Move Kubernetes from service to Cluster page

Description

With %10.1 we have a CI/CD > Cluster page where we can create and see the Kubernetes cluster automatically created by the GKE integration.

We want to be able to specify manual parameters for an existing Kubernetes cluster, from the same page. This is exactly what we actually have in the Kubernetes integration page, so we can start by moving it in the Cluster page.

Proposal

We want to move the existing Kubernetes integration page in the new CI/CD > Cluster page.

When creating a cluster, the Kubernetes integration parameters are automatically filled in, so they override the existing ones. If you then change them, "auto" cluster will no longer be connected with GitLab, so we should make it clear to the user.

We have a Kubernetes service integration, which lets a user provide credentials for a k8s cluster to a project. We have an issue elsewhere to provide this at a group level. We even have an issue to create a Kubernetes cluster on GKE for GitLab group. But perhaps it's time to promote our Kubernetes integration from being just another *service*, to being first-class.

For example, we could have a page under CI/CD at the group level to list your clusters, and add new ones. When adding a new one, you could provide the credentials to an existing cluster, or create a new one on GKE. If you create multiple clusters, they'll be shown in a list.

Each cluster could have an environment (or wildcard pattern) to be accessible on. e.g. there could be a production cluster for production[/*], and a dev cluster * (the rest). Projects could override which clusters they use (perhaps using the existing service, or a new clusters page there). Perhaps as an admin, I'd be able to see which projects are making using of which clusters. Perhaps as an admin I'd be able to assign clusters to specific projects, although we have no precedence for this kind of control. (Project-specific runners are assigned at the project-level regardless of group, for example).

For each cluster, we could make it easy to install runners, Prometheus, NGINX ingress, Helm tiller, etc. Everything you need to use Auto DevOps. Ideally with one click, but possibly a la carte. We should show the status of each of these services, and let you upgrade them easily as well. Or have them optionally auto-updated.

For each cluster, we could make it easy to monitor the cluster, see when the cluster needs to be scaled, and provide an easy way to scale it (if it was created on GKE).

There may be other admin functions as well. Perhaps we need to be able to clean up orphaned pods (although I'd rather that just not happen). I don't exactly want to replace the Kubernetes dashboard, but I do want to make it so that it's unnecessary to use the k8s dashboard, except for rare circumstances.

To do this right, we really should use the master creds to create secrets for each projects/environment rather than sharing the same creds. But as a first iteration, we can share the creds.

Proposal

• Add Clusters menu at the group, personal namespace, and project levels.
• Show list of clusters (with great no-data graphic).
• When looking at a project, I should be able to see group clusters too
• Ideally when looking at a group, I can see all the project clusters (that I have access to).
• Button to add existing k8s cluster credentials.
• Button to create cluster on GKE (via OAuth). (Or single dialog with both choices.)
• For either existing or new cluster, provide an environment pattern for each cluster, much like environment-specific variables
• Cluster variables will only be sent to deploy jobs with matching environments
• If there are multiple clusters that match a given environment, the most-specific one wins. e.g. production/eu wins over production/*
• Indicate if a cluster is attached to protected environment(s). Restrict access appropriately. (Don't let Devs see details or create/edit them. Seeing the existence of them is OK.)
• For either existing or new cluster offer to:
  • Install Helm tiller (but required for all the following options): #36629 (closed)
  • Install NGINX-ingress with Let's Encrypt
  • Install Runner: #32831 (closed)
  • Install Prometheus: #28916 (closed)
• Declare base domain(s) for ingress on cluster (needed by Auto Deploy)
• For GKE, allow automatically configuring Google DNS for base domain to ingress IP
• Hopefully we don't need to worry about "protected clusters" if we have "protected environments". Clusters attached to protected environments will automatically be protected. This may be more complicated if we let Developers view/edit cluster information.

Questions

• Should we have this available for personal namespaces as well?
• Proposal only includes group-level, does that mean we won't let people create clusters at the project level anymore? I suspect we'll still need to, so we can either leave the existing service integration, or make a Clusters menu at the project level as well.
• If we offer Clusters at both group and project level, we should have visibility across both. i.e. when looking at a project, I should be able to see group clusters too, and ideally when looking at a group, I can see all the project clusters (that I have access to).
• Should we provide DNS for them? e.g. *.$USER_OR_GROUP_PATH_SLUG.gitlab-apps.com Then providing their own DNS would be an option, but not required.

Design

Selecting a method

When a user (with Master permissions) first visits the Cluster integration page, they are asked how they would like to set up Cluster integration in their project.

Choosing GKE

Once the user chooses an option, the UI for the next step is loaded. As discussed with @filipa, it's better to do this inline, but it's okay to requiere a page redirect.

A dropdown at the top of the page still lets the user change the creation method

If the user has not logged in with Google yet, the current message is displayed instead of the form

If OAuth login has not been set up, we show the same message that we show in the current iteration

Once log in succeeds, we show the user the form asking for the GKE cluster details

Sign in	GKE form

Choosing existing cluster

If the user chooses to use an existing cluster, the current Kubernetes form is shown.

In this form, the confirmation button says Add cluster instead of Create

View page

Since we are adding more information and options to the view page, we need to be able to expand and collapse the different sections so the user is not overwhelmed. We can use the same model that we have for the Project Settings page.

The default state of this page is the same for GKE and existing clusters

The Enable cluster integration section should not be collapsible, since it is important to be able to determine that information at a glance.

The Applications section (to be introduced with #38464 (closed)), will not be collapsible either because we want to promote usage of this new feature.

If a cluster is created on GKE, status banners need to be shown. Since the GKE section is no longer first-level, we move the banners under the Enable cluster integration section:

Creating	Success	Error

Cluster details

This section shows the details for the cluster and allows the user to change them.

If the cluster was created through GKE, the only editable field is Project namespace.

If the cluster was added manually, all fields are editable.

The Token field should be masked for both forms.

GKE cluster	Existing cluster

Advanced settings

The last section allows the user to remove cluster integration.

If the cluster was created on Google, there's also a sub-section with a link to GKE for managing the cluster.

GKE cluster	Existing cluster

Users without permissions

Users with permissions less than Master simply do not see the Cluster option in the navigation. If they navigate to one of the pages via URL they should see a 404.

Links / references

• Monitoring of GKE cluster: https://gitlab.com/gitlab-org/gitlab-ce/issues/27890

Documentation blurb

Overview

What is it? Why should someone use this feature? What is the underlying (business) problem? How do you use this feature?

Use cases

Who is this for? Provide one or more use cases.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

• Feature assurance
• Documentation
• Added to features.yml

/cc @dimitrieh @bikebilly @ayufan

changed the description

First class interface to Tiller.

Use Tiller to install Runner, Prometheus, NGINX Ingress.

Use Tiller for rollbacks? Variables?

marked this issue as related to #32638 (moved)

Installing a runner should be optional since people may want to use the instances shared runners, but still want to deploy to their own cluster. I wonder if there's any reason to make Prometheus optional though. Maybe because they have their own way of maintaining Prometheus, perhaps even a Prometheus instance per namespace or project. Or I suppose they might not want Prometheus at all; they have some other way of monitoring apps and don't care about our monitoring integration. Likewise with NGINX, they could have their own preferred ingress solution. But we should make it easy to stick with our defaults, while letting people do something custom.

I'm against using Tiller for rollbacks currently, as it's a lot more complicated (and somewhat more limited) than our current mechanism. Tiller's rollback mechanism treats variables differently than GitLab. Not better or worse; just different.

We should use Helm to install all of our components, so Helm tiller will be required if we install anything at all. This might conflict a bit with how we're using Tiller for Auto Deploy, where it installs tiller into each namespace rather than relying on a single Tiller instance. Perhaps we can detect Tiller in the main kube-system first? There are complications, such as tiller versions (we might inadvertently upgrade someone's global Tiller when they didn't want it upgraded).

marked this issue as related to #32638 (moved)

marked this issue as related to #35712 (closed)

mentioned in issue #35712 (closed)

changed the description

marked this issue as related to #27888 (closed)

marked this issue as related to #27890 (closed)

For all the optional pieces (runner, prometheus, etc.) I suggest we could start by installing them all without a choice and add the option to disable later. I expect the majority of people experimenting with this would be using test clusters. We would need messaging that made this clear though, so nobody does something unexpected to a production cluster.

mentioned in issue #27888 (closed)

Updated description with:

For either existing or new cluster, offer to:

• Install Helm tiller (but required for all the following options)
• Install NGINX-ingress with Let's Encrypt
• Install Runner: #32831 (closed)
• Install Prometheus: #28916 (closed)

and:

Should we provide DNS for them? e.g. *.$USER_OR_GROUP_PATH_SLUG.gitlab-apps.com Then providing their own DNS would be an option, but not required.

marked this issue as related to #27322 (closed)

mentioned in issue #35956 (closed)

marked this issue as related to #35956 (closed)

changed the description

Added questions:

• Should we have this available for personal namespaces as well?

• Proposal only includes group-level, does that mean we won't let people create clusters at the project level anymore? I suspect we'll still need to, so we can either leave the existing service integration, or make a Clusters menu at the project level as well.

• If we offer Clusters at both group and project level, we should have visibility across both. i.e. when looking at a project, I should be able to see group clusters too, and ideally when looking at a group, I can see all the project clusters (that I have access to).

I suspect this issue will obviate:

• Multiple cluster support: https://gitlab.com/gitlab-org/gitlab-ce/issues/27322

• Group-level Kubernetes: https://gitlab.com/gitlab-org/gitlab-ce/issues/34758

It's not explicitly called out (yet), but having a Clusters menu and only having one cluster in it is kind of silly.

If there are multiple clusters, how do we present this information to CI/CD jobs? My suggestion, which I'm not sure why isn't captured here yet, is to provide an environment pattern for each cluster, much like environment-specific variables. The trick though is only one cluster can be exposed to each job, as there's only one set of variables. Perhaps there's another way to solve this though, such as providing a variable with a list of clusters, then separate sets of variables based on the cluster name, but I'm not sure we really need to support multiple clusters per job. If you're deploying to multiple places, use separate jobs (and separate environment declarations).

Lastly, is there a need to access k8s outside of a deployment? Because right now, only deploy jobs declare environments, so for other jobs, we wouldn't know which creds to send (if there are multiple). I'd like to start by only making cluster creds available to deploy jobs and see if it's a problem.

changed milestone to %10.2

@dimitrieh Would love your thoughts on this upcoming issue.

Hopefully we don't need to worry about "protected clusters" if we have "protected environments". Clusters attached to protected environments will automatically be protected. This may be more complicated if we let Developers view/edit cluster information. Or if there isn't an exact match between the environment patterns. Imagining a cluster for *, and a protected environment of production. Should developers then have access to the * cluster? Yeah, they probably should. But if there's a protected environment of production/*, then the production/eu cluster should not be accessible to Developers. While this relationship might be effective, it might not be obvious/intuitive. Maybe we should add some UI element to let people know that a cluster if effectively protected, or attached to an protected branch, and maybe when writing the env pattern, show an indication in the form that it is protected. Then lastly, should a Developer be able to create a cluster attached to a protected environment? Probably not. You don't want a Developer being able to make a more specific cluster, say for production/eu/1 that then steals some other cred.

changed the description

@ayufan I've added a lot of complexity to the proposal. If it's too much, we can consider breaking this up into multiple milestone issues. But perhaps if we get mockups from @dimitrieh and work out all the complications early, we can set ourselves for getting it all done in a single release. /cc @grzesiek @filipa

This should actually be 10.3, but we don't have that milestone yet.

changed milestone to %10.3

The ~Prometheus team is planning to achieve the automatic deployment of Prometheus into a k8s cluster in 10.0 or 10.1. (Stretch in 10.0 https://gitlab.com/gitlab-org/gitlab-ce/issues/28916)

Our plan is to go ahead and put this on the Prometheus page, but are considering also adding it to the current K8s page as well. Do we expect a lot of churn on the k8s page leading up to 10.3?

mentioned in issue #36629 (closed)

changed the description

Opened an issue for Helm Tiller installation: https://gitlab.com/gitlab-org/gitlab-ce/issues/36629

marked this issue as related to #36629 (closed)

mentioned in issue #28916 (closed)

@dimitrieh brought up a good question "What about selecting an already existent gke cluster?"

We can already connect to an existing cluster using the k8s creds, but with OAuth, it might be more convenient to select an existing cluster from your GKE account rather than copying/pasting k8s creds.

mentioned in issue #35954 (closed)

mentioned in issue #27322 (closed)

@markpundsack I agree. Let's work on the mockups first and iterate on them. It's easier to understand how big and complex it will be :)

changed title from Move Kubernetes from service to page to Move Kubernetes from service to Clusters page

mentioned in issue #34758 (closed)

@cperessini since we already have some mockup about this issue in https://gitlab.com/gitlab-org/gitlab-ce/issues/35954, but we cut and changed a lot there, could you please work on something in this issue?

I'd like to see it in a single page, where auto-created clusters and custom defined ones can live in the same page.

Consider, as a long-term possible vision of the direction, that if and when we will support multiple clusters (https://gitlab.com/gitlab-org/gitlab-ce/issues/27322), having both GKE and manual clusters in the same page will make it easier to implement.

changed milestone to %10.2

A lot of UX was already done as part of https://gitlab.com/gitlab-org/gitlab-ce/issues/35954. More detail: https://gitlab.com/gitlab-org/gitlab-ce/issues/35954#note_41155066

changed milestone to %10.3