Support putting the primary behind a Geo node load balancer
Originally https://gitlab.com/gitlab-org/gitlab-ee/issues/6306 mixed at least a couple use cases. One is https://gitlab.com/gitlab-org/gitlab-ee/issues/9123. The next is:
A customer wants to run all Geo Nodes behind a location aware load balancer so their users don't need knowledge of Geo.
Prerequisite
Secondaries are writable. To users, they behave exactly like the primary.
Proposal
Authentication on secondaries currently uses OAuth, using the primary as the authentication server.
Basic flow if all Geo nodes are behind https://example.com
:
- Visit
https://example.com
- Get redirected to
https://primary.example.com
- Sign in if not already signed in
- Get redirected back to example.com
This works if:
- The load balancer at
https://example.com
uses sticky sessions - The primary is accessible at a unique URL (e.g.
https://primary.example.com
) - The secondaries know the primary's unique URL
Secondaries already use GeoNode#url
field for this.
To do
-
Validate in Rails that the primary URL is unique. -
Can we add this constraint in the DB, only for the primary? Secondary URLs may not be unique. -
Add/modify documentation for this use case
References
- Customer ticket: https://gitlab.zendesk.com/agent/tickets/106018 (internal use)
- Slack discussion during customer call: https://gitlab.slack.com/archives/C32LCGC1H/p1540571721004700 (internal use)
Edited by Michael Kozono