Enable project-level JIT resource creation60617-enable-project-cluster-jit

Previously this behaviour was only available to group
and instance-level clusters, as some project clusters
relied on Kubernetes credentials being passed through
to the runner instead of having their resources managed
by GitLab (which is not available when using JIT). These
clusters have been migrated to unmanaged, so resources
can be created on demand for the remaining managed clusters.

13 files changed, 6 insertions, 68 deletions

diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index 272861cacf0..55646cb924c 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -47,7 +47,6 @@ module Clusters
       validate :prevent_modification, on: :update
 
       after_save :clear_reactive_cache!
-      after_update :update_kubernetes_namespace
 
       alias_attribute :ca_pem, :ca_cert
 
@@ -223,14 +222,6 @@ module Clusters
 
         true
       end
-
-      def update_kubernetes_namespace
-        return unless saved_change_to_namespace?
-
-        run_after_commit do
-          ClusterConfigureWorker.perform_async(cluster_id)
-        end
-      end
     end
   end
 end
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 5525c1b9b7f..2f3c1df7651 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -12,9 +12,6 @@ module Clusters
         create_gitlab_service_account!
         configure_kubernetes
         cluster.save!
-
-        ClusterConfigureWorker.perform_async(cluster.id)
-
       rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
         log_service_error(e.class.name, provider.id, e.message)
         provider.make_errored!(s_('ClusterIntegration|Failed to request to Google Cloud Platform: %{message}') % { message: e.message })
diff --git a/app/workers/cluster_provision_worker.rb b/app/workers/cluster_provision_worker.rb
index 926ae2b7286..59de7903c1c 100644
--- a/app/workers/cluster_provision_worker.rb
+++ b/app/workers/cluster_provision_worker.rb
@@ -9,8 +9,6 @@ class ClusterProvisionWorker
       cluster.provider.try do |provider|
         Clusters::Gcp::ProvisionService.new.execute(provider) if cluster.gcp?
       end
-
-      ClusterConfigureWorker.perform_async(cluster.id) if cluster.user?
     end
   end
 end
diff --git a/changelogs/unreleased/60617-enable-project-cluster-jit.yml b/changelogs/unreleased/60617-enable-project-cluster-jit.yml
new file mode 100644
index 00000000000..b7d745d4385
--- /dev/null
+++ b/changelogs/unreleased/60617-enable-project-cluster-jit.yml
@@ -0,0 +1,5 @@
+---
+title: Enable just-in-time Kubernetes resource creation for project-level clusters
+merge_request: 29515
+author:
+type: changed
diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md
index 181b20dc710..1a2c9cbc838 100644
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -518,9 +518,7 @@ service account of the cluster integration.
 ### Troubleshooting failed deployment jobs
 
 GitLab will create a namespace and service account specifically for your
-deployment jobs. On project level clusters, this happens when the cluster
-is created. On group level clusters, resources are created immediately
-before the deployment job starts.
+deployment jobs. This happens immediately before the deployment job starts.
 
 However, sometimes GitLab can not create them. In such instances, your job will fail with the message:
 
diff --git a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb
index 531c9ce4256..e6e0aaab60b 100644
--- a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb
+++ b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb
@@ -8,7 +8,6 @@ module Gitlab
           def unmet?
             deployment_cluster.present? &&
               deployment_cluster.managed? &&
-              !deployment_cluster.project_type? &&
               (kubernetes_namespace.new_record? || kubernetes_namespace.service_account_token.blank?)
           end
 
diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb
index fa49438287f..35cbab57037 100644
--- a/spec/controllers/projects/clusters_controller_spec.rb
+++ b/spec/controllers/projects/clusters_controller_spec.rb
@@ -340,7 +340,6 @@ describe Projects::ClustersController do
 
     describe 'security' do
       before do
-        allow(ClusterConfigureWorker).to receive(:perform_async)
         stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
       end
 
@@ -438,7 +437,6 @@ describe Projects::ClustersController do
     end
 
     before do
-      allow(ClusterConfigureWorker).to receive(:perform_async)
       stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
     end
 
diff --git a/spec/features/projects/clusters/gcp_spec.rb b/spec/features/projects/clusters/gcp_spec.rb
index 83e582c34f0..940cada6ea5 100644
--- a/spec/features/projects/clusters/gcp_spec.rb
+++ b/spec/features/projects/clusters/gcp_spec.rb
@@ -122,7 +122,6 @@ describe 'Gcp Cluster', :js do
 
       context 'when user changes cluster parameters' do
         before do
-          allow(ClusterConfigureWorker).to receive(:perform_async)
           fill_in 'cluster_platform_kubernetes_attributes_namespace', with: 'my-namespace'
           page.within('#js-cluster-details') { click_button 'Save changes' }
         end
diff --git a/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb b/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb
index 5ac5122e800..c5bc81a2b9e 100644
--- a/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb
+++ b/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb
@@ -45,12 +45,6 @@ describe Gitlab::Ci::Build::Prerequisite::KubernetesNamespace do
             it { is_expected.to be_truthy }
           end
         end
-
-        context 'and cluster is project type' do
-          let(:cluster) { create(:cluster, :project) }
-
-          it { is_expected.to be_falsey }
-        end
       end
 
       context 'and no cluster to deploy to' do
diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb
index 1fb3a8de808..4db2159664a 100644
--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@@ -510,27 +510,4 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
       it { is_expected.to include(pods: []) }
     end
   end
-
-  describe '#update_kubernetes_namespace' do
-    let(:cluster) { create(:cluster, :provided_by_gcp) }
-    let(:platform) { cluster.platform }
-
-    context 'when namespace is updated' do
-      it 'calls ConfigureWorker' do
-        expect(ClusterConfigureWorker).to receive(:perform_async).with(cluster.id).once
-
-        platform.namespace = 'new-namespace'
-        platform.save
-      end
-    end
-
-    context 'when namespace is not updated' do
-      it 'does not call ConfigureWorker' do
-        expect(ClusterConfigureWorker).not_to receive(:perform_async)
-
-        platform.username = "new-username"
-        platform.save
-      end
-    end
-  end
 end
diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
index 2664649df47..5f91acb8e84 100644
--- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb
+++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
@@ -19,10 +19,6 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
 
   subject { described_class.new.execute(provider) }
 
-  before do
-    allow(ClusterConfigureWorker).to receive(:perform_async)
-  end
-
   shared_examples 'success' do
     it 'configures provider and kubernetes' do
       subject
@@ -42,12 +38,6 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
       expect(platform.password).to eq(password)
       expect(platform.token).to eq(token)
     end
-
-    it 'calls ClusterConfigureWorker in a ascync fashion' do
-      expect(ClusterConfigureWorker).to receive(:perform_async).with(cluster.id)
-
-      subject
-    end
   end
 
   shared_examples 'error' do
diff --git a/spec/services/clusters/update_service_spec.rb b/spec/services/clusters/update_service_spec.rb
index 21b37f88fd8..3ee45375dca 100644
--- a/spec/services/clusters/update_service_spec.rb
+++ b/spec/services/clusters/update_service_spec.rb
@@ -39,7 +39,6 @@ describe Clusters::UpdateService do
         end
 
         before do
-          allow(ClusterConfigureWorker).to receive(:perform_async)
           stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
         end
 
diff --git a/spec/workers/cluster_provision_worker_spec.rb b/spec/workers/cluster_provision_worker_spec.rb
index 9cc2ad12bfc..3f69962f25d 100644
--- a/spec/workers/cluster_provision_worker_spec.rb
+++ b/spec/workers/cluster_provision_worker_spec.rb
@@ -23,18 +23,11 @@ describe ClusterProvisionWorker do
 
         described_class.new.perform(cluster.id)
       end
-
-      it 'configures kubernetes platform' do
-        expect(ClusterConfigureWorker).to receive(:perform_async).with(cluster.id)
-
-        described_class.new.perform(cluster.id)
-      end
     end
 
     context 'when cluster does not exist' do
       it 'does not provision a cluster' do
         expect_any_instance_of(Clusters::Gcp::ProvisionService).not_to receive(:execute)
-        expect(ClusterConfigureWorker).not_to receive(:perform_async)
 
         described_class.new.perform(123)
       end