Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/topics/autodevops/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/topics/autodevops/index.md')
-rw-r--r--doc/topics/autodevops/index.md56
1 files changed, 56 insertions, 0 deletions
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 0cbd85fc568..3ced926a530 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -734,6 +734,40 @@ Avoid passing secrets as Docker build arguments if possible, as they may be
persisted in your image. See
[this discussion](https://github.com/moby/moby/issues/13490) for details.
+### Passing secrets to `docker build` (beta)
+
+CI environment variables can be passed as [build
+secrets](https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) to the `docker build` command by listing them comma separated by name in the
+`AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` variable. For example, in order to forward the variables `CI_COMMIT_SHA` and `CI_ENVIRONMENT_NAME`, one would set `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` to `CI_COMMIT_SHA,CI_ENVIRONMENT_NAME`.
+
+Unlike build arguments, these are not persisted by Docker in the final image
+(though you can still persist them yourself, so be careful).
+
+In projects:
+
+- Without a `Dockerfile`, these are available automatically as environment
+ variables.
+- With a `Dockerfile`, the following is required:
+
+ 1. Activate the experimental `Dockerfile` syntax by adding the following
+ to the top of the file:
+
+ ```Dockerfile
+ # syntax = docker/dockerfile:experimental
+ ```
+
+ 1. To make secrets available in any `RUN $COMMAND` in the `Dockerfile`, mount
+ the secret file and source it prior to running `$COMMAND`:
+
+ ```Dockerfile
+ RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && $COMMAND
+ ```
+
+NOTE: **Note:**
+When `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` is set, Auto DevOps
+enables the experimental [Docker BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/)
+feature to use the `--secret` flag.
+
### Custom Helm Chart
Auto DevOps uses [Helm](https://helm.sh/) to deploy your application to Kubernetes.
@@ -827,6 +861,7 @@ applications.
| `ADDITIONAL_HOSTS` | Fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. |
| `<ENVIRONMENT>_ADDITIONAL_HOSTS` | For a specific environment, the fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. This takes precedence over `ADDITIONAL_HOSTS`. |
| `AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS` | Extra arguments to be passed to the `docker build` command. Note that using quotes will not prevent word splitting. [More details](#passing-arguments-to-docker-build). |
+| `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` | A [comma-separated list of CI variable names](#passing-secrets-to-docker-build-beta) to be passed to the `docker build` command as secrets. |
| `AUTO_DEVOPS_CHART` | Helm Chart used to deploy your apps. Defaults to the one [provided by GitLab](https://gitlab.com/gitlab-org/charts/auto-deploy-app). |
| `AUTO_DEVOPS_CHART_REPOSITORY` | Helm Chart repository used to search for charts. Defaults to `https://charts.gitlab.io`. |
| `AUTO_DEVOPS_CHART_REPOSITORY_NAME` | From Gitlab 11.11, used to set the name of the helm repository. Defaults to `gitlab`. |
@@ -1168,6 +1203,27 @@ There is no documented way of using private container registry with Auto DevOps.
We strongly advise using GitLab Container Registry with Auto DevOps in order to
simplify configuration and prevent any unforeseen issues.
+### Installing Helm behind a proxy
+
+GitLab does not yet support installing [Helm as a GitLab-managed App](../../user/clusters/applications.md#helm) when
+behind a proxy. Users who wish to do so must inject their proxy settings
+into the installation pods at runtime, for example by using a
+[`PodPreset`](https://kubernetes.io/docs/concepts/workloads/pods/podpreset/):
+
+```yml
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+ name: gitlab-managed-apps-default-proxy
+ namespace: gitlab-managed-apps
+spec:
+ env:
+ - name: http_proxy
+ value: "PUT_YOUR_HTTP_PROXY_HERE"
+ - name: https_proxy
+ value: "PUT_YOUR_HTTPS_PROXY_HERE"
+```
+
## Troubleshooting
- Auto Build and Auto Test may fail in detecting your language/framework. There
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 06:03:04 +0300