Merge branch 'move-local-tiller-feature-flag-to-cluster' into 'master'

Move local Tiller FF check to cluster level See merge request gitlab-org/gitlab!33334

Merge branch 'move-local-tiller-feature-flag-to-cluster' into 'master'
Move local Tiller FF check to cluster level See merge request gitlab-org/gitlab!33334
1ff8fb96 · Heinrich Lee Yu · a189141a · 4e8b00f1 · 1ff8fb96 · 1ff8fb96
Commit 1ff8fb96 authored Jun 11, 2020 by Heinrich Lee Yu
33 changed files
--- a/app/controllers/clusters/base_controller.rb
+++ b/app/controllers/clusters/base_controller.rb
@@ -7,7 +7,7 @@ class Clusters::BaseController < ApplicationController
  before_action :authorize_read_cluster!

  before_action do
-    push_frontend_feature_flag(:managed_apps_local_tiller)
+    push_frontend_feature_flag(:managed_apps_local_tiller, clusterable)
  end

  helper_method :clusterable

--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -38,7 +38,8 @@ module Clusters
          chart: chart,
          files: files.merge(cluster_issuer_file),
          preinstall: pre_install_script,
-          postinstall: post_install_script
+          postinstall: post_install_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -47,7 +48,8 @@ module Clusters
          name: 'certmanager',
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          postdelete: post_delete_script
+          postdelete: post_delete_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/crossplane.rb
+++ b/app/models/clusters/applications/crossplane.rb
@@ -35,7 +35,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/elastic_stack.rb
+++ b/app/models/clusters/applications/elastic_stack.rb
@@ -34,7 +34,8 @@ module Clusters
          repository: repository,
          files: files,
          preinstall: migrate_to_3_script,
-          postinstall: post_install_script
+          postinstall: post_install_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -43,7 +44,8 @@ module Clusters
          name: 'elastic-stack',
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          postdelete: post_delete_script
+          postdelete: post_delete_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -118,7 +120,8 @@ module Clusters
          Gitlab::Kubernetes::Helm::DeleteCommand.new(
            name: 'elastic-stack',
            rbac: cluster.platform_kubernetes_rbac?,
-            files: files
+            files: files,
+            local_tiller_enabled: cluster.local_tiller_enabled?
          ).delete_command,
          Gitlab::Kubernetes::KubectlCmd.delete("pvc", "--selector", "release=elastic-stack", "--namespace", Gitlab::Kubernetes::Helm::NAMESPACE)
        ]

--- a/app/models/clusters/applications/fluentd.rb
+++ b/app/models/clusters/applications/fluentd.rb
@@ -32,7 +32,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/helm.rb
+++ b/app/models/clusters/applications/helm.rb
@@ -52,7 +52,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::InitCommand.new(
          name: name,
          files: files,
-          rbac: cluster.platform_kubernetes_rbac?
+          rbac: cluster.platform_kubernetes_rbac?,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -60,7 +61,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::ResetCommand.new(
          name: name,
          files: files,
-          rbac: cluster.platform_kubernetes_rbac?
+          rbac: cluster.platform_kubernetes_rbac?,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/ingress.rb
+++ b/app/models/clusters/applications/ingress.rb
@@ -63,7 +63,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/jupyter.rb
+++ b/app/models/clusters/applications/jupyter.rb
@@ -45,7 +45,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          repository: repository
+          repository: repository,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/knative.rb
+++ b/app/models/clusters/applications/knative.rb
@@ -77,7 +77,8 @@ module Clusters
          chart: chart,
          files: files,
          repository: REPOSITORY,
-          postinstall: install_knative_metrics
+          postinstall: install_knative_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -99,7 +100,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
          predelete: delete_knative_services_and_metrics,
-          postdelete: delete_knative_istio_leftovers
+          postdelete: delete_knative_istio_leftovers,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/prometheus.rb
+++ b/app/models/clusters/applications/prometheus.rb
@@ -66,7 +66,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          postinstall: install_knative_metrics
+          postinstall: install_knative_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -76,7 +77,8 @@ module Clusters
          version: version,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files_with_replaced_values(values)
+          files: files_with_replaced_values(values),
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -85,7 +87,8 @@ module Clusters
          name: name,
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          predelete: delete_knative_istio_metrics
+          predelete: delete_knative_istio_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -36,7 +36,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          repository: repository
+          repository: repository,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -326,6 +326,10 @@ module Clusters
      end
    end

+    def local_tiller_enabled?
+      Feature.enabled?(:managed_apps_local_tiller, clusterable, default_enabled: false)
+    end
+
    private

    def unique_management_project_environment_scope

--- a/app/models/clusters/concerns/application_core.rb
+++ b/app/models/clusters/concerns/application_core.rb
@@ -15,7 +15,7 @@ module Clusters
        def set_initial_status
          return unless not_installable?

-          self.status = status_states[:installable] if cluster&.application_helm_available? || ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
+          self.status = status_states[:installable] if cluster&.application_helm_available? || cluster&.local_tiller_enabled?
        end

        def can_uninstall?

--- a/app/models/clusters/concerns/application_data.rb
+++ b/app/models/clusters/concerns/application_data.rb
@@ -7,7 +7,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::DeleteCommand.new(
          name: name,
          rbac: cluster.platform_kubernetes_rbac?,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -32,7 +33,7 @@ module Clusters
      private

      def use_tiller_ssl?
-        return false if ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
+        return false if cluster.local_tiller_enabled?

        cluster.application_helm.has_ssl?
      end

--- a/app/models/clusters/concerns/application_status.rb
+++ b/app/models/clusters/concerns/application_status.rb
@@ -98,7 +98,7 @@ module Clusters
          end

          before_transition any => [:installed, :updated] do |application, transition|
-            unless ::Gitlab::Kubernetes::Helm.local_tiller_enabled? || application.is_a?(Clusters::Applications::Helm)
+            unless application.cluster.local_tiller_enabled? || application.is_a?(Clusters::Applications::Helm)
              if transition.event == :make_externally_installed
                # If an application is externally installed
                # We assume the helm application is externally installed too

--- a/lib/gitlab/kubernetes/helm.rb
+++ b/lib/gitlab/kubernetes/helm.rb
@@ -10,12 +10,6 @@ module Gitlab
      SERVICE_ACCOUNT = 'tiller'
      CLUSTER_ROLE_BINDING = 'tiller-admin'
      CLUSTER_ROLE = 'cluster-admin'
-
-      MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG = :managed_apps_local_tiller
-
-      def self.local_tiller_enabled?
-        Feature.enabled?(MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG)
-      end
    end
  end
 end
--- a/lib/gitlab/kubernetes/helm/base_command.rb
+++ b/lib/gitlab/kubernetes/helm/base_command.rb
@@ -3,7 +3,24 @@
 module Gitlab
  module Kubernetes
    module Helm
-      module BaseCommand
+      class BaseCommand
+        attr_reader :name, :files
+
+        def initialize(rbac:, name:, files:, local_tiller_enabled:)
+          @rbac = rbac
+          @name = name
+          @files = files
+          @local_tiller_enabled = local_tiller_enabled
+        end
+
+        def rbac?
+          @rbac
+        end
+
+        def local_tiller_enabled?
+          @local_tiller_enabled
+        end
+
        def pod_resource
          pod_service_account_name = rbac? ? service_account_name : nil

@@ -46,18 +63,6 @@ module Gitlab
          files.keys
        end

-        def name
-          raise "Not implemented"
-        end
-
-        def rbac?
-          raise "Not implemented"
-        end
-
-        def files
-          raise "Not implemented"
-        end
-
        private

        def files_dir

--- a/lib/gitlab/kubernetes/helm/client_command.rb
+++ b/lib/gitlab/kubernetes/helm/client_command.rb
@@ -57,10 +57,6 @@ module Gitlab
            '--tls-key', "#{files_dir}/key.pem"
          ]
        end
-
-        def local_tiller_enabled?
-          ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
-        end
      end
    end
  end

--- a/lib/gitlab/kubernetes/helm/delete_command.rb
+++ b/lib/gitlab/kubernetes/helm/delete_command.rb
@@ -3,17 +3,13 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class DeleteCommand
-        include BaseCommand
+      class DeleteCommand < BaseCommand
        include ClientCommand

        attr_reader :predelete, :postdelete
-        attr_accessor :name, :files

-        def initialize(name:, rbac:, files:, predelete: nil, postdelete: nil)
-          @name = name
-          @files = files
-          @rbac = rbac
+        def initialize(predelete: nil, postdelete: nil, **args)
+          super(**args)
          @predelete = predelete
          @postdelete = postdelete
        end
@@ -32,10 +28,6 @@ module Gitlab
          "uninstall-#{name}"
        end

-        def rbac?
-          @rbac
-        end
-
        def delete_command
          command = ['helm', 'delete', '--purge', name] + tls_flags_if_remote_tiller


--- a/lib/gitlab/kubernetes/helm/init_command.rb
+++ b/lib/gitlab/kubernetes/helm/init_command.rb
@@ -3,27 +3,13 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class InitCommand
-        include BaseCommand
-
-        attr_reader :name, :files
-
-        def initialize(name:, files:, rbac:)
-          @name = name
-          @files = files
-          @rbac = rbac
-        end
-
+      class InitCommand < BaseCommand
        def generate_script
          super + [
            init_helm_command
          ].join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        def init_helm_command

--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -3,19 +3,16 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class InstallCommand
-        include BaseCommand
+      class InstallCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files, :chart, :repository, :preinstall, :postinstall
+        attr_reader :chart, :repository, :preinstall, :postinstall
        attr_accessor :version

-        def initialize(name:, chart:, files:, rbac:, version: nil, repository: nil, preinstall: nil, postinstall: nil)
-          @name = name
+        def initialize(chart:, version: nil, repository: nil, preinstall: nil, postinstall: nil, **args)
+          super(**args)
          @chart = chart
          @version = version
-          @rbac = rbac
-          @files = files
          @repository = repository
          @preinstall = preinstall
          @postinstall = postinstall
@@ -33,10 +30,6 @@ module Gitlab
          ].compact.join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        # Uses `helm upgrade --install` which means we can use this for both

--- a/lib/gitlab/kubernetes/helm/patch_command.rb
+++ b/lib/gitlab/kubernetes/helm/patch_command.rb
@@ -5,23 +5,21 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class PatchCommand
-        include BaseCommand
+      class PatchCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files, :chart, :repository
+        attr_reader :chart, :repository
        attr_accessor :version

-        def initialize(name:, chart:, files:, rbac:, version:, repository: nil)
+        def initialize(chart:, version:, repository: nil, **args)
+          super(**args)
+
          # version is mandatory to prevent chart mismatches
          # we do not want our values interpreted in the context of the wrong version
          raise ArgumentError, 'version is required' if version.blank?

-          @name = name
          @chart = chart
          @version = version
-          @rbac = rbac
-          @files = files
          @repository = repository
        end

@@ -35,10 +33,6 @@ module Gitlab
          ].compact.join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        def upgrade_command

--- a/lib/gitlab/kubernetes/helm/reset_command.rb
+++ b/lib/gitlab/kubernetes/helm/reset_command.rb
@@ -3,18 +3,9 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class ResetCommand
-        include BaseCommand
+      class ResetCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files
-
-        def initialize(name:, rbac:, files:)
-          @name = name
-          @files = files
-          @rbac = rbac
-        end
-
        def generate_script
          super + [
            reset_helm_command,
@@ -23,10 +14,6 @@ module Gitlab
          ].join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        def pod_name
          "uninstall-#{name}"
        end

--- a/spec/lib/gitlab/kubernetes/helm/api_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/api_spec.rb
@@ -17,7 +17,8 @@ describe Gitlab::Kubernetes::Helm::API do
      name: application_name,
      chart: 'chart-name',
      rbac: rbac,
-      files: files
+      files: files,
+      local_tiller_enabled: true
    )
  end

@@ -142,7 +143,7 @@ describe Gitlab::Kubernetes::Helm::API do
    end

    context 'with a service account' do
-      let(:command) { Gitlab::Kubernetes::Helm::InitCommand.new(name: application_name, files: files, rbac: rbac) }
+      let(:command) { Gitlab::Kubernetes::Helm::InitCommand.new(name: application_name, files: files, rbac: rbac, local_tiller_enabled: true) }

      context 'rbac-enabled cluster' do
        let(:rbac) { true }

--- a/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
@@ -11,25 +11,14 @@ describe Gitlab::Kubernetes::Helm::BaseCommand do
  let(:rbac) { false }

  let(:test_class) do
-    Class.new do
-      include Gitlab::Kubernetes::Helm::BaseCommand
-
+    Class.new(Gitlab::Kubernetes::Helm::BaseCommand) do
      def initialize(rbac)
-        @rbac = rbac
-      end
-
-      def name
-        "test-class-name"
-      end
-
-      def rbac?
-        @rbac
-      end
-
-      def files
-        {
-          some: 'value'
-        }
+        super(
+          name: 'test-class-name',
+          rbac: rbac,
+          files: { some: 'value' },
+          local_tiller_enabled: false
+        )
      end
    end
  end

--- a/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
@@ -3,11 +3,12 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::DeleteCommand do
-  subject(:delete_command) { described_class.new(name: app_name, rbac: rbac, files: files) }
+  subject(:delete_command) { described_class.new(name: app_name, rbac: rbac, files: files, local_tiller_enabled: local_tiller_enabled) }

  let(:app_name) { 'app-name' }
  let(:rbac) { true }
  let(:files) { {} }
+  let(:local_tiller_enabled) { true }

  it_behaves_like 'helm command generator' do
    let(:commands) do
@@ -21,9 +22,7 @@ describe Gitlab::Kubernetes::Helm::DeleteCommand do
  end

  context 'tillerless feature disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    it_behaves_like 'helm command generator' do
      let(:commands) do

--- a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::InitCommand do
-  subject(:init_command) { described_class.new(name: application.name, files: files, rbac: rbac) }
+  subject(:init_command) { described_class.new(name: application.name, files: files, rbac: rbac, local_tiller_enabled: false) }

  let(:application) { create(:clusters_applications_helm) }
  let(:rbac) { false }

--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -12,7 +12,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
      version: version,
      repository: repository,
      preinstall: preinstall,
-      postinstall: postinstall
+      postinstall: postinstall,
+      local_tiller_enabled: local_tiller_enabled
    )
  end

@@ -22,6 +23,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
  let(:version) { '1.2.3' }
  let(:preinstall) { nil }
  let(:postinstall) { nil }
+  let(:local_tiller_enabled) { true }

  it_behaves_like 'helm command generator' do
    let(:commands) do
@@ -51,9 +53,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
  end

  context 'tillerless feature disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    let(:tls_flags) do
      <<~EOS.squish

--- a/spec/lib/gitlab/kubernetes/helm/patch_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/patch_command_spec.rb
@@ -7,6 +7,7 @@ describe Gitlab::Kubernetes::Helm::PatchCommand do
  let(:repository) { 'https://repository.example.com' }
  let(:rbac) { false }
  let(:version) { '1.2.3' }
+  let(:local_tiller_enabled) { true }

  subject(:patch_command) do
    described_class.new(
@@ -15,14 +16,13 @@ describe Gitlab::Kubernetes::Helm::PatchCommand do
      rbac: rbac,
      files: files,
      version: version,
-      repository: repository
+      repository: repository,
+      local_tiller_enabled: local_tiller_enabled
    )
  end

  context 'when local tiller feature is disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    let(:tls_flags) do
      <<~EOS.squish

--- a/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::ResetCommand do
-  subject(:reset_command) { described_class.new(name: name, rbac: rbac, files: files) }
+  subject(:reset_command) { described_class.new(name: name, rbac: rbac, files: files, local_tiller_enabled: false) }

  let(:rbac) { true }
  let(:name) { 'helm' }

--- a/spec/support/shared_examples/models/cluster_application_helm_cert_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_helm_cert_shared_examples.rb
@@ -54,7 +54,7 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name|

    context 'managed_apps_local_tiller feature flag is enabled' do
      before do
-        stub_feature_flags(managed_apps_local_tiller: true)
+        stub_feature_flags(managed_apps_local_tiller: application.cluster.clusterable)
      end

      it 'does not include cert files' do

--- a/spec/support/shared_examples/models/cluster_application_initial_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_initial_status_shared_examples.rb
@@ -18,7 +18,7 @@ RSpec.shared_examples 'cluster application initial status specs' do

    context 'local tiller feature flag is enabled' do
      before do
-        stub_feature_flags(managed_apps_local_tiller: true)
+        stub_feature_flags(managed_apps_local_tiller: cluster.clusterable)
      end

      it 'sets a default status' do

--- a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
@@ -66,7 +66,7 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|

      context 'managed_apps_local_tiller feature flag enabled' do
        before do
-          stub_feature_flags(managed_apps_local_tiller: true)
+          stub_feature_flags(managed_apps_local_tiller: subject.cluster.clusterable)
        end

        it 'does not update the helm version' do