Gateway API: Support Smartcard authentication (!4850) · Merge requests · GitLab.org / charts / GitLab Chart · GitLab

What does this MR do?

Gateway API: Support Smartcard authentication

Add smartcard listener to managed Gateway.
Change webservice HTTPRoute to bind smartcard listener and hostname.
Add ClientTrafficPolicy for tls handling.

Closes #6304 (closed)

Changelog: added

Gateway API | Support Smartcard Authentication (#6304 - closed)

Testing

Create certificates with mkcert following https://gitlab-org.gitlab.io/gitlab-development-kit/howto/smartcard/
Create a secret with your CA
Deploy GitLab chart with:
1. Envoy Gateway enabled
2. Amartcard authentication enabled (by setting global.appConfig.smartcard.enabled and global.appConfig.smartcard.CASecret)
3. A premium/ultimate (developer) licence
4. A webservice image thats has the rails changes of gitlab-org/gitlab!226021 (merged)

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Merge Request Title and Description are up to date, accurate, and descriptive.
MR targeting the appropriate branch.
MR has a green pipeline.
Documentation created/updated.
Tests added/updated, and test plan for scenarios not covered by automated tests.
~~Equivalent MR/issue for~~ ~~omnibus-gitlab~~ ~~opened.~~

Reviewers checklist

MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.

Edited Mar 12, 2026 by Clemens Beck