Merge branch 'master' into triggermesh-phase1-knative

3 files changed, 65 insertions, 14 deletions

diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb
index 1939df9f86e..7b219ec8267 100644
--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -20,6 +20,7 @@ module Clusters
 
     has_many :cluster_projects, class_name: 'Clusters::Project'
     has_many :projects, through: :cluster_projects, class_name: '::Project'
+    has_one :cluster_project, -> { order(id: :desc) }, class_name: 'Clusters::Project'
 
     has_many :cluster_groups, class_name: 'Clusters::Group'
     has_many :groups, through: :cluster_groups, class_name: '::Group'
@@ -131,6 +132,13 @@ module Clusters
       platform_kubernetes.kubeclient if kubernetes?
     end
 
+    def find_or_initialize_kubernetes_namespace(cluster_project)
+      kubernetes_namespaces.find_or_initialize_by(
+        project: cluster_project.project,
+        cluster_project: cluster_project
+      )
+    end
+
     private
 
     def restrict_modification
diff --git a/app/models/clusters/kubernetes_namespace.rb b/app/models/clusters/kubernetes_namespace.rb
index fb5f6b65d9d..ac7f9193b87 100644
--- a/app/models/clusters/kubernetes_namespace.rb
+++ b/app/models/clusters/kubernetes_namespace.rb
@@ -2,6 +2,8 @@
 
 module Clusters
   class KubernetesNamespace < ActiveRecord::Base
+    include Gitlab::Kubernetes
+
     self.table_name = 'clusters_kubernetes_namespaces'
 
     belongs_to :cluster_project, class_name: 'Clusters::Project'
@@ -12,7 +14,8 @@ module Clusters
     validates :namespace, presence: true
     validates :namespace, uniqueness: { scope: :cluster_id }
 
-    before_validation :set_namespace_and_service_account_to_default, on: :create
+    delegate :ca_pem, to: :platform_kubernetes, allow_nil: true
+    delegate :api_url, to: :platform_kubernetes, allow_nil: true
 
     attr_encrypted :service_account_token,
         mode: :per_attribute_iv,
@@ -23,14 +26,26 @@ module Clusters
       "#{namespace}-token"
     end
 
-    private
+    def configure_predefined_credentials
+      self.namespace = kubernetes_or_project_namespace
+      self.service_account_name = default_service_account_name
+    end
+
+    def predefined_variables
+      config = YAML.dump(kubeconfig)
 
-    def set_namespace_and_service_account_to_default
-      self.namespace ||= default_namespace
-      self.service_account_name ||= default_service_account_name
+      Gitlab::Ci::Variables::Collection.new.tap do |variables|
+        variables
+          .append(key: 'KUBE_SERVICE_ACCOUNT', value: service_account_name)
+          .append(key: 'KUBE_NAMESPACE', value: namespace)
+          .append(key: 'KUBE_TOKEN', value: service_account_token, public: false)
+          .append(key: 'KUBECONFIG', value: config, public: false, file: true)
+      end
     end
 
-    def default_namespace
+    private
+
+    def kubernetes_or_project_namespace
       platform_kubernetes&.namespace.presence || project_namespace
     end
 
@@ -45,5 +60,13 @@ module Clusters
     def project_slug
       "#{project.path}-#{project.id}".downcase
     end
+
+    def kubeconfig
+      to_kubeconfig(
+        url: api_url,
+        namespace: namespace,
+        token: service_account_token,
+        ca_pem: ca_pem)
+    end
   end
 end
diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index d961130d251..d69038be532 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -6,6 +6,7 @@ module Clusters
       include Gitlab::Kubernetes
       include ReactiveCaching
       include EnumWithNil
+      include AfterCommitQueue
 
       RESERVED_NAMESPACES = %w(gitlab-managed-apps).freeze
 
@@ -44,6 +45,7 @@ module Clusters
       validate :prevent_modification, on: :update
 
       after_save :clear_reactive_cache!
+      after_update :update_kubernetes_namespace
 
       alias_attribute :ca_pem, :ca_cert
 
@@ -68,21 +70,31 @@ module Clusters
         end
       end
 
-      def predefined_variables
-        config = YAML.dump(kubeconfig)
-
+      def predefined_variables(project:)
         Gitlab::Ci::Variables::Collection.new.tap do |variables|
-          variables
-            .append(key: 'KUBE_URL', value: api_url)
-            .append(key: 'KUBE_TOKEN', value: token, public: false)
-            .append(key: 'KUBE_NAMESPACE', value: actual_namespace)
-            .append(key: 'KUBECONFIG', value: config, public: false, file: true)
+          variables.append(key: 'KUBE_URL', value: api_url)
 
           if ca_pem.present?
             variables
               .append(key: 'KUBE_CA_PEM', value: ca_pem)
               .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true)
           end
+
+          if kubernetes_namespace = cluster.kubernetes_namespaces.find_by(project: project)
+            variables.concat(kubernetes_namespace.predefined_variables)
+          else
+            # From 11.5, every Clusters::Project should have at least one
+            # Clusters::KubernetesNamespace, so once migration has been completed,
+            # this 'else' branch will be removed. For more information, please see
+            # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22433
+            config = YAML.dump(kubeconfig)
+
+            variables
+              .append(key: 'KUBE_URL', value: api_url)
+              .append(key: 'KUBE_TOKEN', value: token, public: false)
+              .append(key: 'KUBE_NAMESPACE', value: actual_namespace)
+              .append(key: 'KUBECONFIG', value: config, public: false, file: true)
+          end
         end
       end
 
@@ -205,6 +217,14 @@ module Clusters
 
         true
       end
+
+      def update_kubernetes_namespace
+        return unless namespace_changed?
+
+        run_after_commit do
+          ClusterPlatformConfigureWorker.perform_async(cluster_id)
+        end
+      end
     end
   end
 end