Enable flag group_authorized_agents by default
What does this MR do and why?
The feature flag being enabled by default makes it possible to share access to a Kubernetes Agent's CI/CD tunnel with projects other than the Kubernetes Agent's configuration project. By default, only the Kubernetes Agent's configuration project has CI/CD access.
Screenshots or screen recordings
KUBECONFIG
injection works by default:
How to set up and validate locally
-
GDK needs a runner attached, and the
gitlab-k8s-agent
enabled -
Delete any residual
group_authorized_agents
configuration:Feature.remove(:group_authorized_agents)
-
Verify that
::Feature.enabled?(:group_authorized_agents, default_enabled: :yaml)
istrue
-
Add an agent with configuration project
gitlab-agent-testing/config
with the following configuration:# config/.gitlab/agents/first/config.yaml ci_access: projects: - id: gitlab-agent-testing/ci-project # <-- We will run CI/CD in here access_as: agent: {}
-
In a separate project,
gitlab-agent-testing/ci-project
, add the following.gitlab-ci.yml
:# .gitlab-ci.yml test: image: registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/3.6.3-kube-1.17.17-alpine-3.14 script: - kubectl config get-contexts
-
View the job logs for the
test
job
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.