New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support http protocol for adding applications #1204
Comments
The Amgen firewall blocks ssh traffic to gitlab.com. This prevents us from adding applications from the WGE UI. |
@LutzLange How do they authenticate the HTTPS connections? because it's read-only and internal, they don't? |
Good question. I don't think this is an issue though, right? Authentication should run through the GITLAB_TOKEN, should it not? https://docs.gitlab.com/ee/security/token_overview.html |
@LutzLange not necessarily...for example, https:// URLs are read-only without authentication on GitHub (which is why they are the default if you're not authenticated/not allowed to push). I'm not totally sure about GitLab, but I'd suspect it's the same |
@LutzLange the reason I ask, is to ensure that this isn't going to become another mTLS issue... |
They will need write access as well for creating pull requests. I'll ask how they authenticate. SSL verification should be something else here, right. This should usually work through the ca-bundle that is on the machine you make the call from. Or am I missing something? |
|
@foot This was regarding adding applications. That would be the Core part as well, right? We are talking about GitLab here and this would possibly be a GitLab Token |
Did a quick test this seems to be the case, saves GITHUB_TOKEN into the flux-system secret. |
|
@foot we need this to work with gitlab in this case. Also with onprem gitlab. |
Amgen confirms that they use an GitLab_Token as env var. |
|
Refinement decision: need a spike on this. Spike outcome: Enumerate all of the work that needs to be done to support this. Also let's draw a picture maybe? Notes on possible AC:
|
We need to support for customer engagements the HTTP protocol to connect to git provider.
Customers are using HTTP protocol through a VPN.
So that customers can add and manage applications via GitOps.
The text was updated successfully, but these errors were encountered: