Skip to content

Add review apps for EE

Marin Jankovski requested to merge add-review-apps into master

What does this MR do?

Adds Review Apps to GitLab EE. This is a continuation of a MR started in: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6070

The reason why this is a continuation is that this MR sets up Review apps for gitlab-org/gitlab-ee, while previous one was setup from my personal fork.

How does it work?

  • On every pipeline during the test stage with cloud-native-image job we trigger a job in CNG repo
  • This will build images out of your current branch and also other components like gitlab-shell and gitaly
  • Once all tests passed and images were built, review app will be deployed to the k8s cluster
  • k8s cluster is connected to the project and the CI configuration is using parts of autodevops configuration
  • Apps get deployed using the new GitLab helm charts with the previously created images override. This means you get the environment from your branch very close to what it would look in production
  • The cleanup can be done in the post-cleanup step

Questions to be answered before merge!

  • Will it be too much to trigger CNG image builds on every test run? This could create thousands of unused docker images. Answer: We have to start somewhere and improve later. If we see this getting out of hand, we will revisit.
  • The .gitlab-ci.yaml configuration, autodevops section has been selective copy paste to make the review apps work. How can we make that maintainable going further. Answer: Cleaned up the copy-paste and we have a separate file that we load using our new shiny include feature.
  • How do we ensure cleanup happens, we can't have hundreds environments just staying around? Answer: Apparently this is done automatically by GitLab when MR is merged! 🎉
  • How big of a k8s cluster do we need to get this performant? Answer: Starting off with a 3 node cluster, we can adapt as needed.
  • How do we secure this from abuse? Apps are open to the world so we need to find a way to limit it to only us. Answer: This won't work for forks. We will add a root password to 1password shared vault.

Regardless of this, I think we should cleanup this MR and setup review apps as soon as possible.

The amount of lost productivity is way more expensive than what we are going to pay with having review apps enabled.

Edited by Marin Jankovski

Merge request reports