Add deprecation note to GitLab deprecations regarding KAS private tls
What is this issue about?
The gitlab.kas.privateApi.tls.enabled
and gitlab.kas.privateApi.tls.secretName
attrs were deprecated following the linked discussion below.
The following discussion from !2888 (merged) should be addressed:
-
@Alexand started a discussion: I'm not sure if deprecating
gitlab.kas.privateApi.tls.*
is the best way forward. But my reasoning was:- I want to simplify the chart options. So it's probably better to have just one documentation section explaining how to enable TLS for KAS.
- Having a global attribute to configure TLS for KAS across the chart gives us more power to automate these configurations. Right now, GitLab webservice needs KAS address (
grpc
vsgrpcs
). A configuration value that lives inside of the KAS sub-chart can't do it. - I can't immediately think of a reason why one would want to enable just certain KAS servers with TLS, but not others.
- I don't think we'd need different certificates per KAS server, or any other TLS specific configuration that would be used differently for each KAS service.
I'm leaving this thread open in case reviewer and maintainer have any thoughts regarding this.
This issue is to track adding a deprecation note to https://docs.gitlab.com/ee/update/deprecations.html.
Deprecation note proposal
Planned removal: GitLab 17.0 (2024-05-22)
The GitLab chart provides gitlab.kas.privateApi.tls.enabled
and gitlab.kas.privateApi.tls.secretName
to support TLS communication between KAS pods. To enable TLS communication between KAS and all other chart components that KAS needs to communicate to, one needs to set many other extra Helm values.
To facilitate enabling TLS communication between KAS and all the chart components, we've introduced the global.kas.tls.*
Helm values. Since this is a more complete and simple approach to enabling TLS for KAS. We recommend you stop using gitlab.kas.privateApi.tls.*
Helm values, and use global.kas.tls.*
instead. Therefore, the gitlab.kas.privateApi.tls.*
is deprecated and scheduled for removal in 17.0. For more information please refer to:
- The Merge Request which introduces the
global.kas.tls.*
values. - The deprecated documentation.
- The new preferred documentation. (link to be added)