debian-mirror-gitlab/doc/user/clusters/management_project.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

126 lines
4.6 KiB
Markdown
Raw Permalink Normal View History

2020-05-24 23:13:21 +05:30
---
stage: Configure
group: Configure
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-05-24 23:13:21 +05:30
---
2021-12-11 22:18:48 +05:30
# Cluster management project (DEPRECATED) **(FREE)**
2019-12-21 20:55:43 +05:30
2021-12-11 22:18:48 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32810) in GitLab 12.5.
> - [Deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8) in GitLab 14.5.
2022-07-16 23:28:13 +05:30
> - [Disabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/353410) in GitLab 15.0.
2021-12-11 22:18:48 +05:30
WARNING:
The cluster management project was [deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8) in GitLab 14.5.
2022-05-07 20:08:51 +05:30
To manage cluster applications, use the [GitLab agent](agent/index.md)
2021-12-11 22:18:48 +05:30
with the [Cluster Management Project Template](management_project_template.md).
2019-12-21 20:55:43 +05:30
2022-07-16 23:28:13 +05:30
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `certificate_based_clusters`.
2019-12-21 20:55:43 +05:30
A project can be designated as the management project for a cluster.
A management project can be used to run deployment jobs with
Kubernetes
[`cluster-admin`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)
privileges.
This can be useful for:
2021-09-04 01:27:46 +05:30
- Creating pipelines to install cluster-wide applications into your cluster, see [management project template](management_project_template.md) for details.
2019-12-21 20:55:43 +05:30
- Any jobs that require `cluster-admin` privileges.
## Permissions
2021-02-22 17:27:13 +05:30
Only the management project receives `cluster-admin` privileges. All
2021-09-30 23:02:18 +05:30
other projects continue to receive [namespace scoped `edit` level privileges](../project/clusters/cluster_access.md#rbac-cluster-resources).
2019-12-26 22:10:19 +05:30
Management projects are restricted to the following:
2020-03-13 15:44:24 +05:30
- For project-level clusters, the management project must be in the same
2019-12-26 22:10:19 +05:30
namespace (or descendants) as the cluster's project.
2020-03-13 15:44:24 +05:30
- For group-level clusters, the management project must be in the same
2020-04-22 19:07:51 +05:30
group (or descendants) as the cluster's group.
2019-12-26 22:10:19 +05:30
- For instance-level clusters, there are no such restrictions.
2019-12-21 20:55:43 +05:30
2021-11-11 11:23:49 +05:30
## How to create and configure a cluster management project
2019-12-21 20:55:43 +05:30
2021-11-11 11:23:49 +05:30
To use a cluster management project to manage your cluster:
2019-12-26 22:10:19 +05:30
2021-11-11 11:23:49 +05:30
1. Create a new project to serve as the cluster management project
2021-12-11 22:18:48 +05:30
for your cluster.
2021-11-11 11:23:49 +05:30
1. [Associate the cluster with the management project](#associate-the-cluster-management-project-with-the-cluster).
1. [Configure your cluster's pipelines](#configuring-your-pipeline).
1. [Set the environment scope](#setting-the-environment-scope).
2019-12-26 22:10:19 +05:30
2021-11-11 11:23:49 +05:30
### Associate the cluster management project with the cluster
2019-12-21 20:55:43 +05:30
2021-11-11 11:23:49 +05:30
To associate a cluster management project with your cluster:
2019-12-26 22:10:19 +05:30
1. Navigate to the appropriate configuration page. For a:
2021-09-30 23:02:18 +05:30
- [Project-level cluster](../project/clusters/index.md), go to your project's
2021-09-04 01:27:46 +05:30
**Infrastructure > Kubernetes clusters** page.
2021-09-30 23:02:18 +05:30
- [Group-level cluster](../group/clusters/index.md), go to your group's **Kubernetes**
2020-04-22 19:07:51 +05:30
page.
2021-11-11 11:23:49 +05:30
- [Instance-level cluster](../instance/clusters/index.md), on the top bar, select **Menu > Admin > Kubernetes**.
1. Expand **Advanced settings**.
1. From the **Cluster management project** dropdown, select the cluster management project
you created in the previous step.
2019-12-21 20:55:43 +05:30
### Configuring your pipeline
After designating a project as the management project for the cluster,
2021-09-30 23:02:18 +05:30
write a [`.gitlab-ci.yml`](../../ci/yaml/index.md) in that project. For example:
2019-12-21 20:55:43 +05:30
```yaml
configure cluster:
stage: deploy
script: kubectl get namespaces
environment:
name: production
```
2020-10-04 03:57:07 +05:30
### Setting the environment scope
2019-12-21 20:55:43 +05:30
[Environment
2021-09-30 23:02:18 +05:30
scopes](../project/clusters/multiple_kubernetes_clusters.md#setting-the-environment-scope)
2019-12-21 20:55:43 +05:30
are usable when associating multiple clusters to the same management
project.
Each scope can only be used by a single cluster for a management project.
For example, let's say the following Kubernetes clusters are associated
to a management project:
| Cluster | Environment scope |
| ----------- | ----------------- |
| Development | `*` |
| Staging | `staging` |
| Production | `production` |
2019-12-26 22:10:19 +05:30
The following environments set in
2021-09-30 23:02:18 +05:30
[`.gitlab-ci.yml`](../../ci/yaml/index.md) deploy to the
2019-12-21 20:55:43 +05:30
Development, Staging, and Production cluster respectively.
```yaml
stages:
2020-07-28 23:09:34 +05:30
- deploy
2019-12-21 20:55:43 +05:30
configure development cluster:
stage: deploy
script: kubectl get namespaces
environment:
name: development
configure staging cluster:
stage: deploy
script: kubectl get namespaces
environment:
name: staging
configure production cluster:
stage: deploy
script: kubectl get namespaces
environment:
name: production
```