Feedback issue: running multiple agents in a single cluster
Goal
This issue is to collect feedback from users running multiple agentk
instances within a single cluster.
At GitLab, we recommend running a single agent per cluster, and use the various impersonation features offered by the agent for multi-tenant setups. At the same time, we acknowledge that there might be valid use cases that we currently do not support, and as a result require multiple agents to run in parallel within a cluster. We would like to learn more about these use cases, so we can provide a solution with a single agent.
Note: the impersonation features require a Premium license.
Enablers of a single agent
The agent for Kubernetes offering has several features that aim to support multi-tenant usage:
- sharing an agent connection in GitLab pipelines across projects and groups
- sharing an agent connection in the GitLab UI across projects and groups
- impersonating a CI job with rich group bindings for targeted RBAC configuration
- impersonating a GitLab user with rich group bindings for targeted RBAC configuration
Why a single agent
Why GitLab recommends a single agent (a non-exhaustive list):
- easier to maintain and upgrade
- easier to keep track of tokens and rotate them regularly
- overall lower resource requirements
What to do
If you ended up running multiple agent installations in a single cluster, please, provide your use case or upvote the linked issues, so we can better prioritise related work.