Add latest changes from gitlab-org/gitlab@master

10 files changed, 49 insertions, 23 deletions

diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 98c418a05f8..5e3916ab957 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -226,7 +226,7 @@
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:5.0-alpine
+    - name: redis:6.0-alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
 
@@ -255,7 +255,7 @@
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:5.0-alpine
+    - name: redis:6.0-alpine
     - name: elasticsearch:7.17.0
       command: ["elasticsearch", "-E", "discovery.type=single-node"]
   variables:
diff --git a/doc/administration/reference_architectures/10k_users.md b/doc/administration/reference_architectures/10k_users.md
index a687c5db2b4..fcce44f62b2 100644
--- a/doc/administration/reference_architectures/10k_users.md
+++ b/doc/administration/reference_architectures/10k_users.md
@@ -1363,6 +1363,7 @@ To configure the Praefect nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Praefect Configuration
@@ -1503,6 +1504,7 @@ On each node:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
@@ -1680,6 +1682,7 @@ To configure the Sidekiq nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # External URL
diff --git a/doc/administration/reference_architectures/25k_users.md b/doc/administration/reference_architectures/25k_users.md
index b473ef8c965..c08fe985b40 100644
--- a/doc/administration/reference_architectures/25k_users.md
+++ b/doc/administration/reference_architectures/25k_users.md
@@ -1367,6 +1367,7 @@ To configure the Praefect nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Praefect Configuration
@@ -1507,6 +1508,7 @@ On each node:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
@@ -1684,6 +1686,7 @@ To configure the Sidekiq nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # External URL
diff --git a/doc/administration/reference_architectures/2k_users.md b/doc/administration/reference_architectures/2k_users.md
index f6c484b08b1..6f6c02c309a 100644
--- a/doc/administration/reference_architectures/2k_users.md
+++ b/doc/administration/reference_architectures/2k_users.md
@@ -286,11 +286,6 @@ further configuration steps.
    ```ruby
    # Disable all components except PostgreSQL related ones
    roles(['postgres_role'])
-   prometheus['enable'] = false
-   alertmanager['enable'] = false
-   pgbouncer_exporter['enable'] = false
-   redis_exporter['enable'] = false
-   gitlab_exporter['enable'] = false
 
    # Set the network addresses that the exporters used for monitoring will listen on
    node_exporter['listen_address'] = '0.0.0.0:9100'
@@ -365,19 +360,7 @@ Omnibus:
 
    ```ruby
    ## Enable Redis
-   redis['enable'] = true
-
-   # Avoid running unnecessary services on the Redis server
-   gitaly['enable'] = false
-   postgresql['enable'] = false
-   puma['enable'] = false
-   sidekiq['enable'] = false
-   gitlab_workhorse['enable'] = false
-   prometheus['enable'] = false
-   alertmanager['enable'] = false
-   grafana['enable'] = false
-   gitlab_exporter['enable'] = false
-   nginx['enable'] = false
+   roles(["redis_master_role"])
 
    redis['bind'] = '0.0.0.0'
    redis['port'] = 6379
@@ -481,6 +464,7 @@ To configure the Gitaly server, on the server node you want to use for Gitaly:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
diff --git a/doc/administration/reference_architectures/3k_users.md b/doc/administration/reference_architectures/3k_users.md
index 2b4c3d80131..76f81e65580 100644
--- a/doc/administration/reference_architectures/3k_users.md
+++ b/doc/administration/reference_architectures/3k_users.md
@@ -1307,6 +1307,7 @@ To configure the Praefect nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Praefect Configuration
@@ -1447,6 +1448,7 @@ On each node:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
@@ -1626,6 +1628,7 @@ To configure the Sidekiq nodes, one each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # External URL
diff --git a/doc/administration/reference_architectures/50k_users.md b/doc/administration/reference_architectures/50k_users.md
index 816b55a2f59..dfa963d1ad0 100644
--- a/doc/administration/reference_architectures/50k_users.md
+++ b/doc/administration/reference_architectures/50k_users.md
@@ -1376,6 +1376,7 @@ To configure the Praefect nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Praefect Configuration
@@ -1516,6 +1517,7 @@ On each node:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
@@ -1693,6 +1695,7 @@ To configure the Sidekiq nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # External URL
diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md
index 94fe46a549e..f2463afbf3b 100644
--- a/doc/administration/reference_architectures/5k_users.md
+++ b/doc/administration/reference_architectures/5k_users.md
@@ -1305,6 +1305,7 @@ To configure the Praefect nodes, on each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Praefect Configuration
@@ -1445,6 +1446,7 @@ On each node:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # Prevent database migrations from running on upgrade automatically
@@ -1622,6 +1624,7 @@ To configure the Sidekiq nodes, one each one:
    alertmanager['enable'] = false
    grafana['enable'] = false
    gitlab_exporter['enable'] = false
+   gitlab_kas['enable'] = false
    nginx['enable'] = false
 
    # External URL
diff --git a/doc/administration/restart_gitlab.md b/doc/administration/restart_gitlab.md
index 88909b2b9d8..44bfa153123 100644
--- a/doc/administration/restart_gitlab.md
+++ b/doc/administration/restart_gitlab.md
@@ -9,6 +9,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 Depending on how you installed GitLab, there are different methods to restart
 its services.
 
+NOTE:
+A short downtime is expected for all methods.
+
 ## Omnibus installations
 
 If you have used the [Omnibus packages](https://about.gitlab.com/install/) to install GitLab, then
@@ -90,8 +93,8 @@ application that powers Omnibus GitLab, makes sure that all things like director
 permissions, and services are in place and in the same shape that they were
 initially shipped.
 
-It also restarts GitLab components where needed, if any of their
-configuration files have changed.
+It also [restarts GitLab components](#how-to-restart-gitlab)
+where needed, if any of their configuration files have changed.
 
 If you manually edit any files in `/var/opt/gitlab` that are managed by Chef,
 running reconfigure reverts the changes AND restarts the services that
diff --git a/doc/update/index.md b/doc/update/index.md
index 3a9bfc75a1e..3ee63a95d8d 100644
--- a/doc/update/index.md
+++ b/doc/update/index.md
@@ -334,6 +334,28 @@ NOTE:
 Specific information that follow related to Ruby and Git versions do not apply to [Omnibus installations](https://docs.gitlab.com/omnibus/)
 and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with appropriate Ruby and Git versions and are not using system binaries for Ruby and Git. There is no need to install Ruby or Git when utilizing these two approaches.
 
+### 14.8.0
+
+- The agent server for Kubernetes [is enabled by default](https://about.gitlab.com/releases/2022/02/22/gitlab-14-8-released/#the-agent-server-for-kubernetes-is-enabled-by-default)
+  on Omnibus installations. If you run GitLab at scale,
+  such as [the reference architectures](../administration/reference_architectures/index.md),
+  you must disable the agent on the following server types, **if the agent is not required**.
+
+  - Praefect
+  - Gitaly
+  - Sidekiq
+  - Redis (if configured using `redis['enable'] = true` and not via `roles`)
+  - Container registry
+  - Any other server types based on `roles(['application_role'])`, such as the GitLab Rails nodes
+
+  [The reference architectures](../administration/reference_architectures/index.md) have been updated
+  with this configuration change and a specific role for standalone Redis servers.
+
+  Steps to disable the agent:
+
+  1. Add `gitlab_kas['enable'] = false` to `gitlab.rb`.
+  1. If the server is already upgraded to 14.8, run `gitlab-ctl reconfigure`.
+
 ### 14.7.0
 
 - See [LFS objects import and mirror issue in GitLab 14.6.0 to 14.7.2](#lfs-objects-import-and-mirror-issue-in-gitlab-1460-to-1472).
diff --git a/doc/user/admin_area/reporting/spamcheck.md b/doc/user/admin_area/reporting/spamcheck.md
index 02d7cd01139..7f5732d88ea 100644
--- a/doc/user/admin_area/reporting/spamcheck.md
+++ b/doc/user/admin_area/reporting/spamcheck.md
@@ -12,6 +12,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 developed by GitLab originally to combat rising amount of spam in GitLab.com,
 and later made public to be used in self-managed GitLab instances.
 
+Spamcheck [contains obfuscated, non-free code](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6259#note_726605397), which is only available in GitLab Enterprise Edition. You can [migrate from GitLab Community Edition](../../../update/package/convert_to_ee.md), and use the Free tier. 
+
 ## Enable Spamcheck
 
 Spamcheck is only available for package-based installations:
@@ -47,7 +49,7 @@ Spamcheck is only available for package-based installations:
 1. Select **Save changes**.
 
 NOTE:
-In single-node instances, Spamcehck runs over `localhost`, and hence is running
+In single-node instances, Spamcheck runs over `localhost`, and hence is running
 in an unauthenticated mode. If on multi-node instances where GitLab runs on one
 server and Spamcheck runs on another server listening over a public endpoint, it
 is recommended to enforce some sort of authentication using a reverse proxy in