Merge branch 'add-kas-tunnel-url-configuration' into 'master'

Add config field gitlab_kas.external_k8s_proxy_url See merge request gitlab-org/gitlab!71512

Merge branch 'add-kas-tunnel-url-configuration' into 'master'
Add config field gitlab_kas.external_k8s_proxy_url See merge request gitlab-org/gitlab!71512
cb0eab52 · Vitali Tatarintev · 3dd6d105 · e0137111 · cb0eab52 · cb0eab52
Commit cb0eab52 authored Oct 04, 2021 by Vitali Tatarintev
4 changed files
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -1218,6 +1218,9 @@ production: &base
    # The URL to the internal KAS API (used by the GitLab backend)
    # internal_url: grpc://localhost:8153
+    # The URL to the Kubernetes API proxy (used by GitLab users)
+    # external_k8s_proxy_url: https://localhost:8154 # default: nil
  ## GitLab Elasticsearch settings
  elasticsearch:
    indexer_path: /home/git/gitlab-elasticsearch-indexer/

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -757,6 +757,7 @@ Settings.gitlab_kas['enabled'] ||= false
 Settings.gitlab_kas['secret_file'] ||= Rails.root.join('.gitlab_kas_secret')
 Settings.gitlab_kas['external_url'] ||= 'wss://kas.example.com'
 Settings.gitlab_kas['internal_url'] ||= 'grpc://localhost:8153'
+# Settings.gitlab_kas['external_k8s_proxy_url'] ||= 'grpc://localhost:8154' # NOTE: Do not set a default until all distributions have been updated with a correct value
 #
 # Repositories

--- a/lib/gitlab/kas.rb
+++ b/lib/gitlab/kas.rb
@@ -41,6 +41,10 @@ module Gitlab
      end
      def tunnel_url
+        configured = Gitlab.config.gitlab_kas['external_k8s_proxy_url']
+        return configured if configured.present?
+        # Legacy code path. Will be removed when all distributions provide a sane default here
        uri = URI.join(external_url, K8S_PROXY_PATH)
        uri.scheme = uri.scheme.in?(%w(grpcs wss)) ? 'https' : 'http'
        uri.to_s

--- a/spec/lib/gitlab/kas_spec.rb
+++ b/spec/lib/gitlab/kas_spec.rb
@@ -70,30 +70,44 @@ RSpec.describe Gitlab::Kas do
      stub_config(gitlab_kas: { external_url: external_url })
    end
+    let(:external_url) { 'xyz' }
    subject { described_class.tunnel_url }
-    context 'external_url uses wss://' do
+    context 'with a gitlab_kas.external_k8s_proxy_url setting' do
-      let(:external_url) { 'wss://kas.gitlab.example.com' }
+      let(:external_k8s_proxy_url) { 'abc' }
+      before do
+        stub_config(gitlab_kas: { external_k8s_proxy_url: external_k8s_proxy_url })
+      end
-      it { is_expected.to eq('https://kas.gitlab.example.com/k8s-proxy') }
+      it { is_expected.to eq(external_k8s_proxy_url) }
    end
-    context 'external_url uses ws://' do
+    context 'without a gitlab_kas.external_k8s_proxy_url setting' do
-      let(:external_url) { 'ws://kas.gitlab.example.com' }
+      context 'external_url uses wss://' do
+        let(:external_url) { 'wss://kas.gitlab.example.com' }
-      it { is_expected.to eq('http://kas.gitlab.example.com/k8s-proxy') }
+        it { is_expected.to eq('https://kas.gitlab.example.com/k8s-proxy') }
-    end
+      end
-    context 'external_url uses grpcs://' do
+      context 'external_url uses ws://' do
-      let(:external_url) { 'grpcs://kas.gitlab.example.com' }
+        let(:external_url) { 'ws://kas.gitlab.example.com' }
-      it { is_expected.to eq('https://kas.gitlab.example.com/k8s-proxy') }
+        it { is_expected.to eq('http://kas.gitlab.example.com/k8s-proxy') }
-    end
+      end
+      context 'external_url uses grpcs://' do
+        let(:external_url) { 'grpcs://kas.gitlab.example.com' }
-    context 'external_url uses grpc://' do
+        it { is_expected.to eq('https://kas.gitlab.example.com/k8s-proxy') }
-      let(:external_url) { 'grpc://kas.gitlab.example.com' }
+      end
+      context 'external_url uses grpc://' do
+        let(:external_url) { 'grpc://kas.gitlab.example.com' }
-      it { is_expected.to eq('http://kas.gitlab.example.com/k8s-proxy') }
+        it { is_expected.to eq('http://kas.gitlab.example.com/k8s-proxy') }
+      end
    end
  end