Customize k8s namespace per environment for managed clusters
Release notes
In order to help with various setups around Kubernetes namespaces, users of GitLab Managed Clusters can choose between two namespace handling policies around deployments. While users of non GitLab Managed Clusters had the possibility to use custom namespaces in deployments for a long time, a similar feature was missing for GitLab Managed Clusters. Considering the security aspects of custom namespaces, we are currently offering two approaches to namespace management with GitLab Managed Clusters.
The namespace management policy can be chosen at cluster creation time. The two options are to use a single namespace per project or a single namespace per environment.
https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html
Problem to solve
As a Software Developer, I want easily find the version I've just deployed as a review app, so that I can administer/debug/manage it.
As a Platform Operator, I want to easily identify the role and owner of various namespaces, so that I can administer/manage them appropriately.
Previously GitLab had 1 namespace per project, and review apps were deployed inside. Currently, we provide 1 namespace per environment. This results in the proliferation of namespaces. The namespace names are not descriptive for our users and are often left behind (in the case of review apps).
The generic request is to provide fully customizable namespace names. This is currently not possible with GitLab managed clusters. A more restrictive solution is to provide support to the two naming schemes that GitLab actually supports.
Proposed solution
In the k8s cluster creation/import page, we could choose with an radio button, between 2 modes of namespaces:
- naming as we have today, (1 namespace per environment)
- naming you had before (1 namespace per project)
Currently, we would not add support for "custom" namespaces via environment:kubernetes:namespace
. We could implement this in a later step.
This setting can not be changed later. We should document the benefits and shortcomings of both settings to help making a decision. We should measure usage to drive future decisions.
Concerns
By allowing users to disable namespace_per_environment
, we undermine Protected Environments, as the anything stored in the namespace would be available to all environments.
This should be clearly stated on the setting, if exposed.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.