## Sunsetting timeline plan [The official deprecation notices](https://docs.gitlab.com/ee/update/deprecations.html#saas-certificate-based-integration-with-kubernetes) are the primary source of truth for the expected removal dates. - After %"15.0" on GitLab SaaS, only existing users of the certificate-based integrations will be able to use the integrations. We will work with the current users to migrate them over to the agent as soon as possible. - At the same time, we want to introduce a feature flag for Self-Managed users that will, by default, switch off the certificate-based features but can be switched on by the GitLab administrator. - This feature flag will be removed from the product in a major GitLab version. We identified a set of [issues that block the removal](https://gitlab.com/gitlab-org/configure/general/-/issues/199+ ) of the certificate-based integration. Once the related issues are shipped, we will provide at least six months for migrations before the final removal for Self-Managed customers. ## Proposal Following the deprecation, the cluster-based integration and features built on top of it should receive the following support from ~"group::configure" : - assure that the supported cluster versions work with these features too - fix critical and security bugs Together with this deprecation, the features that depend on the certificate-based integration, and there is no workaround to use them using the GitLab Kubernetes Agent are being deprecated as well. These are the following features: - Instance, Group, Project level clusters - Including the APIs managing these - We have GraphQL API + git to manage the Agent, but we don't have [integrations with Terraform](https://gitlab.com/gitlab-org/gitlab/-/issues/227157) - [Cluster integrations](https://docs.gitlab.com/ee/user/clusters/integrations.html) - [Cluster Management Project](https://docs.gitlab.com/ee/user/clusters/management_project.html) - **Note:** the cluster management project template is not deprecated - **Note** setting up [a Prometheus integration manually](https://docs.gitlab.com/ee/user/project/integrations/prometheus.html#manual-configuration-of-prometheus) remains - Direct support for the template is planned with the GitLab Kubernetes Agent - [GitLab Managed Clusters](https://docs.gitlab.com/ee/user/project/clusters/gitlab_managed_clusters.html) - A workaround is planned with the GitLab Kubernetes Agent - [Cluster Cost Management](https://docs.gitlab.com/ee/user/clusters/cost_management.html) - [Cluster environments](https://docs.gitlab.com/ee/user/clusters/environments.html) - [Deploy boards](https://docs.gitlab.com/ee/user/project/deploy_boards.html) - **Note** Deploy boards show the list of environments without a cluster connection, and this functionality is to stay. - A workaround is planned with the GitLab Kubernetes Agent - [Pod logs](https://docs.gitlab.com/ee/user/project/clusters/kubernetes_pod_logs.html) - A workaround is planned with the GitLab Kubernetes Agent - [Web terminals](https://docs.gitlab.com/ee/administration/integration/terminal.html) - A workaround is planned with the GitLab Kubernetes Agent - [Advanced Traffic control](https://docs.gitlab.com/ee/user/project/canary_deployments.html#advanced-traffic-control-with-canary-ingress) with Canary Ingress - **Note** Other parts of Canary deployments, that rely on GitLab CI/CD only would remain supported. - ~~[Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) is affected as well. We want to avoid deprecating it with https://gitlab.com/gitlab-org/gitlab/-/issues/299350~~ - ~~A workaround is planned with the GitLab Kubernetes Agent~~ - [Policy Editor UI](https://docs.gitlab.com/ee/user/application_security/policies/#container-network-policy) We might remove features built on top of the certificate-based integration as we can provide alternative approaches using the Kubernetes Agent or decide to drop a use case. These removals are to be created separately of this deprecation notice. ## Issue readiness checklist - [x] This issue/epic is shared with the team at a team meeting - [x] The proposal clearly states what is being deprecated, mentioning potentially related areas and features that are not affected - [ ] The (in-product) communication plan about the removal is described in the proposal - [x] The documentation requirements of the removal are described in the proposal - [ ] A preliminary timeline for the deprecation and removal is described in the proposal - [ ] Deprecation message added to the `CHANGELOG.md` file: https://gitlab.com/gitlab-org/gitlab/merge_requests/XXX - [x] Deprecation message posted in the release blog post: https://gitlab.com/gitlab-com/www-gitlab-org/merge_requests/XXX - [ ] Deprecated code removed in %"16.0": https://gitlab.com/gitlab-org/gitlab/merge_requests/XXX