Skip to content

Improve support for HTTPS in Gitaly, Shell and Runner

Hordur Freyr Yngvasonrequested to merge
fix-https-in-shell-and-gitaly into main

What does this Merge Request do and why?

A few small fixes for when https.enabled is set.

  • The certificate should provide a SAN. Otherwise, tools built in Go will reject it.
  • Gitaly, Runner and Shell need to be made aware of the self-signed certificate bundle. Otherwise, operations calling the GitLab API fail with x509 errors.

Merge Request checklist

  • This change is backward compatible. If not, please include steps to communicate to our users.
    • If the certificate gets updated, then it may need to be re-trusted in places outside GDK's reach, like web-browsers.
  • Tests added for new functionality. If not, please raise Issue to follow-up.
  • Documentation added/updated, if needed.
  • gdk doctor test added, if needed.
  • Add the ~highlight label if this MR should be included in the CHANGELOG.md.
Edited by Hordur Freyr Yngvason

Merge request reports