Commit 93c66638 authored by Imre Farkas's avatar Imre Farkas

Merge branch 'local_tiller_backend' into 'master'

Local tiller backend fixes

See merge request gitlab-org/gitlab!25340
parents bfc5352f b1074be6
...@@ -15,7 +15,7 @@ module Clusters ...@@ -15,7 +15,7 @@ module Clusters
def set_initial_status def set_initial_status
return unless not_installable? return unless not_installable?
self.status = status_states[:installable] if cluster&.application_helm_available? || Feature.enabled?(:managed_apps_local_tiller) self.status = status_states[:installable] if cluster&.application_helm_available? || ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
end end
def can_uninstall? def can_uninstall?
......
...@@ -23,7 +23,7 @@ module Clusters ...@@ -23,7 +23,7 @@ module Clusters
@files ||= begin @files ||= begin
files = { 'values.yaml': values } files = { 'values.yaml': values }
files.merge!(certificate_files) if cluster.application_helm.has_ssl? files.merge!(certificate_files) if use_tiller_ssl?
files files
end end
...@@ -31,6 +31,12 @@ module Clusters ...@@ -31,6 +31,12 @@ module Clusters
private private
def use_tiller_ssl?
return false if ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
cluster.application_helm.has_ssl?
end
def certificate_files def certificate_files
{ {
'ca.pem': ca_cert, 'ca.pem': ca_cert,
......
...@@ -92,8 +92,11 @@ module Clusters ...@@ -92,8 +92,11 @@ module Clusters
# When installing any application we are also performing an update # When installing any application we are also performing an update
# of tiller (see Gitlab::Kubernetes::Helm::ClientCommand) so # of tiller (see Gitlab::Kubernetes::Helm::ClientCommand) so
# therefore we need to reflect that in the database. # therefore we need to reflect that in the database.
unless ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
application.cluster.application_helm.update!(version: Gitlab::Kubernetes::Helm::HELM_VERSION) application.cluster.application_helm.update!(version: Gitlab::Kubernetes::Helm::HELM_VERSION)
end end
end
after_transition any => [:uninstalling], :use_transactions => false do |application, _| after_transition any => [:uninstalling], :use_transactions => false do |application, _|
application.prepare_uninstall application.prepare_uninstall
......
...@@ -10,6 +10,12 @@ module Gitlab ...@@ -10,6 +10,12 @@ module Gitlab
SERVICE_ACCOUNT = 'tiller' SERVICE_ACCOUNT = 'tiller'
CLUSTER_ROLE_BINDING = 'tiller-admin' CLUSTER_ROLE_BINDING = 'tiller-admin'
CLUSTER_ROLE = 'cluster-admin' CLUSTER_ROLE = 'cluster-admin'
MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG = :managed_apps_local_tiller
def self.local_tiller_enabled?
Feature.enabled?(MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG)
end
end end
end end
end end
...@@ -59,7 +59,7 @@ module Gitlab ...@@ -59,7 +59,7 @@ module Gitlab
end end
def local_tiller_enabled? def local_tiller_enabled?
Feature.enabled?(:managed_apps_local_tiller) ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
end end
end end
end end
......
...@@ -73,39 +73,71 @@ FactoryBot.define do ...@@ -73,39 +73,71 @@ FactoryBot.define do
factory :clusters_applications_ingress, class: 'Clusters::Applications::Ingress' do factory :clusters_applications_ingress, class: 'Clusters::Applications::Ingress' do
modsecurity_enabled { false } modsecurity_enabled { false }
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_cert_manager, class: 'Clusters::Applications::CertManager' do factory :clusters_applications_cert_manager, class: 'Clusters::Applications::CertManager' do
email { 'admin@example.com' } email { 'admin@example.com' }
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_elastic_stack, class: 'Clusters::Applications::ElasticStack' do factory :clusters_applications_elastic_stack, class: 'Clusters::Applications::ElasticStack' do
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_crossplane, class: 'Clusters::Applications::Crossplane' do factory :clusters_applications_crossplane, class: 'Clusters::Applications::Crossplane' do
stack { 'gcp' } stack { 'gcp' }
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_prometheus, class: 'Clusters::Applications::Prometheus' do factory :clusters_applications_prometheus, class: 'Clusters::Applications::Prometheus' do
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_runner, class: 'Clusters::Applications::Runner' do factory :clusters_applications_runner, class: 'Clusters::Applications::Runner' do
runner factory: %i(ci_runner) runner factory: %i(ci_runner)
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_knative, class: 'Clusters::Applications::Knative' do factory :clusters_applications_knative, class: 'Clusters::Applications::Knative' do
hostname { 'example.com' } hostname { 'example.com' }
cluster factory: %i(cluster with_installed_helm provided_by_gcp) cluster factory: %i(cluster with_installed_helm provided_by_gcp)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
factory :clusters_applications_jupyter, class: 'Clusters::Applications::Jupyter' do factory :clusters_applications_jupyter, class: 'Clusters::Applications::Jupyter' do
oauth_application factory: :oauth_application oauth_application factory: :oauth_application
cluster factory: %i(cluster with_installed_helm provided_by_gcp project) cluster factory: %i(cluster with_installed_helm provided_by_gcp project)
trait :no_helm_installed do
cluster factory: %i(cluster provided_by_gcp)
end
end end
end end
end end
...@@ -274,7 +274,8 @@ describe Clusters::Applications::Prometheus do ...@@ -274,7 +274,8 @@ describe Clusters::Applications::Prometheus do
subject { application.files_with_replaced_values({ hello: :world }) } subject { application.files_with_replaced_values({ hello: :world }) }
it 'does not modify #files' do it 'does not modify #files' do
expect(subject[:'values.yaml']).not_to eq(files) expect(subject[:'values.yaml']).not_to eq(files[:'values.yaml'])
expect(files[:'values.yaml']).to eq(application.values) expect(files[:'values.yaml']).to eq(application.values)
end end
...@@ -282,27 +283,17 @@ describe Clusters::Applications::Prometheus do ...@@ -282,27 +283,17 @@ describe Clusters::Applications::Prometheus do
expect(subject[:'values.yaml']).to eq({ hello: :world }) expect(subject[:'values.yaml']).to eq({ hello: :world })
end end
it 'includes cert files' do it 'uses values from #files, except for values.yaml' do
expect(subject[:'ca.pem']).to be_present allow(application).to receive(:files).and_return({
expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert) 'values.yaml': 'some value specific to files',
'file_a.txt': 'file_a',
expect(subject[:'cert.pem']).to be_present 'file_b.txt': 'file_b'
expect(subject[:'key.pem']).to be_present })
cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
expect(cert.not_after).to be < 60.minutes.from_now
end
context 'when the helm application does not have a ca_cert' do
before do
application.cluster.application_helm.ca_cert = nil
end
it 'does not include cert files' do expect(subject.except(:'values.yaml')).to eq({
expect(subject[:'ca.pem']).not_to be_present 'file_a.txt': 'file_a',
expect(subject[:'cert.pem']).not_to be_present 'file_b.txt': 'file_b'
expect(subject[:'key.pem']).not_to be_present })
end
end end
end end
......
...@@ -28,6 +28,11 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name| ...@@ -28,6 +28,11 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name|
describe '#files' do describe '#files' do
subject { application.files } subject { application.files }
context 'managed_apps_local_tiller feature flag is disabled' do
before do
stub_feature_flags(managed_apps_local_tiller: false)
end
context 'when the helm application does not have a ca_cert' do context 'when the helm application does not have a ca_cert' do
before do before do
application.cluster.application_helm.ca_cert = nil application.cluster.application_helm.ca_cert = nil
...@@ -46,4 +51,23 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name| ...@@ -46,4 +51,23 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name|
expect(cert.not_after).to be < 60.minutes.from_now expect(cert.not_after).to be < 60.minutes.from_now
end end
end end
context 'managed_apps_local_tiller feature flag is enabled' do
before do
stub_feature_flags(managed_apps_local_tiller: true)
end
it 'does not include cert files' do
expect(subject).not_to include(:'ca.pem', :'cert.pem', :'key.pem')
end
context 'when cluster does not have helm installed' do
let(:application) { create(application_name, :no_helm_installed) }
it 'does not include cert files' do
expect(subject).not_to include(:'ca.pem', :'cert.pem', :'key.pem')
end
end
end
end
end end
...@@ -48,6 +48,11 @@ RSpec.shared_examples 'cluster application status specs' do |application_name| ...@@ -48,6 +48,11 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
expect(subject).to be_installed expect(subject).to be_installed
end end
context 'managed_apps_local_tiller feature flag disabled' do
before do
stub_feature_flags(managed_apps_local_tiller: false)
end
it 'updates helm version' do it 'updates helm version' do
subject.cluster.application_helm.update!(version: '1.2.3') subject.cluster.application_helm.update!(version: '1.2.3')
...@@ -57,6 +62,31 @@ RSpec.shared_examples 'cluster application status specs' do |application_name| ...@@ -57,6 +62,31 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION) expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION)
end end
end
context 'managed_apps_local_tiller feature flag enabled' do
before do
stub_feature_flags(managed_apps_local_tiller: true)
end
it 'does not update the helm version' do
subject.cluster.application_helm.update!(version: '1.2.3')
expect do
subject.make_installed!
subject.cluster.application_helm.reload
end.not_to change { subject.cluster.application_helm.version }
end
context 'the cluster has no helm installed' do
subject { create(application_name, :installing, :no_helm_installed) }
it 'runs without errors' do
expect { subject.make_installed! }.not_to raise_error
end
end
end
it 'sets the correct version of the application' do it 'sets the correct version of the application' do
subject.update!(version: '0.0.0') subject.update!(version: '0.0.0')
...@@ -77,6 +107,11 @@ RSpec.shared_examples 'cluster application status specs' do |application_name| ...@@ -77,6 +107,11 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
expect(subject).to be_updated expect(subject).to be_updated
end end
context 'managed_apps_local_tiller feature flag disabled' do
before do
stub_feature_flags(managed_apps_local_tiller: false)
end
it 'updates helm version' do it 'updates helm version' do
subject.cluster.application_helm.update!(version: '1.2.3') subject.cluster.application_helm.update!(version: '1.2.3')
...@@ -86,6 +121,31 @@ RSpec.shared_examples 'cluster application status specs' do |application_name| ...@@ -86,6 +121,31 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION) expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION)
end end
end
context 'managed_apps_local_tiller feature flag enabled' do
before do
stub_feature_flags(managed_apps_local_tiller: true)
end
it 'does not update the helm version' do
subject.cluster.application_helm.update!(version: '1.2.3')
expect do
subject.make_installed!
subject.cluster.application_helm.reload
end.not_to change { subject.cluster.application_helm.version }
end
context 'the cluster has no helm installed' do
subject { create(application_name, :updating, :no_helm_installed) }
it 'runs without errors' do
expect { subject.make_installed! }.not_to raise_error
end
end
end
it 'updates the version of the application' do it 'updates the version of the application' do
subject.update!(version: '0.0.0') subject.update!(version: '0.0.0')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment