Make Kubernetes Logs available to Developer
Problem to solve
Kubernetes Logs are currently available only for users with Maintainer role or higher according to the Project permissions matrix, which seems to be very prohibitive as it prevents developers from using using GitLab review the logs of running applications. This is critical especially for the cases when developers use GitLab to self-provision environments and need to properly test and debug Review Apps.
Intended users
User experience goal
Users should be able to access Kubernetes Pod Logs for all environments, unless it is expressly forbidden (in case of protected environments)
Proposal
Final solution could look like this (potentially split into several iterations)
- The permission requirement to access logs lowered to Developer
- For protected environments an additional setting is introduced Allowed to access logs (similar to current Allowed to deploy)
Further details
Developers can debug running applications using GitLab and enforcing Single Application principle
Permissions and Security
... see Proposal
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
/cc @dhershkovitch