Enable SSH certificates feature on production
Overview
Add support for git access control via SSH cert... (&10662 - closed) is ready to be enabled. In order to fully roll it out, an environment variable and feature flags must be set:
-
FF_GITLAB_SHELL_SSH_CERTIFICATES
- Introduced in Support authentication using SSH Certificates (gitlab-shell!812 - merged)
- Enables Gitlab Shell to accept SSH certificates for authentication
-
ssh_certificates_rest_endpoints
feature flag- Introduced in REST get, post and delete endpoints for SSH Cer... (!130866 - merged)
- Enables REST API endpoints for adding/removing SSH certificates to a group
- Rollout issue: [Feature flag] Rollout of `ssh_certificates_res... (#424501)
-
enforce_ssh_certificates_via_settings
feature flag- Introduced in Enforce SSH Certificates via Settings (!136498 - merged)
- Enables the ability to enforce SSH certificates usage
- Rollout issue: [Feature flag] Rollout of `enforce_ssh_certific... (#426235 - closed)
Steps
FF_GITLAB_SHELL_SSH_CERTIFICATES
:
-
Enable FF_GITLAB_SHELL_SSH_CERTIFICATES
forgstg
: Enable SSH certificates for Gitlab Shell (gitlab-com/gl-infra/k8s-workloads/gitlab-com!3089 - merged) -
Enable FF_GITLAB_SHELL_SSH_CERTIFICATES
forgprd-cny
: feat(gprd-cny): enable SSH certificates for Git... (gitlab-com/gl-infra/k8s-workloads/gitlab-com!3252 - merged) -
Enable FF_GITLAB_SHELL_SSH_CERTIFICATES
forus-east1-b
: feat(gprd): enable SSH certificates for Gitlab ... (gitlab-com/gl-infra/k8s-workloads/gitlab-com!3251 - merged) -
Enable FF_GITLAB_SHELL_SSH_CERTIFICATES
forgprd
: feat(gprd): enable SSH certificates for Gitlab ... (gitlab-com/gl-infra/k8s-workloads/gitlab-com!3253 - merged)
ssh_certificates_rest_endpoints
:
-
Enable on gstg -
Enable selectively on gprd -
Enable globally on gprd
enforce_ssh_certificates_via_settings
:
-
Enable on gstg -
Enable selectively on gprd -
Enable globally on gprd
Edited by Igor Drozdov