Commit 9c98e2a9 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'certmanager-temp' into 'master'

Deploy cert-manager to managed cluster for SSL certificates

See merge request gitlab-org/gitlab-ce!23036
parents 52ca66fc c3041b7f
...@@ -26,6 +26,7 @@ export default class Clusters { ...@@ -26,6 +26,7 @@ export default class Clusters {
statusPath, statusPath,
installHelmPath, installHelmPath,
installIngressPath, installIngressPath,
installCertManagerPath,
installRunnerPath, installRunnerPath,
installJupyterPath, installJupyterPath,
installKnativePath, installKnativePath,
...@@ -48,6 +49,7 @@ export default class Clusters { ...@@ -48,6 +49,7 @@ export default class Clusters {
endpoint: statusPath, endpoint: statusPath,
installHelmEndpoint: installHelmPath, installHelmEndpoint: installHelmPath,
installIngressEndpoint: installIngressPath, installIngressEndpoint: installIngressPath,
installCertManagerEndpoint: installCertManagerPath,
installRunnerEndpoint: installRunnerPath, installRunnerEndpoint: installRunnerPath,
installPrometheusEndpoint: installPrometheusPath, installPrometheusEndpoint: installPrometheusPath,
installJupyterEndpoint: installJupyterPath, installJupyterEndpoint: installJupyterPath,
......
...@@ -7,6 +7,7 @@ import helmLogo from 'images/cluster_app_logos/helm.png'; ...@@ -7,6 +7,7 @@ import helmLogo from 'images/cluster_app_logos/helm.png';
import jeagerLogo from 'images/cluster_app_logos/jeager.png'; import jeagerLogo from 'images/cluster_app_logos/jeager.png';
import jupyterhubLogo from 'images/cluster_app_logos/jupyterhub.png'; import jupyterhubLogo from 'images/cluster_app_logos/jupyterhub.png';
import kubernetesLogo from 'images/cluster_app_logos/kubernetes.png'; import kubernetesLogo from 'images/cluster_app_logos/kubernetes.png';
import certManagerLogo from 'images/cluster_app_logos/cert_manager.png';
import knativeLogo from 'images/cluster_app_logos/knative.png'; import knativeLogo from 'images/cluster_app_logos/knative.png';
import meltanoLogo from 'images/cluster_app_logos/meltano.png'; import meltanoLogo from 'images/cluster_app_logos/meltano.png';
import prometheusLogo from 'images/cluster_app_logos/prometheus.png'; import prometheusLogo from 'images/cluster_app_logos/prometheus.png';
...@@ -59,6 +60,7 @@ export default { ...@@ -59,6 +60,7 @@ export default {
jeagerLogo, jeagerLogo,
jupyterhubLogo, jupyterhubLogo,
kubernetesLogo, kubernetesLogo,
certManagerLogo,
knativeLogo, knativeLogo,
meltanoLogo, meltanoLogo,
prometheusLogo, prometheusLogo,
...@@ -124,6 +126,23 @@ export default { ...@@ -124,6 +126,23 @@ export default {
</p> </p>
`; `;
}, },
certManagerDescription() {
return sprintf(
_.escape(
s__(
`ClusterIntegration|cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates.
Installing cert-manager on your cluster will issue a certificate by %{letsEncrypt} and ensure that certificates
are valid and up to date.`,
),
),
{
letsEncrypt: `<a href="https://letsencrypt.org/"
target="_blank" rel="noopener noreferrer">
${_.escape(s__("ClusterIntegration|Let's Encrypt"))}</a>`,
},
false,
);
},
prometheusDescription() { prometheusDescription() {
return sprintf( return sprintf(
_.escape( _.escape(
...@@ -265,6 +284,24 @@ export default { ...@@ -265,6 +284,24 @@ export default {
<div v-html="ingressDescription"></div> <div v-html="ingressDescription"></div>
</div> </div>
</application-row> </application-row>
<application-row
id="cert_manager"
:logo-url="certManagerLogo"
:title="applications.cert_manager.title"
:status="applications.cert_manager.status"
:status-reason="applications.cert_manager.statusReason"
:request-status="applications.cert_manager.requestStatus"
:request-reason="applications.cert_manager.requestReason"
:disabled="!helmInstalled"
class="hide-bottom-border rounded-bottom"
title-link="https://cert-manager.readthedocs.io/en/latest/#"
>
<div
slot="description"
v-html="certManagerDescription"
>
</div>
</application-row>
<application-row <application-row
v-if="isProjectCluster" v-if="isProjectCluster"
id="prometheus" id="prometheus"
......
...@@ -6,6 +6,7 @@ export default class ClusterService { ...@@ -6,6 +6,7 @@ export default class ClusterService {
this.appInstallEndpointMap = { this.appInstallEndpointMap = {
helm: this.options.installHelmEndpoint, helm: this.options.installHelmEndpoint,
ingress: this.options.installIngressEndpoint, ingress: this.options.installIngressEndpoint,
cert_manager: this.options.installCertManagerEndpoint,
runner: this.options.installRunnerEndpoint, runner: this.options.installRunnerEndpoint,
prometheus: this.options.installPrometheusEndpoint, prometheus: this.options.installPrometheusEndpoint,
jupyter: this.options.installJupyterEndpoint, jupyter: this.options.installJupyterEndpoint,
......
...@@ -24,6 +24,13 @@ export default class ClusterStore { ...@@ -24,6 +24,13 @@ export default class ClusterStore {
requestReason: null, requestReason: null,
externalIp: null, externalIp: null,
}, },
cert_manager: {
title: s__('ClusterIntegration|Cert-Manager'),
status: null,
statusReason: null,
requestStatus: null,
requestReason: null,
},
runner: { runner: {
title: s__('ClusterIntegration|GitLab Runner'), title: s__('ClusterIntegration|GitLab Runner'),
status: null, status: null,
......
# frozen_string_literal: true
module Clusters
module Applications
class CertManager < ActiveRecord::Base
VERSION = 'v0.5.0'.freeze
self.table_name = 'clusters_applications_cert_managers'
include ::Clusters::Concerns::ApplicationCore
include ::Clusters::Concerns::ApplicationStatus
include ::Clusters::Concerns::ApplicationVersion
include ::Clusters::Concerns::ApplicationData
default_value_for :version, VERSION
validates :email, presence: true
def chart
'stable/cert-manager'
end
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
name: 'certmanager',
version: VERSION,
rbac: cluster.platform_kubernetes_rbac?,
chart: chart,
files: files.merge(cluster_issuer_file),
postinstall: post_install_script
)
end
private
def post_install_script
["/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
end
def cluster_issuer_file
{
'cluster_issuer.yaml': cluster_issuer_yaml_content
}
end
def cluster_issuer_yaml_content
YAML.dump(cluster_issuer_content.deep_merge(cluster_issue_overlay))
end
def cluster_issuer_content
YAML.safe_load(File.read(cluster_issuer_file_path))
end
def cluster_issue_overlay
{ "spec" => { "acme" => { "email" => self.email } } }
end
def cluster_issuer_file_path
Rails.root.join('vendor', 'cert_manager', 'cluster_issuer.yaml')
end
end
end
end
...@@ -10,6 +10,7 @@ module Clusters ...@@ -10,6 +10,7 @@ module Clusters
APPLICATIONS = { APPLICATIONS = {
Applications::Helm.application_name => Applications::Helm, Applications::Helm.application_name => Applications::Helm,
Applications::Ingress.application_name => Applications::Ingress, Applications::Ingress.application_name => Applications::Ingress,
Applications::CertManager.application_name => Applications::CertManager,
Applications::Prometheus.application_name => Applications::Prometheus, Applications::Prometheus.application_name => Applications::Prometheus,
Applications::Runner.application_name => Applications::Runner, Applications::Runner.application_name => Applications::Runner,
Applications::Jupyter.application_name => Applications::Jupyter, Applications::Jupyter.application_name => Applications::Jupyter,
...@@ -33,6 +34,7 @@ module Clusters ...@@ -33,6 +34,7 @@ module Clusters
has_one :application_helm, class_name: 'Clusters::Applications::Helm' has_one :application_helm, class_name: 'Clusters::Applications::Helm'
has_one :application_ingress, class_name: 'Clusters::Applications::Ingress' has_one :application_ingress, class_name: 'Clusters::Applications::Ingress'
has_one :application_cert_manager, class_name: 'Clusters::Applications::CertManager'
has_one :application_prometheus, class_name: 'Clusters::Applications::Prometheus' has_one :application_prometheus, class_name: 'Clusters::Applications::Prometheus'
has_one :application_runner, class_name: 'Clusters::Applications::Runner' has_one :application_runner, class_name: 'Clusters::Applications::Runner'
has_one :application_jupyter, class_name: 'Clusters::Applications::Jupyter' has_one :application_jupyter, class_name: 'Clusters::Applications::Jupyter'
...@@ -100,6 +102,7 @@ module Clusters ...@@ -100,6 +102,7 @@ module Clusters
[ [
application_helm || build_application_helm, application_helm || build_application_helm,
application_ingress || build_application_ingress, application_ingress || build_application_ingress,
application_cert_manager || build_application_cert_manager,
application_prometheus || build_application_prometheus, application_prometheus || build_application_prometheus,
application_runner || build_application_runner, application_runner || build_application_runner,
application_jupyter || build_application_jupyter, application_jupyter || build_application_jupyter,
......
...@@ -19,6 +19,10 @@ module Clusters ...@@ -19,6 +19,10 @@ module Clusters
application.hostname = params[:hostname] application.hostname = params[:hostname]
end end
if application.has_attribute?(:email)
application.email = current_user.email
end
if application.respond_to?(:oauth_application) if application.respond_to?(:oauth_application)
application.oauth_application = create_oauth_application(application, request) application.oauth_application = create_oauth_application(application, request)
end end
...@@ -42,7 +46,8 @@ module Clusters ...@@ -42,7 +46,8 @@ module Clusters
def builders def builders
{ {
"helm" => -> (cluster) { cluster.application_helm || cluster.build_application_helm }, "helm" => -> (cluster) { cluster.application_helm || cluster.build_application_helm },
"ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress } "ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress },
"cert_manager" => -> (cluster) { cluster.application_cert_manager || cluster.build_application_cert_manager }
}.tap do |hash| }.tap do |hash|
hash.merge!(project_builders) if cluster.project_type? hash.merge!(project_builders) if cluster.project_type?
end end
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
.edit-cluster-form.js-edit-cluster-form{ data: { status_path: status_path, .edit-cluster-form.js-edit-cluster-form{ data: { status_path: status_path,
install_helm_path: clusterable.install_applications_cluster_path(@cluster, :helm), install_helm_path: clusterable.install_applications_cluster_path(@cluster, :helm),
install_ingress_path: clusterable.install_applications_cluster_path(@cluster, :ingress), install_ingress_path: clusterable.install_applications_cluster_path(@cluster, :ingress),
install_cert_manager_path: clusterable.install_applications_cluster_path(@cluster, :cert_manager),
install_prometheus_path: clusterable.install_applications_cluster_path(@cluster, :prometheus), install_prometheus_path: clusterable.install_applications_cluster_path(@cluster, :prometheus),
install_runner_path: clusterable.install_applications_cluster_path(@cluster, :runner), install_runner_path: clusterable.install_applications_cluster_path(@cluster, :runner),
install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter), install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter),
......
---
title: "#40635: Adds support for cert-manager"
merge_request: 23036
author: Amit Rathi
type: added
# frozen_string_literal: true
class CreateClustersApplicationsCertManager < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
create_table :clusters_applications_cert_managers do |t|
t.references :cluster, null: false, index: false, foreign_key: { on_delete: :cascade }
t.integer :status, null: false
t.string :version, null: false
t.string :email, null: false
t.timestamps_with_timezone null: false
t.text :status_reason
t.index :cluster_id, unique: true
end
end
end
...@@ -640,6 +640,17 @@ ActiveRecord::Schema.define(version: 20181112103239) do ...@@ -640,6 +640,17 @@ ActiveRecord::Schema.define(version: 20181112103239) do
t.index ["user_id"], name: "index_clusters_on_user_id", using: :btree t.index ["user_id"], name: "index_clusters_on_user_id", using: :btree
end end
create_table "clusters_applications_cert_managers", force: :cascade do |t|
t.integer "cluster_id", null: false
t.integer "status", null: false
t.string "version", null: false
t.string "email", null: false
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
t.text "status_reason"
t.index ["cluster_id"], name: "index_clusters_applications_cert_managers_on_cluster_id", unique: true, using: :btree
end
create_table "clusters_applications_helm", force: :cascade do |t| create_table "clusters_applications_helm", force: :cascade do |t|
t.integer "cluster_id", null: false t.integer "cluster_id", null: false
t.datetime_with_timezone "created_at", null: false t.datetime_with_timezone "created_at", null: false
...@@ -2288,6 +2299,7 @@ ActiveRecord::Schema.define(version: 20181112103239) do ...@@ -2288,6 +2299,7 @@ ActiveRecord::Schema.define(version: 20181112103239) do
add_foreign_key "cluster_projects", "projects", on_delete: :cascade add_foreign_key "cluster_projects", "projects", on_delete: :cascade
add_foreign_key "cluster_providers_gcp", "clusters", on_delete: :cascade add_foreign_key "cluster_providers_gcp", "clusters", on_delete: :cascade
add_foreign_key "clusters", "users", on_delete: :nullify add_foreign_key "clusters", "users", on_delete: :nullify
add_foreign_key "clusters_applications_cert_managers", "clusters", on_delete: :cascade
add_foreign_key "clusters_applications_helm", "clusters", on_delete: :cascade add_foreign_key "clusters_applications_helm", "clusters", on_delete: :cascade
add_foreign_key "clusters_applications_ingress", "clusters", name: "fk_753a7b41c1", on_delete: :cascade add_foreign_key "clusters_applications_ingress", "clusters", name: "fk_753a7b41c1", on_delete: :cascade
add_foreign_key "clusters_applications_jupyter", "clusters", on_delete: :cascade add_foreign_key "clusters_applications_jupyter", "clusters", on_delete: :cascade
......
...@@ -225,6 +225,7 @@ twice, which can lead to confusion during deployments. ...@@ -225,6 +225,7 @@ twice, which can lead to confusion during deployments.
| ----------- | :------------: | ----------- | --------------- | | ----------- | :------------: | ----------- | --------------- |
| [Helm Tiller](https://docs.helm.sh/) | 10.2+ | Helm is a package manager for Kubernetes and is required to install all the other applications. It is installed in its own pod inside the cluster which can run the `helm` CLI in a safe environment. | n/a | | [Helm Tiller](https://docs.helm.sh/) | 10.2+ | Helm is a package manager for Kubernetes and is required to install all the other applications. It is installed in its own pod inside the cluster which can run the `helm` CLI in a safe environment. | n/a |
| [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | 10.2+ | Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It acts as a web proxy for your applications and is useful if you want to use [Auto DevOps] or deploy your own web apps. | [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) | | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | 10.2+ | Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It acts as a web proxy for your applications and is useful if you want to use [Auto DevOps] or deploy your own web apps. | [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) |
| [Cert Manager](http://docs.cert-manager.io/en/latest/) | 11.6+ | Cert Manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing Cert Manager on your cluster will issue a certificate by [Let's Encrypt](https://letsencrypt.org/) and ensure that certificates are valid and up to date. The email address used by Let's Encrypt registration will be taken from the GitLab user that installed Cert Manager on the cluster. | [stable/cert-manager](https://github.com/helm/charts/tree/master/stable/cert-manager) |
| [Prometheus](https://prometheus.io/docs/introduction/overview/) | 10.4+ | Prometheus is an open-source monitoring and alerting system useful to supervise your deployed applications. | [stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus) | | [Prometheus](https://prometheus.io/docs/introduction/overview/) | 10.4+ | Prometheus is an open-source monitoring and alerting system useful to supervise your deployed applications. | [stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus) |
| [GitLab Runner](https://docs.gitlab.com/runner/) | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](https://about.gitlab.com/features/gitlab-ci-cd/), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) | | [GitLab Runner](https://docs.gitlab.com/runner/) | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](https://about.gitlab.com/features/gitlab-ci-cd/), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) |
| [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use [this](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) custom Jupyter image that installs additional useful packages on top of the base Jupyter. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found at [Nurtch Documentation](http://docs.nurtch.com/en/latest). **Note**: Authentication will be enabled for any user of the GitLab server via OAuth2. HTTPS will be supported in a future release. | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) | | [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use [this](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) custom Jupyter image that installs additional useful packages on top of the base Jupyter. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found at [Nurtch Documentation](http://docs.nurtch.com/en/latest). **Note**: Authentication will be enabled for any user of the GitLab server via OAuth2. HTTPS will be supported in a future release. | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) |
......
...@@ -64,17 +64,17 @@ module Gitlab ...@@ -64,17 +64,17 @@ module Gitlab
name_flag + name_flag +
optional_tls_flags + optional_tls_flags +
optional_version_flag + optional_version_flag +
optional_rbac_create_flag + rbac_create_flag +
namespace_flag + namespace_flag +
value_flag value_flag
end end
def optional_rbac_create_flag def rbac_create_flag
return [] unless rbac? if rbac?
# jupyterhub helm chart is using rbac.enabled
# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/tree/master/jupyterhub
%w[--set rbac.create=true,rbac.enabled=true] %w[--set rbac.create=true,rbac.enabled=true]
else
%w[--set rbac.create=false,rbac.enabled=false]
end
end end
def optional_version_flag def optional_version_flag
......
...@@ -60,6 +60,7 @@ module Gitlab ...@@ -60,6 +60,7 @@ module Gitlab
clusters_platforms_user: count(::Clusters::Cluster.user_provided.enabled), clusters_platforms_user: count(::Clusters::Cluster.user_provided.enabled),
clusters_applications_helm: count(::Clusters::Applications::Helm.installed), clusters_applications_helm: count(::Clusters::Applications::Helm.installed),
clusters_applications_ingress: count(::Clusters::Applications::Ingress.installed), clusters_applications_ingress: count(::Clusters::Applications::Ingress.installed),
clusters_applications_cert_managers: count(::Clusters::Applications::CertManager.installed),
clusters_applications_prometheus: count(::Clusters::Applications::Prometheus.installed), clusters_applications_prometheus: count(::Clusters::Applications::Prometheus.installed),
clusters_applications_runner: count(::Clusters::Applications::Runner.installed), clusters_applications_runner: count(::Clusters::Applications::Runner.installed),
clusters_applications_knative: count(::Clusters::Applications::Knative.installed), clusters_applications_knative: count(::Clusters::Applications::Knative.installed),
......
...@@ -1415,6 +1415,9 @@ msgstr "" ...@@ -1415,6 +1415,9 @@ msgstr ""
msgid "ClusterIntegration|CA Certificate" msgid "ClusterIntegration|CA Certificate"
msgstr "" msgstr ""
msgid "ClusterIntegration|Cert-Manager"
msgstr ""
msgid "ClusterIntegration|Certificate Authority bundle (PEM format)" msgid "ClusterIntegration|Certificate Authority bundle (PEM format)"
msgstr "" msgstr ""
...@@ -1574,6 +1577,9 @@ msgstr "" ...@@ -1574,6 +1577,9 @@ msgstr ""
msgid "ClusterIntegration|Learn more about group Kubernetes clusters" msgid "ClusterIntegration|Learn more about group Kubernetes clusters"
msgstr "" msgstr ""
msgid "ClusterIntegration|Let's Encrypt"
msgstr ""
msgid "ClusterIntegration|Machine type" msgid "ClusterIntegration|Machine type"
msgstr "" msgstr ""
...@@ -1736,6 +1742,9 @@ msgstr "" ...@@ -1736,6 +1742,9 @@ msgstr ""
msgid "ClusterIntegration|access to Google Kubernetes Engine" msgid "ClusterIntegration|access to Google Kubernetes Engine"
msgstr "" msgstr ""
msgid "ClusterIntegration|cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing cert-manager on your cluster will issue a certificate by %{letsEncrypt} and ensure that certificates are valid and up to date."
msgstr ""
msgid "ClusterIntegration|check the pricing here" msgid "ClusterIntegration|check the pricing here"
msgstr "" msgstr ""
......
...@@ -49,6 +49,11 @@ FactoryBot.define do ...@@ -49,6 +49,11 @@ FactoryBot.define do
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
end end
factory :clusters_applications_cert_managers, class: Clusters::Applications::CertManager do
email 'admin@example.com'
cluster factory: %i(cluster with_installed_helm provided_by_gcp)
end
factory :clusters_applications_prometheus, class: Clusters::Applications::Prometheus do factory :clusters_applications_prometheus, class: Clusters::Applications::Prometheus do
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
end end
......
...@@ -20,6 +20,7 @@ describe('Applications', () => { ...@@ -20,6 +20,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller' }, helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' }, ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub' }, jupyter: { title: 'JupyterHub' },
...@@ -36,6 +37,10 @@ describe('Applications', () => { ...@@ -36,6 +37,10 @@ describe('Applications', () => {
expect(vm.$el.querySelector('.js-cluster-application-row-ingress')).toBeDefined(); expect(vm.$el.querySelector('.js-cluster-application-row-ingress')).toBeDefined();
}); });
it('renders a row for Cert-Manager', () => {
expect(vm.$el.querySelector('.js-cluster-application-row-cert_manager')).toBeDefined();
});
it('renders a row for Prometheus', () => { it('renders a row for Prometheus', () => {
expect(vm.$el.querySelector('.js-cluster-application-row-prometheus')).toBeDefined(); expect(vm.$el.querySelector('.js-cluster-application-row-prometheus')).toBeDefined();
}); });
...@@ -65,6 +70,7 @@ describe('Applications', () => { ...@@ -65,6 +70,7 @@ describe('Applications', () => {
externalIp: '0.0.0.0', externalIp: '0.0.0.0',
}, },
helm: { title: 'Helm Tiller' }, helm: { title: 'Helm Tiller' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' }, jupyter: { title: 'JupyterHub', hostname: '' },
...@@ -89,6 +95,7 @@ describe('Applications', () => { ...@@ -89,6 +95,7 @@ describe('Applications', () => {
status: 'installed', status: 'installed',
}, },
helm: { title: 'Helm Tiller' }, helm: { title: 'Helm Tiller' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' }, jupyter: { title: 'JupyterHub', hostname: '' },
...@@ -109,6 +116,7 @@ describe('Applications', () => { ...@@ -109,6 +116,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller' }, helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' }, ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' }, jupyter: { title: 'JupyterHub', hostname: '' },
...@@ -128,6 +136,7 @@ describe('Applications', () => { ...@@ -128,6 +136,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller', status: 'installed' }, helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed', externalIp: '1.1.1.1' }, ingress: { title: 'Ingress', status: 'installed', externalIp: '1.1.1.1' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' }, jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' },
...@@ -145,6 +154,7 @@ describe('Applications', () => { ...@@ -145,6 +154,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller', status: 'installed' }, helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed' }, ingress: { title: 'Ingress', status: 'installed' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' }, jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' },
...@@ -162,6 +172,7 @@ describe('Applications', () => { ...@@ -162,6 +172,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller', status: 'installed' }, helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed', externalIp: '1.1.1.1' }, ingress: { title: 'Ingress', status: 'installed', externalIp: '1.1.1.1' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', status: 'installed', hostname: '' }, jupyter: { title: 'JupyterHub', status: 'installed', hostname: '' },
...@@ -179,6 +190,7 @@ describe('Applications', () => { ...@@ -179,6 +190,7 @@ describe('Applications', () => {
applications: { applications: {
helm: { title: 'Helm Tiller' }, helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' }, ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' }, runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' }, prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', status: 'not_installable' }, jupyter: { title: 'JupyterHub', status: 'not_installable' },
......
...@@ -38,6 +38,11 @@ const CLUSTERS_MOCK_DATA = { ...@@ -38,6 +38,11 @@ const CLUSTERS_MOCK_DATA = {
status: APPLICATION_STATUS.INSTALLING, status: APPLICATION_STATUS.INSTALLING,
status_reason: 'Cannot connect', status_reason: 'Cannot connect',
}, },
{
name: 'cert_manager',
status: APPLICATION_STATUS.ERROR,
status_reason: 'Cannot connect',
},
], ],
}, },
}, },
...@@ -77,6 +82,11 @@ const CLUSTERS_MOCK_DATA = { ...@@ -77,6 +82,11 @@ const CLUSTERS_MOCK_DATA = {
status: APPLICATION_STATUS.INSTALLABLE, status: APPLICATION_STATUS.INSTALLABLE,
status_reason: 'Cannot connect', status_reason: 'Cannot connect',
}, },
{
name: 'cert_manager',
status: APPLICATION_STATUS.ERROR,
status_reason: 'Cannot connect',
},
], ],
}, },
}, },
...@@ -84,6 +94,7 @@ const CLUSTERS_MOCK_DATA = { ...@@ -84,6 +94,7 @@ const CLUSTERS_MOCK_DATA = {
POST: { POST: {
'/gitlab-org/gitlab-shell/clusters/1/applications/helm': {}, '/gitlab-org/gitlab-shell/clusters/1/applications/helm': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/ingress': {}, '/gitlab-org/gitlab-shell/clusters/1/applications/ingress': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/cert_manager': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/runner': {}, '/gitlab-org/gitlab-shell/clusters/1/applications/runner': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/prometheus': {}, '/gitlab-org/gitlab-shell/clusters/1/applications/prometheus': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/jupyter': {}, '/gitlab-org/gitlab-shell/clusters/1/applications/jupyter': {},
......
...@@ -108,6 +108,13 @@ describe('Clusters Store', () => { ...@@ -108,6 +108,13 @@ describe('Clusters Store', () => {
requestReason: null, requestReason: null,
hostname: null, hostname: null,
}, },
cert_manager: {
title: 'Cert-Manager',
status: mockResponseData.applications[6].status,
statusReason: mockResponseData.applications[6].status_reason,
requestStatus: null,
requestReason: null,
},
}, },
}); });
}); });
......
...@@ -43,6 +43,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -43,6 +43,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-cert /data/helm/app-name/config/cert.pem --tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem --tls-key /data/helm/app-name/config/key.pem
--version 1.2.3 --version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps --namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml -f /data/helm/app-name/config/values.yaml
EOS EOS
...@@ -101,6 +102,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -101,6 +102,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-cert /data/helm/app-name/config/cert.pem --tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem --tls-key /data/helm/app-name/config/key.pem
--version 1.2.3 --version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps --namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml -f /data/helm/app-name/config/values.yaml
EOS EOS
...@@ -126,7 +128,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -126,7 +128,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
<<~EOS.strip <<~EOS.strip
/bin/date /bin/date
/bin/true /bin/true
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --set rbac.create\\=false,rbac.enabled\\=false --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
EOS EOS
end end
end end
...@@ -148,7 +150,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -148,7 +150,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
let(:helm_install_command) do let(:helm_install_command) do
<<~EOS.strip <<~EOS.strip
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --set rbac.create\\=false,rbac.enabled\\=false --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
/bin/date /bin/date
/bin/false /bin/false
EOS EOS
...@@ -175,6 +177,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -175,6 +177,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
helm install chart-name helm install chart-name
--name app-name --name app-name
--version 1.2.3 --version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps --namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml -f /data/helm/app-name/config/values.yaml
EOS EOS
...@@ -204,6 +207,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do ...@@ -204,6 +207,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-ca-cert /data/helm/app-name/config/ca.pem --tls-ca-cert /data/helm/app-name/config/ca.pem
--tls-cert /data/helm/app-name/config/cert.pem --tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem --tls-key /data/helm/app-name/config/key.pem
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps --namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml -f /data/helm/app-name/config/values.yaml
EOS EOS
......
...@@ -19,6 +19,7 @@ describe Gitlab::UsageData do ...@@ -19,6 +19,7 @@ describe Gitlab::UsageData do
create(:cluster, :provided_by_user, :disabled) create(:cluster, :provided_by_user, :disabled)
create(:clusters_applications_helm, :installed, cluster: gcp_cluster) create(:clusters_applications_helm, :installed, cluster: gcp_cluster)
create(:clusters_applications_ingress, :installed, cluster: gcp_cluster) create(:clusters_applications_ingress, :installed, cluster: gcp_cluster)
create(:clusters_applications_cert_managers, :installed, cluster: gcp_cluster)
create(:clusters_applications_prometheus, :installed, cluster: gcp_cluster) create(:clusters_applications_prometheus, :installed, cluster: gcp_cluster)
create(:clusters_applications_runner, :installed, cluster: gcp_cluster) create(:clusters_applications_runner, :installed, cluster: gcp_cluster)
create(:clusters_applications_knative, :installed, cluster: gcp_cluster) create(:clusters_applications_knative, :installed, cluster: gcp_cluster)
...@@ -81,6 +82,7 @@ describe Gitlab::UsageData do ...@@ -81,6 +82,7 @@ describe Gitlab::UsageData do
clusters_platforms_user clusters_platforms_user
clusters_applications_helm clusters_applications_helm
clusters_applications_ingress clusters_applications_ingress
clusters_applications_cert_managers
clusters_applications_prometheus clusters_applications_prometheus
clusters_applications_runner clusters_applications_runner
clusters_applications_knative clusters_applications_knative
...@@ -131,6 +133,7 @@ describe Gitlab::UsageData do ...@@ -131,6 +133,7 @@ describe Gitlab::UsageData do
expect(count_data[:clusters_platforms_user]).to eq(1) expect(count_data[:clusters_platforms_user]).to eq(1)
expect(count_data[:clusters_applications_helm]).to eq(1) expect(count_data[:clusters_applications_helm]).to eq(1)
expect(count_data[:clusters_applications_ingress]).to eq(1) expect(count_data[:clusters_applications_ingress]).to eq(1)
expect(count_data[:clusters_applications_cert_managers]).to eq(1)
expect(count_data[:clusters_applications_prometheus]).to eq(1) expect(count_data[:clusters_applications_prometheus]).to eq(1)
expect(count_data[:clusters_applications_runner]).to eq(1) expect(count_data[:clusters_applications_runner]).to eq(1)
expect(count_data[:clusters_applications_knative]).to eq(1) expect(count_data[:clusters_applications_knative]).to eq(1)
......
require 'rails_helper'
describe Clusters::Applications::CertManager do
let(:cert_manager) { create(:clusters_applications_cert_managers) }
include_examples 'cluster application core specs', :clusters_applications_cert_managers
describe '#make_installing!' do
before do
application.make_installing!
end
context 'application install previously errored with older version' do
let(:application) { create(:clusters_applications_cert_managers, :scheduled, version: 'v0.4.0') }
it 'updates the application version' do
expect(application.reload.version).to eq('v0.5.0')
end
end
end
describe '#install_command' do
let(:cluster_issuer_file) { { "cluster_issuer.yaml": "---\napiVersion: certmanager.k8s.io/v1alpha1\nkind: ClusterIssuer\nmetadata:\n name: letsencrypt-prod\nspec:\n acme:\n server: https://acme-v02.api.letsencrypt.org/directory\n email: admin@example.com\n privateKeySecretRef:\n name: letsencrypt-prod\n http01: {}\n" } }
subject { cert_manager.install_command }
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand) }
it 'should be initialized with cert_manager arguments' do
expect(subject.name).to eq('certmanager')
expect(subject.chart).to eq('stable/cert-manager')
expect(subject.version).to eq('v0.5.0')
expect(subject).not_to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
expect(subject.postinstall).to eq(['/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml'])
end
context 'for a specific user' do
before do
cert_manager.email = 'abc@xyz.com'
cluster_issuer_file[:'cluster_issuer.yaml'].gsub! 'admin@example.com', 'abc@xyz.com'
end
it 'should use his/her email to register issuer with certificate provider' do
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
end
end
context 'on a rbac enabled cluster' do
before do
cert_manager.cluster.platform_kubernetes.rbac!
end
it { is_expected.to be_rbac }
end
context 'application failed to install previously' do
let(:cert_manager) { create(:clusters_applications_cert_managers, :errored, version: '0.0.1') }
it 'should be initialized with the locked version' do
expect(subject.version).to eq('v0.5.0')
end
end
end
describe '#files' do
let(:application) { cert_manager }
let(:values) { subject[:'values.yaml'] }
subject { application.files }
it 'should include cert_manager specific keys in the values.yaml file' do
expect(values).to include('ingressShim')
end
end
describe 'validations' do
it { is_expected.to validate_presence_of(:email) }
end
end
...@@ -311,13 +311,14 @@ describe Clusters::Cluster do ...@@ -311,13 +311,14 @@ describe Clusters::Cluster do
context 'when applications are created' do context 'when applications are created' do
let!(:helm) { create(:clusters_applications_helm, cluster: cluster) } let!(:helm) { create(:clusters_applications_helm, cluster: cluster) }
let!(:ingress) { create(:clusters_applications_ingress, cluster: cluster) } let!(:ingress) { create(:clusters_applications_ingress, cluster: cluster) }
let!(:cert_manager) { create(:clusters_applications_cert_managers, cluster: cluster) }
let!(:prometheus) { create(:clusters_applications_prometheus, cluster: cluster) } let!(:prometheus) { create(:clusters_applications_prometheus, cluster: cluster) }
let!(:runner) { create(:clusters_applications_runner, cluster: cluster) } let!(:runner) { create(:clusters_applications_runner, cluster: cluster) }
let!(:jupyter) { create(:clusters_applications_jupyter, cluster: cluster) } let!(:jupyter) { create(:clusters_applications_jupyter, cluster: cluster) }
let!(:knative) { create(:clusters_applications_knative, cluster: cluster) } let!(:knative) { create(:clusters_applications_knative, cluster: cluster) }
it 'returns a list of created applications' do it 'returns a list of created applications' do
is_expected.to contain_exactly(helm, ingress, prometheus, runner, jupyter, knative) is_expected.to contain_exactly(helm, ingress, cert_manager, prometheus, runner, jupyter, knative)
end end
end end
end end
......
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: my-email@example.com
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
# These options provide fully automated TLS.
# See https://github.com/jetstack/cert-manager/blob/master/docs/reference/ingress-shim.rst#configuration
ingressShim:
defaultIssuerKind: "ClusterIssuer"
defaultIssuerName: "letsencrypt-prod"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment