To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your application with Azure. Azure will generate a client ID and secret key for you to use.
To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your application with Azure. Azure will generate a client ID and secret key for you to use.
1. Sign in to the [Azure Management Portal](https://manage.windowsazure.com).
1.Sign in to the [Azure Management Portal](https://portal.azure.com).
1. Select "Active Directory" on the left and choose the directory you want to use to register GitLab.
1. Select "Active Directory" on the left and choose the directory you want to use to register GitLab.
[OpenID Connect] \(OIDC) is a simple identity layer on top of the
[OpenID Connect](https://openid.net/connect/)\(OIDC) is a simple identity layer on top of the
OAuth 2.0 protocol. It allows clients to verify the identity of the end-user
OAuth 2.0 protocol. It allows clients to verify the identity of the end-user
based on the authentication performed by GitLab, as well as to obtain
based on the authentication performed by GitLab, as well as to obtain
basic profile information about the end-user in an interoperable and
basic profile information about the end-user in an interoperable and
...
@@ -14,7 +14,7 @@ but does so in a way that is API-friendly, and usable by native and
...
@@ -14,7 +14,7 @@ but does so in a way that is API-friendly, and usable by native and
mobile applications.
mobile applications.
On the client side, you can use [omniauth-openid-connect] for Rails
On the client side, you can use [omniauth-openid-connect] for Rails
applications, or any of the other available [client implementations].
applications, or any of the other available [client implementations](https://openid.net/developers/libraries/#connect).
GitLab's implementation uses the [doorkeeper-openid_connect] gem, refer
GitLab's implementation uses the [doorkeeper-openid_connect] gem, refer
to its README for more details about which parts of the specifications
to its README for more details about which parts of the specifications
...
@@ -46,8 +46,6 @@ Currently the following user information is shared with clients:
...
@@ -46,8 +46,6 @@ Currently the following user information is shared with clients:
Only the `sub` and `sub_legacy` claims are included in the ID token, all other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients.
Only the `sub` and `sub_legacy` claims are included in the ID token, all other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients.
@@ -5,8 +5,8 @@ This documentation is for enabling shibboleth with omnibus-gitlab package.
...
@@ -5,8 +5,8 @@ This documentation is for enabling shibboleth with omnibus-gitlab package.
In order to enable Shibboleth support in gitlab we need to use Apache instead of Nginx (It may be possible to use Nginx, however this is difficult to configure using the bundled Nginx provided in the omnibus-gitlab package). Apache uses mod_shib2 module for shibboleth authentication and can pass attributes as headers to omniauth-shibboleth provider.
In order to enable Shibboleth support in gitlab we need to use Apache instead of Nginx (It may be possible to use Nginx, however this is difficult to configure using the bundled Nginx provided in the omnibus-gitlab package). Apache uses mod_shib2 module for shibboleth authentication and can pass attributes as headers to omniauth-shibboleth provider.
To enable the Shibboleth OmniAuth provider you must configure Apache shibboleth module.
To enable the Shibboleth OmniAuth provider you must configure Apache shibboleth module.
Installation and configuration of module it self is out of scope of this document.
The installation and configuration of the module itself is out of the scope of this document.
Check <https://wiki.shibboleth.net/> for more info.
Check <https://wiki.shibboleth.net/confluence/display/SP3/Apache> for more info.
You can find Apache config in gitlab-recipes (<https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache>).
You can find Apache config in gitlab-recipes (<https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache>).
To enable the Twitter OmniAuth provider you must register your application with Twitter. Twitter will generate a client ID and secret key for you to use.
To enable the Twitter OmniAuth provider you must register your application with Twitter. Twitter will generate a client ID and secret key for you to use.
1. Sign in to [Twitter Application Management](https://apps.twitter.com/).
1.Sign in to [Twitter Application Management](https://developer.twitter.com/apps).
1. Select "Create new app"
1. Select "Create new app"
...
@@ -15,6 +15,7 @@ To enable the Twitter OmniAuth provider you must register your application with
...
@@ -15,6 +15,7 @@ To enable the Twitter OmniAuth provider you must register your application with
@@ -18,6 +18,7 @@ Once enabled, GitLab will automatically detect metrics from known services in th
...
@@ -18,6 +18,7 @@ Once enabled, GitLab will automatically detect metrics from known services in th
## Enabling Prometheus Integration
## Enabling Prometheus Integration
### Managed Prometheus on Kubernetes
### Managed Prometheus on Kubernetes
> **Note**: [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/28916) in GitLab 10.5
> **Note**: [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/28916) in GitLab 10.5
GitLab can seamlessly deploy and manage Prometheus on a [connected Kubernetes cluster](../clusters/index.md), making monitoring of your apps easy.
GitLab can seamlessly deploy and manage Prometheus on a [connected Kubernetes cluster](../clusters/index.md), making monitoring of your apps easy.
...
@@ -39,9 +40,9 @@ Once you have a connected Kubernetes cluster with Helm installed, deploying a ma
...
@@ -39,9 +40,9 @@ Once you have a connected Kubernetes cluster with Helm installed, deploying a ma
#### About managed Prometheus deployments
#### About managed Prometheus deployments
Prometheus is deployed into the `gitlab-managed-apps` namespace, using the [official Helm chart](https://github.com/kubernetes/charts/tree/master/stable/prometheus). Prometheus is only accessible within the cluster, with GitLab communicating through the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/).
Prometheus is deployed into the `gitlab-managed-apps` namespace, using the [official Helm chart](https://github.com/helm/charts/tree/master/stable/prometheus). Prometheus is only accessible within the cluster, with GitLab communicating through the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/).
The Prometheus server will [automatically detect and monitor](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#%3Ckubernetes_sd_config%3E) nodes, pods, and endpoints. To configure a resource to be monitored by Prometheus, simply set the following [Kubernetes annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/):
The Prometheus server will [automatically detect and monitor](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config) nodes, pods, and endpoints. To configure a resource to be monitored by Prometheus, simply set the following [Kubernetes annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/):
-`prometheus.io/scrape` to `true` to enable monitoring of the resource.
-`prometheus.io/scrape` to `true` to enable monitoring of the resource.
-`prometheus.io/port` to define the port of the metrics endpoint.
-`prometheus.io/port` to define the port of the metrics endpoint.
...
@@ -66,9 +67,9 @@ Integration with Prometheus requires the following:
...
@@ -66,9 +67,9 @@ Integration with Prometheus requires the following:
Installing and configuring Prometheus to monitor applications is fairly straight forward.
Installing and configuring Prometheus to monitor applications is fairly straight forward.
@@ -20,7 +20,7 @@ The [Prometheus service](../prometheus.md) must be enabled.
...
@@ -20,7 +20,7 @@ The [Prometheus service](../prometheus.md) must be enabled.
To get started with Cloudwatch monitoring, you should install and configure the [Cloudwatch exporter](https://github.com/prometheus/cloudwatch_exporter) which retrieves and parses the specified Cloudwatch metrics and translates them into a Prometheus monitoring endpoint.
To get started with Cloudwatch monitoring, you should install and configure the [Cloudwatch exporter](https://github.com/prometheus/cloudwatch_exporter) which retrieves and parses the specified Cloudwatch metrics and translates them into a Prometheus monitoring endpoint.
Right now, the only AWS resource supported is the Elastic Load Balancer, whose Cloudwatch metrics can be found [here](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html).
Right now, the only AWS resource supported is the Elastic Load Balancer, whose Cloudwatch metrics are [documented here](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html).
A sample Cloudwatch Exporter configuration file, configured for basic AWS ELB monitoring, is [available for download](../samples/cloudwatch.yml).
A sample Cloudwatch Exporter configuration file, configured for basic AWS ELB monitoring, is [available for download](../samples/cloudwatch.yml).
@@ -6,7 +6,7 @@ The Slack Notifications Service allows your GitLab project to send events (e.g.
...
@@ -6,7 +6,7 @@ The Slack Notifications Service allows your GitLab project to send events (e.g.
## Slack Configuration
## Slack Configuration
1. Sign in to your Slack team and [start a new Incoming WebHooks configuration](https://my.slack.com/services/new/incoming-webhook/).
1. Sign in to your Slack team and [start a new Incoming WebHooks configuration](https://my.slack.com/services/new/incoming-webhook).
1. Select the Slack channel where notifications will be sent to by default. Click the **Add Incoming WebHooks integration** button to add the configuration.
1. Select the Slack channel where notifications will be sent to by default. Click the **Add Incoming WebHooks integration** button to add the configuration.
1. Copy the **Webhook URL**, which we'll use later in the GitLab configuration.
1. Copy the **Webhook URL**, which we'll use later in the GitLab configuration.