Allow specification of namespace to install GitLab-managed-apps

Problem to solve

Some users do not have access to cluster-admin credentials as they are provided a dedicated namespace for their project by their Ops team. They can do whatever they want in the namespace only. These users are not able to deploy GitLab-managed-apps and therefore opt not to use the Kubernetes integration.

Intended users

Developers, operators

Further details

Proposal

We should ideally offer both cluster-admin and non-cluster-admin option for users to use the integration. The non-cluster-admin option may require deploying all applications into the project-specific namespace.

1. Provide an option for users to deploy applications cluster-wide (today) or to a custom namespace. When visiting the GitLab-managed-apps page, offer the option to specify a namespace for deployment of the helm charts (this would exclude Knative and Cert-manager, which require cluster-wide deployment).
2. If cluster-wide, nginx ingress will watch for Ingress resources cluster wide.
3. If namespace-scoped, nginx ingress will only watch for Ingress resources in that namespace
4. Do not allow Knative installation if not cluster-wide
5. Do not allow Cert manager installation if not cluster-wide

If users provides credentials that are limited to a single namespace, this would ensure they can deploy apps (limited) at whichever level the cluster is provisioned.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Links / references