Auto create "cluster management project" when not specified manually

Problem to solve

In order for CI-GitLab-managed-apps to become the default way to manage apps, a cluster management project is required. If user does not specify a project, user will not be able to manage apps.

Intended users

Developers, operators.

Solution

If no cluster-management project has been specified in the cluster's settings, when user install their first Gitlab-managed-app, offer the option to create project automatically (for mvc let's not offer to configure a specific project; if they have not configured one up to this point, automatically creating will provide a better ux). The project will be populated with all the contents necessary to deploy apps to the cluster (example here)

When a user goes installs their first application via the UI, we automatically create the cluster management project for them. This is linked with "advanced settings". The user has the option to override the project with one of their own.

• For project-level clusters, the cluster should be created at the same level it exists in. This would mean either in a user's namespace or in a group. The project receives the same members/permissions that the project cluster has.
• For group-level clusters, the project should be created directly within that group. The project receives the same members/permissions that the group cluster has.
• For instance-level clusters, the project is created in the GitLab Instance Administrators group. Admins are added as maintainers. This project is also utilized by the Monitor team for self-monitoring projects.

Workflow

1. If mgt-project has been defined, the relevant actions will use it (install, uninstall, etc)
   1a. If project defined by user does not contain necessary configuration or CI job errors out, show link to CI job output using our error alert. specs

Ingress was not installed successfully. See CI job logs to determine the cause.

2. If no project has been defined, automatically create cluster-management-project in the background with the nomenclature: $cluster-name+cluster-administration

Edge Cases

1. If cluster-management project is deleted, we'll have to prompt the user to specify an existing project or offer to create one for them. This can be a follow-up.
2. If the same project is specified to manager multiple clusters, errors may occur. We should consider limiting this to one.

Access

• Any auto-created project should be private
• For project-level clusters, the cluster should be created at the same level it exists in. This would mean either in a user's namespace or in a group. The project receives the same members/permissions that the project cluster has.
• For group-level clusters, the project should be created directly within that group. The project receives the same members/permissions that the group cluster has.
• For instance-level clusters, the project is created in the GitLab Instance Administrators group. Admins are added as maintainers.

In all instances, access to said project should only be provided to maintainers+ so that no one other than cluster admins can make changes.

Previous proposals

1. When a cluster is created, provide the opportunity to specify a cluster management project or provide the option to create one for me (with link that describes the process).

OR

2. Keep the existing cluster creation flow and only prompt for cluster management project when user installs any of the Gitlab managed apps. This will better service the segment of the population that does not make use of GitLab managed apps.

Permissions and Security

Same as currently can create/manage clusters.

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.