Should be able to configure authentication token per-instance when using external Gitaly services
Summary
When using external Gitaly services, it should be possible to configure a per-instance authentication token, as is supported by the GitLab rails codebase.
Currently, it is assumed that all Gitaly instances share a single authentication token, which can be considered either a limitation or technical debt.
Current behavior
All Gitaly instances must share a single value for auth.token
in their config.toml
, and we configure the Rails application bases to use a single global in gitlab.yml
via gitaly.token
. That value is populated only via global.gitaly.authToken.secret
's content.
Expected behavior
One can configure both the global, and individual Gitaly authentication tokens. If individual is present, it overrides the global value.
Expected example configuration:
global:
gitaly:
enabled: false
authToken:
secret: gitaly-auth-token
external:
- name: default
hostname: gitaly-1.outside
- name: praefect
hostname: praefect-1.outside
authToken:
secret: praefect-auth-token
Versions
- Chart: c236c93d