Gitlab Self-Managed Zero-trust - OpenID connect Azure / Workload Identity Federation

steffenkleven · April 25, 2024, 10:05am

Problem to solve

Customer with Zero-trust policy, internal secured self-managed Gitlab EE instance would like to use Workload Identity Federation in Azure for terraform CI/CD pipelines.

Documentation states:
Your GitLab instance must be publicly accessible over the internet as Azure must to connect to the GitLab OIDC endpoint.
https://docs.gitlab.com/ee/ci/cloud_services/azure/index.html

Versions

Please select whether options apply, and add the version information.

Self-managed
GitLab.com SaaS

Versions

GitLab Enterprise Edition v16.9.4-ee

Question

Does anyone know if its viable to use this functionality behind a app proxy or web proxy?

Found these for references, but without any helpful feedback:
#51809
#54980

MaxF · October 31, 2024, 9:48am

Hi Steffen, right now I’m having the same question for a different hyperscaler.
Have you tried it out? Is there any feedback?
If not, I’ll make sure to respond here again in case I get the allowance for a PoC.

Topic		Replies	Views
Workload Identity options for Azure GitLab CI/CD azure	2	619	December 6, 2024
OpenID Connect via https_proxy Self-managed openid	1	897	October 26, 2021
Azure AD SSO (OpenIDConnect) \| Custom LetsEncrypt Certificate Chain \| "Connection reset by peer - ssl connect" Self-managed ssl , sso , openid	0	442	June 30, 2023
Enabling SSO for Gitlab server Self-managed	0	282	November 19, 2021
Azure AD user provisioning How to Use GitLab	7	3266	September 18, 2023

Gitlab Self-Managed Zero-trust - OpenID connect Azure / Workload Identity Federation

Problem to solve

Versions

Question

Related topics