
     on ../../../main.tf line 310, in resource "kubernetes_secret" "gitlab_rails_storage":
    310: resource "kubernetes_secret" "gitlab_rails_storage" {
   
   
   Error: Get "http://localhost/api/v1/namespaces/default/secrets/gitlab-registry-storage": dial tcp 127.0.0.1:80: connect: connection refused
   
     with module.gke-gitlab.module.gke-gitlab.kubernetes_secret.gitlab_registry_storage,
     on ../../../main.tf line 327, in resource "kubernetes_secret" "gitlab_registry_storage":
    327: resource "kubernetes_secret" "gitlab_registry_storage" {
   
   
   Error: Get "http://localhost/api/v1/namespaces/default/secrets/google-application-credentials": dial tcp 127.0.0.1:80: connect: connection refused
   
     with module.gke-gitlab.module.gke-gitlab.kubernetes_secret.gitlab_gcs_credentials,
     on ../../../main.tf line 347, in resource "kubernetes_secret" "gitlab_gcs_credentials":
    347: resource "kubernetes_secret" "gitlab_gcs_credentials" {

Terraform Configuration

N/A

Terraform Version

N/A

Additional information

No response

Does gitlab-runner works ?

environment

GKE
helm version

version.BuildInfo{Version:"v3.4.1", GitCommit:"c4e74854886b2efe3321e185578e6db9be0a6e29", GitTreeState:"dirty", GoVersion:"go1.15.4"}

based on document, I set gitlab_runner_install = true for using gitlab runner.
deploying gitlab on GKE worked well, and gitlab-gitlab-runner pod was actually running.

Bad when adding ci file and pushing, CI/CD jobs showed the error as below.

ERROR: Job failed (system failure): prepare environment: unable to upgrade connection: container not found ("helper"). Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

repositories source code itself is pretty simple, like

.gitlab-ci.yml

image: python:latest

stages:
  - test
  
job_1:
  stage: test
  script:
    - python hello.py

hello.py

print("hello world")

Is setting gitlab_runner_install = true not correct, or need to set other params ?

Thank you so much in advance

Unable to deploy newer versions of Helm chart due to hardcoded, since-updated Helm configuration keys

TL;DR

Breaking Helm chart updates have moved configuration of gitlab.task-runner to gitlab.toolbox

Expected behavior

Successful provisioning of Gitlab

Observed behavior

Invoking the module yields an error:

│ Error: execution error at (gitlab/templates/NOTES.txt:141:3): 
│ DEPRECATIONS:
│ 
│ gitlab.task-runner:
│     The configuration of `gitlab.task-runner` has been renamed. Please use `gitlab.toolbox` instead.
│     If you have enabled persistence for `task-runner` and/or its CronJob for backups, you may need to manually bind the new `toolbox` PVC to the previous `task-runner` PV.
│ 
│   with module.gke-gitlab.helm_release.gitlab,
│   on .terraform/modules/gke-gitlab/main.tf line 389, in resource "helm_release" "gitlab":
│  389: resource "helm_release" "gitlab" {

Terraform Configuration

module "gke-gitlab" {
  source = "terraform-google-modules/gke-gitlab/google"

  project_id                 = module.project-gitlab.project_id
  region                     = "us-central1"
  certmanager_email          = "REDACTED"
  domain                     = "REDACTED"
  gitlab_db_random_prefix    = true
  gitlab_deletion_protection = true

  gke_machine_type = "n2-standard-4"
  gke_version      = "1.24.2"

  gitlab_nodes_subnet_cidr    = "10.0.0.0/23"
  gitlab_pods_subnet_cidr     = "192.168.0.0/18"
  gitlab_services_subnet_cidr = "192.168.128.0/23"

  helm_chart_version    = "6.3.3"
  gitlab_runner_install = true
}

Terraform Version

1.2.1

Additional information

No response

Deprecated K8's API's & Unsupported GKE Version.

TL;DR

GKE Version in "defaults" (1.20) is no longer supported on GKE. Needs updating to minimum 1.23.
Several K8'S API's have been deprecated an updated to full release in Kubernetes 1.23 and 1.24

Expected behavior

Successful Deployment?

Observed behavior

Failed Deployment!

Terraform Configuration

Used Default Configuration provided within the Repo.

Terraform Version

Terraform v1.3.0
on linux_amd64

Additional information

None

Unsupported Terraform Core version Error

While using simple code:

module "my-gitlab" {
    source                      = "terraform-google-modules/gke-gitlab/google"
    project_id                  = var.project_id
    region                      = var.default_region
    certmanager_email           = var.certmanager_email
}

Getting below error

Error: Unsupported Terraform Core version
│
│   on .terraform/modules/mod-gitlab.gke-gitlab.project_services/modules/project_services/versions.tf line 18, in terraform:
│   18:   required_version = ">=0.12.6, <0.14"
│
│ Module module.mod-gitlab.module.gke-gitlab.module.project_services (from terraform-google-modules/project-factory/google//modules/project_services) does not support Terraform version 1.0.0. To proceed, either choose another supported
│ Terraform version or update this version constraint. Version constraints are normally set for good reason, so updating the constraint may lead to other errors or unexpected behavior.

Using GCP console terraform and details below

>> terraform version
Terraform v1.0.0
on linux_amd64

kubernetes_secret and kubernetes_storage_class unable to refresh state

TL;DR

The kubernetes_secret and kubernetes_storage_class are unable to refresh state. This manifests as the kubernetes provider attempting to dial tcp 127.0.0.1:80 rather than the configured cluster. This may be a result of the order in which Terraform evaluates the provider block vs the resources as noted in the Kubernetes Provider documentation and GKE example.

This also blocks #90 as with TF 0.15+ a refresh state is attempted prior to the destroy phase.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

CI

Terraform Version

TF 0.15+

Additional information

No response

update tests to use blueprint test framework

TL;DR

update tests to use blueprint test framework

Terraform Resources

No response

Detailed design

No response

Additional information

No response

Idea - Option to install GitLab Operator instead of Helm

I have checked out this repository but I have not found a way to install the GitLab operator instead of managing it through Helm. Would it be possible to consider adding it? I mean, the Operator can handle the complexity of this Terraform templates, but it would be great to select what to delegate to the Operator and what to delegate to the GCP cloud.

terraform destroy -> terraform apply blocked by SQL instance already exists

Error, failed to create instance gitlab-db: googleapi: Error 409: The Cloud SQL instance already exists. When you delete an instance, you can't reuse the name of the deleted instance until one week from the deletion date., instanceAlreadyExists

I thought I would be able to get around this issue by setting
gitlab_db_random_prefix = true
but this did not help.

The initial deployment failed because us-central1 did not have enough compute resource to complete the GKE reauest. I changed the region to us-west1 and got the above errror.

To reproduce,
cd to examples/simple-example
terraform apply
terraform destroy
terraform apply

Constraint violation errors

With the simple example shown , below errors are coming out from GCP terraform (v1.0.0)

 Error: googleapi: Error 400: No valid versions with the prefix "1.16" found., badRequest
│
│   with module.mod-gitlab.module.gke-gitlab.module.gke.google_container_cluster.primary,
│   on .terraform/modules/mod-gitlab.gke-gitlab.gke/cluster.tf line 22, in resource "google_container_cluster" "primary":
│   22: resource "google_container_cluster" "primary" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-backups,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 200, in resource "google_storage_bucket" "gitlab-backups":
│  200: resource "google_storage_bucket" "gitlab-backups" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-uploads,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 206, in resource "google_storage_bucket" "gitlab-uploads":
│  206: resource "google_storage_bucket" "gitlab-uploads" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-artifacts,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 212, in resource "google_storage_bucket" "gitlab-artifacts":
│  212: resource "google_storage_bucket" "gitlab-artifacts" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.git-lfs,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 218, in resource "google_storage_bucket" "git-lfs":
│  218: resource "google_storage_bucket" "git-lfs" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-packages,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 224, in resource "google_storage_bucket" "gitlab-packages":
│  224: resource "google_storage_bucket" "gitlab-packages" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-registry,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 230, in resource "google_storage_bucket" "gitlab-registry":
│  230: resource "google_storage_bucket" "gitlab-registry" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-pseudo,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 236, in resource "google_storage_bucket" "gitlab-pseudo":
│  236: resource "google_storage_bucket" "gitlab-pseudo" {
│
╵
╷
│ Error: googleapi: Error 412: Request violates constraint 'constraints/storage.uniformBucketLevelAccess', conditionNotMet
│
│   with module.mod-gitlab.module.gke-gitlab.google_storage_bucket.gitlab-runner-cache,
│   on .terraform/modules/mod-gitlab.gke-gitlab/main.tf line 242, in resource "google_storage_bucket" "gitlab-runner-cache":
│  242: resource "google_storage_bucket" "gitlab-runner-cache" {
│
╵

Getting 400 Bad Request: Invalid JWT Signature

Hi,

I was trying to use this module:

module "gke-gitlab" {
  source            = "git::https://github.com/terraform-google-modules/terraform-google-gke-gitlab.git"
  project_id        = "hm-internal"
  certmanager_email = "[email protected]"
  region            = "asia-southeast1"
}

Also, I tried applying examples\simple_example but I got the same error.

I tried running this in 2 completely different GCP subscriptions too.

Note that using the same credentials, that I'm using, a simple resource creation works for me such as:

resource "google_storage_bucket" "test-bucket" {
  name          = "hm-internal"
  location      = "asia-southeast1"
  force_destroy = true
  project        = "hm-internal"
}

Error:

Error: Batch "project/hm-internal/services:batchEnable" for request "Enable Project Service \"compute.googleapis.com\" for project \"hm-internal\"" returned error: batch request and retry as single request failed - final error: failed to send enable services request: Post https://serviceusage.googleapis.com/v1/projects/hm-internal/services/compute.googleapis.com:enable?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}. To debug individual requests, try disabling batching: https://www.terraform.io/docs/providers/google/guides/provider_reference.html#enable_batching

  on ../../main.tf line 60, in resource "google_project_service" "compute":
  60: resource "google_project_service" "compute" {



Error: Batch "project/hm-internal/services:batchEnable" for request "Enable Project Service \"container.googleapis.com\" for project \"hm-internal\"" returned error: batch request and retry as single request failed - final error: failed to send enable services request: Post https://serviceusage.googleapis.com/v1/projects/hm-internal/services/container.googleapis.com:enable?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}. To debug individual requests, try disabling batching: https://www.terraform.io/docs/providers/google/guides/provider_reference.html#enable_batching

  on ../../main.tf line 66, in resource "google_project_service" "gke":
  66: resource "google_project_service" "gke" {



Error: Batch "project/hm-internal/services:batchEnable" for request "Enable Project Service \"servicenetworking.googleapis.com\" for project \"hm-internal\"" returned error: batch request and retry as single request failed - final error: failed to send enable services request: Post https://serviceusage.googleapis.com/v1/projects/hm-internal/services/servicenetworking.googleapis.com:enable?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}. To debug individual requests, try disabling batching: https://www.terraform.io/docs/providers/google/guides/provider_reference.html#enable_batching

  on ../../main.tf line 72, in resource "google_project_service" "service_networking":
  72: resource "google_project_service" "service_networking" {



Error: Batch "project/hm-internal/services:batchEnable" for request "Enable Project Service \"cloudresourcemanager.googleapis.com\" for project \"hm-internal\"" returned error: batch request and retry as single request failed - final error: failed to send enable services request: Post https://serviceusage.googleapis.com/v1/projects/hm-internal/services/cloudresourcemanager.googleapis.com:enable?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}. To debug individual requests, try disabling batching: https://www.terraform.io/docs/providers/google/guides/provider_reference.html#enable_batching

  on ../../main.tf line 78, in resource "google_project_service" "cloudresourcemanager":
  78: resource "google_project_service" "cloudresourcemanager" {



Error: Batch "project/hm-internal/services:batchEnable" for request "Enable Project Service \"redis.googleapis.com\" for project \"hm-internal\"" returned error: batch request and retry as single request failed - final error: failed to send enable services request: Post https://serviceusage.googleapis.com/v1/projects/hm-internal/services/redis.googleapis.com:enable?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}. To debug individual requests, try disabling batching: https://www.terraform.io/docs/providers/google/guides/provider_reference.html#enable_batching

  on ../../main.tf line 84, in resource "google_project_service" "redis":
  84: resource "google_project_service" "redis" {



Error: Error creating service account: Post https://iam.googleapis.com/v1/projects/hm-internal/serviceAccounts?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 90, in resource "google_service_account" "gitlab_gcs":
  90: resource "google_service_account" "gitlab_gcs" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 207, in resource "google_storage_bucket" "gitlab-backups":
 207: resource "google_storage_bucket" "gitlab-backups" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 212, in resource "google_storage_bucket" "gitlab-uploads":
 212: resource "google_storage_bucket" "gitlab-uploads" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 217, in resource "google_storage_bucket" "gitlab-artifacts":
 217: resource "google_storage_bucket" "gitlab-artifacts" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 222, in resource "google_storage_bucket" "git-lfs":
 222: resource "google_storage_bucket" "git-lfs" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 227, in resource "google_storage_bucket" "gitlab-packages":
 227: resource "google_storage_bucket" "gitlab-packages" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 232, in resource "google_storage_bucket" "gitlab-registry":
 232: resource "google_storage_bucket" "gitlab-registry" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 237, in resource "google_storage_bucket" "gitlab-pseudo":
 237: resource "google_storage_bucket" "gitlab-pseudo" {



Error: Post https://www.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&project=hm-internal: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}

  on ../../main.tf line 242, in resource "google_storage_bucket" "gitlab-runner-cache":
 242: resource "google_storage_bucket" "gitlab-runner-cache" {

Helm provider release 1.0 is a breaking change

The recent 1.0 release of the Helm provider moves to Helm 3, which means that tiller-related provider configuration is no longer supported. Fix is either to pin the provider version and stick with Helm 2, or move to Helm 3 and remove tiller config -- I am happy to put together a PR for either of these.

Allow for the use of an alternative service account for GKE cluster nodes

Currently the module doesn't specify the service_account attribute for the google_container_cluster resource, which means the cluster will attempt to use the default compute service account for the Project ID specified. If you use Project Factory to create the project for this module, PF will delete the default compute SA (which is its own bug terraform-google-modules/terraform-google-project-factory#181 ), and Terraform will give you an error that looks like the following:

* google_container_cluster.gitlab: googleapi: Error 400: Service account "[email protected]" does not exist., badRequest

Surfacing a variable to specify an alternate SA should do fine here.

GitLab chart version 4.2.4 requires PostgreSQL >= 11

Using the (currently latest) v4.2.4 of the GitLab chart, will result in this error in the logs of the gitlab-migrations K8s job.

You are using PostgreSQL 9.6.16, but PostgreSQL >= 11 is required for this version of GitLab.

After updating the terraform module variable google_sql_database_instance.gitlab_db.database_version = POSTGRES_9_6 to POSTGRES_11 it works as expected.

Default GKE version is outdates

TL;DR

Default value for GKE version is outdated. We should remove this and default to a release channel.

terraform-google-gke-gitlab/variables.tf

Line 36 in 914a03b

default = "1.21"

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

N/A

Terraform Version

N/A

Additional information

No response

Bucket not found: registry

I've deployed GitLab using the terraform-google-gke-gitlab module. Everything looks great, the container registry has been used without any issues.

However we've noticed that the backup-utility emits this warning:

Bucket not found: registry. Skipping backup of registry ...

In values.yaml.tpl the registry is being assigned storage, and that seems to work... However we might also need to expose the bucket to the backup utility?

Just to be clear, the issue is that the bundled backup utility is not being able to access the registry bucket and doesn't include that in the tarball.

Can you please help?

Thank you

Support terraform version 0.13.X

Already from terraform init:

Error: Unsupported Terraform Core version

  on .terraform/modules/gke-gitlab.project_services/modules/project_services/versions.tf line 18, in terraform:
  18:   required_version = "~> 0.12.6"

Need update providers versions

TL;DR

terraform init
Initializing modules...
Downloading registry.terraform.io/terraform-google-modules/bastion-host/google 4.1.0 for bastion...
- bastion in .terraform/modules/bastion
- bastion.iap_tunneling in .terraform/modules/bastion/modules/iap-tunneling
Downloading registry.terraform.io/terraform-google-modules/vm/google 7.8.0 for bastion.instance_template...
- bastion.instance_template in .terraform/modules/bastion.instance_template/modules/instance_template
Downloading registry.terraform.io/terraform-google-modules/cloud-nat/google 1.4.0 for cloud_nat...
- cloud_nat in .terraform/modules/cloud_nat
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 21.2.0 for gke...
- gke in .terraform/modules/gke/modules/safer-cluster
- gke.gke in .terraform/modules/gke/modules/beta-private-cluster
Downloading registry.terraform.io/terraform-google-modules/gke-gitlab/google 1.0.0 for gke_gitlab...
- gke_gitlab in .terraform/modules/gke_gitlab
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 12.4.0 for gke_gitlab.gke...
- gke_gitlab.gke in .terraform/modules/gke_gitlab.gke
Downloading registry.terraform.io/terraform-google-modules/gcloud/google 2.0.3 for gke_gitlab.gke.gcloud_delete_default_kube_dns_configmap...
- gke_gitlab.gke.gcloud_delete_default_kube_dns_configmap in .terraform/modules/gke_gitlab.gke.gcloud_delete_default_kube_dns_configmap/modules/kubectl-wrapper
- gke_gitlab.gke.gcloud_delete_default_kube_dns_configmap.gcloud_kubectl in .terraform/modules/gke_gitlab.gke.gcloud_delete_default_kube_dns_configmap
Downloading registry.terraform.io/terraform-google-modules/gcloud/google 2.0.3 for gke_gitlab.gke.gcloud_wait_for_cluster...
- gke_gitlab.gke.gcloud_wait_for_cluster in .terraform/modules/gke_gitlab.gke.gcloud_wait_for_cluster
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 10.0.0 for gke_gitlab.gke_auth...
- gke_gitlab.gke_auth in .terraform/modules/gke_gitlab.gke_auth/modules/auth
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 11.3.1 for gke_gitlab.project_services...
- gke_gitlab.project_services in .terraform/modules/gke_gitlab.project_services/modules/project_services
Downloading registry.terraform.io/GoogleCloudPlatform/sql-db/google 11.0.0 for pg...
- pg in .terraform/modules/pg/modules/postgresql
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 11.3.1 for project_apis...
- project_apis in .terraform/modules/project_apis/modules/project_services
Downloading registry.terraform.io/terraform-google-modules/network/google 4.1.0 for vpc...
- vpc in .terraform/modules/vpc
- vpc.firewall_rules in .terraform/modules/vpc/modules/firewall-rules
- vpc.routes in .terraform/modules/vpc/modules/routes
- vpc.subnets in .terraform/modules/vpc/modules/subnets
- vpc.vpc in .terraform/modules/vpc/modules/vpc

Initializing the backend...

Initializing provider plugins...
- Finding hashicorp/google versions matching ">= 2.12.0, >= 3.39.0, >= 3.43.0, >= 3.44.0, >= 3.45.0, >= 3.53.0, ~> 4.0, < 4.0.0, >= 4.4.0, < 5.0.0"...
- Finding hashicorp/random versions matching "~> 2.2.1, ~> 3.1"...
- Finding hashicorp/null versions matching "~> 2.1.2, ~> 3.1.0"...
- Finding latest version of hashicorp/time...
- Finding hashicorp/template versions matching "~> 2.1.2"...
- Finding hashicorp/google-beta versions matching ">= 3.43.0, >= 3.44.0, >= 3.45.0, ~> 4.0, >= 4.4.0, >= 4.10.0, < 5.0.0"...
- Finding hashicorp/kubernetes versions matching "~> 1.10, ~> 1.11.0, != 1.11.0, ~> 2.10"...
- Finding hashicorp/helm versions matching "~> 1.2.0"...
- Finding latest version of hashicorp/external...
- Installing hashicorp/google-beta v4.27.0...
- Installed hashicorp/google-beta v4.27.0 (signed by HashiCorp)
- Installing hashicorp/helm v1.2.4...
- Installed hashicorp/helm v1.2.4 (signed by HashiCorp)
- Installing hashicorp/external v2.2.2...
- Installed hashicorp/external v2.2.2 (signed by HashiCorp)
- Installing hashicorp/time v0.7.2...
- Installed hashicorp/time v0.7.2 (signed by HashiCorp)
- Installing hashicorp/template v2.1.2...
- Installed hashicorp/template v2.1.2 (signed by HashiCorp)
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│
│   on .terraform/modules/gke_gitlab.gke/auth.tf line 30, in provider "kubernetes":
│   30:   version                = "~> 1.10, != 1.11.0"
│
│ Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this
│ warning, move the provider version constraint into the required_providers block.
╵

╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/google: no available releases match the given constraints >= 2.12.0, >= 3.39.0, >= 3.43.0, >= 3.44.0, >= 3.45.0, >= 3.53.0, ~>
│ 4.0, < 4.0.0, >= 4.4.0, < 5.0.0
╵

╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/random: no available releases match the given constraints ~> 2.2.1, ~> 3.1
╵

╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/null: no available releases match the given constraints ~> 2.1.2, ~> 3.1.0
╵

╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/kubernetes: no available releases match the given constraints ~> 1.10, ~> 1.11.0, != 1.11.0, ~> 2.10

terraform providers

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/kubernetes]
├── provider[registry.terraform.io/hashicorp/template]
├── provider[registry.terraform.io/hashicorp/google] ~> 4.0
├── provider[registry.terraform.io/hashicorp/google-beta] ~> 4.0
├── module.gke
│   └── module.gke
│       ├── provider[registry.terraform.io/hashicorp/kubernetes] ~> 2.10
│       ├── provider[registry.terraform.io/hashicorp/google-beta] >= 4.10.0, < 5.0.0
│       ├── provider[registry.terraform.io/hashicorp/random]
│       └── provider[registry.terraform.io/hashicorp/google]
├── module.gke_gitlab
│   ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.44.0, < 5.0.0
│   ├── provider[registry.terraform.io/hashicorp/helm] ~> 1.2.0
│   ├── provider[registry.terraform.io/hashicorp/kubernetes] ~> 1.11.0
│   ├── provider[registry.terraform.io/hashicorp/null] ~> 2.1.2
│   ├── provider[registry.terraform.io/hashicorp/random] ~> 2.2.1
│   ├── provider[registry.terraform.io/hashicorp/template] ~> 2.1.2
│   ├── provider[registry.terraform.io/hashicorp/google] >= 3.44.0, < 5.0.0
│   ├── provider[registry.terraform.io/hashicorp/time]
│   ├── module.gke
│       ├── provider[registry.terraform.io/hashicorp/google] >= 3.39.0, < 4.0.0
│       ├── provider[registry.terraform.io/hashicorp/kubernetes] ~> 1.10, != 1.11.0
│       ├── provider[registry.terraform.io/hashicorp/random]
│       ├── module.gcloud_delete_default_kube_dns_configmap
│           └── module.gcloud_kubectl
│               ├── provider[registry.terraform.io/hashicorp/null]
│               ├── provider[registry.terraform.io/hashicorp/random]
│               └── provider[registry.terraform.io/hashicorp/external]
│       └── module.gcloud_wait_for_cluster
│           ├── provider[registry.terraform.io/hashicorp/null]
│           ├── provider[registry.terraform.io/hashicorp/random]
│           └── provider[registry.terraform.io/hashicorp/external]
│   ├── module.gke_auth
│       ├── provider[registry.terraform.io/hashicorp/google]
│       └── provider[registry.terraform.io/hashicorp/template]
│   └── module.project_services
│       ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.43.0, < 5.0.0
│       └── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 5.0.0
├── module.pg
│   ├── provider[registry.terraform.io/hashicorp/google-beta] >= 4.4.0, < 5.0.0
│   ├── provider[registry.terraform.io/hashicorp/null] ~> 3.1.0
│   ├── provider[registry.terraform.io/hashicorp/random] ~> 3.1
│   └── provider[registry.terraform.io/hashicorp/google] >= 4.4.0, < 5.0.0
├── module.project_apis
│   ├── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 5.0.0
│   └── provider[registry.terraform.io/hashicorp/google-beta] >= 3.43.0, < 5.0.0
├── module.vpc
│   ├── provider[registry.terraform.io/hashicorp/google] >= 2.12.0, < 5.0.0
│   ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.45.0, < 5.0.0
│   ├── module.firewall_rules
│       └── provider[registry.terraform.io/hashicorp/google] >= 2.12.0, < 5.0.0
│   ├── module.routes
│       └── provider[registry.terraform.io/hashicorp/google] >= 2.12.0, < 5.0.0
│   ├── module.subnets
│       └── provider[registry.terraform.io/hashicorp/google] >= 2.12.0, < 5.0.0
│   └── module.vpc
│       ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.45.0
│       └── provider[registry.terraform.io/hashicorp/google] >= 3.45.0
├── module.bastion
│   ├── provider[registry.terraform.io/hashicorp/google] >= 3.53.0, < 5.0.0
│   ├── provider[registry.terraform.io/hashicorp/random]
│   ├── module.iap_tunneling
│       └── provider[registry.terraform.io/hashicorp/google] >= 3.53.0, < 5.0.0
│   └── module.instance_template
│       └── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 5.0.0
└── module.cloud_nat
    ├── provider[registry.terraform.io/hashicorp/google]
    └── provider[registry.terraform.io/hashicorp/random]

╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│
│   on .terraform/modules/gke_gitlab.gke/auth.tf line 30, in provider "kubernetes":
│   30:   version                = "~> 1.10, != 1.11.0"
│
│ Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this
│ warning, move the provider version constraint into the required_providers block.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

Not changed

Terraform Version

Terraform v1.2.3

Additional information

No response

Facing issue in gitlab-gitlab-runner

TL;DR

While deploying the helm chart, in one of the deployments i.e. gitlab-gitlab-runner I am facing some issues. Refer to the screenshot for better understanding the issue. Could you please tell me how can I fix that issue.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

provider "google" {
  project = var.project_id
}

provider "google-beta" {
  project = var.project_id
}

locals {
  gitlab_db_name = var.gitlab_db_random_prefix ? "${var.gitlab_db_name}-${random_id.suffix[0].hex}" : var.gitlab_db_name
}

resource "random_id" "suffix" {
  count = var.gitlab_db_random_prefix ? 1 : 0

  byte_length = 4
}

module "gke_auth" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/auth"
  version = "~> 24.0"

  project_id   = module.project_services.project_id
  cluster_name = module.gke.name
  location     = module.gke.location

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}

provider "helm" {
  kubernetes {
    cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
    host                   = module.gke_auth.host
    token                  = module.gke_auth.token
  }
}

provider "kubernetes" {
  cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
  host                   = module.gke_auth.host
  token                  = module.gke_auth.token
}

// Services
module "project_services" {
  source  = "terraform-google-modules/project-factory/google//modules/project_services"
  version = "~> 14.0"

  project_id                  = var.project_id
  disable_services_on_destroy = false

  activate_apis = [
    "compute.googleapis.com",
    "container.googleapis.com",
    "servicenetworking.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "redis.googleapis.com"
  ]
}

// GCS Service Account
resource "google_service_account" "gitlab_gcs" {
  project      = var.project_id
  account_id   = "gitlab-gcs"
  display_name = "GitLab Cloud Storage"
}

resource "google_service_account_key" "gitlab_gcs" {
  service_account_id = google_service_account.gitlab_gcs.name
}

resource "google_project_iam_member" "project" {
  project = var.project_id
  role    = "roles/storage.admin"
  member  = "serviceAccount:${google_service_account.gitlab_gcs.email}"
}

// Networking
resource "google_compute_network" "gitlab" {
  name                    = "gitlab"
  project                 = module.project_services.project_id
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "subnetwork" {
  name          = "gitlab"
  ip_cidr_range = var.gitlab_nodes_subnet_cidr
  region        = var.region
  network       = google_compute_network.gitlab.self_link

  secondary_ip_range {
    range_name    = "gitlab-cluster-pod-cidr"
    ip_cidr_range = var.gitlab_pods_subnet_cidr
  }

  secondary_ip_range {
    range_name    = "gitlab-cluster-service-cidr"
    ip_cidr_range = var.gitlab_services_subnet_cidr
  }
}

resource "google_compute_address" "gitlab" {
  name         = "gitlab"
  region       = var.region
  address_type = "EXTERNAL"
  description  = "Gitlab Ingress IP"
  depends_on   = [module.project_services.project_id]
  count        = var.gitlab_address_name == "" ? 1 : 0
}

// Database
resource "google_compute_global_address" "gitlab_sql" {
  provider      = google-beta
  project       = var.project_id
  name          = "gitlab-sql"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  network       = google_compute_network.gitlab.self_link
  address       = "10.1.0.0"
  prefix_length = 16
}

resource "google_service_networking_connection" "private_vpc_connection" {
  provider                = google-beta
  network                 = google_compute_network.gitlab.self_link
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.gitlab_sql.name]
  depends_on              = [module.project_services.project_id]
}

resource "google_sql_database_instance" "gitlab_db" {
  depends_on          = [google_service_networking_connection.private_vpc_connection]
  name                = local.gitlab_db_name
  region              = var.region
  database_version    = "POSTGRES_11"
  deletion_protection = var.gitlab_deletion_protection

  settings {
    tier            = "db-custom-4-15360"
    disk_autoresize = true

    ip_configuration {
      ipv4_enabled    = "false"
      private_network = google_compute_network.gitlab.self_link
    }
  }
}

resource "google_sql_database" "gitlabhq_production" {
  name       = "gitlabhq_production"
  instance   = google_sql_database_instance.gitlab_db.name
  depends_on = [google_sql_user.gitlab]
}

resource "random_string" "autogenerated_gitlab_db_password" {
  length  = 16
  special = false
}

resource "google_sql_user" "gitlab" {
  name     = "gitlab"
  instance = google_sql_database_instance.gitlab_db.name

  # Postgres users cannot be deleted if they have been granted SQL roles
  deletion_policy = "ABANDON"

  password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result
}

// Redis
resource "google_redis_instance" "gitlab" {
  name               = "gitlab"
  tier               = "STANDARD_HA"
  memory_size_gb     = 5
  region             = var.region
  authorized_network = google_compute_network.gitlab.self_link

  depends_on = [module.project_services.project_id]

  display_name = "GitLab Redis"
}

// Cloud Storage
resource "google_storage_bucket" "gitlab-backups" {
  name          = "${var.project_id}-gitlab-backups"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-uploads" {
  name          = "${var.project_id}-gitlab-uploads"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-artifacts" {
  name          = "${var.project_id}-gitlab-artifacts"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "git-lfs" {
  name          = "${var.project_id}-git-lfs"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-packages" {
  name          = "${var.project_id}-gitlab-packages"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-registry" {
  name          = "${var.project_id}-registry"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-pseudo" {
  name          = "${var.project_id}-pseudo"
  location      = var.region
  force_destroy = var.allow_force_destroy
}

resource "google_storage_bucket" "gitlab-runner-cache" {
  name          = "${var.project_id}-runner-cache"
  location      = var.region
  force_destroy = var.allow_force_destroy
}
// GKE Cluster
module "gke" {
  source  = "terraform-google-modules/kubernetes-engine/google"
  version = "~> 24.0"

  # Create an implicit dependency on service activation
  project_id = module.project_services.project_id

  name               = "gitlab"
  region             = var.region
  regional           = true
  kubernetes_version = var.gke_version

  remove_default_node_pool = true
  initial_node_count       = 1

  network           = google_compute_network.gitlab.name
  subnetwork        = google_compute_subnetwork.subnetwork.name
  ip_range_pods     = "gitlab-cluster-pod-cidr"
  ip_range_services = "gitlab-cluster-service-cidr"

  issue_client_certificate = true

  node_pools = [
    {
      name         = "gitlab"
      autoscaling  = false
      machine_type = var.gke_machine_type
      node_count   = 1
    },
  ]

  node_pools_oauth_scopes = {
    all = ["https://www.googleapis.com/auth/cloud-platform"]
  }
}

resource "kubernetes_storage_class" "pd-ssd" {
  metadata {
    name = "pd-ssd"
  }

  storage_provisioner = "kubernetes.io/gce-pd"

  parameters = {
    type = "pd-ssd"
  }

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}

resource "kubernetes_secret" "gitlab_pg" {
  metadata {
    name = "gitlab-pg"
  }

  data = {
    password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result
  }

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}

resource "kubernetes_secret" "gitlab_rails_storage" {
  metadata {
    name = "gitlab-rails-storage"
  }

  data = {
    connection = <<EOT
provider: Google
google_project: ${var.project_id}
google_client_email: ${google_service_account.gitlab_gcs.email}
google_json_key_string: '${base64decode(google_service_account_key.gitlab_gcs.private_key)}'
EOT
  }

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}

resource "kubernetes_secret" "gitlab_registry_storage" {
  metadata {
    name = "gitlab-registry-storage"
  }

  data = {
    "gcs.json" = <<EOT
${base64decode(google_service_account_key.gitlab_gcs.private_key)}
EOT
    storage    = <<EOT
gcs:
  bucket: ${var.project_id}-registry
  keyfile: /etc/docker/registry/storage/gcs.json
EOT
  }

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}


resource "kubernetes_secret" "gitlab_gcs_credentials" {
  metadata {
    name = "google-application-credentials"
  }

  data = {
    gcs-application-credentials-file = base64decode(google_service_account_key.gitlab_gcs.private_key)
  }

  depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}

data "google_compute_address" "gitlab" {
  name   = var.gitlab_address_name
  region = var.region

  # Do not get data if the address is being created as part of the run
  count = var.gitlab_address_name == "" ? 0 : 1
}

locals {
  gitlab_address = var.gitlab_address_name == "" ? google_compute_address.gitlab[0].address : data.google_compute_address.gitlab[0].address
  domain         = var.domain != "" ? var.domain : "${local.gitlab_address}.nip.io"
}

data "template_file" "helm_values" {
  template = file("${path.module}/values.yaml.tpl")

  vars = {
    DOMAIN                = local.domain
    INGRESS_IP            = local.gitlab_address
    DB_PRIVATE_IP         = google_sql_database_instance.gitlab_db.private_ip_address
    REDIS_PRIVATE_IP      = google_redis_instance.gitlab.host
    PROJECT_ID            = var.project_id
    CERT_MANAGER_EMAIL    = var.certmanager_email
    GITLAB_RUNNER_INSTALL = var.gitlab_runner_install
  }
}

resource "time_sleep" "sleep_for_cluster_fix_helm_6361" {
  create_duration  = "180s"
  destroy_duration = "180s"
  depends_on       = [module.gke.endpoint, google_sql_database.gitlabhq_production]
}

resource "helm_release" "gitlab" {
  name       = "gitlab"
  repository = "https://charts.gitlab.io"
  chart      = "gitlab"
  version    = var.helm_chart_version
  timeout    = 1200

  values = [data.template_file.helm_values.rendered]

  depends_on = [
    google_redis_instance.gitlab,
    google_sql_user.gitlab,
    kubernetes_storage_class.pd-ssd,
    kubernetes_secret.gitlab_pg,
    kubernetes_secret.gitlab_rails_storage,
    kubernetes_secret.gitlab_registry_storage,
    kubernetes_secret.gitlab_gcs_credentials,
    time_sleep.sleep_for_cluster_fix_helm_6361,
  ]
}

Terraform Version

terraform {
  required_version = ">= 0.13.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">= 3.49, < 5.0"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = ">= 3.49, < 5.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "~> 2.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 2.1.2"
    }
    random = {
      source  = "hashicorp/random"
      version = ">= 2.2.1"
    }
    template = {
      source  = "hashicorp/template"
      version = ">= 2.1.2"
    }
    time = {
      source  = "hashicorp/time"
      version = "~> 0.9"
    }
  }

  provider_meta "google" {
    module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0"
  }

  provider_meta "google-beta" {
    module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0"
  }
}

Additional information

No response

Update this solution to use helm3

Considering that we now have helm3 provider support with 1.0.0, we should consider updating this solution to remove tiller and use helm3.

why such a trivial example?

The example shows nothing. A better example would how how to specify overrides to the default helm chart.

Modify config.toml for GitLab Runner in values.yaml.tpl

Hi,

I need to enable the privileged mode But I can't seem to get it work with the values.yaml.tpl. What's the best way to tweak items in the config.toml?

I've tried to modify the configmaps directly without luck, see below.

The configmaps looks like this:

$ kubectl get configmaps gitlab-gitlab-runner -o yaml
apiVersion: v1
data:
  check-live: |
    #!/bin/bash
    if /usr/bin/pgrep -f .*register-the-runner; then
      exit 0
    elif /usr/bin/pgrep gitlab.*runner; then
      exit 0
    else
      exit 1
    fi
  config.toml: |
    concurrent = 10
    check_interval = 30
    log_level = "info"
    listen_address = '[::]:9252'
    [runners.kubernetes]
      privileged = true
  configure: |
    set -e
    cp /init-secrets/* /secrets
  entrypoint: |
  ...

As you can see, I've added the [runners.kubernetes] section, which caused the PANIC.

gitlab_project repo creation failing on subsequent runs

I have a gitlab implementation on GKE.
I am using the Gitlab terraform provider to create a project. Using gitlab_project resource.
Here is my main.tf file.

resource "gitlab_project" "test" {
  name = "test"
  namespace_id = 1
}

The first apply completes successfully without issues and the repo is successfully created.
Immediately running terraform apply after the first run fails with the following error.

Error: PUT https://gitlab.endpoints.projectid.cloud.goog/api/v4/projects/6: 400 {error: allow_merge_on_skipped_pipeline, autoclose_referenced_issues, auto_devops_enabled, auto_devops_deploy_strategy, auto_cancel_pending_pipelines, build_coverage_regex, build_git_strategy, build_timeout, builds_access_level, ci_config_path, ci_default_git_depth, container_registry_enabled, container_expiration_policy_attributes, default_branch, description, emails_disabled, forking_access_level, issues_access_level, lfs_enabled, merge_requests_access_level, merge_method, name, only_allow_merge_if_all_discussions_are_resolved, only_allow_merge_if_pipeline_succeeds, pages_access_level, path, printing_merge_request_link_enabled, public_builds, remove_source_branch_after_merge, repository_access_level, request_access_enabled, resolve_outdated_diff_discussions, shared_runners_enabled, snippets_access_level, tag_list, visibility, wiki_access_level, avatar, suggestion_commit_message, repository_storage, compliance_framework_setting, service_desk_enabled, issues_enabled, jobs_enabled, merge_requests_enabled, wiki_enabled, snippets_enabled are missing, at least one parameter must be provided}

  on main.tf line 1, in resource "gitlab_project" "test":
   1: resource "gitlab_project" "test" {

I have produced this error many many times and it is consistent.
I have tried with various terraform versions including 0.12.24, 0.12.26, 0.12.29and0.13.4`.
They all fail with the same error.

Unable to plug existing VPC into terraform

TL;DR

This module seems to want to make everything from scratch, VPC, DB etc.
What is the process for plugging in an existing VPC?

Expected behavior

Possibility to plug in existing VPC

Observed behavior

TF creates its own VPC

Terraform Configuration

Using the main.tf file

Terraform Version

0.13

Additional information

No response

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

chore(deps): Update cft/developer-tools Docker tag to v1.22
fix(deps): Update Terraform time to ~> 0.12
chore(deps): Update Terraform terraform-google-modules/project-factory/google to v15
feat(deps): Update Terraform Google Provider to v5 (major) (google, google-beta)
fix(deps)!: Update Terraform terraform-google-modules/kubernetes-engine/google to v31
Click on this checkbox to rebase all open PRs at once

Detected dependencies

regex

Makefile

cft/developer-tools 1.13

build/int.cloudbuild.yaml

cft/developer-tools 1.13

build/lint.cloudbuild.yaml

cft/developer-tools 1.13

terraform

examples/simple_example/main.tf

terraform-google-modules/gke-gitlab/google ~> 3.0

examples/simple_example/versions.tf

google >= 3.44, < 5.0

google-beta >= 3.44, < 5.0

hashicorp/terraform >= 0.13

main.tf

terraform-google-modules/kubernetes-engine/google ~> 24.0

terraform-google-modules/kubernetes-engine/google ~> 24.0

terraform-google-modules/project-factory/google ~> 14.0

test/fixtures/simple_example/main.tf

test/setup/main.tf

terraform-google-modules/project-factory/google ~> 14.0

test/setup/versions.tf

google >= 3.44, < 5.0

google-beta >= 3.44, < 5.0

hashicorp/terraform >= 0.13.0

versions.tf

google >= 3.49, < 5.0

google-beta >= 3.49, < 5.0

helm ~> 2.0

kubernetes ~> 2.0

null >= 2.1.2

random >= 2.2.1

template >= 2.1.2

time ~> 0.9

hashicorp/terraform >= 0.13.0

Check this box to trigger a request for Renovate to run again on this repository

terraform-google-modules / terraform-google-gke-gitlab Goto Github PK

terraform-google-gke-gitlab's People

Contributors

Stargazers

Watchers

Forkers

terraform-google-gke-gitlab's Issues

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Terraform Resources

Detailed design

Additional information

TL;DR

Terraform Resources

Detailed design

Additional information

TL;DR

Terraform Resources

Detailed design

Additional information

TL;DR

Terraform Resources

Detailed design

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Terraform Resources

Detailed design

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version