Add support for Kerberos settings
What does this MR do?
This MR add support for Kerberos into this Helm chart by adding the following default values:
global:
appConfig:
kerberos:
enabled: false
keytab:
# secret: gitlab-kerberos-keytab
key: keytab
servicePrincipalName: ""
krb5Config: ""
dedicatedPort:
enabled: false
port: 8443
https: true
simpleLdapLinkingAllowedRealms: []
Kerberos support is enabled if global.appConfig.kerberos.enabled
is set to true
. The user may fill the global.appConfig.kerberos.krb5Config
setting with its custom krb5.conf
content.
kerberos:
enabled: true
keytab:
secret: gitlab-keytab
krb5Config: |
[libdefaults]
default_realm = EXAMPLE.COM
The other settings work as expected, and as described in GitLab's documentation.
The proposed changes were applied on top of v14.1.2
and tested in production.
We added support for Kerberos to sidekiq and task-runner deployments, as LDAP was also added there. However, we think it was added for to allow for background synchronization of users, and thus are not sure Kerberos is required over there.
Related issues
This changes depends on gitlab-org/build/CNG!734 (merged) being merged.
Closes #2522 (closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened
/cc @mareo whom I worked with for this MR.