Add latest changes from gitlab-org/gitlab@master

14 files changed, 141 insertions, 63 deletions

diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 1b2be9a6c60..c62380cb5c8 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -59,7 +59,7 @@
 /doc/user/packages/ @ngaskill
 /doc/user/profile/ @msedlakjakubowski @eread
 /doc/user/project/ @aqualls @axil @eread @msedlakjakubowski @ngaskill
-/doc/user/project/clusters/ @ngaskill
+/doc/user/project/clusters/ @marcia
 /doc/user/project/import/ @ngaskill @msedlakjakubowski
 /doc/user/project/integrations/ @aqualls
 /doc/user/project/integrations/prometheus_library/ @ngaskill
diff --git a/.gitlab/issue_templates/Technical Evaluation.md b/.gitlab/issue_templates/Technical Evaluation.md
index 533a1343820..cf939725a78 100644
--- a/.gitlab/issue_templates/Technical Evaluation.md
+++ b/.gitlab/issue_templates/Technical Evaluation.md
@@ -5,6 +5,13 @@
 <!-- Describe the related issue and challenge we need to establish a proof of concept for-->
 * [Link to other Issue](link)
 
+### Tasks prior to evaluation
+
+<!-- Pre-evaluation tasks are critical and should be completed or confirmed by product managers if available -->
+
+- [ ] Clearly document the topic to evaluated in this issue description
+- [ ] Determine specific scope including time-bounds for investigation
+
 ### Tasks to  Evaluate
 
 <!-- Outline the tasks with issues that you need to evaluate as a part of the implementation issue -->
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0acdd73aad6..d271dd615b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -586,6 +586,12 @@ entry.
 - [Add helpful text to URL group validation and limit text](gitlab-org/gitlab@59a5a6266cb0d5434596170ffa36e4e74b8d2c2c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65369)) **GitLab Enterprise Edition**
 - [Refactor external storage admin area configuration UI and docs](gitlab-org/gitlab@497ba4fc8f4ec1d234c9f5f1ec5c69712b8c7cb3) ([merge request](gitlab-org/gitlab!66219))
 
+## 14.1.5 (2021-09-02)
+
+### Fixed (1 change)
+
+- [Geo: Replicate multi-arch containers](gitlab-org/gitlab@4f74fe9fb6f53cd877d8f793e2ef74c4177006d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67624)) **GitLab Enterprise Edition**
+
 ## 14.1.4 (2021-08-31)
 
 ### Security (8 changes)
diff --git a/app/assets/javascripts/alert_management/list.js b/app/assets/javascripts/alert_management/list.js
index e9d19f18ab5..57d1f135606 100644
--- a/app/assets/javascripts/alert_management/list.js
+++ b/app/assets/javascripts/alert_management/list.js
@@ -39,6 +39,7 @@ export default () => {
             return defaultDataIdFromObject(object);
           },
         },
+        assumeImmutableResults: true,
       },
     ),
   });
diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb
index 6fd92865731..9662039e3eb 100644
--- a/config/initializers/peek.rb
+++ b/config/initializers/peek.rb
@@ -24,7 +24,7 @@ Peek.into Peek::Views::Tracing if Labkit::Tracing.tracing_url_enabled?
 # See https://github.com/peek/peek/blob/master/lib/peek/views/view.rb
 Peek.views
 
-ActiveSupport::Notifications.subscribe('endpoint_run.grape') do |_name, _start, _finish, _id, payload|
+ActiveSupport::Notifications.subscribe('format_response.grape') do |_name, _start, _finish, _id, payload|
   if request_id = payload[:env]['action_dispatch.request_id']
     Peek.adapter.save(request_id)
   end
diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt
index 7b76f2e1e9c..3c8c0851024 100644
--- a/doc/.vale/gitlab/spelling-exceptions.txt
+++ b/doc/.vale/gitlab/spelling-exceptions.txt
@@ -822,5 +822,6 @@ ytt
 Yubico
 Zeitwerk
 Zendesk
+ZenTao
 zsh
 Zstandard
diff --git a/doc/administration/geo/replication/usage.md b/doc/administration/geo/replication/usage.md
index 7fe8eec467e..ad3fb1f42cf 100644
--- a/doc/administration/geo/replication/usage.md
+++ b/doc/administration/geo/replication/usage.md
@@ -33,3 +33,13 @@ you can't store credentials in the URL like `user:password@URL`. Instead, you ca
 for Unix-like operating systems or `_netrc` for Windows. In that case, the credentials
 will be stored as a plain text. If you're looking for a more secure way to store credentials,
 you can use [Git Credential Storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage).
+
+## Fetch Go modules from Geo secondary sites
+
+Go modules can be pulled from secondary sites, with a number of limitations:
+
+- Git configuration (using `insteadOf`) is needed to fetch data from the Geo secondary site.
+- For private projects, authentication details need to be specified in `~/.netrc`.
+
+Read more in the
+[working with projects `go get` documentation](../../../user/project/working_with_projects.md#fetch-go-modules-from-geo-secondary-sites).
diff --git a/doc/integration/slash_commands.md b/doc/integration/slash_commands.md
index 81c1749e39d..4059aef9de3 100644
--- a/doc/integration/slash_commands.md
+++ b/doc/integration/slash_commands.md
@@ -8,32 +8,36 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 > - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24780) to GitLab Free in 11.9.
 
-Slash commands in Mattermost and Slack allow you to control GitLab and view GitLab content right inside your chat client, without having to leave it. For Slack, this requires an [integration configuration](../user/project/integrations/slack_slash_commands.md). Type the command as a message in your chat client to activate it.
+If you want to control and view GitLab content while you're
+working in Slack and Mattermost, you can use slash commands.
+Type the command as a message in your chat client to activate it.
+For Slack, this requires an [integration configuration](../user/project/integrations/slack_slash_commands.md).
 
-Commands are scoped to a project, with a trigger term that is specified during configuration.
+Slash commands are scoped to a project
+and require the trigger command specified during configuration.
 
-We suggest you use the project name as the trigger term for simplicity and clarity.
+We suggest you use the project name as the trigger command for simplicity and clarity.
 
-Taking the trigger term as `project-name`, the commands are:
+Assuming `project-name` is the trigger command, the slash commands are:
 
 | Command | Effect |
 | ------- | ------ |
-| `/project-name help` | Shows all available slash commands |
-| `/project-name issue new <title> <shift+return> <description>` | Creates a new issue with title `<title>` and description `<description>` |
-| `/project-name issue show <id>` | Shows the issue with ID `<id>` |
-| `/project-name issue close <id>` | Closes the issue with ID `<id>` |
-| `/project-name issue search <query>` | Shows up to 5 issues matching `<query>` |
-| `/project-name issue move <id> to <project>` | Moves issue ID `<id>` to `<project>` |
-| `/project-name issue comment <id> <shift+return> <comment>` | Adds a new comment to an issue with ID `<id>` and comment body `<comment>` |
-| `/project-name deploy <from> to <to>` | Deploy from the `<from>` environment to the `<to>` environment |
-| `/project-name run <job name> <arguments>` | Execute [ChatOps](../ci/chatops/index.md) job `<job name>` on the default branch |
+| `/project-name help` | Shows all available slash commands. |
+| `/project-name issue new <title> <shift+return> <description>` | Creates a new issue with title `<title>` and description `<description>`. |
+| `/project-name issue show <id>` | Shows the issue with ID `<id>`. |
+| `/project-name issue close <id>` | Closes the issue with ID `<id>`. |
+| `/project-name issue search <query>` | Shows up to 5 issues matching `<query>`. |
+| `/project-name issue move <id> to <project>` | Moves the issue with ID `<id>` to `<project>`. |
+| `/project-name issue comment <id> <shift+return> <comment>` | Adds a new comment with comment body `<comment>` to the issue with ID `<id>`. |
+| `/project-name deploy <from> to <to>` | [Deploys](#deploy-command) from the `<from>` environment to the `<to>` environment. |
+| `/project-name run <job name> <arguments>` | Executes the [ChatOps](../ci/chatops/index.md) job `<job name>` on the default branch. |
 
 If you are using the [GitLab Slack application](../user/project/integrations/gitlab_slack_application.md) for
 your GitLab.com projects, [add the `gitlab` keyword at the beginning of the command](../user/project/integrations/gitlab_slack_application.md#usage).
 
 ## Issue commands
 
-It's possible to create new issue, display issue details and search up to 5 issues.
+You can create a new issue, display issue details, and search up to 5 issues.
 
 ## Deploy command
 
@@ -41,7 +45,7 @@ To deploy to an environment, GitLab tries to find a deployment
 manual action in the pipeline.
 
 If there's only one action for a given environment, it is triggered.
-If more than one action is defined, GitLab tries to find an action
-which name equals the environment name we want to deploy to.
+If more than one action is defined, GitLab finds an action
+name that equals the environment name to deploy to.
 
-The command returns an error when no matching action has been found.
+The command returns an error if no matching action is found.
diff --git a/doc/user/infrastructure/index.md b/doc/user/infrastructure/index.md
index 9931b5920e4..9f28a40474e 100644
--- a/doc/user/infrastructure/index.md
+++ b/doc/user/infrastructure/index.md
@@ -14,10 +14,10 @@ are more likely to control their whole DevOps lifecycle, including deployments a
 
 GitLab offers various features to speed up and simplify your infrastructure management practices.
 
-## Generic infrastructure management
+## Infrastructure as Code
 
-GitLab has deep integrations with Terraform to run your infrastructure as code pipelines
-and support your processes. Terraform is considered the standard in cloud infrastructure provisioning.
+GitLab has deep integrations with Terraform to run Infrastructure as Code pipelines
+and support various processes. Terraform is considered the standard in cloud infrastructure provisioning.
 The various GitLab integrations help you:
 
 - Get started quickly without any setup.
@@ -25,11 +25,7 @@ The various GitLab integrations help you:
   with code changes.
 - Scale using a module registry.
 
-Read more about the [Infrastructure as Code features](iac/index.md), including:
-
-- [The GitLab Managed Terraform State](iac/terraform_state.md).
-- [The Terraform MR widget](iac/mr_integration.md).
-- [The Terraform module registry](../packages/terraform_module_registry/index.md).
+Learn more about how GitLab can help you run [Infrastructure as Code](iac/index.md).
 
 ## Integrated Kubernetes management
 
@@ -39,16 +35,7 @@ DevSecOps pipeline by default targeted at Kubernetes based deployments. To suppo
 all the GitLab features, GitLab offers a cluster management project for easy onboarding.
 The deploy boards provide quick insights into your cluster, including pod logs tailing.
 
-The recommended approach to connect to a cluster is using [the GitLab Kubernetes Agent](../clusters/agent/index.md).
-
-Read more about [the Kubernetes cluster support and integrations](../project/clusters/index.md), including:
-
-- Certificate-based integration for [projects](../project/clusters/index.md),
-  [groups](../group/clusters/index.md), or [instances](../instance/clusters/index.md).
-- [Agent-based integration](../clusters/agent/index.md). **(PREMIUM)**
-  - The [Kubernetes Agent Server](../../administration/clusters/kas.md) is [available on GitLab.com](../clusters/agent/index.md#set-up-the-kubernetes-agent-server)
-    at `wss://kas.gitlab.com`. **(PREMIUM)**
-- [Agent-based access from GitLab CI/CD](../clusters/agent/ci_cd_tunnel.md).
+Learn more about the [GitLab integration with Kubernetes](../project/clusters/index.md).
 
 ## Runbooks in GitLab
 
diff --git a/doc/user/project/clusters/add_existing_cluster.md b/doc/user/project/clusters/add_existing_cluster.md
index 82019483e49..16f66081e99 100644
--- a/doc/user/project/clusters/add_existing_cluster.md
+++ b/doc/user/project/clusters/add_existing_cluster.md
@@ -4,11 +4,17 @@ group: Configure
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# Add an existing Kubernetes cluster
+# Connect existing clusters through cluster certificates
 
 If you have an existing Kubernetes cluster, you can add it to a project, group,
 or instance and benefit from the integration with GitLab.
 
+WARNING:
+The process described on this page uses cluster certificates to connect your cluster
+to GitLab. Although this method still works, it is **no longer recommended**.
+To connect your cluster to GitLab, we **recommend** using the [GitLab Kubernetes Agent](../../clusters/agent/index.md)
+instead. **(PREMIUM)**
+
 ## Prerequisites
 
 See the prerequisites below to add existing clusters to GitLab.
diff --git a/doc/user/project/clusters/deploy_to_cluster.md b/doc/user/project/clusters/deploy_to_cluster.md
index fdd65d70242..54141fe1103 100644
--- a/doc/user/project/clusters/deploy_to_cluster.md
+++ b/doc/user/project/clusters/deploy_to_cluster.md
@@ -4,7 +4,13 @@ group: Configure
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# Deploy to a Kubernetes cluster
+# Deploy to a Kubernetes cluster with cluster certificates
+
+WARNING:
+The process described on this page uses cluster certificates to deploy to your cluster
+from GitLab. Although this method still works, it is **no longer recommended**.
+To deploy to your cluster from GitLab, we **recommend** using the [GitLab Kubernetes Agent](../../clusters/agent/index.md)
+instead. **(PREMIUM)**
 
 A Kubernetes cluster can be the destination for a deployment job. If
 
diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md
index c534c30c75e..850cef02614 100644
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -16,10 +16,6 @@ We offer extensive integrations to help you connect and manage your Kubernetes c
 
 Read through this document to get started.
 
-## Clusters infrastructure
-
-Use [Infrastructure as Code](../../infrastructure) to create and manage your clusters with the GitLab integration with Terraform.
-
 ## Benefit from the GitLab-Kubernetes integration
 
 Using the GitLab-Kubernetes integration, you can benefit of GitLab
@@ -58,34 +54,33 @@ Some GitLab features may support versions outside the range provided here.
 
 ## Add and remove clusters
 
-You can create new or add existing clusters to GitLab:
-
-- On the project-level, to have a cluster dedicated to a project.
-- On the [group level](../../group/clusters/index.md), to use the same cluster across multiple projects within your group.
-- On the [instance level](../../instance/clusters/index.md), to use the same cluster across multiple groups and projects. **(FREE SELF)**
+You can create new or add existing clusters to GitLab through different levels,
+using different methods.
 
-To create new clusters, use one of the following methods:
+### Cluster levels
 
-- [Infrastructure as Code](../../infrastructure/index.md) (**recommended**).
-- [Cluster certificates](add_remove_clusters.md) (**deprecated**).
+You can connect clusters to GitLab in different levels, according to their purpose:
 
-You can also [add existing clusters](add_existing_cluster.md) to GitLab.
+- On the project level, to have a cluster dedicated to a project.
+- On the [group level](../../group/clusters/index.md), to use the same cluster across multiple projects within your group.
+- On the [instance level](../../instance/clusters/index.md), to use the same cluster across multiple groups and projects. **(FREE SELF)**
 
-## View your clusters
+### Methods to create new clusters
 
-To view your project-level Kubernetes clusters, to go **Infrastructure > Kubernetes clusters**
-from your project. On this page, you can add a new cluster
-and view information about your existing clusters, such as:
+To create new clusters, we **recommend** using [Infrastructure as Code](../../infrastructure/index.md).
 
-- Nodes count.
-- Rough estimates of memory and CPU usage.
+### Methods to connect existing clusters
 
-## Configuring your Kubernetes cluster
+To safely connect and configure an existing cluster on the **project level**, we
+**recommend** using the [GitLab Kubernetes Agent](../../clusters/agent/index.md).
+We are working to support [the Agent for connecting a
+cluster at the group level](https://gitlab.com/groups/gitlab-org/-/epics/5784).
 
-Use the [GitLab Kubernetes Agent](../../clusters/agent/index.md) to safely
-configure your clusters. Otherwise, there are [security implications](#security-implications).
+You can use [cluster certificates](add_existing_cluster.md) to connect
+clusters in all levels (projects, group, instance). However, for
+[security implications](#security-implications), this method is no longer recommended.
 
-### Security implications
+## Security implications
 
 WARNING:
 The whole cluster security is based on a model where [developers](../../permissions.md)
@@ -96,6 +91,15 @@ functionalities needed to successfully build and deploy a containerized
 application. Bear in mind that the same credentials are used for all the
 applications running on the cluster.
 
+## View your clusters
+
+To view your project-level Kubernetes clusters, to go **Infrastructure > Kubernetes clusters**
+from your project. On this page, you can add a new cluster
+and view information about your existing clusters, such as:
+
+- Nodes count.
+- Rough estimates of memory and CPU usage.
+
 ## Multiple Kubernetes clusters
 
 See how to associate [multiple Kubernetes clusters](multiple_kubernetes_clusters.md)
diff --git a/doc/user/project/working_with_projects.md b/doc/user/project/working_with_projects.md
index 77dd44e5c7f..32bb202767a 100644
--- a/doc/user/project/working_with_projects.md
+++ b/doc/user/project/working_with_projects.md
@@ -334,6 +334,52 @@ git config --global url."https://${user}:${personal_access_token}@gitlab.example
 git config --global url."git@gitlab.example.com".insteadOf "https://gitlab.example.com"
 ```
 
+### Fetch Go modules from Geo secondary sites
+
+As Go modules are stored in Git repositories, you can use the [Geo](../../administration/geo/index.md)
+feature that allows Git repositories to be accessed on the secondary Geo servers.
+
+In the following examples, the primary's site domain name is `gitlab.example.com`,
+and the secondary's is `gitlab-secondary.example.com`.
+
+`go get` will initially generate some HTTP traffic to the primary, but when the module
+download commences, the `insteadOf` configuration sends the traffic to the secondary.
+
+#### Use SSH to access the Geo secondary
+
+To fetch Go modules from the secondary using SSH:
+
+1. Reconfigure Git on the client to send traffic for the primary to the secondary:
+
+   ```plaintext
+   git config --global url."git@gitlab-secondary.example.com".insteadOf "https://gitlab.example.com"
+   git config --global url."git@gitlab-secondary.example.com".insteadOf "http://gitlab.example.com"
+   ```
+
+1. Ensure the client is set up for SSH access to GitLab repositories. This can be tested on the primary,
+   and GitLab will replicate the public key to the secondary.
+
+#### Use HTTP to access the Geo secondary
+
+Using HTTP to fetch Go modules does not work with CI/CD job tokens, only with
+persistent access tokens that are replicated to the secondary.
+
+To fetch Go modules from the secondary using HTTP:
+
+1. Put in place a Git `insteadOf` redirect on the client:
+
+   ```plaintext
+   git config --global url."https://gitlab-secondary.example.com".insteadOf "https://gitlab.example.com"
+   ```
+
+1. Generate a [personal access token](../profile/personal_access_tokens.md) and
+   provide those credentials in the client's `~/.netrc` file:
+
+   ```plaintext
+   machine gitlab.example.com login USERNAME password TOKEN
+   machine gitlab-secondary.example.com login USERNAME password TOKEN
+   ```
+
 ## Access project page with project ID
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/53671) in GitLab 11.8.
diff --git a/spec/lib/gitlab/database/connection_spec.rb b/spec/lib/gitlab/database/connection_spec.rb
index f6ecc7761d6..905f2a419ac 100644
--- a/spec/lib/gitlab/database/connection_spec.rb
+++ b/spec/lib/gitlab/database/connection_spec.rb
@@ -143,7 +143,7 @@ RSpec.describe Gitlab::Database::Connection do
 
   describe '#disable_prepared_statements' do
     around do |example|
-      original_config = ::Gitlab::Database.main.config
+      original_config = connection.scope.connection.pool.db_config
 
       example.run