Merge branch 'jv-gitaly-ssh-reason' into 'master'

gitaly-ssh: add comment about front doors See merge request gitlab-org/gitaly!1898
author: Patrick Steinhardt <psteinhardt@gitlab.com> 2020-03-17 09:03:26 +0300
committer: Patrick Steinhardt <psteinhardt@gitlab.com> 2020-03-17 09:03:26 +0300
commit: f72235a25a4b7effc65088737ed0d599c91b6d20 (patch)
tree: 714a3d2acbcf5b2ab2c465c5d23be4b6567a06ac
parent: d96096099798604024ae74d1eea528b08f7b126b (diff)
parent: 2d4ca7bea05d10c5f8d7d5dec52d47f0798aeea3 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/cmd/gitaly-ssh/README.md b/cmd/gitaly-ssh/README.md
index 8bfe7ab0f..d660ab2eb 100644
--- a/cmd/gitaly-ssh/README.md
+++ b/cmd/gitaly-ssh/README.md
@@ -5,6 +5,15 @@ Gitaly-ssh is a helper executable that enables Git data traffic
 installation. It acts as a plugin to `git fetch` using the
 `GIT_SSH_COMMAND` environment variable.
 
+We created gitaly-ssh because we needed a way to pull Git data from one
+Gitaly server to another, without going through one of the "front
+doors" of GitLab: gitlab-shell (Git SSH) or gitlab-workhorse (Git
+HTTP). To avoid building a special RPC for this, we re-used the
+SSHUploadPack RPC that Gitaly already had. By connecting directly to
+the Gitaly server we avoided the need to create some kind of service
+account in GitLab itself: to go through the front door we would need a
+service account.
+
 The implementation shares code with how gitlab-shell handles Git SSH traffic
 from real users, but it cuts out SSH itself.
author	Patrick Steinhardt <psteinhardt@gitlab.com>	2020-03-17 09:03:26 +0300
committer	Patrick Steinhardt <psteinhardt@gitlab.com>	2020-03-17 09:03:26 +0300
commit	f72235a25a4b7effc65088737ed0d599c91b6d20 (patch)
tree	714a3d2acbcf5b2ab2c465c5d23be4b6567a06ac
parent	d96096099798604024ae74d1eea528b08f7b126b (diff)
parent	2d4ca7bea05d10c5f8d7d5dec52d47f0798aeea3 (diff)