Track which deployment job uses which agent and deploy to which namespace
Description
This issue is to implement https://docs.gitlab.com/ee/architecture/blueprints/gitlab_agent_deployments/#associate-environment-with-agent.
Task
As a preliminary step, we allow users to explicitly define "which deployment job" uses "which agent" and deploy to "which namespace". The following keywords are supported in .gitlab-ci.yml
.
-
environment:kubernetes:agent
... Define which agent the deployment job uses. It can select the appropriate context from theKUBE_CONFIG
. -
environment:kubernetes:namespace
... Define which namespace the deployment job deploys to. It injectsKUBE_NAMESPACE
predefined variable into the job. This keyword already exists.
Here is an example of .gitlab-ci.yml
.
deploy-production:
environment:
name: production
kubernetes:
agent: path/to/agent/repository:agent-name
namespace: default
script:
- helm --context="$KUBE_CONTEXT" --namespace="$KUBE_NAMESPACE" upgrade --install
When a deployment job is created, GitLab persists the relationship of specified agent, namespace and deployment job. If the CI job is NOT authorized to access the agent (Please refer Clusters::Agents::FilterAuthorizationsService
for more details), this relationship aren't recorded. This process happens in Deployments::CreateForBuildService
. The database table scheme is:
agent_deployments:
- deployment_id (bigint/FK/NOT NULL/Unique)
- agent_id (bigint/FK/NOT NULL)
- kubernetes_namespace (character varying(255)/NOT NULL)
To idenfity an associated agent for a specific environment, environment.last_deployment.agent
can be used in Rails.