Skip to content

Add endpoint to deploy web terminal pod to agent's namespace

Problem to solve

We need to set up a deployment of the container designed in #418261 (moved), as well as a namespace, service account, and RBAC rules allowing the pod to access the given k8s cluster.

Proposal

KAS will be responsible for deploying the web terminal to a K8s cluster. See Add KAS Endpoint to deploy a web terminal pod (gitlab-org/cluster-integration/gitlab-agent#479), which introduces a new gRPC endpoint. Rails will then call the KAS gRPC endpoint through the kas-grpc gem, which would be updated as part of the work in KAS.

Add a GraphQL mutation that will call the KAS endpoint that deploys the web terminal to a K8s cluster.

  1. Add a new table to keep a record of the deployed web terminals, ie: cluster_agent_web_terminals with fields:

    • agent_id
    • namespace
    • pod_name
    • timestamps

  2. Upgrade the kas-grpc gem

  3. Introduce a new service (e.g.: KAS::WebTerminal::Deploy) that will make use of the new "deploy web terminal" module in kas-grpc. The arguments to the kas-grpc module are:

    • web terminal image - The image tag should match GitLab's MAJOR and MINOR versions in the following pattern: vMAJOR.MINOR. Example argument: registry.gitlab.com/gitlab-org/cluster-integration/shell-image:v16.4.0
    • agent_id

    KAS optionally accepts a service_account argument. We can leave this blank for now.

  4. In KAS::WebTerminal::Deploy, make sure to record the deployed web terminal details in the cluster_agent_web_terminals table. This will be referenced later in the workflow to delete the web terminal pod.

  5. Add a GraphQL mutation (e.g.: Mutations::KAS::WebTerminal::Deploy) that will call the newly-introduced service

    The GraphQL mutation can be called like:

    mutation { 
  webTerminalDeploy(input: {agentId: "gid://gitlab/Clusters::Agent/1") {
    errors 
    webTerminal { 
      namespace // e.g.: agent-namespace
      podName // e.g.: web-terminal-abcde
    }
  } 
}

Note: The namespace and pod are recorded for a later iteration around clean-up/deletion.

Intended users

Unknown

Feature Usage Metrics

Edited by Pam Artiaga