Test GItaly/Praefect with TLS on Kubernetes
Let's ensure the implementation: https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/6484 of Gitaly using TLS is not blocked. Let's utilize the preprod
environment to create the necessary secret which will contain the certificate utilized. The certificate is currently stored in gkms on (vault: gitlab-omnibus-secrets, item: pre) under .omnibus-gitlab.ssh.trusted_certs
. This can be populated using the following instructions for our helm chart: https://docs.gitlab.com/charts/advanced/external-gitaly/#connecting-to-external-gitaly-over-tls
The goal of this issue is to ensure that we are not the blocker for the desired Gitaly TLS implementation.
-
Create secret -
Switch preprod
to start talking to gitaly over TLS -
If possible, switch preprod
to start talking to gitlay through praefect
/cc @alejandro @jarv @marin
Edited by Alejandro Rodríguez