<'internal_api_listen_network' should be 'tcp' got 'unix'> error while installing KAS (Kubernetes agent server)

Infrastructure as Code & Cloud Native
, ,
1

<‘internal_api_listen_network’ should be ‘tcp’ got ‘unix’> error while installing KAS

I’m trying to install KAS to use my own GitLab instance (which was installed by Docker) for deploying my apps in my k8s cluster.
My GitLab is placed on the private network behind the NGINX reverse proxy.
TLS termination is done on the NGINX reverse proxy, and the connection between NGINX and GitLab is plain HTTP.
According to this recommendation, I’ve set:

gitlab_kas['internal_api_listen_network'] = 'unix'

But the GitLab container does not start with this error log records:

... FATAL: RuntimeError: gitlab_kas['internal_api_listen_network'] should be 'tcp' got 'unix'

I’m glad to get some helpful tips for resolving that problem.
On my own I see two different ways:

  1. Try to configure my Nginx reverse proxy for proxy WSS (I’ve never done it before).
  2. Try to set gitlab_kas['internal_api_listen_network'] = 'unix' without error.
2

I chose the first variant, and it worked fine!
Just several raws into my Nginx config (thanks to question`s author):

map $http_upgrade $connection_upgrade {
 default upgrade;
 `` close;
}

server {
    listen 80;

    location /-/kubernetes-agent {
      proxy_pass http://<YourGitLabHost>;

      proxy_http_version 1.1;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-NginX-Proxy true;
      proxy_set_header Host $host;
      proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
      proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
      proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
      proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_cache_bypass $http_upgrade;
     }

    # existing proxy rule to the GitLab instance 
    location / {
        proxy_pass http://<YourGitLabHost>;
    }
}

I have not had much time to investigate each raw in the above rule to become an expert in websocket proxying, but the main idea was got.

And I use wscat for express checks connection to KAS server from outside private network:

wscat -c "wss://MY-GITLAB-PUBLIC-HOSTNAME/-/kubernetes-agent/" -s "ws-tunnel"