Allow runners to be installed on group clusters

A runner installed on a cluster will now use the
cluster's `cluster_type` as its `runner_type`.

app/assets/javascripts/clusters/components/applications.vue

@@ -393,7 +393,6 @@ export default {
         <div slot="description" v-html="prometheusDescription"></div>
       </application-row>
       <application-row
-        v-if="isProjectCluster"
         id="runner"
         :logo-url="gitlabLogo"
         :title="applications.runner.title"
@@ -409,9 +408,9 @@ export default {
       >
         <div slot="description">
           {{
-            s__(`ClusterIntegration|GitLab Runner connects to this
-            project's repository and executes CI/CD jobs,
-            pushing results back and deploying,
+            s__(`ClusterIntegration|GitLab Runner connects to the
+            repository and executes CI/CD jobs,
+            pushing results back and deploying
             applications to production.`)
           }}
         </div>

app/models/clusters/applications/runner.rb

@@ -13,7 +13,7 @@ module Clusters
       include ::Clusters::Concerns::ApplicationData
 
       belongs_to :runner, class_name: 'Ci::Runner', foreign_key: :runner_id
-      delegate :project, to: :cluster
+      delegate :project, :group, to: :cluster
 
       default_value_for :version, VERSION
 
@@ -55,12 +55,17 @@ module Clusters
       end
 
       def runner_create_params
-        {
+        attributes = {
           name: 'kubernetes-cluster',
-          runner_type: :project_type,
-          tag_list: %w(kubernetes cluster),
-          projects: [project]
+          runner_type: cluster.cluster_type,
+          tag_list: %w[kubernetes cluster]
         }
+
+        if cluster.group_type?
+          attributes.merge(groups: [group])
+        elsif cluster.project_type?
+          attributes.merge(projects: [project])
+        end
       end
 
       def gitlab_url

app/services/clusters/applications/create_service.rb

@@ -13,7 +13,8 @@ module Clusters
         {
           "helm" => -> (cluster) { cluster.application_helm || cluster.build_application_helm },
           "ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress },
-          "cert_manager" => -> (cluster) { cluster.application_cert_manager || cluster.build_application_cert_manager }
+          "cert_manager" => -> (cluster) { cluster.application_cert_manager || cluster.build_application_cert_manager },
+          "runner" => -> (cluster) { cluster.application_runner || cluster.build_application_runner }
         }.tap do |hash|
           hash.merge!(project_builders) if cluster.project_type?
         end
@@ -24,7 +25,6 @@ module Clusters
       def project_builders
         {
           "prometheus" => -> (cluster) { cluster.application_prometheus || cluster.build_application_prometheus },
-          "runner" => -> (cluster) { cluster.application_runner || cluster.build_application_runner },
           "jupyter" => -> (cluster) { cluster.application_jupyter || cluster.build_application_jupyter },
           "knative" => -> (cluster) { cluster.application_knative || cluster.build_application_knative }
         }

changelogs/unreleased/51988-install-group-runner-on-group-cluster.yml

@@ -0,0 +1,5 @@
+---
+title: Support installing Group runner on group-level cluster
+merge_request: 26260
+author:
+type: added

doc/user/group/clusters/index.md

@@ -28,6 +28,7 @@ deployments.
 | [Helm Tiller](https://docs.helm.sh)                                        | 11.6+          | Helm is a package manager for Kubernetes and is required to install all the other applications. It is installed in its own pod inside the cluster which can run the `helm` CLI in a safe environment. | n/a |
 | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress) | 11.6+          | Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It acts as a web proxy for your applications and is useful if you want to use [Auto DevOps](../../../topics/autodevops/index.md) or deploy your own web apps. | [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) |
 | [Cert-Manager](https://docs.cert-manager.io/en/latest/) | 11.6+ | Cert-Manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing Cert-Manager on your cluster will issue a certificate by [Let's Encrypt](https://letsencrypt.org/) and ensure that certificates are valid and up-to-date. | [stable/cert-manager](https://github.com/helm/charts/tree/master/stable/cert-manager) |
+| [GitLab Runner](https://docs.gitlab.com/runner/) | 11.10+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](../../../ci/README.md), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) |
 
 NOTE: **Note:**
 Some [cluster
@@ -35,8 +36,6 @@ applications](../../project/clusters/index.md#installing-applications)
 are installable only for a project-level cluster. Support for installing these
 applications in a group-level cluster is planned for future releases. For updates, see:
 
-- Support installing [Runner in group-level
-  clusters](https://gitlab.com/gitlab-org/gitlab-ce/issues/51988)
 - Support installing [JupyterHub in group-level
   clusters](https://gitlab.com/gitlab-org/gitlab-ce/issues/51989)
 - Support installing [Prometheus in group-level

doc/user/project/clusters/index.md

@@ -343,8 +343,8 @@ by GitLab before installing any of the applications.
 | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | 10.2+ | Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It acts as a web proxy for your applications and is useful if you want to use [Auto DevOps] or deploy your own web apps. | [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) |
 | [Cert-Manager](https://docs.cert-manager.io/en/latest/) | 11.6+ | Cert-Manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing Cert-Manager on your cluster will issue a certificate by [Let's Encrypt](https://letsencrypt.org/) and ensure that certificates are valid and up-to-date. | [stable/cert-manager](https://github.com/helm/charts/tree/master/stable/cert-manager) |
 | [Prometheus](https://prometheus.io/docs/introduction/overview/) | 10.4+ | Prometheus is an open-source monitoring and alerting system useful to supervise your deployed applications. | [stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus) |
-| [GitLab Runner](https://docs.gitlab.com/runner/) | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](https://about.gitlab.com/features/gitlab-ci-cd/), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) |
-| [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use a [custom Jupyter image](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) that installs additional useful packages on top of the base Jupyter. Authentication will be enabled only for [project members](../members/index.md) with [Developer or higher](../../permissions.md) access to the project. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found in [our Nurtch documentation](runbooks/index.md#nurtch-executable-runbooks). | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) |
+| [GitLab Runner](https://docs.gitlab.com/runner/) | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](../../../ci/README.md), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) |
+| [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use a [custom Jupyter image](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) that installs additional useful packages on top of the base Jupyter. Authentication will be enabled only for [project members](../members/index.md) with [Developer or higher](../../permissions.md) access to the project. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found in [our Nurtch documentation](runbooks/index.md#nurtch-executable-runbooks). Note that Ingress must be installed and have an IP address assigned before JupyterHub can be installed. | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) |
 | [Knative](https://cloud.google.com/knative) | 11.5+ | Knative provides a platform to create, deploy, and manage serverless workloads from a Kubernetes cluster. It is used in conjunction with, and includes [Istio](https://istio.io) to provide an external IP address for all programs hosted by Knative. You will be prompted to enter a wildcard domain where your applications will be exposed. Configure your DNS server to use the external IP address for that domain. For any application created and installed, they will be accessible as `<program_name>.<kubernetes_namespace>.<domain_name>`. This will require your kubernetes cluster to have [RBAC enabled](#role-based-access-control-rbac). | [knative/knative](https://storage.googleapis.com/triggermesh-charts)
 
 With the exception of Knative, the applications will be installed in a dedicated

locale/gitlab.pot

@@ -1815,7 +1815,7 @@ msgstr ""
 msgid "ClusterIntegration|GitLab Runner"
 msgstr ""
 
-msgid "ClusterIntegration|GitLab Runner connects to this project's repository and executes CI/CD jobs, pushing results back and deploying, applications to production."
+msgid "ClusterIntegration|GitLab Runner connects to the repository and executes CI/CD jobs, pushing results back and deploying applications to production."
 msgstr ""
 
 msgid "ClusterIntegration|Google Cloud Platform project"

spec/javascripts/clusters/components/applications_spec.js

@@ -79,7 +79,7 @@ describe('Applications', () => {
     });
 
     it('renders a row for GitLab Runner', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-runner')).toBeNull();
+      expect(vm.$el.querySelector('.js-cluster-application-row-runner')).not.toBeNull();
     });
 
     it('renders a row for Jupyter', () => {

spec/models/clusters/applications/runner_spec.rb

@@ -64,24 +64,45 @@ describe Clusters::Applications::Runner do
     end
 
     context 'without a runner' do
-      let(:project) { create(:project) }
-      let(:cluster) { create(:cluster, :with_installed_helm, projects: [project]) }
       let(:application) { create(:clusters_applications_runner, runner: nil, cluster: cluster) }
+      let(:runner) { application.runner }
 
-      it 'creates a runner' do
-        expect do
+      shared_examples 'runner creation' do
+        it 'creates a runner' do
+          expect { subject }.to change { Ci::Runner.count }.by(1)
+        end
+
+        it 'uses the new runner token' do
+          expect(values).to match(/runnerToken: '?#{runner.token}/)
+        end
+      end
+
+      context 'project cluster' do
+        let(:project) { create(:project) }
+        let(:cluster) { create(:cluster, :with_installed_helm, projects: [project]) }
+
+        include_examples 'runner creation'
+
+        it 'creates a project runner' do
           subject
-        end.to change { Ci::Runner.count }.by(1)
+
+          expect(runner).to be_project_type
+          expect(runner.projects).to eq [project]
+        end
       end
 
-      it 'uses the new runner token' do
-        expect(values).to match(/runnerToken: '?#{application.reload.runner.token}/)
-      end
+      context 'group cluster' do
+        let(:group) { create(:group) }
+        let(:cluster) { create(:cluster, :with_installed_helm, cluster_type: :group_type, groups: [group]) }
 
-      it 'assigns the new runner to runner' do
-        subject
+        include_examples 'runner creation'
 
-        expect(application.reload.runner).to be_project_type
+        it 'creates a group runner' do
+          subject
+
+          expect(runner).to be_group_type
+          expect(runner.groups).to eq [group]
+        end
       end
     end
 

spec/services/clusters/applications/create_service_spec.rb

@@ -150,7 +150,7 @@ describe Clusters::Applications::CreateService do
       where(:application, :association, :allowed, :pre_create_helm) do
         'helm'       | :application_helm       | true | false
         'ingress'    | :application_ingress    | true | true
-        'runner'     | :application_runner     | false | true
+        'runner'     | :application_runner     | true | true
         'jupyter'    | :application_jupyter    | false | true
         'prometheus' | :application_prometheus | false | true
       end