diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 11:43:02 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 11:43:02 +0300 |
| commit | d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch) | |
| tree | 2341ef426af70ad1e289c38036737e04b0aa5007 /doc/ci/environments/protected_environments.md | |
| parent | d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff) | |
Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
| -rw-r--r-- | doc/ci/environments/protected_environments.md | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index b31e51b35fc..47f93b03136 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -2,26 +2,22 @@ stage: Release group: Release info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments -type: concepts, howto --- # Protected environments **(PREMIUM)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/6303) in GitLab 11.3. +[Environments](../environments/index.md) can be used for both testing and +production reasons. -[Environments](../environments/index.md) can be used for different reasons: +Because deploy jobs can be raised by different users with different roles, it's +important to be able to protect specific environments from the effects of +unauthorized users. -- Some of them are just for testing. -- Others are for production. - -Since deploy jobs can be raised by different users with different roles, it is important that -specific environments are "protected" to prevent unauthorized people from affecting them. - -By default, a protected environment does one thing: it ensures that only people -with the right privileges can deploy to it, thus keeping it safe. +By default, a protected environment ensures that only people with the +appropriate privileges can deploy to it, keeping the environment safe. NOTE: -A GitLab admin is always allowed to use environments, even if they are protected. +GitLab administrators can use all environments, including protected environments. To protect, update, or unprotect an environment, you need to have at least the [Maintainer role](../../user/permissions.md). @@ -157,9 +153,9 @@ For more information, see [Deployment safety](deployment_safety.md). ## Group-level protected environments -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/215888) in GitLab 14.0. [Deployed behind the `group_level_protected_environments` flag](../../administration/feature_flags.md), disabled by default. -> - [Feature flag `group_level_protected_environments`](https://gitlab.com/gitlab-org/gitlab/-/issues/331085) removed in GitLab 14.3. -> - [Generally Available](https://gitlab.com/gitlab-org/gitlab/-/issues/331085) on GitLab and on GitLab.com in 14.3. +> - Introduced in GitLab 14.0 [with a flag](https://gitlab.com/gitlab-org/gitlab/-/issues/215888) named `group_level_protected_environments`. Disabled by default. +> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/331085) in GitLab 14.3. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/331085) in GitLab 14.3. Typically, large enterprise organizations have an explicit permission boundary between [developers and operators](https://about.gitlab.com/topics/devops/). @@ -210,8 +206,8 @@ configured: (or above) to the top-level group. They can maintain CI/CD configurations for the higher environments (such as production) in the group-level settings page, which includes group-level protected environments, - [group-level runners](../runners/runners_scope.md#group-runners), - [group-level clusters](../../user/group/clusters/index.md), etc. Those + [group-level runners](../runners/runners_scope.md#group-runners), and + [group-level clusters](../../user/group/clusters/index.md). Those configurations are inherited to the child projects as read-only entries. This ensures that only operators can configure the organization-wide deployment ruleset. @@ -246,11 +242,11 @@ To protect a group-level environment: 1. Make sure your environments have the correct [`deployment_tier`](index.md#deployment-tier-of-environments) defined in `.gitlab-ci.yml`. -1. Configure the group-level protected environments via the +1. Configure the group-level protected environments by using the [REST API](../../api/group_protected_environments.md). NOTE: -Configuration [via the UI](https://gitlab.com/gitlab-org/gitlab/-/issues/325249) +Configuration [with the UI](https://gitlab.com/gitlab-org/gitlab/-/issues/325249) is scheduled for a later release. <!-- ## Troubleshooting |