Allow specification of namespace to install GitLab-managed-apps
Problem to solve
Some users do not have access to cluster-admin
credentials as they are provided a dedicated namespace for their project by their Ops team. They can do whatever they want in the namespace only. These users are not able to deploy GitLab-managed-apps and therefore opt not to use the Kubernetes integration.
Intended users
Developers, operators
Further details
Proposal
We should ideally offer both cluster-admin
and non-cluster-admin
option for users to use the integration. The non-cluster-admin
option may require deploying all applications into the project-specific namespace.
- Provide an option for users to deploy applications cluster-wide (today) or to a custom namespace. When visiting the GitLab-managed-apps page, offer the option to specify a namespace for deployment of the helm charts (this would exclude Knative and Cert-manager, which require cluster-wide deployment).
- If cluster-wide, nginx ingress will watch for
Ingress
resources cluster wide. - If namespace-scoped, nginx ingress will only watch for
Ingress
resources in that namespace - Do not allow Knative installation if not cluster-wide
- Do not allow Cert manager installation if not cluster-wide
If users provides credentials that are limited to a single namespace, this would ensure they can deploy apps (limited) at whichever level the cluster is provisioned.
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
Links / references
Edited by Daniel Gruesso