Changelog

1.4

1.4.1

• Module:
  • [fix]: Added hostname migration hook
  • [fix]: Fixed s3 storages for Generic provider

1.4.0

• Module:
  • [docs]: Added Getting started to module documentation
  • [docs]: Added changelog to module documentation
  • [docs]: Added note about Gitaly and Containerd V2
  • [feat]: Added .spec.placement.dedicated to CR to control resource distribution over nodes
  • [fix]: Fixed CRD reconciliation when secret or configmap changed
  • [fix]: Added labels to CRD related resources
  • [fix]: Dropped .spec.features.pages.s3.external.bucketPrefix in favor of .spec.features.pages.s3.external.bucketName in CRD
  • [fix]: Dropped Global value support in https sections
  • [fix]: Added ingress section for registry in CRD
  • [fix]: Added ingress section for pages in CRD
  • [fix]: Fixed ingress reconcile when https.mode is CertManager (pages, registry)
  • [fix]: Set default email for root user on fresh install
  • [fix]: Add ownLoadBalancer CR validations
  • [fix]: Moved ServiceMonitor/PodMonitor from operator to module reconciliation to remove DH alerts
  • [fix]: Fixed storage class propagation in Gitaly
  • [chore]: Removed runner registration token
  • [fix]: Fixed updates on status subresource in CR
  • [fix]: Fixed traffic policy for service shell
  • [fix]: Bumped Golang version to 1.24.6
  • [fix]: Bumped helm-lib to v1.63.0
  • [fix]: Fixed security context at pod and container scope
  • [fix]: Added more validation to ldap section
  • [fix]: Fixed panic on backup s3 preflight
  • [fix]: Added warning when set non expendable storage class in CRD
  • [fix]: Fixed secret reconcile for omniauth
  • [fix]: Fixed ValidatingAdmissionPolicy for backup PVC
  • [fix]: Fixed ValidatingAdmissionPolicy for gitData PVC
  • [fix]: Fixed custom certificate search NS
  • [fix]: Fixed ingress annotations for webservice
• Deckhouse Code:
  • [feat]: Update Gitlab CE to v18.0.3
  • [feat]: Added activity track to group wiki
  • [feat]: Added audit event for access level change in group wiki
  • [feat]: Added full name of project and group to audit event on delete
  • [feat]: Added API for audit events
  • [fix]: Disabled event data transmission

1.3

1.3.23

• Module:
  • [fix]: Fixed s3 section migration configmap

1.3.22

• Module:
  • [fix]: Backport fix for backup s3 preflight check
  • [fix]: Separated Gitaly statefulset and PVC

1.3.21

• Module:
  • [fix]: Fixed init container for Gitaly pods
  • [docs]: Updated module documentation with information about Containerd V2
• Deckhouse Code:
  • [fix]: Updated Gitlab FE version to 17.11.7

1.3.20

• Module:
  • [fix]: Fixed storage class propagation in Gitaly

1.3.19

• Module:
  • [fix]: Fixed jq filter in module hook

1.3.18

• Module:
  • [chore]: Removed ‘disabled’ ssl mode from postgres in CRD
  • [fix]: Fixed type conversion in migration module hook

1.3.17

• Module:
  • [fix]: Updated base image to the newest version to mitigate CVEs
  • [fix]: Fixed postgres and redis tls secret mount in jobs
  • [fix]: Fixed redis section in rails based services
  • [docs]: Added example for Redis TLS in CRD
• Deckhouse Code:
  • [fix]: Updated Gitlab FE version to 17.11.6
  • [fix]: Changed type for account deckhouse_sa to service account
  • [fix]: Fixed initial page and added an alert when no admin user exists in the instance.

1.3.16

• Module:
  • [fix]: Fixed postgres connection check
  • [fix]: Updated Golang version to 1.24.5 in operator

1.3.15

• Deckhouse Code:
  • [feat]: Added wiki at group level
  • [fix]: Updated russian translation
• Module:
  • [fix]: Fix s3 buckets webhook validations
  • [fix]: Fix ownLoadBalancer services delete on disabling it

1.3.14

• Module:
  • [fix]: Fixed definition for network.certificates.customCAs in CRD

1.3.13

• Module:
  • [feat]: Added network.certificates section to CRD to handle custom TLS and CA certificates.
  • [fix]: Fixed NodePort range for gitSsh.service in CRD
  • [fix]: Bumped MRA to v1.1.3
  • [fix]: Fixed ValidatingAdmissionPolicy rules

1.3.12

• Deckhouse Code:
  • [feat]: Added vault integration to gitlab CI
  • [feat]: Added webhooks at group level
• Module:
  • [fix]: Bumped base images version to mitigate CVEs
  • [fix]: Bumped Golang version to 1.24.5
  • [fix]: Fixed CA certificate field in CRD for postgres
  • [fix]: Fixed CA certificate field in CRD for redis
  • [fix]: Fixed registry bucket name in toolbox and backup job
  • [fix]: Added validation for external omniauth providers in CRD
  • [fix]: Added validation for registry params
  • [fix]: Fixed pages s3 configuration and registration job
  • [fix]: s3.external.endpoint and s3.external.region now required for Generic provider
  • [fix]: Fixed a bug where the gitlab client would not return errors for requests with an invalid status code
  • [fix]: Fixed backup job reconciliation and added more validation to backup section in CRD
  • [fix]: Fixed ldap parameters quote
  • [docs]: Add ownLoadBalancer nginx-ingress mode required

1.3.11

• Module:
  • [feat]: Added spec.ownloadbalancer section
  • [feat]: Added spec.ownloadbalancer.annotations. Now it’s available to set custom annotations to ownLoadBalancer service
  • [chore]: Deprecate spec.useOwnLoadBalancer key. Moved to spec.ownloadbalancer.enabled key
  • [chore]: Deprecate spec.ownLoadBalancerHttpBackends key. Moved to spec.ownloadbalancer.httpBackends key
  • [chore]: Remove Global from https available modes
  • [docs]: Edited https modes available, removed Global
  • [fix]: Fixed https CustomCertificate mode (.https.mode=CustomCertificate)
  • [fix]: Fixed https CertManager mode (.https.mode=CertManager)
  • [fix]: Fixed bug with operator gitlab internal api usage

1.3.10

• Module:

  • [fix]: Fixed mail secrets reconcile
  • [fix]: Updated ports in some ServiceMonitors
  • [fix]: Fixed bug with s3 external storage configs
  • [fix]: Fixed sidekig scaling map execution conditions
  • [fix]: Fixed webservice scaling map execution conditions
  • [fix]: Edited gitaly probes from grpc to exec type
  • [fix]: Added hpa to predicates
  • [fix]: Fixed rails replicas template with hpa enabled
  • [fix]: Fixed deployment redeploy bug with targerUserCount more than 10
  • [fix]: Fixed registry metrics port

• Deckhouse Code:

  • [fix]: Updated Gitlab FE version to 17.11.4

1.3.9

• Module:
  • [fix]: Fixed omniauth provider secret missing
  • [fix]: Fixed outgoing email smtp secret missing
  • [fix]: *.s3.external.accessKey and *.s3.external.secretKey are now required
  • [fix]: *.s3.external.region is now required if *.s3.external.provider: Generic
  • [fix]: Fixed registry configmap syntax error
  • [fix]: Fixed haproxy configmap syntax error
  • [fix]: Fixed migration job redis-secret secret lose
  • [fix]: Fixed pages reconcile logic

1.3.8

• Module:
  • [feat]: Added param network.ownLoadBalancerHttpBackends in CRD to control haproxy routing

1.3.7

• Module:
  • [fix]: Fixed handle of deprecated field in module hooks
  • [fix]: Fixed pages S3 preflight hook
• Deckhouse Code:
  • [fix]: Updated Gitlab FE version
  • [feat]: Added pull mirroring feature
  • [fix]: Disabled Enabled sign-in and Enabled sign-up in UI

1.3.6

• Module:
  • [chore]: Removed deprecated fields pages.s3.bucketPrefix and backup.restoreFromBackupMode from CRD

1.3.5

• Module:
  • [docs]: Fixed menu title in public module documentation
• Deckhouse Code:
  • [fix]: Fixed Gitlab FE bootstrap issue

1.3.4

• Module:
  • [feat]: Added gitData.replicas param to CRD to control Gitaly nodes in high-available mode
  • [fix]: Fixed Omniauth provider arguments in CRD
  • [docs]: Fixed bucket names in public module documentation