Skip to content

Consolidate webservice TLS configuration

Clemens Beck requested to merge consolidate-webservice-tls into master

What does this MR do?

Make the TLS configuration of the webservice chart more convenient by:

  1. inheriting the TLS config of the metrics webservice listener from gitlab.webservice.tls
  2. inheriting the TLS config of the workhorse monitoring listener from global.workhorse.tls
  3. validating the workhorse exporter listener's TLS config

This may change the behavior of installations that do not explicitly override the webservice metrics/workhorse exporter TLS config. Therefore, marking this as a breaking change.

Related issues

Relates #3404 (closed)

Testing

  1. Create a webservice TLS secret (See: https://docs.gitlab.com/charts/charts/gitlab/webservice/#webservice)

  2. Render chart with the following values

gitlab:
  webservice:
    tls:
      enabled: true # default: false
      secretName: web-tls
    workhorse:
      monitoring:
        exporter:
          enabled: true # default: false
global:
  workhorse:
    tls:
      enabled: true # default: false
helm template \
  --set certmanager-issuer.email=test@example.com \
  -f ~/values/gitlab-chart/consol-tls.yaml \
  --show-only=charts/gitlab/charts/webservice/templates/service.yaml \
  --show-only=charts/gitlab/charts/webservice/templates/deployment.yaml \
  ~/repos/gitlab-chart/

Verify the TLS configuration was inherited.

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
  • Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Clemens Beck

Merge request reports