Skip to content

Commit 66cb842

Browse files
kkimurakkkimurak
committed
Fix assignment for GITLAB_KAS_SECRET
User still only required to set `GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE` as `GITLAB_KAS_SECRET` finally default to `GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE` (over `GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE`)
1 parent 2fea9df commit 66cb842

File tree

4 files changed

+6
-3
lines changed

4 files changed

+6
-3
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1317,7 +1317,7 @@ Enable/Disable GitLab agent server for Kubernetes (KAS). See details on [officia
13171317

13181318
##### `GITLAB_KAS_SECRET`
13191319

1320-
File that contains the secret key for verifying access for GitLab KAS. Defaults to `${GITLAB_INSTALL_DIR}/.gitlab_kas_secret`
1320+
File that contains the secret key for verifying access for GitLab KAS. This value will be used for `production.gitlab_kas.secret_file` in gitlab.yml. Defaults to `${GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE}`
13211321

13221322
##### `GITLAB_KAS_EXTERNAL`
13231323

assets/runtime/config/gitlabhq/gitlab.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1178,7 +1178,7 @@ production: &base
11781178
enabled: {{GITLAB_KAS_ENABLED}}
11791179
# File that contains the secret key for verifying access for gitlab-kas.
11801180
# Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app).
1181-
secret_file: {{GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}} # /home/git/gitlab/.gitlab_kas_secret
1181+
secret_file: {{GITLAB_KAS_SECRET}} # /home/git/gitlab/.gitlab_kas_secret
11821182

11831183
# The URL to the external KAS API (used by the Kubernetes agents)
11841184
external_url: {{GITLAB_KAS_EXTERNAL}} # wss://kas.example.com

assets/runtime/env-defaults

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -696,3 +696,5 @@ GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE=${GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_
696696
GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE=${GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE:-}
697697
GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE=${GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE:-${GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}}
698698
GITLAB_AGENT_BUILTIN_KAS_ENABLED=${GITLAB_AGENT_BUILTIN_KAS_ENABLED:-false}
699+
700+
GITLAB_KAS_SECRET=${GITLAB_KAS_SECRET:-${GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE}}

assets/runtime/functions

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -371,7 +371,7 @@ gitlab_configure_gitlab_kas() {
371371
GITLAB_KAS_ENABLED \
372372
GITLAB_KAS_EXTERNAL \
373373
GITLAB_KAS_INTERNAL \
374-
GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE \
374+
GITLAB_KAS_SECRET \
375375
GITLAB_KAS_PROXY
376376

377377
printf "Configuring gitlab-agent::KAS (enabled: %s)\n" "${GITLAB_AGENT_BUILTIN_KAS_ENABLED}"
@@ -381,6 +381,7 @@ gitlab_configure_gitlab_kas() {
381381
GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE \
382382
GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE \
383383
GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE \
384+
GITLAB_AGENT_KAS_GITLAB_AUTHENTICATION_SECRET_FILE \
384385
REDIS_HOST \
385386
REDIS_PORT \
386387
GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE

0 commit comments

Comments
 (0)