| Age | Commit message (Collapse) | Author |
|---|
|
|
|
These services aren't specific to GCP, and will be used for AWS
as part of https://gitlab.com/gitlab-org/gitlab-ce/issues/46686
|
|
Previously this behaviour was only available to group
and instance-level clusters, as some project clusters
relied on Kubernetes credentials being passed through
to the runner instead of having their resources managed
by GitLab (which is not available when using JIT). These
clusters have been migrated to unmanaged, so resources
can be created on demand for the remaining managed clusters.
|
|
|
|
|
|
- Split logger call for readibility
- Reduce code duplication by adding new method
|
|
|
|
This reflects how we now create or update
|
|
We remove configure_project_service_account and replace
ClusterPlatformConfigureWorker as they perform exactly the same piece of
work. This also makes GKE cluster creation to be the same as Adding
existing cluster - they both now use another worker to execute
CreateOrUpdateNamespaceService.
|
|
|
|
This removes the ability to pass in a different version. We can instead
create a new entry in the SUPPORTED_API_GROUPS hash for a different
version if need be.
|
|
Find and replace everywhere we pass in `api_groups` to KubeClient, as no
longer needed
|
|
of ABAC/RBAC
This also solves the async nature of the automatic creation of default
service tokens for service accounts. It also makes explicit which
service account token we always use.
create cluster role binding only if the provider has legacy_abac
disabled.
|
|
that there is one single source of truth.
|
|
token
Keeps existing behaviour for ABAC cluster
|
|
when we have the rbac cluster FF enabled.
This syncs up with `authorization_type`.
|
|
This is the same as with adding an existing cluster
|
|
|
|
GitLab can perform operations in a RBAC-enabled cluster.
Correspondingly, use the token of the gitlab service account, vs the
default service account token which will have no privs.
|
|
namespace
This is in preparation to share some common code with another service
which will also need a kubeclient utilizing master username and password
|
|
For directories application_settings --> labels.
Partially addresses #47424.
|
|
|
|
GKE 1.8 has RBAC on by default, since GKE has bumped the default version
to 1.8.7 RBAC is now on, and we don't support that out of the box.
This was also avoiding cluster applications (tiller, prometheus, etc), to
be installed.
Closes #41619
|
|
controller. Use time_with_zone in schema. Remove Gcp::Clusters from safe_model_attributes.ym
|
|
|
|
|
|
|
|
|
