Document how to expose SSH without NGINX Ingress
Summary
Currently, the documentation does not provide methods to expose SSH in a situation where the use of nginx-ingress is not an option.
Some use cases
- Not able to use built-in
nginx-ingress
's tcp-configmap functionality (Kong Ingress, Rancher, Minikube) - Using a Layer 7 loadbalancer for HTTP(S) (e.g. AWS ALB)
Current state
Currently, we only document how to configure the port via tcp-configmap functionality of nginx-ingress
, with the assumption that this is how it will be done.
It is possible to configure the charts to make use of an different IP / LoadBalancer from the NGINX ingress controller(s). This can allow for the use of SSH on different hostname, or in environments that are not allowed/capable of using our "standard" setup.
Future state
Documentation present on how to configure the charts to make use of SSH on an alternate hostname, via a separate LoadBalancer / HostPort / etc.
Example
AWS with ALB for HTTP(S), ELB for SSH (tweaks may be needed)
global:
hosts:
ssh: ssh.gitlab.domain.tld
gitlab:
gitlab-shell:
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-type: "elb"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"