Commit b02482b9 authored by Evan Read's avatar Evan Read

Merge branch 'docs-fix-yaml-5' into 'master'

Clean up yaml code block formatting in monitor/configure/ecosystem docs

See merge request gitlab-org/gitlab!43511
parents 06b80fb7 0881c145
......@@ -228,13 +228,13 @@ which ideally should not have Redis or Sentinels in the same machine:
sentinels:
-
host: 10.0.0.1
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.2
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.3
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
......@@ -353,13 +353,13 @@ or a failover promotes a different **Primary** node.
sentinels:
-
host: 10.0.0.1
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.2
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.3
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
......
......@@ -146,13 +146,13 @@ production:
sentinels:
-
host: 10.0.0.1
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.2
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
-
host: 10.0.0.3
port: 26379 # point to sentinel, not to redis port
port: 26379 # point to sentinel, not to redis port
```
When in doubt, read the [Redis Sentinel documentation](https://redis.io/topics/sentinel).
......@@ -45,10 +45,10 @@ To enable the CAS OmniAuth provider you must register your application with your
- { name: 'cas3',
label: 'cas',
args: {
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
service_validate_url: '/CAS_PATH/p3/serviceValidate',
logout_url: '/CAS_PATH/logout'} }
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
service_validate_url: '/CAS_PATH/p3/serviceValidate',
logout_url: '/CAS_PATH/logout' } }
```
1. Change 'CAS_PATH' to the root of your CAS instance (ie. `cas`).
......
......@@ -83,7 +83,7 @@ To enable the Facebook OmniAuth provider you must register your application with
```yaml
- { name: 'facebook', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
app_secret: 'YOUR_APP_SECRET' }
```
1. Change 'YOUR_APP_ID' to the API key from Facebook page in step 10.
......
......@@ -71,17 +71,18 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```yaml
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } }
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } }
```
For GitHub Enterprise:
```yaml
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
args: { scope: 'user:email' } }
- { name: 'github',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
args: { scope: 'user:email' } }
```
**Replace `https://github.example.com/` with your GitHub URL.**
......@@ -125,11 +126,12 @@ omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"] }
For installation from source:
```yaml
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
verify_ssl: false,
args: { scope: 'user:email' } }
- { name: 'github',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
verify_ssl: false,
args: { scope: 'user:email' } }
```
You will also need to disable Git SSL verification on the server hosting GitLab.
......
......@@ -63,9 +63,10 @@ GitLab.com will generate an application ID and secret key for you to use.
For installations from source:
```yaml
- { name: 'gitlab', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api' } }
- { name: 'gitlab',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api' } }
```
1. Change 'YOUR_APP_ID' to the Application ID from the GitLab.com application page.
......
......@@ -84,9 +84,10 @@ On your GitLab server:
For installations from source:
```yaml
- { name: 'google_oauth2', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
- { name: 'google_oauth2',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
```
1. Change `YOUR_APP_ID` to the client ID from the Google Developer page
......
......@@ -207,9 +207,10 @@ remove the OmniAuth provider named `kerberos` from your `gitlab.yml` /
```yaml
omniauth:
# Rest of configuration omitted
# ...
providers:
- { name: 'kerberos' } # <-- remove this line
- { name: 'kerberos' } # <-- remove this line
```
1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect.
......
......@@ -104,21 +104,21 @@ To change these settings:
```yaml
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
# Versions prior to 11.4 require this to be set to true
# enabled: true
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
# Versions prior to 11.4 require this to be set to true
# enabled: true
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml", "twitter"]
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml", "twitter"]
auto_link_ldap_user: true
auto_link_ldap_user: true
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: true
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: true
```
Now we can choose one or more of the [Supported Providers](#supported-providers)
......@@ -142,7 +142,7 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab
## Automatically Link Existing Users to OmniAuth Users
> [Introduced in GitLab 13.4.](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664)
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4.
You can automatically link OmniAuth users with existing GitLab users if their email addresses match.
For example, the following setting is used to enable the auto link feature for both a SAML provider and the Twitter OAuth provider:
......
......@@ -64,7 +64,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
- { name: 'salesforce',
app_id: 'SALESFORCE_CLIENT_ID',
app_secret: 'SALESFORCE_CLIENT_SECRET'
}
}
```
1. Change `SALESFORCE_CLIENT_ID` to the Consumer Key from the Salesforce connected application page.
......
......@@ -113,16 +113,16 @@ in your SAML IdP:
omniauth:
providers:
- {
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
}
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
}
```
1. Change the value for `assertion_consumer_service_url` to match the HTTPS endpoint
......@@ -210,7 +210,7 @@ Example:
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
} }
} }
```
### External Groups **(STARTER ONLY)**
......@@ -228,7 +228,7 @@ SAML login supports automatic identification on whether a user should be conside
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
} }
} }
```
### Admin Groups **(STARTER ONLY)**
......@@ -248,7 +248,7 @@ considered admin users.
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
} }
} }
```
### Auditor Groups **(STARTER ONLY)**
......@@ -270,7 +270,7 @@ considered auditor users.
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
} }
} }
```
## Bypass two factor authentication
......@@ -328,22 +328,22 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
omniauth:
providers:
- {
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
upstream_two_factor_authn_contexts:
[
'urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport',
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS',
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
]
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
}
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
upstream_two_factor_authn_contexts:
[
'urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport',
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS',
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
]
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
}
```
1. Save the file and [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect
......@@ -436,7 +436,7 @@ args: {
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
attribute_statements: { email: ['EmailAddress'] },
allowed_clock_drift: 1 # for one second clock drift
allowed_clock_drift: 1 # for one second clock drift
}
```
......@@ -561,10 +561,10 @@ args: {
<redacted>
-----END PRIVATE KEY-----',
security: {
authn_requests_signed: true, # enable signature on AuthNRequest
want_assertions_signed: true, # enable the requirement of signed assertion
embed_sign: true, # embedded signature or HTTP GET parameter signature
metadata_signed: false, # enable signature on Metadata
authn_requests_signed: true, # enable signature on AuthNRequest
want_assertions_signed: true, # enable the requirement of signed assertion
embed_sign: true, # embedded signature or HTTP GET parameter signature
metadata_signed: false, # enable signature on Metadata
signature_method: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
digest_method: 'http://www.w3.org/2001/04/xmlenc#sha256',
}
......@@ -629,9 +629,9 @@ Group SAML on a self-managed instance is limited when compared to the recommende
```yaml
omniauth:
enabled: true
providers:
- { name: 'group_saml' }
enabled: true
providers:
- { name: 'group_saml' }
```
## Troubleshooting
......
......@@ -65,7 +65,8 @@ To enable the Twitter OmniAuth provider you must register your application with
For installations from source:
```yaml
- { name: 'twitter', app_id: 'YOUR_APP_ID',
- { name: 'twitter',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
```
......
......@@ -70,7 +70,8 @@ receivers:
bearer_token: 9e1cbfcd546896a9ea8be557caf13a76
send_resolved: true
url: http://192.168.178.31:3001/root/manual_prometheus/prometheus/alerts/notify.json
...
# Rest of configuration omitted
# ...
```
For GitLab to associate your alerts with an [environment](../../ci/environments/index.md),
......
......@@ -17,7 +17,7 @@ dashboard: 'Dashboard Title'
panel_groups:
- group: 'Group Title'
panels:
- type: area-chart # or line-chart
- type: area-chart # or line-chart
title: 'Area Chart Title'
y_label: 'Y-Axis'
y_axis:
......
......@@ -317,7 +317,7 @@ metadata:
name: gitlab-managed-apps-default-proxy
namespace: gitlab-managed-apps
spec:
env:
env:
- name: http_proxy
value: "PUT_YOUR_HTTP_PROXY_HERE"
- name: https_proxy
......
......@@ -125,27 +125,27 @@ the Agent in subsequent steps. You can create an Agent record either:
- Through GraphQL: **(PREMIUM ONLY)**
```json
mutation createAgent {
createClusterAgent(input: { projectPath: "path-to/your-awesome-project", name: "<agent-name>" }) {
clusterAgent {
id
name
}
errors
```graphql
mutation createAgent {
createClusterAgent(input: { projectPath: "path-to/your-awesome-project", name: "<agent-name>" }) {
clusterAgent {
id
name
}
errors
}
mutation createToken {
clusterAgentTokenCreate(input: { clusterAgentId: <cluster-agent-id-taken-from-the-previous-mutation> }) {
secret # This is the value you need to use on the next step
token {
createdAt
id
}
errors
}
mutation createToken {
clusterAgentTokenCreate(input: { clusterAgentId: <cluster-agent-id-taken-from-the-previous-mutation> }) {
secret # This is the value you need to use on the next step
token {
createdAt
id
}
errors
}
}
```
NOTE: **Note:**
......@@ -245,7 +245,7 @@ spec:
args:
- --token-file=/config/token
- --kas-address
- grpc://host.docker.internal:5005 # {"$openapi":"kas-address"}
- grpc://host.docker.internal:5005 # {"$openapi":"kas-address"}
volumeMounts:
- name: token-volume
mountPath: /config
......
......@@ -269,7 +269,7 @@ To add a Kubernetes cluster to your project, group, or instance:
Copy the `<authentication_token>` value from the output:
```yaml
```plaintext
Name: gitlab-token-b5zv4
Namespace: kube-system
Labels: <none>
......
......@@ -222,7 +222,8 @@ the environment of the deployed function:
```yaml
provider:
...
# Other configuration omitted
# ...
environment:
A_VARIABLE: ${env:A_VARIABLE}
```
......@@ -245,10 +246,10 @@ functions:
hello:
handler: src/handler.hello
events:
- http: # Rewrite this part to enable CORS
- http: # Rewrite this part to enable CORS
path: hello
method: get
cors: true # <-- CORS here
cors: true # <-- CORS here
```
You also need to return CORS specific headers in your function response:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment