WIP: Add initial configuration for SmartCard authentication
This is the first stab at #988 (closed) and contains experimental code. This MR might be disregarded and superseded by another approach.
Here's a summary of the approach in this MR:
- Smartcard authentication can be enabled with
global.appConfig.smartcard.enabled
- A default CA is generated in
shared-secret
, if one is not provided usingglobal.appConfig.smartcard.caSecret
. The default value is an extracted pool from https://curl.haxx.se/docs/caextract.html. - The relevant configuration is added
gitlab.yml.erb
inunicorn
subchart to be picked by Workhorse. -
nginx-ingress
ofunicorn
is configured to do the client SSL authentication (it doesn't create a separate server context as described in https://docs.gitlab.com/ee/administration/auth/smartcard.html.
Closes #988 (closed)
Edited by Hossein Pursultani