## Goal The goal of this MVC is to construct a minimal change that allows us to: - Improve security and usability ## Requirements - https://gitlab.com/groups/gitlab-org/-/epics/9138+ is complete - https://gitlab.com/groups/gitlab-org/-/epics/9323+ is complete - https://gitlab.com/groups/gitlab-org/-/epics/9169+ is complete These are **not** part of the MVC: - collaboration capabilities such as screen sharing, chat etc. ## Assumptions * We are allowing for internal feedback and closed/early customer feedback which can be iterated on * We have explored or are exploring the feasibility of using GA4K with ingresses via https://gitlab.com/gitlab-org/gitlab/-/issues/378998+ * We have explored or are exploring Kata containers for providing root access to workspace users via https://gitlab.com/gitlab-org/gitlab/-/issues/367043+ * We have explored or are exploring how ingress/egress requests cannot be misused from resources within the cluster - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - i.e. security hardening ## Questions - Do we need additional support for passing secrets, credentials, secure variables? - What's the length of time someone is willing to wait for a new environment to be created? Do we need an extensive pre-build strategy or is providing a dockerfile in the repository a sufficient solution? ## User Prerequisites - TBA ## Success criteria - Add options to create different classes of workspaces(1gb-2cpu, 4gb-8cpu, etc.) - Add option to vertically scale up workspace resources - Add option to inject secrets from GitLab user/group/repository - Add option to configure timeouts of workspaces at multiple levels - Add option to configure allowing user to expose endpoints in their workspace (e.g. not allow anyone in organisation to expose any endpoint publicly, etc.) - Add support for using Kata containers for VM isolation and scalability within Remote Development - Add support for image pre-builds ## User Value - Integration with the GitLab Workflow extension - Harden the security aspects of a workspace - Spin up a workspace on the GDK and develop on `gitlab-org` - Workspaces provision quickly due to image pre-builds ## Limitations - TBA