Disable OpenBao HTTP audit (!4681) · Merge requests · GitLab.org / charts / GitLab Chart

What does this MR do?

Configure OpenBao chart to disable HTTP audit device gitlab_stream/. The audit device being disabled is used to send audit events to the GitLab backend. However, this needs to be disabled temporarily because this prevents OpenBao from initializing properly.

When admins enable OpenBao and the HTTP audit device at the same time (through helm upgrade), the following happens:

Webservice pods are being rolled out to apply OpenBao audit configuration, and so the audit endpoint isn't available right away.
OpenBao pods are being deployed in parallel. During startup OpenBao verifies the HTTP audit device, but this fails until Webservice pods are rolled out.

In this scenario OpenBao fails to perform initialization. See gitlab-org/gitlab#582828 (comment 2941384091).

OpenBao self-init fails when audit stream endpo... (gitlab-org/gitlab#582828)

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Merge Request Title and Description are up to date, accurate, and descriptive.
MR targeting the appropriate branch.
MR has a green pipeline.
Documentation created/updated.
Tests added/updated, and test plan for scenarios not covered by automated tests.
Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.

Edited Dec 09, 2025 by Fabien Catteau

Disable OpenBao HTTP audit

What does this MR do?

Related issues

Author checklist

Required

Reviewers checklist

Merge request reports