Certificate-based cluster connection (DEPRECATED)

In GitLab 14.5, the certificate-based method to connect Kubernetes clusters to GitLab was deprecated, as well as the related features.

This feature is now deprecated. It had the following issues:

  • There were security issues as it required direct access to the Kube API by GitLab.
  • The configuration options weren’t flexible.
  • The integration was flaky.
  • Users were constantly reporting issues with features based on this model.

For this reason, we started to build features based on a new model, the GitLab Kubernetes Agent. Maintaining both methods in parallel caused a lot of confusion and significantly increased the complexity to use, develop, maintain, and document them. For this reason, we decided to deprecate them to focus on the new model.

Certificate-based features will continue to receive security and critical fixes, and features built on top of it will continue to work with the supported Kubernetes versions. The removal of these features from GitLab is not scheduled yet. Follow this epic for updates.

You can find technical information about why we moved away from cluster certificates into the Kubernetes Agent model on the Agent’s blueprint documentation.

Deprecated features

Cluster levels

The concept of project-level, group-level, and instance-level clusters becomes extinct in the new model, although the functionality remains to some extent. The Agent is always configured in a GitLab project, but you can grant your cluster’s access to a GitLab group through the Agent.