Validate k8s credentials provided at cluster creation
Problem to solve
Right now a user can add invalid cluster credentials and the cluster creation succeeds when adding an existing cluster. It is not until either they run CI OR until they try to install helm that they notice an issue.
Target audience
Operators/Developers
Further details
Common examples of problems:
- The token given is not a
cluster-admin
so we therefore will end up failing to create the service account for CI (see https://gitlab.com/gitlab-org/gitlab-ce/issues/54506) - The credentials given are invalid in some way (copy paste error or copied from the wrong place)
- The cluster is not reachable from GitLab possibly due to networking issues
Proposal
API URL: Cannot reach
If the cluster API is not reachable, we warn the user on the cluster page.
Token: Cannot create server account
When a token does not have cluster-admin
privileges and the cluster is a GitLab-managed cluster
. This warning should not display if the user has de-selected GitLab-managed cluster
.
Token/CA Cert: Cannot authenticate
If there are multiple warnings, the warnings will stack. The alerts are dismissible.
What does success look like, and how can we measure that?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.