Specify "Cluster management project" for a Kubernetes cluster
Problem to solve
In order to successfully configure clusters (e.g. installing cluster applications), a CI job needs to have cluster-admin
privileges.
A cluster administrator will like to have a version-controlled repository to keep files related to that cluster. However they would like all other projects to continue to have edit
privileges.
Intended users
See #7983 (closed)
Proposal
- On the cluster page, user selects which project can administer this cluster.
- The project will define a
.gitlab-ci.yml
usingenvironment:
as usual. - We alter the hierarchy of clusters now to:
- Cluster management project for the cluster is this project, if scope matches
- Project-level cluster, if scope matches
- Group-level cluster, if scope matches
- Instance-level cluster, if scope matches
- The job of a project connected to a cluster management will receive
cluster-admin
credentials (TBC: if it's a separate account or not)
Update API as well to allow cluster to associate this cluster as well.
Permissions and Security
Documentation
TBC
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
See also https://docs.gitlab.com/ee/user/admin_area/settings/instance_template_repository.html