Page MenuHomePhabricator
Create Task
Maniphest T416260

Separate gitlab-cloud-runner k8s cluster provisioning from provider configuration
Closed, ResolvedPublic
Actions

Description

Provisioning an underlying k8s cluster and using its outputs to configure a k8s provider leads to OpenTofu dependency hell. From https://search.opentofu.org/provider/opentofu/kubernetes/latest

The most reliable way to configure the Kubernetes provider is to ensure that the cluster itself and the Kubernetes provider resources can be managed with separate apply operations. Data-sources can be used to convey values between the two stages as needed.

Let's separate out the provisioning of the k8s cluster itself from the creation of in-cluster resources.

Details

Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
digitalocean: Separate management of cluster and in-cluster resourcesrepos/releng/gitlab-cloud-runner!552dduvallreview/separate-digitalocean-applymain
Customize query in GitLab

Related Objects
Search...

Event Timeline

dduvall created this task.Feb 2 2026, 10:25 PM
dduvall changed the task status from Open to In Progress.Feb 11 2026, 7:51 PM
dduvall triaged this task as Medium priority.
dduvall merged a task: T416257: Remove DigitalOcean coupling from gitlab-cloud-runner modules.
CodeReviewBot added a project: Patch-For-Review.Feb 11 2026, 7:53 PM

dduvall opened https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runner/-/merge_requests/552

digitalocean: Separate management of cluster and in-cluster resources

CodeReviewBot added a comment.Feb 25 2026, 10:28 PM

dduvall merged https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runner/-/merge_requests/552

digitalocean: Separate management of cluster and in-cluster resources

Maintenance_bot removed a project: Patch-For-Review.Feb 25 2026, 10:30 PM
Stashbot added a comment.Feb 25 2026, 11:50 PM

Mentioned in SAL (#wikimedia-releng) [2026-02-25T23:50:48Z] <dduvall> deploying https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runner/-/merge_requests/552 to gitlab-cloud-runner production cluster (T416260)

Stashbot added a comment.Feb 26 2026, 12:13 AM

Mentioned in SAL (#wikimedia-releng) [2026-02-26T00:13:08Z] <dduvall> forcing replacement of buildkitd helm release in gitlab-cloud-runner prod cluster due to dependency on removed k8s secret (T416260)

dduvall closed this task as Resolved.Feb 26 2026, 12:16 AM
dduvall claimed this task.
thcipriani added a project: Essential-Work.Mar 20 2026, 10:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits