From 775969fe5ade4074077c485045e949aa0c22390e Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 14:37:34 +0200 Subject: [PATCH 1/7] Add terraform-validate action --- .github/workflows/terraform-validate.yaml | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/terraform-validate.yaml diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..f56b150 --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,27 @@ +name: terraform-validate +on: + push: + branches: + - main + - dev +jobs: + validate: + name: Terraform Validate + runs-on: ubuntu-24.04 + defaults: + run: + working-directory: ./terraform + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.1.7" + + - name: Initialize Terraform project + run: terraform init -backend=false + + - name: Run Terraform Validate + run: terraform validate From 4deba675ee3551a5e32eeca385a429636fcc68da Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 14:38:28 +0200 Subject: [PATCH 2/7] Fix Terraform version in terraform-validate action --- .github/workflows/terraform-validate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml index f56b150..7fa7ffe 100644 --- a/.github/workflows/terraform-validate.yaml +++ b/.github/workflows/terraform-validate.yaml @@ -18,7 +18,7 @@ jobs: - name: Set up Terraform uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.1.7" + terraform_version: "1.14.7" - name: Initialize Terraform project run: terraform init -backend=false From b9144208a7b9881704e2e80880b21129fa4dca76 Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 16:11:52 +0200 Subject: [PATCH 3/7] Implement GitLab --- Makefile | 0 helm/gitlab/values.yaml | 63 ++++++++++++++++++++++++ terraform/cluster.tf | 20 ++++++++ terraform/dependencies.tf | 8 +++ terraform/helm.tf | 29 +++++++++++ terraform/kubernetes.tf | 100 ++++++++++++++++++++++++++++++++------ terraform/postgres.tf | 2 +- terraform/providers.tf | 18 +++++++ terraform/spaces.tf | 4 +- 9 files changed, 227 insertions(+), 17 deletions(-) create mode 100644 Makefile create mode 100644 helm/gitlab/values.yaml create mode 100644 terraform/cluster.tf create mode 100644 terraform/helm.tf diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/helm/gitlab/values.yaml b/helm/gitlab/values.yaml new file mode 100644 index 0000000..f651fec --- /dev/null +++ b/helm/gitlab/values.yaml @@ -0,0 +1,63 @@ +global: + edition: ce + + hosts: + domain: ${domain} + https: true + gitlab: + name: ${gitlab_host}.${domain} + registry: + name: ${registry_host}.${domain} + + psql: + host: ${postgres_host} + port: ${postgres_port} + database: ${postgres_database} + username: ${postgres_username} + password: + secret: gitlab-postgres-secret + key: password + + redis: + host: ${redis_host} + port: ${redis_port} + auth: + enabled: true + secret: gitlab-redis-secret + key: password + + appConfig: + object_store: + enabled: true + proxy_download: true + connection: + secret: gitlab-s3-main-secret + key: connection + + arifacts: + bucket: ${bucket["artifacts"]} + connection: {} + uploads: + bucket: ${bucket["uploads"]} + connection: {} + packages: + bucket: ${bucket["packages"]} + connection: {} + lfs: + bucket: ${bucket["lfs"]} + connection: {} + backups: + bucket: ${bucket["backups"]} + tmpBucket: ${bucket["backups"]} + + time_zone: UTC + + +postgresql: + install: false + +redis: + install: false + +minio: + install: false \ No newline at end of file diff --git a/terraform/cluster.tf b/terraform/cluster.tf new file mode 100644 index 0000000..5cf6f23 --- /dev/null +++ b/terraform/cluster.tf @@ -0,0 +1,20 @@ +data "digitalocean_kubernetes_versions" "current" { + version_prefix = var.k8s_version +} + +resource "digitalocean_kubernetes_cluster" "main" { + name = var.cluster_name + region = var.region + version = data.digitalocean_kubernetes_versions.current.latest_version + vpc_uuid = digitalocean_vpc.main.id + + auto_upgrade = false + surge_upgrade = true + + node_pool { + name = "default" + size = var.node_size + node_count = var.node_count + labels = { role = "general" } + } +} \ No newline at end of file diff --git a/terraform/dependencies.tf b/terraform/dependencies.tf index 833b366..cb1de5d 100644 --- a/terraform/dependencies.tf +++ b/terraform/dependencies.tf @@ -6,6 +6,14 @@ terraform { source = "digitalocean/digitalocean" version = "~> 2.81.0" } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 3.0.1" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.1.1" + } random = { source = "hashicorp/random" version = "~> 3.8.1" diff --git a/terraform/helm.tf b/terraform/helm.tf new file mode 100644 index 0000000..64a29f8 --- /dev/null +++ b/terraform/helm.tf @@ -0,0 +1,29 @@ +resource "helm_release" "gitlab" { + name = "gitlab" + namespace = kubernetes_namespace.gitlab.metadata[0].name + repository = "https://charts.gitlab.io/" + chart = "gitlab" + + values = [ + templatefile("${path.module}/../helm/gitlab/values.yaml", { + domain = var.domain_name + gitlab_host = var.gitlab_host + registry_host = var.registry_host + postgres_host = digitalocean_database_cluster.postgres.private_host + postgres_port = digitalocean_database_cluster.postgres.port + postgres_database = digitalocean_database_db.gitlab.name + postgres_user = digitalocean_database_user.gitlab.name + redis_host = digitalocean_database_cluster.valkey.private_host + redis_port = digitalocean_database_cluster.valkey.port + buckets = {for key, bucket in digitalocean_spaces_bucket.gitlab : key => bucket.name} + }) + ] + + depends_on = [ + kubernetes_secret.gitlab_postgres, + kubernetes_secret.gitlab_redis, + kubernetes_secret.gitlab_s3, + digitalocean_database_db.postgres, + digitalocean_database_db.valkey + ] +} \ No newline at end of file diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index 5cf6f23..c70f5d5 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -1,20 +1,92 @@ -data "digitalocean_kubernetes_versions" "current" { - version_prefix = var.k8s_version +resource "kubernetes_namespace" "gitlab" { + metadata { + name = "gitlab" + } + + depends_on = [ digitalocean_kubernetes_cluster.main ] +} + +resource "kubernetes_secret" "gitlab_postgres" { + metadata { + name = "gitlab-postgres-secret" + namespace = kubernetes_namespace.gitlab.metadata[0].name + } + + data = { + password = digitalocean_database_user.gitlab.password + } + + type = "Opaque" } -resource "digitalocean_kubernetes_cluster" "main" { - name = var.cluster_name - region = var.region - version = data.digitalocean_kubernetes_versions.current.latest_version - vpc_uuid = digitalocean_vpc.main.id +resource "kubernetes_secret" "gitlab_redis" { + metadata { + name = "gitlab-redis-secret" + namespace = kubernetes_namespace.gitlab.metadata[0].name + } + + data = { + password = digitalocean_database_user.gitlab.password + } - auto_upgrade = false - surge_upgrade = true + type = "Opaque" +} + +resource "kubernetes_secret" "gitlab_s3_main" { + metadata { + name = "gitlab-s3-main-secret" + namespace = kubernetes_namespace.gitlab.metadata[0].name + } - node_pool { - name = "default" - size = var.node_size - node_count = var.node_count - labels = { role = "general" } + data = { + connection = yamlencode({ + provider = "AWS" + region = var.region + endpoint = "https://${var.region}.digitaloceanspaces.com" + aws_access_key_id = var.spaces_access_id + aws_secret_access_key = var.spaces_secret_key + path_style = true + }) } + + type = "Opaque" +} + +resource "kubernetes_secret" "gitlab_s3_registry" { + metadata { + name = "gitlab-s3-main-secret" + namespace = kubernetes_namespace.gitlab.metadata[0].name + } + + data = { + connection = yamlencode({ + accesskey = var.spaces_access_id + secretkey = var.spaces_secret_key + region = var.region + regionendpoint = "https://${var.region}.digitaloceanspaces.com" + bucket = digitalocean_spaces_bucket.gitlab.registry.name + }) + } + + type = "Opaque" +} + +resource "kubernetes_secret" "gitlab_s3_backup" { + metadata { + name = "gitlab-s3-main-secret" + namespace = kubernetes_namespace.gitlab.metadata[0].name + } + + data = { + connection = yamlencode({ + provider = "AWS" + region = var.region + endpoint = "https://${var.region}.digitaloceanspaces.com" + aws_access_key_id = var.spaces_access_id + aws_secret_access_key = var.spaces_secret_key + path_style = true + }) + } + + type = "Opaque" } \ No newline at end of file diff --git a/terraform/postgres.tf b/terraform/postgres.tf index 152ca93..97f527e 100644 --- a/terraform/postgres.tf +++ b/terraform/postgres.tf @@ -10,7 +10,7 @@ resource "digitalocean_database_cluster" "postgres" { resource "digitalocean_database_db" "gitlab" { cluster_id = digitalocean_database_cluster.postgres.id - name = "gitlab_production" + name = "gitlab" } resource "digitalocean_database_user" "gitlab" { diff --git a/terraform/providers.tf b/terraform/providers.tf index 125e9fb..e7a75a2 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -2,4 +2,22 @@ provider "digitalocean" { token = var.do_token spaces_access_id = var.spaces_access_id spaces_secret_key = var.spaces_secret_key +} + +provider "kubernetes" { + host = digitalocean_kubernetes_cluster.main.endpoint + token = digitalocean_kubernetes_cluster.main.kube_config[0].token + cluster_ca_certificate = base64decode( + digitalocean_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate + ) +} + +provider "helm" { + kubernetes = { + host = digitalocean_kubernetes_cluster.main.endpoint + token = digitalocean_kubernetes_cluster.main.kube_config[0].token + cluster_ca_certificate = base64decode( + digitalocean_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate + ) + } } \ No newline at end of file diff --git a/terraform/spaces.tf b/terraform/spaces.tf index 7ad770a..43ff734 100644 --- a/terraform/spaces.tf +++ b/terraform/spaces.tf @@ -1,5 +1,5 @@ locals { - spaces = toset([ + buckets = toset([ "artifacts", "lfs", "uploads", "packages", "registry", "backups", "tmp", "ci-secure-files", "dependency-proxy", "terraform-state", "pages" @@ -11,7 +11,7 @@ resource "random_id" "suffix" { } resource "digitalocean_spaces_bucket" "gitlab" { - for_each = local.spaces + for_each = local.buckets name = "${var.cluster_name}-${each.key}-${random_id.suffix.hex}" region = var.region acl = "private" From 669799c0a8fce421a0ed5b851bdb0f43fd09a602 Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 16:16:30 +0200 Subject: [PATCH 4/7] Bug fixes --- terraform/helm.tf | 4 ++-- terraform/kubernetes.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/helm.tf b/terraform/helm.tf index 64a29f8..e22e3a1 100644 --- a/terraform/helm.tf +++ b/terraform/helm.tf @@ -12,7 +12,7 @@ resource "helm_release" "gitlab" { postgres_host = digitalocean_database_cluster.postgres.private_host postgres_port = digitalocean_database_cluster.postgres.port postgres_database = digitalocean_database_db.gitlab.name - postgres_user = digitalocean_database_user.gitlab.name + postgres_username = digitalocean_database_user.gitlab.name redis_host = digitalocean_database_cluster.valkey.private_host redis_port = digitalocean_database_cluster.valkey.port buckets = {for key, bucket in digitalocean_spaces_bucket.gitlab : key => bucket.name} @@ -22,7 +22,7 @@ resource "helm_release" "gitlab" { depends_on = [ kubernetes_secret.gitlab_postgres, kubernetes_secret.gitlab_redis, - kubernetes_secret.gitlab_s3, + kubernetes_secret.gitlab_s3_main, digitalocean_database_db.postgres, digitalocean_database_db.valkey ] diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index c70f5d5..79e1378 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -64,7 +64,7 @@ resource "kubernetes_secret" "gitlab_s3_registry" { secretkey = var.spaces_secret_key region = var.region regionendpoint = "https://${var.region}.digitaloceanspaces.com" - bucket = digitalocean_spaces_bucket.gitlab.registry.name + bucket = digitalocean_spaces_bucket.gitlab["registry"].name }) } From 71cf0b8401d36674d52e35f2c0d4e20fe0204aa1 Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 16:22:26 +0200 Subject: [PATCH 5/7] Bug fixes --- helm/gitlab/values.yaml | 12 ++--- terraform/.terraform.lock.hcl | 86 +++++++++++++++++++++++++++++++++++ terraform/helm.tf | 11 ++--- terraform/kubernetes.tf | 22 ++++----- 4 files changed, 108 insertions(+), 23 deletions(-) create mode 100644 terraform/.terraform.lock.hcl diff --git a/helm/gitlab/values.yaml b/helm/gitlab/values.yaml index f651fec..7b50c20 100644 --- a/helm/gitlab/values.yaml +++ b/helm/gitlab/values.yaml @@ -35,20 +35,20 @@ global: key: connection arifacts: - bucket: ${bucket["artifacts"]} + bucket: ${buckets["artifacts"]} connection: {} uploads: - bucket: ${bucket["uploads"]} + bucket: ${buckets["uploads"]} connection: {} packages: - bucket: ${bucket["packages"]} + bucket: ${buckets["packages"]} connection: {} lfs: - bucket: ${bucket["lfs"]} + bucket: ${buckets["lfs"]} connection: {} backups: - bucket: ${bucket["backups"]} - tmpBucket: ${bucket["backups"]} + bucket: ${buckets["backups"]} + tmpBucket: ${buckets["backups"]} time_zone: UTC diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100644 index 0000000..6050c21 --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,86 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.81.0" + constraints = "~> 2.81.0" + hashes = [ + "h1:4NJJAikBSEbuPNXsrH0DIkkJYdqwNHgFIetBBFKzVDA=", + "zh:0a35eca6ee12b78f4a080b02f1f77b51159d919cfddc15aea0855b41d3632013", + "zh:0f871a3f513b789be86403c8b0568f86425fd3c4c3acb971f1f01c8ff165aafc", + "zh:5b15aa1cc7cbfdb12f2b97b7bd55f1e77dac844d7312919b9727ba11f4a92e56", + "zh:9be812992b0720161ec5f0518957a3b406728dbc31b437f0a336781eb6915714", + "zh:9f2bf1509893ebcc4659408c1aff4f7337646a0369863c6d762998ec8f025d0f", + "zh:a297f7c3d1192efb0f16ca5d9d5df4ac074f8d0f474b1c7d259884dd56998b26", + "zh:a81e51fead5aac3e060cbe58f1bb8e4bc32e030668bf6a0511496a4a2a8c60ee", + "zh:cc224fbe556281319cd2e525368b6c90b360e2ad1c58771eeb2dfd7ce2153ab9", + "zh:d40bc07848e8bbce99fe66a6da12d279cb91caedd0ec61c6948b57f2e076f359", + "zh:d470e974fb520fe2b462f15a44069915636cbbb937a80584414357b045c8b910", + "zh:db4c728d0f26bf24c4d4c0f8000de73f79ef35a16b96c3306b6bccb91abf4b16", + "zh:df02c98612152e31aac9d4d894134949608fa6d666da338ef76e4eec40be45c3", + "zh:e8f47d8cc609e53a290e73064bb6efb9d5ff576e8389e53919e140fbafff9f1c", + "zh:eb1942471dfb434ac96ed5c6e7d7360ed1e314b8c0fa9e4bbfb38c1f83b9f33e", + "zh:fc1f47533813c1abf7888fd8f84a15876d9f7acd62b6746de2db1ca6816bf1e9", + "zh:ff57bb5b47460e2c7cde320ad50851ca0ae3931d3ab21bfc2af0a8f1fb5cdd9c", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "3.1.1" + constraints = "~> 3.1.1" + hashes = [ + "h1:s68EnUScdj1dXoXrNBaH/AIk18R2ryKeHY5H0ETfUws=", + "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275", + "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a", + "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29", + "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104", + "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990", + "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34", + "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8", + "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1", + "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b", + "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903", + "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "3.0.1" + constraints = "~> 3.0.1" + hashes = [ + "h1:wZsAFR6ICMxB29/a4nlwdLcyWxQChEubkut0ffk5BPc=", + "zh:02d55b0b2238fd17ffa12d5464593864e80f402b90b31f6e1bd02249b9727281", + "zh:20b93a51bfeed82682b3c12f09bac3031f5bdb4977c47c97a042e4df4fb2f9ba", + "zh:6e14486ecfaee38c09ccf33d4fdaf791409f90795c1b66e026c226fad8bc03c7", + "zh:8d0656ff422df94575668e32c310980193fccb1c28117e5c78dd2d4050a760a6", + "zh:9795119b30ec0c1baa99a79abace56ac850b6e6fbce60e7f6067792f6eb4b5f4", + "zh:b388c87acc40f6bd9620f4e23f01f3c7b41d9b88a68d5255dec0a72f0bdec249", + "zh:b59abd0a980649c2f97f172392f080eaeb18e486b603f83bf95f5d93aeccc090", + "zh:ba6e3060fddf4a022087d8f09e38aa0001c705f21170c2ded3d1c26c12f70d97", + "zh:c12626d044b1d5501cf95ca78cbe507c13ad1dd9f12d4736df66eb8e5f336eb8", + "zh:c55203240d50f4cdeb3df1e1760630d677679f5b1a6ffd9eba23662a4ad05119", + "zh:ea206a5a32d6e0d6e32f1849ad703da9a28355d9c516282a8458b5cf1502b2a1", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.8.1" + constraints = "~> 3.8.1" + hashes = [ + "h1:osH3aBqEARwOz3VBJKdpFKJJCNIdgRC6k8vPojkLmlY=", + "zh:08dd03b918c7b55713026037c5400c48af5b9f468f483463321bd18e17b907b4", + "zh:0eee654a5542dc1d41920bbf2419032d6f0d5625b03bd81339e5b33394a3e0ae", + "zh:229665ddf060aa0ed315597908483eee5b818a17d09b6417a0f52fd9405c4f57", + "zh:2469d2e48f28076254a2a3fc327f184914566d9e40c5780b8d96ebf7205f8bc0", + "zh:37d7eb334d9561f335e748280f5535a384a88675af9a9eac439d4cfd663bcb66", + "zh:741101426a2f2c52dee37122f0f4a2f2d6af6d852cb1db634480a86398fa3511", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a902473f08ef8df62cfe6116bd6c157070a93f66622384300de235a533e9d4a9", + "zh:b85c511a23e57a2147355932b3b6dce2a11e856b941165793a0c3d7578d94d05", + "zh:c5172226d18eaac95b1daac80172287b69d4ce32750c82ad77fa0768be4ea4b8", + "zh:dab4434dba34aad569b0bc243c2d3f3ff86dd7740def373f2a49816bd2ff819b", + "zh:f49fd62aa8c5525a5c17abd51e27ca5e213881d58882fd42fec4a545b53c9699", + ] +} diff --git a/terraform/helm.tf b/terraform/helm.tf index e22e3a1..42f90f6 100644 --- a/terraform/helm.tf +++ b/terraform/helm.tf @@ -1,6 +1,6 @@ resource "helm_release" "gitlab" { name = "gitlab" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name repository = "https://charts.gitlab.io/" chart = "gitlab" @@ -20,10 +20,9 @@ resource "helm_release" "gitlab" { ] depends_on = [ - kubernetes_secret.gitlab_postgres, - kubernetes_secret.gitlab_redis, - kubernetes_secret.gitlab_s3_main, - digitalocean_database_db.postgres, - digitalocean_database_db.valkey + kubernetes_secret_v1.gitlab_postgres, + kubernetes_secret_v1.gitlab_redis, + kubernetes_secret_v1.gitlab_s3_main, + digitalocean_database_db.gitlab ] } \ No newline at end of file diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index 79e1378..4969c35 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -1,4 +1,4 @@ -resource "kubernetes_namespace" "gitlab" { +resource "kubernetes_namespace_v1" "gitlab" { metadata { name = "gitlab" } @@ -6,10 +6,10 @@ resource "kubernetes_namespace" "gitlab" { depends_on = [ digitalocean_kubernetes_cluster.main ] } -resource "kubernetes_secret" "gitlab_postgres" { +resource "kubernetes_secret_v1" "gitlab_postgres" { metadata { name = "gitlab-postgres-secret" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } data = { @@ -19,10 +19,10 @@ resource "kubernetes_secret" "gitlab_postgres" { type = "Opaque" } -resource "kubernetes_secret" "gitlab_redis" { +resource "kubernetes_secret_v1" "gitlab_redis" { metadata { name = "gitlab-redis-secret" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } data = { @@ -32,10 +32,10 @@ resource "kubernetes_secret" "gitlab_redis" { type = "Opaque" } -resource "kubernetes_secret" "gitlab_s3_main" { +resource "kubernetes_secret_v1" "gitlab_s3_main" { metadata { name = "gitlab-s3-main-secret" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } data = { @@ -52,10 +52,10 @@ resource "kubernetes_secret" "gitlab_s3_main" { type = "Opaque" } -resource "kubernetes_secret" "gitlab_s3_registry" { +resource "kubernetes_secret_v1" "gitlab_s3_registry" { metadata { name = "gitlab-s3-main-secret" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } data = { @@ -71,10 +71,10 @@ resource "kubernetes_secret" "gitlab_s3_registry" { type = "Opaque" } -resource "kubernetes_secret" "gitlab_s3_backup" { +resource "kubernetes_secret_v1" "gitlab_s3_backup" { metadata { name = "gitlab-s3-main-secret" - namespace = kubernetes_namespace.gitlab.metadata[0].name + namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } data = { From 53843ea4c8b4aca7b08470b8df1d6bb786b7356e Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 16:37:12 +0200 Subject: [PATCH 6/7] Pin terraform-validate to full SHAs --- .github/workflows/terraform-validate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml index 7fa7ffe..345d57c 100644 --- a/.github/workflows/terraform-validate.yaml +++ b/.github/workflows/terraform-validate.yaml @@ -13,10 +13,10 @@ jobs: working-directory: ./terraform steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 with: terraform_version: "1.14.7" From ab74aed60f34e387505149d757084797becb396d Mon Sep 17 00:00:00 2001 From: clofour <208706398+clofour@users.noreply.github.com> Date: Sun, 12 Apr 2026 16:45:04 +0200 Subject: [PATCH 7/7] Bug fixes --- helm/gitlab/values.yaml | 2 +- terraform/helm.tf | 1 + terraform/kubernetes.tf | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/helm/gitlab/values.yaml b/helm/gitlab/values.yaml index 7b50c20..78e7d59 100644 --- a/helm/gitlab/values.yaml +++ b/helm/gitlab/values.yaml @@ -34,7 +34,7 @@ global: secret: gitlab-s3-main-secret key: connection - arifacts: + artifacts: bucket: ${buckets["artifacts"]} connection: {} uploads: diff --git a/terraform/helm.tf b/terraform/helm.tf index 42f90f6..e2dba68 100644 --- a/terraform/helm.tf +++ b/terraform/helm.tf @@ -3,6 +3,7 @@ resource "helm_release" "gitlab" { namespace = kubernetes_namespace_v1.gitlab.metadata[0].name repository = "https://charts.gitlab.io/" chart = "gitlab" + version = "9.10.3" values = [ templatefile("${path.module}/../helm/gitlab/values.yaml", { diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index 4969c35..79a4b1f 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -26,7 +26,7 @@ resource "kubernetes_secret_v1" "gitlab_redis" { } data = { - password = digitalocean_database_user.gitlab.password + password = digitalocean_database_cluster.valkey.password } type = "Opaque" @@ -54,7 +54,7 @@ resource "kubernetes_secret_v1" "gitlab_s3_main" { resource "kubernetes_secret_v1" "gitlab_s3_registry" { metadata { - name = "gitlab-s3-main-secret" + name = "gitlab-s3-registry-secret" namespace = kubernetes_namespace_v1.gitlab.metadata[0].name } @@ -73,7 +73,7 @@ resource "kubernetes_secret_v1" "gitlab_s3_registry" { resource "kubernetes_secret_v1" "gitlab_s3_backup" { metadata { - name = "gitlab-s3-main-secret" + name = "gitlab-s3-backup-secret" namespace = kubernetes_namespace_v1.gitlab.metadata[0].name }