Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
7a4d74ed
Commit
7a4d74ed
authored
Sep 05, 2018
by
Achilleas Pipinellis
Committed by
Thong Kuah
Sep 14, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Copyedit RBAC docs
parent
aaad525c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
35 additions
and
17 deletions
+35
-17
doc/user/project/clusters/index.md
doc/user/project/clusters/index.md
+35
-17
No files found.
doc/user/project/clusters/index.md
View file @
7a4d74ed
...
@@ -127,32 +127,50 @@ applications running on the cluster.
...
@@ -127,32 +127,50 @@ applications running on the cluster.
When GitLab creates the cluster, it enables and uses the legacy
When GitLab creates the cluster, it enables and uses the legacy
[
Attribute-based access control (ABAC)
](
https://kubernetes.io/docs/admin/authorization/abac/
)
.
[
Attribute-based access control (ABAC)
](
https://kubernetes.io/docs/admin/authorization/abac/
)
.
The newer
[
RBAC
](
https://kubernetes.io/docs/admin/authorization/rbac/
)
The newer
[
RBAC
](
https://kubernetes.io/docs/admin/authorization/rbac/
)
authorization will be supported in a
authorization is
[
experimental
](
#role-based-access-control-rbac
)
.
[
future release
](
https://gitlab.com/gitlab-org/gitlab-ce/issues/29398
)
.
### Role-based access control (RBAC)
experimental support
### Role-based access control (RBAC)
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21401) in GitLab 11.3.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21401) in GitLab 11.3.
Experimental support for RBAC-enabled clusters is currently hidden behind a feature flag. Once
CAUTION:
**Warning:**
you have enabled the feature flag, GitLab will now be configured to
The RBAC authorization is experimental. To enable it you need access to the
create the necessary service accounts and privilleges in order to
server where GitLab is installed.
install and run
[
GitLab Managed Applications
](
#installing-applications
)
.
You can enable the feature flag from a Rails console:
The support for RBAC-enabled clusters is hidden behind a feature flag. Once
the feature flag is enabled, GitLab will create the necessary service accounts
and privileges in order to install and run
[
GitLab managed applications
](
#installing-applications
)
.
```
ruby
To enable the feature flag:
Feature
.
enable
(
'rbac_clusters'
)
```
1.
Enter the Rails console:
**For Omnibus GitLab**
```sh
sudo gitlab-rails console
```
**For installations from source**
```sh
sudo -u git -H bundle exec rails console
```
1.
Enable the RBAC authorization:
```ruby
Feature.enable('rbac_clusters')
```
If you are
[
adding an existing Kubernetes
If you are
[
adding an existing Kubernetes
cluster
](
#adding-an-existing-kubernetes-cluster
)
, you will be asked if
cluster
](
#adding-an-existing-kubernetes-cluster
)
, you will be asked if
the cluster you are adding is a RBAC-enabled cluster. Enabling this
the cluster you are adding is a
n
RBAC-enabled cluster. Enabling this
setting will create a
`tiller`
service account in the
setting will create a
`tiller`
service account in the
`gitlab-managed-apps`
namespace when you install Helm Tiller into your cluster.
`gitlab-managed-apps`
namespace when you install Helm Tiller into your cluster.
This service account will be added to the installed Helm Tiller
This service account will be added to the installed Helm Tiller
and will be used by Helm to install and run
[
GitLab
M
anaged
and will be used by Helm to install and run
[
GitLab
m
anaged
A
pplications
](
#installing-applications
)
.
a
pplications
](
#installing-applications
)
.
The
`tiller`
service account will have cluster-wide access (
`cluster-admin`
clusterrole).
The
`tiller`
service account will have cluster-wide access (
`cluster-admin`
clusterrole).
...
@@ -162,9 +180,9 @@ automatically create an RBAC-enabled cluster. A `tiller` service account
...
@@ -162,9 +180,9 @@ automatically create an RBAC-enabled cluster. A `tiller` service account
will be created as well and added to Helm Tiller.
will be created as well and added to Helm Tiller.
NOTE:
**Note:**
NOTE:
**Note:**
Auto DevOps will not successfully complete in cluster that only has RBAC
Auto DevOps will not successfully complete in
a
cluster that only has RBAC
authorization enabled. RBAC support for Auto DevOps is planned in a
[
future release
](
https://gitlab.com/gitlab-org/gitlab-ce/issues/44597
)
.
authorization enabled. RBAC support for Auto DevOps is planned in a
[
future release
](
https://gitlab.com/gitlab-org/gitlab-ce/issues/44597
)
.
### Security of GitLab Runners
### Security of GitLab Runners
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment