Support KAS #3180
Draft
Support KAS #3180
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Kazunori Kimura <33391846+kkimurak@users.noreply.github.com>
Co-authored-by: Kazunori Kimura <33391846+kkimurak@users.noreply.github.com>
Removed +
Co-authored-by: Kazunori Kimura <33391846+kkimurak@users.noreply.github.com>
also add process to generate secret files for KAS - GITLAB_KAS_SECRET - GITLAB_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE - GITLAB_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE
sync with upstream
- build KAS on build, enable via GITLAB_AGENT_KAS_ENABLED
(automatically enabled if GITLAB_KAS_ENABLED=true)
- Add built-in KAS config file
kas config: import upstream (v15.10.0 - d88f4b89)
- minimal parameterization
gitlab side:
- GITLAB_KAS_ENABLED
gitlab_rails['gitlab_kas_enabled'] for omnibus installation
- GITLAB_KAS_INTERNAL
gitlab_rails['gitlab_kas_internal_url'] for omnibus installation
- GITLAB_KAS_EXTERNAL
gitlab_rails['gitlab_kas_external_url'] for omnibus installation
- GITLAB_KAS_PROXY
gitlab_rails['gitlab_kas_external_k8s_proxy_url'] for omnibus installation
kas side:
- GITLAB_AGENT_KAS_ENABLED
gitlab_kas['enabled'] for omnibus installation
- GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE
gitlab_kas['internal_api_listen_authentication_secret_file']
- GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE
used by both:
- GITLAB_KAS_SECRET
used as a value for
- gitlabhq/gitlab.yml : production.gitlab_kas.secret_file
- gitlab-agent/gitlab-kas_config.yaml : gitlab.authentication_secret_file
Prefix for parameters that only used by gitlab-agent/kas is "GITLAB_AGENT_KAS_"
Also add process to generate secret files for KAS
Update built-in KAS to 16.10.1, sync config
Update built-in gitlab-kas to v17.0.2, sync configuration
- Bump to v17.0.0, sync configuration
GitOps module have been removed. See upstream change:
https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/1436
- Bump: gitlab-kas 17.0.1
no change in configuration file
- Bump: gitlab-kas 17.0.2
no change in configuration file
Personal note:
I am still unable to successfully connect the agent from the WebUI.
The problem is that I don't know the correct way to do it in the first place,
so I have to check it out.
Stop gitlab_kas before restoring backup
It seems that kas has DB connection and blocks restoration
- Bump: gitlab-kas 18.1.0
reference configuration file have been renamed to kascfg_defaults.yaml
and does not contain full configurations
So I have to search a way to generate full configuration from .proto
or docs
…secret_file of gitlab and private_api Could it be same? (omnibus-gitlab assigns so)
squash following commit: - update to 18.5.0 - upgrade to 18.5.1
add WEBTOKEN secret; remove GITLAB_KAS_SECRET Replace GITLAB_KAS_SECRET by GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE
Add kas location to assets/runtime/config/nginx/gitlab(-ssl) config KAS location is affected by GITLAB_RELATIVE_URL_ROOT so add update process to assets/runtime/functions
in gitlab-kas_config.yaml complete 18.5.0 upgrade
Merge GITLAB_AGENT_BUILTIN_KAS_ENABLED and GITLAB_AGENT_KAS_ENABLED
This was referenced Oct 24, 2025
|
Should we make the builtin kas the only option? Remove GITLAB_AGENT_BUILTIN_KAS_ENABLED? |
|
One last fix on my side. Now kubernetes dashboard is working. |
|
For those who interested, I have pushed self built image |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds configurations for external / built-in KAS and installation process to build built-in KAS.
Close #2736
External KAS settings implemented by @antt1995 (in #2598, rebased by @kkimurak)
Built-in KAS build process implemented by @kkimurak
Built-in KAS configuration test, improvements and updates until it works by @th-2021
TODO