Commit d9b64cc6 authored by Shinya Maeda's avatar Shinya Maeda

Squashed commit of the following:

commit 647e01a62d92a51ff7002a49f4eb5df3cd09c657
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Wed Nov 22 23:21:02 2017 +0900

    Add test for checking interchangeability between KubernetesService and Clusters::Platform::Kubernetes

commit f5d05a7c0e2351c46eda3bfec475d671d16ee2b8
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Wed Nov 22 18:31:07 2017 +0900

    Add test suit for platform::kubernetes

commit 998eb71017179af11ab5f03861207f5df0fd834c
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 23:29:33 2017 +0900

    Remove logic which glues with KubernetesService, from Platforms::Kubernetes

commit 29f987b3ec747c85087ad0dc523d897f6802ed6f
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 22:53:36 2017 +0900

    Fix comments

commit 01b6a7a9fd476fc408e9f3a713d6c7dd6cb8690e
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 22:52:05 2017 +0900

    Add deployment platform selector

commit f70ebff43fb21ad49941cf5653024be056b2a664
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 22:33:25 2017 +0900

    Fix tests for Clusters::Platforms::Kubernetes

commit b4a661e57bc9d14850ea059a6d6a755673925da2
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 22:03:07 2017 +0900

    Check diff between KubernetesService and Platforms::Kubernetes. Synchronize again.

commit 09297530077841256043fb522d3cdd60e2baeee0
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Tue Nov 21 21:09:55 2017 +0900

    Revert KubernetesService logic in Platforms::Kubernetes
parent 6a199ab8
......@@ -17,8 +17,7 @@ module Clusters
# we force autosave to happen when we save `Cluster` model
has_one :provider_gcp, class_name: 'Clusters::Providers::Gcp', autosave: true
# We have to ":destroy" it today to ensure that we clean also the Kubernetes Integration
has_one :platform_kubernetes, class_name: 'Clusters::Platforms::Kubernetes', autosave: true, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
has_one :platform_kubernetes, class_name: 'Clusters::Platforms::Kubernetes'
has_one :application_helm, class_name: 'Clusters::Applications::Helm'
has_one :application_ingress, class_name: 'Clusters::Applications::Ingress'
......@@ -29,15 +28,9 @@ module Clusters
validates :name, cluster_name: true
validate :restrict_modification, on: :update
# TODO: Move back this into Clusters::Platforms::Kubernetes in 10.3
# We need callback here because `enabled` belongs to Clusters::Cluster
# Callbacks in Clusters::Platforms::Kubernetes will not be called after update
after_save :update_kubernetes_integration!
delegate :status, to: :provider, allow_nil: true
delegate :status_reason, to: :provider, allow_nil: true
delegate :on_creation?, to: :provider, allow_nil: true
delegate :update_kubernetes_integration!, to: :platform, allow_nil: true
delegate :active?, to: :platform_kubernetes, prefix: true, allow_nil: true
delegate :installed?, to: :application_helm, prefix: true, allow_nil: true
......
module Clusters
module Platforms
class Kubernetes < ActiveRecord::Base
include Gitlab::CurrentSettings
include Gitlab::Kubernetes
include ReactiveCaching
self.table_name = 'cluster_platforms_kubernetes'
self.reactive_cache_key = ->(kubernetes) { [kubernetes.class.model_name.singular, kubernetes.cluster_id] }
belongs_to :cluster, inverse_of: :platform_kubernetes, class_name: 'Clusters::Cluster'
......@@ -29,20 +34,13 @@ module Clusters
validates :api_url, url: true, presence: true
validates :token, presence: true
# TODO: Glue code till we migrate Kubernetes Integration into Platforms::Kubernetes
after_destroy :destroy_kubernetes_integration!
after_save :clear_reactive_cache!
alias_attribute :ca_pem, :ca_cert
delegate :project, to: :cluster, allow_nil: true
delegate :enabled?, to: :cluster, allow_nil: true
class << self
def namespace_for_project(project)
"#{project.path}-#{project.id}"
end
end
def actual_namespace
if namespace.present?
namespace
......@@ -51,58 +49,126 @@ module Clusters
end
end
def default_namespace
self.class.namespace_for_project(project) if project
def predefined_variables
config = YAML.dump(kubeconfig)
variables = [
{ key: 'KUBE_URL', value: api_url, public: true },
{ key: 'KUBE_TOKEN', value: token, public: false },
{ key: 'KUBE_NAMESPACE', value: actual_namespace, public: true },
{ key: 'KUBECONFIG', value: config, public: false, file: true }
]
if ca_pem.present?
variables << { key: 'KUBE_CA_PEM', value: ca_pem, public: true }
variables << { key: 'KUBE_CA_PEM_FILE', value: ca_pem, public: true, file: true }
end
def kubeclient
@kubeclient ||= kubernetes_service.kubeclient if manages_kubernetes_service?
variables
end
# Constructs a list of terminals from the reactive cache
#
# Returns nil if the cache is empty, in which case you should try again a
# short time later
def terminals(environment)
with_reactive_cache do |data|
pods = filter_by_label(data[:pods], app: environment.slug)
terminals = pods.flat_map { |pod| terminals_for_pod(api_url, actual_namespace, pod) }
terminals.each { |terminal| add_terminal_auth(terminal, terminal_auth) }
end
end
def update_kubernetes_integration!
raise 'Kubernetes service already configured' unless manages_kubernetes_service?
# Caches resources in the namespace so other calls don't need to block on
# network access
def calculate_reactive_cache
return unless enabled? && project && !project.pending_delete?
# This is neccesary, otheriwse enabled? returns true even though cluster updated with enabled: false
cluster.reload
# We may want to cache extra things in the future
{ pods: read_pods }
end
ensure_kubernetes_service&.update!(
active: enabled?,
api_url: api_url,
namespace: namespace,
def kubeclient
@kubeclient ||= build_kubeclient!
end
private
def kubeconfig
to_kubeconfig(
url: api_url,
namespace: actual_namespace,
token: token,
ca_pem: ca_cert
ca_pem: ca_pem)
end
def default_namespace
return unless project
slug = "#{project.path}-#{project.id}".downcase
slug.gsub(/[^-a-z0-9]/, '-').gsub(/^-+/, '')
end
def build_kubeclient!(api_path: 'api', api_version: 'v1')
raise "Incomplete settings" unless api_url && actual_namespace
unless (username && password) || token
raise "Either username/password or token is required to access API"
end
::Kubeclient::Client.new(
join_api_url(api_path),
api_version,
auth_options: kubeclient_auth_options,
ssl_options: kubeclient_ssl_options,
http_proxy_uri: ENV['http_proxy']
)
end
def active?
manages_kubernetes_service?
# Returns a hash of all pods in the namespace
def read_pods
kubeclient = build_kubeclient!
kubeclient.get_pods(namespace: actual_namespace).as_json
rescue KubeException => err
raise err unless err.error_code == 404
[]
end
private
def kubeclient_ssl_options
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
def enforce_namespace_to_lower_case
self.namespace = self.namespace&.downcase
if ca_pem.present?
opts[:cert_store] = OpenSSL::X509::Store.new
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
end
# TODO: glue code till we migrate Kubernetes Service into Platforms::Kubernetes class
def manages_kubernetes_service?
return true unless kubernetes_service&.active?
opts
end
kubernetes_service.api_url == api_url
def kubeclient_auth_options
{ bearer_token: token }
end
def destroy_kubernetes_integration!
return unless manages_kubernetes_service?
def join_api_url(api_path)
url = URI.parse(api_url)
prefix = url.path.sub(%r{/+\z}, '')
url.path = [prefix, api_path].join("/")
kubernetes_service&.destroy!
url.to_s
end
def kubernetes_service
@kubernetes_service ||= project&.kubernetes_service
def terminal_auth
{
token: token,
ca_pem: ca_pem,
max_session_time: current_application_settings.terminal_max_session_time
}
end
def ensure_kubernetes_service
@kubernetes_service ||= kubernetes_service || project&.build_kubernetes_service
def enforce_namespace_to_lower_case
self.namespace = self.namespace&.downcase
end
end
end
......
......@@ -127,7 +127,7 @@ class Project < ActiveRecord::Base
has_one :bugzilla_service
has_one :gitlab_issue_tracker_service, inverse_of: :project
has_one :external_wiki_service
has_one :kubernetes_service, inverse_of: :project
# has_one :kubernetes_service, inverse_of: :project
has_one :prometheus_service, inverse_of: :project
has_one :mock_ci_service
has_one :mock_deployment_service
......@@ -911,7 +911,11 @@ class Project < ActiveRecord::Base
end
def deployment_service
@deployment_service ||= deployment_services.reorder(nil).find_by(active: true)
deployment_platform
end
def kubernetes_service
deployment_platform
end
def monitoring_services
......@@ -1848,4 +1852,11 @@ class Project < ActiveRecord::Base
raise ex
end
# TODO: This will be extended for multiple enviroment clusters
# TODO: Add super nice tests to check this interchangeability
def deployment_platform
@deployment_platform ||= clusters.where(enabled: true).first&.platform_kubernetes
@deployment_platform ||= deployment_services.reorder(nil).find_by(active: true)
end
end
##
# NOTE:
# We'll move this class to Clusters::Platforms::Kubernetes, which contains exactly the same logic.
# After we've migrated data, we'll remove KubernetesService. This would happen in a few months.
# If you're modyfiyng this class, please note that you should update the same change in Clusters::Platforms::Kubernetes.
class KubernetesService < DeploymentService
include Gitlab::CurrentSettings
include Gitlab::Kubernetes
......
......@@ -130,6 +130,24 @@ describe Projects::BranchesController do
expect(response.location).to include(project_new_blob_path(project, branch))
expect(response).to have_gitlab_http_status(302)
end
it 'redirects to autodeploy setup page' do
result = { status: :success, branch: double(name: branch) }
create(:cluster, :provided_by_gcp, projects: [project])
expect_any_instance_of(CreateBranchService).to receive(:execute).and_return(result)
expect(SystemNoteService).to receive(:new_issue_branch).and_return(true)
post :create,
namespace_id: project.namespace.to_param,
project_id: project.to_param,
branch_name: branch,
issue_iid: issue.iid
expect(response.location).to include(project_new_blob_path(project, branch))
expect(response).to have_gitlab_http_status(302)
end
end
context 'without issue feature access' do
......
......@@ -4,6 +4,7 @@ describe 'Auto deploy' do
let(:user) { create(:user) }
let(:project) { create(:project, :repository) }
context 'when user configured kubernetes from Integration > Kubernetes' do
before do
create :kubernetes_service, project: project
project.team << [user, :master]
......@@ -52,4 +53,56 @@ describe 'Auto deploy' do
expect(page).to have_content('New Merge Request From auto-deploy into master')
end
end
end
context 'when user configured kubernetes from CI/CD > Clusters' do
before do
create(:cluster, :provided_by_gcp, projects: [project])
project.team << [user, :master]
sign_in user
end
context 'when no deployment service is active' do
before do
project.kubernetes_service.update!(active: false)
end
it 'does not show a button to set up auto deploy' do
visit project_path(project)
expect(page).to have_no_content('Set up auto deploy')
end
end
context 'when a deployment service is active' do
before do
project.kubernetes_service.update!(active: true)
visit project_path(project)
end
it 'shows a button to set up auto deploy' do
expect(page).to have_link('Set up auto deploy')
end
it 'includes OpenShift as an available template', :js do
click_link 'Set up auto deploy'
click_button 'Apply a GitLab CI Yaml template'
within '.gitlab-ci-yml-selector' do
expect(page).to have_content('OpenShift')
end
end
it 'creates a merge request using "auto-deploy" branch', :js do
click_link 'Set up auto deploy'
click_button 'Apply a GitLab CI Yaml template'
within '.gitlab-ci-yml-selector' do
click_on 'OpenShift'
end
wait_for_requests
click_button 'Commit changes'
expect(page).to have_content('New Merge Request From auto-deploy into master')
end
end
end
end
require 'spec_helper'
feature 'Interchangeability between KubernetesService and Platform::Kubernetes' do
let!(:project) { create(:project, :repository) }
EXCEPT_METHODS = %i[test title description help fields initialize_properties namespace namespace= api_url api_url=]
EXCEPT_METHODS_GREP_V = %w[_touched? _changed? _was]
it 'Clusters::Platform::Kubernetes covers core interfaces in KubernetesService' do
expected_interfaces = KubernetesService.instance_methods(false)
expected_interfaces = expected_interfaces - EXCEPT_METHODS
EXCEPT_METHODS_GREP_V.each do |g|
expected_interfaces = expected_interfaces.grep_v(/#{Regexp.escape(g)}\z/)
end
expect(expected_interfaces - Clusters::Platforms::Kubernetes.instance_methods).to be_empty
end
shared_examples 'selects kubernetes instance' do
context 'when user configured kubernetes from Integration > Kubernetes' do
let!(:kubernetes_service) { create(:kubernetes_service, project: project) }
it { is_expected.to eq(kubernetes_service) }
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
let(:platform_kubernetes) { cluster.platform_kubernetes }
it { is_expected.to eq(platform_kubernetes) }
end
end
describe 'Project#deployment_service' do
subject { project.deployment_service }
it_behaves_like 'selects kubernetes instance'
end
describe 'Project#kubernetes_service' do
subject { project.kubernetes_service }
it_behaves_like 'selects kubernetes instance'
end
end
......@@ -101,8 +101,7 @@ feature 'Environment' do
end
context 'with terminal' do
let(:project) { create(:kubernetes_project, :test_repo) }
shared_examples 'correct behavior with terminal' do
context 'for project master' do
let(:role) { :master }
......@@ -133,6 +132,20 @@ feature 'Environment' do
end
end
context 'when user configured kubernetes from Integration > Kubernetes' do
let(:project) { create(:kubernetes_project, :test_repo) }
it_behaves_like 'correct behavior with terminal'
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.project }
it_behaves_like 'correct behavior with terminal'
end
end
context 'when environment is available' do
context 'with stop action' do
given(:action) do
......
......@@ -208,8 +208,7 @@ feature 'Environments page', :js do
end
context 'when kubernetes terminal is available' do
let(:project) { create(:kubernetes_project, :test_repo) }
shared_examples 'correct behavior with terminal' do
context 'for project master' do
let(:role) { :master }
......@@ -226,6 +225,20 @@ feature 'Environments page', :js do
end
end
end
context 'when user configured kubernetes from Integration > Kubernetes' do
let(:project) { create(:kubernetes_project, :test_repo) }
it_behaves_like 'correct behavior with terminal'
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.project }
it_behaves_like 'correct behavior with terminal'
end
end
end
end
end
......
......@@ -4,14 +4,27 @@ describe Gitlab::Ci::Build::Policy::Kubernetes do
let(:pipeline) { create(:ci_pipeline, project: project) }
context 'when kubernetes service is active' do
set(:project) { create(:kubernetes_project) }
shared_examples 'correct behavior for satisfied_by?' do
it 'is satisfied by a kubernetes pipeline' do
expect(described_class.new('active'))
.to be_satisfied_by(pipeline)
end
end
context 'when user configured kubernetes from Integration > Kubernetes' do
let(:project) { create(:kubernetes_project) }
it_behaves_like 'correct behavior for satisfied_by?'
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.project }
it_behaves_like 'correct behavior for satisfied_by?'
end
end
context 'when kubernetes service is inactive' do
set(:project) { create(:project) }
......
......@@ -5,6 +5,8 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
include ReactiveCachingHelpers
it { is_expected.to belong_to(:cluster) }
it { is_expected.to be_kind_of(Gitlab::Kubernetes) }
it { is_expected.to be_kind_of(ReactiveCaching) }
it { is_expected.to respond_to :ca_pem }
describe 'before_validation' do
......@@ -159,16 +161,8 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
end
end
describe '.namespace_for_project' do
subject { described_class.namespace_for_project(project) }
let(:project) { create(:project) }
it { is_expected.to eq("#{project.path}-#{project.id}") }
end
describe '#default_namespace' do
subject { kubernetes.default_namespace }
subject { kubernetes.send(:default_namespace) }
let(:kubernetes) { create(:cluster_platform_kubernetes, :configured) }
......@@ -185,4 +179,137 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
it { is_expected.to be_nil }
end
end
describe '#predefined_variables' do
let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) }
let(:kubernetes) { create(:cluster_platform_kubernetes, api_url: api_url, ca_cert: ca_pem, token: token) }
let(:api_url) { 'https://kube.domain.com' }
let(:ca_pem) { 'CA PEM DATA' }
let(:token) { 'token' }
let(:kubeconfig) do
config_file = expand_fixture_path('config/kubeconfig.yml')
config = YAML.load(File.read(config_file))
config.dig('users', 0, 'user')['token'] = token
config.dig('contexts', 0, 'context')['namespace'] = namespace
config.dig('clusters', 0, 'cluster')['certificate-authority-data'] =
Base64.strict_encode64(ca_pem)
YAML.dump(config)
end
shared_examples 'setting variables' do
it 'sets the variables' do
expect(kubernetes.predefined_variables).to include(
{ key: 'KUBE_URL', value: api_url, public: true },
{ key: 'KUBE_TOKEN', value: token, public: false },
{ key: 'KUBE_NAMESPACE', value: namespace, public: true },
{ key: 'KUBECONFIG', value: kubeconfig, public: false, file: true },
{ key: 'KUBE_CA_PEM', value: ca_pem, public: true },
{ key: 'KUBE_CA_PEM_FILE', value: ca_pem, public: true, file: true }
)
end
end
context 'namespace is provided' do
let(:namespace) { 'my-project' }
before do
kubernetes.namespace = namespace
end
it_behaves_like 'setting variables'
end
context 'no namespace provided' do
let(:namespace) { kubernetes.actual_namespace }
it_behaves_like 'setting variables'
it 'sets the KUBE_NAMESPACE' do
kube_namespace = kubernetes.predefined_variables.find { |h| h[:key] == 'KUBE_NAMESPACE' }
expect(kube_namespace).not_to be_nil
expect(kube_namespace[:value]).to match(/\A#{Gitlab::PathRegex::PATH_REGEX_STR}-\d+\z/)
end
end
end
describe '#terminals' do
subject { service.terminals(environment) }
let!(:cluster) { create(:cluster, :project, platform_kubernetes: service) }
let(:project) { cluster.project }
let(:service) { create(:cluster_platform_kubernetes, :configured) }
let(:environment) { build(:environment, project: project, name: "env", slug: "env-000000") }
context 'with invalid pods' do
it 'returns no terminals' do
stub_reactive_cache(service, pods: [{ "bad" => "pod" }])
is_expected.to be_empty
end
end
context 'with valid pods' do
let(:pod) { kube_pod(app: environment.slug) }
let(:terminals) { kube_terminals(service, pod) }
before do
stub_reactive_cache(
service,
pods: [pod, pod, kube_pod(app: "should-be-filtered-out")]
)
end
it 'returns terminals' do
is_expected.to eq(terminals + terminals)
end
it 'uses max session time from settings' do
stub_application_setting(terminal_max_session_time: 600)
times = subject.map { |terminal| terminal[:max_session_time] }
expect(times).to eq [600, 600, 600, 600]
end
end
end
describe '#calculate_reactive_cache' do
subject { service.calculate_reactive_cache }
let!(:cluster) { create(:cluster, :project, enabled: enabled, platform_kubernetes: service) }
let(:service) { create(:cluster_platform_kubernetes, :configured) }
let(:enabled) { true }
context 'when cluster is disabled' do
let(:enabled) { false }
it { is_expected.to be_nil }
end
context 'when kubernetes responds with valid pods' do
before do
stub_kubeclient_pods
end
it { is_expected.to eq(pods: [kube_pod]) }
end
context 'when kubernetes responds with 500s' do
before do
stub_kubeclient_pods(status: 500)
end
it { expect { subject }.to raise_error(KubeException) }
end
context 'when kubernetes responds with 404s' do
before do
stub_kubeclient_pods(status: 404)
end
it { is_expected.to eq(pods: []) }
end
end
end
......@@ -2365,14 +2365,27 @@ describe Project do
end
context 'when project has a deployment service' do
let(:project) { create(:kubernetes_project) }
shared_examples 'correct behavior with variables' do
it 'returns variables from this service' do
expect(project.deployment_variables).to include(
{ key: 'KUBE_TOKEN', value: project.kubernetes_service.token, public: false }
)
end
end
context 'when user configured kubernetes from Integration > Kubernetes' do
let(:project) { create(:kubernetes_project) }
it_behaves_like 'correct behavior with variables'
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.project }
it_behaves_like 'correct behavior with variables'
end
end
end
describe '#secret_variables_for' do
......
......@@ -41,7 +41,7 @@ RSpec.shared_examples 'additional metrics query' do
end
describe 'project has Kubernetes service' do
let(:project) { create(:kubernetes_project) }
shared_examples 'correct behavior with metrics' do
let(:environment) { create(:environment, slug: 'environment-slug', project: project) }
let(:kube_namespace) { project.kubernetes_service.actual_namespace }
......@@ -54,6 +54,20 @@ RSpec.shared_examples 'additional metrics query' do
end
end
context 'when user configured kubernetes from Integration > Kubernetes' do
let(:project) { create(:kubernetes_project) }
it_behaves_like 'correct behavior with metrics'
end
context 'when user configured kubernetes from CI/CD > Clusters' do
let!(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.project }
it_behaves_like 'correct behavior with metrics'
end
end
describe 'project without Kubernetes service' do
it_behaves_like 'query context containing environment slug and filter'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment