Allow KAS and GitLab on different subdomains when using Dashboard for Kubernetes
Problem
Currently, there is a limitation that KAS must be a subdomain of GitLab-Rails domain when user using Dashboard for Kubernetes. This is not a problem on gitlab.com/SaaS, however, some self-hosted GitLab instances can't use the feature due to this limitation.
For example, if an organization runs an GitLab instance on gitlab.example.com
and runs KAS instatnce on kas.example.com
. The KAS cookie can't be sent because domain
attribute is NOT correctly set. This results in the following error in environment page:
Error: GitLab Agent Server: Unauthorized no valid credentials provided.
Affected users
Proposal
TBD
One of the ideas is to allow users to set a trusted parent domain in project setting page. This value is used for the KAS cookie's domain
value. But there is a downside that the cookie is available on all of the subdomains of the parent domain. There is no necessity to do that since the credential is needed for KAS instance only.