Error GITLAB KAS

Hello, everyone,

I have a Gitlab Community server mounted in docker on premise.

I have read and reread the gitlab documentation, but I am unable to get Kubernetes KAS server and API authentication working in gitlab at the same time.

That is to say, in external_url I put it by HTTPS, the authentication of the API works for me, therefore the registry and the cloning by https work for me.

But if I configure the “external_url” with http, the API authentication stops working, but the KAS service works.

Considering that I have a HA_PROXY ahead, and with the configuration that I show below, could you tell me what the problem could be?

Thank you!

General Setup

external_url ‘https://gitlabtest.imagar.com

gitlab_rails[‘time_zone’] = ‘Europe/Madrid’
gitlab_rails[‘gitlab_email_enabled’] = true
gitlab_rails[‘gitlab_email_from’] = ‘git@mydomain.com’
gitlab_rails[‘gitlab_email_display_name’] = ‘GitLab Server Imagar’
gitlab_rails[‘gitlab_default_projects_features_container_registry’] = true
gitlab_rails[‘lfs_enabled’] = true
gitlab_rails[‘omniauth_enabled’] = false

SMTP

gitlab_rails[‘smtp_tls’] = false
gitlab_rails[‘smtp_openssl_verify_mode’] = ‘none’
gitlab_rails[‘smtp_enable’] = true
gitlab_rails[‘smtp_address’] = “smtp.mydomain.com
gitlab_rails[‘smtp_port’] = 25

NGINX GENERAL

#nginx[‘proxy_protocol’] = true
nginx[‘listen_port’] = 80
nginx[‘listen_https’] = false
nginx[‘redirect_http_to_https’] = true
nginx[‘http2_enabled’] = false

nginx[‘proxy_set_headers’] = {
“Host” => “$http_host_with_default”,
“X-Real-IP” => “$remote_addr”,
“X-Forwarded-For” => “$proxy_add_x_forwarded_for”,
“X-Forwarded-Proto” => “https”,
“X-Forwarded-Ssl” => “on”,
“Upgrade” => “$http_upgrade”,
“Connection” => “$connection_upgrade”
}

NGINX REGISTRY

registry_nginx[‘enable’] = true
registry_nginx[‘listen_port’] = 5001
registry_nginx[‘listen_https’] = false
registry_nginx[‘redirect_http_to_https’] = false
registry_nginx[‘real_ip_header’] = ‘X-Forwarded-For’
registry_nginx[‘real_ip_recursive’] = ‘on’
registry_nginx[‘proxy_set_headers’] = {
“Host” => “$http_host”,
“X-Real-IP” => “$remote_addr”,
“X-Forwarded-For” => “$proxy_add_x_forwarded_for”,
“X-Forwarded-Proto” => “https”,
“X-Forwarded-Ssl” => “on”
}

REGISTRY

registry_external_url ‘https://gitlabtest-reg.mydomain.com
gitlab_rails[‘registry_enabled’] = true
gitlab_rails[‘registry_host’] = “gitlabtest-reg.mydomain.com
registry[‘storage_delete_enabled’] = true

Monitoring

prometheus_monitoring[‘enable’] = false

Lets Encript

letsencrypt[‘enable’] = false
letsencrypt[‘auto_renew’] = false

Kubernetes Agent (Gitlab-KAS)##

gitlab_rails[‘gitlab_kas_enabled’] = true
gitlab_rails[‘gitlab_kas_external_url’] = ‘wss://gitlabtest.mydomain.com/-/kubernetes-agent/’
gitlab_rails[‘gitlab_kas_internal_url’] = ‘grpc://localhost:8153’
gitlab_rails[‘gitlab_kas_external_k8s_proxy_url’] = ‘https://gitlabtest.mydomain.com/-/kubernetes-agent/
gitlab_kas[‘enable’] = true
gitlab_kas[‘listen_address’] = ‘gitlabtest.mydomain.com:8150
gitlab_kas[‘listen_network’] = ‘tcp’
gitlab_kas[‘listen_websocket’] = true
gitlab_rails[‘integrated_cluster_enabled’] = true
gitlab_rails[‘kubernetes_enabled’] = true
gitlab_rails[‘kubernetes_executor’] = ‘kubernetes’
gitlab_rails[‘kubernetes_namespace’] = ‘default’

kind regars,