Ability to add GKE Private Cluster with Private Endpoints
Hi. While the Gitlab Kubernetes integration is great, it requires access to public endpoint of the Master.
It would be great if it was possible to handle this without exposing the cluster endpoint publicly (GKE Private clusters with Private endpoints) since this is the most secure option of all.
For instance, Gitlab runner works even in private clusters because I it uses a pull approach or polls for data. Maybe a similar approach can be used for Gitlab-GKE integration as well.
I know it will be a lot of work, but there are only 2 other options I can see.
-
Host Gitlab in the same cluster as the other workloads - Not advisable for me since I use Gitlab.com for everything
-
Make the master endpoint public - Not advisable from a security standpoint.
Kindly consider this for future iterations. Currently, I am opening up the master endpoint just to support this integration. Wish it was possible.
Or maybe, since I connect to the cluster using a Bastion, is there a way in which Gitlab can also tunnel through the bastion? That would also be great where Bastion will be publicly accessible and the K8 API will be private to the bastion.