Skip to content

Extending Production Readiness: The Component Ownership Model

Summary

Propose a new process and handbook page to guide teams through bringing new (non-Runway) infrastructure components online for GitLab.com. This process will ensure components are designed for maximum reusability across GitLab's deployment models (Dedicated, FedRAMP, Self-Managed) while maintaining operational excellence.

The process would be an extension to the current Production Readiness process, but with some differences:

  1. A strong emphasis on pushing ownership of new infrastructure components left, towards the teams that propose them
  2. A strong emphasis on maintaining a clear separation of IaC between the new components and the underlying infrastructure platform. New components should not be defined in Config-Mgmt, k8s-workloads but instead should be defined in their own repositories, owned by the appropriate application teams and integrated into the platform as modules (ie, Terraform Module, Helm Chart, Metrics-Catalog definitions, etc).
  3. Opinionated paved paths for new components:
    1. Use of https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks for components
    2. Use of https://gitlab.com/gitlab-com/gl-infra/common-template-copier for project templates
    3. Strong policy enforcement using checkov, conftest and other tools.
    4. Use of Metrics Catalog for Observability

Problem Statement

Teams currently lack clear guidance on how to introduce new infrastructure components to GitLab.com in a way that:

  • Ensures strong component ownership
  • Maximizes reusability across different GitLab deployment models
  • Maintains consistent quality and security standards
  • Reduces operational burden on infrastructure teams

Proposed Solution

Create a comprehensive handbook page documenting a four-stage process (Engagement, Development, Integration, Maintenance) that:

  1. Extends the current production readiness process with stronger architectural opinions
  2. Emphasizes component reusability across GitLab Dedicated, FedRAMP, and future Self-Managed deployments
  3. Promotes team ownership through separate repositories for Helm charts and Terraform modules
  4. Automates policy enforcement via common-ci-tasks and standardized CI/CD pipelines
  5. Provides clear role definitions for Application Development Teams, Reviewers, and Integration Engineers
  6. Encourages Self-Service teams can develop, test and release components outside of the main Infrastructure Platforms projects, allowing a stronger sense of ownership, faster iteration, quicker feedback, and smaller, simpler sandbox environments.

Benefits

  • Faster time to production through clear process and automated guardrails
  • Less surprises through automated enforcement of policies
  • Higher quality components via built-in testing and policy enforcement
  • Reduced infrastructure team burden by empowering application teams
  • Future-proof architecture supporting multiple deployment models
  • Consistent standards across all GitLab.com components

Component_Ownership_Model

Related to #460

Related to #464

cc @rnienaber @swiskow @reprazent @stejacks-gitlab @donnaalexandra @fforster @abrandl @igorwwwwwwwwwwwwwwwwwwww @jarv @sabrams @WarheadsSE @mbruemmer

Edited by Andrew Newdigate
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information