Clarify k8s project namespace

5cb49663 · Achilleas Pipinellis · Achilleas Pipinellis · c8e60d63 · c8e60d63 · 5cb49663
Commit 5cb49663 authored Sep 08, 2017 by Achilleas Pipinellis Committed by Achilleas Pipinellis Sep 25, 2017
2 changed files
--- a/doc/user/project/integrations/img/kubernetes_configuration.png
+++ b/doc/user/project/integrations/img/kubernetes_configuration.png
--- a/doc/user/project/integrations/kubernetes.md
+++ b/doc/user/project/integrations/kubernetes.md
@@ -13,32 +13,39 @@ template, see the [Services Templates](services_templates.md) document.
 ## Configuration
 Navigate to the [Integrations page](project_services.md#accessing-the-project-services)
-of your project and select the **Kubernetes** service to configure it.
+of your project and select the **Kubernetes** service to configure it. Fill in
+all the needed parameters, check the "Active" checkbox and hit **Save changes**
+for the changes to take effect.
 ![Kubernetes configuration settings](img/kubernetes_configuration.png)
-The Kubernetes service takes the following arguments:
+The Kubernetes service takes the following parameters:
-1. API URL
+- **API URL** -
-1. Custom CA bundle
+  It's the URL that GitLab uses to access the Kubernetes API. Kubernetes
-1. Kubernetes namespace
+  exposes several APIs, we want the "base" URL that is common to all of them,
-1. Service token
+  e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
+- **CA certificate** (optional) -
-The API URL is the URL that GitLab uses to access the Kubernetes API. Kubernetes
+  If the API is using a self-signed TLS certificate, you'll also need to include
-exposes several APIs - we want the "base" URL that is common to all of them,
+  the `ca.crt` contents here.
-e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
+- **Project namespace** (optional) - The following apply:
+  - By default you don't have to fill it in; by leaving it blank, GitLab will
-GitLab authenticates against Kubernetes using service tokens, which are
+    create one for you.
-scoped to a particular `namespace`. If you don't have a service token yet,
+  - Each project should have a unique namespace.
-you can follow the
+  - The project namespace is not necessarily the namespace of the secret, if
-[Kubernetes documentation](http://kubernetes.io/docs/user-guide/service-accounts/)
+    you're using a secret with broader permissions, like the secret from `default`.
-to create one. You can also view or create service tokens in the
+  - You should **not** use `default` as the project namespace.
-[Kubernetes dashboard](http://kubernetes.io/docs/user-guide/ui/) - visit
+  - If you or someone created a secret specifically for the project, usually
-`Config -> Secrets`.
+    with limited permissions, the secret's namespace and project namespace may
+    be the same.
-Fill in the service token and namespace according to the values you just got.
+- **Token** -
-If the API is using a self-signed TLS certificate, you'll also need to include
+  GitLab authenticates against Kubernetes using service tokens, which are
-the `ca.crt` contents as the `Custom CA bundle`.
+  scoped to a particular `namespace`. If you don't have a service token yet,
+  you can follow the
+  [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)
+  to create one. You can also view or create service tokens in the
+  [Kubernetes dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/#config)
+  (under **Config > Secrets**).
 ## Deployment variables
@@ -59,7 +66,7 @@ GitLab CI build environment:
 ## Web terminals
->**NOTE:**
+NOTE: **Note:**
 Added in GitLab 8.15. You must be the project owner or have `master` permissions
 to use terminals. Support is currently limited to the first container in the
 first pod of your environment.