Skip to content

Validate k8s credentials provided at cluster creation

Problem to solve

Right now a user can add invalid cluster credentials and the cluster creation succeeds when adding an existing cluster. It is not until either they run CI OR until they try to install helm that they notice an issue.

Target audience

Operators/Developers

Further details

Common examples of problems:

  1. The token given is not a cluster-admin so we therefore will end up failing to create the service account for CI (see https://gitlab.com/gitlab-org/gitlab-ce/issues/54506)
  2. The credentials given are invalid in some way (copy paste error or copied from the wrong place)
  3. The cluster is not reachable from GitLab possibly due to networking issues

Proposal

API URL: Cannot reach

If the cluster API is not reachable, we warn the user on the cluster page.

Screen_Shot_2019-04-08_at_11.14.42_AM

Token: Cannot create server account

When a token does not have cluster-admin privileges and the cluster is a GitLab-managed cluster. This warning should not display if the user has de-selected GitLab-managed cluster.

Screen_Shot_2019-04-08_at_11.19.44_AM

Token/CA Cert: Cannot authenticate

Screen_Shot_2019-04-08_at_2.52.59_PM

If there are multiple warnings, the warnings will stack. The alerts are dismissible.

What does success look like, and how can we measure that?

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by 🤖 GitLab Bot 🤖