chore: remove pepr restarter and upgrade gitlab package (#307)

* Remove pepr restarter and upgrade gitlab package * Fix security context settings * fix: rm whitespace --------- Co-authored-by: MxNxPx <[email protected]>
defenseunicorns · Dec 7, 2024 · daf6421 · daf6421
1 parent 99cdb93
commit daf6421
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 23 deletions.
diff --git a/bundles/rke2/uds-bundle.yaml b/bundles/rke2/uds-bundle.yaml
@@ -28,6 +28,8 @@ x-gitlab-init-security-context: &gitlab-init-security-context
   privileged: true
   readOnlyRootFilesystem: false
   runAsUser: 0
+  allowPrivilegeEscalation: true
+  runAsNonRoot: false
 
 packages:
   # Zarf init
@@ -519,7 +521,7 @@ packages:
 
   - name: gitlab
     repository: ghcr.io/defenseunicorns/packages/uds/gitlab
-    ref: 17.2.9-uds.0-registry1
+    ref: 17.5.2-uds.1-registry1
     imports:
       - name: GITLAB_DB_USERNAME
         package: gitlab-pgbouncer-rw
@@ -571,19 +573,7 @@ packages:
             - path: gitlab.gitaly.securityContext.fsGroupChangePolicy  # https://docs.gitlab.com/ee/administration/gitaly/kubernetes.html#persistent-volume-permissions
               value: OnRootMismatch
             - path: gitlab.gitaly.cgroups.initContainer.image.tag
-              value: v17.2.9
-            - path: gitlab.gitaly.cgroups.initContainer.securityContext # These should be the default https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/gitaly/values.yaml?ref_type=heads#L56
-              value:                                                    # but are overridden somewhere to 1000 so setting them back to 0 here.
-                runAsUser: 0
-                runAsGroup: 0
-                privileged: true  # privileged needs added, was not in upstream helm
-            - path: gitlab.gitaly.containerSecurityContext
-              value:
-                runAsUser: 1000
-                allowPrivilegeEscalation: false
-                runAsNonRoot: true
-                capabilities:
-                  drop: ["ALL"]
+              value: v17.5.2
             - path: global.psql.host
               description: "GitLab DB host should point to kubernetes service for read/write pgbouncer cluster."
               value: "pgbouncer.gitlab-pgbouncer-rw.svc.cluster.local"

diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
@@ -21,7 +21,7 @@ components:
           - gitlab/envoy-filter.yaml
           - gitlab/gitaly-priority-class.yaml
     images:
-      - registry.gitlab.com/gitlab-org/build/cng/gitaly-init-cgroups:v17.2.9  # Remember to redeploy this package if changing stuff around this image in the gitlab package
+      - registry.gitlab.com/gitlab-org/build/cng/gitaly-init-cgroups:v17.5.2  # Remember to redeploy this package if changing stuff around this image in the gitlab package
 
   - name: pepr-policy-exemptions
     required: true
@@ -31,11 +31,3 @@ components:
           - pepr-policy-exemptions/nutanix-csi-exemptions.yaml
           - pepr-policy-exemptions/metallb-exemptions.yaml
           - pepr-policy-exemptions/gitlab-exemptions.yaml
-  - name: jobs
-    required: true
-    manifests:
-      - name: jobs-manifests
-        files:
-          - jobs/pepr-restart-job.yaml
-    images:
-      - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.6
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
@@ -35,6 +35,24 @@ tasks:
     actions:
       - cmd: docker run --rm -e ARCH="${ARCH}" -e BUNDLE_VERSION="${BUNDLE_VERSION}" -e BUNDLE_TYPE="${INPUT_BUNDLE_TYPE}" -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -e PACKAGE_LIST="${INPUT_PACKAGE_LIST}" -v /tmp:/tmp -v "${INPUT_CONFIG_DIR}":/configs -v "${INPUT_BUILD_DIR}":/build "${DEPLOY_IMAGE}" bash -c 'uds deploy /build/uds-bundle-software-factory-nutanix-${BUNDLE_TYPE}-${ARCH}-${BUNDLE_VERSION}.tar.zst ${PACKAGE_LIST} --no-progress --confirm'
 
+  - name: remove-bundle
+    description: Remove bundle based on configured input build and config directories
+    inputs:
+      build_dir:
+        default: ./build
+        description: Input for the path to the build directory containing the uds bundle to deploy
+      config_dir:
+        default: ./scratch/configs/dev
+        description: Input for the path to the directory containing the uds-config.yaml to use for deploying the bundle
+      package_list:
+        default: ""
+        description: Input to specify packages that should be deployed from the bundle
+      bundle_type:
+        default: "rke2"
+        description: Input to specify the type of bundle to deploy
+    actions:
+      - cmd: docker run --rm -e ARCH="${ARCH}" -e BUNDLE_VERSION="${BUNDLE_VERSION}" -e BUNDLE_TYPE="${INPUT_BUNDLE_TYPE}" -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -e PACKAGE_LIST="${INPUT_PACKAGE_LIST}" -v /tmp:/tmp -v "${INPUT_CONFIG_DIR}":/configs -v "${INPUT_BUILD_DIR}":/build "${DEPLOY_IMAGE}" bash -c 'uds remove /build/uds-bundle-software-factory-nutanix-${BUNDLE_TYPE}-${ARCH}-${BUNDLE_VERSION}.tar.zst ${PACKAGE_LIST} --no-progress --confirm'
+
   - name: deploy-published
     description: Deploy published oci of bundle from ghcr
     inputs: