Add latest changes from gitlab-org/gitlab@12-7-stable-ee

85e95876 · GitLab Bot · 680a5284 · 85e95876 · 85e95876 · 85e95876
Commit 85e95876 authored 5 years ago by GitLab Bot
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -99,6 +99,12 @@ module SystemNoteService
    ::SystemNotes::TimeTrackingService.new(noteable: noteable, project: project, author: author).change_time_spent
  end
  
+  def close_after_error_tracking_resolve(issue, project, author)
+    body = _('resolved the corresponding error and closed the issue.')
+
+    create_note(NoteSummary.new(issue, project, author, body, action: 'closed'))
+  end
+
  def change_status(noteable, project, author, status, source = nil)
    ::SystemNotes::IssuablesService.new(noteable: noteable, project: project, author: author).change_status(status, source)
  end

--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -23,7 +23,7 @@ module Users
        @reset_token = user.generate_reset_token if params[:reset_password]
  
        if user_params[:force_random_password]
-          random_password = Devise.friendly_token.first(User.password_length.min)
+          random_password = User.random_password
          user.password = user.password_confirmation = random_password
        end
      end

--- a/changelogs/unreleased/197925-setting-minimum-password-length-breaks-sign-up-with-saml.yml
+++ b/changelogs/unreleased/197925-setting-minimum-password-length-breaks-sign-up-with-saml.yml
+---
+title: Fixes random passwords generated not conforming to minimum_password_length setting
+merge_request: 23387
+author:
+type: fixed
--- a/changelogs/unreleased/198030-fix-wrong-data.yml
+++ b/changelogs/unreleased/198030-fix-wrong-data.yml
+---
+title: Remove invalid data from jira_tracker_data table
+merge_request: 23621
+author:
+type: fixed
--- a/changelogs/unreleased/198289-unable-to-sign-out-from-secondary-geo-node.yml
+++ b/changelogs/unreleased/198289-unable-to-sign-out-from-secondary-geo-node.yml
+---
+title: Allow users to sign out on a read-only instance
+merge_request: 23545
+author:
+type: fixed
--- a/changelogs/unreleased/39825-close-issue-after-error-resolve.yml
+++ b/changelogs/unreleased/39825-close-issue-after-error-resolve.yml
+---
+title: Close Issue when resolving corresponding Sentry error
+merge_request: 22744
+author:
+type: added
--- a/changelogs/unreleased/jprovazn-fix-group-preloader.yml
+++ b/changelogs/unreleased/jprovazn-fix-group-preloader.yml
+---
+title: Fix loading of sub-epics caused by wrong subscription check.
+merge_request: 23184
+author:
+type: fixed
--- a/changelogs/unreleased/revert-22364.yml
+++ b/changelogs/unreleased/revert-22364.yml
+---
+title: Reverts MR diff redesign which fixes Web IDE visual bugs including file dropdown
+  not showing up
+merge_request: 23428
+author:
+type: fixed
--- a/changelogs/unreleased/sh-add-missing-backtrace-define.yml
+++ b/changelogs/unreleased/sh-add-missing-backtrace-define.yml
+---
+title: Fix Bitbucket Server importer error handler
+merge_request: 23310
+author:
+type: fixed
--- a/db/post_migrate/20200123155929_remove_invalid_jira_data.rb
+++ b/db/post_migrate/20200123155929_remove_invalid_jira_data.rb
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class RemoveInvalidJiraData < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    sql = "DELETE FROM jira_tracker_data WHERE \
+        (length(encrypted_api_url) > 0 AND encrypted_api_url_iv IS NULL) \
+        OR (length(encrypted_url) > 0 AND encrypted_url_iv IS NULL) \
+        OR (length(encrypted_username) > 0 AND encrypted_username_iv IS NULL) \
+        OR (length(encrypted_password) > 0 AND encrypted_password_iv IS NULL)"
+
+    execute(sql)
+  end
+
+  def down
+    # We need to figure out why migrating data to jira_tracker_data table
+    # failed and then can recreate the data
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
  
-ActiveRecord::Schema.define(version: 2020_01_17_112554) do
+ActiveRecord::Schema.define(version: 2020_01_23_155929) do
  
  # These are extensions that must be enabled in order to support this database
  enable_extension "pg_trgm"

--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -121,7 +121,9 @@ In this example we can see that server processed an HTTP request with URL
  
 ## `api_json.log`
  
-Introduced in GitLab 10.0, this file lives in
+> Introduced in GitLab 10.0.
+
+This file lives in
 `/var/log/gitlab/gitlab-rails/api_json.log` for Omnibus GitLab packages or in
 `/home/git/gitlab/log/api_json.log` for installations from source.
  
@@ -159,6 +161,21 @@ October 07, 2014 11:25: User "Claudie Hodkiewicz" (nasir_stehr@olson.co.uk)  was
 October 07, 2014 11:25: Project "project133" was removed
 ```
  
+## `application_json.log`
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/22812) in GitLab 12.7.
+
+This file lives in `/var/log/gitlab/gitlab-rails/application_json.log` for
+Omnibus GitLab packages or in `/home/git/gitlab/log/application_json.log` for
+installations from source.
+
+It contains the JSON version of the logs in `application.log` like the example below:
+
+``` json
+{"severity":"INFO","time":"2020-01-14T13:35:15.466Z","correlation_id":"3823a1550b64417f9c9ed8ee0f48087e","message":"User \"Administrator\" (admin@example.com) was created"}
+{"severity":"INFO","time":"2020-01-14T13:35:15.466Z","correlation_id":"78e3df10c9a18745243d524540bd5be4","message":"Project \"project133\" was removed"}
+```
+
 ## `integrations_json.log`
  
 This file lives in `/var/log/gitlab/gitlab-rails/integrations_json.log` for
@@ -174,7 +191,9 @@ It contains information about [integrations](../user/project/integrations/projec
  
 ## `kubernetes.log`
  
-Introduced in GitLab 11.6. This file lives in
+> Introduced in GitLab 11.6.
+
+This file lives in
 `/var/log/gitlab/gitlab-rails/kubernetes.log` for Omnibus GitLab
 packages or in `/home/git/gitlab/log/kubernetes.log` for
 installations from source.
@@ -320,13 +339,17 @@ It logs information whenever a [repository check is run][repocheck] on a project
  
 ## `importer.log`
  
-Introduced in GitLab 11.3. This file lives in `/var/log/gitlab/gitlab-rails/importer.log` for
+> Introduced in GitLab 11.3.
+
+This file lives in `/var/log/gitlab/gitlab-rails/importer.log` for
 Omnibus GitLab packages or in `/home/git/gitlab/log/importer.log` for
 installations from source.
  
 ## `auth.log`
  
-Introduced in GitLab 12.0. This file lives in `/var/log/gitlab/gitlab-rails/auth.log` for
+> Introduced in GitLab 12.0.
+
+This file lives in `/var/log/gitlab/gitlab-rails/auth.log` for
 Omnibus GitLab packages or in `/home/git/gitlab/log/auth.log` for
 installations from source.
  
@@ -356,7 +379,9 @@ GraphQL queries are recorded in that file. For example:
  
 ## `migrations.log`
  
-Introduced in GitLab 12.3. This file lives in `/var/log/gitlab/gitlab-rails/migrations.log` for
+> Introduced in GitLab 12.3.
+
+This file lives in `/var/log/gitlab/gitlab-rails/migrations.log` for
 Omnibus GitLab packages or in `/home/git/gitlab/log/migrations.log` for
 installations from source.
  
@@ -406,7 +431,9 @@ It is stored at:
  
 ## `elasticsearch.log`
  
-Introduced in GitLab 12.6. This file lives in
+> Introduced in GitLab 12.6.
+
+This file lives in
 `/var/log/gitlab/gitlab-rails/elasticsearch.log` for Omnibus GitLab
 packages or in `/home/git/gitlab/log/elasticsearch.log` for installations
 from source.

--- a/doc/api/keys.md
+++ b/doc/api/keys.md
@@ -129,8 +129,14 @@ Example response:
 }
 ```
  
-Deploy Keys are bound to the creating user, so if you query with a deploy key
-fingerprint you get additional information about the projects using that key:
+## Get user by deploy key fingerprint
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/119209) in GitLab 12.7.
+
+Deploy keys are bound to the creating user, so if you query with a deploy key
+fingerprint you get additional information about the projects using that key.
+
+Example request:
  
 ```sh
 curl --header "PRIVATE-TOKEN: <your_access_token>" 'https://gitlab.example.com/api/v4/keys?fingerprint=SHA256%3AnUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo%2FlCg

--- a/doc/api/merge_request_approvals.md
+++ b/doc/api/merge_request_approvals.md
@@ -63,7 +63,8 @@ POST /projects/:id/approvals
  
 ### Get project-level rules
  
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/11877) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/11877) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.3.
+> - `protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/issues/460) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.7.
  
 You can request information about a project's approval rules using the following endpoint:
  
@@ -130,6 +131,31 @@ GET /projects/:id/approval_rules
        "ldap_access": null
      }
    ],
+    "protected_branches": [
+      {
+        "id": 1,
+        "name": "master",
+        "push_access_levels": [
+          {
+            "access_level": 30,
+            "access_level_description": "Developers + Maintainers"
+          }
+        ],
+        "merge_access_levels": [
+          {
+            "access_level": 30,
+            "access_level_description": "Developers + Maintainers"
+          }
+        ],
+        "unprotect_access_levels": [
+          {
+            "access_level": 40,
+            "access_level_description": "Maintainers"
+          }
+        ],
+        "code_owner_approval_required": "false"
+      }
+    ],
    "contains_hidden_groups": false
  }
 ]
@@ -147,13 +173,14 @@ POST /projects/:id/approval_rules
  
 **Parameters:**
  
-| Attribute            | Type    | Required | Description                                               |
-|----------------------|---------|----------|-----------------------------------------------------------|
-| `id`                 | integer | yes      | The ID of a project                                       |
-| `name`               | string  | yes      | The name of the approval rule                             |
-| `approvals_required` | integer | yes      | The number of required approvals for this rule            |
-| `user_ids`           | Array   | no       | The ids of users as approvers                             |
-| `group_ids`          | Array   | no       | The ids of groups as approvers                            |
+| Attribute              | Type    | Required | Description                                                      |
+|------------------------|---------|----------|------------------------------------------------------------------|
+| `id`                   | integer | yes      | The ID of a project                                              |
+| `name`                 | string  | yes      | The name of the approval rule                                    |
+| `approvals_required`   | integer | yes      | The number of required approvals for this rule                   |
+| `user_ids`             | Array   | no       | The ids of users as approvers                                    |
+| `group_ids`            | Array   | no       | The ids of groups as approvers                                   |
+| `protected_branch_ids` | Array   | no       | **(PREMIUM)** The ids of protected branches to scope the rule by |
  
 ```json
 {
@@ -207,6 +234,31 @@ POST /projects/:id/approval_rules
      "ldap_access": null
    }
  ],
+  "protected_branches": [
+    {
+      "id": 1,
+      "name": "master",
+      "push_access_levels": [
+        {
+          "access_level": 30,
+          "access_level_description": "Developers + Maintainers"
+        }
+      ],
+      "merge_access_levels": [
+        {
+          "access_level": 30,
+          "access_level_description": "Developers + Maintainers"
+        }
+      ],
+      "unprotect_access_levels": [
+        {
+          "access_level": 40,
+          "access_level_description": "Maintainers"
+        }
+      ],
+      "code_owner_approval_required": "false"
+    }
+  ],
  "contains_hidden_groups": false
 }
 ```
@@ -225,14 +277,15 @@ PUT /projects/:id/approval_rules/:approval_rule_id
  
 **Parameters:**
  
-| Attribute            | Type    | Required | Description                                               |
-|----------------------|---------|----------|-----------------------------------------------------------|
-| `id`                 | integer | yes      | The ID of a project                                       |
-| `approval_rule_id`   | integer | yes      | The ID of a approval rule                                 |
-| `name`               | string  | yes      | The name of the approval rule                             |
-| `approvals_required` | integer | yes      | The number of required approvals for this rule            |
-| `user_ids`           | Array   | no       | The ids of users as approvers                             |
-| `group_ids`          | Array   | no       | The ids of groups as approvers                            |
+| Attribute              | Type    | Required | Description                                                      |
+|------------------------|---------|----------|------------------------------------------------------------------|
+| `id`                   | integer | yes      | The ID of a project                                              |
+| `approval_rule_id`     | integer | yes      | The ID of a approval rule                                        |
+| `name`                 | string  | yes      | The name of the approval rule                                    |
+| `approvals_required`   | integer | yes      | The number of required approvals for this rule                   |
+| `user_ids`             | Array   | no       | The ids of users as approvers                                    |
+| `group_ids`            | Array   | no       | The ids of groups as approvers                                   |
+| `protected_branch_ids` | Array   | no       | **(PREMIUM)** The ids of protected branches to scope the rule by |
  
 ```json
 {
@@ -286,6 +339,31 @@ PUT /projects/:id/approval_rules/:approval_rule_id
      "ldap_access": null
    }
  ],
+  "protected_branches": [
+    {
+      "id": 1,
+      "name": "master",
+      "push_access_levels": [
+        {
+          "access_level": 30,
+          "access_level_description": "Developers + Maintainers"
+        }
+      ],
+      "merge_access_levels": [
+        {
+          "access_level": 30,
+          "access_level_description": "Developers + Maintainers"
+        }
+      ],
+      "unprotect_access_levels": [
+        {
+          "access_level": 40,
+          "access_level_description": "Maintainers"
+        }
+      ],
+      "code_owner_approval_required": "false"
+    }
+  ],
  "contains_hidden_groups": false
 }
 ```

--- a/doc/api/protected_branches.md
+++ b/doc/api/protected_branches.md
@@ -34,6 +34,7 @@ Example response:
 ```json
 [
  {
+    "id": 1,
    "name": "master",
    "push_access_levels": [
      {
@@ -61,6 +62,7 @@ Example response:
 ```json
 [
  {
+    "id": 1,
    "name": "master",
    "push_access_levels": [
      {
@@ -105,6 +107,7 @@ Example response:
  
 ```json
 {
+  "id": 1,
  "name": "master",
  "push_access_levels": [
    {
@@ -129,6 +132,7 @@ Example response:
  
 ```json
 {
+  "id": 1,
  "name": "master",
  "push_access_levels": [
    {
@@ -179,6 +183,7 @@ Example response:
  
 ```json
 {
+  "id": 1,
  "name": "*-stable",
  "push_access_levels": [
    {
@@ -209,6 +214,7 @@ Example response:
  
 ```json
 {
+  "id": 1,
  "name": "*-stable",
  "push_access_levels": [
    {
@@ -251,6 +257,7 @@ Example response:
  
 ```json
 {
+  "id": 1,
  "name": "*-stable",
  "push_access_levels": [
    {

--- a/doc/user/analytics/code_review_analytics.md
+++ b/doc/user/analytics/code_review_analytics.md
@@ -4,31 +4,55 @@ description: "Learn how long your open merge requests have spent in code review,
  
 # Code Review Analytics **(STARTER)**
  
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38062) in GitLab ([Starter](https://about.gitlab.com/pricing/)) 12.7.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38062) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.7.
  
-Want to learn how long your open merge requests have spent in code review?  Or what distinguishes your longest-running code reviews?  These are some of the questions Code Review Analytics is designed to answer.
+Code Review Analytics makes it easy to view the longest-running reviews among open merge requests,
+enabling you to take action on individual MRs and reduce overall cycle time.
  
 NOTE: **Note:**
-Initially no data will appear. Data will populate as users comment on open merge requests.
+Initially, no data will appear. Data is populated as users comment on open merge requests.
  
 ## Overview
  
-Code Review Analytics displays a collection of merge requests in a table.  These are all the open merge requests that are considered to be in code review.  This feature considers code review to begin when a merge request receives its first comment from someone other than the author.  The rows of the table are sorted by review time so the longest reviews appear at the top.  There are also columns to display the author, approvers, comment count, and line -/+ counts.
+Code Review Analytics displays a table of open merge requests which are currently considered to be in code review.
+The code review period for an MR is automatically identified as the time since the first non-author comment.
  
-This feature is designed for [development team leaders](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead) and others who want to understand broad code review dynamics, and identify patterns to help explain them.  You can use Code Review Analytics to expose your team's unique challenges with code review, and identify improvements that might substantially accelerate your development cycle.
+To access Code Review Analytics, from your project's menu, go to **Project Analytics > Code Review**.
+
+- The table is sorted by review duration, helping you quickly find the longest-running reviews which may need intervention or to be broken down into smaller parts.
+- You can filter the list of MRs by milestone and label.
+- Columns to display the author, approvers, comment count, and line change (-/+) counts.
  
 ## Use cases
  
-Perhaps your team agrees that code review is moving too slow, or the [Cycle Analytics feature](https://docs.gitlab.com/ee/user/analytics/cycle_analytics.html) shows that "Review" is your team's most time-consuming step.  You can use Code Review Analytics to see what is currently moving slowest, and analyze the patterns and trends between them.  Lots of comments or commits?  Maybe the code is too complex.  A particular author is involved?  Maybe more training is advisable.  Few comments and approvers?  Maybe your team is understaffed.
+This feature is designed for [development team leaders](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
+and others who want to understand broad code review dynamics, and identify patterns to help explain them.
+
+You can use Code Review Analytics to expose your team's unique challenges with code review, and
+identify improvements that might substantially accelerate your development cycle.
+
+Code Review Analytics can be used when:
+
+- Your team agrees that code review is moving too slow.
+- The [Cycle Analytics feature](cycle_analytics.md) shows that reviews are your team's most time-consuming step.
+
+You can use Code Review Analytics to see the types of work that are currently moving the slowest, and analyze the patterns
+and trends between them. For example:
+
+- Lots of comments or commits? Maybe the code is too complex.
+- A particular author is involved? Maybe more training is required.
+- Few comments and approvers? Maybe your team is understaffed.
  
 ## Permissions
  
 - On [Starter or Bronze tier](https://about.gitlab.com/pricing/) and above.
- By users with [Reporter access] and above.
+- By users with Reporter access and above.
  
-## Feature flag
+## Disable with feature flag
  
-Code Review Analytics is [currently protected by a feature flag](https://gitlab.com/gitlab-org/gitlab/issues/194165) that defaults to "enabled" - meaning the feature is available.  If you experience performance problems or otherwise wish to disable the feature, a GitLab administrator can execute a command in a Rails console:
+Code Review Analytics is [currently enabled by a feature flag](https://gitlab.com/gitlab-org/gitlab/issues/194165)
+that defaults to ON, meaning the feature is available. If you experience performance problems or
+otherwise wish to disable the feature, a GitLab administrator can execute a command in a Rails console:
  
 ```ruby
 Feature.disable(:code_review_analytics)

--- a/doc/user/analytics/cycle_analytics.md
+++ b/doc/user/analytics/cycle_analytics.md
@@ -163,6 +163,15 @@ This chart uses the global page filters for displaying data based on the selecte
 group, projects, and timeframe. In addition, specific stages can be selected
 from within the chart itself.
  
+### Chart median line
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36675) in GitLab 12.7.
+
+The median line on the chart displays data that is offset by the number of days selected.
+For example, if 30 days worth of data has been selected (for example, 2019-12-16 to 2020-01-15) the
+median line will represent the previous 30 days worth of data (2019-11-16 to 2019-12-16)
+as a metric to compare against.
+
 ### Enabling chart
  
 By default, this chart is disabled for self-managed instances. To enable it, ask an

--- a/doc/user/analytics/index.md
+++ b/doc/user/analytics/index.md
@@ -16,11 +16,11 @@ Once enabled, click on **Analytics** from the top navigation bar.
 From the centralized analytics workspace, the following analytics are available:
  
 - [Code Review Analytics](code_review_analytics.md), enabled with the `code_review_analytics`
-  [feature flag](../../development/feature_flags/development.html#enabling-a-feature-flag-in-development). **(STARTER)**
+  [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(STARTER)**
 - [Cycle Analytics](cycle_analytics.md), enabled with the `cycle_analytics`
-  [feature flag](../../development/feature_flags/development.html#enabling-a-feature-flag-in-development). **(PREMIUM)**
+  [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
 - [Productivity Analytics](productivity_analytics.md), enabled with the `productivity_analytics`
-  [feature flag](../../development/feature_flags/development.html#enabling-a-feature-flag-in-development). **(PREMIUM)**
+  [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
  
 NOTE: **Note:**
 Project-level Cycle Analytics are still available at a project's **Project > Cycle Analytics**.

--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -135,7 +135,7 @@ using environment variables.
 | `DS_ANALYZER_IMAGE_PREFIX`              | Override the name of the Docker registry providing the official default images (proxy). Read more about [customizing analyzers](analyzers.md). |
 | `DS_ANALYZER_IMAGE_TAG`                 | Override the Docker tag of the official default images. Read more about [customizing analyzers](analyzers.md). |
 | `DS_PYTHON_VERSION`                     | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)|
-| `DS_PIP_VERSION`                        | Force the install of a specific pip version (example: `"19.3"`), otherwise the pip installed in the docker image is used. |
+| `DS_PIP_VERSION`                        | Force the install of a specific pip version (example: `"19.3"`), otherwise the pip installed in the Docker image is used. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12811) in GitLab 12.7) |
 | `DS_PIP_DEPENDENCY_PATH`                | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) |
 | `GEMNASIUM_DB_LOCAL_PATH`               | Path to local gemnasium database (default `/gemnasium-db`).
 | `GEMNASIUM_DB_REMOTE_URL`               | Repository URL for fetching the gemnasium database (default `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git`).

--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -661,6 +661,65 @@ management project. Refer to the
 [chart](https://gitlab.com/gitlab-org/charts/gitlab-runner) for the
 available configuration options.
  
+### Install Cilium using GitLab CI
+
+> [Introduced](https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/merge_requests/22) in GitLab 12.8.
+
+[Cilium](https://cilium.io/) is a networking plugin for Kubernetes
+that you can use to implement support for
+[NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+resources.
+
+Enable Cilium in the `.gitlab/managed-apps/config.yaml` file to install it:
+
+```yaml
+# possible values are gke, eks or you can leave it blank
+clusterType: gke
+
+cilium:
+  installed: true
+```
+
+The `clusterType` variable enables the recommended Helm variables for
+a corresponding cluster type, the default value is blank. You can
+check the recommended variables for each cluster type in the official
+documentation:
+
+- [Google GKE](https://cilium.readthedocs.io/en/stable/gettingstarted/k8s-install-gke/#prepare-deploy-cilium)
+- [AWS EKS](https://cilium.readthedocs.io/en/stable/gettingstarted/k8s-install-eks/#prepare-deploy-cilium)
+
+You can customize Cilium's Helm variables by defining the
+`.gitlab/managed-apps/cilium/values.yaml` file in your cluster
+management project. Refer to the
+[Cilium chart](https://github.com/cilium/cilium/tree/master/install/kubernetes/cilium)
+for the available configuration options.
+
+CAUTION: **Caution:**
+Installation and removal of the Cilium [requires restart](https://cilium.readthedocs.io/en/stable/gettingstarted/k8s-install-gke/#restart-remaining-pods)
+of all affected pods in all namespaces to ensure that they are
+[managed](https://cilium.readthedocs.io/en/stable/troubleshooting/#ensure-pod-is-managed-by-cilium)
+by the correct networking plugin.
+
+NOTE: **Note:**
+Major upgrades might require additional setup steps, please consult
+the official [upgrade guide](https://docs.cilium.io/en/stable/install/upgrade/) for more
+information.
+
+By default, the drop log for traffic is logged out by the
+`cilium-monitor` sidecar container. You can check these logs via:
+
+```bash
+kubectl -n gitlab-managed-apps logs cilium-XXXX cilium-monitor
+```
+
+Drop logging can be disabled via `.gitlab/managed-apps/cilium/values.yaml`:
+
+```yml
+agent:
+  monitor:
+    enabled: false
+```
+
 ## Upgrading applications
  
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/24789) in GitLab 11.8.