Final slides for 20241107

slides/2024-11-07/150_gitlab/000_intro/architecture.md

@@ -8,7 +8,7 @@ Consists of multiple services internally
 
 ![](150_gitlab/000_intro/components.drawio.svg) <!-- .element: style="width: 75%;" -->
 
-GitLab offers reference architectures [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/reference_architectures/)
+GitLab offers reference architectures [](https://docs.gitlab.com/ee/administration/reference_architectures/)
 
 Sizing information included <i class="fa-duotone fa-stars fa-duotone-colors"></i>
 

slides/2024-11-07/150_gitlab/000_intro/product.md

@@ -36,19 +36,19 @@
 
 ## Options
 
-Same pricing [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/) and features [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/self-managed/feature-comparison/) for cloud and self-hosted
+Same pricing [](https://about.gitlab.com/pricing/) and features [](https://about.gitlab.com/pricing/self-managed/feature-comparison/) for cloud and self-hosted
 
 ### Free
 
 Based on open-source project, allows your own runners, static websites
 
-gitlab.com: 5GB storage [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/#do-the-storage-and-transfer-limits-apply-to-self-managed), 400 minutes/month [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/#why-do-i-need-to-enter-credit-debit-card-details-for-free-pipeline-minutes), 5 users/group [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/#when-will-the-user-limits-be-effective)
+gitlab.com: 5GB storage [](https://about.gitlab.com/pricing/#do-the-storage-and-transfer-limits-apply-to-self-managed), 400 minutes/month [](https://about.gitlab.com/pricing/#why-do-i-need-to-enter-credit-debit-card-details-for-free-pipeline-minutes), 5 users/group [](https://about.gitlab.com/pricing/#when-will-the-user-limits-be-effective)
 
-### Premium [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/premium/) ($29/user/month)
+### Premium [](https://about.gitlab.com/pricing/premium/) ($29/user/month)
 
 **CI/CD-focused:** Faster code reviews, advanced CI/CD, enterprise agile planning, release controls, support, higher limits
 
-### Ultimate [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://about.gitlab.com/pricing/ultimate/) ($99/user/month)
+### Ultimate [](https://about.gitlab.com/pricing/ultimate/) ($99/user/month)
 
 **Security-focused:** Advanced security testing, security risk mitigation, compliance, portfolio management, value stream management, free guest users
 

slides/2024-11-07/150_gitlab/010_projects/slides.md

@@ -10,7 +10,7 @@
 
 <i class="fa-duotone fa-list-tree fa-4x fa-duotone-colors" style="float: right;"></i>
 
-Groups [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/group/subgroups/) are used for organizing projects
+Groups [](https://docs.gitlab.com/ee/user/group/subgroups/) are used for organizing projects
 
 - by organizational units
 - by architectural components
@@ -33,7 +33,7 @@ Groups...
 
 <i class="fa-duotone fa-people-roof fa-4x fa-duotone-colors-inverted" style="float: right;"></i>
 
-Project [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/) offer collaboration
+Project [](https://docs.gitlab.com/ee/user/project/) offer collaboration
 
 - Create content using code, wikis and pages
 - Review work using merge requests

slides/2024-11-07/150_gitlab/030_authentication/slides.md

@@ -12,12 +12,12 @@
 
 We have already used username and password
 
-Users can create *Personal Access Tokens* [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
+Users can create *Personal Access Tokens* [](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
 
 - Used instead of password for `git` operations
 - Used to access the API (more later)
 
-Users can add SSH public keys [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/ssh.html)
+Users can add SSH public keys [](https://docs.gitlab.com/ee/user/ssh.html)
 
 - Used for `git` operations
 
@@ -42,17 +42,17 @@ Permissions inherited from user
 
 ### Scoped to group
 
-Group Deploy Tokens (read only) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/deploy_tokens/)
+Group Deploy Tokens (read only) [](https://docs.gitlab.com/ee/user/project/deploy_tokens/)
 
-Group Access Tokens (configurable) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html)
+Group Access Tokens (configurable) [](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html)
 
 ### Scoped to project
 
-Project Access Tokens (configurable) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html)
+Project Access Tokens (configurable) [](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html)
 
-Project Deploy Token (read-only) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/deploy_tokens/)
+Project Deploy Token (read-only) [](https://docs.gitlab.com/ee/user/project/deploy_tokens/)
 
-Project Deploy SSH Key (read-write) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/deploy_keys/)
+Project Deploy SSH Key (read-write) [](https://docs.gitlab.com/ee/user/project/deploy_keys/)
 
 ### Hands-On
 

slides/2024-11-07/150_gitlab/040_profile/slides.md

@@ -16,9 +16,9 @@ Notifications
 
 Personal access tokens
 
-SSH keys [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/ssh.html)
+SSH keys [](https://docs.gitlab.com/ee/user/ssh.html)
 
-GPG keys [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/)
+GPG keys [](https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/)
 
 Preferences
 

slides/2024-11-07/150_gitlab/060_api/slides.md

@@ -10,11 +10,11 @@
 
 <i class="fa-duotone fa-gears fa-4x fa-duotone-colors-inverted" style="float: right;"></i>
 
-GitLab offers a very extensive API [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/)
+GitLab offers a very extensive API [](https://docs.gitlab.com/ee/api/)
 
 The API is located at `/api/v4/`
 
-The notes how to use the API [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/#how-to-use-the-api) include:
+The notes how to use the API [](https://docs.gitlab.com/ee/api/#how-to-use-the-api) include:
 
 - Authentication (see next slides)
 - Pagination (see next slides)
@@ -26,15 +26,15 @@ The notes how to use the API [<i class="fa-solid fa-arrow-up-right-from-square">
 
 ### Resources
 
-Resources for every aspect of GitLab [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/api_resources.html)
+Resources for every aspect of GitLab [](https://docs.gitlab.com/ee/api/api_resources.html)
 
 ---
 
 ## Authentication
 
 <i class="fa-duotone fa-key-skeleton fa-4x fa-duotone-colors-inverted" style="float: right;"></i>
 
-Authentication [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/#authentication) using a token (personal/group/project)
+Authentication [](https://docs.gitlab.com/ee/api/#authentication) using a token (personal/group/project)
 
 Token requires `read_api` or `api` scope
 
@@ -53,7 +53,7 @@ curl "http://gitlab.${DOMAIN}/api/v4/projects" \
 
 <i class="fa-duotone fa-scroll-old fa-4x fa-duotone-colors-inverted" style="float: right;"></i>
 
-Pagination [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/#pagination) done by offset
+Pagination [](https://docs.gitlab.com/ee/api/#pagination) done by offset
 
 GitLab API returns HTTP headers:
 
@@ -66,7 +66,7 @@ GitLab API returns HTTP headers:
 | `x-total`       | Total number of items    |
 | `x-total-pages` | Total number of pages    |
 
-Keyset-based pagination [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/api/#keyset-based-pagination) is also supported
+Keyset-based pagination [](https://docs.gitlab.com/ee/api/#keyset-based-pagination) is also supported
 
 ---
 
@@ -99,7 +99,7 @@ Keyset-based pagination [<i class="fa-solid fa-arrow-up-right-from-square"></i>]
 
 ### `glab`
 
-glab [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://gitlab.com/gitlab-org/cli) was adopted as the official CLI in November 2022:
+glab [](https://gitlab.com/gitlab-org/cli) was adopted as the official CLI in November 2022:
 
 1. Configure `glab`:
 

slides/2024-11-07/150_gitlab/090_maintenance/slides.md

@@ -12,15 +12,15 @@
 
 ### Messages
 
-Show a banner announcing maintenance work [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/broadcast_messages.html)
+Show a banner announcing maintenance work [](https://docs.gitlab.com/ee/administration/broadcast_messages.html)
 
 Configure under Menu <i class="fa-regular fa-arrow-right"></i> Admin <i class="fa-regular fa-arrow-right"></i> Messages
 
 Can also show up in git response
 
 ### Maintenance Mode (Premium feature)
 
-Switch GitLab into read-only mode [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/maintenance_mode/)
+Switch GitLab into read-only mode [](https://docs.gitlab.com/ee/administration/maintenance_mode/)
 
 ---
 

slides/2024-11-07/150_gitlab/100_reverse_proxy/slides.md

@@ -120,16 +120,16 @@ Multiple options
 
 ### GitLab with certificate file <i class="fa-duotone fa-traffic-light-stop" style="--fa-secondary-color: red;"></i>
 
-Configure GitLab with key and certificate [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/omnibus/settings/ssl.html#other-certificate-authorities)
+Configure GitLab with key and certificate [](https://docs.gitlab.com/omnibus/settings/ssl.html#other-certificate-authorities)
 
 ### GitLab with Let's Encrypt <i class="fa-duotone fa-traffic-light-slow" style="--fa-secondary-color: yellow;"></i>
 
-Configure GitLab to use Let's Encrypt [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration)
+Configure GitLab to use Let's Encrypt [](https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration)
 
 ### Reverse proxy with custom certificate <i class="fa-duotone fa-traffic-light-slow" style="--fa-secondary-color: yellow;"></i>
 
-Configure traefik to use custom certificate [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://doc.traefik.io/traefik/https/tls/#user-defined)
+Configure traefik to use custom certificate [](https://doc.traefik.io/traefik/https/tls/#user-defined)
 
 ### Reverse proxy with Let's Encrypt <i class="fa-duotone fa-traffic-light-go" style="--fa-secondary-color: green;"></i>
 
-Configure traefik to use Let's Encrypt with DNS challenge [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/)
+Configure traefik to use Let's Encrypt with DNS challenge [](https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/)

slides/2024-11-07/150_gitlab/120_ldap/slides.md

@@ -10,15 +10,17 @@
 
 <i class="fa-duotone fa-book fa-4x fa-duotone-colors" style="float: right;"></i>
 
-GitLab can directly connect to LDAP servers [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/auth/ldap/)
+GitLab can directly connect to LDAP servers [](https://docs.gitlab.com/ee/administration/auth/ldap/)
+- Create internal users for authenticated users
+- Sync LDAP groups to GitLab groups [](https://docs.gitlab.com/ee/administration/auth/ldap/ldap_synchronization.html#group-sync) (requires Premium)
 
-LDAP backend based on OpenLDAP [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://www.openldap.org/)
+### Example setup
 
-Management UI based on Keycloak [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://www.keycloak.org/)
+LDAP backend based on OpenLDAP [](https://www.openldap.org/)
 
-![](150_gitlab/120_ldap/ldap.drawio.svg) <!-- .element: style="width: 90%;" -->
+Management UI based on Keycloak [](https://www.keycloak.org/)
 
-Group sync [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/auth/ldap/ldap_synchronization.html#group-sync) only available in Premium
+![](150_gitlab/120_ldap/ldap.drawio.svg) <!-- .element: style="width: 90%;" -->
 
 ---
 
@@ -37,10 +39,8 @@ docker volume create keycloak_data
 Deploy additional components:
 
 ```bash
-# Switch to directory for this topics
-cd ../120_ldap/
-
 # Deploy components for LDAP
+cd ../120_ldap/
 docker compose --project-name gitlab \
     --file ../100_reverse_proxy/compose.yml \
     --file compose.yml \
@@ -64,4 +64,23 @@ Login using one these users
 
 ## Alternative: Single Sign-On
 
-XXX https://docs.gitlab.com/ee/integration/saml.html
+GitLab can use an SAML Identity Provider to authenticate users [](https://docs.gitlab.com/ee/integration/saml.html)
+
+```ruby
+gitlab_rails['omniauth_enabled'] = true
+gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+gitlab_rails['omniauth_block_auto_created_users'] = false
+gitlab_rails['omniauth_auto_link_saml_user'] = true
+gitlab_rails['omniauth_providers'] = [{
+  name: "saml",
+  label: "my-label",
+  args: {
+    assertion_consumer_service_url: "https://gitlab.seatN.inmylab.de/users/auth/saml/callback",
+    idp_cert_fingerprint: "<FINGERPRINT>",
+    idp_sso_target_url: "https://login.foo.com/bar",
+    issuer: "MyIssuer",
+    name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+    attribute_statements: { name: ['name'], first_name: ['first_name'], last_name: ['last_name'], nickname: ['username'] }
+    }
+}]
+```

slides/2024-11-07/150_gitlab/125_smtp/slides.md

@@ -10,7 +10,7 @@
 
 ## SMTP
 
-Outgoing emails for notifications [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/omnibus/settings/smtp.html) (many examples)
+Outgoing emails for notifications [](https://docs.gitlab.com/omnibus/settings/smtp.html) (many examples)
 
 ```
 # Connection information
@@ -40,7 +40,7 @@ gitlab_rails['smtp_pool'] = true
 
 ## Test SMTP
 
-Test the SMTP configuration [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/omnibus/settings/smtp.html#testing-the-smtp-configuration):
+Test the SMTP configuration [](https://docs.gitlab.com/omnibus/settings/smtp.html#testing-the-smtp-configuration):
 
 ```bash
 gitlab-rails console

slides/2024-11-07/150_gitlab/130_registries/slides.md

@@ -10,7 +10,7 @@
 
 <i class="fa-duotone fa-box-check fa-4x fa-duotone-colors" style="float: right;"></i>
 
-Use your favorite package manager against GitLab [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/package_registry/index.html)
+Use your favorite package manager against GitLab [](https://docs.gitlab.com/ee/user/packages/package_registry/index.html)
 
 Authentication using personal/group/project/job token
 
@@ -30,15 +30,15 @@ Authentication using personal/group/project/job token
 
 ## Container Registry
 
-Store container images in GitLab [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/container_registry/index.html)
+Store container images in GitLab [](https://docs.gitlab.com/ee/user/packages/container_registry/index.html)
 
 Authentication using personal or deploy token
 
 Naming convention: `gitlab.example.com/mynamespace/myproject`
 
-Integrated cleanup policy [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/container_registry/reduce_container_registry_storage.html#cleanup-policy)
+Integrated cleanup policy [](https://docs.gitlab.com/ee/user/packages/container_registry/reduce_container_registry_storage.html#cleanup-policy)
 
-Proxy for upstream images [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/dependency_proxy/)
+Proxy for upstream images [](https://docs.gitlab.com/ee/user/packages/dependency_proxy/)
 
 Optional S3 storage backend
 
@@ -59,13 +59,13 @@ registry['storage'] = {
 
 <i class="fa-duotone fa-box-taped fa-4x fa-duotone-colors" style="float: right;"></i>
 
-Store Terraform modules in GitLab [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/infrastructure_registry/index.html)
+Store Terraform modules in GitLab [](https://docs.gitlab.com/ee/user/packages/infrastructure_registry/index.html)
 
-More about Terraform modules [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/index.html)
+More about Terraform modules [](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/index.html)
 
 ### Sidenote
 
-GitLab stores Terraform state [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html)
+GitLab stores Terraform state [](https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html)
 
 No need for separate infrastructure
 

slides/2024-11-07/150_gitlab/140_troubleshooting/slides.md

@@ -10,23 +10,23 @@
 
 <i class="fa-duotone fa-briefcase-medical fa-4x fa-duotone-colors" style="float: right;"></i>
 
-GitLab comes with extensive troubleshooting guides [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/troubleshooting/)
+GitLab comes with extensive troubleshooting guides [](https://docs.gitlab.com/ee/administration/troubleshooting/)
 
 ### For example...
 
-Sidekiq (job processor) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/troubleshooting/sidekiq.html)
+Sidekiq (job processor) [](https://docs.gitlab.com/ee/administration/troubleshooting/sidekiq.html)
 
-GitLab rails [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/troubleshooting/gitlab_rails_cheat_sheet.html)
+GitLab rails [](https://docs.gitlab.com/ee/administration/troubleshooting/gitlab_rails_cheat_sheet.html)
 
 ### ...as well as tools...
 
-gitlabsos (omnibus, docker) [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://gitlab.com/gitlab-com/support/toolbox/gitlabsos/)
+gitlabsos (omnibus, docker) [](https://gitlab.com/gitlab-com/support/toolbox/gitlabsos/)
 
-kubesos [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://gitlab.com/gitlab-com/support/toolbox/kubesos)
+kubesos [](https://gitlab.com/gitlab-com/support/toolbox/kubesos)
 
 ### ...and tracing across logs
 
-Correlation IDs [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/ee/administration/troubleshooting/tracing_correlation_id.html)
+Correlation IDs [](https://docs.gitlab.com/ee/administration/troubleshooting/tracing_correlation_id.html)
 
 ---
 

slides/2024-11-07/150_gitlab/160_runner/slides.md

@@ -10,13 +10,13 @@
 
 <i class="fa-duotone fa-person-running fa-4x fa-duotone-colors" style="float: right;"></i>
 
-Runners [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/runner/) are used to execute jobs in GitLab CI
+Runners [](https://docs.gitlab.com/runner/) are used to execute jobs in GitLab CI
 
 Runner can be shared across the instance of GitLab
 
 They can be specific to a group or project
 
-Extensive configuration [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://docs.gitlab.com/runner/configuration/advanced-configuration.html)
+Extensive configuration [](https://docs.gitlab.com/runner/configuration/advanced-configuration.html)
 
 ### Tags
 
@@ -74,7 +74,7 @@ Jobs are executed in a dedicated container / pod
 
 ### Image cleanup
 
-docuum [<i class="fa-solid fa-arrow-up-right-from-square"></i>](https://github.com/stepchowfun/docuum) is able to remove least recently used images
+docuum [](https://github.com/stepchowfun/docuum) is able to remove least recently used images
 
 ---