Customize Kubernetes namespace per environment
Problem to solve
With #52494 we will create a namespace per environment, however, namespace naming occurs automatically and users cannot specify custom names for their namespaces.
When user brings GitLab into the picture into an existing Kubernetes shop, there will be existing namespaces where user may want to deploy to. Currently, it is not possible to define the environment-to-existing-namespace-mapping
Mechanism to allow users to specify custom namespace per environment.
User is able to provide a namespace for each environment by extending the
environment keyword in
gitlab-ci.yml as follows:
Add an extension to the
environment: keyword in gitlab-ci.yml instead:
environment: name: production kubernetes: namespace: "<name>"
The user can also define a dynamic environment (e.g. for review apps)
environment: name: review/$CI_COMMIT_REF_NAME kubernetes: namespace: review-app-$CI_COMMIT_REF_NAME
We will still have the drawback of this being ignored for managed clusters (for now)
Fail the job if the cluster chosen is managed.
Because environments are independent from clusters, when a job is started the environment tries to figure out whether there is a matching cluster for it. So there is no way for us to know when you're on the environment page whether or the cluster used will be
unmanaged. An environment could also change from being on 1 cluster to another at any time.
To solve for this the only viable option is to always allow editing this Kubernetes namespace per environment (regardless of GitLab-managed cluster) and we fail that job if it's a
Permissions and Security
The option would only be available for project maintainers and owners.
Anyone who has the ability to commit
.gitlab-ci.yml for the project.
Only applicable for un-managed clusters.
For managed clusters, the GitLab will fail the job. The failure message appears in the job log:
Job failed: Custom namespace cannot be explicitly defined for GitLab managed clusters
Managed cluster support will be added in #38054 (closed)