Improve communication regarding how to install the Agent when running GitLab with custom certificates
Release notes
Setting up the KAS component of the agent for Kubernetes with custom certificates and using the CI/CD integration is a rather complex task. To support our users who require custom certificates, we updated the documentation for better support. The documentation touches on how to set up KAS, agentk and how to invoke kubectl commands from Gitlab CI/CD with custom certificates.
Proposal
The following discussion from !2803 (merged) should be addressed:
-
@dmakovey started a discussion: (+4 comments) LGTM.
something for further iterations (i.e. new issues?):
Based on findings in !2803 (comment 1133461689) it looks like mere setup of documented values is not sufficient for proper TLS function with custom CA certs, so can we:
- add documentation for custom (including self-signed) CA authorities or point at existing one
- how to reuse
gitlab-wildcard-tls-ca - (optional) sort out how to add custom CA cert for
kubectlrather than use--insecure-skip-tls-verifyas that's not a proper solution to the problem.
- how to reuse
@Alexand what do you think?
- add documentation for custom (including self-signed) CA authorities or point at existing one
Edited by Viktor Nagy (GitLab)