Add Custom Git Client TLS config for WAF-Secured Repos #1302
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
December 1, 2023 15:59
Introduce a custom Git client to handle repositories behind Web Application Firewalls (WAF). This client facilitates TLS certificate-based authentication, enabling secure Git operations in corporate environments. Signed-off-by: Vasyl Rudiuk <vasilii.rudiuk@gmail.com>
Signed-off-by: Vasyl Rudiuk <vasilii.rudiuk@gmail.com>
Signed-off-by: Vasyl Rudiuk <vasilii.rudiuk@gmail.com>
In some cases we might need to handle proxy setting for the custom gitClient. Signed-off-by: Vasyl Rudiuk <vasilii.rudiuk@gmail.com>
This was referenced Mar 25, 2025
|
Thanks for this contribution @VasylR, we're busy preparing for KubeCon EU next week, please ping us again after KubeCon to review 🙏 |
|
Closing, please see the implementation requirements for Git mTLS documented here: #1761 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Custom Git Client for WAF-Secured Repos
Introduce a custom Git client to handle repositories behind Web Application
Firewalls (WAF). This client facilitates TLS certificate-based authentication,
enabling secure Git operations in corporate environments.
A typical example of such configuration would be a private Gitlab instance behind Cloudflare web application firewall.
To enable git flow in such environment, one would need to retrieve the TLS keys from Cloudflare and use them to authenticate with Cloudfalre. After successful authentication, the Cloudflare firewall would redirect the request to Gitlab instance.
This is initial commit that works with Gitlab access token. Further development needs to be done to enable more diverse authentication options after the WAF authentication.