PoC for Cell 1.0
Overview
With the proposal for Cells 1.0 we would like to do a small PoC built on top of the rules router PoC so that we test basic GitLab functionality and see if things work as expected.
The PoC is limited, it should not care about any uniqueness like user, project, group. The only uniqness is the IDs, we can bump all IDs in cell 2 by 1M.
We've discussed this in sync in
Results
Complexity of Cell 1.0 Proposal
The proposal as it exists right now in !139519 (merged) is achievable and gives us the share-nothing model that we want for all of the GitLab stack. There are nor major hurdles from a technical perspective to achieve this goal, and from our PoC we saw that it's possible.
secret-based
routing
Usage of Using secret-based routing will get us 80% of the way there, we are still going to need classification for things like git basic auth, and SSH. This complicates it a little bit and will require us to extract a cluster-wide service (global service) in Cell 1.0 so that we can classify routes accordingly. We'll be testing this in #438662 (closed)
Action Items
-
GitLab Cell 1 accessible cell-1.steveazz.xyz
-
GitLab Cell 2 accessible cell-2.steveazz.xyz
-
Router accessible gitlab.steveazz.xyz
-
Fix Host
header issue👉 #437818 (comment 1723352223) -
Router to be able to "pin" to a specific Cell 👉 #437818 (comment 1727374916) -
Have _gitlab_session
generated with a configurable (via env vars) prefix👉 #437818 (comment 1723591729)- Before:
_gitlab_session=e33771b6100b734ea3d68ace2843ef2c
(session not valid) - After:
_gitlab_session=$PREFIXe33771b6100b734ea3d68ace2843ef2c
- Before:
-
Have GitLab Tokens (PAT, Job Token, Runner Token) generated with a configurable (via env vars) prefix 👉 #437818 (comment 1721607526)- Before:
glpat-jJeRqmW.....
(token not valid) - After:
glpat-$PREFIXjJeRqmW.....
- Before:
-
Support private token routing 👉 #437818 (comment 1728681627) -
Support job token routing 👉 #437818 (comment 1729151436) -
Support runner token routing 👉 #437818 (comment 1729033312)
Reference
- Cell 1: https://cell-1.steveazz.xyz/
- Username: root
- Password: #437818 (comment 1727729082)
- SSH:
gcloud --project eng-core-tenant-poc-bbc34148 compute ssh cell-1
- Run
sudo su - steve
to log in and find the GDK root and load profile (/home/steve/gitlab-development-kit
)
- Run
- Cell 2: https://cell-2.steveazz.xyz/
- Username: cell_2_root
- Password: #437818 (comment 1727729082)
- SSH:
gcloud --project eng-core-tenant-poc-bbc34148 compute ssh cell-1
- Run
sudo su - steve
to log in and find the GDK root and load profile (/home/steve/gitlab-development-kit
)
- Run
- GitLab Router: https://gitlab.steveazz.xyz/
Specific Patches
To make the PoC work we had to apply the following patches:
-
gitlab-runner
👉 #437818 (comment 1729033312) -
rails
👉 !141495 (closed)
Known Broken Features
- WebIDE
👉 #437818 (comment 1729076408) -
git clone
for GitLab Runner👉 #437818 (comment 1729151436)
Testing Plan
- Go to
gitlab.steveazz.xyz
- Log into cell 1
- Create Project
- Create PAT
- Send API requests to
gitlab.steveazz.xyz
with cell 1 PAT - Log into cell 2
- Create Project
- Create PAT
- Send API requests to
gitlab.steveazz.xyz
with cell 2 PAT