Enable direct gRPC connection on KAS via nginx (!5414) · Merge requests · GitLab.org / GitLab Development Kit

Issue: Implement gRPC ingress support (gitlab-org/cluster-integration/gitlab-agent#766) • Ashvin Sharma

What does this merge request do and why?

Enable direct gRPC connection on KAS via nginx

By default, gRPC communication on KAS is tunnelled in websocket connection. This change includes a flag which configures the nginx to handle gRPCs connections without the websocket tunnel.

Running this requires TLS and HTTP/2 enabled in GDK.

How to set up and validate locally

1. Enable TLS and HTTP/2 in NGINX
2. Enable gRPC for KAS

gdk config set gitlab_k8s_agent.grpc.enabled true
gdk reconfigure

3. Configure agentk to use grpc

--kas-address "grpcs://gdk.test:3000" --token-file "<PATH-TOKEN-FILE>"

Impacted categories

The following categories relate to this merge request:

gdk-reliability - e.g. When a GDK action fails to complete.
gdk-usability - e.g. Improvements or suggestions around how the GDK functions.
gdk-performance - e.g. When a GDK action is slow or times out.

Merge request checklist

This MR references an issue describing the change.
This change is backward compatible. If not, include steps to communicate to users.
Tests added for new functionality. If not, raise an issue to follow-up.
Observability added/updated (logging, metrics, tracing).
Documentation added/updated.
Announcement added for notable changes.
gdk doctor test added.

Edited Nov 05, 2025 by Ashvin Sharma

Enable direct gRPC connection on KAS via nginx

What does this merge request do and why?

How to set up and validate locally

Impacted categories

Merge request checklist

Merge request reports