Product discovery for running Auto DevOps on air gapped networks
Problem to solve
Auto DevOps depends on internet access for quite a few stages. Some customers run GitLab on airgapped networks, and are therefore unable to use many of the stages.
Intended users
Developers
Further details
There are a few areas where we download things:
- We download the ADO helm chart on demand
- We download quite a few docker images on demand, and in some cases our docker images download other things inside of them
- We use apt to install packages. It's worth noting that apt also does not respect the proxy environment variables.
- ... and more.
- All the users we've interviewed (links in comments) confirmed that all the relevant elements in play (GitLab, k8s cluster, and artifact management tool) are part of the same network and can communicate with one another.
Proposal
- Research and document all the places where Auto DevOps depends on internet access
1.1 Provide a list of dependencies (ideally per stage) along with current version - Figure out best strategy and next steps to solve this problem
2.1 Customers we've interviewed thus far are usingArtifactoryandNexus SonarTypeto host dependencies internally
sectionsec moved their images to be defined in variables: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L10 @stkerr might be able to provide more info.