Folks, I am looking to see if anyone else has attempted to build the Cloud Hybrid Reference architecture on bare metal Kubernetes.
Gitlab Version 14.7.1
Ubuntu Linux 20.04
Architecture described here:
I have it mostly working except for the most important item - shell operations initiated from the Gitlab WebUI return 401 - Unauthorized. So none of my repositories can be used.
This issue is not confined to the WebUI - commandline git commands also fail with the same error.
Deployment instructions put gitaly, postgres, and redis on a physical server, and gitlab webservice, sidekiq, gitlab-shell, gitlab-workhorse on the Kubernetes Cluster.
I have determined that the key issue is the failure of the authorization call
/api/v4/internal/allowed. All of the tokens have been checked multiple times, e.g. by successfully calling the internal API using curl -H "Gitlab-Shared-Secret: " …
The operation of gitlab requires that git/gitaly [bare metal server] calls back to the server [on K8S] for authorization. But since the gitlab-shell is not deployed on the server at present it is not clear how to configure the token. Attempting to add it in the gitlab.rb file doesn’t make a difference since gitlab-shell is not running.
So, it seems that I should proceed by configuring gitlab-shell to run on the bare metal server where the other Omnibus applications reside, but I can’t see how to do this.