Facing issue in gitlab-gitlab-runner
Chandan-Pradhan opened this issue · comments
Chandan Pradhan commented
TL;DR
While deploying the helm chart, in one of the deployments i.e. gitlab-gitlab-runner I am facing some issues. Refer to the screenshot for better understanding the issue. Could you please tell me how can I fix that issue.
Expected behavior
No response
Observed behavior
No response
Terraform Configuration
provider "google" {
project = var.project_id
}
provider "google-beta" {
project = var.project_id
}
locals {
gitlab_db_name = var.gitlab_db_random_prefix ? "${var.gitlab_db_name}-${random_id.suffix[0].hex}" : var.gitlab_db_name
}
resource "random_id" "suffix" {
count = var.gitlab_db_random_prefix ? 1 : 0
byte_length = 4
}
module "gke_auth" {
source = "terraform-google-modules/kubernetes-engine/google//modules/auth"
version = "~> 24.0"
project_id = module.project_services.project_id
cluster_name = module.gke.name
location = module.gke.location
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
provider "helm" {
kubernetes {
cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
host = module.gke_auth.host
token = module.gke_auth.token
}
}
provider "kubernetes" {
cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
host = module.gke_auth.host
token = module.gke_auth.token
}
// Services
module "project_services" {
source = "terraform-google-modules/project-factory/google//modules/project_services"
version = "~> 14.0"
project_id = var.project_id
disable_services_on_destroy = false
activate_apis = [
"compute.googleapis.com",
"container.googleapis.com",
"servicenetworking.googleapis.com",
"cloudresourcemanager.googleapis.com",
"redis.googleapis.com"
]
}
// GCS Service Account
resource "google_service_account" "gitlab_gcs" {
project = var.project_id
account_id = "gitlab-gcs"
display_name = "GitLab Cloud Storage"
}
resource "google_service_account_key" "gitlab_gcs" {
service_account_id = google_service_account.gitlab_gcs.name
}
resource "google_project_iam_member" "project" {
project = var.project_id
role = "roles/storage.admin"
member = "serviceAccount:${google_service_account.gitlab_gcs.email}"
}
// Networking
resource "google_compute_network" "gitlab" {
name = "gitlab"
project = module.project_services.project_id
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "gitlab"
ip_cidr_range = var.gitlab_nodes_subnet_cidr
region = var.region
network = google_compute_network.gitlab.self_link
secondary_ip_range {
range_name = "gitlab-cluster-pod-cidr"
ip_cidr_range = var.gitlab_pods_subnet_cidr
}
secondary_ip_range {
range_name = "gitlab-cluster-service-cidr"
ip_cidr_range = var.gitlab_services_subnet_cidr
}
}
resource "google_compute_address" "gitlab" {
name = "gitlab"
region = var.region
address_type = "EXTERNAL"
description = "Gitlab Ingress IP"
depends_on = [module.project_services.project_id]
count = var.gitlab_address_name == "" ? 1 : 0
}
// Database
resource "google_compute_global_address" "gitlab_sql" {
provider = google-beta
project = var.project_id
name = "gitlab-sql"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
network = google_compute_network.gitlab.self_link
address = "10.1.0.0"
prefix_length = 16
}
resource "google_service_networking_connection" "private_vpc_connection" {
provider = google-beta
network = google_compute_network.gitlab.self_link
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.gitlab_sql.name]
depends_on = [module.project_services.project_id]
}
resource "google_sql_database_instance" "gitlab_db" {
depends_on = [google_service_networking_connection.private_vpc_connection]
name = local.gitlab_db_name
region = var.region
database_version = "POSTGRES_11"
deletion_protection = var.gitlab_deletion_protection
settings {
tier = "db-custom-4-15360"
disk_autoresize = true
ip_configuration {
ipv4_enabled = "false"
private_network = google_compute_network.gitlab.self_link
}
}
}
resource "google_sql_database" "gitlabhq_production" {
name = "gitlabhq_production"
instance = google_sql_database_instance.gitlab_db.name
depends_on = [google_sql_user.gitlab]
}
resource "random_string" "autogenerated_gitlab_db_password" {
length = 16
special = false
}
resource "google_sql_user" "gitlab" {
name = "gitlab"
instance = google_sql_database_instance.gitlab_db.name
# Postgres users cannot be deleted if they have been granted SQL roles
deletion_policy = "ABANDON"
password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result
}
// Redis
resource "google_redis_instance" "gitlab" {
name = "gitlab"
tier = "STANDARD_HA"
memory_size_gb = 5
region = var.region
authorized_network = google_compute_network.gitlab.self_link
depends_on = [module.project_services.project_id]
display_name = "GitLab Redis"
}
// Cloud Storage
resource "google_storage_bucket" "gitlab-backups" {
name = "${var.project_id}-gitlab-backups"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-uploads" {
name = "${var.project_id}-gitlab-uploads"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-artifacts" {
name = "${var.project_id}-gitlab-artifacts"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "git-lfs" {
name = "${var.project_id}-git-lfs"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-packages" {
name = "${var.project_id}-gitlab-packages"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-registry" {
name = "${var.project_id}-registry"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-pseudo" {
name = "${var.project_id}-pseudo"
location = var.region
force_destroy = var.allow_force_destroy
}
resource "google_storage_bucket" "gitlab-runner-cache" {
name = "${var.project_id}-runner-cache"
location = var.region
force_destroy = var.allow_force_destroy
}
// GKE Cluster
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
version = "~> 24.0"
# Create an implicit dependency on service activation
project_id = module.project_services.project_id
name = "gitlab"
region = var.region
regional = true
kubernetes_version = var.gke_version
remove_default_node_pool = true
initial_node_count = 1
network = google_compute_network.gitlab.name
subnetwork = google_compute_subnetwork.subnetwork.name
ip_range_pods = "gitlab-cluster-pod-cidr"
ip_range_services = "gitlab-cluster-service-cidr"
issue_client_certificate = true
node_pools = [
{
name = "gitlab"
autoscaling = false
machine_type = var.gke_machine_type
node_count = 1
},
]
node_pools_oauth_scopes = {
all = ["https://www.googleapis.com/auth/cloud-platform"]
}
}
resource "kubernetes_storage_class" "pd-ssd" {
metadata {
name = "pd-ssd"
}
storage_provisioner = "kubernetes.io/gce-pd"
parameters = {
type = "pd-ssd"
}
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
resource "kubernetes_secret" "gitlab_pg" {
metadata {
name = "gitlab-pg"
}
data = {
password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result
}
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
resource "kubernetes_secret" "gitlab_rails_storage" {
metadata {
name = "gitlab-rails-storage"
}
data = {
connection = <<EOT
provider: Google
google_project: ${var.project_id}
google_client_email: ${google_service_account.gitlab_gcs.email}
google_json_key_string: '${base64decode(google_service_account_key.gitlab_gcs.private_key)}'
EOT
}
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
resource "kubernetes_secret" "gitlab_registry_storage" {
metadata {
name = "gitlab-registry-storage"
}
data = {
"gcs.json" = <<EOT
${base64decode(google_service_account_key.gitlab_gcs.private_key)}
EOT
storage = <<EOT
gcs:
bucket: ${var.project_id}-registry
keyfile: /etc/docker/registry/storage/gcs.json
EOT
}
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
resource "kubernetes_secret" "gitlab_gcs_credentials" {
metadata {
name = "google-application-credentials"
}
data = {
gcs-application-credentials-file = base64decode(google_service_account_key.gitlab_gcs.private_key)
}
depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361]
}
data "google_compute_address" "gitlab" {
name = var.gitlab_address_name
region = var.region
# Do not get data if the address is being created as part of the run
count = var.gitlab_address_name == "" ? 0 : 1
}
locals {
gitlab_address = var.gitlab_address_name == "" ? google_compute_address.gitlab[0].address : data.google_compute_address.gitlab[0].address
domain = var.domain != "" ? var.domain : "${local.gitlab_address}.nip.io"
}
data "template_file" "helm_values" {
template = file("${path.module}/values.yaml.tpl")
vars = {
DOMAIN = local.domain
INGRESS_IP = local.gitlab_address
DB_PRIVATE_IP = google_sql_database_instance.gitlab_db.private_ip_address
REDIS_PRIVATE_IP = google_redis_instance.gitlab.host
PROJECT_ID = var.project_id
CERT_MANAGER_EMAIL = var.certmanager_email
GITLAB_RUNNER_INSTALL = var.gitlab_runner_install
}
}
resource "time_sleep" "sleep_for_cluster_fix_helm_6361" {
create_duration = "180s"
destroy_duration = "180s"
depends_on = [module.gke.endpoint, google_sql_database.gitlabhq_production]
}
resource "helm_release" "gitlab" {
name = "gitlab"
repository = "https://charts.gitlab.io"
chart = "gitlab"
version = var.helm_chart_version
timeout = 1200
values = [data.template_file.helm_values.rendered]
depends_on = [
google_redis_instance.gitlab,
google_sql_user.gitlab,
kubernetes_storage_class.pd-ssd,
kubernetes_secret.gitlab_pg,
kubernetes_secret.gitlab_rails_storage,
kubernetes_secret.gitlab_registry_storage,
kubernetes_secret.gitlab_gcs_credentials,
time_sleep.sleep_for_cluster_fix_helm_6361,
]
}
Terraform Version
terraform {
required_version = ">= 0.13.0"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.49, < 5.0"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 3.49, < 5.0"
}
helm = {
source = "hashicorp/helm"
version = "~> 2.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.0"
}
null = {
source = "hashicorp/null"
version = ">= 2.1.2"
}
random = {
source = "hashicorp/random"
version = ">= 2.2.1"
}
template = {
source = "hashicorp/template"
version = ">= 2.1.2"
}
time = {
source = "hashicorp/time"
version = "~> 0.9"
}
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0"
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0"
}
}
Additional information
No response
gabsemeraro commented
Same issue
github-actions commented
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days