Configuration audit between the webservice-web pod and web VMs
Like we did for staging, we should do a compare of the generated application configuration on web staging VMs and what is running in the cluster. We can do this for all environments since we can safely bring up webservice in prod before sending traffic to it.
-
preprod validated -
staging validated -
prod validated
The following items should be taken into consideration:
-
Configurations laid on disk -
Environment variable fed into the processes -
Command line options sent to the running service
The following services will need to be audited
-
puma (webservice container) -
workhorse (gitlab-workhorse container) -
nginx (deployed in Kubernetes via the nginx-ingress)
Charts issues
MRs
- omniauth gitlab-com/gl-infra/k8s-workloads/gitlab-com!323 (merged)
- rack_attack gitlab-com/gl-infra/k8s-workloads/gitlab-com!324 (merged) (needs gitlab-org/charts/gitlab!1486 (merged))
- trusted proxies gitlab-com/gl-infra/k8s-workloads/gitlab-com!367 (merged)
- dependency proxy gitlab-com/gl-infra/k8s-workloads/gitlab-com!368 (merged)
- service desk gitlab-com/gl-infra/k8s-workloads/gitlab-com!373 (merged)