Known Issues¶
This document lists known issues with the current version of the namespace-operator.
1. GitLab Deploy Keys¶
When using the namespace-operator with GitLab, a known issue exists regarding deploy key permissions. The namespace-operator automatically creates deploy keys for each namespace it manages. However, GitLab requires the creator of a deploy key to have the necessary permissions for actions like pushing to protected branches or triggering CI/CD pipelines.
This creates a dependency between the deploy key's permissions and the user who initially created it within GitLab. If that user is deleted or their permissions are modified, those changes are reflected in the deploy key's permissions, even if the key was created before the change. This can lead to unexpected access issues.
Impact¶
Loss of access, if the user who created the deploy keys is deleted or loses the necessary permissions in GitLab, the associated deploy keys may no longer be able to perform actions such as pushing to protected branches or triggering CI/CD pipelines.
Workaround¶
Currently, there is no direct workaround within the namespace-operator to prevent this issue. This is because the behavior is specific to GitLab's implementation of deploy keys and how they handle permissions, which differs from other Git server implementations.
Therefore, mitigating the risk requires focusing on managing the GitLab user associated with the namespace-operator.