summaryrefslogtreecommitdiff
path: root/doc/user/clusters/applications.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/clusters/applications.md')
-rw-r--r--doc/user/clusters/applications.md48
1 files changed, 38 insertions, 10 deletions
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 17d430cf1f2..8a53b4c0e47 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -49,7 +49,7 @@ Some applications are installable only for a project-level cluster.
Support for installing these applications in a group-level cluster is
planned for future releases.
For updates, see [the issue tracking
-progress](https://gitlab.com/gitlab-org/gitlab-ce/issues/51989).
+progress](https://gitlab.com/gitlab-org/gitlab-foss/issues/51989).
CAUTION: **Caution:**
If you have an existing Kubernetes cluster with Helm already installed,
@@ -86,7 +86,7 @@ NOTE: **Note:**
The
[jetstack/cert-manager](https://github.com/jetstack/cert-manager)
chart is used to install this application with a
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/cert_manager/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/cert_manager/values.yaml)
file. Prior to GitLab 12.3,
the [stable/cert-manager](https://github.com/helm/charts/tree/master/stable/cert-manager)
chart was used.
@@ -109,7 +109,7 @@ NOTE: **Note:**
The
[runner/gitlab-runner](https://gitlab.com/gitlab-org/charts/gitlab-runner)
chart is used to install this application with a
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/runner/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/runner/values.yaml)
file.
### Ingress
@@ -126,9 +126,37 @@ NOTE: **Note:**
The
[stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
chart is used to install this application with a
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/ingress/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/ingress/values.yaml)
file.
+#### Modsecurity Application Firewall
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/65192) in GitLab 12.3 (enabled using `ingress_modsecurity` [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development)).
+
+GitLab supports
+[`modsecurity`](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity)
+to check requests against [OWASP's Core Rule Set](https://www.modsecurity.org/CRS/Documentation/).
+This feature:
+
+- Runs in "Detection-only mode" unless configured otherwise.
+- Is viewable by checking your ingress controller's `modsec` log for rule violations.
+ For example:
+
+ ```sh
+ kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec_audit.log
+ ```
+
+There is a small performance overhead by enabling `modsecurity`. However, if this is
+considered significant for your application, you can toggle the feature flag back to
+false by running the following command within the Rails console:
+
+```ruby
+Feature.disable(:ingress_modsecurity)
+```
+
+Once disabled, you must [uninstall](#uninstalling-applications) and reinstall your Ingress
+application for the changes to take effect.
+
### JupyterHub
> - Introduced in GitLab 11.0 for project-level clusters.
@@ -160,12 +188,12 @@ NOTE: **Note:**
The
[jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/)
chart is used to install this application with a
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/jupyter/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/jupyter/values.yaml)
file.
#### Jupyter Git Integration
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28783) in GitLab 12.0 for project-level clusters.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/28783) in GitLab 12.0 for project-level clusters.
When installing JupyterHub onto your Kubernetes cluster, [JupyterLab's Git extension](https://github.com/jupyterlab/jupyterlab-git)
is automatically provisioned and configured using the authenticated user's:
@@ -227,12 +255,12 @@ NOTE: **Note:**
The
[stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus)
chart is used to install this application with a
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/prometheus/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/prometheus/values.yaml)
file.
## Upgrading applications
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24789) in GitLab 11.8.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/24789) in GitLab 11.8.
The applications below can be upgraded.
@@ -253,11 +281,11 @@ To upgrade an application:
NOTE: **Note:**
Upgrades will reset values back to the values built into the `runner`
chart plus the values set by
-[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/runner/values.yaml)
+[`values.yaml`](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/vendor/runner/values.yaml)
## Uninstalling applications
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/60665) in GitLab 11.11.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/60665) in GitLab 11.11.
The applications below can be uninstalled.