Commit 5aa9b710 authored by Tiger's avatar Tiger

Allow switching clusters between managed/unmanaged

Any resources created while the cluster was managed
will be untouched, allowing users to set/unset this
flag as they please.
parent 11810cb2
...@@ -128,6 +128,7 @@ class Clusters::ClustersController < Clusters::BaseController ...@@ -128,6 +128,7 @@ class Clusters::ClustersController < Clusters::BaseController
:enabled, :enabled,
:name, :name,
:environment_scope, :environment_scope,
:managed,
:base_domain, :base_domain,
platform_kubernetes_attributes: [ platform_kubernetes_attributes: [
:api_url, :api_url,
...@@ -140,6 +141,7 @@ class Clusters::ClustersController < Clusters::BaseController ...@@ -140,6 +141,7 @@ class Clusters::ClustersController < Clusters::BaseController
params.require(:cluster).permit( params.require(:cluster).permit(
:enabled, :enabled,
:environment_scope, :environment_scope,
:managed,
:base_domain, :base_domain,
platform_kubernetes_attributes: [ platform_kubernetes_attributes: [
:namespace :namespace
......
...@@ -80,9 +80,18 @@ module Clusters ...@@ -80,9 +80,18 @@ module Clusters
.append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true) .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true)
end end
if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project) if !cluster.managed?
project_namespace = namespace.presence || "#{project.path}-#{project.id}".downcase
variables
.append(key: 'KUBE_URL', value: api_url)
.append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
.append(key: 'KUBE_NAMESPACE', value: project_namespace)
.append(key: 'KUBECONFIG', value: kubeconfig(project_namespace), public: false, file: true)
elsif kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project)
variables.concat(kubernetes_namespace.predefined_variables) variables.concat(kubernetes_namespace.predefined_variables)
elsif cluster.project_type? || !cluster.managed? elsif cluster.project_type?
# As of 11.11 a user can create a cluster that they manage themselves, # As of 11.11 a user can create a cluster that they manage themselves,
# which replicates the existing project-level cluster behaviour. # which replicates the existing project-level cluster behaviour.
# Once we have marked all project-level clusters that make use of this # Once we have marked all project-level clusters that make use of this
......
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
= s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.') = s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.')
.form-group .form-group
= field.check_box :managed, { disabled: true, label: s_('ClusterIntegration|GitLab-managed cluster'), = field.check_box :managed, { label: s_('ClusterIntegration|GitLab-managed cluster'),
label_class: 'label-bold' } label_class: 'label-bold' }
.form-text.text-muted .form-text.text-muted
= s_('ClusterIntegration|Allow GitLab to manage namespace and service accounts for this cluster.') = s_('ClusterIntegration|Allow GitLab to manage namespace and service accounts for this cluster.')
......
---
title: Allow switching clusters between managed and unmanaged
merge_request: 29322
author:
type: added
...@@ -57,10 +57,6 @@ differentiate the new cluster from the rest. ...@@ -57,10 +57,6 @@ differentiate the new cluster from the rest.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5. > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5.
> Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11. > Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11.
NOTE: **Note:**
Only available when creating clusters. Existing clusters not managed by GitLab
cannot become GitLab-managed later.
You can choose to allow GitLab to manage your cluster for you. If your cluster is You can choose to allow GitLab to manage your cluster for you. If your cluster is
managed by GitLab, resources for your projects will be automatically created. See the managed by GitLab, resources for your projects will be automatically created. See the
[Access controls](../../project/clusters/index.md#access-controls) section for details on which resources will [Access controls](../../project/clusters/index.md#access-controls) section for details on which resources will
......
...@@ -225,10 +225,6 @@ applications running on the cluster. ...@@ -225,10 +225,6 @@ applications running on the cluster.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5. > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5.
> Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11. > Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11.
NOTE: **Note:**
Only available when creating clusters. Existing clusters not managed by GitLab
cannot become GitLab-managed later.
You can choose to allow GitLab to manage your cluster for you. If your cluster is You can choose to allow GitLab to manage your cluster for you. If your cluster is
managed by GitLab, resources for your projects will be automatically created. See the managed by GitLab, resources for your projects will be automatically created. See the
[Access controls](#access-controls) section for details on which resources will [Access controls](#access-controls) section for details on which resources will
......
...@@ -396,6 +396,7 @@ describe Admin::ClustersController do ...@@ -396,6 +396,7 @@ describe Admin::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
base_domain: domain base_domain: domain
} }
} }
...@@ -409,6 +410,7 @@ describe Admin::ClustersController do ...@@ -409,6 +410,7 @@ describe Admin::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.domain).to eq('test-domain.com') expect(cluster.domain).to eq('test-domain.com')
end end
...@@ -433,6 +435,7 @@ describe Admin::ClustersController do ...@@ -433,6 +435,7 @@ describe Admin::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
domain: domain domain: domain
} }
} }
...@@ -445,6 +448,7 @@ describe Admin::ClustersController do ...@@ -445,6 +448,7 @@ describe Admin::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
end end
end end
......
...@@ -463,6 +463,7 @@ describe Groups::ClustersController do ...@@ -463,6 +463,7 @@ describe Groups::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
base_domain: domain base_domain: domain
} }
} }
...@@ -476,6 +477,7 @@ describe Groups::ClustersController do ...@@ -476,6 +477,7 @@ describe Groups::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.domain).to eq('test-domain.com') expect(cluster.domain).to eq('test-domain.com')
end end
...@@ -500,6 +502,7 @@ describe Groups::ClustersController do ...@@ -500,6 +502,7 @@ describe Groups::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
domain: domain domain: domain
} }
} }
...@@ -512,6 +515,7 @@ describe Groups::ClustersController do ...@@ -512,6 +515,7 @@ describe Groups::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
end end
end end
......
...@@ -449,6 +449,7 @@ describe Projects::ClustersController do ...@@ -449,6 +449,7 @@ describe Projects::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
platform_kubernetes_attributes: { platform_kubernetes_attributes: {
namespace: 'my-namespace' namespace: 'my-namespace'
} }
...@@ -464,6 +465,7 @@ describe Projects::ClustersController do ...@@ -464,6 +465,7 @@ describe Projects::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace') expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
end end
...@@ -475,6 +477,7 @@ describe Projects::ClustersController do ...@@ -475,6 +477,7 @@ describe Projects::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
platform_kubernetes_attributes: { platform_kubernetes_attributes: {
namespace: 'my-namespace' namespace: 'my-namespace'
} }
...@@ -489,6 +492,7 @@ describe Projects::ClustersController do ...@@ -489,6 +492,7 @@ describe Projects::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace') expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
end end
end end
......
...@@ -298,6 +298,46 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching ...@@ -298,6 +298,46 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
{ key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false, masked: true } { key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false, masked: true }
) )
end end
context 'the cluster has been set to unmanaged after the namespace was created' do
before do
cluster.update!(managed: false)
end
it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN from the platform' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes.token, public: false, masked: true }
)
end
context 'the platform has a custom namespace set' do
before do
kubernetes.update!(namespace: 'custom-namespace')
end
it 'sets KUBE_NAMESPACE from the platform' do
expect(subject).to include(
{ key: 'KUBE_NAMESPACE', value: kubernetes.namespace, public: true, masked: false }
)
end
end
context 'there is no namespace specified on the platform' do
let(:project) { cluster.project }
before do
kubernetes.update!(namespace: nil)
end
it 'sets KUBE_NAMESPACE to a default for the project' do
expect(subject).to include(
{ key: 'KUBE_NAMESPACE', value: "#{project.path}-#{project.id}", public: true, masked: false }
)
end
end
end
end end
context 'namespace is provided' do context 'namespace is provided' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment