Commit 5142bd73 authored by James Fargher's avatar James Fargher Committed by Kamil Trzciński

Install cert-manager v0.9.1

This does not support upgrading from earlier versions
parent e668b1e2
...@@ -3,7 +3,8 @@ ...@@ -3,7 +3,8 @@
module Clusters module Clusters
module Applications module Applications
class CertManager < ApplicationRecord class CertManager < ApplicationRecord
VERSION = 'v0.5.2'.freeze VERSION = 'v0.9.1'
CRD_VERSION = '0.9'
self.table_name = 'clusters_applications_cert_managers' self.table_name = 'clusters_applications_cert_managers'
...@@ -21,16 +22,22 @@ module Clusters ...@@ -21,16 +22,22 @@ module Clusters
validates :email, presence: true validates :email, presence: true
def chart def chart
'stable/cert-manager' 'certmanager/cert-manager'
end
def repository
'https://charts.jetstack.io'
end end
def install_command def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new( Gitlab::Kubernetes::Helm::InstallCommand.new(
name: 'certmanager', name: 'certmanager',
repository: repository,
version: VERSION, version: VERSION,
rbac: cluster.platform_kubernetes_rbac?, rbac: cluster.platform_kubernetes_rbac?,
chart: chart, chart: chart,
files: files.merge(cluster_issuer_file), files: files.merge(cluster_issuer_file),
preinstall: pre_install_script,
postinstall: post_install_script postinstall: post_install_script
) )
end end
...@@ -46,16 +53,30 @@ module Clusters ...@@ -46,16 +53,30 @@ module Clusters
private private
def pre_install_script
[
apply_file("https://raw.githubusercontent.com/jetstack/cert-manager/release-#{CRD_VERSION}/deploy/manifests/00-crds.yaml"),
"kubectl label --overwrite namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} certmanager.k8s.io/disable-validation=true"
]
end
def post_install_script def post_install_script
["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"] [retry_command(apply_file('/data/helm/certmanager/config/cluster_issuer.yaml'))]
end
def retry_command(command)
"for i in $(seq 1 30); do #{command} && break; sleep 1s; echo \"Retrying ($i)...\"; done"
end end
def post_delete_script def post_delete_script
[ [
delete_private_key, delete_private_key,
delete_crd('certificates.certmanager.k8s.io'), delete_crd('certificates.certmanager.k8s.io'),
delete_crd('certificaterequests.certmanager.k8s.io'),
delete_crd('challenges.certmanager.k8s.io'),
delete_crd('clusterissuers.certmanager.k8s.io'), delete_crd('clusterissuers.certmanager.k8s.io'),
delete_crd('issuers.certmanager.k8s.io') delete_crd('issuers.certmanager.k8s.io'),
delete_crd('orders.certmanager.k8s.io')
].compact ].compact
end end
...@@ -75,6 +96,10 @@ module Clusters ...@@ -75,6 +96,10 @@ module Clusters
Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found") Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found")
end end
def apply_file(filename)
Gitlab::Kubernetes::KubectlCmd.apply_file(filename)
end
def cluster_issuer_file def cluster_issuer_file
{ {
'cluster_issuer.yaml': cluster_issuer_yaml_content 'cluster_issuer.yaml': cluster_issuer_yaml_content
......
---
title: Install cert-manager v0.9.1
merge_request: 32243
author:
type: changed
...@@ -44,11 +44,18 @@ describe Clusters::Applications::CertManager do ...@@ -44,11 +44,18 @@ describe Clusters::Applications::CertManager do
it 'is initialized with cert_manager arguments' do it 'is initialized with cert_manager arguments' do
expect(subject.name).to eq('certmanager') expect(subject.name).to eq('certmanager')
expect(subject.chart).to eq('stable/cert-manager') expect(subject.chart).to eq('certmanager/cert-manager')
expect(subject.version).to eq('v0.5.2') expect(subject.repository).to eq('https://charts.jetstack.io')
expect(subject.version).to eq('v0.9.1')
expect(subject).to be_rbac expect(subject).to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file)) expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
expect(subject.postinstall).to eq(['kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml']) expect(subject.preinstall).to eq([
'kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml',
'kubectl label --overwrite namespace gitlab-managed-apps certmanager.k8s.io/disable-validation=true'
])
expect(subject.postinstall).to eq([
'for i in $(seq 1 30); do kubectl apply -f /data/helm/certmanager/config/cluster_issuer.yaml && break; sleep 1s; echo "Retrying ($i)..."; done'
])
end end
context 'for a specific user' do context 'for a specific user' do
...@@ -75,7 +82,7 @@ describe Clusters::Applications::CertManager do ...@@ -75,7 +82,7 @@ describe Clusters::Applications::CertManager do
let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') } let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') }
it 'is initialized with the locked version' do it 'is initialized with the locked version' do
expect(subject.version).to eq('v0.5.2') expect(subject.version).to eq('v0.9.1')
end end
end end
end end
...@@ -93,10 +100,13 @@ describe Clusters::Applications::CertManager do ...@@ -93,10 +100,13 @@ describe Clusters::Applications::CertManager do
it 'specifies a post delete command to remove custom resource definitions' do it 'specifies a post delete command to remove custom resource definitions' do
expect(subject.postdelete).to eq([ expect(subject.postdelete).to eq([
"kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found", 'kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found',
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found', 'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found', 'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found' 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
]) ])
end end
...@@ -111,8 +121,11 @@ describe Clusters::Applications::CertManager do ...@@ -111,8 +121,11 @@ describe Clusters::Applications::CertManager do
it 'does not try and delete the secret' do it 'does not try and delete the secret' do
expect(subject.postdelete).to eq([ expect(subject.postdelete).to eq([
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found', 'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found', 'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found' 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
]) ])
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment