Install load balancer at cloud.gitlab.com

General Information:

• Point of contact for this request: @mkaeppler
• Related issue for context (if applicable): gitlab-org/gitlab#429818 (closed)
• Foundations owned service this relates to: K8s, Config, CDN, DNS, Load Balancing, Networking

Details

The Cloud Connector group is responsible for delivering cloud-hosted services built and operated by GitLab to self-managed and Dedicated users. Examples includes AI via the AI gateway and soon Secrets Management ("tanukey") and Observability (GOB/opstrace). To that end, we are looking to install a single DNS entrypoint for all GitLab instances around the world (incl. SaaS) to consume these services so as to minimize the number of GitLab endpoints application administrators need to manage via host permit lists and firewall rules.

While eventually we envision some sort of edge service / router that may handle this entry point, as an interim and forward-compatible solution we are looking to install a load balancer reachable at cloud.gitlab.com instead, which can route traffic into various GitLab stage group backends based on URL matching.

We explored some alternatives in gitlab-org/gitlab#429818 (closed) already and think either a Cloudflare or LB Google External App LB might fit the bill.

We also list a number of requirements here: gitlab-org/gitlab#429818 (closed)

We would like to have this in place by mid-January if possible.

Priority

Please check one:

• Very urgent, blocking significant other work: ~"Priority::1"
• A blocker, but we have workarounds: ~"Priority::2"
• Not currently a blocker but will be soon: ~"Priority::3"
• Not likely to be a blocker, this is a nice-to-have improvement or suggestion: ~"Priority::4"
• Unsure