diff options
Diffstat (limited to 'doc/administration/dedicated/index.md')
| -rw-r--r-- | doc/administration/dedicated/index.md | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/doc/administration/dedicated/index.md b/doc/administration/dedicated/index.md index 2889fb9b389..16efc353c84 100644 --- a/doc/administration/dedicated/index.md +++ b/doc/administration/dedicated/index.md @@ -38,7 +38,7 @@ After you first sign in to Switchboard, you must update your password and set up The following stages guide you through a series of four steps to provide the information required to create your GitLab Dedicated tenant. 1. Confirm account details: Confirm key attributes of your GitLab Dedicated account: - - Reference architecture: Corresponds with the number of users you provided to your account team when beginning the onboarding process. For more information, see [reference architectures](../../administration/reference_architectures/index.md). + - Reference architecture: Corresponds with the number of users you provided to your account team when beginning the onboarding process. For more information, see [reference architectures](../../subscriptions/gitlab_dedicated/index.md#availability-and-scalability). - Total repository storage size: Corresponds with the storage size you provided to your account team when beginning the onboarding process. - If you need to make changes to these attributes, [submit a support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). 1. Tenant configuration: Provides the minimum required information needed to create your GitLab Dedicated tenant: @@ -214,7 +214,9 @@ Make sure the AWS KMS keys are replicated to your desired primary, secondary and ## Configuration changes -To change or update the configuration for your GitLab Dedicated instance, open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with your request. You can request configuration changes for the options originally specified during onboarding, or for any of the following optional features. +Switchboard empowers the user to make limited configuration changes to their Dedicated Tenant Instance. As Switchboard matures further configuration changes will be made available. + +To change or update the configuration of your GitLab Dedicated instance, use Switchboard following the instructions in the relevant section or open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with your request. You can request configuration changes for the options originally specified during onboarding, or for any of the following optional features. The turnaround time to process configuration change requests is [documented in the GitLab handbook](https://about.gitlab.com/handbook/engineering/infrastructure/team/gitlab-dedicated/#handling-configuration-changes-for-tenant-environments). @@ -278,10 +280,22 @@ To enable an Outbound Private Link: GitLab then configures the tenant instance to create the necessary Endpoint Interfaces based on the service names you provided. Any matching outbound connections made from the tenant GitLab instance are directed through the PrivateLink into your VPC. -#### Custom certificates +### Custom certificates In some cases, the GitLab Dedicated instance can't reach an internal service you own because it exposes a certificate that can't be validated using a public Certification Authority (CA). In these cases, custom certificates are required. +#### Add a custom certificate with Switchboard + +1. Log in to [Switchboard](https://console.gitlab-dedicated.com/). +1. At the top of the page, select **Configuration**. +1. Expand **Custom Certificate Authorities**. +1. Select **+ Add Certificate**. +1. Paste the certificate into the text box. +1. Select **Save**. +1. Scroll up to the top of the page and select whether to apply the changes immediately or during the next maintenance window. + +#### Add a custom certificate with a Support Request + To request that GitLab add custom certificates when communicating with your services over PrivateLink, attach the custom public certificate files to your [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). #### Maximum number of reverse PrivateLink connections @@ -292,6 +306,19 @@ GitLab Dedicated limits the number of reverse PrivateLink connections to 10. GitLab Dedicated allows you to control which IP addresses can access your instance through an IP allowlist. +#### Add an IP to the allowlist with Switchboard + +1. Log in to [Switchboard](https://console.gitlab-dedicated.com/). +1. At the top of the page, select **Configuration**. +1. Expand **Allowed Source List Config / IP allowlist**. +1. Turn on the **Enable** toggle. +1. Select **Add Item**. +1. Enter the IP address and description. To add another IP address, repeat steps 5 and 6. +1. Select **Save**. +1. Scroll up to the top of the page and select whether to apply the changes immediately or during the next maintenance window. + +#### Add an IP to the allowlist with a Support Request + Specify a comma separated list of IP addresses that can access your GitLab Dedicated instance in your [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). After the configuration has been applied, when an IP not on the allowlist tries to access your instance, the connection is refused. ### SAML @@ -303,6 +330,23 @@ Prerequisites: - You must configure the identity provider before sending the required data to GitLab. +#### Activate SAML with Switchboard + +To activate SAML for your GitLab Dedicated instance: + +1. Log in to [Switchboard](https://console.gitlab-dedicated.com/). +1. At the top of the page, select **Configuration**. +1. Expand **SAML Config**. +1. Turn on the **Enable** toggle. +1. Complete the fields. +1. Select **Save**. +1. Scroll up to the top of the page and select whether to apply the changes immediately or during the next maintenance window. +1. To verify the SAML configuration is successful: + - Check that the SSO button description is displayed on your instance's sign-in page. + - Go to the metadata URL of your instance (`https://INSTANCE-URL/users/auth/saml/metadata`). This page can be used to simplify much of the configuration of the identity provider, and manually validate the settings. + +#### Activate SAML with a Support Request + To activate SAML for your GitLab Dedicated instance: 1. To make the necessary changes, include the desired [SAML configuration block](../../integration/saml.md#configure-saml-support-in-gitlab) for your GitLab application in your [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). At a minimum, GitLab needs the following information to enable SAML for your instance: |