Merge branch '49726-upgrade-helm-to-2-11' into 'master'

Resolve "Upgrade Helm Tiller Version Used By GitLab Managed Apps"

Closes #49726

See merge request gitlab-org/gitlab-ce!22693

12 files changed, 102 insertions, 31 deletions

diff --git a/app/models/clusters/concerns/application_status.rb b/app/models/clusters/concerns/application_status.rb
index 93bdf9c223d..0e74cce29b7 100644
--- a/app/models/clusters/concerns/application_status.rb
+++ b/app/models/clusters/concerns/application_status.rb
@@ -64,6 +64,13 @@ module Clusters
             status_reason = transition.args.first
             app_status.status_reason = status_reason if status_reason
           end
+
+          before_transition any => [:installed, :updated] do |app_status, _|
+            # When installing any application we are also performing an update
+            # of tiller (see Gitlab::Kubernetes::Helm::ClientCommand) so
+            # therefore we need to reflect that in the database.
+            app_status.cluster.application_helm.update!(version: Gitlab::Kubernetes::Helm::HELM_VERSION)
+          end
         end
       end
 
diff --git a/changelogs/unreleased/49726-upgrade-helm-to-2-11.yml b/changelogs/unreleased/49726-upgrade-helm-to-2-11.yml
new file mode 100644
index 00000000000..dd26af875f5
--- /dev/null
+++ b/changelogs/unreleased/49726-upgrade-helm-to-2-11.yml
@@ -0,0 +1,5 @@
+---
+title: Upgrade helm to 2.11.0 and upgrade on every install
+merge_request: 22693
+author:
+type: added
diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md
index 6b633424c82..c8003d00e73 100644
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -230,6 +230,10 @@ twice, which can lead to confusion during deployments.
 | [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use [this](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) custom Jupyter image that installs additional useful packages on top of the base Jupyter. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found at [Nurtch Documentation](http://docs.nurtch.com/en/latest).  **Note**: Authentication will be enabled for any user of the GitLab server via OAuth2. HTTPS will be supported in a future release. | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) |
 | [Knative](https://cloud.google.com/knative) | 0.1.2 | Knative provides a platform to create, deploy, and manage serverless workloads from a Kubernetes cluster. It is used in conjunction with, and includes [Istio](https://istio.io) to provide an external IP address for all programs hosted by Knative. You will be prompted to enter a wildcard domain where your applications will be exposed. Configure your DNS server to use the external IP address for that domain. For any application created and installed, they will be accessible as `<program_name>.<kubernetes_namespace>.<domain_name>`.  **Note**: This will require your kubernetes cluster to have RBAC enabled. | [knative/knative](https://storage.googleapis.com/triggermesh-charts)
 
+NOTE: **Note:**
+As of GitLab 11.6 Helm Tiller will be upgraded to the latest version supported
+by GitLab before installing any of the above applications.
+
 ## Getting the external IP address
 
 NOTE: **Note:**
diff --git a/lib/gitlab/kubernetes/helm.rb b/lib/gitlab/kubernetes/helm.rb
index 1cd4f9e17b7..5a22b5e3364 100644
--- a/lib/gitlab/kubernetes/helm.rb
+++ b/lib/gitlab/kubernetes/helm.rb
@@ -1,7 +1,7 @@
 module Gitlab
   module Kubernetes
     module Helm
-      HELM_VERSION = '2.7.2'.freeze
+      HELM_VERSION = '2.11.0'.freeze
       KUBECTL_VERSION = '1.11.0'.freeze
       NAMESPACE = 'gitlab-managed-apps'.freeze
       SERVICE_ACCOUNT = 'tiller'.freeze
diff --git a/lib/gitlab/kubernetes/helm/client_command.rb b/lib/gitlab/kubernetes/helm/client_command.rb
new file mode 100644
index 00000000000..72bafc07bf0
--- /dev/null
+++ b/lib/gitlab/kubernetes/helm/client_command.rb
@@ -0,0 +1,26 @@
+module Gitlab
+  module Kubernetes
+    module Helm
+      module ClientCommand
+        def init_command
+          # Here we are always upgrading to the latest version of Tiller when
+          # installing an app. We ensure the helm version stored in the
+          # database is correct by also updating this after transition to
+          # :installed,:updated in Clusters::Concerns::ApplicationStatus
+          'helm init --upgrade'
+        end
+
+        def wait_for_tiller_command
+          # This is necessary to give Tiller time to restart after upgrade.
+          # Ideally we'd be able to use --wait but cannot because of
+          # https://github.com/helm/helm/issues/4855
+          'for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done'
+        end
+
+        def repository_command
+          ['helm', 'repo', 'add', name, repository].shelljoin if repository
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/kubernetes/helm/install_command.rb b/lib/gitlab/kubernetes/helm/install_command.rb
index ff1c1657b98..52700b5dc09 100644
--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -3,6 +3,7 @@ module Gitlab
     module Helm
       class InstallCommand
         include BaseCommand
+        include ClientCommand
 
         attr_reader :name, :files, :chart, :version, :repository, :preinstall, :postinstall
 
@@ -20,6 +21,7 @@ module Gitlab
         def generate_script
           super + [
             init_command,
+            wait_for_tiller_command,
             repository_command,
             repository_update_command,
             preinstall_command,
@@ -34,14 +36,6 @@ module Gitlab
 
         private
 
-        def init_command
-          'helm init --client-only'
-        end
-
-        def repository_command
-          ['helm', 'repo', 'add', name, repository].shelljoin if repository
-        end
-
         def repository_update_command
           'helm repo update' if repository
         end
diff --git a/lib/gitlab/kubernetes/helm/upgrade_command.rb b/lib/gitlab/kubernetes/helm/upgrade_command.rb
index b36315f7a82..9daffc138b5 100644
--- a/lib/gitlab/kubernetes/helm/upgrade_command.rb
+++ b/lib/gitlab/kubernetes/helm/upgrade_command.rb
@@ -5,6 +5,7 @@ module Gitlab
     module Helm
       class UpgradeCommand
         include BaseCommand
+        include ClientCommand
 
         attr_reader :name, :chart, :version, :repository, :files
 
@@ -20,6 +21,7 @@ module Gitlab
         def generate_script
           super + [
             init_command,
+            wait_for_tiller_command,
             repository_command,
             script_command
           ].compact.join("\n")
@@ -35,14 +37,6 @@ module Gitlab
 
         private
 
-        def init_command
-          'helm init --client-only'
-        end
-
-        def repository_command
-          "helm repo add #{name} #{repository}" if repository
-        end
-
         def script_command
           upgrade_flags = "#{optional_version_flag}#{optional_tls_flags}" \
             " --reset-values" \
diff --git a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
index 2b7e3ea6def..39852b7fe29 100644
--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -26,7 +26,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
   it_behaves_like 'helm commands' do
     let(:commands) do
       <<~EOS
-      helm init --client-only
+      helm init --upgrade
+      for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
       helm repo add app-name https://repository.example.com
       helm repo update
       #{helm_install_comand}
@@ -54,7 +55,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         helm repo add app-name https://repository.example.com
         helm repo update
         #{helm_install_command}
@@ -84,7 +86,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         #{helm_install_command}
         EOS
       end
@@ -111,7 +114,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         helm repo add app-name https://repository.example.com
         helm repo update
         #{helm_install_command}
@@ -134,7 +138,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         helm repo add app-name https://repository.example.com
         helm repo update
         #{helm_install_command}
@@ -157,7 +162,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         helm repo add app-name https://repository.example.com
         helm repo update
         #{helm_install_command}
@@ -182,7 +188,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-        helm init --client-only
+        helm init --upgrade
+        for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
         helm repo add app-name https://repository.example.com
         helm repo update
         #{helm_install_command}
diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
index c92bc92c42d..2dd3a570a1d 100644
--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -30,7 +30,7 @@ describe Gitlab::Kubernetes::Helm::Pod do
       it 'should generate the appropriate specifications for the container' do
         container = subject.generate.spec.containers.first
         expect(container.name).to eq('helm')
-        expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.7.2-kube-1.11.0')
+        expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.11.0-kube-1.11.0')
         expect(container.env.count).to eq(3)
         expect(container.env.map(&:name)).to match_array([:HELM_VERSION, :TILLER_NAMESPACE, :COMMAND_SCRIPT])
         expect(container.command).to match_array(["/bin/sh"])
diff --git a/spec/lib/gitlab/kubernetes/helm/upgrade_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/upgrade_command_spec.rb
index 9c9fc91ef3c..9b201dae417 100644
--- a/spec/lib/gitlab/kubernetes/helm/upgrade_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/upgrade_command_spec.rb
@@ -21,7 +21,8 @@ describe Gitlab::Kubernetes::Helm::UpgradeCommand do
   it_behaves_like 'helm commands' do
     let(:commands) do
       <<~EOS
-         helm init --client-only
+         helm init --upgrade
+         for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
          helm upgrade #{application.name} #{application.chart} --tls --tls-ca-cert /data/helm/#{application.name}/config/ca.pem --tls-cert /data/helm/#{application.name}/config/cert.pem --tls-key /data/helm/#{application.name}/config/key.pem --reset-values --install --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml
       EOS
     end
@@ -33,7 +34,8 @@ describe Gitlab::Kubernetes::Helm::UpgradeCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-         helm init --client-only
+         helm init --upgrade
+         for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
          helm upgrade #{application.name} #{application.chart} --tls --tls-ca-cert /data/helm/#{application.name}/config/ca.pem --tls-cert /data/helm/#{application.name}/config/cert.pem --tls-key /data/helm/#{application.name}/config/key.pem --reset-values --install --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml
         EOS
       end
@@ -56,7 +58,8 @@ describe Gitlab::Kubernetes::Helm::UpgradeCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-           helm init --client-only
+           helm init --upgrade
+           for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
            helm repo add #{application.name} #{application.repository}
            helm upgrade #{application.name} #{application.chart} --tls --tls-ca-cert /data/helm/#{application.name}/config/ca.pem --tls-cert /data/helm/#{application.name}/config/cert.pem --tls-key /data/helm/#{application.name}/config/key.pem --reset-values --install --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml
         EOS
@@ -70,7 +73,8 @@ describe Gitlab::Kubernetes::Helm::UpgradeCommand do
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
-         helm init --client-only
+         helm init --upgrade
+         for i in $(seq 1 30); do helm version && break; sleep 1s; echo "Retrying ($i)..."; done
          helm upgrade #{application.name} #{application.chart} --reset-values --install --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml
         EOS
       end
diff --git a/spec/models/clusters/applications/prometheus_spec.rb b/spec/models/clusters/applications/prometheus_spec.rb
index 86de9dc60f2..b5aa1dcece5 100644
--- a/spec/models/clusters/applications/prometheus_spec.rb
+++ b/spec/models/clusters/applications/prometheus_spec.rb
@@ -35,7 +35,7 @@ describe Clusters::Applications::Prometheus do
 
   describe 'transition to installed' do
     let(:project) { create(:project) }
-    let(:cluster) { create(:cluster, projects: [project]) }
+    let(:cluster) { create(:cluster, :with_installed_helm, projects: [project]) }
     let(:prometheus_service) { double('prometheus_service') }
 
     subject { create(:clusters_applications_prometheus, :installing, cluster: cluster) }
diff --git a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
index 82f0dd5d00f..c391cc48f4e 100644
--- a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
@@ -44,10 +44,40 @@ shared_examples 'cluster application status specs' do |application_name|
       subject { create(application_name, :installing) }
 
       it 'is installed' do
-        subject.make_installed
+        subject.make_installed!
 
         expect(subject).to be_installed
       end
+
+      it 'updates helm version' do
+        subject.cluster.application_helm.update!(version: '1.2.3')
+
+        subject.make_installed!
+
+        subject.cluster.application_helm.reload
+
+        expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION)
+      end
+    end
+
+    describe '#make_updated' do
+      subject { create(application_name, :updating) }
+
+      it 'is updated' do
+        subject.make_updated!
+
+        expect(subject).to be_updated
+      end
+
+      it 'updates helm version' do
+        subject.cluster.application_helm.update!(version: '1.2.3')
+
+        subject.make_updated!
+
+        subject.cluster.application_helm.reload
+
+        expect(subject.cluster.application_helm.version).to eq(Gitlab::Kubernetes::Helm::HELM_VERSION)
+      end
     end
 
     describe '#make_errored' do