diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-22 22:11:50 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-22 22:11:50 +0300 |
| commit | 92e314ffe8a2a292d6da149f8ee403e008dd1bce (patch) | |
| tree | 2a1874d3fe7f1f291b6ddd03e6e88b414bf60ef4 | |
| parent | 793034a90509193ebf2ad14ed8e5eea10f7c6b4a (diff) | |
Add latest changes from gitlab-org/gitlab@master
76 files changed, 1021 insertions, 2118 deletions
diff --git a/app/controllers/projects/settings/packages_and_registries_controller.rb b/app/controllers/projects/settings/packages_and_registries_controller.rb index fee51dc1311..8f0a19cfac5 100644 --- a/app/controllers/projects/settings/packages_and_registries_controller.rb +++ b/app/controllers/projects/settings/packages_and_registries_controller.rb @@ -16,7 +16,12 @@ module Projects private def packages_and_registries_settings_enabled! - render_404 unless settings_packages_and_registries_enabled?(project) + render_404 unless can_destroy_container_registry_image?(project) + end + + def can_destroy_container_registry_image?(project) + Gitlab.config.registry.enabled && + can?(current_user, :destroy_container_image, project) end end end diff --git a/app/helpers/groups_helper.rb b/app/helpers/groups_helper.rb index 26a5df321cd..0d8cbaae97e 100644 --- a/app/helpers/groups_helper.rb +++ b/app/helpers/groups_helper.rb @@ -45,11 +45,7 @@ module GroupsHelper end def group_information_title(group) - if Feature.enabled?(:sidebar_refactor, current_user, default_enabled: :yaml) - group.subgroup? ? _('Subgroup information') : _('Group information') - else - group.subgroup? ? _('Subgroup overview') : _('Group overview') - end + group.subgroup? ? _('Subgroup information') : _('Group information') end def group_container_registry_nav? diff --git a/app/helpers/nav_helper.rb b/app/helpers/nav_helper.rb index b5171dfbebd..29887fb238b 100644 --- a/app/helpers/nav_helper.rb +++ b/app/helpers/nav_helper.rb @@ -73,9 +73,7 @@ module NavHelper milestones#index boards#index boards#show - ].tap do |paths| - paths << 'labels#index' if Feature.disabled?(:sidebar_refactor, current_user, default_enabled: :yaml) - end + ] end private diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 8800bd0643c..8df03c39690 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -611,21 +611,6 @@ module ProjectsHelper project.unlink_forks_upon_visibility_decrease_enabled? && project.visibility_level > Gitlab::VisibilityLevel::PRIVATE && project.forks_count > 0 end - def settings_container_registry_expiration_policy_available?(project) - Feature.disabled?(:sidebar_refactor, current_user, default_enabled: :yaml) && - can_destroy_container_registry_image?(current_user, project) - end - - def settings_packages_and_registries_enabled?(project) - Feature.enabled?(:sidebar_refactor, current_user, default_enabled: :yaml) && - can_destroy_container_registry_image?(current_user, project) - end - - def can_destroy_container_registry_image?(current_user, project) - Gitlab.config.registry.enabled && - can?(current_user, :destroy_container_image, project) - end - def build_project_breadcrumb_link(project) project_name = simple_sanitize(project.name) diff --git a/app/presenters/search_service_presenter.rb b/app/presenters/search_service_presenter.rb index e14446bb2f7..ab43800b9f2 100644 --- a/app/presenters/search_service_presenter.rb +++ b/app/presenters/search_service_presenter.rb @@ -16,7 +16,7 @@ class SearchServicePresenter < Gitlab::View::Presenter::Delegated blobs: :with_web_entity_associations }.freeze - SORT_ENABLED_SCOPES = %w(issues merge_requests).freeze + SORT_ENABLED_SCOPES = %w(issues merge_requests epics).freeze def search_objects @search_objects ||= begin diff --git a/app/services/projects/group_links/update_service.rb b/app/services/projects/group_links/update_service.rb index 7de4b7a211d..475ab17f1a1 100644 --- a/app/services/projects/group_links/update_service.rb +++ b/app/services/projects/group_links/update_service.rb @@ -12,15 +12,29 @@ module Projects def execute(group_link_params) group_link.update!(group_link_params) - if requires_authorization_refresh?(group_link_params) - group_link.group.refresh_members_authorized_projects - end + refresh_authorizations if requires_authorization_refresh?(group_link_params) end private attr_reader :group_link + def refresh_authorizations + if Feature.enabled?(:specialized_worker_for_project_share_update_auth_recalculation) + AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) + + # Until we compare the inconsistency rates of the new specialized worker and + # the old approach, we still run AuthorizedProjectsWorker + # but with some delay and lower urgency as a safety net. + group_link.group.refresh_members_authorized_projects( + blocking: false, + priority: UserProjectAccessChangedService::LOW_PRIORITY + ) + else + group_link.group.refresh_members_authorized_projects + end + end + def requires_authorization_refresh?(params) params.include?(:group_access) end diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index d9e49dfae61..fb0fea756bc 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -139,7 +139,19 @@ module Projects user_ids = @old_namespace.user_ids_for_project_authorizations | @new_namespace.user_ids_for_project_authorizations - UserProjectAccessChangedService.new(user_ids).execute + if Feature.enabled?(:specialized_worker_for_project_transfer_auth_recalculation) + AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) + + # Until we compare the inconsistency rates of the new specialized worker and + # the old approach, we still run AuthorizedProjectsWorker + # but with some delay and lower urgency as a safety net. + UserProjectAccessChangedService.new(user_ids).execute( + blocking: false, + priority: UserProjectAccessChangedService::LOW_PRIORITY + ) + else + UserProjectAccessChangedService.new(user_ids).execute + end end def rollback_side_effects diff --git a/app/views/clusters/clusters/_provider_details_form.html.haml b/app/views/clusters/clusters/_provider_details_form.html.haml index a936cdc04dd..fe3d1998234 100644 --- a/app/views/clusters/clusters/_provider_details_form.html.haml +++ b/app/views/clusters/clusters/_provider_details_form.html.haml @@ -43,13 +43,13 @@ label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Allow GitLab to manage namespaces and service accounts for this cluster.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'gitlab-managed-clusters'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/gitlab_managed_clusters.md'), target: '_blank' .form-group = field.check_box :namespace_per_environment, { label: s_('ClusterIntegration|Namespace per environment'), label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Deploy each environment to its own namespace. Otherwise, environments within a project share a project-wide namespace. Note that anyone who can trigger a deployment of a namespace can read its secrets. If modified, existing environments will use their current namespaces until the cluster cache is cleared.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'custom-namespace'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/deploy_to_cluster.md', anchor: 'custom-namespace'), target: '_blank' - if cluster.allow_user_defined_namespace? = render('clusters/clusters/namespace', platform_field: platform_field, field: field) diff --git a/app/views/clusters/clusters/aws/_new.html.haml b/app/views/clusters/clusters/aws/_new.html.haml index bdd4b76bba0..93db7db06b3 100644 --- a/app/views/clusters/clusters/aws/_new.html.haml +++ b/app/views/clusters/clusters/aws/_new.html.haml @@ -3,8 +3,8 @@ anchor: 'additional-requirements-for-self-managed-instances') } = s_('Amazon authentication is not %{link_start}correctly configured%{link_end}. Ask your GitLab administrator if you want to use this service.').html_safe % { link_start: documentation_link_start, link_end: '<a/>'.html_safe } - else - .js-create-eks-cluster-form-container{ data: { 'gitlab-managed-cluster-help-path' => help_page_path('user/project/clusters/index.md', anchor: 'gitlab-managed-clusters'), - 'namespace-per-environment-help-path' => help_page_path('user/project/clusters/index.md', anchor: 'custom-namespace'), + .js-create-eks-cluster-form-container{ data: { 'gitlab-managed-cluster-help-path' => help_page_path('user/project/clusters/gitlab_managed_clusters.md'), + 'namespace-per-environment-help-path' => help_page_path('user/project/clusters/deploy_to_cluster.md', anchor: 'custom-namespace'), 'create-role-path' => clusterable.authorize_aws_role_path, 'create-cluster-path' => clusterable.create_aws_clusters_path, 'account-id' => Gitlab::CurrentSettings.eks_account_id, diff --git a/app/views/clusters/clusters/gcp/_form.html.haml b/app/views/clusters/clusters/gcp/_form.html.haml index 73a09f00fd6..5266fad9278 100644 --- a/app/views/clusters/clusters/gcp/_form.html.haml +++ b/app/views/clusters/clusters/gcp/_form.html.haml @@ -74,13 +74,13 @@ label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Allow GitLab to manage namespaces and service accounts for this cluster.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'gitlab-managed-clusters'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/gitlab_managed_clusters.md', anchor: 'gitlab-managed-clusters'), target: '_blank' .form-group = field.check_box :namespace_per_environment, { label: s_('ClusterIntegration|Namespace per environment'), label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Deploy each environment to its own namespace. Otherwise, environments within a project share a project-wide namespace. Note that anyone who can trigger a deployment of a namespace can read its secrets. If modified, existing environments will use their current namespaces until the cluster cache is cleared.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'custom-namespace'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/deploy_to_cluster.md', anchor: 'custom-namespace'), target: '_blank' .form-group.js-gke-cluster-creation-submit-container = field.submit s_('ClusterIntegration|Create Kubernetes cluster'), diff --git a/app/views/clusters/clusters/user/_form.html.haml b/app/views/clusters/clusters/user/_form.html.haml index 7d82fe06799..e9b84952c15 100644 --- a/app/views/clusters/clusters/user/_form.html.haml +++ b/app/views/clusters/clusters/user/_form.html.haml @@ -47,13 +47,13 @@ label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Allow GitLab to manage namespaces and service accounts for this cluster.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'gitlab-managed-clusters'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/gitlab_managed_clusters.md'), target: '_blank' .form-group = field.check_box :namespace_per_environment, { label: s_('ClusterIntegration|Namespace per environment'), label_class: 'label-bold' } .form-text.text-muted = s_('ClusterIntegration|Deploy each environment to its own namespace. Otherwise, environments within a project share a project-wide namespace. Note that anyone who can trigger a deployment of a namespace can read its secrets. If modified, existing environments will use their current namespaces until the cluster cache is cleared.') - = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'custom-namespace'), target: '_blank' + = link_to _('More information'), help_page_path('user/project/clusters/deploy_to_cluster.md', anchor: 'custom-namespace'), target: '_blank' = field.fields_for :platform_kubernetes, @user_cluster.platform_kubernetes do |platform_kubernetes_field| - if @user_cluster.allow_user_defined_namespace? diff --git a/app/views/projects/registry/settings/_index.haml b/app/views/projects/registry/settings/_index.haml deleted file mode 100644 index a4d4a1bb2dd..00000000000 --- a/app/views/projects/registry/settings/_index.haml +++ /dev/null @@ -1,9 +0,0 @@ -#js-registry-settings{ data: { project_id: @project.id, - project_path: @project.full_path, - cadence_options: cadence_options.to_json, - keep_n_options: keep_n_options.to_json, - older_than_options: older_than_options.to_json, - is_admin: current_user&.admin.to_s, - admin_settings_path: ci_cd_admin_application_settings_path(anchor: 'js-registry-settings'), - enable_historic_entries: container_expiration_policies_historic_entry_enabled?(@project).to_s, - tags_regex_help_page_path: help_page_path('user/packages/container_registry/index', anchor: 'regex-pattern-examples') } } diff --git a/app/views/projects/settings/ci_cd/_autodevops_form.html.haml b/app/views/projects/settings/ci_cd/_autodevops_form.html.haml index 68e4bed8b9a..8563f28eb33 100644 --- a/app/views/projects/settings/ci_cd/_autodevops_form.html.haml +++ b/app/views/projects/settings/ci_cd/_autodevops_form.html.haml @@ -6,7 +6,7 @@ - kubernetes_cluster_path = help_page_path('user/project/clusters/index') - kubernetes_cluster_link_start = link_start % { url: kubernetes_cluster_path } -- base_domain_path = help_page_path('user/project/clusters/index', anchor: 'base-domain') +- base_domain_path = help_page_path('user/project/clusters/gitlab_managed_clusters', anchor: 'base-domain') - base_domain_link_start = link_start % { url: base_domain_path } .row diff --git a/app/views/projects/settings/ci_cd/show.html.haml b/app/views/projects/settings/ci_cd/show.html.haml index ade3d40a8df..044e02874c3 100644 --- a/app/views/projects/settings/ci_cd/show.html.haml +++ b/app/views/projects/settings/ci_cd/show.html.haml @@ -75,9 +75,6 @@ .settings-content = render 'projects/triggers/index' -- if settings_container_registry_expiration_policy_available?(@project) - = render 'projects/registry/settings/index' - = render_if_exists 'projects/settings/ci_cd/auto_rollback', expanded: expanded - if can?(current_user, :create_freeze_period, @project) diff --git a/config/feature_flags/development/codequality_mr_diff.yml b/config/feature_flags/development/codequality_mr_diff.yml index fe7ad5a8b4f..ca6846b9390 100644 --- a/config/feature_flags/development/codequality_mr_diff.yml +++ b/config/feature_flags/development/codequality_mr_diff.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/284140 milestone: '13.7' type: development group: group::testing -default_enabled: true +default_enabled: false diff --git a/config/feature_flags/development/codequality_mr_diff_annotations.yml b/config/feature_flags/development/codequality_mr_diff_annotations.yml index 28e9777f3a8..35fdc8acff8 100644 --- a/config/feature_flags/development/codequality_mr_diff_annotations.yml +++ b/config/feature_flags/development/codequality_mr_diff_annotations.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330909 milestone: '14.0' type: development group: group::testing -default_enabled: true +default_enabled: false diff --git a/config/feature_flags/development/specialized_worker_for_project_share_update_auth_recalculation.yml b/config/feature_flags/development/specialized_worker_for_project_share_update_auth_recalculation.yml new file mode 100644 index 00000000000..5e7d3819a4a --- /dev/null +++ b/config/feature_flags/development/specialized_worker_for_project_share_update_auth_recalculation.yml @@ -0,0 +1,8 @@ +--- +name: specialized_worker_for_project_share_update_auth_recalculation +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61964 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334234 +milestone: '14.1' +type: development +group: group::access +default_enabled: false diff --git a/config/feature_flags/development/sidekiq_load_balancing_rotate_up_to_date_replica.yml b/config/feature_flags/development/specialized_worker_for_project_transfer_auth_recalculation.yml index 4532cc0a59d..b77ed607501 100644 --- a/config/feature_flags/development/sidekiq_load_balancing_rotate_up_to_date_replica.yml +++ b/config/feature_flags/development/specialized_worker_for_project_transfer_auth_recalculation.yml @@ -1,8 +1,8 @@ --- -name: sidekiq_load_balancing_rotate_up_to_date_replica -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63413/ -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/333153 -milestone: '14.0' +name: specialized_worker_for_project_transfer_auth_recalculation +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61967 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334237 +milestone: '14.1' type: development -group: group::memory +group: group::access default_enabled: false diff --git a/doc/administration/logs.md b/doc/administration/logs.md index cf9c2143d8c..b1605604df5 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -8,8 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w GitLab has an advanced log system where everything is logged, so you can analyze your instance using various system log files. In addition to -system log files, GitLab Enterprise Edition provides Audit Events. -Find more about them [in Audit Events documentation](audit_events.md). +system log files, GitLab Enterprise Edition provides [Audit Events](audit_events.md). System log files are typically plain text in a standard log file format. This guide talks about how to read and use these system log files. @@ -30,45 +29,48 @@ The logs for a given service may be managed and rotated by: - `logrotate` and `svlogd` - Or not at all -The table below includes information about what is responsible for managing and rotating logs for +The following table includes information about what's responsible for managing and rotating logs for the included services. Logs [managed by `svlogd`](https://docs.gitlab.com/omnibus/settings/logs.html#runit-logs) are written to a file called `current`. The `logrotate` service built into GitLab [manages all logs](https://docs.gitlab.com/omnibus/settings/logs.html#logrotate) except those captured by `runit`. -| Log Type | Managed by logrotate | Managed by svlogd/runit | -| ----------------------------------------------- | -------------------- | ----------------------- | -| [Alertmanager Logs](#alertmanager-logs) | N | Y | -| [Crond Logs](#crond-logs) | N | Y | -| [Gitaly](#gitaly-logs) | Y | Y | -| [GitLab Exporter For Omnibus](#gitlab-exporter) | N | Y | -| [GitLab Pages Logs](#pages-logs) | Y | Y | -| GitLab Rails | Y | N | -| [GitLab Shell Logs](#gitlab-shelllog) | Y | N | -| [Grafana Logs](#grafana-logs) | N | Y | -| [LogRotate Logs](#logrotate-logs) | N | Y | -| [Mailroom](#mail_room_jsonlog-default) | Y | Y | -| [NGINX](#nginx-logs) | Y | Y | -| [PostgreSQL Logs](#postgresql-logs) | N | Y | -| [Prometheus Logs](#prometheus-logs) | N | Y | -| [Puma](#puma-logs) | Y | Y | -| [Redis Logs](#redis-logs) | N | Y | -| [Registry Logs](#registry-logs) | N | Y | -| [Workhorse Logs](#workhorse-logs) | Y | Y | +| Log type | Managed by logrotate | Managed by svlogd/runit | +|-------------------------------------------------|------------------------|-------------------------| +| [Alertmanager Logs](#alertmanager-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Crond Logs](#crond-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Gitaly](#gitaly-logs) | **{check-circle}** Yes | **{check-circle}** Yes | +| [GitLab Exporter for Omnibus](#gitlab-exporter) | **{dotted-circle}** No | **{check-circle}** Yes | +| [GitLab Pages Logs](#pages-logs) | **{check-circle}** Yes | **{check-circle}** Yes | +| GitLab Rails | **{check-circle}** Yes | **{dotted-circle}** No | +| [GitLab Shell Logs](#gitlab-shelllog) | **{check-circle}** Yes | **{dotted-circle}** No | +| [Grafana Logs](#grafana-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [LogRotate Logs](#logrotate-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Mailroom](#mail_room_jsonlog-default) | **{check-circle}** Yes | **{check-circle}** Yes | +| [NGINX](#nginx-logs) | **{check-circle}** Yes | **{check-circle}** Yes | +| [PostgreSQL Logs](#postgresql-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Prometheus Logs](#prometheus-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Puma](#puma-logs) | **{check-circle}** Yes | **{check-circle}** Yes | +| [Redis Logs](#redis-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Registry Logs](#registry-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Workhorse Logs](#workhorse-logs) | **{check-circle}** Yes | **{check-circle}** Yes | ## `production_json.log` -This file lives in `/var/log/gitlab/gitlab-rails/production_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/production_json.log` for -installations from source. When GitLab is running in an environment -other than production, the corresponding log file is shown here. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/production_json.log` +- Installations from source: `/home/git/gitlab/log/production_json.log` + +When GitLab is running in an environment other than production, +the corresponding log file is shown here. It contains a structured log for Rails controller requests received from -GitLab, thanks to [Lograge](https://github.com/roidrage/lograge/). Note that -requests from the API are logged to a separate file in `api_json.log`. +GitLab, thanks to [Lograge](https://github.com/roidrage/lograge/). +Requests from the API are logged to a separate file in `api_json.log`. -Each line contains a JSON line that can be ingested by services like Elasticsearch and Splunk. +Each line contains JSON that can be ingested by services like Elasticsearch and Splunk. Line breaks were added to examples for legibility: ```json @@ -103,39 +105,39 @@ This example was a GET request for a specific issue. Each line also contains performance data, with times in seconds: -1. `duration_s`: total time taken to retrieve the request -1. `queue_duration_s`: total time that the request was queued inside GitLab Workhorse -1. `view_duration_s`: total time taken inside the Rails views -1. `db_duration_s`: total time to retrieve data from PostgreSQL -1. `cpu_s`: total time spent on CPU -1. `gitaly_duration_s`: total time taken by Gitaly calls -1. `gitaly_calls`: total number of calls made to Gitaly -1. `redis_calls`: total number of calls made to Redis -1. `redis_duration_s`: total time to retrieve data from Redis -1. `redis_read_bytes`: total bytes read from Redis -1. `redis_write_bytes`: total bytes written to Redis -1. `redis_<instance>_calls`: total number of calls made to a Redis instance -1. `redis_<instance>_duration_s`: total time to retrieve data from a Redis instance -1. `redis_<instance>_read_bytes`: total bytes read from a Redis instance -1. `redis_<instance>_write_bytes`: total bytes written to a Redis instance - -User clone and fetch activity using HTTP transport appears in this log as `action: git_upload_pack`. +- `duration_s`: Total time to retrieve the request +- `queue_duration_s`: Total time the request was queued inside GitLab Workhorse +- `view_duration_s`: Total time inside the Rails views +- `db_duration_s`: Total time to retrieve data from PostgreSQL +- `cpu_s`: Total time spent on CPU +- `gitaly_duration_s`: Total time by Gitaly calls +- `gitaly_calls`: Total number of calls made to Gitaly +- `redis_calls`: Total number of calls made to Redis +- `redis_duration_s`: Total time to retrieve data from Redis +- `redis_read_bytes`: Total bytes read from Redis +- `redis_write_bytes`: Total bytes written to Redis +- `redis_<instance>_calls`: Total number of calls made to a Redis instance +- `redis_<instance>_duration_s`: Total time to retrieve data from a Redis instance +- `redis_<instance>_read_bytes`: Total bytes read from a Redis instance +- `redis_<instance>_write_bytes`: Total bytes written to a Redis instance + +User clone and fetch activity using HTTP transport appears in the log as `action: git_upload_pack`. In addition, the log contains the originating IP address, (`remote_ip`), the user's ID (`user_id`), and username (`username`). -Some endpoints such as `/search` may make requests to Elasticsearch if using +Some endpoints (such as `/search`) may make requests to Elasticsearch if using [Advanced Search](../user/search/advanced_search.md). These additionally log `elasticsearch_calls` and `elasticsearch_call_duration_s`, which correspond to: -1. `elasticsearch_calls`: total number of calls to Elasticsearch -1. `elasticsearch_duration_s`: total time taken by Elasticsearch calls -1. `elasticsearch_timed_out_count`: total number of calls to Elasticsearch that +- `elasticsearch_calls`: Total number of calls to Elasticsearch +- `elasticsearch_duration_s`: Total time taken by Elasticsearch calls +- `elasticsearch_timed_out_count`: Total number of calls to Elasticsearch that timed out and therefore returned partial results -ActionCable connection and subscription events are also logged to this file and they follow the same -format above. The `method`, `path`, and `format` fields are not applicable, and are always empty. +ActionCable connection and subscription events are also logged to this file and they follow the +previous format. The `method`, `path`, and `format` fields are not applicable, and are always empty. The ActionCable connection or channel class is used as the `controller`. ```json @@ -206,10 +208,13 @@ Starting with GitLab 12.5, if an error occurs, an ## `production.log` -This file lives in `/var/log/gitlab/gitlab-rails/production.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/production.log` for -installations from source. (When GitLab is running in an environment -other than production, the corresponding log file is shown here.) +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/production.log` +- Installations from source: `/home/git/gitlab/log/production.log` + +When GitLab is running in an environment other than production, +the corresponding log file is shown here. It contains information about all performed requests. You can see the URL and type of request, IP address, and what parts of code were @@ -244,9 +249,10 @@ The request was processed by `Projects::TreeController`. > Introduced in GitLab 10.0. -This file lives in -`/var/log/gitlab/gitlab-rails/api_json.log` for Omnibus GitLab packages, or in -`/home/git/gitlab/log/api_json.log` for installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/api_json.log` +- Installations from source: `/home/git/gitlab/log/api_json.log` It helps you see requests made directly to the API. For example: @@ -274,24 +280,25 @@ It helps you see requests made directly to the API. For example: ``` This entry shows an internal endpoint accessed to check whether an -associated SSH key can download the project in question via a `git fetch` or +associated SSH key can download the project in question by using a `git fetch` or `git clone`. In this example, we see: -1. `duration`: total time in milliseconds taken to retrieve the request -1. `queue_duration`: total time in milliseconds that the request was queued inside GitLab Workhorse -1. `method`: The HTTP method used to make the request -1. `path`: The relative path of the query -1. `params`: Key-value pairs passed in a query string or HTTP body. Sensitive parameters (such as passwords and tokens) are filtered out. -1. `ua`: The User-Agent of the requester +- `duration`: Total time in milliseconds to retrieve the request +- `queue_duration`: Total time in milliseconds the request was queued inside GitLab Workhorse +- `method`: The HTTP method used to make the request +- `path`: The relative path of the query +- `params`: Key-value pairs passed in a query string or HTTP body (sensitive parameters, such as passwords and tokens, are filtered out) +- `ua`: The User-Agent of the requester ## `application.log` -This file lives in `/var/log/gitlab/gitlab-rails/application.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/application.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/application.log` +- Installations from source: `/home/git/gitlab/log/application.log` -It helps you discover events happening in your instance such as user creation, -project removing and so on. For example: +It helps you discover events happening in your instance such as user creation +and project removal. For example: ```plaintext October 06, 2014 11:56: User "Administrator" (admin@example.com) was created @@ -305,11 +312,12 @@ October 07, 2014 11:25: Project "project133" was removed > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22812) in GitLab 12.7. -This file lives in `/var/log/gitlab/gitlab-rails/application_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/application_json.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/application_json.log` +- Installations from source: `/home/git/gitlab/log/application_json.log` -It contains the JSON version of the logs in `application.log` like the example below: +It contains the JSON version of the logs in `application.log`, like this example: ```json { @@ -328,11 +336,14 @@ It contains the JSON version of the logs in `application.log` like the example b ## `integrations_json.log` -This file lives in `/var/log/gitlab/gitlab-rails/integrations_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/integrations_json.log` for -installations from source. +Depending on your installation method, this file is located at: -It contains information about [integrations](../user/project/integrations/overview.md) activities such as Jira, Asana, and Irker services. It uses JSON format like the example below: +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/integrations_json.log` +- Installations from source: `/home/git/gitlab/log/integrations_json.log` + +It contains information about [integration](../user/project/integrations/overview.md) +activities, such as Jira, Asana, and Irker services. It uses JSON format, +like this example: ```json { @@ -360,16 +371,16 @@ It contains information about [integrations](../user/project/integrations/overvi > Introduced in GitLab 11.6. -This file lives in -`/var/log/gitlab/gitlab-rails/kubernetes.log` for Omnibus GitLab -packages or in `/home/git/gitlab/log/kubernetes.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/kubernetes.log` +- Installations from source: `/home/git/gitlab/log/kubernetes.log` -It logs information related to the Kubernetes Integration including errors +It logs information related to the Kubernetes Integration, including errors during installing cluster applications on your managed Kubernetes clusters. -Each line contains a JSON line that can be ingested by services like Elasticsearch and Splunk. +Each line contains JSON that can be ingested by services like Elasticsearch and Splunk. Line breaks have been added to the following example for clarity: ```json @@ -399,9 +410,10 @@ Line breaks have been added to the following example for clarity: ## `git_json.log` -This file lives in `/var/log/gitlab/gitlab-rails/git_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/git_json.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/git_json.log` +- Installations from source: `/home/git/gitlab/log/git_json.log` After GitLab version 12.2, this file was renamed from `githost.log` to `git_json.log` and stored in JSON format. @@ -425,14 +437,15 @@ only. For example: NOTE: GitLab Free tracks a small number of different audit events. -[GitLab Premium](https://about.gitlab.com/pricing/) tracks many more. +GitLab Premium tracks many more. -This file lives in `/var/log/gitlab/gitlab-rails/audit_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/audit_json.log` for -installations from source. +Depending on your installation method, this file is located at: -Changes to group or project settings and memberships (`target_details`) are logged to this file. -For example: +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/audit_json.log` +- Installations from source: `/home/git/gitlab/log/audit_json.log` + +Changes to group or project settings and memberships (`target_details`) +are logged to this file. For example: ```json { @@ -454,15 +467,17 @@ For example: ## Sidekiq Logs NOTE: -In Omnibus GitLab `12.10` or earlier, the Sidekiq log lives in `/var/log/gitlab/gitlab-rails/sidekiq.log`. +In Omnibus GitLab `12.10` or earlier, the Sidekiq log is at `/var/log/gitlab/gitlab-rails/sidekiq.log`. -For Omnibus installations, some Sidekiq logs reside in `/var/log/gitlab/sidekiq/current` and as follows. +For Omnibus GitLab installations, some Sidekiq logs are in `/var/log/gitlab/sidekiq/current` +and as follows. ### `sidekiq.log` -This file lives in `/var/log/gitlab/sidekiq/current` for -Omnibus GitLab packages or in `/home/git/gitlab/log/sidekiq.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/sidekiq/current` +- Installations from source: `/home/git/gitlab/log/sidekiq.log` GitLab uses background jobs for processing tasks which can take a long time. All information about processing these jobs are written down to @@ -473,7 +488,7 @@ this file. For example: 2014-06-10T18:18:26Z 14299 TID-55uqo INFO: Booting Sidekiq 3.0.0 with redis options {:url=>"redis://localhost:6379/0", :namespace=>"sidekiq"} ``` -Instead of the format above, you can opt to generate JSON logs for +Instead of the previous format, you can opt to generate JSON logs for Sidekiq. For example: ```json @@ -506,7 +521,7 @@ For Omnibus GitLab installations, add the configuration option: sidekiq['log_format'] = 'json' ``` -For source installations, edit the `gitlab.yml` and set the Sidekiq +For installations from source, edit the `gitlab.yml` and set the Sidekiq `log_format` configuration option: ```yaml @@ -519,9 +534,10 @@ For source installations, edit the `gitlab.yml` and set the Sidekiq > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26586) in GitLab 12.9. -This file lives in `/var/log/gitlab/gitlab-rails/sidekiq_client.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/sidekiq_client.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/sidekiq_client.log` +- Installations from source: `/home/git/gitlab/log/sidekiq_client.log` This file contains logging information about jobs before Sidekiq starts processing them, such as before being enqueued. @@ -532,11 +548,15 @@ you've configured this for Sidekiq as mentioned above. ## `gitlab-shell.log` -GitLab Shell is used by GitLab for executing Git commands and provide SSH access to Git repositories. +GitLab Shell is used by GitLab for executing Git commands and provide SSH +access to Git repositories. ### For GitLab versions 12.10 and up -For GitLab version 12.10 and later, there are 2 `gitlab-shell.log` files. Information containing `git-{upload-pack,receive-pack}` requests lives in `/var/log/gitlab/gitlab-shell/gitlab-shell.log`. Information about hooks to GitLab Shell from Gitaly lives in `/var/log/gitlab/gitaly/gitlab-shell.log`. +For GitLab version 12.10 and later, there are two `gitlab-shell.log` files. +Information containing `git-{upload-pack,receive-pack}` requests is at +`/var/log/gitlab/gitlab-shell/gitlab-shell.log`. Information about hooks to +GitLab Shell from Gitaly is at `/var/log/gitlab/gitaly/gitlab-shell.log`. Example log entries for `/var/log/gitlab/gitlab-shell/gitlab-shell.log`: @@ -589,7 +609,11 @@ Example log entries for `/var/log/gitlab/gitaly/gitlab-shell.log`: ### For GitLab versions 12.5 through 12.9 -For GitLab 12.5 to 12.9, this file lives in `/var/log/gitlab/gitaly/gitlab-shell.log` for Omnibus GitLab packages or in `/home/git/gitaly/gitlab-shell.log` for installations from source. +For GitLab 12.5 to 12.9, depending on your installation method, this +file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitaly/gitlab-shell.log` +- Installation from source: `/home/git/gitaly/gitlab-shell.log` Example log entries: @@ -608,7 +632,7 @@ Example log entries: ### For GitLab 12.5 and earlier -For GitLab 12.5 and earlier, the file lives in `/var/log/gitlab/gitlab-shell/gitlab-shell.log`. +For GitLab 12.5 and earlier, the file is at `/var/log/gitlab/gitlab-shell/gitlab-shell.log`. Example log entries: @@ -617,51 +641,64 @@ I, [2015-02-13T06:17:00.671315 #9291] INFO -- : Adding project root/example.git I, [2015-02-13T06:17:00.679433 #9291] INFO -- : Moving existing hooks directory and symlinking global hooks directory for /var/opt/gitlab/git-data/repositories/root/example.git. ``` -User clone/fetch activity using SSH transport appears in this log as `executing git command <gitaly-upload-pack...`. +User clone/fetch activity using SSH transport appears in this log as +`executing git command <gitaly-upload-pack...`. ## Gitaly Logs -This file lives in `/var/log/gitlab/gitaly/current` and is produced by [runit](http://smarden.org/runit/). `runit` is packaged with Omnibus GitLab and a brief explanation of its purpose is available [in the Omnibus GitLab documentation](https://docs.gitlab.com/omnibus/architecture/#runit). [Log files are rotated](http://smarden.org/runit/svlogd.8.html), renamed in Unix timestamp format, and `gzip`-compressed (like `@1584057562.s`). +This file is in `/var/log/gitlab/gitaly/current` and is produced by [runit](http://smarden.org/runit/). +`runit` is packaged with Omnibus GitLab and a brief explanation of its purpose +is available [in the Omnibus GitLab documentation](https://docs.gitlab.com/omnibus/architecture/#runit). +[Log files are rotated](http://smarden.org/runit/svlogd.8.html), renamed in +Unix timestamp format, and `gzip`-compressed (like `@1584057562.s`). ### `grpc.log` -This file lives in `/var/log/gitlab/gitlab-rails/grpc.log` for Omnibus GitLab packages. Native [gRPC](https://grpc.io/) logging used by Gitaly. +This file is at `/var/log/gitlab/gitlab-rails/grpc.log` for Omnibus GitLab +packages. Native [gRPC](https://grpc.io/) logging used by Gitaly. ### `gitaly_ruby_json.log` > [Introduced](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2678) in GitLab 13.6. -This file lives in `/var/log/gitlab/gitaly/gitaly_ruby_json.log` and is produced by [`gitaly-ruby`](gitaly/reference.md#gitaly-ruby). It contains an access log of gRPC calls made by Gitaly to `gitaly-ruby`. +This file is at `/var/log/gitlab/gitaly/gitaly_ruby_json.log` and is +produced by [`gitaly-ruby`](gitaly/reference.md#gitaly-ruby). It contains an +access log of gRPC calls made by Gitaly to `gitaly-ruby`. ## Puma Logs ### `puma_stdout.log` -This file lives in `/var/log/gitlab/puma/puma_stdout.log` for -Omnibus GitLab packages, and `/home/git/gitlab/log/puma_stdout.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/puma/puma_stdout.log` +- Installations from source: `/home/git/gitlab/log/puma_stdout.log` ### `puma_stderr.log` -This file lives in `/var/log/gitlab/puma/puma_stderr.log` for -Omnibus GitLab packages, or in `/home/git/gitlab/log/puma_stderr.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/puma/puma_stderr.log` +- Installations from source: `/home/git/gitlab/log/puma_stderr.log` ## `repocheck.log` -This file lives in `/var/log/gitlab/gitlab-rails/repocheck.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/repocheck.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/repocheck.log` +- Installations from source: `/home/git/gitlab/log/repocheck.log` -It logs information whenever a [repository check is run](repository_checks.md) on a project. +It logs information whenever a [repository check is run](repository_checks.md) +on a project. ## `importer.log` > Introduced in GitLab 11.3. -This file lives in `/var/log/gitlab/gitlab-rails/importer.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/importer.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/importer.log` +- Installations from source: `/home/git/gitlab/log/importer.log` It logs the progress of the import process. @@ -669,9 +706,10 @@ It logs the progress of the import process. > Introduced in GitLab 13.1. -This file lives in `/var/log/gitlab/gitlab-rails/exporter.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/exporter.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/exporter.log` +- Installations from source: `/home/git/gitlab/log/exporter.log` It logs the progress of the export process. @@ -679,10 +717,10 @@ It logs the progress of the export process. > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/59587) in GitLab 13.7. -This file's location depends on how you installed GitLab: +Depending on your installation method, this file is located at: -- For Omnibus GitLab packages: `/var/log/gitlab/gitlab-rails/features_json.log` -- For installations from source: `/home/git/gitlab/log/features_json.log` +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/features_json.log` +- Installations from source: `/home/git/gitlab/log/features_json.log` The modification events from [Feature flags in development of GitLab](../development/feature_flags/index.md) are recorded in this file. For example: @@ -704,27 +742,29 @@ are recorded in this file. For example: > Introduced in GitLab 12.0. -This file lives in `/var/log/gitlab/gitlab-rails/auth.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/auth.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/auth.log` +- Installations from source: `/home/git/gitlab/log/auth.log` This log records: - Information whenever [Rack Attack](../security/rack_attack.md) registers an abusive request. - Requests over the [Rate Limit](../user/admin_area/settings/rate_limits_on_raw_endpoints.md) on raw endpoints. - [Protected paths](../user/admin_area/settings/protected_paths.md) abusive requests. -- In GitLab versions [12.3](https://gitlab.com/gitlab-org/gitlab/-/issues/29239) and greater, +- In GitLab versions [12.3](https://gitlab.com/gitlab-org/gitlab/-/issues/29239) and later, user ID and username, if available. ## `graphql_json.log` > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/59587) in GitLab 12.0. -This file lives in `/var/log/gitlab/gitlab-rails/graphql_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/graphql_json.log` for -installations from source. +Depending on your installation method, this file is located at: -GraphQL queries are recorded in that file. For example: +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/graphql_json.log` +- Installations from source: `/home/git/gitlab/log/graphql_json.log` + +GraphQL queries are recorded in the file. For example: ```json {"query_string":"query IntrospectionQuery{__schema {queryType { name },mutationType { name }}}...(etc)","variables":{"a":1,"b":2},"complexity":181,"depth":1,"duration_s":7} @@ -734,24 +774,26 @@ GraphQL queries are recorded in that file. For example: > Introduced in GitLab 12.3. -This file lives in `/var/log/gitlab/gitlab-rails/migrations.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/migrations.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/migrations.log` +- Installations from source: `/home/git/gitlab/log/migrations.log` ## `mail_room_json.log` (default) > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/19186) in GitLab 12.6. -This file lives in `/var/log/gitlab/mailroom/current` for -Omnibus GitLab packages or in `/home/git/gitlab/log/mail_room_json.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/mailroom/current` +- Installations from source: `/home/git/gitlab/log/mail_room_json.log` This structured log file records internal activity in the `mail_room` gem. Its name and path are configurable, so the name and path may not match the above. -## Reconfigure Logs +## Reconfigure logs -Reconfigure log files live in `/var/log/gitlab/reconfigure` for Omnibus GitLab +Reconfigure log files are in `/var/log/gitlab/reconfigure` for Omnibus GitLab packages. Installations from source don't have reconfigure logs. A reconfigure log is populated whenever `gitlab-ctl reconfigure` is run manually or as part of an upgrade. @@ -763,46 +805,47 @@ was initiated, such as `1509705644.log` If Prometheus metrics and the Sidekiq Exporter are both enabled, Sidekiq starts a Web server and listen to the defined port (default: `8082`). By default, Sidekiq Exporter access logs are disabled but can -be enabled: +be enabled based on your installation method: -- For Omnibus GitLab installations, using the `sidekiq['exporter_log_enabled'] = true` - option in `/etc/gitlab/gitlab.rb`. -- For installations from source, using the `sidekiq_exporter.log_enabled` option - in `gitlab.yml`. +- Omnibus GitLab: Use the `sidekiq['exporter_log_enabled'] = true` + option in `/etc/gitlab/gitlab.rb` +- Installations from source: Use the `sidekiq_exporter.log_enabled` option + in `gitlab.yml` -When enabled, access logs are generated in -`/var/log/gitlab/gitlab-rails/sidekiq_exporter.log` for Omnibus GitLab -packages or in `/home/git/gitlab/log/sidekiq_exporter.log` for -installations from source. +When enabled, depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/sidekiq_exporter.log` +- Installations from source: `/home/git/gitlab/log/sidekiq_exporter.log` If Prometheus metrics and the Web Exporter are both enabled, Puma starts a Web server and listen to the defined port (default: `8083`), and access logs -are generated: +are generated in a location based on your installation method: -- For Omnibus GitLab packages, in `/var/log/gitlab/gitlab-rails/web_exporter.log`. -- For installations from source, in `/home/git/gitlab/log/web_exporter.log`. +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/web_exporter.log` +- Installations from source: `/home/git/gitlab/log/web_exporter.log` ## `database_load_balancing.log` **(PREMIUM SELF)** > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/15442) in GitLab 12.3. Contains details of GitLab [Database Load Balancing](database_load_balancing.md). -It's stored at: +Depending on your installation method, this file is located at: -- `/var/log/gitlab/gitlab-rails/database_load_balancing.log` for Omnibus GitLab packages. -- `/home/git/gitlab/log/database_load_balancing.log` for installations from source. +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/database_load_balancing.log` +- Installations from source: `/home/git/gitlab/log/database_load_balancing.log` ## `elasticsearch.log` **(PREMIUM SELF)** > Introduced in GitLab 12.6. This file logs information related to the Elasticsearch Integration, including -errors during indexing or searching Elasticsearch. It's stored at: +errors during indexing or searching Elasticsearch. Depending on your installation +method, this file is located at: -- `/var/log/gitlab/gitlab-rails/elasticsearch.log` for Omnibus GitLab packages. -- `/home/git/gitlab/log/elasticsearch.log` for installations from source. +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/elasticsearch.log` +- Installations from source: `/home/git/gitlab/log/elasticsearch.log` -Each line contains a JSON line that can be ingested by services like Elasticsearch and Splunk. +Each line contains JSON that can be ingested by services like Elasticsearch and Splunk. Line breaks have been added to the following example line for clarity: ```json @@ -825,12 +868,13 @@ Line breaks have been added to the following example line for clarity: This file logs the information about exceptions being tracked by `Gitlab::ErrorTracking`, which provides a standard and consistent way of -[processing rescued exceptions](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/logging.md#exception-handling). This file is stored in: +[processing rescued exceptions](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/logging.md#exception-handling). +Depending on your installation method, this file is located at: -- `/var/log/gitlab/gitlab-rails/exceptions_json.log` for Omnibus GitLab packages. -- `/home/git/gitlab/log/exceptions_json.log` for installations from source. +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/exceptions_json.log` +- Installations from source: `/home/git/gitlab/log/exceptions_json.log` -Each line contains a JSON line that can be ingested by Elasticsearch. For example: +Each line contains JSON that can be ingested by Elasticsearch. For example: ```json { @@ -853,9 +897,10 @@ Each line contains a JSON line that can be ingested by Elasticsearch. For exampl > Introduced in GitLab 13.0. -This file lives in `/var/log/gitlab/gitlab-rails/service_measurement.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/service_measurement.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/service_measurement.log` +- Installations from source: `/home/git/gitlab/log/service_measurement.log` It contains only a single structured log with measurements for each service execution. It contains measurements such as the number of SQL calls, `execution_time`, `gc_stats`, and `memory usage`. @@ -870,9 +915,12 @@ For example: > Introduced in 9.5. -Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`. +Geo stores structured log messages in a `geo.log` file. For Omnibus GitLab +installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`. -This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into. For example, Elasticsearch or Splunk. +This file contains information about when Geo attempts to sync repositories +and files. Each line in the file contains a separate JSON entry that can be +ingested into (for example, Elasticsearch or Splunk). For example: @@ -886,10 +934,10 @@ This message shows that Geo detected that a repository update was needed for pro > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/commit/7f637e2af7006dc2b1b2649d9affc0b86cfb33c4) in GitLab 11.12. -This file is stored in: +Depending on your installation method, this file is located at: -- `/var/log/gitlab/gitlab-rails/update_mirror_service_json.log` for Omnibus GitLab installations. -- `/home/git/gitlab/log/update_mirror_service_json.log` for installations from source. +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/update_mirror_service_json.log` +- Installations from source: `/home/git/gitlab/log/update_mirror_service_json.log` This file contains information about LFS errors that occurred during project mirroring. While we work to move other project mirroring errors into this log, the [general log](#productionlog) @@ -909,20 +957,20 @@ can be used. ## Registry Logs -For Omnibus installations, Container Registry logs reside in `/var/log/gitlab/registry/current`. +For Omnibus GitLab installations, Container Registry logs are in `/var/log/gitlab/registry/current`. ## NGINX Logs -For Omnibus installations, NGINX logs reside in: +For Omnibus GitLab installations, NGINX logs are in: -- `/var/log/gitlab/nginx/gitlab_access.log` contains a log of requests made to GitLab. -- `/var/log/gitlab/nginx/gitlab_error.log` contains a log of NGINX errors for GitLab. -- `/var/log/gitlab/nginx/gitlab_pages_access.log` contains a log of requests made to Pages static sites. -- `/var/log/gitlab/nginx/gitlab_pages_error.log` contains a log of NGINX errors for Pages static sites. -- `/var/log/gitlab/nginx/gitlab_registry_access.log` contains a log of requests made to the Container Registry. -- `/var/log/gitlab/nginx/gitlab_registry_error.log` contains a log of NGINX errors for the Container Registry. -- `/var/log/gitlab/nginx/gitlab_mattermost_access.log` contains a log of requests made to Mattermost. -- `/var/log/gitlab/nginx/gitlab_mattermost_error.log` contains a log of NGINX errors for Mattermost. +- `/var/log/gitlab/nginx/gitlab_access.log`: A log of requests made to GitLab +- `/var/log/gitlab/nginx/gitlab_error.log`: A log of NGINX errors for GitLab +- `/var/log/gitlab/nginx/gitlab_pages_access.log`: A log of requests made to Pages static sites +- `/var/log/gitlab/nginx/gitlab_pages_error.log`: A log of NGINX errors for Pages static sites +- `/var/log/gitlab/nginx/gitlab_registry_access.log`: A log of requests made to the Container Registry +- `/var/log/gitlab/nginx/gitlab_registry_error.log`: A log of NGINX errors for the Container Registry +- `/var/log/gitlab/nginx/gitlab_mattermost_access.log`: A log of requests made to Mattermost +- `/var/log/gitlab/nginx/gitlab_mattermost_error.log`: A log of NGINX errors for Mattermost Below is the default GitLab NGINX access log format: @@ -932,7 +980,7 @@ $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$ ## Pages Logs -For Omnibus installations, Pages logs reside in `/var/log/gitlab/gitlab-pages/current`. +For Omnibus GitLab installations, Pages logs are in `/var/log/gitlab/gitlab-pages/current`. For example: @@ -961,66 +1009,68 @@ For example: ## Mattermost Logs -For Omnibus GitLab installations, Mattermost logs reside in `/var/log/gitlab/mattermost/mattermost.log`. +For Omnibus GitLab installations, Mattermost logs are in `/var/log/gitlab/mattermost/mattermost.log`. ## Workhorse Logs -For Omnibus GitLab installations, Workhorse logs reside in `/var/log/gitlab/gitlab-workhorse/`. +For Omnibus GitLab installations, Workhorse logs are in `/var/log/gitlab/gitlab-workhorse/`. ## PostgreSQL Logs -For Omnibus GitLab installations, PostgreSQL logs reside in `/var/log/gitlab/postgresql/`. +For Omnibus GitLab installations, PostgreSQL logs are in `/var/log/gitlab/postgresql/`. ## Prometheus Logs -For Omnibus GitLab installations, Prometheus logs reside in `/var/log/gitlab/prometheus/`. +For Omnibus GitLab installations, Prometheus logs are in `/var/log/gitlab/prometheus/`. ## Redis Logs -For Omnibus GitLab installations, Redis logs reside in `/var/log/gitlab/redis/`. +For Omnibus GitLab installations, Redis logs are in `/var/log/gitlab/redis/`. ## Alertmanager Logs -For Omnibus GitLab installations, Alertmanager logs reside in `/var/log/gitlab/alertmanager/`. +For Omnibus GitLab installations, Alertmanager logs are in `/var/log/gitlab/alertmanager/`. <!-- vale gitlab.Spelling = NO --> ## Crond Logs -For Omnibus GitLab installations, crond logs reside in `/var/log/gitlab/crond/`. +For Omnibus GitLab installations, crond logs are in `/var/log/gitlab/crond/`. <!-- vale gitlab.Spelling = YES --> ## Grafana Logs -For Omnibus GitLab installations, Grafana logs reside in `/var/log/gitlab/grafana/`. +For Omnibus GitLab installations, Grafana logs are in `/var/log/gitlab/grafana/`. ## LogRotate Logs -For Omnibus GitLab installations, `logrotate` logs reside in `/var/log/gitlab/logrotate/`. +For Omnibus GitLab installations, `logrotate` logs are in `/var/log/gitlab/logrotate/`. ## GitLab Monitor Logs -For Omnibus GitLab installations, GitLab Monitor logs reside in `/var/log/gitlab/gitlab-monitor/`. +For Omnibus GitLab installations, GitLab Monitor logs are in `/var/log/gitlab/gitlab-monitor/`. ## GitLab Exporter -For Omnibus GitLab installations, GitLab Exporter logs reside in `/var/log/gitlab/gitlab-exporter/`. +For Omnibus GitLab installations, GitLab Exporter logs are in `/var/log/gitlab/gitlab-exporter/`. ## GitLab Kubernetes Agent Server -For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs reside +For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs are in `/var/log/gitlab/gitlab-kas/`. ## Performance bar stats > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48149) in GitLab 13.7. -This file lives in `/var/log/gitlab/gitlab-rails/performance_bar_json.log` for -Omnibus GitLab packages or in `/home/git/gitlab/log/performance_bar_json.log` for -installations from source. +Depending on your installation method, this file is located at: + +- Omnibus GitLab: `/var/log/gitlab/gitlab-rails/performance_bar_json.log` +- Installations from source: `/home/git/gitlab/log/performance_bar_json.log` -Performance bar statistics (currently only duration of SQL queries) are recorded in that file. For example: +Performance bar statistics (currently only duration of SQL queries) are recorded +in that file. For example: ```json {"severity":"INFO","time":"2020-12-04T09:29:44.592Z","correlation_id":"33680b1490ccd35981b03639c406a697","filename":"app/models/ci/pipeline.rb","method_path":"app/models/ci/pipeline.rb:each_with_object","request_id":"rYHomD0VJS4","duration_ms":26.889,"count":2,"type": "sql"} diff --git a/doc/api/instance_clusters.md b/doc/api/instance_clusters.md index 1c4996975f7..ae94fdb137c 100644 --- a/doc/api/instance_clusters.md +++ b/doc/api/instance_clusters.md @@ -160,7 +160,7 @@ Parameters: | Attribute | Type | Required | Description | | ---------------------------------------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------- | | `name` | string | yes | The name of the cluster | -| `domain` | string | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster | +| `domain` | string | no | The [base domain](../user/project/clusters/gitlab_managed_clusters.md#base-domain) of the cluster | | `environment_scope` | string | no | The associated environment to the cluster. Defaults to `*` | | `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster | | `enabled` | boolean | no | Determines if cluster is active or not, defaults to `true` | @@ -228,7 +228,7 @@ Parameters: | ------------------------------------------- | ------- | -------- | ------------------------------------------------------------------------------------------ | | `cluster_id` | integer | yes | The ID of the cluster | | `name` | string | no | The name of the cluster | -| `domain` | string | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster | +| `domain` | string | no | The [base domain](../user/project/clusters/gitlab_managed_clusters.md#base-domain) of the cluster | | `environment_scope` | string | no | The associated environment to the cluster | | `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster | | `enabled` | boolean | no | Determines if cluster is active or not | diff --git a/doc/api/project_clusters.md b/doc/api/project_clusters.md index f31b3ccd0bb..93a377a0a7b 100644 --- a/doc/api/project_clusters.md +++ b/doc/api/project_clusters.md @@ -188,7 +188,7 @@ Parameters: | ---------------------------------------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------- | | `id` | integer or string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user | | `name` | string | yes | The name of the cluster | -| `domain` | string | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster | +| `domain` | string | no | The [base domain](../user/project/clusters/gitlab_managed_clusters.md#base-domain) of the cluster | | `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster | | `enabled` | boolean | no | Determines if cluster is active or not, defaults to `true` | | `managed` | boolean | no | Determines if GitLab manages namespaces and service accounts for this cluster. Defaults to `true` | @@ -286,7 +286,7 @@ Parameters: | `id` | integer or string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user | | `cluster_id` | integer | yes | The ID of the cluster | | `name` | string | no | The name of the cluster | -| `domain` | string | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster | +| `domain` | string | no | The [base domain](../user/project/clusters/gitlab_managed_clusters.md#base-domain) of the cluster | | `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster | | `enabled` | boolean | no | Determines if cluster is active or not | | `managed` | boolean | no | Determines if GitLab manages namespaces and service accounts for this cluster | diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index 94af30bd73f..496ac484a0e 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -840,3 +840,30 @@ This issue occurs because Docker starts on TLS automatically. [use the Docker executor with the Docker image](#use-the-docker-executor-with-the-docker-image-docker-in-docker). - If you are upgrading from v18.09 or earlier, read our [upgrade guide](https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/). + +### Docker `no such host` error + +You may get an error that says +`docker: error during connect: Post https://docker:2376/v1.40/containers/create: dial tcp: lookup docker on x.x.x.x:53: no such host`. + +This issue can occur when the service's image name +[includes a registry hostname](../../ci/services/index.md#available-settings-for-services). For example: + +```yaml +image: docker:19.03.12 + +services: + - registry.hub.docker.com/library/docker:19.03.12-dind +``` + +A service's hostname is [derived from the full image name](../../ci/services/index.md#accessing-the-services). +However, the shorter service hostname `docker` is expected. +To allow service resolution and access, add an explicit alias for the service name `docker`: + +```yaml +image: docker:19.03.12 + +services: + - name: registry.hub.docker.com/library/docker:19.03.12-dind + alias: docker +``` diff --git a/doc/ci/services/index.md b/doc/ci/services/index.md index 8d603b17e2e..c78ac536fd3 100644 --- a/doc/ci/services/index.md +++ b/doc/ci/services/index.md @@ -228,7 +228,7 @@ test: | Setting | Required | GitLab version | Description | |------------|----------|----------------| ----------- | -| `name` | yes, when used with any other option | 9.4 | Full name of the image to use. It should contain the Registry part if needed. | +| `name` | yes, when used with any other option | 9.4 | Full name of the image to use. If the full image name includes a registry hostname, use the `alias` option to define a shorter service access name. For more information, see [Accessing the services](#accessing-the-services). | | `entrypoint` | no | 9.4 |Command or script to execute as the container's entrypoint. It's translated to Docker's `--entrypoint` option while creating the container. The syntax is similar to [`Dockerfile`'s `ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, where each shell token is a separate string in the array. | | `command` | no | 9.4 |Command or script that should be used as the container's command. It's translated to arguments passed to Docker after the image's name. The syntax is similar to [`Dockerfile`'s `CMD`](https://docs.docker.com/engine/reference/builder/#cmd) directive, where each shell token is a separate string in the array. | | `alias` (1) | no | 9.4 |Additional alias that can be used to access the service from the job's container. Read [Accessing the services](#accessing-the-services) for more information. | diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 1db2d0dd888..ae3b46539e0 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -628,7 +628,7 @@ Integrations that are responsible for deployment configuration can define their variables that are set in the build environment. These variables are only defined for [deployment jobs](../environments/index.md). -For example, the [Kubernetes integration](../../user/project/clusters/index.md#deployment-variables) +For example, the [Kubernetes integration](../../user/project/clusters/deploy_to_cluster.md#deployment-variables) defines deployment variables that you can use with the integration. The [documentation for each integration](../../user/project/integrations/overview.md) diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md index bd280cc4825..4350154634c 100644 --- a/doc/ci/variables/predefined_variables.md +++ b/doc/ci/variables/predefined_variables.md @@ -14,7 +14,7 @@ Some variables are only available with more recent versions of [GitLab Runner](h You can [output the values of all variables available for a job](README.md#list-all-environment-variables) with a `script` command. -There are also [Kubernetes-specific deployment variables](../../user/project/clusters/index.md#deployment-variables). +There are also [Kubernetes-specific deployment variables](../../user/project/clusters/deploy_to_cluster.md#deployment-variables). | Variable | GitLab | Runner | Description | |------------------------------------------|--------|--------|-------------| diff --git a/doc/topics/autodevops/customize.md b/doc/topics/autodevops/customize.md index 42c54961c1d..dca2f015fc1 100644 --- a/doc/topics/autodevops/customize.md +++ b/doc/topics/autodevops/customize.md @@ -378,7 +378,7 @@ applications. | `HELM_UPGRADE_EXTRA_ARGS` | From GitLab 11.11, allows extra options in `helm upgrade` commands when deploying the application. Note that using quotes doesn't prevent word splitting. | | `INCREMENTAL_ROLLOUT_MODE` | From GitLab 11.4, if present, can be used to enable an [incremental rollout](#incremental-rollout-to-production) of your application for the production environment. Set to `manual` for manual deployment jobs or `timed` for automatic rollout deployments with a 5 minute delay each one. | | `K8S_SECRET_*` | From GitLab 11.7, any variable prefixed with [`K8S_SECRET_`](#application-secret-variables) is made available by Auto DevOps as environment variables to the deployed application. | -| `KUBE_INGRESS_BASE_DOMAIN` | From GitLab 11.8, can be used to set a domain per cluster. See [cluster domains](../../user/project/clusters/index.md#base-domain) for more information. | +| `KUBE_INGRESS_BASE_DOMAIN` | From GitLab 11.8, can be used to set a domain per cluster. See [cluster domains](../../user/project/clusters/gitlab_managed_clusters.md#base-domain) for more information. | | `PRODUCTION_REPLICAS` | Number of replicas to deploy in the production environment. Takes precedence over `REPLICAS` and defaults to 1. For zero downtime upgrades, set to 2 or greater. | | `REPLICAS` | Number of replicas to deploy. Defaults to 1. | | `ROLLOUT_RESOURCE_TYPE` | From GitLab 11.9, allows specification of the resource type being deployed when using a custom Helm chart. Default value is `deployment`. | diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 2036a15d77e..dc437575cb6 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -224,7 +224,7 @@ The Auto DevOps base domain is required to use any of the following places: - Either under the cluster's settings, whether for an instance, - [projects](../../user/project/clusters/index.md#base-domain) or + [projects](../../user/project/clusters/gitlab_managed_clusters.md#base-domain) or [groups](../../user/group/clusters/index.md#base-domain) - Or at the project level as a variable: `KUBE_INGRESS_BASE_DOMAIN` - Or at the group level as a variable: `KUBE_INGRESS_BASE_DOMAIN` @@ -263,7 +263,7 @@ See [Auto DevOps requirements for Amazon ECS](requirements.md#auto-devops-requir When using Auto DevOps, you can deploy different environments to different Kubernetes clusters, due to the 1:1 connection -[existing between them](../../user/project/clusters/index.md#multiple-kubernetes-clusters). +[existing between them](../../user/project/clusters/multiple_kubernetes_clusters.md). The [Deploy Job template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml) used by Auto DevOps currently defines 3 environment names: diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index d4385aba86f..58ad11e88af 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -250,7 +250,7 @@ such as after merging a merge request, the Review App is also deleted. Review apps are deployed using the [auto-deploy-app](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/-/tree/master/assets/auto-deploy-app) chart with Helm, which you can [customize](customize.md#custom-helm-chart). The application deploys -into the [Kubernetes namespace](../../user/project/clusters/index.md#deployment-variables) +into the [Kubernetes namespace](../../user/project/clusters/deploy_to_cluster.md#deployment-variables) for the environment. In GitLab 11.4 and later, [local Tiller](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22036) is @@ -366,7 +366,7 @@ commands. This is an easy way to Helm uses the [auto-deploy-app](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/-/tree/master/assets/auto-deploy-app) chart to deploy the application into the -[Kubernetes namespace](../../user/project/clusters/index.md#deployment-variables) +[Kubernetes namespace](../../user/project/clusters/deploy_to_cluster.md#deployment-variables) for the environment. In GitLab 11.4 and later, a diff --git a/doc/topics/autodevops/troubleshooting.md b/doc/topics/autodevops/troubleshooting.md index cf2a2133fa3..cee4ba68b49 100644 --- a/doc/topics/autodevops/troubleshooting.md +++ b/doc/topics/autodevops/troubleshooting.md @@ -49,7 +49,7 @@ To fix this issue, you must either: Auto Deploy fails if GitLab can't create a Kubernetes namespace and service account for your project. For help debugging this issue, see -[Troubleshooting failed deployment jobs](../../user/project/clusters/index.md#troubleshooting). +[Troubleshooting failed deployment jobs](../../user/project/clusters/deploy_to_cluster.md#troubleshooting). ## Detected an existing PostgreSQL database diff --git a/doc/user/clusters/management_project.md b/doc/user/clusters/management_project.md index def0847486b..6f62d89677a 100644 --- a/doc/user/clusters/management_project.md +++ b/doc/user/clusters/management_project.md @@ -71,7 +71,7 @@ configure cluster: ### Setting the environment scope [Environment -scopes](../project/clusters/index.md#setting-the-environment-scope) +scopes](../project/clusters/multiple_kubernetes_clusters.md#setting-the-environment-scope) are usable when associating multiple clusters to the same management project. diff --git a/doc/user/group/clusters/index.md b/doc/user/group/clusters/index.md index b0414ca6fa4..67fe415bc3a 100644 --- a/doc/user/group/clusters/index.md +++ b/doc/user/group/clusters/index.md @@ -66,7 +66,7 @@ automatically. If you're using [Auto DevOps](../../../topics/autodevops/index.md for deployments with a cluster not managed by GitLab, you must ensure: - The project's deployment service account has permissions to deploy to - [`KUBE_NAMESPACE`](../../project/clusters/index.md#deployment-variables). + [`KUBE_NAMESPACE`](../../project/clusters/deploy_to_cluster.md#deployment-variables). - `KUBECONFIG` correctly reflects any changes to `KUBE_NAMESPACE` (this is [not automatic](https://gitlab.com/gitlab-org/gitlab/-/issues/31519)). Editing `KUBE_NAMESPACE` directly is discouraged. @@ -96,7 +96,7 @@ per [multiple Kubernetes clusters](#multiple-kubernetes-clusters) When specifyin this is automatically set as an environment variable (`KUBE_INGRESS_BASE_DOMAIN`) during the [Auto DevOps](../../../topics/autodevops/index.md) stages. -The domain should have a wildcard DNS configured to the Ingress IP address. [More details](../../project/clusters/index.md#base-domain). +The domain should have a wildcard DNS configured to the Ingress IP address. [More details](../../project/clusters/gitlab_managed_clusters.md#base-domain). ## Environment scopes **(PREMIUM)** diff --git a/doc/user/project/canary_deployments.md b/doc/user/project/canary_deployments.md index c3900d33cb8..cac283f6f18 100644 --- a/doc/user/project/canary_deployments.md +++ b/doc/user/project/canary_deployments.md @@ -92,7 +92,7 @@ Here's an example setup flow from scratch: 1. Prepare an [Auto DevOps-enabled](../../topics/autodevops/index.md) project. 1. Set up a [Kubernetes Cluster](../../user/project/clusters/index.md) in your project. 1. Install [NGINX Ingress](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) in your cluster. -1. Set up [the base domain](../../user/project/clusters/index.md#base-domain) based on the Ingress +1. Set up [the base domain](../../user/project/clusters/gitlab_managed_clusters.md#base-domain) based on the Ingress Endpoint assigned above. 1. Check if [`v2.0.0+` of `auto-deploy-image` is used in your Auto DevOps pipelines](../../topics/autodevops/upgrading_auto_deploy_dependencies.md#verify-dependency-versions). If it isn't, follow the documentation to specify the image version. diff --git a/doc/user/project/clusters/add_eks_clusters.md b/doc/user/project/clusters/add_eks_clusters.md index 4bcee054701..7d006247177 100644 --- a/doc/user/project/clusters/add_eks_clusters.md +++ b/doc/user/project/clusters/add_eks_clusters.md @@ -164,7 +164,7 @@ When you create a new cluster, you have the following settings: | Setting | Description | | ----------------------- |------------ | | Kubernetes cluster name | Your cluster's name. | -| Environment scope | The [associated environment](index.md#setting-the-environment-scope). | +| Environment scope | The [associated environment](multiple_kubernetes_clusters.md#setting-the-environment-scope). | | Service role | The **EKS IAM role** (**role A**). | | Kubernetes version | The [Kubernetes version](index.md#supported-cluster-versions) for your cluster. | | Key pair name | The [key pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) that you can use to connect to your worker nodes. | diff --git a/doc/user/project/clusters/add_existing_cluster.md b/doc/user/project/clusters/add_existing_cluster.md index 5f564eadb44..8535571d100 100644 --- a/doc/user/project/clusters/add_existing_cluster.md +++ b/doc/user/project/clusters/add_existing_cluster.md @@ -66,7 +66,7 @@ To add a Kubernetes cluster to your project, group, or instance: 1. Click the **Add existing cluster** tab and fill in the details: 1. **Kubernetes cluster name** (required) - The name you wish to give the cluster. 1. **Environment scope** (required) - The - [associated environment](index.md#setting-the-environment-scope) to this cluster. + [associated environment](multiple_kubernetes_clusters.md#setting-the-environment-scope) to this cluster. 1. **API URL** (required) - It's the URL that GitLab uses to access the Kubernetes API. Kubernetes exposes several APIs, we want the "base" URL that is common to all of them. diff --git a/doc/user/project/clusters/add_gke_clusters.md b/doc/user/project/clusters/add_gke_clusters.md index 1d820302f8b..a454b4dff99 100644 --- a/doc/user/project/clusters/add_gke_clusters.md +++ b/doc/user/project/clusters/add_gke_clusters.md @@ -69,7 +69,7 @@ To create and add a new Kubernetes cluster to your project, group, or instance: **Sign in with Google** button. 1. Choose your cluster's settings: - **Kubernetes cluster name** - The name you wish to give the cluster. - - **Environment scope** - The [associated environment](index.md#setting-the-environment-scope) to this cluster. + - **Environment scope** - The [associated environment](multiple_kubernetes_clusters.md#setting-the-environment-scope) to this cluster. - **Google Cloud Platform project** - Choose the project you created in your GCP console to host the Kubernetes cluster. Learn more about [Google Cloud Platform projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects). @@ -81,7 +81,7 @@ To create and add a new Kubernetes cluster to your project, group, or instance: - **Enable Cloud Run for Anthos** - Check this if you want to use Cloud Run for Anthos for this cluster. See the [Cloud Run for Anthos section](#cloud-run-for-anthos) for more information. - **GitLab-managed cluster** - Leave this checked if you want GitLab to manage namespaces and service accounts for this cluster. - See the [Managed clusters section](index.md#gitlab-managed-clusters) for more information. + See the [Managed clusters section](gitlab_managed_clusters.md) for more information. 1. Finally, click the **Create Kubernetes cluster** button. After a couple of minutes, your cluster is ready. diff --git a/doc/user/project/clusters/deploy_to_cluster.md b/doc/user/project/clusters/deploy_to_cluster.md new file mode 100644 index 00000000000..658960c53bd --- /dev/null +++ b/doc/user/project/clusters/deploy_to_cluster.md @@ -0,0 +1,141 @@ +--- +stage: Configure +group: Configure +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Deploy to a Kubernetes cluster + +A Kubernetes cluster can be the destination for a deployment job. If + +- The cluster is integrated with GitLab, special + [deployment variables](#deployment-variables) are made available to your job + and configuration is not required. You can immediately begin interacting with + the cluster from your jobs using tools such as `kubectl` or `helm`. +- You don't use the GitLab cluster integration, you can still deploy to your + cluster. However, you must configure Kubernetes tools yourself + using [CI/CD variables](../../../ci/variables/README.md#custom-cicd-variables) + before you can interact with the cluster from your jobs. + +## Deployment variables + +Deployment variables require a valid [Deploy Token](../deploy_tokens/index.md) named +[`gitlab-deploy-token`](../deploy_tokens/index.md#gitlab-deploy-token), and the +following command in your deployment job script, for Kubernetes to access the registry: + +- Using Kubernetes 1.18+: + + ```shell + kubectl create secret docker-registry gitlab-registry --docker-server="$CI_REGISTRY" --docker-username="$CI_DEPLOY_USER" --docker-password="$CI_DEPLOY_PASSWORD" --docker-email="$GITLAB_USER_EMAIL" -o yaml --dry-run=client | kubectl apply -f - + ``` + +- Using Kubernetes <1.18: + + ```shell + kubectl create secret docker-registry gitlab-registry --docker-server="$CI_REGISTRY" --docker-username="$CI_DEPLOY_USER" --docker-password="$CI_DEPLOY_PASSWORD" --docker-email="$GITLAB_USER_EMAIL" -o yaml --dry-run | kubectl apply -f - + ``` + +The Kubernetes cluster integration exposes these +[deployment variables](../../../ci/variables/README.md#deployment-variables) in the +GitLab CI/CD build environment to deployment jobs. Deployment jobs have +[defined a target environment](../../../ci/environments/index.md). + +| Deployment Variable | Description | +|----------------------------|-------------| +| `KUBE_URL` | Equal to the API URL. | +| `KUBE_TOKEN` | The Kubernetes token of the [environment service account](cluster_access.md). Prior to GitLab 11.5, `KUBE_TOKEN` was the Kubernetes token of the main service account of the cluster integration. | +| `KUBE_NAMESPACE` | The namespace associated with the project's deployment service account. In the format `<project_name>-<project_id>-<environment>`. For GitLab-managed clusters, a matching namespace is automatically created by GitLab in the cluster. If your cluster was created before GitLab 12.2, the default `KUBE_NAMESPACE` is set to `<project_name>-<project_id>`. | +| `KUBE_CA_PEM_FILE` | Path to a file containing PEM data. Only present if a custom CA bundle was specified. | +| `KUBE_CA_PEM` | (**deprecated**) Raw PEM data. Only if a custom CA bundle was specified. | +| `KUBECONFIG` | Path to a file containing `kubeconfig` for this deployment. CA bundle would be embedded if specified. This configuration also embeds the same token defined in `KUBE_TOKEN` so you likely need only this variable. This variable name is also automatically picked up by `kubectl` so you don't need to reference it explicitly if using `kubectl`. | +| `KUBE_INGRESS_BASE_DOMAIN` | From GitLab 11.8, this variable can be used to set a domain per cluster. See [cluster domains](gitlab_managed_clusters.md#base-domain) for more information. | + +## Custom namespace + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27630) in GitLab 12.6. +> - An option to use project-wide namespaces [was added](https://gitlab.com/gitlab-org/gitlab/-/issues/38054) in GitLab 13.5. + +The Kubernetes integration provides a `KUBECONFIG` with an auto-generated namespace +to deployment jobs. It defaults to using project-environment specific namespaces +of the form `<prefix>-<environment>`, where `<prefix>` is of the form +`<project_name>-<project_id>`. To learn more, read [Deployment variables](#deployment-variables). + +You can customize the deployment namespace in a few ways: + +- You can choose between a **namespace per [environment](../../../ci/environments/index.md)** + or a **namespace per project**. A namespace per environment is the default and recommended + setting, as it prevents the mixing of resources between production and non-production environments. +- When using a project-level cluster, you can additionally customize the namespace prefix. + When using namespace-per-environment, the deployment namespace is `<prefix>-<environment>`, + but otherwise just `<prefix>`. +- For **non-managed** clusters, the auto-generated namespace is set in the `KUBECONFIG`, + but the user is responsible for ensuring its existence. You can fully customize + this value using + [`environment:kubernetes:namespace`](../../../ci/environments/index.md#configure-kubernetes-deployments) + in `.gitlab-ci.yml`. + +When you customize the namespace, existing environments remain linked to their current +namespaces until you [clear the cluster cache](gitlab_managed_clusters.md#clearing-the-cluster-cache). + +### Protecting credentials + +By default, anyone who can create a deployment job can access any CI/CD variable in +an environment's deployment job. This includes `KUBECONFIG`, which gives access to +any secret available to the associated service account in your cluster. +To keep your production credentials safe, consider using +[protected environments](../../../ci/environments/protected_environments.md), +combined with *one* of the following: + +- A GitLab-managed cluster and namespace per environment. +- An environment-scoped cluster per protected environment. The same cluster + can be added multiple times with multiple restricted service accounts. + +## Web terminals for Kubernetes clusters + +> Introduced in GitLab 8.15. + +The Kubernetes integration adds [web terminal](../../../ci/environments/index.md#web-terminals) +support to your [environments](../../../ci/environments/index.md). This is based +on the `exec` functionality found in Docker and Kubernetes, so you get a new +shell session in your existing containers. To use this integration, you +should deploy to Kubernetes using the deployment variables above, ensuring any +deployments, replica sets, and pods are annotated with: + +- `app.gitlab.com/env: $CI_ENVIRONMENT_SLUG` +- `app.gitlab.com/app: $CI_PROJECT_PATH_SLUG` + +`$CI_ENVIRONMENT_SLUG` and `$CI_PROJECT_PATH_SLUG` are the values of +the CI/CD variables. + +You must be the project owner or have `maintainer` permissions to use terminals. +Support is limited to the first container in the first pod of your environment. + +## Troubleshooting + +Before the deployment jobs starts, GitLab creates the following specifically for +the deployment job: + +- A namespace. +- A service account. + +However, sometimes GitLab cannot create them. In such instances, your job can fail with the message: + +```plaintext +This job failed because the necessary resources were not successfully created. +``` + +To find the cause of this error when creating a namespace and service account, check the [logs](../../../administration/logs.md#kuberneteslog). + +Reasons for failure include: + +- The token you gave GitLab does not have [`cluster-admin`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) + privileges required by GitLab. +- Missing `KUBECONFIG` or `KUBE_TOKEN` deployment variables. To be passed to your job, they must have a matching + [`environment:name`](../../../ci/environments/index.md). If your job has no + `environment:name` set, the Kubernetes credentials are not passed to it. + +NOTE: +Project-level clusters upgraded from GitLab 12.0 or older may be configured +in a way that causes this error. Ensure you deselect the +[GitLab-managed cluster](gitlab_managed_clusters.md) option if you want to manage +namespaces and service accounts yourself. diff --git a/doc/user/project/clusters/gitlab_managed_clusters.md b/doc/user/project/clusters/gitlab_managed_clusters.md new file mode 100644 index 00000000000..77921ec1dff --- /dev/null +++ b/doc/user/project/clusters/gitlab_managed_clusters.md @@ -0,0 +1,102 @@ +--- +stage: Configure +group: Configure +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# GitLab-managed clusters + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22011) in GitLab 11.5. +> - Became [optional](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26565) in GitLab 11.11. + +You can choose to allow GitLab to manage your cluster for you. If your cluster +is managed by GitLab, resources for your projects are automatically created. See +the [Access controls](add_remove_clusters.md#access-controls) section for +details about the created resources. + +If you choose to manage your own cluster, project-specific resources aren't created +automatically. If you are using [Auto DevOps](../../../topics/autodevops/index.md), you must +explicitly provide the `KUBE_NAMESPACE` [deployment variable](deploy_to_cluster.md#deployment-variables) +for your deployment jobs to use. Otherwise, a namespace is created for you. + +WARNING: +Be aware that manually managing resources that have been created by GitLab, like +namespaces and service accounts, can cause unexpected errors. If this occurs, try +[clearing the cluster cache](#clearing-the-cluster-cache). + +## Clearing the cluster cache + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31759) in GitLab 12.6. + +If you allow GitLab to manage your cluster, GitLab stores a cached +version of the namespaces and service accounts it creates for your projects. If you +modify these resources in your cluster manually, this cache can fall out of sync with +your cluster. This can cause deployment jobs to fail. + +To clear the cache: + +1. Navigate to your project's **Infrastructure > Kubernetes clusters** page, and select your cluster. +1. Expand the **Advanced settings** section. +1. Click **Clear cluster cache**. + +## Base domain + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24580) in GitLab 11.8. + +Specifying a base domain automatically sets `KUBE_INGRESS_BASE_DOMAIN` as an deployment variable. +If you are using [Auto DevOps](../../../topics/autodevops/index.md), this domain is used for the different +stages. For example, Auto Review Apps and Auto Deploy. + +The domain should have a wildcard DNS configured to the Ingress IP address. +You can either: + +- Create an `A` record that points to the Ingress IP address with your domain provider. +- Enter a wildcard DNS address using a service such as `nip.io` or `xip.io`. For example, `192.168.1.1.xip.io`. + +To determine the external Ingress IP address, or external Ingress hostname: + +- *If the cluster is on GKE*: + 1. Click the **Google Kubernetes Engine** link in the **Advanced settings**, + or go directly to the [Google Kubernetes Engine dashboard](https://console.cloud.google.com/kubernetes/). + 1. Select the proper project and cluster. + 1. Click **Connect** + 1. Execute the `gcloud` command in a local terminal or using the **Cloud Shell**. + +- *If the cluster is not on GKE*: Follow the specific instructions for your + Kubernetes provider to configure `kubectl` with the right credentials. + The output of the following examples show the external endpoint of your + cluster. This information can then be used to set up DNS entries and forwarding + rules that allow external access to your deployed applications. + +Depending an your Ingress, the external IP address can be retrieved in various ways. +This list provides a generic solution, and some GitLab-specific approaches: + +- In general, you can list the IP addresses of all load balancers by running: + + ```shell + kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalancer.ingress)]}{.status.loadBalancer.ingress[*].ip} ' + ``` + +- If you installed Ingress using the **Applications**, run: + + ```shell + kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}' + ``` + +- Some Kubernetes clusters return a hostname instead, like + [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run: + + ```shell + kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' + ``` + + If you use EKS, an [Elastic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/) + is also created, which incurs additional AWS costs. + +- Istio/Knative uses a different command. Run: + + ```shell + kubectl get svc --namespace=istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip} ' + ``` + +If you see a trailing `%` on some Kubernetes versions, do not include it. diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md index 0ab2de002ea..cff824836cb 100644 --- a/doc/user/project/clusters/index.md +++ b/doc/user/project/clusters/index.md @@ -1,6 +1,6 @@ --- -stage: Monitor -group: Monitor +stage: Configure +group: Configure info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -12,29 +12,28 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/39840) in > GitLab 11.11 for [instances](../../instance/clusters/index.md). -You can use GitLab to manage your clusters and [benefit from the GitLab-Kubernetes integration](#benefit-from-the-gitlab-kubernetes-integration). +We offer extensive integrations to help you connect and manage your Kubernetes clusters from GitLab. -See the [supported cluster versions](#supported-cluster-versions) before -you begin. +Read through this document to get started. + +## Clusters infrastructure + +Use [Infrastructure as Code](../../infrastructure) to create and manage your clusters with the GitLab integration with Terraform. ## Benefit from the GitLab-Kubernetes integration Using the GitLab-Kubernetes integration, you can benefit of GitLab features such as: -- Preview your applications with [Review Apps](../../../ci/review_apps/index.md). -- Create GitLab CI/CD [Pipelines](../../../ci/pipelines/index.md) to build, test, and deploy to your cluster. -- [Deploy](#deploying-to-a-kubernetes-cluster) your applications. -- Detect and [monitor](#monitoring-your-kubernetes-cluster) your clusters. +- Create [CI/CD Pipelines](../../../ci/pipelines/index.md) to build, test, and deploy to your cluster. - Use [Auto DevOps](#auto-devops) to automate the CI/CD process. -- Use [Web terminals](#web-terminals). -- Use [Deploy Boards](#deploy-boards). -- Use [Canary Deployments](#canary-deployments). **(PREMIUM)** -- Use [deployment variables](#deployment-variables). - Use [role-based or attribute-based access controls](cluster_access.md). -- View [Logs](#viewing-pod-logs). - Run serverless workloads on [Kubernetes with Knative](serverless/index.md). - Connect GitLab to in-cluster applications using [cluster integrations](../../clusters/integrations.md). +- Use [Deploy Boards](../deploy_boards.md) to see the health and status of each CI [environment](../../../ci/environments/index.md) running on your Kubernetes cluster. +- Use [Canary deployments](../canary_deployments.md) to update only a portion of your fleet with the latest version of your application. +- View your [Kubernetes podlogs](kubernetes_pod_logs.md) directly in GitLab. +- Connect to your cluster through GitLab [web terminals](deploy_to_cluster.md#web-terminals-for-kubernetes-clusters). ## Supported cluster versions @@ -81,72 +80,6 @@ and view information about your existing clusters, such as: - Nodes count. - Rough estimates of memory and CPU usage. -## Multiple Kubernetes clusters - -> - Introduced in [GitLab Premium](https://about.gitlab.com/pricing/) 10.3 -> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35094) to GitLab Free in 13.2. - -You can associate more than one Kubernetes cluster to your -project. That way you can have different clusters for different environments, -like development, staging, production, and so on. -Add another cluster, like you did the first time, and make sure to -[set an environment scope](#setting-the-environment-scope) that -differentiates the new cluster from the rest. - -### Setting the environment scope - -When adding more than one Kubernetes cluster to your project, you need to differentiate -them with an environment scope. The environment scope associates clusters with [environments](../../../ci/environments/index.md) similar to how the -[environment-specific CI/CD variables](../../../ci/variables/README.md#limit-the-environment-scope-of-a-cicd-variable) work. - -The default environment scope is `*`, which means all jobs, regardless of their -environment, use that cluster. Each scope can be used only by a single cluster -in a project, and a validation error occurs if otherwise. Also, jobs that don't -have an environment keyword set can't access any cluster. - -For example, let's say the following Kubernetes clusters exist in a project: - -| Cluster | Environment scope | -| ----------- | ----------------- | -| Development | `*` | -| Production | `production` | - -And the following environments are set in -[`.gitlab-ci.yml`](../../../ci/yaml/README.md): - -```yaml -stages: - - test - - deploy - -test: - stage: test - script: sh test - -deploy to staging: - stage: deploy - script: make deploy - environment: - name: staging - url: https://staging.example.com/ - -deploy to production: - stage: deploy - script: make deploy - environment: - name: production - url: https://example.com/ -``` - -The results: - -- The Development cluster details are available in the `deploy to staging` - job. -- The production cluster details are available in the `deploy to production` - job. -- No cluster details are available in the `test` job because it doesn't - define any environment. - ## Configuring your Kubernetes cluster Use the [GitLab Kubernetes Agent](../../clusters/agent/index.md) to safely @@ -163,105 +96,10 @@ functionalities needed to successfully build and deploy a containerized application. Bear in mind that the same credentials are used for all the applications running on the cluster. -### GitLab-managed clusters - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22011) in GitLab 11.5. -> - Became [optional](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26565) in GitLab 11.11. - -You can choose to allow GitLab to manage your cluster for you. If your cluster -is managed by GitLab, resources for your projects are automatically created. See -the [Access controls](add_remove_clusters.md#access-controls) section for -details about the created resources. - -If you choose to manage your own cluster, project-specific resources aren't created -automatically. If you are using [Auto DevOps](../../../topics/autodevops/index.md), you must -explicitly provide the `KUBE_NAMESPACE` [deployment variable](#deployment-variables) -for your deployment jobs to use. Otherwise, a namespace is created for you. - -#### Important notes - -Note the following with GitLab and clusters: - -Be aware that manually managing resources that have been created by GitLab, like -namespaces and service accounts, can cause unexpected errors. If this occurs, try -[clearing the cluster cache](#clearing-the-cluster-cache). - -#### Clearing the cluster cache - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31759) in GitLab 12.6. - -If you allow GitLab to manage your cluster, GitLab stores a cached -version of the namespaces and service accounts it creates for your projects. If you -modify these resources in your cluster manually, this cache can fall out of sync with -your cluster. This can cause deployment jobs to fail. - -To clear the cache: - -1. Navigate to your project's **Infrastructure > Kubernetes clusters** page, and select your cluster. -1. Expand the **Advanced settings** section. -1. Click **Clear cluster cache**. - -### Base domain - -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24580) in GitLab 11.8. - -Specifying a base domain automatically sets `KUBE_INGRESS_BASE_DOMAIN` as an deployment variable. -If you are using [Auto DevOps](../../../topics/autodevops/index.md), this domain is used for the different -stages. For example, Auto Review Apps and Auto Deploy. - -The domain should have a wildcard DNS configured to the Ingress IP address. -You can either: - -- Create an `A` record that points to the Ingress IP address with your domain provider. -- Enter a wildcard DNS address using a service such as `nip.io` or `xip.io`. For example, `192.168.1.1.xip.io`. - -To determine the external Ingress IP address, or external Ingress hostname: - -- *If the cluster is on GKE*: - 1. Click the **Google Kubernetes Engine** link in the **Advanced settings**, - or go directly to the [Google Kubernetes Engine dashboard](https://console.cloud.google.com/kubernetes/). - 1. Select the proper project and cluster. - 1. Click **Connect** - 1. Execute the `gcloud` command in a local terminal or using the **Cloud Shell**. - -- *If the cluster is not on GKE*: Follow the specific instructions for your - Kubernetes provider to configure `kubectl` with the right credentials. - The output of the following examples show the external endpoint of your - cluster. This information can then be used to set up DNS entries and forwarding - rules that allow external access to your deployed applications. - -Depending an your Ingress, the external IP address can be retrieved in various ways. -This list provides a generic solution, and some GitLab-specific approaches: - -- In general, you can list the IP addresses of all load balancers by running: - - ```shell - kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalancer.ingress)]}{.status.loadBalancer.ingress[*].ip} ' - ``` - -- If you installed Ingress using the **Applications**, run: - - ```shell - kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}' - ``` - -- Some Kubernetes clusters return a hostname instead, like - [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run: - - ```shell - kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' - ``` - - If you use EKS, an [Elastic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/) - is also created, which incurs additional AWS costs. - -- Istio/Knative uses a different command. Run: - - ```shell - kubectl get svc --namespace=istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip} ' - ``` +## Multiple Kubernetes clusters -If you see a trailing `%` on some Kubernetes versions, do not include it. +See how to associate [multiple Kubernetes clusters](multiple_kubernetes_clusters.md) +with your GitLab project. ## Cluster integrations @@ -274,6 +112,10 @@ Attach a [Cluster management project](../../clusters/management_project.md) to your cluster to manage shared resources requiring `cluster-admin` privileges for installation, such as an Ingress controller. +## GitLab-managed clusters + +See how to allow [GitLab to manage your cluster for you](gitlab_managed_clusters.md). + ## Auto DevOps You can use [Auto DevOps](../../../topics/autodevops/index.md) to automatically @@ -281,167 +123,7 @@ detect, build, test, deploy, and monitor your applications. ## Deploying to a Kubernetes cluster -A Kubernetes cluster can be the destination for a deployment job. If - -- The cluster is integrated with GitLab, special - [deployment variables](#deployment-variables) are made available to your job - and configuration is not required. You can immediately begin interacting with - the cluster from your jobs using tools such as `kubectl` or `helm`. -- You don't use the GitLab cluster integration, you can still deploy to your - cluster. However, you must configure Kubernetes tools yourself - using [CI/CD variables](../../../ci/variables/README.md#custom-cicd-variables) - before you can interact with the cluster from your jobs. - -### Deployment variables - -Deployment variables require a valid [Deploy Token](../deploy_tokens/index.md) named -[`gitlab-deploy-token`](../deploy_tokens/index.md#gitlab-deploy-token), and the -following command in your deployment job script, for Kubernetes to access the registry: - -- Using Kubernetes 1.18+: - - ```shell - kubectl create secret docker-registry gitlab-registry --docker-server="$CI_REGISTRY" --docker-username="$CI_DEPLOY_USER" --docker-password="$CI_DEPLOY_PASSWORD" --docker-email="$GITLAB_USER_EMAIL" -o yaml --dry-run=client | kubectl apply -f - - ``` - -- Using Kubernetes <1.18: - - ```shell - kubectl create secret docker-registry gitlab-registry --docker-server="$CI_REGISTRY" --docker-username="$CI_DEPLOY_USER" --docker-password="$CI_DEPLOY_PASSWORD" --docker-email="$GITLAB_USER_EMAIL" -o yaml --dry-run | kubectl apply -f - - ``` - -The Kubernetes cluster integration exposes these -[deployment variables](../../../ci/variables/README.md#deployment-variables) in the -GitLab CI/CD build environment to deployment jobs. Deployment jobs have -[defined a target environment](../../../ci/environments/index.md). - -| Deployment Variable | Description | -|----------------------------|-------------| -| `KUBE_URL` | Equal to the API URL. | -| `KUBE_TOKEN` | The Kubernetes token of the [environment service account](cluster_access.md). Prior to GitLab 11.5, `KUBE_TOKEN` was the Kubernetes token of the main service account of the cluster integration. | -| `KUBE_NAMESPACE` | The namespace associated with the project's deployment service account. In the format `<project_name>-<project_id>-<environment>`. For GitLab-managed clusters, a matching namespace is automatically created by GitLab in the cluster. If your cluster was created before GitLab 12.2, the default `KUBE_NAMESPACE` is set to `<project_name>-<project_id>`. | -| `KUBE_CA_PEM_FILE` | Path to a file containing PEM data. Only present if a custom CA bundle was specified. | -| `KUBE_CA_PEM` | (**deprecated**) Raw PEM data. Only if a custom CA bundle was specified. | -| `KUBECONFIG` | Path to a file containing `kubeconfig` for this deployment. CA bundle would be embedded if specified. This configuration also embeds the same token defined in `KUBE_TOKEN` so you likely need only this variable. This variable name is also automatically picked up by `kubectl` so you don't need to reference it explicitly if using `kubectl`. | -| `KUBE_INGRESS_BASE_DOMAIN` | From GitLab 11.8, this variable can be used to set a domain per cluster. See [cluster domains](#base-domain) for more information. | - -### Custom namespace - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27630) in GitLab 12.6. -> - An option to use project-wide namespaces [was added](https://gitlab.com/gitlab-org/gitlab/-/issues/38054) in GitLab 13.5. - -The Kubernetes integration provides a `KUBECONFIG` with an auto-generated namespace -to deployment jobs. It defaults to using project-environment specific namespaces -of the form `<prefix>-<environment>`, where `<prefix>` is of the form -`<project_name>-<project_id>`. To learn more, read [Deployment variables](#deployment-variables). - -You can customize the deployment namespace in a few ways: - -- You can choose between a **namespace per [environment](../../../ci/environments/index.md)** - or a **namespace per project**. A namespace per environment is the default and recommended - setting, as it prevents the mixing of resources between production and non-production environments. -- When using a project-level cluster, you can additionally customize the namespace prefix. - When using namespace-per-environment, the deployment namespace is `<prefix>-<environment>`, - but otherwise just `<prefix>`. -- For **non-managed** clusters, the auto-generated namespace is set in the `KUBECONFIG`, - but the user is responsible for ensuring its existence. You can fully customize - this value using - [`environment:kubernetes:namespace`](../../../ci/environments/index.md#configure-kubernetes-deployments) - in `.gitlab-ci.yml`. - -When you customize the namespace, existing environments remain linked to their current -namespaces until you [clear the cluster cache](#clearing-the-cluster-cache). - -#### Protecting credentials - -By default, anyone who can create a deployment job can access any CI/CD variable in -an environment's deployment job. This includes `KUBECONFIG`, which gives access to -any secret available to the associated service account in your cluster. -To keep your production credentials safe, consider using -[protected environments](../../../ci/environments/protected_environments.md), -combined with *one* of the following: - -- A GitLab-managed cluster and namespace per environment. -- An environment-scoped cluster per protected environment. The same cluster - can be added multiple times with multiple restricted service accounts. - -### Integrations - -#### Canary Deployments - -Leverage [Kubernetes' Canary deployments](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#canary-deployments) -and visualize your canary deployments right inside the Deploy Board, without -the need to leave GitLab. - -[Read more about Canary Deployments](../canary_deployments.md) - -#### Deploy Boards - -GitLab Deploy Boards offer a consolidated view of the current health and -status of each CI [environment](../../../ci/environments/index.md) running on Kubernetes. -They display the status of the pods in the deployment. Developers and other -teammates can view the progress and status of a rollout, pod by pod, in the -workflow they already use without any need to access Kubernetes. - -[Read more about Deploy Boards](../deploy_boards.md) - -#### Viewing pod logs - -GitLab enables you to view the logs of running pods in connected Kubernetes -clusters. By displaying the logs directly in GitLab, developers can avoid having -to manage console tools or jump to a different interface. - -[Read more about Kubernetes logs](kubernetes_pod_logs.md) - -#### Web terminals - -> Introduced in GitLab 8.15. - -When enabled, the Kubernetes integration adds [web terminal](../../../ci/environments/index.md#web-terminals) -support to your [environments](../../../ci/environments/index.md). This is based -on the `exec` functionality found in Docker and Kubernetes, so you get a new -shell session in your existing containers. To use this integration, you -should deploy to Kubernetes using the deployment variables above, ensuring any -deployments, replica sets, and pods are annotated with: - -- `app.gitlab.com/env: $CI_ENVIRONMENT_SLUG` -- `app.gitlab.com/app: $CI_PROJECT_PATH_SLUG` - -`$CI_ENVIRONMENT_SLUG` and `$CI_PROJECT_PATH_SLUG` are the values of -the CI/CD variables. - -You must be the project owner or have `maintainer` permissions to use terminals. -Support is limited to the first container in the first pod of your environment. - -### Troubleshooting - -Before the deployment jobs starts, GitLab creates the following specifically for -the deployment job: - -- A namespace. -- A service account. - -However, sometimes GitLab can not create them. In such instances, your job can fail with the message: - -```plaintext -This job failed because the necessary resources were not successfully created. -``` - -To find the cause of this error when creating a namespace and service account, check the [logs](../../../administration/logs.md#kuberneteslog). - -Reasons for failure include: - -- The token you gave GitLab does not have [`cluster-admin`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) - privileges required by GitLab. -- Missing `KUBECONFIG` or `KUBE_TOKEN` deployment variables. To be passed to your job, they must have a matching - [`environment:name`](../../../ci/environments/index.md). If your job has no - `environment:name` set, the Kubernetes credentials are not passed to it. - -NOTE: -Project-level clusters upgraded from GitLab 12.0 or older may be configured -in a way that causes this error. Ensure you deselect the -[GitLab-managed cluster](#gitlab-managed-clusters) option if you want to manage -namespaces and service accounts yourself. +See how to [deploy to your Kubernetes cluster](deploy_to_cluster.md) from GitLab. ## Monitoring your Kubernetes cluster diff --git a/doc/user/project/clusters/multiple_kubernetes_clusters.md b/doc/user/project/clusters/multiple_kubernetes_clusters.md new file mode 100644 index 00000000000..cd0045c4167 --- /dev/null +++ b/doc/user/project/clusters/multiple_kubernetes_clusters.md @@ -0,0 +1,71 @@ +--- +stage: Configure +group: Configure +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Multiple Kubernetes clusters for a single project + +> - Introduced in [GitLab Premium](https://about.gitlab.com/pricing/) 10.3 +> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35094) to GitLab Free in 13.2. + +You can associate more than one Kubernetes cluster to your +project. That way you can have different clusters for different environments, +like development, staging, production, and so on. +Add another cluster, like you did the first time, and make sure to +[set an environment scope](#setting-the-environment-scope) that +differentiates the new cluster from the rest. + +## Setting the environment scope + +When adding more than one Kubernetes cluster to your project, you need to differentiate +them with an environment scope. The environment scope associates clusters with [environments](../../../ci/environments/index.md) similar to how the +[environment-specific CI/CD variables](../../../ci/variables/README.md#limit-the-environment-scope-of-a-cicd-variable) work. + +The default environment scope is `*`, which means all jobs, regardless of their +environment, use that cluster. Each scope can be used only by a single cluster +in a project, and a validation error occurs if otherwise. Also, jobs that don't +have an environment keyword set can't access any cluster. + +For example, let's say the following Kubernetes clusters exist in a project: + +| Cluster | Environment scope | +| ----------- | ----------------- | +| Development | `*` | +| Production | `production` | + +And the following environments are set in +[`.gitlab-ci.yml`](../../../ci/yaml/README.md): + +```yaml +stages: + - test + - deploy + +test: + stage: test + script: sh test + +deploy to staging: + stage: deploy + script: make deploy + environment: + name: staging + url: https://staging.example.com/ + +deploy to production: + stage: deploy + script: make deploy + environment: + name: production + url: https://example.com/ +``` + +The results: + +- The Development cluster details are available in the `deploy to staging` + job. +- The production cluster details are available in the `deploy to production` + job. +- No cluster details are available in the `test` job because it doesn't + define any environment. diff --git a/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md b/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md index ebcd56078ae..466bcb7916f 100644 --- a/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md +++ b/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md @@ -20,7 +20,7 @@ The following steps are recommended to install and use Container Host Security t 1. Install and configure an Ingress node: - [Install the Ingress node via CI/CD (Cluster Management Project)](../../../../clusters/applications.md#install-ingress-using-gitlab-cicd). - - Navigate to the Kubernetes page and enter the [DNS address for the external endpoint](../../index.md#base-domain) + - Navigate to the Kubernetes page and enter the [DNS address for the external endpoint](../../gitlab_managed_clusters.md#base-domain) into the **Base domain** field on the **Details** tab. Save the changes to the Kubernetes cluster. @@ -50,7 +50,7 @@ kubectl -n gitlab-managed-apps logs -l app=falco Your CI/CD pipeline may occasionally fail or have trouble connecting to the cluster. Here are some initial troubleshooting steps that resolve the most common problems: -1. [Clear the cluster cache](../../index.md#clearing-the-cluster-cache) +1. [Clear the cluster cache](../../gitlab_managed_clusters.md#clearing-the-cluster-cache) 1. If things still aren't working, a more assertive set of actions may help get things back to a good state: diff --git a/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md b/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md index 33aefec224a..24ee8601638 100644 --- a/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md +++ b/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md @@ -20,7 +20,7 @@ The following steps are recommended to install and use Container Network Securit 1. Install and configure an Ingress node: - [Install the Ingress node via CI/CD (Cluster Management Project)](../../../../clusters/applications.md#install-ingress-using-gitlab-cicd). - - Navigate to the Kubernetes page and enter the [DNS address for the external endpoint](../../index.md#base-domain) + - Navigate to the Kubernetes page and enter the [DNS address for the external endpoint](../../gitlab_managed_clusters.md#base-domain) into the **Base domain** field on the **Details** tab. Save the changes to the Kubernetes cluster. @@ -120,7 +120,7 @@ traffic that you want to allow in the node. Occasionally, your CI/CD pipeline may fail or have trouble connecting to the cluster. Here are some initial troubleshooting steps that resolve the most common problems: -1. [Clear the cluster cache](../../index.md#clearing-the-cluster-cache). +1. [Clear the cluster cache](../../gitlab_managed_clusters.md#clearing-the-cluster-cache). 1. If things still aren't working, a more assertive set of actions may help get things back into a good state: diff --git a/lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb b/lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb index d67afb367f7..4e06a94557d 100644 --- a/lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb +++ b/lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb @@ -68,11 +68,7 @@ module Gitlab end def replica_caught_up?(location) - if Feature.enabled?(:sidekiq_load_balancing_rotate_up_to_date_replica) - load_balancer.select_up_to_date_host(location) - else - load_balancer.host.caught_up?(location) - end + load_balancer.select_up_to_date_host(location) end end end diff --git a/lib/gitlab/github_import/markdown_text.rb b/lib/gitlab/github_import/markdown_text.rb index e5f4dabe42d..0b1c221bbec 100644 --- a/lib/gitlab/github_import/markdown_text.rb +++ b/lib/gitlab/github_import/markdown_text.rb @@ -13,7 +13,7 @@ module Gitlab # author - An instance of `Gitlab::GithubImport::Representation::User` # exists - Boolean that indicates the user exists in the GitLab database. def initialize(text, author, exists = false) - @text = text + @text = text.to_s @author = author @exists = exists end diff --git a/lib/sidebars/projects/menus/deployments_menu.rb b/lib/sidebars/projects/menus/deployments_menu.rb index f3d13e12258..fa6482562e8 100644 --- a/lib/sidebars/projects/menus/deployments_menu.rb +++ b/lib/sidebars/projects/menus/deployments_menu.rb @@ -6,8 +6,6 @@ module Sidebars class DeploymentsMenu < ::Sidebars::Menu override :configure_menu_items def configure_menu_items - return false if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - add_item(feature_flags_menu_item) add_item(environments_menu_item) add_item(releases_menu_item) diff --git a/lib/sidebars/projects/menus/infrastructure_menu.rb b/lib/sidebars/projects/menus/infrastructure_menu.rb index 4ee0a80cc93..aad1ce60d0e 100644 --- a/lib/sidebars/projects/menus/infrastructure_menu.rb +++ b/lib/sidebars/projects/menus/infrastructure_menu.rb @@ -6,7 +6,6 @@ module Sidebars class InfrastructureMenu < ::Sidebars::Menu override :configure_menu_items def configure_menu_items - return false if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) return false unless context.project.feature_available?(:operations, context.current_user) add_item(kubernetes_menu_item) diff --git a/lib/sidebars/projects/menus/issues_menu.rb b/lib/sidebars/projects/menus/issues_menu.rb index 79603803b8f..fd57f21db88 100644 --- a/lib/sidebars/projects/menus/issues_menu.rb +++ b/lib/sidebars/projects/menus/issues_menu.rb @@ -12,7 +12,6 @@ module Sidebars add_item(list_menu_item) add_item(boards_menu_item) - add_item(labels_menu_item) add_item(service_desk_menu_item) add_item(milestones_menu_item) @@ -97,19 +96,6 @@ module Sidebars ) end - def labels_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - return ::Sidebars::NilMenuItem.new(item_id: :labels) - end - - ::Sidebars::MenuItem.new( - title: _('Labels'), - link: project_labels_path(context.project), - active_routes: { controller: :labels }, - item_id: :labels - ) - end - def service_desk_menu_item ::Sidebars::MenuItem.new( title: _('Service Desk'), diff --git a/lib/sidebars/projects/menus/labels_menu.rb b/lib/sidebars/projects/menus/labels_menu.rb deleted file mode 100644 index 7cb28ababdb..00000000000 --- a/lib/sidebars/projects/menus/labels_menu.rb +++ /dev/null @@ -1,50 +0,0 @@ -# frozen_string_literal: true - -module Sidebars - module Projects - module Menus - class LabelsMenu < ::Sidebars::Menu - override :link - def link - project_labels_path(context.project) - end - - override :extra_container_html_options - def extra_container_html_options - { - class: 'shortcuts-labels' - } - end - - override :title - def title - _('Labels') - end - - override :title_html_options - def title_html_options - { - id: 'js-onboarding-labels-link' - } - end - - override :active_routes - def active_routes - { controller: :labels } - end - - override :sprite_icon - def sprite_icon - 'label' - end - - override :render? - def render? - return false if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - - can?(context.current_user, :read_label, context.project) && !context.project.issues_enabled? - end - end - end - end -end diff --git a/lib/sidebars/projects/menus/members_menu.rb b/lib/sidebars/projects/menus/members_menu.rb deleted file mode 100644 index 498bfa74261..00000000000 --- a/lib/sidebars/projects/menus/members_menu.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: true - -module Sidebars - module Projects - module Menus - class MembersMenu < ::Sidebars::Menu - override :link - def link - project_project_members_path(context.project) - end - - override :extra_container_html_options - def extra_container_html_options - { - id: 'js-onboarding-members-link' - } - end - - override :title - def title - _('Members') - end - - override :sprite_icon - def sprite_icon - 'users' - end - - override :render? - def render? - return false if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - - can?(context.current_user, :read_project_member, context.project) - end - - override :active_routes - def active_routes - { controller: :project_members } - end - end - end - end -end diff --git a/lib/sidebars/projects/menus/monitor_menu.rb b/lib/sidebars/projects/menus/monitor_menu.rb index 8ebdacc7c7e..6396885deac 100644 --- a/lib/sidebars/projects/menus/monitor_menu.rb +++ b/lib/sidebars/projects/menus/monitor_menu.rb @@ -14,11 +14,6 @@ module Sidebars add_item(error_tracking_menu_item) add_item(alert_management_menu_item) add_item(incidents_menu_item) - add_item(serverless_menu_item) - add_item(terraform_menu_item) - add_item(kubernetes_menu_item) - add_item(environments_menu_item) - add_item(feature_flags_menu_item) add_item(product_analytics_menu_item) true @@ -36,18 +31,18 @@ module Sidebars override :extra_container_html_options def extra_container_html_options { - class: Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) ? 'shortcuts-monitor' : 'shortcuts-operations' + class: 'shortcuts-monitor' } end override :title def title - Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) ? _('Monitor') : _('Operations') + _('Monitor') end override :sprite_icon def sprite_icon - Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) ? 'monitor' : 'cloud-gear' + 'monitor' end override :active_routes @@ -138,93 +133,6 @@ module Sidebars ) end - def serverless_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || - !can?(context.current_user, :read_cluster, context.project) - return ::Sidebars::NilMenuItem.new(item_id: :serverless) - end - - ::Sidebars::MenuItem.new( - title: _('Serverless'), - link: project_serverless_functions_path(context.project), - active_routes: { controller: :functions }, - item_id: :serverless - ) - end - - def terraform_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || - !can?(context.current_user, :read_terraform_state, context.project) - return ::Sidebars::NilMenuItem.new(item_id: :terraform) - end - - ::Sidebars::MenuItem.new( - title: _('Terraform'), - link: project_terraform_index_path(context.project), - active_routes: { controller: :terraform }, - item_id: :terraform - ) - end - - def kubernetes_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || - !can?(context.current_user, :read_cluster, context.project) - return ::Sidebars::NilMenuItem.new(item_id: :kubernetes) - end - - ::Sidebars::MenuItem.new( - title: _('Kubernetes'), - link: project_clusters_path(context.project), - active_routes: { controller: [:cluster_agents, :clusters] }, - container_html_options: { class: 'shortcuts-kubernetes' }, - hint_html_options: kubernetes_hint_html_options, - item_id: :kubernetes - ) - end - - def kubernetes_hint_html_options - return {} unless context.show_cluster_hint - - { disabled: true, - data: { trigger: 'manual', - container: 'body', - placement: 'right', - highlight: UserCalloutsHelper::GKE_CLUSTER_INTEGRATION, - highlight_priority: UserCallout.feature_names[:GKE_CLUSTER_INTEGRATION], - dismiss_endpoint: user_callouts_path, - auto_devops_help_path: help_page_path('topics/autodevops/index.md') } } - end - - def environments_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || - !can?(context.current_user, :read_environment, context.project) - return ::Sidebars::NilMenuItem.new(item_id: :environments) - end - - ::Sidebars::MenuItem.new( - title: _('Environments'), - link: project_environments_path(context.project), - active_routes: { controller: :environments }, - container_html_options: { class: 'shortcuts-environments' }, - item_id: :environments - ) - end - - def feature_flags_menu_item - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || - !can?(context.current_user, :read_feature_flag, context.project) - return ::Sidebars::NilMenuItem.new(item_id: :feature_flags) - end - - ::Sidebars::MenuItem.new( - title: _('Feature Flags'), - link: project_feature_flags_path(context.project), - active_routes: { controller: :feature_flags }, - container_html_options: { class: 'shortcuts-feature-flags' }, - item_id: :feature_flags - ) - end - def product_analytics_menu_item if Feature.disabled?(:product_analytics, context.project) || !can?(context.current_user, :read_product_analytics, context.project) diff --git a/lib/sidebars/projects/menus/project_information_menu.rb b/lib/sidebars/projects/menus/project_information_menu.rb index c148e7cf931..eba0389d502 100644 --- a/lib/sidebars/projects/menus/project_information_menu.rb +++ b/lib/sidebars/projects/menus/project_information_menu.rb @@ -6,9 +6,7 @@ module Sidebars class ProjectInformationMenu < ::Sidebars::Menu override :configure_menu_items def configure_menu_items - add_item(details_menu_item) add_item(activity_menu_item) - add_item(releases_menu_item) add_item(labels_menu_item) add_item(members_menu_item) @@ -22,11 +20,7 @@ module Sidebars override :extra_container_html_options def extra_container_html_options - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - { class: 'shortcuts-project-information' } - else - { class: 'shortcuts-project rspec-project-link' } - end + { class: 'shortcuts-project-information' } end override :extra_nav_link_html_options @@ -36,39 +30,16 @@ module Sidebars override :title def title - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - _('Project information') - else - _('Project overview') - end + _('Project information') end override :sprite_icon def sprite_icon - if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - 'project' - else - 'home' - end + 'project' end private - def details_menu_item - return if Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - - ::Sidebars::MenuItem.new( - title: _('Details'), - link: project_path(context.project), - active_routes: { path: 'projects#show' }, - item_id: :project_overview, - container_html_options: { - aria: { label: _('Project details') }, - class: 'shortcuts-project' - } - ) - end - def activity_menu_item ::Sidebars::MenuItem.new( title: _('Activity'), @@ -79,29 +50,7 @@ module Sidebars ) end - def releases_menu_item - return ::Sidebars::NilMenuItem.new(item_id: :releases) unless show_releases? - - ::Sidebars::MenuItem.new( - title: _('Releases'), - link: project_releases_path(context.project), - item_id: :releases, - active_routes: { controller: :releases }, - container_html_options: { class: 'shortcuts-project-releases' } - ) - end - - def show_releases? - Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) && - can?(context.current_user, :read_release, context.project) && - !context.project.empty_repo? - end - def labels_menu_item - if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - return ::Sidebars::NilMenuItem.new(item_id: :labels) - end - ::Sidebars::MenuItem.new( title: _('Labels'), link: project_labels_path(context.project), @@ -111,10 +60,6 @@ module Sidebars end def members_menu_item - if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - return ::Sidebars::NilMenuItem.new(item_id: :members) - end - ::Sidebars::MenuItem.new( title: _('Members'), link: project_project_members_path(context.project), diff --git a/lib/sidebars/projects/menus/scope_menu.rb b/lib/sidebars/projects/menus/scope_menu.rb index 1cd0218d4ac..539912aa77b 100644 --- a/lib/sidebars/projects/menus/scope_menu.rb +++ b/lib/sidebars/projects/menus/scope_menu.rb @@ -21,8 +21,6 @@ module Sidebars override :extra_container_html_options def extra_container_html_options - return {} if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - { class: 'shortcuts-project rspec-project-link' } @@ -30,8 +28,6 @@ module Sidebars override :extra_nav_link_html_options def extra_nav_link_html_options - return {} if Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) - { class: 'context-header' } end diff --git a/lib/sidebars/projects/menus/settings_menu.rb b/lib/sidebars/projects/menus/settings_menu.rb index c9d7e736b21..250143df649 100644 --- a/lib/sidebars/projects/menus/settings_menu.rb +++ b/lib/sidebars/projects/menus/settings_menu.rb @@ -112,9 +112,8 @@ module Sidebars return ::Sidebars::NilMenuItem.new(item_id: :monitor) end - title = Feature.enabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) ? _('Monitor') : _('Operations') ::Sidebars::MenuItem.new( - title: title, + title: _('Monitor'), link: project_settings_operations_path(context.project), active_routes: { path: 'operations#show' }, item_id: :monitor @@ -136,7 +135,6 @@ module Sidebars def packages_and_registries_menu_item if !Gitlab.config.registry.enabled || - Feature.disabled?(:sidebar_refactor, context.current_user, default_enabled: :yaml) || !can?(context.current_user, :destroy_container_image, context.project) return ::Sidebars::NilMenuItem.new(item_id: :packages_and_registries) end diff --git a/lib/sidebars/projects/panel.rb b/lib/sidebars/projects/panel.rb index ac7c043a96e..d5311c0a0c1 100644 --- a/lib/sidebars/projects/panel.rb +++ b/lib/sidebars/projects/panel.rb @@ -23,7 +23,6 @@ module Sidebars add_menu(Sidebars::Projects::Menus::RepositoryMenu.new(context)) add_menu(Sidebars::Projects::Menus::IssuesMenu.new(context)) add_menu(Sidebars::Projects::Menus::ExternalIssueTrackerMenu.new(context)) - add_menu(Sidebars::Projects::Menus::LabelsMenu.new(context)) add_menu(Sidebars::Projects::Menus::MergeRequestsMenu.new(context)) add_menu(Sidebars::Projects::Menus::CiCdMenu.new(context)) add_menu(Sidebars::Projects::Menus::SecurityComplianceMenu.new(context)) @@ -35,7 +34,6 @@ module Sidebars add_menu(confluence_or_wiki_menu) add_menu(Sidebars::Projects::Menus::ExternalWikiMenu.new(context)) add_menu(Sidebars::Projects::Menus::SnippetsMenu.new(context)) - add_menu(Sidebars::Projects::Menus::MembersMenu.new(context)) add_menu(Sidebars::Projects::Menus::SettingsMenu.new(context)) end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 74a12aee1b7..bd43054fda5 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -15376,9 +15376,6 @@ msgstr "" msgid "Group navigation" msgstr "" -msgid "Group overview" -msgstr "" - msgid "Group overview content" msgstr "" @@ -25262,9 +25259,6 @@ msgstr "" msgid "Project description (optional)" msgstr "" -msgid "Project details" -msgstr "" - msgid "Project does not exist or you don't have permission to perform this action" msgstr "" @@ -25313,9 +25307,6 @@ msgstr "" msgid "Project order will not be saved as local storage is not available." msgstr "" -msgid "Project overview" -msgstr "" - msgid "Project path" msgstr "" @@ -31071,9 +31062,6 @@ msgstr "" msgid "Subgroup navigation" msgstr "" -msgid "Subgroup overview" -msgstr "" - msgid "SubgroupCreationLevel|Allowed to create subgroups" msgstr "" diff --git a/spec/features/groups/navbar_spec.rb b/spec/features/groups/navbar_spec.rb index 70a19445c89..0a159056569 100644 --- a/spec/features/groups/navbar_spec.rb +++ b/spec/features/groups/navbar_spec.rb @@ -11,40 +11,6 @@ RSpec.describe 'Group navbar' do let_it_be(:user) { create(:user) } let_it_be(:group) { create(:group) } - let(:structure) do - [ - group_context_nav_item, - group_information_nav_item, - { - nav_item: _('Issues'), - nav_sub_items: issues_nav_items - }, - { - nav_item: _('Merge requests'), - nav_sub_items: [] - }, - (security_and_compliance_nav_item if Gitlab.ee?), - (push_rules_nav_item if Gitlab.ee?), - { - nav_item: _('Kubernetes'), - nav_sub_items: [] - }, - (analytics_nav_item if Gitlab.ee?), - members_nav_item - ].compact - end - - let(:members_nav_item) do - nil - end - - let(:group_context_nav_item) do - { - nav_item: "#{group.name[0, 1].upcase} #{group.name}", - nav_sub_items: [] - } - end - before do insert_package_nav(_('Kubernetes')) @@ -85,44 +51,4 @@ RSpec.describe 'Group navbar' do it_behaves_like 'verified navigation bar' end - - context 'when feature flag :sidebar_refactor is disabled' do - let(:group_context_nav_item) do - nil - end - - let(:group_information_nav_item) do - { - nav_item: _('Group overview'), - nav_sub_items: [ - _('Details'), - _('Activity') - ] - } - end - - let(:members_nav_item) do - { - nav_item: _('Members'), - nav_sub_items: [] - } - end - - let(:issues_nav_items) do - [ - _('List'), - _('Board'), - _('Labels'), - _('Milestones') - ] - end - - before do - stub_feature_flags(sidebar_refactor: false) - - visit group_path(group) - end - - it_behaves_like 'verified navigation bar' - end end diff --git a/spec/features/projects/active_tabs_spec.rb b/spec/features/projects/active_tabs_spec.rb index 39950adc83f..b93f61e3d1d 100644 --- a/spec/features/projects/active_tabs_spec.rb +++ b/spec/features/projects/active_tabs_spec.rb @@ -24,17 +24,6 @@ RSpec.describe 'Project active tab' do expect(page).to have_selector('.sidebar-top-level-items > li.active', count: 1) expect(find('.sidebar-top-level-items > li.active')).to have_content(project.name) end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - - visit project_path(project) - end - - it_behaves_like 'page has active tab', 'Project' - it_behaves_like 'page has active sub tab', 'Details' - end end context 'on Project information' do @@ -80,11 +69,7 @@ RSpec.describe 'Project active tab' do end context 'on project Issues' do - let(:feature_flag_value) { true } - before do - stub_feature_flags(sidebar_refactor: feature_flag_value) - visit project_issues_path(project) end @@ -98,21 +83,6 @@ RSpec.describe 'Project active tab' do it_behaves_like 'page has active tab', 'Issues' it_behaves_like 'page has active sub tab', 'Milestones' end - - context 'when feature flag is disabled' do - let(:feature_flag_value) { false } - - %w(Milestones Labels).each do |sub_menu| - context "on project Issues/#{sub_menu}" do - before do - click_tab(sub_menu) - end - - it_behaves_like 'page has active tab', 'Issues' - it_behaves_like 'page has active sub tab', sub_menu - end - end - end end context 'on project Merge Requests' do diff --git a/spec/features/projects/features_visibility_spec.rb b/spec/features/projects/features_visibility_spec.rb index 2e5a5cef0fd..a7e773dda2d 100644 --- a/spec/features/projects/features_visibility_spec.rb +++ b/spec/features/projects/features_visibility_spec.rb @@ -68,17 +68,6 @@ RSpec.describe 'Edit Project Settings' do expect(page).not_to have_selector('.shortcuts-issues') expect(page).not_to have_selector('.shortcuts-labels') end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'hides issues tab and show labels tab' do - stub_feature_flags(sidebar_refactor: false) - - visit project_path(project) - - expect(page).not_to have_selector('.shortcuts-issues') - expect(page).to have_selector('.shortcuts-labels') - end - end end context "pipelines subtabs" do diff --git a/spec/features/projects/navbar_spec.rb b/spec/features/projects/navbar_spec.rb index bce11e6bc8a..876bc82d16c 100644 --- a/spec/features/projects/navbar_spec.rb +++ b/spec/features/projects/navbar_spec.rb @@ -14,134 +14,54 @@ RSpec.describe 'Project navbar' do before do sign_in(user) - end - context 'when sidebar refactor feature flag is disabled' do - let(:project_context_nav_item) do - nil - end + stub_config(registry: { enabled: false }) + insert_package_nav(_('Infrastructure')) + insert_infrastructure_registry_nav + end + it_behaves_like 'verified navigation bar' do before do - stub_feature_flags(sidebar_refactor: false) - insert_package_nav(_('Operations')) - insert_infrastructure_registry_nav - - insert_after_sub_nav_item( - _('Boards'), - within: _('Issues'), - new_sub_nav_item_name: _('Labels') - ) - - insert_after_nav_item( - _('Snippets'), - new_nav_item: { - nav_item: _('Members'), - nav_sub_items: [] - } - ) - - stub_config(registry: { enabled: false }) + visit project_path(project) end + end - it_behaves_like 'verified navigation bar' do - before do - visit project_path(project) - end + context 'when value stream is available' do + before do + visit project_path(project) end - context 'when value stream is available' do - before do - visit project_path(project) + it 'redirects to value stream when Analytics item is clicked' do + page.within('.sidebar-top-level-items') do + find('.shortcuts-analytics').click end - it 'redirects to value stream when Analytics item is clicked' do - page.within('.sidebar-top-level-items') do - find('.shortcuts-analytics').click - end - - wait_for_requests + wait_for_requests - expect(page).to have_current_path(project_cycle_analytics_path(project)) - end - end - - context 'when pages are available' do - before do - stub_config(pages: { enabled: true }) - - insert_after_sub_nav_item( - _('Operations'), - within: _('Settings'), - new_sub_nav_item_name: _('Pages') - ) - - visit project_path(project) - end - - it_behaves_like 'verified navigation bar' - end - - context 'when container registry is available' do - before do - stub_config(registry: { enabled: true }) - - insert_container_nav - - visit project_path(project) - end - - it_behaves_like 'verified navigation bar' + expect(page).to have_current_path(project_cycle_analytics_path(project)) end end - context 'when sidebar refactor feature flag is enabled' do - let(:monitor_nav_item) do - { - nav_item: _('Monitor'), - nav_sub_items: monitor_menu_items - } - end + context 'when pages are available' do + before do + stub_config(pages: { enabled: true }) - let(:monitor_menu_items) do - [ - _('Metrics'), - _('Logs'), - _('Tracing'), - _('Error Tracking'), - _('Alerts'), - _('Incidents'), - _('Product Analytics') - ] - end + insert_after_sub_nav_item( + _('Monitor'), + within: _('Settings'), + new_sub_nav_item_name: _('Pages') + ) - let(:project_information_nav_item) do - { - nav_item: _('Project information'), - nav_sub_items: [ - _('Activity'), - _('Labels'), - _('Members') - ] - } + visit project_path(project) end - let(:settings_menu_items) do - [ - _('General'), - _('Integrations'), - _('Webhooks'), - _('Access Tokens'), - _('Repository'), - _('CI/CD'), - _('Monitor') - ] - end + it_behaves_like 'verified navigation bar' + end + context 'when container registry is available' do before do - stub_feature_flags(sidebar_refactor: true) stub_config(registry: { enabled: true }) - insert_package_nav(_('Monitor')) - insert_infrastructure_registry_nav + insert_container_nav insert_after_sub_nav_item( @@ -150,30 +70,6 @@ RSpec.describe 'Project navbar' do new_sub_nav_item_name: _('Packages & Registries') ) - insert_after_nav_item( - _('Monitor'), - new_nav_item: { - nav_item: _('Infrastructure'), - nav_sub_items: [ - _('Kubernetes clusters'), - _('Serverless platform'), - _('Terraform') - ] - } - ) - - insert_after_nav_item( - _('Security & Compliance'), - new_nav_item: { - nav_item: _('Deployments'), - nav_sub_items: [ - _('Feature Flags'), - _('Environments'), - _('Releases') - ] - } - ) - visit project_path(project) end diff --git a/spec/features/projects/settings/monitor_settings_spec.rb b/spec/features/projects/settings/monitor_settings_spec.rb index 971a747e64f..b43b7b742f4 100644 --- a/spec/features/projects/settings/monitor_settings_spec.rb +++ b/spec/features/projects/settings/monitor_settings_spec.rb @@ -18,17 +18,6 @@ RSpec.describe 'Projects > Settings > For a forked project', :js do expect(page).to have_selector('.sidebar-sub-level-items a[aria-label="Monitor"]', text: 'Monitor', visible: false) end - - context 'when feature flag sidebar_refactor is disabled' do - it 'renders the menu "Operations" in the sidebar' do - stub_feature_flags(sidebar_refactor: false) - - visit project_path(project) - wait_for_requests - - expect(page).to have_selector('.sidebar-sub-level-items a[aria-label="Operations"]', text: 'Operations', visible: false) - end - end end describe 'Settings > Monitor' do diff --git a/spec/features/projects/settings/registry_settings_spec.rb b/spec/features/projects/settings/registry_settings_spec.rb index 1cc54b71d4a..3f9f2dae453 100644 --- a/spec/features/projects/settings/registry_settings_spec.rb +++ b/spec/features/projects/settings/registry_settings_spec.rb @@ -11,125 +11,105 @@ RSpec.describe 'Project > Settings > CI/CD > Container registry tag expiration p let(:container_registry_enabled) { true } let(:container_registry_enabled_on_project) { true } - shared_examples 'an expiration policy form' do - before do - project.update!(container_registry_enabled: container_registry_enabled_on_project) - project.container_expiration_policy.update!(enabled: true) + subject { visit project_settings_packages_and_registries_path(project) } - sign_in(user) - stub_container_registry_config(enabled: container_registry_enabled) - end - - context 'as owner' do - it 'shows available section' do - subject - - settings_block = find('[data-testid="registry-settings-app"]') - expect(settings_block).to have_text 'Clean up image tags' - end + before do + project.update!(container_registry_enabled: container_registry_enabled_on_project) + project.container_expiration_policy.update!(enabled: true) - it 'saves cleanup policy submit the form' do - subject - - within '[data-testid="registry-settings-app"]' do - select('Every day', from: 'Run cleanup') - select('50 tags per image name', from: 'Keep the most recent:') - fill_in('Keep tags matching:', with: 'stable') - select('7 days', from: 'Remove tags older than:') - fill_in('Remove tags matching:', with: '.*-production') - - submit_button = find('[data-testid="save-button"') - expect(submit_button).not_to be_disabled - submit_button.click - end + sign_in(user) + stub_container_registry_config(enabled: container_registry_enabled) + end - expect(find('.gl-toast')).to have_content('Cleanup policy successfully saved.') - end + context 'as owner' do + it 'shows available section' do + subject - it 'does not save cleanup policy submit form with invalid regex' do - subject + settings_block = find('[data-testid="registry-settings-app"]') + expect(settings_block).to have_text 'Clean up image tags' + end - within '[data-testid="registry-settings-app"]' do - fill_in('Remove tags matching:', with: '*-production') + it 'saves cleanup policy submit the form' do + subject - submit_button = find('[data-testid="save-button"') - expect(submit_button).not_to be_disabled - submit_button.click - end + within '[data-testid="registry-settings-app"]' do + select('Every day', from: 'Run cleanup') + select('50 tags per image name', from: 'Keep the most recent:') + fill_in('Keep tags matching:', with: 'stable') + select('7 days', from: 'Remove tags older than:') + fill_in('Remove tags matching:', with: '.*-production') - expect(find('.gl-toast')).to have_content('Something went wrong while updating the cleanup policy.') + submit_button = find('[data-testid="save-button"') + expect(submit_button).not_to be_disabled + submit_button.click end + + expect(find('.gl-toast')).to have_content('Cleanup policy successfully saved.') end - context 'with a project without expiration policy' do - where(:application_setting, :feature_flag, :result) do - true | true | :available_section - true | false | :available_section - false | true | :available_section - false | false | :disabled_message - end + it 'does not save cleanup policy submit form with invalid regex' do + subject - with_them do - before do - project.container_expiration_policy.destroy! - stub_feature_flags(container_expiration_policies_historic_entry: false) - stub_application_setting(container_expiration_policies_enable_historic_entries: application_setting) - stub_feature_flags(container_expiration_policies_historic_entry: project) if feature_flag - end + within '[data-testid="registry-settings-app"]' do + fill_in('Remove tags matching:', with: '*-production') - it 'displays the expected result' do - subject - - within '[data-testid="registry-settings-app"]' do - case result - when :available_section - expect(find('[data-testid="enable-toggle"]')).to have_content('Disabled - Tags will not be automatically deleted.') - when :disabled_message - expect(find('.gl-alert-title')).to have_content('Cleanup policy for tags is disabled') - end - end - end + submit_button = find('[data-testid="save-button"') + expect(submit_button).not_to be_disabled + submit_button.click end - end - - context 'when registry is disabled' do - let(:container_registry_enabled) { false } - it 'does not exists' do - subject + expect(find('.gl-toast')).to have_content('Something went wrong while updating the cleanup policy.') + end + end - expect(page).not_to have_selector('[data-testid="registry-settings-app"]') - end + context 'with a project without expiration policy' do + where(:application_setting, :feature_flag, :result) do + true | true | :available_section + true | false | :available_section + false | true | :available_section + false | false | :disabled_message end - context 'when container registry is disabled on project' do - let(:container_registry_enabled_on_project) { false } + with_them do + before do + project.container_expiration_policy.destroy! + stub_feature_flags(container_expiration_policies_historic_entry: false) + stub_application_setting(container_expiration_policies_enable_historic_entries: application_setting) + stub_feature_flags(container_expiration_policies_historic_entry: project) if feature_flag + end - it 'does not exists' do + it 'displays the expected result' do subject - expect(page).not_to have_selector('[data-testid="registry-settings-app"]') + within '[data-testid="registry-settings-app"]' do + case result + when :available_section + expect(find('[data-testid="enable-toggle"]')).to have_content('Disabled - Tags will not be automatically deleted.') + when :disabled_message + expect(find('.gl-alert-title')).to have_content('Cleanup policy for tags is disabled') + end + end end end end - context 'with sidebar feature flag off' do - subject { visit project_settings_ci_cd_path(project) } + context 'when registry is disabled' do + let(:container_registry_enabled) { false } - before do - stub_feature_flags(sidebar_refactor: false) - end + it 'does not exists' do + subject - it_behaves_like 'an expiration policy form' + expect(page).not_to have_selector('[data-testid="registry-settings-app"]') + end end - context 'with sidebar feature flag on' do - subject { visit project_settings_packages_and_registries_path(project) } + context 'when container registry is disabled on project' do + let(:container_registry_enabled_on_project) { false } - before do - stub_feature_flags(sidebar_refactor: true) - end + it 'does not exists' do + subject - it_behaves_like 'an expiration policy form' + expect(page).not_to have_selector('[data-testid="registry-settings-app"]') + end end end diff --git a/spec/features/projects/user_uses_shortcuts_spec.rb b/spec/features/projects/user_uses_shortcuts_spec.rb index 2f7844ff615..7bb15451538 100644 --- a/spec/features/projects/user_uses_shortcuts_spec.rb +++ b/spec/features/projects/user_uses_shortcuts_spec.rb @@ -77,20 +77,6 @@ RSpec.describe 'User uses shortcuts', :js do expect(page).to have_active_navigation(project.name) end - context 'when feature flag :sidebar_refactor is disabled' do - it 'redirects to the details page' do - stub_feature_flags(sidebar_refactor: false) - - visit project_issues_path(project) - - find('body').native.send_key('g') - find('body').native.send_key('p') - - expect(page).to have_active_navigation('Project') - expect(page).to have_active_sub_navigation('Details') - end - end - it 'redirects to the activity page' do find('body').native.send_key('g') find('body').native.send_key('v') @@ -196,36 +182,6 @@ RSpec.describe 'User uses shortcuts', :js do expect(page).to have_active_navigation('Monitor') expect(page).to have_active_sub_navigation('Metrics') end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'redirects to the Operations page' do - find('body').native.send_key('g') - find('body').native.send_key('l') - - expect(page).to have_active_navigation('Operations') - expect(page).to have_active_sub_navigation('Metrics') - end - - it 'redirects to the Kubernetes page with active Operations' do - find('body').native.send_key('g') - find('body').native.send_key('k') - - expect(page).to have_active_navigation('Operations') - expect(page).to have_active_sub_navigation('Kubernetes') - end - - it 'redirects to the Environments page' do - find('body').native.send_key('g') - find('body').native.send_key('e') - - expect(page).to have_active_navigation('Operations') - expect(page).to have_active_sub_navigation('Environments') - end - end end context 'when navigating to the Infrastructure pages' do diff --git a/spec/lib/gitlab/database/load_balancing/sidekiq_server_middleware_spec.rb b/spec/lib/gitlab/database/load_balancing/sidekiq_server_middleware_spec.rb index e7d8bb401d4..a1e503147ed 100644 --- a/spec/lib/gitlab/database/load_balancing/sidekiq_server_middleware_spec.rb +++ b/spec/lib/gitlab/database/load_balancing/sidekiq_server_middleware_spec.rb @@ -156,20 +156,6 @@ RSpec.describe Gitlab::Database::LoadBalancing::SidekiqServerMiddleware do expect(job['load_balancing_strategy']).to eq('retry_primary') end end - - context 'replica selection mechanism feature flag rollout' do - before do - stub_feature_flags(sidekiq_load_balancing_rotate_up_to_date_replica: false) - end - - it 'uses different implementation' do - expect(::Gitlab::Database::LoadBalancing).to receive_message_chain(:proxy, :load_balancer, :host, :caught_up?).and_return(false) - - expect do - process_job(job) - end.to raise_error(Sidekiq::JobRetry::Skip) - end - end end end diff --git a/spec/lib/gitlab/github_import/markdown_text_spec.rb b/spec/lib/gitlab/github_import/markdown_text_spec.rb index 22bf10f36d8..2d159580b5f 100644 --- a/spec/lib/gitlab/github_import/markdown_text_spec.rb +++ b/spec/lib/gitlab/github_import/markdown_text_spec.rb @@ -27,6 +27,13 @@ RSpec.describe Gitlab::GithubImport::MarkdownText do expect(text.to_s).to eq('Hello') end + it 'returns empty text when it receives nil' do + author = double(:author, login: nil) + text = described_class.new(nil, author, true) + + expect(text.to_s).to eq('') + end + it 'returns the text with an extra header when the author was not found' do author = double(:author, login: 'Alice') text = described_class.new('Hello', author) diff --git a/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb b/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb index 4a60dfde674..3149c316c63 100644 --- a/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb @@ -39,33 +39,22 @@ RSpec.describe Sidebars::Projects::Menus::DeploymentsMenu do end end - shared_examples 'feature flag :sidebar_refactor disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to be_nil } - end - describe 'Feature Flags' do let(:item_id) { :feature_flags } it_behaves_like 'access rights checks' - it_behaves_like 'feature flag :sidebar_refactor disabled' end describe 'Environments' do let(:item_id) { :environments } it_behaves_like 'access rights checks' - it_behaves_like 'feature flag :sidebar_refactor disabled' end describe 'Releases' do let(:item_id) { :releases } it_behaves_like 'access rights checks' - it_behaves_like 'feature flag :sidebar_refactor disabled' end end end diff --git a/spec/lib/sidebars/projects/menus/issues_menu_spec.rb b/spec/lib/sidebars/projects/menus/issues_menu_spec.rb index ac62cd7594a..e5d486bbe8f 100644 --- a/spec/lib/sidebars/projects/menus/issues_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/issues_menu_spec.rb @@ -65,22 +65,4 @@ RSpec.describe Sidebars::Projects::Menus::IssuesMenu do end end end - - describe 'Menu Items' do - subject { described_class.new(context).renderable_items.index { |e| e.item_id == item_id } } - - describe 'Labels' do - let(:item_id) { :labels } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.not_to be_nil } - end - end - end end diff --git a/spec/lib/sidebars/projects/menus/labels_menu_spec.rb b/spec/lib/sidebars/projects/menus/labels_menu_spec.rb deleted file mode 100644 index e1420f9e61b..00000000000 --- a/spec/lib/sidebars/projects/menus/labels_menu_spec.rb +++ /dev/null @@ -1,61 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Sidebars::Projects::Menus::LabelsMenu do - let(:project) { build(:project) } - let(:user) { project.owner } - let(:context) { Sidebars::Projects::Context.new(current_user: user, container: project) } - - subject { described_class.new(context) } - - it 'does not contain any sub menu' do - expect(subject.has_items?).to eq false - end - - describe '#render?' do - let(:issues_enabled) { true } - - before do - allow(project).to receive(:issues_enabled?).and_return(issues_enabled) - end - - context 'when feature flag :sidebar_refactor is enabled' do - let(:issues_enabled) { false } - - it 'returns false' do - expect(subject.render?).to be_falsey - end - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - context 'when user can read labels' do - context 'when issues feature is enabled' do - it 'returns false' do - expect(subject.render?).to be_falsey - end - end - - context 'when issues feature is disabled' do - let(:issues_enabled) { false } - - it 'returns true' do - expect(subject.render?).to be_truthy - end - end - end - - context 'when user cannot read labels' do - let(:user) { nil } - - it 'returns false' do - expect(subject.render?).to be_falsey - end - end - end - end -end diff --git a/spec/lib/sidebars/projects/menus/members_menu_spec.rb b/spec/lib/sidebars/projects/menus/members_menu_spec.rb deleted file mode 100644 index dcc085c2957..00000000000 --- a/spec/lib/sidebars/projects/menus/members_menu_spec.rb +++ /dev/null @@ -1,35 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Sidebars::Projects::Menus::MembersMenu do - let(:project) { build(:project) } - let(:user) { project.owner } - let(:context) { Sidebars::Projects::Context.new(current_user: user, container: project) } - - subject { described_class.new(context) } - - describe '#render?' do - it 'returns false' do - expect(subject.render?).to eq false - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'returns true' do - expect(subject.render?).to eq true - end - - context 'when user cannot access members' do - let(:user) { nil } - - it 'returns false' do - expect(subject.render?).to eq false - end - end - end - end -end diff --git a/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb b/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb index 93618fa3321..2bc8cfc9a03 100644 --- a/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb @@ -41,28 +41,12 @@ RSpec.describe Sidebars::Projects::Menus::MonitorMenu do it 'returns "Monitor"' do expect(subject.title).to eq 'Monitor' end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'returns "Operations"' do - stub_feature_flags(sidebar_refactor: false) - - expect(subject.title).to eq 'Operations' - end - end end describe '#extra_container_html_options' do it 'returns "shortcuts-monitor"' do expect(subject.extra_container_html_options).to eq(class: 'shortcuts-monitor') end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'returns "shortcuts-operations"' do - stub_feature_flags(sidebar_refactor: false) - - expect(subject.extra_container_html_options).to eq(class: 'shortcuts-operations') - end - end end describe '#link' do @@ -130,76 +114,6 @@ RSpec.describe Sidebars::Projects::Menus::MonitorMenu do it_behaves_like 'access rights checks' end - describe 'Serverless' do - let(:item_id) { :serverless } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it_behaves_like 'access rights checks' - end - end - - describe 'Terraform' do - let(:item_id) { :terraform } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it_behaves_like 'access rights checks' - end - end - - describe 'Kubernetes' do - let(:item_id) { :kubernetes } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it_behaves_like 'access rights checks' - end - end - - describe 'Environments' do - let(:item_id) { :environments } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it_behaves_like 'access rights checks' - end - end - - describe 'Feature Flags' do - let(:item_id) { :feature_flags } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it_behaves_like 'access rights checks' - end - end - describe 'Product Analytics' do let(:item_id) { :product_analytics } diff --git a/spec/lib/sidebars/projects/menus/project_information_menu_spec.rb b/spec/lib/sidebars/projects/menus/project_information_menu_spec.rb index 748796bc7ee..3ef664d383d 100644 --- a/spec/lib/sidebars/projects/menus/project_information_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/project_information_menu_spec.rb @@ -12,77 +12,21 @@ RSpec.describe Sidebars::Projects::Menus::ProjectInformationMenu do subject { described_class.new(context).container_html_options } specify { is_expected.to match(hash_including(class: 'shortcuts-project-information has-sub-items')) } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to match(hash_including(class: 'shortcuts-project rspec-project-link has-sub-items')) } - end end describe 'Menu Items' do subject { described_class.new(context).renderable_items.index { |e| e.item_id == item_id } } - describe 'Releases' do - let(:item_id) { :releases } - - specify { is_expected.to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - context 'when project repository is empty' do - it 'does not include releases menu item' do - allow(project).to receive(:empty_repo?).and_return(true) - - is_expected.to be_nil - end - end - - context 'when project repository is not empty' do - context 'when user can download code' do - specify { is_expected.not_to be_nil } - end - - context 'when user cannot download code' do - let(:user) { nil } - - specify { is_expected.to be_nil } - end - end - end - end - describe 'Labels' do let(:item_id) { :labels } specify { is_expected.not_to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to be_nil } - end end describe 'Members' do let(:item_id) { :members } specify { is_expected.not_to be_nil } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to be_nil } - end end end end diff --git a/spec/lib/sidebars/projects/menus/scope_menu_spec.rb b/spec/lib/sidebars/projects/menus/scope_menu_spec.rb index f84d458a2e1..5040ef9b0ff 100644 --- a/spec/lib/sidebars/projects/menus/scope_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/scope_menu_spec.rb @@ -11,13 +11,5 @@ RSpec.describe Sidebars::Projects::Menus::ScopeMenu do subject { described_class.new(context).container_html_options } specify { is_expected.to match(hash_including(class: 'shortcuts-project rspec-project-link')) } - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to eq(aria: { label: project.name }) } - end end end diff --git a/spec/lib/sidebars/projects/menus/settings_menu_spec.rb b/spec/lib/sidebars/projects/menus/settings_menu_spec.rb index 6817f0e6ed6..9b79614db20 100644 --- a/spec/lib/sidebars/projects/menus/settings_menu_spec.rb +++ b/spec/lib/sidebars/projects/menus/settings_menu_spec.rb @@ -99,14 +99,6 @@ RSpec.describe Sidebars::Projects::Menus::SettingsMenu do specify { expect(subject.title).to eq 'Monitor' } - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { expect(subject.title).to eq 'Operations' } - end - describe 'when the user does not have access' do let(:user) { nil } @@ -159,14 +151,6 @@ RSpec.describe Sidebars::Projects::Menus::SettingsMenu do specify { is_expected.not_to be_nil } - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - specify { is_expected.to be_nil } - end - describe 'when the user does not have access' do let(:user) { nil } diff --git a/spec/services/projects/group_links/update_service_spec.rb b/spec/services/projects/group_links/update_service_spec.rb index 053c5eb611e..467aef3bc7e 100644 --- a/spec/services/projects/group_links/update_service_spec.rb +++ b/spec/services/projects/group_links/update_service_spec.rb @@ -32,25 +32,87 @@ RSpec.describe Projects::GroupLinks::UpdateService, '#execute' do expect(link.expires_at).to eq(expiry_date) end - it 'updates project permissions' do - expect { subject }.to change { user.can?(:create_release, project) }.from(true).to(false) - end + context 'project authorizations update' do + context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do + before do + stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true) + end + + it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do + expect(AuthorizedProjectUpdate::ProjectRecalculateWorker) + .to receive(:perform_async).with(link.project.id) + + subject + end + + it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do + expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to( + receive(:bulk_perform_in) + .with(1.hour, + [[user.id]], + batch_delay: 30.seconds, batch_size: 100) + ) + + subject + end - it 'executes UserProjectAccessChangedService' do - expect_next_instance_of(UserProjectAccessChangedService) do |service| - expect(service).to receive(:execute) + it 'updates project authorizations of users who had access to the project via the group share', :sidekiq_inline do + group.add_maintainer(user) + + expect { subject }.to( + change { Ability.allowed?(user, :create_release, project) } + .from(true).to(false)) + end end - subject + context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do + before do + stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false) + end + + it 'calls UserProjectAccessChangedService to update project authorizations' do + expect_next_instance_of(UserProjectAccessChangedService, [user.id]) do |service| + expect(service).to receive(:execute) + end + + subject + end + + it 'updates project authorizations of users who had access to the project via the group share' do + group.add_maintainer(user) + + expect { subject }.to( + change { Ability.allowed?(user, :create_release, project) } + .from(true).to(false)) + end + end end context 'with only param not requiring authorization refresh' do let(:group_link_params) { { expires_at: Date.tomorrow } } - it 'does not execute UserProjectAccessChangedService' do - expect(UserProjectAccessChangedService).not_to receive(:new) + context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is enabled' do + before do + stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: true) + end + + it 'does not perform any project authorizations update using `AuthorizedProjectUpdate::ProjectRecalculateWorker`' do + expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).not_to receive(:perform_async) + + subject + end + end + + context 'when the feature flag `specialized_worker_for_project_share_update_auth_recalculation` is disabled' do + before do + stub_feature_flags(specialized_worker_for_project_share_update_auth_recalculation: false) + end + + it 'does not perform any project authorizations update using `UserProjectAccessChangedService`' do + expect(UserProjectAccessChangedService).not_to receive(:new) - subject + subject + end end end end diff --git a/spec/services/projects/transfer_service_spec.rb b/spec/services/projects/transfer_service_spec.rb index 2856d2ee2da..8d4a70dbe89 100644 --- a/spec/services/projects/transfer_service_spec.rb +++ b/spec/services/projects/transfer_service_spec.rb @@ -434,28 +434,74 @@ RSpec.describe Projects::TransferService do end describe 'refreshing project authorizations' do + let(:old_group) { create(:group) } + let!(:project) { create(:project, namespace: old_group) } + let(:member_of_old_group) { create(:user) } let(:group) { create(:group) } - let(:owner) { project.namespace.owner } - let(:group_member) { create(:user) } + let(:member_of_new_group) { create(:user) } before do - group.add_user(owner, GroupMember::MAINTAINER) - group.add_user(group_member, GroupMember::DEVELOPER) + old_group.add_developer(member_of_old_group) + group.add_maintainer(member_of_new_group) + + # Add the executing user as owner in both groups, so that + # transfer can be executed. + old_group.add_owner(user) + group.add_owner(user) end - it 'refreshes the permissions of the old and new namespace' do - execute_transfer + context 'when the feature flag `specialized_worker_for_project_transfer_auth_recalculation` is enabled' do + before do + stub_feature_flags(specialized_worker_for_project_transfer_auth_recalculation: true) + end + + it 'calls AuthorizedProjectUpdate::ProjectRecalculateWorker to update project authorizations' do + expect(AuthorizedProjectUpdate::ProjectRecalculateWorker) + .to receive(:perform_async).with(project.id) - expect(group_member.authorized_projects).to include(project) - expect(owner.authorized_projects).to include(project) + execute_transfer + end + + it 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' do + user_ids = [user.id, member_of_old_group.id, member_of_new_group.id].map { |id| [id] } + + expect(AuthorizedProjectUpdate::UserRefreshFromReplicaWorker).to( + receive(:bulk_perform_in) + .with(1.hour, + user_ids, + batch_delay: 30.seconds, batch_size: 100) + ) + + subject + end + + it 'refreshes the permissions of the members of the old and new namespace', :sidekiq_inline do + expect { execute_transfer } + .to change { member_of_old_group.authorized_projects.include?(project) }.from(true).to(false) + .and change { member_of_new_group.authorized_projects.include?(project) }.from(false).to(true) + end end - it 'only schedules a single job for every user' do - expect_next_instance_of(UserProjectAccessChangedService, [owner.id, group_member.id]) do |service| - expect(service).to receive(:execute).once.and_call_original + context 'when the feature flag `specialized_worker_for_project_transfer_auth_recalculation` is disabled' do + before do + stub_feature_flags(specialized_worker_for_project_transfer_auth_recalculation: false) end - execute_transfer + it 'calls UserProjectAccessChangedService to update project authorizations' do + user_ids = [user.id, member_of_old_group.id, member_of_new_group.id] + + expect_next_instance_of(UserProjectAccessChangedService, user_ids) do |service| + expect(service).to receive(:execute) + end + + execute_transfer + end + + it 'refreshes the permissions of the members of the old and new namespace' do + expect { execute_transfer } + .to change { member_of_old_group.authorized_projects.include?(project) }.from(true).to(false) + .and change { member_of_new_group.authorized_projects.include?(project) }.from(false).to(true) + end end end diff --git a/spec/support/shared_contexts/navbar_structure_context.rb b/spec/support/shared_contexts/navbar_structure_context.rb index c00b7203af6..c648c8e41ec 100644 --- a/spec/support/shared_contexts/navbar_structure_context.rb +++ b/spec/support/shared_contexts/navbar_structure_context.rb @@ -1,19 +1,6 @@ # frozen_string_literal: true RSpec.shared_context 'project navbar structure' do - let(:analytics_nav_item) do - { - nav_item: _('Analytics'), - nav_sub_items: [ - _('CI/CD'), - (_('Code Review') if Gitlab.ee?), - (_('Merge Request') if Gitlab.ee?), - _('Repository'), - _('Value Stream') - ] - } - end - let(:security_and_compliance_nav_item) do { nav_item: _('Security & Compliance'), @@ -24,64 +11,20 @@ RSpec.shared_context 'project navbar structure' do } end - let(:monitor_nav_item) do - { - nav_item: _('Operations'), - nav_sub_items: monitor_menu_items - } - end - - let(:monitor_menu_items) do - [ - _('Metrics'), - _('Logs'), - _('Tracing'), - _('Error Tracking'), - _('Alerts'), - _('Incidents'), - _('Serverless'), - _('Terraform'), - _('Kubernetes'), - _('Environments'), - _('Feature Flags'), - _('Product Analytics') - ] - end - - let(:project_information_nav_item) do - { - nav_item: _('Project overview'), - nav_sub_items: [ - _('Details'), - _('Activity'), - _('Releases') - ] - } - end - - let(:settings_menu_items) do - [ - _('General'), - _('Integrations'), - _('Webhooks'), - _('Access Tokens'), - _('Repository'), - _('CI/CD'), - _('Operations') - ] - end - - let(:project_context_nav_item) do - { - nav_item: "#{project.name[0, 1].upcase} #{project.name}", - nav_sub_items: [] - } - end - let(:structure) do [ - project_context_nav_item, - project_information_nav_item, + { + nav_item: "#{project.name[0, 1].upcase} #{project.name}", + nav_sub_items: [] + }, + { + nav_item: _('Project information'), + nav_sub_items: [ + _('Activity'), + _('Labels'), + _('Members') + ] + }, { nav_item: _('Repository'), nav_sub_items: [ @@ -120,8 +63,44 @@ RSpec.shared_context 'project navbar structure' do ] }, security_and_compliance_nav_item, - monitor_nav_item, - analytics_nav_item, + { + nav_item: _('Deployments'), + nav_sub_items: [ + _('Feature Flags'), + _('Environments'), + _('Releases') + ] + }, + { + nav_item: _('Monitor'), + nav_sub_items: [ + _('Metrics'), + _('Logs'), + _('Tracing'), + _('Error Tracking'), + _('Alerts'), + _('Incidents'), + _('Product Analytics') + ] + }, + { + nav_item: _('Infrastructure'), + nav_sub_items: [ + _('Kubernetes clusters'), + _('Serverless platform'), + _('Terraform') + ] + }, + { + nav_item: _('Analytics'), + nav_sub_items: [ + _('CI/CD'), + (_('Code Review') if Gitlab.ee?), + (_('Merge Request') if Gitlab.ee?), + _('Repository'), + _('Value Stream') + ] + }, { nav_item: _('Wiki'), nav_sub_items: [] @@ -132,7 +111,15 @@ RSpec.shared_context 'project navbar structure' do }, { nav_item: _('Settings'), - nav_sub_items: settings_menu_items + nav_sub_items: [ + _('General'), + _('Integrations'), + _('Webhooks'), + _('Access Tokens'), + _('Repository'), + _('CI/CD'), + _('Monitor') + ] } ].compact end @@ -189,17 +176,6 @@ RSpec.shared_context 'group navbar structure' do } end - let(:group_information_nav_item) do - { - nav_item: _('Group information'), - nav_sub_items: [ - _('Activity'), - _('Labels'), - _('Members') - ] - } - end - let(:issues_nav_items) do [ _('List'), @@ -208,17 +184,20 @@ RSpec.shared_context 'group navbar structure' do ] end - let(:group_context_nav_item) do - { - nav_item: "#{group.name[0, 1].upcase} #{group.name}", - nav_sub_items: [] - } - end - let(:structure) do [ - group_context_nav_item, - group_information_nav_item, + { + nav_item: "#{group.name[0, 1].upcase} #{group.name}", + nav_sub_items: [] + }, + { + nav_item: _('Group information'), + nav_sub_items: [ + _('Activity'), + _('Labels'), + _('Members') + ] + }, { nav_item: _('Issues'), nav_sub_items: issues_nav_items @@ -227,7 +206,7 @@ RSpec.shared_context 'group navbar structure' do nav_item: _('Merge requests'), nav_sub_items: [] }, - security_and_compliance_nav_item, + (security_and_compliance_nav_item if Gitlab.ee?), (push_rules_nav_item if Gitlab.ee?), { nav_item: _('Kubernetes'), diff --git a/spec/views/layouts/nav/sidebar/_group.html.haml_spec.rb b/spec/views/layouts/nav/sidebar/_group.html.haml_spec.rb index 50390964e1b..7df076d35c4 100644 --- a/spec/views/layouts/nav/sidebar/_group.html.haml_spec.rb +++ b/spec/views/layouts/nav/sidebar/_group.html.haml_spec.rb @@ -27,62 +27,11 @@ RSpec.describe 'layouts/nav/sidebar/_group' do expect(rendered).to have_link('Group information', href: activity_group_path(group)) end - it 'does not have a link to the details menu item' do - render - - expect(rendered).not_to have_link('Details', href: details_group_path(group)) - end - it 'has a link to the members page' do render expect(rendered).to have_selector('.sidebar-top-level-items > li.home a[title="Members"]') expect(rendered).to have_link('Members', href: group_group_members_path(group)) end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'has a link to the group path with the "Group overview" title' do - render - - expect(rendered).to have_link('Group overview', href: group_path(group)) - end - - it 'has a link to the details menu item' do - render - - expect(rendered).to have_link('Details', href: details_group_path(group)) - end - - it 'does not have a link to the members page' do - render - - expect(rendered).not_to have_selector('.sidebar-top-level-items > li.home a[title="Members"]') - end - end - end - - describe 'Members' do - it 'does not have a Members menu' do - render - - expect(rendered).not_to have_selector('.nav-item-name', text: 'Members') - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'has a Member menu' do - render - - expect(rendered).to have_selector('.nav-item-name', text: 'Members') - expect(rendered).to have_link('Members', href: group_group_members_path(group)) - end - end end end diff --git a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb index 172fe249eb6..7fb5af98946 100644 --- a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb +++ b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb @@ -36,38 +36,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).to have_selector('[aria-label="Project information"]') end - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'has a link to the project path' do - render - - expect(rendered).to have_link('Project overview', href: project_path(project), class: %w(shortcuts-project)) - expect(rendered).to have_selector('[aria-label="Project overview"]') - end - end - - describe 'Details' do - it 'does not have a link to the details menu' do - render - - expect(rendered).not_to have_link('Details', href: project_path(project)) - end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'has a link to the projects path' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).to have_link('Details', href: project_path(project), class: 'shortcuts-project') - expect(rendered).to have_selector('[aria-label="Project details"]') - end - end - end - describe 'Activity' do it 'has a link to the project activity path' do render @@ -76,24 +44,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do end end - describe 'Releases' do - it 'does not have a link to the project releases path' do - render - - expect(rendered).not_to have_link('Releases', href: project_releases_path(project), class: 'shortcuts-project-releases') - end - - context 'when feature flag :sidebar refactor is disabled' do - it 'has a link to the project releases path' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).to have_link('Releases', href: project_releases_path(project), class: 'shortcuts-project-releases') - end - end - end - describe 'Labels' do let(:page) { Nokogiri::HTML.parse(rendered) } @@ -103,16 +53,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(page.at_css('.shortcuts-project-information').parent.css('[aria-label="Labels"]')).not_to be_empty expect(rendered).to have_link('Labels', href: project_labels_path(project)) end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'does not have the labels menu item' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(page.at_css('.shortcuts-project').parent.css('[aria-label="Labels"]')).to be_empty - end - end end describe 'Members' do @@ -124,16 +64,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(page.at_css('.shortcuts-project-information').parent.css('[aria-label="Members"]')).not_to be_empty expect(rendered).to have_link('Members', href: project_project_members_path(project)) end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'does not have a link to the members page' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(page.at_css('.shortcuts-project').parent.css('[aria-label="Members"]')).to be_empty - end - end end end @@ -243,27 +173,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do end end - describe 'Labels' do - let(:page) { Nokogiri::HTML.parse(rendered) } - - it 'does not have a link to the labels page' do - render - - expect(page.at_css('.shortcuts-issues').parent.css('[aria-label="Labels"]')).to be_empty - end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'has a link to the labels page' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(page.at_css('.shortcuts-issues').parent.css('[aria-label="Labels"]')).not_to be_empty - expect(rendered).to have_link('Labels', href: project_labels_path(project)) - end - end - end - describe 'Service Desk' do it 'has a link to the service desk path' do render @@ -323,40 +232,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do end end - describe 'Labels' do - it 'does not show the labels menu' do - project.project_feature.update!(issues_access_level: ProjectFeature::DISABLED) - - render - - expect(rendered).not_to have_link('Labels', href: project_labels_path(project), class: 'shortcuts-labels') - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - context 'when issues are not enabled' do - it 'has a link to the labels path' do - project.project_feature.update!(issues_access_level: ProjectFeature::DISABLED) - - render - - expect(rendered).to have_link('Labels', href: project_labels_path(project), class: 'shortcuts-labels') - end - end - - context 'when issues are enabled' do - it 'does not have a link to the labels path' do - render - - expect(rendered).not_to have_link('Labels', href: project_labels_path(project), class: 'shortcuts-labels') - end - end - end - end - describe 'Merge Requests' do it 'has a link to the merge request list path' do render @@ -479,16 +354,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).not_to have_link('Feature Flags') end end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'does not have a Feature Flags menu item' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).not_to have_selector('.shortcuts-deployments') - end - end end describe 'Environments' do @@ -508,16 +373,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).not_to have_link('Environments') end end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'does not have a Environments menu item' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).not_to have_selector('.shortcuts-deployments') - end - end end describe 'Releases' do @@ -526,16 +381,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).to have_link('Releases', href: project_releases_path(project), class: 'shortcuts-deployments-releases') end - - context 'when feature flag :sidebar refactor is disabled' do - it 'does not have a link to the project releases path' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).not_to have_link('Releases', href: project_releases_path(project), class: 'shortcuts-deployments-releases') - end - end end end @@ -662,141 +507,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do end end - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - describe 'Serverless' do - it 'has a link to the serverless page' do - render - - page = Nokogiri::HTML.parse(rendered) - - expect(page.at_css('.shortcuts-operations').parent.css('[aria-label="Serverless"]')).not_to be_empty - expect(rendered).to have_link('Serverless', href: project_serverless_functions_path(project)) - end - - describe 'when the user does not have access' do - let(:user) { nil } - - it 'does not have a link to the serverless page' do - render - - expect(rendered).not_to have_link('Serverless') - end - end - end - - describe 'Terraform' do - it 'has a link to the terraform page' do - render - - page = Nokogiri::HTML.parse(rendered) - - expect(page.at_css('.shortcuts-operations').parent.css('[aria-label="Terraform"]')).not_to be_empty - expect(rendered).to have_link('Terraform', href: project_terraform_index_path(project)) - end - - describe 'when the user does not have access' do - let(:user) { nil } - - it 'does not have a link to the terraform page' do - render - - expect(rendered).not_to have_link('Terraform') - end - end - end - - describe 'Kubernetes' do - it 'has a link to the kubernetes page' do - render - - page = Nokogiri::HTML.parse(rendered) - - expect(page.at_css('.shortcuts-operations').parent.css('[aria-label="Kubernetes"]')).not_to be_empty - expect(rendered).to have_link('Kubernetes', href: project_clusters_path(project)) - end - - describe 'when the user does not have access' do - let(:user) { nil } - - it 'does not have a link to the kubernetes page' do - render - - expect(rendered).not_to have_link('Kubernetes') - end - end - end - end - - describe 'Environments' do - let(:page) { Nokogiri::HTML.parse(rendered) } - - it 'does not have a link to the environments page' do - render - - expect(page.at_css('.shortcuts-monitor').parent.css('[aria-label="Environments"]')).to be_empty - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'has a link to the environments page' do - render - - expect(page.at_css('.shortcuts-operations').parent.css('[aria-label="Environments"]')).not_to be_empty - expect(rendered).to have_link('Environments', href: project_environments_path(project)) - end - - describe 'when the user does not have access' do - let(:user) { nil } - - it 'does not have a link to the environments page' do - render - - expect(rendered).not_to have_link('Environments') - end - end - end - end - - describe 'Feature Flags' do - let(:page) { Nokogiri::HTML.parse(rendered) } - - it 'does not have a link to the feature flags page' do - render - - expect(page.at_css('.shortcuts-monitor').parent.css('[aria-label="Feature Flags"]')).to be_empty - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - end - - it 'has a link to the feature flags page' do - render - - expect(page.at_css('.shortcuts-operations').parent.css('[aria-label="Feature Flags"]')).not_to be_empty - expect(rendered).to have_link('Feature Flags', href: project_feature_flags_path(project)) - end - - describe 'when the user does not have access' do - let(:user) { nil } - - it 'does not have a link to the feature flags page' do - render - - expect(rendered).not_to have_link('Feature Flags') - end - end - end - end - describe 'Product Analytics' do it 'has a link to the product analytics page' do render @@ -1104,35 +814,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do end end - describe 'Members' do - it 'does not show the Member menu item' do - expect(rendered).not_to have_selector('.sidebar-top-level-items > li > a[aria-label="Members"]') - end - - context 'when feature flag :sidebar_refactor is disabled' do - before do - stub_feature_flags(sidebar_refactor: false) - - render - end - - context 'when user can access members' do - it 'show Members link' do - expect(rendered).to have_selector('.sidebar-top-level-items > li > a[aria-label="Members"]') - expect(rendered).to have_link('Members', href: project_project_members_path(project)) - end - end - - context 'when user cannot access members' do - let(:user) { nil } - - it 'show Members link' do - expect(rendered).not_to have_link('Members') - end - end - end - end - describe 'Settings' do describe 'General' do it 'has a link to the General settings' do @@ -1275,16 +956,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).to have_link('Packages & Registries', href: project_settings_packages_and_registries_path(project)) end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'does not have a link to the Packages & Registries settings' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).not_to have_link('Packages & Registries', href: project_settings_packages_and_registries_path(project)) - end - end end context 'when registry is not enabled' do @@ -1345,15 +1016,5 @@ RSpec.describe 'layouts/nav/sidebar/_project' do expect(rendered).not_to have_selector('.sidebar-sub-level-items > li.fly-out-top-item > a') end - - context 'when feature flag :sidebar_refactor is disabled' do - it 'renders the collapsed top menu as a link' do - stub_feature_flags(sidebar_refactor: false) - - render - - expect(rendered).to have_selector('.sidebar-sub-level-items > li.fly-out-top-item > a') - end - end end end |