Configurable Kubernetes namespace/svc account creation
Allow people to use old Kubernetes Integration behaviour (where they control their own service accounts)
Problem to solve
A lot of users don't want us to create service accounts and manage namespaces for them when using the Kubernetes integration. It is causing problems for lots of people. See:
- https://gitlab.com/gitlab-org/gitlab-ce/issues/55933#note_130936015
- https://gitlab.com/gitlab-org/gitlab-ee/issues/8897#note_132867481
Target audience
Developers, Operators
Further details
Proposal
Allow users to change a setting so that we just pass through the same cluster credentials without creating a namespace or service account.
At cluster creation time offer two options:
-
Allow GitLab to manage namespace and service accounts for this cluster
- A dedicated namespace and service account will be created for each project. These will be isolated from each other.
-
I will manage cluster credentials, namespaces, and service accounts manually
- Cluster credentials provided at create time will be used cluster-wide, no namespaces or service accounts will be created.
NOTES
- This should not be supported when editing a cluster. Only on creation.
- Docs will need two separate sections
Creation
- On creation, a user can choose whether their cluster is managed by GitLab or not.
Proposed copy:
[x] GitLab-managed cluster
Allow GitLab to manage namespace and service accounts for this cluster. More information
Cluster settings
- A user can see whether GitLab is managing their cluster within the cluster settings but this setting is disabled and not editable by the user.
Documentation
-
Add documentation related to this setting. This should include what it means for GitLab to manage namespace and service accounts. It should also include copy regarding Auto DevOps and the fact that we will create a namespace when using ADO if one does not already exist. We should also document that a namespace is still created for installed applications,
gitlab-managed-apps