Investigate how to enable access to Vault from CI on gitlab.com
vault.ops.gke.gitlab.net
is an internal endpoint, making it only accessible from the ops
runners at this stage, which are not currently configured on gitlab.com
. Because of this, retrieving CI secrets from Vault is only possible from ops.gitlab.net
at the moment. Being able to use Vault in CI jobs on gitlab.com would be very useful, we notably have CI jobs using access tokens for ops.gitlab.net
.
Possible solutions:
- add the
ops
runners ongitlab.com
under https://gitlab.com/gitlab-com/gl-infra/ - allow the private runners subnets to access
vault.ops.gke.gitlab.net
- ?