Merge branch 'support-setting-env-var' into 'master'

Robert Marshall · Taka Nishida · Robert Marshall · commit 611ed6b5ffc0 · 2024-04-08T20:01:00.000Z
Support TLS for kas->kas communication for KAS See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7453 Merged-by: Robert Marshall <rmarshall@gitlab.com> Approved-by: Timo Furrer <tfurrer@gitlab.com> Approved-by: João Alexandre Cunha <j.a.cunha@gmail.com> Approved-by: Robert Marshall <rmarshall@gitlab.com> Co-authored-by: Taka Nishida <tnishida@gitlab.com>
diff --git a/files/gitlab-config-template/gitlab.rb.template b/files/gitlab-config-template/gitlab.rb.template
@@ -2165,6 +2165,9 @@ external_url 'GENERATED_EXTERNAL_URL'
 #   # 'OWN_PRIVATE_API_CIDR' => '2001:db8:8a2e:370::7334/64', # IPv6 example
 #   # 'OWN_PRIVATE_API_PORT' => '8155', # if not set, port from private_api_listen_address is used
 #   # 'OWN_PRIVATE_API_SCHEME' => 'grpc', # use grpcs when using TLS on private API endpoint
+#   # OWN_PRIVATE_API_HOST is used to verify the TLS cert hostname.
+#   # Set KAS' host name if you want to use TLS for KAS->KAS communication.
+#   # 'OWN_PRIVATE_API_HOST' => '<server-name-from-cert>',
 # }
 
 ##! Error Reporting and Logging with Sentry
diff --git a/spec/chef/cookbooks/gitlab-kas/recipes/gitlab-kas_spec.rb b/spec/chef/cookbooks/gitlab-kas/recipes/gitlab-kas_spec.rb
@@ -117,6 +117,9 @@
           sentry_dsn: 'https://my_key:my_secret@sentry.io/test_project',
           sentry_environment: 'production',
           log_level: 'debug',
+          env: {
+            'OWN_PRIVATE_API_HOST' => 'fake-host.example.com'
+          }
         }
       )
     end
@@ -157,6 +160,10 @@
       expect(chef_run).to render_file("/var/opt/gitlab/gitlab-kas/authentication_secret_file").with_content(api_secret_key)
       expect(chef_run).to render_file("/var/opt/gitlab/gitlab-kas/private_api_authentication_secret_file").with_content(private_api_secret_key)
     end
+
+    it 'sets OWN_PRIVATE_API_HOST' do
+      expect(chef_run).to render_file('/opt/gitlab/etc/gitlab-kas/env/OWN_PRIVATE_API_HOST').with_content('fake-host.example.com')
+    end
   end
 
   describe 'gitlab.yml configuration' do
@@ -186,7 +193,7 @@
         )
       end
 
-      it 'has exernal URL with scheme `ws` instead of `wss`' do
+      it 'has external URL with scheme `ws` instead of `wss`' do
         expect(gitlab_yml[:production][:gitlab_kas]).to include(
           external_url: 'ws://gitlab.example.com/-/kubernetes-agent/'
         )
