gitlab-org--gitlab-foss/doc/administration/monitoring/ip_allowlist.md

1.5 KiB

stage group info
Data Stores Application Performance To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

IP whitelist (FREE SELF)

NOTE: We intend to rename IP whitelist as IP allowlist.

GitLab provides some monitoring endpoints that provide health check information when probed.

To control access to those endpoints via IP whitelisting, you can add single hosts or use IP ranges:

Omnibus

  1. Open /etc/gitlab/gitlab.rb and add or uncomment the following:

    gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
    
  2. Save the file and reconfigure GitLab for the changes to take effect.


Helm chart

You can set the required IPs under the gitlab.webservice.monitoring.ipWhitelist key. For example:

gitlab:
   webservice:
      monitoring:
         # Monitoring IP whitelist
         ipWhitelist:
         - 0.0.0.0/0 # Default

Source

  1. Edit config/gitlab.yml:

    monitoring:
      # by default only local IPs are allowed to access monitoring resources
      ip_whitelist:
        - 127.0.0.0/8
        - 192.168.0.1
    
  2. Save the file and restart GitLab for the changes to take effect.