Implement Tillerless install and uninstall

This removes need to require Helm Tiller to be installed first. Stop calling TLS flags if using local tiller. This is all behind a feature flag as FE support is still forthcoming

Implement Tillerless install and uninstall
This removes need to require Helm Tiller to be installed first. Stop calling TLS flags if using local tiller. This is all behind a feature flag as FE support is still forthcoming
521e270d · Thong Kuah · 33ce19a8 · 521e270d · 521e270d · 521e270d
Commit 521e270d authored Nov 28, 2019 by Thong Kuah
5 changed files
--- a/lib/gitlab/kubernetes/helm/client_command.rb
+++ b/lib/gitlab/kubernetes/helm/client_command.rb
@@ -5,14 +5,24 @@ module Gitlab
    module Helm
      module ClientCommand
        def init_command
-          # Here we are always upgrading to the latest version of Tiller when
+          if local_tiller_enabled?
-          # installing an app. We ensure the helm version stored in the
+            <<~HEREDOC.chomp
-          # database is correct by also updating this after transition to
+            export HELM_HOST="localhost:44134"
-          # :installed,:updated in Clusters::Concerns::ApplicationStatus
+            tiller -listen ${HELM_HOST} -alsologtostderr &
-          'helm init --upgrade'
+            helm init --client-only
+            HEREDOC
+          else
+            # Here we are always upgrading to the latest version of Tiller when
+            # installing an app. We ensure the helm version stored in the
+            # database is correct by also updating this after transition to
+            # :installed,:updated in Clusters::Concerns::ApplicationStatus
+            'helm init --upgrade'
+          end
        end
        def wait_for_tiller_command
+          return if local_tiller_enabled?
          helm_check = ['helm', 'version', *optional_tls_flags].shelljoin
          # This is necessary to give Tiller time to restart after upgrade.
          # Ideally we'd be able to use --wait but cannot because of
@@ -25,6 +35,14 @@ module Gitlab
          ['helm', 'repo', 'add', name, repository].shelljoin if repository
        end
+        private
+        def tls_flags_if_remote_tiller
+          return [] if local_tiller_enabled?
+          optional_tls_flags
+        end
        def optional_tls_flags
          return [] unless files.key?(:'ca.pem')
@@ -35,6 +53,10 @@ module Gitlab
            '--tls-key', "#{files_dir}/key.pem"
          ]
        end
+        def local_tiller_enabled?
+          Feature.enabled?(:managed_apps_local_tiller)
+        end
      end
    end
  end

--- a/lib/gitlab/kubernetes/helm/delete_command.rb
+++ b/lib/gitlab/kubernetes/helm/delete_command.rb
@@ -39,7 +39,7 @@ module Gitlab
        private
        def delete_command
-          command = ['helm', 'delete', '--purge', name] + optional_tls_flags
+          command = ['helm', 'delete', '--purge', name] + tls_flags_if_remote_tiller
          command.shelljoin
        end

--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -49,7 +49,7 @@ module Gitlab
          command = ['helm', 'upgrade', name, chart] +
            install_flag +
            reset_values_flag +
-            optional_tls_flags +
+            tls_flags_if_remote_tiller +
            optional_version_flag +
            rbac_create_flag +
            namespace_flag +

--- a/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
@@ -13,40 +13,57 @@ describe Gitlab::Kubernetes::Helm::DeleteCommand do
  it_behaves_like 'helm commands' do
    let(:commands) do
      <<~EOS
-      helm init --upgrade
+      export HELM_HOST="localhost:44134"
-      for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+      tiller -listen ${HELM_HOST} -alsologtostderr &
+      helm init --client-only
      helm delete --purge app-name
      EOS
    end
  end
-  let(:tls_flags) do
+  context 'tillerless feature disabled' do
-    <<~EOS.squish
+    before do
-    --tls
+      stub_feature_flags(managed_apps_local_tiller: false)
-    --tls-ca-cert /data/helm/app-name/config/ca.pem
+    end
-    --tls-cert /data/helm/app-name/config/cert.pem
-    --tls-key /data/helm/app-name/config/key.pem
-    EOS
-  end
-  context 'when there is a ca.pem file' do
-    let(:files) { { 'ca.pem': 'some file content' } }
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
        helm init --upgrade
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
-        #{helm_delete_command}
+        helm delete --purge app-name
        EOS
      end
+    end
-      let(:helm_delete_command) do
+    context 'when there is a ca.pem file' do
+      let(:files) { { 'ca.pem': 'some file content' } }
+      let(:tls_flags) do
        <<~EOS.squish
-        helm delete --purge app-name
+        --tls
-        #{tls_flags}
+        --tls-ca-cert /data/helm/app-name/config/ca.pem
+        --tls-cert /data/helm/app-name/config/cert.pem
+        --tls-key /data/helm/app-name/config/key.pem
        EOS
      end
+      it_behaves_like 'helm commands' do
+        let(:commands) do
+          <<~EOS
+          helm init --upgrade
+          for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+          #{helm_delete_command}
+          EOS
+        end
+        let(:helm_delete_command) do
+          <<~EOS.squish
+          helm delete --purge app-name
+          #{tls_flags}
+          EOS
+        end
+      end
    end
  end

--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -23,22 +23,14 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    )
  end
-  let(:tls_flags) do
-    <<~EOS.squish
-    --tls
-    --tls-ca-cert /data/helm/app-name/config/ca.pem
-    --tls-cert /data/helm/app-name/config/cert.pem
-    --tls-key /data/helm/app-name/config/key.pem
-    EOS
-  end
  subject { install_command }
  it_behaves_like 'helm commands' do
    let(:commands) do
      <<~EOS
-      helm init --upgrade
+      export HELM_HOST="localhost:44134"
-      for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+      tiller -listen ${HELM_HOST} -alsologtostderr &
+      helm init --client-only
      helm repo add app-name https://repository.example.com
      helm repo update
      #{helm_install_comand}
@@ -50,7 +42,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
      helm upgrade app-name chart-name
        --install
        --reset-values
-        #{tls_flags}
        --version 1.2.3
        --set rbac.create\\=false,rbac.enabled\\=false
        --namespace gitlab-managed-apps
@@ -59,8 +50,19 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    end
  end
-  context 'when rbac is true' do
+  context 'tillerless feature disabled' do
-    let(:rbac) { true }
+    before do
+      stub_feature_flags(managed_apps_local_tiller: false)
+    end
+    let(:tls_flags) do
+      <<~EOS.squish
+      --tls
+      --tls-ca-cert /data/helm/app-name/config/ca.pem
+      --tls-cert /data/helm/app-name/config/cert.pem
+      --tls-key /data/helm/app-name/config/key.pem
+      EOS
+    end
    it_behaves_like 'helm commands' do
      let(:commands) do
@@ -69,6 +71,36 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
        helm repo add app-name https://repository.example.com
        helm repo update
+        #{helm_install_comand}
+        EOS
+      end
+      let(:helm_install_comand) do
+        <<~EOS.squish
+        helm upgrade app-name chart-name
+        --install
+        --reset-values
+        #{tls_flags}
+        --version 1.2.3
+        --set rbac.create\\=false,rbac.enabled\\=false
+        --namespace gitlab-managed-apps
+        -f /data/helm/app-name/config/values.yaml
+        EOS
+      end
+    end
+  end
+  context 'when rbac is true' do
+    let(:rbac) { true }
+    it_behaves_like 'helm commands' do
+      let(:commands) do
+        <<~EOS
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
+        helm repo add app-name https://repository.example.com
+        helm repo update
        #{helm_install_command}
        EOS
      end
@@ -78,7 +110,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=true,rbac.enabled\\=true
          --namespace gitlab-managed-apps
@@ -94,8 +125,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
+        export HELM_HOST="localhost:44134"
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        /bin/date
@@ -109,7 +141,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
@@ -125,8 +156,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
+        export HELM_HOST="localhost:44134"
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -140,7 +172,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
@@ -156,8 +187,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
+        export HELM_HOST="localhost:44134"
-        for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -184,8 +216,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
+        export HELM_HOST="localhost:44134"
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -197,7 +230,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
          -f /data/helm/app-name/config/values.yaml