• Hordur Freyr Yngvason's avatar
    Add config field gitlab_kas.external_k8s_proxy_url · e0137111
    Hordur Freyr Yngvason authored
    KAS runs the Kubernetes API proxy on a separate port from the agentk
    gRPC service. In the GitLab Helm chart, there is a reverse
    proxy (Ingress) that combines both under a single address, but this is
    not the case for other distributions, such as Omnibus and GDK.
    
    Furthermore, the two are in separate security domains:
    
    - gitlab_kas.external_url must be reachable from agentk instances
    - gitlab_kas.external_k8s_proxy_url must be reachable from CI/CD and user machines
    
    See https://gitlab.com/gitlab-org/gitlab/-/issues/342084
    
    Changelog: added
    e0137111
gitlab.yml.example 62 KB