Add an instance wide PaaS cluster to GitLab.com
Problem to solve
Instance wide cluster on GitLab.com will mean anybody that has a repo can easily deploy without going through the steps of creating a cluster.
Intended users
Further details
Proposal
Must have gVisor enabled.
Must have Security policies:
- Pod security policy (may not be necessary)
- Network policy: should block all traffic between namespaces
- Resource quotas: limit each namespace to only 1GB memory, 1 CPU (for example). Consider hard and soft limits.
Using some selector that reliably selects pods that go through the CRD -> Operator -> Service flow . We do not want to have to do anything every time we create a new namespace.
Permissions and Security
Documentation
What does success look like, and how can we measure that?
Links / references
Edited by Daniel Gruesso