Registry: add support for TLS on the Pod service (!2673) · Merge requests · GitLab.org / charts / GitLab Chart

Jason Plum requested to merge registry-tls-support into master Jul 13, 2022

What does this MR do?

Enable configuration and use of TLS on the registry pods.

registry:

Implement configuration of http.tls per documenation
Place TLS certificates
Configure NGINX Ingress annotations where appropriate
Update Deployment / Service with port.name of https when enabled

gitlab/*:

Update implementation of gitlab.registry.api.* to ensure handling of scheme/protocol
Piggy-back on existing global.hosts.registry.* settings as documented in https://docs.gitlab.com/charts/charts/globals#configure-host-settings

To enable:

global:
  ## add signing CA to all pods
  certificates:
    customCAs:
    - secret: services-internal-tls-ca
  ## tell generation mechanisms to use https
  hosts:
    registry:
      protocol: https

registry:
  ## configure TLS
  tls:
    enabled: true
    secretName: services-internal-tls
    ## configure Ingress to verify the TLS on the backend
    verify: true
    caSecretName: default/services-internal-tls-ca

TODO

Documentation
RSpec

Related issues

Closes #3398 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

Merge Request Title and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Tests added
Integration tests added to GitLab QA
Equivalent MR/issue for omnibus-gitlab opened

Edited Jul 18, 2022 by Hossein Pursultani

Registry: add support for TLS on the Pod service