FKA GitLab-Managed-Apps V2 ### Overview [GitLab Managed Apps](https://docs.gitlab.com/ee/user/clusters/applications.html) provide a great way for Kubernetes users to get started deploying helm charts to the their cluster. However, more advanced use cases require that chart values be customized before the chart is deployed. For example, large enterprise customers may have policies that prevent default from being deployed and currently there is no way to customize. **The long term goal of CI-based GitLab-managed-apps is to replace the current model where all the Kubernetes instructions are hard coded in the GitLab application.** The purpose of this epic is to allow customization of GitLab Managed Apps while making use of as much of the existing GitLab primitives as possible. These include: * Storage of charts in a user-designated [GitLab project](https://docs.gitlab.com/ee/user/project/) * [Version control](https://docs.gitlab.com/ee/user/project/repository/) of user charts * [GitLab CI](https://docs.gitlab.com/ee/ci/) to be used in order to install/upgrade/uninstall charts from the cluster * Use of existing [GitLab permissions model](https://docs.gitlab.com/ee/user/permissions.html) to determine owners/operators of cluster charts Benefits of CI-based GitLab Managed Apps: * Provide users with a known GitLab-flow to manage their charts/cluster * Version-control all changes/customization to application in Git * Provide powerful tools to troubleshoot/surface cluster information via CI job logs (no more obscure errors and hunting for root cause in pod/cluster logs) * GitLab-based auth model for cluster admins ### Use cases * A cluster with node labels to differ between running as "on-demand" instance or "spot" instance on AWS. On-demand node instance has a taint, so no gitlab managed apps can run on them. Apps which should run on "on-demand" instances need to get a toleration and a node selector * User needs to customize runner helm chart by passing `toml` configuration file * User that need to upload a personal ssl certificate on an Ingress deployment * User that need to edit Prometheus configuration, maybe to [improve k8s monitoring](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/prometheus/prometheus-configmap.yaml) * User that need to manage storage in Prometheus deployment * User needs to pass configuration file for use with crossplane ### Iteration 1 - [x] Provide the ability to define which existing project will be used for cluster management https://gitlab.com/gitlab-org/gitlab/issues/32810 - [x] Provide CI templates that will allow installation of applications https://gitlab.com/gitlab-org/gitlab/issues/7983 - [x] Provide chart templates for certain applications, starting with ingress https://gitlab.com/gitlab-org/gitlab/issues/7983 (also https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/merge_requests/1) and kube-monkey https://gitlab.com/gitlab-org/gitlab/issues/27089 - [x] Provide template for Cert-Manager https://gitlab.com/gitlab-org/gitlab/issues/35664 - [ ] Serve Prometheus GUI components with CI installation https://gitlab.com/gitlab-org/gitlab/issues/35672 - [x] Provide template for GitLab Runner https://gitlab.com/gitlab-org/gitlab/issues/35673 - [x] Provide template for JupyterHub https://gitlab.com/gitlab-org/gitlab/issues/35668 - [x] Provide template for Elastic stack https://gitlab.com/gitlab-org/gitlab/issues/35670 - [x] Provide template for Crossplane https://gitlab.com/gitlab-org/gitlab/issues/35675 - [x] Provide template for Knative https://gitlab.com/gitlab-org/gitlab/issues/35676 - [ ] Managed Apps v2 need to report status after CI completion https://gitlab.com/gitlab-org/gitlab/-/issues/202002 ### Next Iteration - [ ] Automatically create a "cluster management" project for the user, populate it with all the appropriate templates https://gitlab.com/gitlab-org/gitlab/issues/37964 - [ ] GUI one click install triggers CI/CD based installation https://gitlab.com/gitlab-org/gitlab/-/issues/210545 - [ ] Provide GUI chart override for ingress https://gitlab.com/gitlab-org/gitlab/issues/33900 - [ ] Provide GUI chart override for cert-manager - [ ] Provide GUI chart override for prometheus - [ ] Provide GUI chart override for JupyterHub - [ ] Provide GUI chart override for Knative ### Links / references * extracted from https://gitlab.com/gitlab-org/gitlab/issues/5254 * [Recording](https://www.youtube.com/watch?v=uY_Zy8rYrNU) of team meeting discussing this issue