1. You are here:
2. Engineering
3. Infrastructure
4. Team
5. GitLab Dedicated Group

Maintained by:

On this page

• Team
  • Mission
  • Vision
  • Performance Indicators
  • Team Members
  • Working with us
    • Handling Configuration Changes for Tenant Environments
    • Escalation Policy
  • How we work
    • Meetings and Scheduled Calls
    • GitLab Group Hierarchy
    • Project Management
      • Epic Hierarchy
      • Epic Owners
      • Epic Owner Responsibilities
      • Epic structure
      • Epic boards
      • Epic roadmap
    • Issue boards
    • Status Updates
      • Status Update Process
      • Status Update Automation
      • Reporting
    • Merge Requests
      • Priorities
      • Failed pipeline on the default branch
      • Merge request reviewers
      • Resolving threads on a merge-request
      • Merge Request Review Assignees
    • Labels
      • Epics labels
      • Workflow labels
      • Component labels
      • Launch milestone labels
      • Cloud Provider labels
    • Resources
  • History and trivia

Team

Mission

The GitLab Dedicated team's mission is to create a fully managed, single-tenant GitLab environment, served through a GitLab Dedicated platform. It is developed to remove any manual interactions with customer tenant installations, and to ensure that the customer tenants are fully focused on unlocking the power of The One DevOps Platform.

Vision

The GitLab Dedicated group is a customer facing team, with team members focused on a high level of infrastructure automation, and enabling customer interactions with the GitLab Dedicated platform.

Team mission is to:

• Develop a 100% automated system for provisioning a large number of single tenant GitLab sites
• Automate maintenance tasks without human interaction for the said sites
• Create and manage central observability stack, as well as observability stack per customer tenant
• Create customer portal (Switchboard), exposing administrative operations to customer tenants

Performance Indicators

Team performance indicators are not fully defined. We are going to consider a Provisioning SLO to start with, possibly followed by DORA 4 metrics.

Team Members

Engineering team members of GitLab Dedicated are publicly referenced with specialty for Environment Automation, Switchboard or US Public Sector Services team, based on their primary task.

The following people are members of the Dedicated:Environment Automation Team:

The following people are members of the Dedicated:US Public Sector Services Team:

The following people are members of the Dedicated:Switchboard Team:

Working with us

To engage with the GitLab Dedicated teams:

• Create an issue in the GitLab Dedicated team issue tracker (Note The issue tracker will be made public after work in epic 33 "Considerations for making Dedicated projects public" is completed)
  • For feature requests, use the feature_requests issue template and fill in the required information
• When creating an issue, it is not necessary to @mention anyone
• In case you want to get attention, use a specific team handle as defined in group hierarchy below
• Slack channels
  • For GitLab Dedicated specific questions, you can find us in #f_gitlab_dedicated
  • Engineering teams have their own work channels for team work discussions:
    • #g_dedicated-team
    • #g_dedicated-switchboard-team
    • #g_dedicated-us-pubsec
  • Our social channel is accessible to everyone who wants to casually interact with the team

Handling Configuration Changes for Tenant Environments

Customers require the ability to customize the configuration of their Dedicated instance before they are able to use it in a production setting. These customizations involve configuration changes to functionality already supported in Dedicated including infra-level settings like IP Allowlists and AWS PrivateLink configuration as well as GitLab application settings that cannot currently be self-served through the admin UI like SAML configuration changes.

To request functionality that is not currently supported within Dedicated, customers must open a feature request using the feature request issue template. To request functionality for the broader GitLab Application, customers can use the feature proposal template.

While in the long term, customer admins will be able to self-serve configuration changes via the Switchboard customer portal, in the short term during the Limited Availability period, SREs will need to make the change and deploy it to the customer's environment. This process is documented below.

• During Onboarding (pre instance handover)
  • We will make one SRE available to support a new customer as they are onboarding to the platform. The SRE will be available one week prior to the onboarding date (ie the start date specified in the customer contract) and make any needed configuration changes to the environment.
  • To request a configuration change during onboarding, customers can open a new issue in their shared collaboration project. The PM will take the customer request, create an issue within the Dedicated team project, assign the labels per project workflow, and @ mention the SRE in question. The SRE will assign the issue to themselves and perform the change.
  • Note, config changes during onboarding cannot be escalated to the Dedicated team as this is still before the contractual start date. See below for more information on our escalation policy.
• Post-instance handover
  • Any configuration changes needed after the start date will be batched and handled in the next available weekly maintenance window. The cut off to get changes in is 2 business days before the maintenance window begins.
  • We cannot make any guarantees that a config change will make it into a specific maintenance window. In cases where there is a large amount of work that may stretch beyond the 4 hour maintenance window, configuration changes may be pushed out to the following window. In such cases, this will be communicated on the request issue.
  • To request a configuration change after the initial onboarding, customers must create a support ticket. The assigned support engineer will then open a new issue in the Dedicated issue tracker with the request. The requester must ensure there is link to the ZD ticket in the internal issue for change control purposes. The SRE tasked with performing the next round of maintenance for this customer will reply on the issue with a rough ETA and again once the change has been deployed. If this is a change that requires development work, the SRE will raise to PM/EM.
  • Post-onboarding, escalating a config change requests is only possible for configuration that ensures that the tenant instance is online. "Business as usual" changes can only be scheduled well in advance using the customer Project Plan provided during onboarding. See more details about our escalation policy below.

Escalation Policy

When it comes to escalating customer support issues, we follow the same definitions of severity as provided by support since Dedicated customers receive priority support. Only in cases where there is an availability or security sev-1 event it can be escalated to Sev-1 at the Support level. 'Business as usual' configuration changes cannot be escalated to sev-1. In sev-1 cases we will involve our on-call, as these incidents may affect our Availability SLA commitments to the customer. Sev-2 and below will be handled by the team during normal business hours. Any fixes identified as part of a support ticket that must go out immediately will be considered "emergency maintenance" and can be done outside the normal maintenance window. All other fixes will be done during the next available maintenance window.

How we work

GitLab Dedicated is highly visible within GitLab and the broader market. It is also complex service offering. Consequently, the Dedicated team needs to manage its own work and stakeholder expectations - both external and internal. The following sections describe processes and tools that the team has adopted to work efficiently and effectively.

These processes matter because they provide a clear way to understand the state of the product and ongoing work as well as enable team members to fulfill their role.

A main goal in designing these processes is to make it possible for every team member working on any part of GitLab Dedicated to understand why their work matters and how it contributes to customer results.

It is critical that the following processes are understood by all team members and that we hold ourselves accountable.

Meetings and Scheduled Calls

Our preference is to work asynchronously, within our project issue tracker as described in the project management section.

The team does have a set of regular synchronous calls:

• Demo call - This call is on the agenda once per week. During this call, team members show off their progress, and engage with other team members on topics related to GitLab Dedicated platform. Demo calls are supposed to be rough around the edges and unpolished. In fact, if the demo looks polished, we will discuss whether we are being ambitious enough with our goals
• Team call - During this call, we are sharing important information for team-members day-to-day, as well as project items requiring a sync discussion
• 1-1s between the Individual Contributors and Engineering Managers

Impromptu Zoom meetings for discussing GitLab Dedicated work between individuals are created as needed. It is expected that these meetings are private streamed, or recorded(1*), and then uploaded to GitLab Unfiltered playlist. The outcome of the call is shared in a persistent location (Slack is not persistent). This is especially important as the team grows, because any decisions that are made in the early stage have will be questioned in the later stages when the team is larger.

1* Exceptions to the recording rule are: 1-1 calls, discussions around non-project work, and in cases where parties do not feel comfortable with recording. However, even with the exceptions, outcome of project related discussions need to be logged in a persistent location, such as the main issue tracker.

GitLab Group Hierarchy

We use GitLab Groups to logically organize team-members working on GitLab Dedicated projects. The groups cover the following use-cases:

1. GitLab Dedicated group membership: @gitlab-dedicated
   • All permanent team-members in any of the GitLab Dedicated teams should gain access to this GitLab group as part of onboarding
   • Group mention should only be used in circumstances where the information shared is pertinent for all team members of GitLab Dedicated group
2. Individual team group membership: @gitlab-dedicated/environment-automation, @gitlab-dedicated/switchboard, @gitlab-dedicated/uspubsec, etc.
   • All permanent team-members of individual teams should gain access to their respective GitLab group as part of onboarding
   • Group mention should be used when the information shared is pertinent to the respective team
3. Individual team GitLab groups have two additional subgroups maintainers and reviewers, e.g.: @gitlab-dedicated/switchboard/maintainers
   • reviewers GitLab group access is granted to permanent team-members, external contractors, team-members on borrows and similar. This GitLab group type is used to distinguish users without merge rights. Initial reviewes should be requested from this group, using the quick action, e.g. /assign_reviewer @gitlab-dedicated/switchboard/reviewers
   • maintainers GitLab group is granted to permantent team-members only. This group has merge rights, and the group is granted access through CODEOWNERS approval rules

Do note that the transition between reviewers and maintainers groups is still not fully defined, and this will be deifined as the team continues to grow. Currently, the founding team-members with a significant early contribution to the specific codebase and specific topic knowledge have been granted maintainers rights.

Project Management

We use epics, issues, and issue/epic boards to organize our work, as they complement each other.

The single source of truth for all GitLab Dedicated work across different functions is the top-level GitLab Dedicated epic.

The GitLab Dedicated epic contains a section that tracks the status all ongoing work. The tracker also references cross-functional initiatives that happen outside of R&D.

Epic Hierarchy

The GitLab Dedicated Limited Availability sub-epic contains all of the work necessary to meet requirements to exit Limited Availability.

We use sub-epics to break larger epics into smaller portions. These sub-epics are also mentioned in the Limited Availability Roadmap (i.e. Geo Phase 2 epic).

1. Sub-epics group tasks required to deliver an item mentioned
2. Sub-epics represent an item from the roadmap and are delivered in a specific phase
3. Sub-epics can span multiple months, but their end date should match the 'anticipated completion date' of the roadmap phase they are added to.

The diagram below shows an example of traversing the complete hierachy:

Note If you are not seeing the diagram, make sure that you have accepted all cookies.

Epic Owners

Each epic has a single DRI who is responsible for delivering the project. DRIs for each epic are listed at the top of the description of each epic per Epic Structure. Epic DRI responsibilities are in https://about.gitlab.com/handbook/engineering/infrastructure/team/gitlab-dedicated/#epic-owner-responsibilities

1. Engineering epic DRIs can be found within children epics of GitLab Dedicated - Limited Availability epic.
2. As a Top Cross-Functional Initiative, Dedicated has an Initiative DRI and Cross-Functional DRIs. Please see Dedicated Cross-Functional epic and its sub-epics for these DRIs .

Epic Owner Responsibilities

The DRI needs to:

1. Work with others to move issues through the boards
2. Ensure epic meets criteria outlined in Epic Structure
3. Provide updates on DRI's epic in epic description according to process outlined in Status Update Process below.
4. Follow process in epic roadmap if epic extends beyond its planned phase.

Epic structure

Each epic and child sub-epics must include the following:

Description (TBD make epic template)

1. DRI who is responsible for this epic.
2. Background, including a problem statement, to provide context for people looking to understand the epic.
3. Exit criteria for the specific goals of the epic.
4. Status yyyy-mm-dd should be the final heading in the description.
   1. This enables others who are interested in the epic to see the latest status without having to read through all comments or issues attached to the epic.
   2. This heading is used to auto-generate the status information on the top-level epic.

Epic meta data

1. Start date is set to the expected start date, and updated to be the actual start date when the project begins.
2. Due date is set to be the expected end date.
   1. The due date is set based on the Roadmap to exit Limited Availability
   2. The date that a project actually ended is taken from the date that the epic was closed.

Labels are described in the epic label section.

Epic boards

Epic boards are used to track the overall status of epics. We use the following epic boards:

1. TBD All epics labeled team::GitLab Dedicated with lanes set to scoped worfklow-infra labels
   1. This board allows a complete overview of the entire epic backlog
2. TBD All epics labeled team::GitLab Dedicated with lanes set to scoped Dedicated LA::phase* labels
   1. This board is a visualization of the the Roadmap to exit Limited Availability
3. TBD All epics team::GitLab Dedicated and workflow-infra::in progress with lanes set to scoped health labels
   1. This board highlights any risks with work in progress items.

Epic roadmap

All epics and sub-epics are set with due dates according to the the Roadmap to exit Limited Availability.

Limited Availability phases end and are closed on the 22nd of each phase's corresponding month.

Process to close phases:

1. After the 22nd of each month Product and Engineering DRIs work with Epic DRIs to determine any roadmap changes if an epic extends beyond the epic's planned phase from Limited Availability roadmap. For still-open epics:
   1. First try and close the epic, ideally by descoping the epic and creating a new epic or issue containing descoped work. Descoped work will be slotted into a future phase.
   2. If descoping is not possible, then the entire epic should be shifted to a future phase. In this case, the epic should show in every phase of Limited Availability roadmap that the epic was worked on. See Establish Availablility Targets in Phase 1, 2, and 3 as an example.
2. PM and EM then determine roadmap adjustments so that planned work in future phases remains realistic after shifting open work.
3. Roadmap changes are shared in the next weekly engineering/product sync as part of status update process.

Issue boards

Issue boards, such as Beta Development board track the progress of all ongoing work.

On this single board, the goal is to get issues from workflow-infra::Triage into the workflow-infra::Done state, within a product launch milestone. Each of the workflow labels have a special meaning described in the workflow labels section.

Status Updates

The status for all work relating to GitLab Dedicated is maintained in the description of the top-level GitLab Dedicated epic so that it is visible at a glance.

Status Update Process

Both Engineering Cross-Functional DRIs should provide weekly updates for the DRI's epics according to following process:

1. By 17:00 UTC / 12:00 PM ET on Fridays DRIs of active epics (or the person covering if DRI OOO) provide an update in the status section of the description of the epic regarding status of the epic including any relevant details of active sub-epics.
   • If the DRI for a sub-epic is different than the epic DRI, the epic DRI is responsible for getting updates from the sub-epic DRI.
   • Format for weekly update:
     • Date of Update (YYYY-MM-DD)
     • Brief update (~sentence or couple bullets) for each of these three bullets:
       • Progress since last update - Changes deployed to production, unblocked blockers, any other progress achieved.
       • Risk and Confidence - Any new blockers identified or existing blockers that persist? Any other challenges now or in the near future? How do these blockers and/or challenges affect our confidence of completing by scheduled due date from Phase timeline?
       • Mitigations - What is required to overcome challenges or blockers identified? Should this be escalated to other team members, teams, executives, or domain experts?
     • Update Workflow and Health label - After each status update, the Workflow label and Health label should be updated. See Epic labels criteria

2. Top-Level Epic Status Update automation synthesizes updates from status section from description of active epics to provide initiative status in the status section in the description of the top-level initiative Epic.

3. Weekly engineering/product sync at 16:30 UTC / 11:30 AM ET on Mondays Dedicated engineering/product meeting is used to discuss status updates and potential mitigations as necessary.
   1. After the 22nd of each month, a summary of the most recently completed phase and any roadmap changes is shared.

4. Status updates will be incorporated into initiative status updates and any initiative reporting in the following week.

5. By 23:00 UTC / 5:00 PM ET on Wednesdays Initiative DRI will share a summary of major items from the weekly initiative update in #ceo Slack Channel and link to the full update in the Initiative epic.

Status Update Automation

Status updates are auto-generated and added to description of GitLab Dedicated top-level epic using a bot running the epic issues summary project.

If no update has been provided in an epic or issue for over a week, the issue will automatically receive workflow-infra::stalled label. Engineering managers are responsible for reviewing the status of the issue and helping it move along.

Reporting

We provide reports on status of GitLab Dedicated to meet Top Cross-Functional Initiative requirements.

Merge Requests

GitLab Dedicated team respects the Company principle of everything starting with a merge request.

1. All Merge Requests (MRs) must go through the review process.
2. It is expected that MR author assigns reviewers once the MR is ready to go.
3. Unless otherwise explicitly noted in the MR description itself, it is expected from a first approver to also merge the MR they just approved for efficiency. Add **This MR should be approved by all approvers, last approver should merge.** as the first line in MR description to state the intention clearly.
4. Resolution of an open thread may be done by the author or any reviewer, based on their good-faith understanding that the comment has been adequately addressed; an approval while leaving open threads unresolved means the author or other reviewers are expected to manage those threads to completion.

The MR approval rule settings for all projects should be:

1. Prevent approval by author On ✔️
2. Prevent approvals by users who add commits On ✔️
3. Prevent editing approval rules in merge requests Off ❌ for emergencies allowing us to act in good faith when absolutely necessary
4. Remove all approvals when commits are added to the source branch Off ❌

Priorities

We are prioritising reviewing documentation merge requests above all other ones, until further notice. Every merge request documenting acquired knowledge (or concluded discussion) has an impact beyond only the people working on the project directly. In the early stages of building the product, many stakeholders have a need to find actual information quickly, and that means that every line documented increases efficiency of people working on the project as well as people contributing to the project indirectly as we enable more direct self-service.

Failed pipeline on the default branch

Having a passing pipeline (green build) on the default branch is very important. Failed pipeline (red build) causes delays in all MR's in progress targeting the default branch, and more importantly, it can cause significant regressions if new MR's are merged into it.

When a red build in the default branch is detected, the first course of action is to revert the MR that introduced failures. Reverting should be done even if it is more work. A couple of answers to the question "why?":

1. Ensuring that the build is green unblocks all other work in progress.
2. Reverts are safe and quick to do in most cases, and revert leaves a trail in project history. This makes future tracking simpler.
3. When fixing the problem that caused the red build, reviewing the fix in the context of the original change is easier for any reviewer.
4. It is not uncommon for a quick-fix to introduce more issues, thus creating a chain of quick-fixes that are hard to track in the context of the original change.
5. Fixing the problem that caused the red build is less stressful when other team members are not depending on the fix being available.

Merge request reviewers

Assign all developers of the relvant Dedicated team to all of the MRs that are due for review. Typcially it is not necessary to assign the whole @gitlab-dedicated group, so choose the approate group such as @gitlab-dedicated/environment-automation or @gitlab-dedicated/switchboard depending on the project. As the team grows this helps with determining signal vs noise. While it is OK for only two people to get the MR to the merged state (author + 1 reviewer), assigning everybody gives more exposure to the work in progress and gives a chance for more parties to provide feedback, leading to better quality overall. If the MR sits more than 1 day without receiving meaningful comments for review, MR author is encouraged to assign a particular reviewer to the MR with the aim to speed up the review process.

Resolving threads on a merge-request

As the merge request author, please don’t mark discussions resolved until the reviewer has had a chance to respond. In general, if the reviewer has not yet approved the MR, and the thread is non-trivial, don’t mark their comments as resolved, let the reviewer review your response and resolve accordingly during the next round of view. If they have approved the MR, but comments remain unresolved, it's generally fine to resolve comments before merging.

Merge Request Review Assignees

GitLab Dedicated follows the same pattern for author/reviewer assignment as the standard GitLab practice, documented in the Code Review Guidelines documentation.

This can be summarized as follows:

• Merge request authors and DRIs stay as Assignees
• Authors request a review from Reviewers when they are expected to review
• Reviewers remove themselves after they’re done reviewing/approving
• The last approver stays as Reviewer upon merging

Labels

Commonly used labels are:

1. The team label, team::GitLab Dedicated.
2. Scoped workflow-infra labels.
3. Scoped component labels.
4. Scoped cloud-provider labels.
5. Scoped Launch labels.

The team::GitLab Dedicated label is used in order to allow for easier filtering of issues applicable to the team that have group level labels applied.

Epics labels

Epics and child epics should contain the following labels:

1. A scoped label indicating the phase of the roadmap in which the epic is scheduled to be delivered epic e.g. Dedicated LA::Phase2
2. A scoped workflow-infra label
3. All relevant GitLab Dedicated team labels
4. If the epic is labeled workflow-infra::in progress, then a health status label should be applied. (health::on track, health::needs attention, health:at risk by the epic DRI. This label is regularly updated as part of status updates.)

Workflow labels

We leverage scoped workflow labels to track different stages of work.

In general, we want to see issues move from workflow-infra::Triage to workflow-infra::Ready stage to indicate that the submitted issue will go through for implementation. Once the issue is marked with workflow-infra::Ready, we are ready to work on the issue until we get the issue marked with workflow-infra::Done.

The standard progression of workflow is from top to bottom in the table below:

State Label	Description
	Default label added to issues created. Issues with this label need to be confirmed as work we would consider. If we don't want to consider the issue further, we mark it with workflow-infra::Cancelled and close it. If this issue does not need Product validation, and we are ready for implementation, issue is moved to workflow-infra::Ready. Otherwise, we move it to the next stage workflow-infra::Proposal.
	In this stage, proposal is being created and put forward for review with the rest of the team. Issues in this stage are also a part of Product validation workflow. If there are no further questions or blockers, the issue can be moved into "workflow-infra::Ready".
	The issue is waiting to be picked up for work.
	Issue is assigned to a DRI and work has started.
	Issue is updated with the outcome of the work that was done, and this label is applied and issue closed.

There are three other workflow labels of importance:

State Label	Description
	Work in the issue is being abandoned due to external factors or decision to not resolve the issue. After applying this label, issue will be closed.
	If no update has been provided in an issue for over a week, the issue will get this label. The team Engineering Manager is responsible for reviewing the status of the issue and helping it move along.
	Work is blocked due external dependencies or other external factors. Where possible, a blocking issue should also be set. After applying this label, issue will be regularly triaged by the team until the label can be removed.

Component labels

To denote different types of components and services we are working with, we leverage component:: scoped labels. By using these labels, we are able to track the distribution of work across different components which also allows us to change focus where needed. These labels are created on the GitLab Dedicated group level, since they are focused on work required specifically for GitLab Dedicated.

NOTE We do not use Service:: labels given that service labels are used by GitLab SaaS related projects.

Component labels with their description can be found by searching prioritized labels.

Launch milestone labels

In order to make GitLab Issue board easier to use, we also apply Launch:: scoped labels, denoting the Product launch milestones defined in the project readme. Launch labels indicate the intended milestone during which work can be executed (intention, not guarantee).

Valid options are one of:

1. Launch::Beta - Beta
2. Launch::LA - Limited Availability
3. Launch::GA - General Availability

These labels exist only because filtering by epic in GitLab issue boards does not include issues from sub-epics. We have an option of creating an epic board (listing all epics), or issue board per defined epic, but there is currently no way to centralise all issues within a parent epic's children epics.

Cloud Provider labels

These scoped labels are intended to distinguish generic work to everything made for a specific cloud provider.

Cloud Provider Label	Description
	Amazon Cloud specific implementation
	Google Cloud specific implementation

Resources

Resources used by the team to conduct work are described on the Development Resources Page.

History and trivia

• Name for Switchboard customer portal was suggested by @marin after he spent a day trying to figure out which mixing console (Also known as a switchboard/soundboard) to get for amateur music making. He didn't buy anything, but the suggestion was accepted.
• Name for Amp management cluster was suggested by @ccasella, as it is the instance that is "powering" supply of other instances.