WIP: Support Kubernetes RBAC for GitLab Managed Apps when creating new GKE clusters
What does this MR do?
See/merge MR for adding existing Kubernetes clusters first.
Enables support for users to create RBAC enabled clusters on GKE:-
- Allows users to install Helm into an RBAC cluster
- ditto with the other GitLab Managed apps.
This feature is hidden behind a feature flag.
To enable the feature flag, go to a rails console :
Feature.enable('rbac_clusters')
NOTE: Auto DevOps will not successfully complete in an RBAC-enabled cluster. This is planned to be supported at a later stage in this issue
What are the relevant issue numbers?
Closes #29398 (closed)
Development tasks
-
Create new clusters with RBAC enabled ( legacy_abac: false
)-
Create a new service account gitlab
-
Provide cluster-admin
privs to the new service account (enough privileges to the new service account in order to perform operations such as create pods, querying namespaces, creating service accounts.)
-
Manual QA
-
RBAC cluster -
Check they can install cluster applications -
Check that helper applications (tiller, ingress, etc) are still working as expected -
Provide apps read access outside the namespace (if not provided by default)
-
-
Check that ABAC clusters should still work -
Check that we can install applications into an ABAC cluster still -
Check that helper applications (tiller, ingress, etc) are still working as expected
-
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides
Closes #29398 (closed)
Edited by 🤖 GitLab Bot 🤖