## Release notes https://docs.gitlab.com/ee/user/clusters/agent/repository.html Securing access to various clusters is one of the most important questions for most companies. The GitLab Kubernetes Agent provides a secure connection to Kubernetes clusters from the beginning and supports various security use cases. At the same time, it lacked the flexibility of restricting various actions to different permissions. We are releasing various impersonation features to be used with the CI/CD tunnel of the GitLab Kubernetes Agent. We released, the CI/CD tunnel on top of the GitLab Kubernetes Agent to enable access to the cluster from within GitLab CI/CD. Until now, the tunnel used the service account of the installed agent, and inherited all its permissions. Many users need stricter permission controls, preferably at the user or job level. We are pleased to release a generic, a CI/CD job and a GitLab user based impersonation in this release of GitLab. These impersonations can be specified in the Agent configuration, and the impersonated account permissions can be managed using the well-known Kubernetes RBAC rules. ## Scope Support CI job impersonation when accessing Kubernetes API. * [x] \[Ruby\] Expose project groups in `/job/allowed_agents` * [x] \[Ruby\] Expose environment slug in `/job/allowed_agents` * [ ] \[Go\] Implement `ci_job` impersonation in `kas` * [ ] Docs