Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42

12 files changed, 139 insertions, 63 deletions

diff --git a/doc/user/infrastructure/clusters/connect/index.md b/doc/user/infrastructure/clusters/connect/index.md
new file mode 100644
index 00000000000..ada278292a9
--- /dev/null
+++ b/doc/user/infrastructure/clusters/connect/index.md
@@ -0,0 +1,126 @@
+---
+stage: Configure
+group: Configure
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Connect a cluster to GitLab **(FREE)**
+
+You can create new or connect existing clusters to GitLab through different [levels](#cluster-levels),
+using different [methods](#methods-to-connect-a-cluster-to-gitlab).
+
+Before getting started:
+
+1. Check the [supported Kubernetes cluster versions](#supported-cluster-versions).
+1. Define the [cluster level](#cluster-levels) according to your case.
+
+After that:
+
+1. Choose the [method](#methods-to-connect-a-cluster-to-gitlab)
+to connect your cluster according to your case.
+1. [View your clusters](#view-your-clusters) connected to GitLab.
+
+## Methods to connect a cluster to GitLab
+
+GitLab offers three methods to connect existing and create new clusters:
+
+- **GitLab Kubernetes Agent**: the best solution to
+[connect existing clusters](#connect-existing-clusters-to-gitlab).
+- **Infrastructure as Code**: it's a broader infrastructure management
+toolset that includes managing your cluster. It's the recommended
+solution to [create a new cluster](#create-new-clusters-from-gitlab)
+from GitLab.
+- **Certificate-based method**: our first and legacy solution uses
+cluster certificates to connect your cluster to GitLab. It is no longer
+recommended for [security implications](#security-implications-for-clusters-connected-with-certificates).
+
+### Connect existing clusters to GitLab
+
+To safely connect and configure an existing cluster on the **project level**,
+we **recommend** using the [GitLab Kubernetes Agent](../../../clusters/agent/index.md).
+We are working to support [the Agent for connecting a cluster at the group level](https://gitlab.com/groups/gitlab-org/-/epics/5784).
+
+Alternatively, you can use [cluster certificates](../../../project/clusters/add_existing_cluster.md)
+to connect clusters in all levels (projects, group, instance). However,
+for [security implications](#security-implications-for-clusters-connected-with-certificates),
+we don't recommend using this method.
+
+### Create new clusters from GitLab
+
+To safely create new clusters from GitLab, use
+[Infrastructure as Code](../../iac/index.md#create-a-new-cluster-through-iac).
+
+The [certificate-based method to create a new cluster](../../../project/clusters/add_remove_clusters.md)
+is still available through the GitLab UI but was **deprecated** in GitLab 14.0.
+If possible, we don't recommend using this method.
+
+### Connect multiple clusters to a single project
+
+To connect multiple clusters to a single project in GitLab,
+we **recommend** using the [GitLab Kubernetes Agent](../../../clusters/agent/index.md).
+
+You can also use the [certificate-based method](../../../project/clusters/multiple_kubernetes_clusters.md),
+but, for [security implications](#security-implications-for-clusters-connected-with-certificates),
+we don't recommend using this method.
+
+## Cluster levels
+
+Choose your cluster's level according to its purpose:
+
+| Level | Purpose |
+|--|--|
+| [Project level](../../../project/clusters/index.md) | Use your cluster for a single project. |
+| [Group level](../../../group/clusters/index.md) | Use the same cluster across multiple projects within your group. |
+| [Instance level](../../../instance/clusters/index.md) **(FREE SELF)** | Use the same cluster across groups and projects within your instance. |
+
+## Supported cluster versions
+
+GitLab is committed to support at least two production-ready Kubernetes minor
+versions at any given time. We regularly review the versions we support, and
+provide a three-month deprecation period before we remove support of a specific
+version. The range of supported versions is based on the evaluation of:
+
+- The versions supported by major managed Kubernetes providers.
+- The versions [supported by the Kubernetes community](https://kubernetes.io/releases/version-skew-policy/#supported-versions).
+
+GitLab supports the following Kubernetes versions, and you can upgrade your
+Kubernetes version to any supported version at any time:
+
+- 1.19 (support ends on February 22, 2022)
+- 1.18 (support ends on November 22, 2021)
+- 1.17 (support ends on September 22, 2021)
+
+Some GitLab features may support versions outside the range provided here.
+
+## View your clusters
+
+To view the Kubernetes clusters connected to your project,
+group, or instance, open the cluster's page according to the
+[level](#cluster-levels) of your cluster.
+
+**Project-level clusters:**
+
+1. Go to your project's homepage.
+1. On the left sidebar, select **Infrastructure > Kubernetes clusters**.
+
+**Group-level clusters:**
+
+1. Go to your group's homepage.
+1. On the left sidebar, select **Kubernetes**.
+
+**Instance-level clusters:** **(FREE SELF)**
+
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Kubernetes**.
+
+## Security implications for clusters connected with certificates
+
+WARNING:
+The whole cluster security is based on a model where [developers](../../../permissions.md)
+are trusted, so **only trusted users should be allowed to control your clusters**.
+
+The use of cluster certificates to connect your cluster grants
+access to a wide set of functionalities needed to successfully
+build and deploy a containerized application. Bear in mind that
+the same credentials are used for all the applications running
+on the cluster.
diff --git a/doc/user/infrastructure/clusters/connect/new_gke_cluster.md b/doc/user/infrastructure/clusters/connect/new_gke_cluster.md
index 35af316d7ac..90044fa74e1 100644
--- a/doc/user/infrastructure/clusters/connect/new_gke_cluster.md
+++ b/doc/user/infrastructure/clusters/connect/new_gke_cluster.md
@@ -48,7 +48,7 @@ so that your credentials are not exposed through the code. To do so, follow the
 1. On your computer, encode the JSON file to `base64` (replace `/path/to/sa-key.json` to the path to your key):
 
    ```shell
-   base64 /path/to/sa-key.json | tr -d \\n`
+   base64 /path/to/sa-key.json | tr -d \\n
    ```
 
 1. Use the output of this command as the `BASE64_GOOGLE_CREDENTIALS` environment variable in the next step.
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/certmanager.md b/doc/user/infrastructure/clusters/manage/management_project_applications/certmanager.md
index 3bf79ea90c7..9ef7bd0f3ff 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/certmanager.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/certmanager.md
@@ -6,16 +6,21 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Install cert-manager with a cluster management project
 
-> [Introduced](https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/5) in GitLab 14.0.
+> - [Introduced](https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/5) in GitLab 14.0.
+> - Support for cert-manager v1.4 was [introduced](https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/69405) in GitLab 14.3.
 
 Assuming you already have a [Cluster management project](../../../../../user/clusters/management_project.md) created from a
 [management project template](../../../../../user/clusters/management_project_template.md), to install cert-manager you should
 uncomment this line from your `helmfile.yaml`:
 
 ```yaml
-  - path: applications/cert-manager/helmfile.yaml
+  - path: applications/cert-manager-1-4/helmfile.yaml
 ```
 
+NOTE:
+We kept the `- path: applications/cert-manager/helmfile.yaml` with cert-manager v0.10 to facilitate
+the [migration from GitLab Managed Apps to a cluster management project](../../../../clusters/migrating_from_gma_to_project_template.md).
+
 cert-manager:
 
 - Is installed by default into the `gitlab-managed-apps` namespace of your cluster.
@@ -24,7 +29,7 @@ cert-manager:
   email address to be specified. The email address is used by Let's Encrypt to
   contact you about expiring certificates and issues related to your account.
 
-The following configuration in your `applications/cert-manager/helmfile.yaml` is required to install cert-manager:
+To install cert-manager in your cluster, configure your `applications/cert-manager-1-4/helmfile.yaml` to:
 
 ```yaml
 certManager:
@@ -48,9 +53,3 @@ You can customize the installation of cert-manager by defining a
 management project. Refer to the
 [chart](https://github.com/jetstack/cert-manager) for the
 available configuration options.
-
-Support for installing the Cert Manager managed application is provided by the
-GitLab Configure group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Configure group](https://about.gitlab.com/handbook/product/categories/#configure-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/cilium.md b/doc/user/infrastructure/clusters/manage/management_project_applications/cilium.md
index 4e84f2c5ef4..c19bfbfb1b1 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/cilium.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/cilium.md
@@ -120,9 +120,3 @@ global:
       enabled:
       - 'flow:sourceContext=namespace;destinationContext=namespace'
 ```
-
-Support for installing the Cilium managed application is provided by the
-GitLab Container Security group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Container Security group](https://about.gitlab.com/handbook/product/categories/#container-security-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/elasticstack.md b/doc/user/infrastructure/clusters/manage/management_project_applications/elasticstack.md
index 3d2b3caf0af..dbde9bd90b0 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/elasticstack.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/elasticstack.md
@@ -27,8 +27,3 @@ You can customize the installation of Elastic Stack by updating the
 management project. Refer to the
 [chart](https://gitlab.com/gitlab-org/charts/elastic-stack) for all
 available configuration options.
-
-Support for installing the Elastic Stack managed application is provided by the
-GitLab APM group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the [APM group](https://about.gitlab.com/handbook/product/categories/#apm-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/falco.md b/doc/user/infrastructure/clusters/manage/management_project_applications/falco.md
index dff0c3bd7bc..7bd2a4a5133 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/falco.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/falco.md
@@ -93,9 +93,3 @@ You can check these logs with the following command:
 ```shell
 kubectl -n gitlab-managed-apps logs -l app=falco
 ```
-
-Support for installing the Falco managed application is provided by the
-GitLab Container Security group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Container Security group](https://about.gitlab.com/handbook/product/categories/#container-security-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/fluentd.md b/doc/user/infrastructure/clusters/manage/management_project_applications/fluentd.md
index bf05f8f87d8..c5de0511c2f 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/fluentd.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/fluentd.md
@@ -28,9 +28,3 @@ for the current development release of Fluentd for all available configuration o
 The configuration chart link points to the current development release, which
 may differ from the version you have installed. To ensure compatibility, switch
 to the specific branch or tag you are using.
-
-Support for installing the Fluentd managed application is provided by the
-GitLab Container Security group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Container Security group](https://about.gitlab.com/handbook/product/categories/#container-security-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md b/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
index 4f17dbab11b..5ee26db754e 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
@@ -24,8 +24,3 @@ You can customize the installation of Ingress by updating the
 management project. Refer to the
 [chart](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
 for the available configuration options.
-
-Support for installing the Ingress managed application is provided by the GitLab Configure group.
-If you run into unknown issues, [open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new),
-and ping at least 2 people from the
-[Configure group](https://about.gitlab.com/handbook/product/categories/#configure-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md b/doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md
index 19e6c76d133..3420f340c94 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md
@@ -25,8 +25,3 @@ You can customize the installation of Prometheus by updating the
 management project. Refer to the
 [Configuration section](https://github.com/helm/charts/tree/master/stable/prometheus#configuration)
 of the Prometheus chart's README for the available configuration options.
-
-Support for installing the Prometheus managed application is provided by the
-GitLab APM group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the [APM group](https://about.gitlab.com/handbook/product/categories/#apm-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md b/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
index 56e01be68cb..841f2af7863 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
@@ -18,6 +18,8 @@ uncomment this line from your `helmfile.yaml`:
 
 GitLab Runner is installed by default into the `gitlab-managed-apps` namespace of your cluster.
 
+## Required variables
+
 For GitLab Runner to function, you _must_ specify the following in your
 `applications/gitlab-runner/values.yaml.gotmpl` file:
 
@@ -28,10 +30,10 @@ For GitLab Runner to function, you _must_ specify the following in your
 
 These values can be specified using [CI/CD variables](../../../../../ci/variables/index.md):
 
-- `GITLAB_RUNNER_GITLAB_URL` is used for `gitlabUrl`.
+- `CI_SERVER_URL` is used for `gitlabUrl`. If you are using GitLab.com, you don't need to set this variable.
 - `GITLAB_RUNNER_REGISTRATION_TOKEN` is used for `runnerRegistrationToken`
 
-The methods of specifying these values are mutually exclusive. Either specify variables `GITLAB_RUNNER_REGISTRATION_TOKEN` and `GITLAB_RUNNER_TOKEN` as CI variables (recommended) or provide values for `runnerRegistrationToken:` and `runnerToken:` in `applications/gitlab-runner/values.yaml.gotmpl`.
+The methods of specifying these values are mutually exclusive. Either specify variables `GITLAB_RUNNER_REGISTRATION_TOKEN` and `CI_SERVER_URL` as CI variables (recommended) or provide values for `runnerRegistrationToken:` and `gitlabUrl:` in `applications/gitlab-runner/values.yaml.gotmpl`.
 
 The runner registration token allows connection to a project by a runner and therefore should be treated as a secret to prevent malicious use and code exfiltration through a runner. For this reason, we recommend that you specify the runner registration token as a [protected variable](../../../../../ci/variables/index.md#protect-a-cicd-variable) and [masked variable](../../../../../ci/variables/index.md#mask-a-cicd-variable) and do not commit them to the Git repository in the `values.yaml.gotmpl` file.
 
@@ -40,9 +42,3 @@ You can customize the installation of GitLab Runner by defining
 management project. Refer to the
 [chart](https://gitlab.com/gitlab-org/charts/gitlab-runner) for the
 available configuration options.
-
-Support for installing the GitLab Runner managed application is provided by the
-GitLab Runner group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Runner group](https://about.gitlab.com/handbook/product/categories/#runner-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md b/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
index 4d82fe389d2..300350010af 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
@@ -68,9 +68,3 @@ ingress:
 postgresql:
   postgresqlPassword: example-postgresql-password
 ```
-
-Support for installing the Sentry managed application is provided by the
-GitLab Health group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Health group](https://about.gitlab.com/handbook/product/categories/#health-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md b/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md
index 291321963d0..d6b4eb5c157 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md
@@ -100,9 +100,3 @@ kubectl -n gitlab-managed-apps exec -it vault-0 sh
 
 This should give you your unseal keys and initial root token. Make sure to note these down
 and keep these safe, as they're required to unseal the Vault throughout its lifecycle.
-
-Support for installing the Vault managed application is provided by the
-GitLab Release Management group. If you run into unknown issues,
-[open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
-least 2 people from the
-[Release Management group](https://about.gitlab.com/handbook/product/categories/#release-management-group).