Operational validation of Geo support for OpenBao on GitLab CNH
Summary
Validate Geo support for OpenBao on Cloud Native Hybrid (CNH) GitLab.
This is a follow-up issue to Operational validation for Cloud Native Hybrid ... (#568357 - closed).
Scope
This issue tracks validation of:
- Geo replication compatibility - Ensure OpenBao can be deployed on both primary and secondary Geo sites
- Data synchronization - Verify that secrets and credentials are properly synchronized (or isolated) between Geo sites as appropriate
- Failover scenarios - Test failover from primary to secondary site with OpenBao enabled
- Recovery scenarios - Test recovery from secondary to primary site with OpenBao enabled
- Multi-site authentication - Validate JWT authentication and credential provisioning work across Geo sites
- Database consistency - Ensure OpenBao's PostgreSQL storage remains consistent in Geo replication
Acceptance Criteria
- OpenBao deploys successfully on both primary and secondary Geo sites
- Secrets provisioned on primary site are accessible on secondary site (if applicable)
- Failover from primary to secondary works with OpenBao enabled
- JWT authentication continues to work after Geo failover
- No data loss or corruption in OpenBao database during Geo replication
- Documentation updated with Geo-specific deployment instructions (if needed)
- Update https://docs.gitlab.com/charts/charts/openbao/#known-issues
Edited by Fabien Catteau