Commit 706fd1ca authored by Amy Qualls's avatar Amy Qualls Committed by Enrique Alcantara

Fix line breaks and wording

Hard wrap lines, and perform some smaller changes. Done in a
separate commit to make rebasing / merging easier.
parent efc9081d
...@@ -275,25 +275,38 @@ If your cluster was created before GitLab 12.2, default `KUBE_NAMESPACE` will be ...@@ -275,25 +275,38 @@ If your cluster was created before GitLab 12.2, default `KUBE_NAMESPACE` will be
The Kubernetes integration provides a `KUBECONFIG` with an auto-generated namespace The Kubernetes integration provides a `KUBECONFIG` with an auto-generated namespace
to deployment jobs. It defaults to using project-environment specific namespaces to deployment jobs. It defaults to using project-environment specific namespaces
of the form `<prefix>-<environment>`, where `<prefix>` is of the form `<project_name>-<project_id>` (see [Deployment of the form `<prefix>-<environment>`, where `<prefix>` is of the form
variables](#deployment-variables)). `<project_name>-<project_id>`. To learn more, read [Deployment variables](#deployment-variables).
The deployment namespace can be customized in a few ways: You can customize the deployment namespace in a few ways:
- You can choose between a **namespace per [environment](../../../ci/environments/index.md)** or a **namespace per project**. A namespace per environment is the default and recommended setting, as it prevents the mixing of resources between production and non-production environments. - You can choose between a **namespace per [environment](../../../ci/environments/index.md)**
- When using a project-level cluster, you can additionally customize the namespace prefix. When using namespace-per-environment, the deployment namespace is `<prefix>-<environment>`, but otherwise just `<prefix>`. or a **namespace per project**. A namespace per environment is the default and recommended
- For **non-managed** clusters, the auto-generated namespace is set in the `KUBECONFIG`, but the user is responsible for ensuring its existence. The value can be fully customized using [`environment:kubernetes:namespace`](../../../ci/environments/index.md#configuring-kubernetes-deployments) setting, as it prevents the mixing of resources between production and non-production environments.
in `.gitlab-ci.yml`. - When using a project-level cluster, you can additionally customize the namespace prefix.
When using namespace-per-environment, the deployment namespace is `<prefix>-<environment>`,
but otherwise just `<prefix>`.
- For **non-managed** clusters, the auto-generated namespace is set in the `KUBECONFIG`,
but the user is responsible for ensuring its existence. You can fully customize
this value using
[`environment:kubernetes:namespace`](../../../ci/environments/index.md#configuring-kubernetes-deployments)
in `.gitlab-ci.yml`.
NOTE: **Note:** NOTE: **Note:**
When you customize the namespace, existing environments remain linked to their current namespaces until you [clear the cluster cache](#clearing-the-cluster-cache). When you customize the namespace, existing environments remain linked to their current
namespaces until you [clear the cluster cache](#clearing-the-cluster-cache).
CAUTION: **Warning:** CAUTION: **Warning:**
By default, anyone who can create a deployment job can access any CI variable within an environment's deployment job. This includes `KUBECONFIG`, which gives access to any secret available to the associated service account in your cluster. By default, anyone who can create a deployment job can access any CI variable within
To keep your production credentials safe, consider using [Protected Environments](../../../ci/environments/protected_environments.md), combined with either an environment's deployment job. This includes `KUBECONFIG`, which gives access to
any secret available to the associated service account in your cluster.
To keep your production credentials safe, consider using
[Protected Environments](../../../ci/environments/protected_environments.md),
combined with either
- a GitLab-managed cluster and namespace per environment, - a GitLab-managed cluster and namespace per environment,
- *or*, an environment-scoped cluster per protected environment (the same cluster can be added multiple times with multiple restricted service accounts). - *or*, an environment-scoped cluster per protected environment. The same cluster
can be added multiple times with multiple restricted service accounts.
### Integrations ### Integrations
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment