Disable KAS by default in FIPS environments
What does this MR do?
KAS doesn't comply with FIPS (being tracked in &7933 (closed)). Hence, we should disable it by default in FIPS environments, while still giving the user control to manually enable it.
Testing
- In a FIPS environment, install the
gitlab-fipspackage from https://dev.gitlab.org/gitlab/omnibus-gitlab/-/pipelines/243115 - Deploy GitLab.
- See that
gitlab-kasis not enabled. - Edit
/etc/gitlab/gitlab.rband addroles['application_role']and run reconfigure. - See that
gitlab-kasis still not enabled. - Repeat the test with
gitlab-eepackage from that pipeline in a non-FIPS environment and see thatgitlab-kasis enabled by default for default, and when usingapplication_role.
Related issues
Closes #6802
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-packagehas a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Edited by Balasankar 'Balu' C