Add openbao.jwt_audience
What does this MR do?
Adds support for configuring OpenBao JWT audience in the GitLab Helm chart. This enables proper JWT authentication in GitLab Geo deployments where secondary sites may have different OpenBao URLs.
Related issues
Closes gitlab-org/gitlab#571099 (closed)
Changes
- Adds
openbao.jwt_audienceHelm value to allow independent configuration of JWT audience from the OpenBao URL - Enables flexible audience validation in multi-site Geo deployments
- Maintains backward compatibility by defaulting to the OpenBao URL when not specified
Configuration Example
For Geo deployments with different OpenBao URLs per site:
openbao:
url: https://openbao.site-specific.example.com:8200
jwt_audience: https://openbao.shared.example.com:8200Related MR
This is a follow-up to gitlab-org/gitlab!223741 (merged) which implements the core JWT audience functionality in GitLab.
Author checklist
For general guidance, please follow our Contributing guide.
Required
For anything in this list which will not be completed, please provide a reason in the MR discussion.
- Merge Request Title and Description are up to date, accurate, and descriptive.
- MR targeting the appropriate branch.
- MR has a green pipeline.
- Documentation created/updated.
- Tests added/updated, and test plan for scenarios not covered by automated tests.
- Equivalent MR/issue for omnibus-gitlab opened.
Reviewers checklist
- MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
- Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.
Edited by Dmytro Biryukov