diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 18:08:38 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 18:08:38 +0300 |
| commit | 61ebd5753018a1f4b6032122f6ea625dc4e4fc8e (patch) | |
| tree | e75a5db22733f59f822a927aa9916c8ab5d00898 /doc | |
| parent | 7186033c5110609384da4ffb4456093801cd547b (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
18 files changed, 139 insertions, 99 deletions
diff --git a/doc/.vale/gitlab/Uppercase.yml b/doc/.vale/gitlab/Uppercase.yml index 1948842d026..4730184b950 100644 --- a/doc/.vale/gitlab/Uppercase.yml +++ b/doc/.vale/gitlab/Uppercase.yml @@ -57,6 +57,7 @@ exceptions: - DHCP - DML - DNS + - DSN - DOM - DORA - DSA diff --git a/doc/administration/monitoring/prometheus/gitlab_metrics.md b/doc/administration/monitoring/prometheus/gitlab_metrics.md index 3523721c342..f8cab0c605e 100644 --- a/doc/administration/monitoring/prometheus/gitlab_metrics.md +++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md @@ -36,7 +36,7 @@ The following metrics are available: | Metric | Type | Since | Description | Labels | | :--------------------------------------------------------------- | :---------- | ------: | :-------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------- | -| `gitlab_cache_misses_total` | Counter | 10.2 | Cache read miss | `controller`, `action`, `store` | +| `gitlab_cache_misses_total` | Counter | 10.2 | Cache read miss | `controller`, `action` | | `gitlab_cache_operation_duration_seconds` | Histogram | 10.2 | Cache access time | `operation`, `store` | | `gitlab_cache_operations_total` | Counter | 12.2 | Cache operations by controller or action | `controller`, `action`, `operation`, `store` | | `gitlab_cache_read_multikey_count` | Histogram | 15.7 | Count of keys in multi-key cache read operations | `controller`, `action`, `store` | @@ -63,8 +63,8 @@ The following metrics are available: | `gitlab_transaction_cache_<key>_duration_total` | Counter | 10.2 | Counter for total time (seconds) spent in Rails cache calls (per key) | | | `gitlab_transaction_cache_count_total` | Counter | 10.2 | Counter for total Rails cache calls (aggregate) | | | `gitlab_transaction_cache_duration_total` | Counter | 10.2 | Counter for total time (seconds) spent in Rails cache calls (aggregate) | | -| `gitlab_transaction_cache_read_hit_count_total` | Counter | 10.2 | Counter for cache hits for Rails cache calls | `controller`, `action`, `store` | -| `gitlab_transaction_cache_read_miss_count_total` | Counter | 10.2 | Counter for cache misses for Rails cache calls | `controller`, `action`, `store` | +| `gitlab_transaction_cache_read_hit_count_total` | Counter | 10.2 | Counter for cache hits for Rails cache calls | `controller`, `action` | +| `gitlab_transaction_cache_read_miss_count_total` | Counter | 10.2 | Counter for cache misses for Rails cache calls | `controller`, `action` | | `gitlab_transaction_duration_seconds` | Histogram | 10.2 | Duration for successful requests (`gitlab_transaction_*` metrics) | `controller`, `action` | | `gitlab_transaction_event_build_found_total` | Counter | 9.4 | Counter for build found for API /jobs/request | | | `gitlab_transaction_event_build_invalid_total` | Counter | 9.4 | Counter for build invalid due to concurrency conflict for API /jobs/request | | diff --git a/doc/api/environments.md b/doc/api/environments.md index 3cbb6076300..501fec70dd6 100644 --- a/doc/api/environments.md +++ b/doc/api/environments.md @@ -299,7 +299,7 @@ PUT /projects/:id/environments/:environments_id | `tier` | string | no | The tier of the new environment. Allowed values are `production`, `staging`, `testing`, `development`, and `other`. | ```shell -curl --request PUT --data "name=staging&external_url=https://staging.gitlab.example.com" \ +curl --request PUT --data "external_url=https://staging.gitlab.example.com" \ --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/environments/1" ``` diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 39ee028faa0..c27075a9a53 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -3077,6 +3077,7 @@ Input type: `EnvironmentCreateInput` | Name | Type | Description | | ---- | ---- | ----------- | | <a id="mutationenvironmentcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| <a id="mutationenvironmentcreateclusteragentid"></a>`clusterAgentId` | [`ClustersAgentID`](#clustersagentid) | Cluster agent of the environment. | | <a id="mutationenvironmentcreateexternalurl"></a>`externalUrl` | [`String`](#string) | External URL of the environment. | | <a id="mutationenvironmentcreatename"></a>`name` | [`String!`](#string) | Name of the environment. | | <a id="mutationenvironmentcreateprojectpath"></a>`projectPath` | [`ID!`](#id) | Full path of the project. | diff --git a/doc/development/database/adding_database_indexes.md b/doc/development/database/adding_database_indexes.md index 7b29b1b14de..23a12413975 100644 --- a/doc/development/database/adding_database_indexes.md +++ b/doc/development/database/adding_database_indexes.md @@ -429,7 +429,7 @@ Use the asynchronous index helpers on your local environment to test changes for For very large tables, index destruction can be a challenge to manage. While `remove_concurrent_index` removes indexes in a way that does not block ordinary traffic, it can still be problematic if index destruction runs for -during `autovacuum`. Necessary database operations like `autovacuum` cannot run, and +many hours. Necessary database operations like `autovacuum` cannot run, and the deployment process on GitLab.com is blocked while waiting for index destruction to finish. diff --git a/doc/development/service_ping/implement.md b/doc/development/service_ping/implement.md index 2cabd6c40e1..0677e8febf3 100644 --- a/doc/development/service_ping/implement.md +++ b/doc/development/service_ping/implement.md @@ -339,8 +339,6 @@ Implemented using Redis methods [PFADD](https://redis.io/commands/pfadd/) and [P Name format for Redis HLL events `{hll_counters}_<name>` - [See Metric name](metrics_dictionary.md#metric-name) for a complete guide on metric naming suggestion. - Example names: `users_creating_epics`, `users_triggering_security_scans`. - `aggregation`: may be set to a `:daily` or `:weekly` key. Defines how counting data is stored in Redis. diff --git a/doc/development/service_ping/metrics_dictionary.md b/doc/development/service_ping/metrics_dictionary.md index debe1cca37e..d53400276d0 100644 --- a/doc/development/service_ping/metrics_dictionary.md +++ b/doc/development/service_ping/metrics_dictionary.md @@ -32,7 +32,7 @@ Each metric is defined in a separate YAML file consisting of a number of fields: | Field | Required | Additional information | |---------------------|----------|----------------------------------------------------------------| | `key_path` | yes | JSON key path for the metric, location in Service Ping payload. | -| `name` | no | Metric name suggestion. Can replace the last part of `key_path`. | +| `name` (deprecated) | no | Metric name suggestion. Does not have any impact on the Service Ping payload, only serves as documentation. | | `description` | yes | | | `product_section` | yes | The [section](https://gitlab.com/gitlab-com/www-gitlab-com/-/blob/master/data/sections.yml). | | `product_stage` | yes | The [stage](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/stages.yml) for the metric. | @@ -71,7 +71,11 @@ NOTE: We can't control what the metric's `key_path` is, because some of them are generated dynamically in `usage_data.rb`. For example, see [Redis HLL metrics](implement.md#redis-hll-counters). -### Metric name +### Metric name (deprecated) + +WARNING: +This feature was deprecated in GitLab 16.1 +and is planned for [removal](https://gitlab.com/gitlab-org/gitlab/-/issues/411602) in 16.2. To improve metric discoverability by a wider audience, each metric with instrumentation added at an appointed `key_path` receives a `name` attribute @@ -86,7 +90,11 @@ Metric name suggestions can contain two types of elements: For a metric name to be valid, it must not include any prompt, and fixed suggestions must not be changed. -#### Generate a metric name suggestion +#### Generate a metric name suggestion (deprecated) + +WARNING: +This feature was deprecated in GitLab 16.1 +and is planned for [removal](https://gitlab.com/gitlab-org/gitlab/-/issues/411602) in 16.2. The metric YAML generator can suggest a metric name for you. To generate a metric name suggestion, first instrument the metric at the provided `key_path`. @@ -149,7 +157,11 @@ We use the following categories to classify a metric: An aggregate metric is a metric that is the sum of two or more child metrics. Service Ping uses the data category of the aggregate metric to determine whether or not the data is included in the reported Service Ping payload. -### Metric name suggestion examples +### Metric name suggestion examples (deprecated) + +WARNING: +This feature was deprecated in GitLab 16.1 +and is planned for [removal](https://gitlab.com/gitlab-org/gitlab/-/issues/411602) in 16.2. #### Metric with `data_source: database` diff --git a/doc/development/service_ping/review_guidelines.md b/doc/development/service_ping/review_guidelines.md index feb85a491ad..71c16820e23 100644 --- a/doc/development/service_ping/review_guidelines.md +++ b/doc/development/service_ping/review_guidelines.md @@ -53,8 +53,6 @@ are regular backend changes. - Perform a first-pass review on the merge request and suggest improvements to the author. - Check the [metrics location](metrics_dictionary.md#metric-key_path) in the Service Ping JSON payload. -- Suggest that the author checks the [naming suggestion](metrics_dictionary.md#generate-a-metric-name-suggestion) while - generating the metric's YAML definition. - Add the `~database` label and ask for a [database review](../database_review.md) for metrics that are based on Database. - Add `~Data Warehouse::Impact Check` for any database metric that has a query change. Changes in queries can affect [data operations](https://about.gitlab.com/handbook/business-technology/data-team/how-we-work/triage/#gitlabcom-db-structure-changes). diff --git a/doc/development/work_items_widgets.md b/doc/development/work_items_widgets.md index bafceccdafe..6c453f49db1 100644 --- a/doc/development/work_items_widgets.md +++ b/doc/development/work_items_widgets.md @@ -146,18 +146,24 @@ You can update widgets using custom fine-grained mutations (for example, `WorkIt ### Widget callbacks When updating the widget together with the work item's mutation, backend code should be implemented using -callback classes that inherit from `Issuable::Callbacks::Base`. These classes have callback methods +callback classes that inherit from `WorkItems::Callbacks::Base`. These classes have callback methods that are named similar to ActiveRecord callbacks and behave similarly. -Callback classes with the same name as the widget are automatically used. For example, `Issuable::Callbacks::Milestone` -is called when the work item has the milestone widget. To use a different class, you can override the `callback_class` +Callback classes with the same name as the widget are automatically used. For example, `WorkItems::Callbacks::AwardEmoji` +is called when the work item has the `AwardEmoji` widget. To use a different class, you can override the `callback_class` class method. +When a callback class is also used for other issuables like merge requests or epics, define the class under `Issuable::Callbacks` +and add the class to the list in `IssuableBaseService#available_callbacks`. These are executed for both work item updates and +legacy issue, merge request, or epic updates. + #### Available callbacks - `after_initialize` is called after the work item is initialized by the `BuildService` and before the work item is saved by the `CreateService` and `UpdateService`. This callback runs outside the creation or update database transaction. +- `before_update` is called before the work item is saved by the `UpdateService`. This callback runs + within the update database transaction. - `after_update_commit` is called after the DB update transaction is committed by the `UpdateService`. - `after_save_commit` is called after the creation or DB update transaction is committed by the `CreateService` or `UpdateService`. diff --git a/doc/operations/error_tracking.md b/doc/operations/error_tracking.md index d38210dab8d..224f04ad24f 100644 --- a/doc/operations/error_tracking.md +++ b/doc/operations/error_tracking.md @@ -26,7 +26,7 @@ For error tracking to work, you need: Whatever backend you choose, the [error tracking UI](#error-tracking-list) is the same. -## Integrated error tracking +## Integrated error tracking **(FREE SAAS)** This guide provides you with basics of setting up error tracking for your project, using examples from different languages. @@ -42,64 +42,59 @@ According to the Sentry [data model](https://develop.sentry.dev/sdk/envelopes/#d - [User feedback](https://develop.sentry.dev/sdk/envelopes/#user-feedback) (also known as user report) - [Client report](https://develop.sentry.dev/sdk/client-reports/) -### Enable error tracking for your project +### Enable error tracking for a project Regardless of the programming language you use, you first need to enable error tracking for your GitLab project. -The `gitlab.com` instance is used in this guide. +The `GitLab.com` instance is used in this guide. -> This guide assumes that you already have a project for which you want to enable error tracking. Refer to [the GitLab documentation](../user/project/index.md) if you need to create a new one. +Prerequisites: -To enable error tracking: +- You have a project for which you want to enable error tracking. To learn how to create a new one, see [Create a project](../user/project/index.md). -1. In your project, go to **Settings > Monitor**. Expand the `Error Tracking` tab: +To enable error tracking with GitLab as the backend: -  - -1. Enable Error Tracking with GitLab as backend: - -  - -1. Select `Save Changes`. +1. In your project, go to **Settings > Monitor**. +1. Expand **Error Tracking**. +1. Under **Enable error tracking**, select the **Active** checkbox. +1. Under **Error tracking backend**, select **GitLab**. +1. Select **Save changes**. -1. Copy the DSN string. You need it for configuring your SDK implementation. +1. Copy the Data Source Name (DSN) string. You need it for configuring your SDK implementation. ## Error tracking list -Once your application has emitted errors to the Error Tracking API through the Sentry SDK, +After your application has emitted errors to the Error Tracking API through the Sentry SDK, they should be available under the **Monitor > Error Tracking** tab/section. - + ## Error tracking details - +In the Error Details view you can see more details of the exception, including number of occurrences, +users affected, first seen, and last seen dates. -The Error Details view allows you to see more details of the Exception, including number of occurrences, users affected, first seen, and last seen. +You can also review the stack trace. -You can also review the Stack trace. + ## Emit errors ### Supported language SDKs & Sentry types -In the following table, you can see a list of all event types available through Sentry SDK, and whether they are currently supported by GitLab Error Tracking. +In the following table, you can see a list of all event types available through Sentry SDK, and whether they are supported by GitLab Error Tracking. -<!-- markdownlint-disable MD044 --> +| Language | Tested SDK client and version | Endpoint | Supported item types | +| -------- | ------------------------------- | ---------- | --------------------------------- | +| Go | `sentry-go/0.20.0` | `store` | `exception`, `message` | +| Java | `sentry.java:6.18.1` | `envelope` | `exception`, `message` | +| NodeJS | `sentry.javascript.node:7.38.0` | `envelope` | `exception`, `message` | +| PHP | `sentry.php/3.18.0` | `store` | `exception`, `message` | +| Python | `sentry.python/1.21.0` | `envelope` | `exception`, `message`, `session` | +| Ruby | `sentry.ruby:5.9.0` | `envelope` | `exception`, `message` | +| Rust | `sentry.rust/0.31.0` | `envelope` | `exception`, `message`, `session` | -| LANGUAGE | TESTED SDK CLIENT/VERSION | ENDPOINT | SUPPORTED ITEM TYPES | -| --- | --- | --- | --- | -| Go | sentry-go/0.20.0 | store | exception, message | -| Java | sentry.java:6.18.1 | envelope | exception, message | -| NodeJS | sentry.javascript.node:7.38.0 | envelope | exception, message | -| PHP | sentry.php/3.18.0 | store | exception, message | -| Python | sentry.python/1.21.0 | envelope | exception, message, session | -| Ruby | sentry.ruby:5.9.0 | envelope | exception, message | -| Rust | sentry.rust/0.31.0 | envelope | exception, message, session | - -<!-- markdownlint-enable --> - -For a detailed version of this matrix, see [this issue](https://gitlab.com/gitlab-org/opstrace/opstrace/-/issues/1737). +For a detailed version of this table, see [this issue](https://gitlab.com/gitlab-org/opstrace/opstrace/-/issues/1737). ## Usage examples @@ -112,34 +107,34 @@ see [Sentry SDK's documentation](https://docs.sentry.io/) specific to the used l ## Rotate generated DSN -The Sentry DSN (client key) is a secret and it should not be exposed to the public. +The Sentry Data Source Name, or DSN, (client key) is a secret and it should not be exposed to the public. In case of a leak, rotate the Sentry DSN by following these steps: -1. [Create an access token](/ee/user/profile/personal_access_tokens.md#create-a-personal-access-token) -by selecting your profile picture in GitLab.com. -Then select Preferences, and then Access Token. Make sure you add API scope. -1. Using the [error tracking API](/ee/api/error_tracking.md), -create a new Sentry DSN: +1. [Create an access token](../user/profile/personal_access_tokens.md#create-a-personal-access-token) + by selecting your profile picture in GitLab.com. + Then select Preferences, and then Access Token. Make sure you add API scope. +1. Using the [error tracking API](../api/error_tracking.md), + create a new Sentry DSN: -```shell -curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" ---header "Content-Type: application/json" \ - "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys" -``` + ```shell + curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" + --header "Content-Type: application/json" \ + "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys" + ``` -- Get the available client keys (Sentry DSNs). - Ensure that the newly created Sentry DSN is in place. - Then note down the key ID of the old client key: +1. Get the available client keys (Sentry DSNs). + Ensure that the newly created Sentry DSN is in place. + Then note down the key ID of the old client key: -```shell -curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys" -``` + ```shell + curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys" + ``` -- Delete the old client key. +1. Delete the old client key. -```shell -curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys/<key_id>" -``` + ```shell + curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<your_project_number>/error_tracking/client_keys/<key_id>" + ``` ## Debug SDK issues @@ -158,51 +153,53 @@ so users can view a list of Sentry errors in GitLab. You can sign up to the cloud-hosted [Sentry](https://sentry.io) or deploy your own [on-premise instance](https://github.com/getsentry/onpremise/). -### Enabling Sentry +### Enable Sentry integration for a project + +GitLab provides a way to connect Sentry to your project. + +Prerequisites: -GitLab provides a way to connect Sentry to your project. You need at -least Maintainer [permissions](../user/permissions.md) to enable the Sentry integration. +- You must have at least the Developer role for the project. + +To enable the Sentry integration: 1. Sign up to Sentry.io or [deploy your own](#deploying-sentry) Sentry instance. -1. [Create](https://docs.sentry.io/product/sentry-basics/guides/integrate-frontend/create-new-project/) -a new Sentry project. For each GitLab project that you want to integrate, -you should create a new Sentry project. +1. [Create a new Sentry project](https://docs.sentry.io/product/sentry-basics/guides/integrate-frontend/create-new-project/). + For each GitLab project that you want to integrate, you should create a new Sentry project. 1. Find or generate a [Sentry auth token](https://docs.sentry.io/api/auth/#auth-tokens). For the SaaS version of Sentry, you can find or generate the auth token at [https://sentry.io/api/](https://sentry.io/api/). You should give the token at least the following scopes: `project:read`, `event:read`, and `event:write` (for resolving events). -1. In GitLab, enable error tracking: +1. In GitLab, enable and configure Error Tracking: 1. On the top bar, select **Main menu > Projects** and find your project. 1. On the left sidebar, select **Monitor > Error Tracking**. - 1. Select **Enable error tracking**. -1. In GitLab, ensure error tracking is active. - 1. On the left sidebar, select **Settings > Monitor**. - 1. Expand **Error Tracking**. - 1. Ensure the **Active** checkbox is selected. -1. In the **Sentry API URL** box, enter your Sentry hostname. For example, -enter `https://sentry.example.com`. -For the SaaS version of Sentry, the hostname is `https://sentry.io`. -1. In the **Auth Token** box, enter the token you previously generated. -1. To test the connection to Sentry and populate the **Project** dropdown list, -select **Connect**. -1. From the **Project** list, choose a Sentry project to link to your GitLab project. -1. Select **Save changes**. + 1. Under **Enable error tracking**, select the **Active** checkbox. + 1. Under **Error tracking backend**, select **Sentry**. + 1. Under **Sentry API URL**, enter your Sentry hostname. For example, + enter `https://sentry.example.com`. + For the SaaS version of Sentry, the hostname is `https://sentry.io`. + 1. Under **Auth Token**, enter the token you previously generated. + 1. To test the connection to Sentry and populate the **Project** dropdown list, + select **Connect**. + 1. From the **Project** list, choose a Sentry project to link to your GitLab project. + 1. Select **Save changes**. You can now visit **Monitor > Error Tracking** in your project's sidebar to [view a list](#error-tracking-list) of Sentry errors. -### Enabling GitLab issues links +### Sentry's GitLab integration You might also want to enable Sentry's GitLab integration by following the steps -in the [Sentry documentation](https://docs.sentry.io/product/integrations/gitlab/) +in the [Sentry documentation](https://docs.sentry.io/product/integrations/gitlab/). ### Enable GitLab Runner To configure GitLab Runner with Sentry, you must add the value for `sentry_dsn` -to your GitLab Runner's `config.toml` configuration file, as referenced in -[GitLab Runner Advanced Configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html). -While setting up Sentry, select **Go** if you're asked for the project type. +to your runner's `config.toml` configuration file, as referenced in +[Advanced configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html). + +If you're asked for the project type while setting up Sentry, select **Go**. If you see the following error in your GitLab Runner logs, then you should specify the deprecated diff --git a/doc/operations/img/Monitor-detail_errors.png b/doc/operations/img/Monitor-detail_errors.png Binary files differdeleted file mode 100644 index ac4234a3811..00000000000 --- a/doc/operations/img/Monitor-detail_errors.png +++ /dev/null diff --git a/doc/operations/img/Monitor-list_errors.png b/doc/operations/img/Monitor-list_errors.png Binary files differdeleted file mode 100644 index 0f1feca6329..00000000000 --- a/doc/operations/img/Monitor-list_errors.png +++ /dev/null diff --git a/doc/operations/img/Monitor_tab-post-enable.png b/doc/operations/img/Monitor_tab-post-enable.png Binary files differdeleted file mode 100644 index 91f0a0d8d27..00000000000 --- a/doc/operations/img/Monitor_tab-post-enable.png +++ /dev/null diff --git a/doc/operations/img/Monitor_tab-pre-enable.png b/doc/operations/img/Monitor_tab-pre-enable.png Binary files differdeleted file mode 100644 index 2984110a7d7..00000000000 --- a/doc/operations/img/Monitor_tab-pre-enable.png +++ /dev/null diff --git a/doc/operations/img/detail_errors_v16_0.png b/doc/operations/img/detail_errors_v16_0.png Binary files differnew file mode 100644 index 00000000000..3b63c565e56 --- /dev/null +++ b/doc/operations/img/detail_errors_v16_0.png diff --git a/doc/operations/img/list_errors_v16_0.png b/doc/operations/img/list_errors_v16_0.png Binary files differnew file mode 100644 index 00000000000..0ddf7f93616 --- /dev/null +++ b/doc/operations/img/list_errors_v16_0.png diff --git a/doc/user/project/pages/index.md b/doc/user/project/pages/index.md index a68ad604989..9b299b46f75 100644 --- a/doc/user/project/pages/index.md +++ b/doc/user/project/pages/index.md @@ -129,12 +129,14 @@ If you are running a self-managed instance of GitLab, ### Configure GitLab Pages in a Helm Chart (Kubernetes) instance To configure GitLab Pages on instances deployed via Helm chart (Kubernetes), use either: - -- [The `gitlab-pages` subchart](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/). -- [An external GitLab Pages instance](https://docs.gitlab.com/charts/advanced/external-gitlab-pages/). + +- [The `gitlab-pages` subchart](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/). +- [An external GitLab Pages instance](https://docs.gitlab.com/charts/advanced/external-gitlab-pages/). ## Security for GitLab Pages +### Namespaces that contain `.` + If your username is `example`, your GitLab Pages website is located at `example.gitlab.io`. GitLab allows usernames to contain a `.`, so a user named `bar.example` could create a GitLab Pages website `bar.example.gitlab.io` that effectively is a subdomain of your @@ -153,3 +155,9 @@ document.cookie = "key=value;domain=example.gitlab.io"; This issue doesn't affect users with a custom domain, or users who don't set any cookies manually with JavaScript. + +### Shared cookies + +By default, every project in a group shares the same domain, for example, `group.gitlab.io`. This means that cookies are also shared for all projects in a group. + +To ensure each project uses different cookies, enable the Pages [unique domains](introduction.md#enable-unique-domains) feature for your project. diff --git a/doc/user/project/pages/introduction.md b/doc/user/project/pages/introduction.md index 05d0b461fea..f7d273d198d 100644 --- a/doc/user/project/pages/introduction.md +++ b/doc/user/project/pages/introduction.md @@ -94,6 +94,25 @@ the group must be at the top level and not a subgroup. For [project websites](../../project/pages/getting_started_part_one.md#project-website-examples), you can create your project first and access it under `http(s)://namespace.example.io/projectname`. +## Enable unique domains + +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/9347) in GitLab 15.9 [with a flag](../../../administration/feature_flags.md) named `pages_unique_domain`. Disabled by default. +> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/388151) in GitLab 15.11. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, +ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `pages_unique_domain`. +On GitLab.com, by default this feature is available. + +By default, every project in a group shares the same domain, for example, `group.gitlab.io`. This means that cookies are also shared for all projects in a group. + +To ensure your project uses a unique Pages domain, enable the unique domains feature for the project: + +1. On the top bar, select **Main menu > Projects** and find your project. +1. On the left sidebar, select **Settings > Pages**. +1. Select the **Use unique domain** checkbox. +1. Select **Save changes**. + ## Specific configuration options for Pages Learn how to set up GitLab CI/CD for specific use cases. |
