Skip to content

Commit

Permalink
fix: add trusted proxies to properly handle rate limits (#227)
Browse files Browse the repository at this point in the history 
## Description

Add trusted proxies to properly handle rate limits being able to see the
real ip

## Related Issue

Fixes #N/A

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-gitlab/blob/main/CONTRIBUTING.md#developer-workflow)
followed
  • Loading branch information
@Racer159
Racer159 authored Nov 5, 2024
1 parent 832d263 commit 8d5c30a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ Network policies are controlled via the `uds-gitlab-config` chart in accordance
> [!NOTE]
> Currently the GitLab UDS Package contains Istio `PeerAuthentication` exceptions to allow the `dependency` init containers to reach out and check the Redis and Postgres services. These are only added with `redis.internal` or `postgres.internal` set to `true` and will be removed once UDS Core [switches to native sidecars](https://github.com/defenseunicorns/uds-core/issues/536).
> [!IMPORTANT]
> GitLab is configured to rate-limit by default (this can be changed in [application settings](#configuring-gitlab-settings) below). It will trust Istio to give it the proper headers to record the client IP, however, if you have additional proxies or tunnels in front of the Istio LoadBalancers it may receive a single IP for all users and should either be reconfigured or disabled.
## Database

GitLab uses Postgres as its backing database service and supports the [common database providers within UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory/blob/main/docs/database.md).
Expand Down
3 changes: 3 additions & 0 deletions values/common-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ gitlab:
config:
secret: gitlab-object-store
key: backups
trusted_proxies: ["127.0.0.6"]

gitlab-exporter:
enabled: true
Expand All @@ -153,6 +154,7 @@ gitlab:
enabled: true
podMonitor:
enabled: false
trusted_proxies: ["127.0.0.6"]

webservice:
ingress:
Expand All @@ -162,6 +164,7 @@ gitlab:
port: 8083
serviceMonitor:
enabled: true
trusted_proxies: ["127.0.0.6"]
workhorse:
metrics:
enabled: true
Expand Down

0 comments on commit 8d5c30a

Please sign in to comment.