Add config field gitlab_kas.external_k8s_proxy_url
What does this MR do and why?
KAS runs the Kubernetes API proxy on a separate port from the agentk gRPC service. In the GitLab Helm chart, there is a reverse proxy (Ingress) that combines both under a single address, but this is not the case for other distributions, such as Omnibus and GDK.
Furthermore, the two are in separate security domains:
-
gitlab_kas.external_url
must be reachable from agentk instances -
gitlab_kas.external_k8s_proxy_url
must be reachable from CI/CD and user machines
See #342084 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Hordur Freyr Yngvason