Commit c8fa9047 authored by Thong Kuah's avatar Thong Kuah

Add documentation for RBAC experiment support for GitLab Managed Apps

parent bf0179b7
...@@ -130,6 +130,42 @@ The newer [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) ...@@ -130,6 +130,42 @@ The newer [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)
authorization will be supported in a authorization will be supported in a
[future release](https://gitlab.com/gitlab-org/gitlab-ce/issues/29398). [future release](https://gitlab.com/gitlab-org/gitlab-ce/issues/29398).
### Role-based access control (RBAC) experimental support
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21401) in GitLab 11.3.
Experimental support for RBAC-enabled clusters is currently hidden behind a feature flag. Once
you have enabled the feature flag, GitLab will now be configured to
create the necessary service accounts and privilleges in order to
install and run [GitLab Managed Applications](#installing-applications).
You can enable the feature flag from a Rails console:
```ruby
Feature.enable('rbac_clusters')
```
If you are [adding an existing Kubernetes
cluster](#adding-an-existing-kubernetes-cluster), you will be asked if
the cluster you are adding is a RBAC-enabled cluster. Enabling this
setting will create a `tiller` service account in the
`gitlab-managed-apps` namespace when you install Helm Tiller into your cluster.
This service account will be added to the installed Helm Tiller
and will be used by Helm to install and run [GitLab Managed
Applications](#installing-applications).
The `tiller` service account will have cluster-wide access (`cluster-admin` clusterrole).
If you are creating a [new GKE cluster via
GitLab](#adding-and-creating-a-new-gke-cluster-via-gitlab), GitLab will
automatically create an RBAC-enabled cluster. A `tiller` service account
will be created as well and added to Helm Tiller.
NOTE: **Note:**
Auto DevOps will not successfully complete in cluster that only has RBAC
authorization enabled. RBAC support for Auto DevOps is planned in a [future release](https://gitlab.com/gitlab-org/gitlab-ce/issues/44597).
### Security of GitLab Runners ### Security of GitLab Runners
GitLab Runners have the [privileged mode](https://docs.gitlab.com/runner/executors/docker.html#the-privileged-mode) GitLab Runners have the [privileged mode](https://docs.gitlab.com/runner/executors/docker.html#the-privileged-mode)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment