diff options
Diffstat (limited to 'doc/user/clusters/agent/ci_cd_tunnel.md')
-rw-r--r-- | doc/user/clusters/agent/ci_cd_tunnel.md | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/doc/user/clusters/agent/ci_cd_tunnel.md b/doc/user/clusters/agent/ci_cd_tunnel.md index 6c8b7c95771..0dfdb37dc1f 100644 --- a/doc/user/clusters/agent/ci_cd_tunnel.md +++ b/doc/user/clusters/agent/ci_cd_tunnel.md @@ -4,15 +4,13 @@ group: Configure info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# CI/CD Tunnel **(PREMIUM)** +# CI/CD Tunnel **(FREE)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327409) in GitLab 14.1. > - The pre-configured `KUBECONFIG` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/324275) in GitLab 14.2. > - The ability to authorize groups was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3. - -WARNING: -The CI/CD Tunnel is not supported for GitLab self-managed instances installed via Omnibus. We -plan to [add support for Omnibus](https://gitlab.com/gitlab-org/gitlab/-/issues/324272) in the future. +> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/6290) to GitLab Free in 14.5. +> - Support for Omnibus installations was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5686) in GitLab 14.5. The CI/CD Tunnel enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster. GitLab Runner does not have to be running in the same cluster. @@ -21,11 +19,11 @@ Only CI/CD jobs set in the configuration project can access one of the configure ## Prerequisites -- A running [`kas` instance](index.md#set-up-the-kubernetes-agent-server). -- A [configuration repository](index.md#define-a-configuration-repository) with an Agent config file +- A running [`kas` instance](install/index.md#set-up-the-kubernetes-agent-server). +- A [configuration repository](install/index.md#define-a-configuration-repository) with an Agent config file installed (`.gitlab/agents/<agent-name>/config.yaml`). -- An [Agent record](index.md#create-an-agent-record-in-gitlab). -- The Agent [installed in the cluster](index.md#install-the-agent-into-the-cluster). +- An [Agent record](install/index.md#create-an-agent-record-in-gitlab). +- The Agent [installed in the cluster](install/index.md#install-the-agent-into-the-cluster). ## Use the CI/CD Tunnel to run Kubernetes commands from GitLab CI/CD @@ -37,6 +35,16 @@ there isn't any context selected. Contexts are named in the following format: `<agent-configuration-project-path>:<agent-name>`. To get the list of available contexts, run `kubectl config get-contexts`. +## Share the CI/CD Tunnel provided by an Agent with other projects and groups + +The Agent can be configured to enable access to the CI/CD Tunnel to other projects or all the projects under a given group. This way you can have a single agent serving all the requests for several projects saving on resources and maintenance. + +You can read more on how to [authorize access in the Agent configuration reference](repository.md#authorize-projects-and-groups-to-use-an-agent). + +## Restrict access of authorized projects and groups **(PREMIUM)** + +You can [configure various impersonations](repository.md#use-impersonation-to-restrict-project-and-group-access) to restrict the permissions of a shared CI/CD Tunnel. + ## Example for a `kubectl` command using the CI/CD Tunnel The following example shows a CI/CD job that runs a `kubectl` command using the CI/CD Tunnel. |