Enable RBAC for apps deployed to cluster pre-RBAC support

Description

Provide an easy way to add RBAC to an existing cluster for users who added a k8s cluster(s) via GitLab prior to us adding RBAC support https://gitlab.com/gitlab-org/gitlab-ce/issues/29398

Proposal

On the clusters page, provide an easy way to enable RBAC for existing clusters.

Then similar to gitlab-ce#29398 consider the following:

• • Once we confirm RBAC is enabled, create cluster-wide access roles for Helm Tiller

    • Enable mutual TLS authentication for Tiller, with only GitLab having the private key. This will mitigate to a large degree the huge security hole we create * above with Tiller having cluster-wide access.

    • For all GitLab managed apps, enable RBAC role creation based on their helm chart settings.

• Restrict tiller to GitLab managed apps in the configured namespace

• Provide apps read access outside the namespace (if not provided by default)

Links / references