Kerberos cannot be enabled on Chart deployment
Summary
Trying to enable Kerberos authentication doesn't work - seems like it is disabled by design
Steps to reproduce
Deploy the chart with Kerberos enabled
Configuration used
omniauth:
enabled: true
autoSignInWithProvider:
syncProfileFromProvider: []
syncProfileAttributes: ['email']
allowSingleSignOn: ['kerberos']
blockAutoCreatedUsers: true
autoLinkLdapUser: true
autoLinkSamlUser: false
autoLinkUser: []
externalProviders: []
allowBypassTwoFactor: []
providers: []
# - secret: gitlab-google-oauth2
# key: provider
kerberos:
enabled: trueCurrent behavior
Looking into the created ConfigMap: gitlab-test-webservice shows the following:
omniauth:
enabled: true
sync_profile_from_provider: []
sync_profile_attributes: ["email"]
allow_single_sign_on: ["kerberos"]
block_auto_created_users: true
auto_link_ldap_user: true
auto_link_saml_user: false
external_providers: []
kerberos:
enabled: false
shared:
gitaly:
client_path: /home/git/gitaly/bin
token: "<%= File.read('/etc/gitlab/gitaly/gitaly_token').strip.dump[1..-2] %>"Diving into the chart itself shows the following under gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:
mattermost:
enabled: false
## Registry Integration
{{- include "gitlab.appConfig.registry.configuration" $ | nindent 6 }}
gitlab_ci:
{{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }}
{{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }}
kerberos:
enabled: false
shared:
{{- include "gitlab.appConfig.gitaly" . | nindent 6 }}
{{- include "gitlab.appConfig.repositories" . | nindent 6 }}
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
{{- include "gitlab.appConfig.kas" . | nindent 6 }}
{{- include "gitlab.appConfig.shell" . | nindent 6 }}
Expected behavior
Get an option to enable Kerberos authentication and the keytab file.
Versions
- Chart: gitlab-4.7.4
- Platform:
- Self-hosted: Rancher RKE
- Kubernetes:
- Client: v1.20.0
- Server: v1.17.2
- Helm: v3.4.2