Skip to content
Snippets Groups Projects
Verified Commit 6c4d4f05 authored by Viktor Nagy  (GitLab)'s avatar Viktor Nagy (GitLab) :hugging: Committed by GitLab
Browse files

Merge branch 'nagyv-agent-limits' into 'master'

Increase entity limits for agent ci_access and user_access to 500

See merge request !149844



Merged-by: Viktor Nagy  (GitLab)'s avatarViktor Nagy (GitLab) <vnagy@gitlab.com>
Reviewed-by: Viktor Nagy  (GitLab)'s avatarViktor Nagy (GitLab) <vnagy@gitlab.com>
parents 76a92f5e d12ea2d3
No related branches found
No related tags found
No related merge requests found
Pipeline #1259323872 passed
Pipeline: E2E GDK

#1259331166

    Pipeline: GitLab

    #1259330699

      Pipeline: Ruby 3.1 as-if-foss

      #1259327373

        ......@@ -7,7 +7,7 @@ module CiAccess
        class RefreshService
        include Gitlab::Utils::StrongMemoize
        AUTHORIZED_ENTITY_LIMIT = 100
        AUTHORIZED_ENTITY_LIMIT = 500
        delegate :project, to: :agent, private: true
        delegate :root_ancestor, to: :project, private: true
        ......
        ......@@ -7,7 +7,7 @@ module UserAccess
        class RefreshService
        include Gitlab::Utils::StrongMemoize
        AUTHORIZED_ENTITY_LIMIT = 100
        AUTHORIZED_ENTITY_LIMIT = 500
        delegate :project, to: :agent, private: true
        delegate :root_ancestor, to: :project, private: true
        ......
        ......@@ -18,6 +18,7 @@ DETAILS:
        > - Support for Linux package installations was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5686) in GitLab 14.5.
        > - The ability to switch between certificate-based clusters and agents was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335089) in GitLab 14.9. The certificate-based cluster context is always called `gitlab-deploy`.
        > - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80508) from _CI/CD tunnel_ to _CI/CD workflow_ in GitLab 14.9.
        > - The [limit of agent connection sharing was raised](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/149844) from 100 to 500 in GitLab 17.0
        You can use GitLab CI/CD to safely connect, deploy, and update your Kubernetes clusters.
        ......@@ -80,7 +81,7 @@ To authorize the agent to access the GitLab project where you keep Kubernetes ma
        - Authorized projects must have the same root group or user namespace as the agent's configuration project.
        - You can install additional agents into the same cluster to accommodate additional hierarchies.
        - You can authorize up to 100 projects.
        - You can authorize up to 500 projects.
        All CI/CD jobs now include a `kubeconfig` file with contexts for every shared agent connection.
        The `kubeconfig` path is available in the environment variable `$KUBECONFIG`.
        ......@@ -106,7 +107,7 @@ To authorize the agent to access all of the GitLab projects in a group or subgro
        - Authorized groups must have the same root group as the agent's configuration project.
        - You can install additional agents into the same cluster to accommodate additional hierarchies.
        - All of the subgroups of an authorized group also have access to the same agent (without being specified individually).
        - You can authorize up to 100 groups.
        - You can authorize up to 500 groups.
        All the projects that belong to the group and its subgroups are now authorized to access the agent.
        All CI/CD jobs now include a `kubeconfig` file with contexts for every shared agent connection.
        ......
        ......@@ -14,6 +14,7 @@ DETAILS:
        > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/390769) in GitLab 16.1, with [flags](../../../administration/feature_flags.md) named `environment_settings_to_graphql`, `kas_user_access`, `kas_user_access_project`, and `expose_authorized_cluster_agents`. This feature is in [Beta](../../../policy/experiment-beta-support.md#beta).
        > - Feature flag `environment_settings_to_graphql` [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124177) in GitLab 16.2.
        > - Feature flags `kas_user_access`, `kas_user_access_project`, and `expose_authorized_cluster_agents` [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125835) in GitLab 16.2.
        > - The [limit of agent connection sharing was raised](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/149844) from 100 to 500 in GitLab 17.0
        As an administrator of Kubernetes clusters in an organization, you can grant Kubernetes access to members
        of a specific project or group.
        ......@@ -39,8 +40,8 @@ To configure access:
        - In the agent configuration file, define a `user_access` keyword with the following parameters:
        - `projects`: A list of projects whose members should have access.
        - `groups`: A list of groups whose members should have access.
        - `projects`: A list of projects whose members should have access. You can authorize up to 500 projects.
        - `groups`: A list of groups whose members should have access. You can authorize up to 500 projects.
        - `access_as`: Required. For plain access, the value is `{ agent: {...} }`.
        After you configure access, requests are forwarded to the API server using
        ......
        0% Loading or .
        You are about to add 0 people to the discussion. Proceed with caution.
        Finish editing this message first!
        Please register or to comment