Add config field gitlab_kas.external_k8s_proxy_url (!71512) · Merge requests · GitLab.org / GitLab

Hordur Freyr Yngvason requested to merge add-kas-tunnel-url-configuration into master Sep 30, 2021

What does this MR do and why?

KAS runs the Kubernetes API proxy on a separate port from the agentk gRPC service. In the GitLab Helm chart, there is a reverse proxy (Ingress) that combines both under a single address, but this is not the case for other distributions, such as Omnibus and GDK.

Furthermore, the two are in separate security domains:

gitlab_kas.external_url must be reachable from agentk instances
gitlab_kas.external_k8s_proxy_url must be reachable from CI/CD and user machines

See #342084 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 01, 2021 by Hordur Freyr Yngvason

Add config field gitlab_kas.external_k8s_proxy_url

What does this MR do and why?

MR acceptance checklist

Merge request reports