diff options
Diffstat (limited to 'doc/user/clusters/applications.md')
-rw-r--r-- | doc/user/clusters/applications.md | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 17d430cf1f2..8a53b4c0e47 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -49,7 +49,7 @@ Some applications are installable only for a project-level cluster. Support for installing these applications in a group-level cluster is planned for future releases. For updates, see [the issue tracking -progress](https://gitlab.com/gitlab-org/gitlab-ce/issues/51989). +progress](https://gitlab.com/gitlab-org/gitlab-foss/issues/51989). CAUTION: **Caution:** If you have an existing Kubernetes cluster with Helm already installed, @@ -86,7 +86,7 @@ NOTE: **Note:** The [jetstack/cert-manager](https://github.com/jetstack/cert-manager) chart is used to install this application with a -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/cert_manager/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/cert_manager/values.yaml) file. Prior to GitLab 12.3, the [stable/cert-manager](https://github.com/helm/charts/tree/master/stable/cert-manager) chart was used. @@ -109,7 +109,7 @@ NOTE: **Note:** The [runner/gitlab-runner](https://gitlab.com/gitlab-org/charts/gitlab-runner) chart is used to install this application with a -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/runner/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/runner/values.yaml) file. ### Ingress @@ -126,9 +126,37 @@ NOTE: **Note:** The [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) chart is used to install this application with a -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/ingress/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/ingress/values.yaml) file. +#### Modsecurity Application Firewall + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/65192) in GitLab 12.3 (enabled using `ingress_modsecurity` [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development)). + +GitLab supports +[`modsecurity`](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity) +to check requests against [OWASP's Core Rule Set](https://www.modsecurity.org/CRS/Documentation/). +This feature: + +- Runs in "Detection-only mode" unless configured otherwise. +- Is viewable by checking your ingress controller's `modsec` log for rule violations. + For example: + + ```sh + kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec_audit.log + ``` + +There is a small performance overhead by enabling `modsecurity`. However, if this is +considered significant for your application, you can toggle the feature flag back to +false by running the following command within the Rails console: + +```ruby +Feature.disable(:ingress_modsecurity) +``` + +Once disabled, you must [uninstall](#uninstalling-applications) and reinstall your Ingress +application for the changes to take effect. + ### JupyterHub > - Introduced in GitLab 11.0 for project-level clusters. @@ -160,12 +188,12 @@ NOTE: **Note:** The [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) chart is used to install this application with a -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/jupyter/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/jupyter/values.yaml) file. #### Jupyter Git Integration -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28783) in GitLab 12.0 for project-level clusters. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/28783) in GitLab 12.0 for project-level clusters. When installing JupyterHub onto your Kubernetes cluster, [JupyterLab's Git extension](https://github.com/jupyterlab/jupyterlab-git) is automatically provisioned and configured using the authenticated user's: @@ -227,12 +255,12 @@ NOTE: **Note:** The [stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus) chart is used to install this application with a -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/prometheus/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/prometheus/values.yaml) file. ## Upgrading applications -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24789) in GitLab 11.8. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/24789) in GitLab 11.8. The applications below can be upgraded. @@ -253,11 +281,11 @@ To upgrade an application: NOTE: **Note:** Upgrades will reset values back to the values built into the `runner` chart plus the values set by -[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/runner/values.yaml) +[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/runner/values.yaml) ## Uninstalling applications -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/60665) in GitLab 11.11. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/60665) in GitLab 11.11. The applications below can be uninstalled. |