Add GSS-API support for gitlab-sshd
What does this MR do?
This MR adds GSSAPI related settings to the gitlab-shell chart, following gitlab-org/gitlab-shell!682 (merged).
These settings only work with gitlab-sshd
:
gitlab:
gitlab-shell:
enabled: true
sshDaemon: gitlab-sshd
config:
gssapi:
enabled: true
keytab:
secret: gitlab-keytab
key: keytab
krb5Config: |
[libdefaults]
default_realm = GDK.TEST
The complete list of settings this MR adds (with their default values):
gitlab:
gitlab-shell:
config:
gssapi:
enabled: false
keytab:
secret: # required, no default value
key: keytab
krb5Config: "" # optional
servicePrincipalName: "" # optional
It is possible to use yaml anchors to share settings with appConfig
's kerberos
section:
.kerberos: &kerberos
keytab:
secret: gitlab-keytab
krb5Config: |
[libdefaults]
default_realm = GDK.TEST
gitlab:
appConfig:
kerberos:
<<: *kerberos
enabled: false # disable cloning with SPNEGO but still allows authentication with the web ui given the proper omniauth configuration.
servicePrincipalName: HTTP/gdk.test@GDK.TEST
gitlab-shell:
enabled: true
sshDaemon: gitlab-sshd
config:
gssapi:
<<: *kerberos
enabled: true
servicePrincipalName: host/gdk.test@GDK.TEST
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Marin Hannache