Allow switching from GitLab-managed to unmanaged clusters
Problem to solve
If a user has created a Gitlab-managed cluster (or has a cluster that was created before https://gitlab.com/gitlab-org/gitlab-ce/issues/56557 was implemented, which means Gitlab-managed by default), there is no way for them to switch to an unmanaged cluster.
We want to fail deployment jobs for Gitlab-managed clusters if we are unable to create the service account and namespace, so that we can show a useful error message in the context of that job (https://gitlab.com/gitlab-org/gitlab-ce/issues/57115 and https://gitlab.com/gitlab-org/gitlab-ce/issues/54506). However this will cause jobs to fail for clusters created before https://gitlab.com/gitlab-org/gitlab-ce/issues/56557 that users have been managing themselves (https://gitlab.com/gitlab-org/gitlab-ce/issues/60480).
Providing a way to transition from GitLab-managed to unmanaged will allow users to fix their clusters that GitLab thinks are managed, but aren't.
Unknown details
- Is the reverse also required/feasible? (unmanaged -> GitLab-managed) edit: Yes.
- What happens to the namespace and service account GitLab has already created? edit: For now it will be left orphaned and ignored. To be improved in https://gitlab.com/gitlab-org/gitlab-ce/issues/57890
- Is there a way we can migrate these clusters so the user doesn't need to? How do we know which clusters are in fact unmanaged? edit: Yes - https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29251
What does success look like, and how can we measure that?
All Gitlab-managed clusters can make use of JIT resource creation (which fails a job if unsuccessful)