Update workspaces config to apply when shared_namespace is set (!189441) · Merge requests · GitLab.org / GitLab

Issues:

What does this MR do and why?

Update workspaces config to apply when shared_namespace is set

When shared namespace is set in the associated agent config,

Use explicily pod selectors to target the workspace pods for network policy
Do not generate resource quota as it applies to an entire namespace

The model validations as specified in Rails: Do not generate ResourceQuota when using... (#535150 - closed) will be done is a separate MR.

References

Screenshots or screen recordings

N.A.

How to set up and validate locally

Pull the latest changes for the GitLab Agent for Kubernetes codebase. Specifically Shared namespace support (gitlab-org/cluster-integration/gitlab-agent!2351 - merged) .
Update agent configuration to set shared_namespace: default.
Create workspace.
Verify the no resource quota was generated in kubernetes for this workspace - kubectl get resourcequota -n default.
Verify the the pod label selectors are specified in the network policy that was generated in kubernetes for this workspace - kubectl get networkpolicy -n default -o yaml.
Delete workspace.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Apr 29, 2025 by Vishal Tak