Move from shared reproduction environments (gitlab-gold) to personal ones
Request for comments
Need
We've had a number of issues with gitlab-gold
recently.
- token challenges
- CI minute challenges
- storage challenges
For our other reproduction environments we've moved away from shared spaces to individual spaces, and I think we may be at the point where it's time to do that for SaaS as well.
Approach
Three potential approaches:
- Beg Jeff/Vlad to add self-provisioning of SaaS namespaces to Cloud Sandbox.
- Add pre-provisioned namespaces to baseline entitlements.
- Ops tooling to spin up environments per ticket as required.
Benefit
- Segmenting to individuals means that those namespaces can be deleted as a part of offboarding: no secret perpetual access (intended or not) for personal/test accounts invited as part of reproduction.
- Containment of data.
- Containment of problems: if an individual namespace runs out of CI minutes, it doesn't bring down testing for everyone.
Competition / Alternatives
No real alternatives at this point: we have to do something!