Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Add Internal SSL support via hooks / direct

Review changes
Download
Patches
Plain diff

Grant Young requested to merge gy-internal-ssl-hook-support into main May 19, 2022

Overview 26
Commits 19
Pipelines 0
Changes 61

What does this MR do?

MR adds in initial Internal SSL support with the following changes:

Ability to switch Ansible to use hostnames for configuring applicable connections instead of IPs
- ansible_fqdn has to be gathered by Ansible for all hosts. As such update the playbooks to always gather if missing.
- Add hostnames in Terraform output
As discussed here due to the amount of options for most components Internal SSL will be supported via Custom Files and Custom Config to allow full control for users - except Gitaly (see below)
Support added for configuring Gitaly / Praefect Internal SSL directly as GET needs to manage the networking, which changes if SSL is enabled, and there's thankfully no additional options for it. For the other components their network paths don't require changes and will be supported via Custom Files and Custom Config as described above.
Docs added for all the above

Related issues

Closes #410 (closed) https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/issues/281

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

Merge request:
- Corresponding Issue raised and reviewed by the GET maintainers team.
- Merge Request Title and Description are up to date, accurate, and descriptive
- MR targeting the appropriate branch
- MR has a green pipeline
- MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
Code:
- Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
- Documentation created/updated in the same MR.
- If this MR adds an optional configuration - check that all permutations continue to work.
- For Terraform changes: setup a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.

Edited Jun 09, 2022 by Grant Young

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking