diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-06-18 11:18:50 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-06-18 11:18:50 +0000 |
| commit | 8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781 (patch) | |
| tree | a77e7fe7a93de11213032ed4ab1f33a3db51b738 /lib/gitlab/kubernetes | |
| parent | 00b35af3db1abfe813a778f643dad221aad51fca (diff) | |
| download | gitlab-ce-8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-1-stable-ee
Diffstat (limited to 'lib/gitlab/kubernetes')
| -rw-r--r-- | lib/gitlab/kubernetes/helm.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/base_command.rb | 31 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/client_command.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/delete_command.rb | 14 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/init_command.rb | 16 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/install_command.rb | 15 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/patch_command.rb | 16 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/helm/reset_command.rb | 15 | ||||
| -rw-r--r-- | lib/gitlab/kubernetes/network_policy.rb | 45 |
9 files changed, 73 insertions, 89 deletions
diff --git a/lib/gitlab/kubernetes/helm.rb b/lib/gitlab/kubernetes/helm.rb index 00ab7109267..9507f7bc117 100644 --- a/lib/gitlab/kubernetes/helm.rb +++ b/lib/gitlab/kubernetes/helm.rb @@ -10,12 +10,6 @@ module Gitlab SERVICE_ACCOUNT = 'tiller' CLUSTER_ROLE_BINDING = 'tiller-admin' CLUSTER_ROLE = 'cluster-admin' - - MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG = :managed_apps_local_tiller - - def self.local_tiller_enabled? - Feature.enabled?(MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG) - end end end end diff --git a/lib/gitlab/kubernetes/helm/base_command.rb b/lib/gitlab/kubernetes/helm/base_command.rb index 31cd21f17e0..f27ad05599e 100644 --- a/lib/gitlab/kubernetes/helm/base_command.rb +++ b/lib/gitlab/kubernetes/helm/base_command.rb @@ -3,7 +3,24 @@ module Gitlab module Kubernetes module Helm - module BaseCommand + class BaseCommand + attr_reader :name, :files + + def initialize(rbac:, name:, files:, local_tiller_enabled:) + @rbac = rbac + @name = name + @files = files + @local_tiller_enabled = local_tiller_enabled + end + + def rbac? + @rbac + end + + def local_tiller_enabled? + @local_tiller_enabled + end + def pod_resource pod_service_account_name = rbac? ? service_account_name : nil @@ -46,18 +63,6 @@ module Gitlab files.keys end - def name - raise "Not implemented" - end - - def rbac? - raise "Not implemented" - end - - def files - raise "Not implemented" - end - private def files_dir diff --git a/lib/gitlab/kubernetes/helm/client_command.rb b/lib/gitlab/kubernetes/helm/client_command.rb index e7ade7e4d39..24458e1b4b3 100644 --- a/lib/gitlab/kubernetes/helm/client_command.rb +++ b/lib/gitlab/kubernetes/helm/client_command.rb @@ -57,10 +57,6 @@ module Gitlab '--tls-key', "#{files_dir}/key.pem" ] end - - def local_tiller_enabled? - ::Gitlab::Kubernetes::Helm.local_tiller_enabled? - end end end end diff --git a/lib/gitlab/kubernetes/helm/delete_command.rb b/lib/gitlab/kubernetes/helm/delete_command.rb index 771444ee9ee..3bb41d09994 100644 --- a/lib/gitlab/kubernetes/helm/delete_command.rb +++ b/lib/gitlab/kubernetes/helm/delete_command.rb @@ -3,17 +3,13 @@ module Gitlab module Kubernetes module Helm - class DeleteCommand - include BaseCommand + class DeleteCommand < BaseCommand include ClientCommand attr_reader :predelete, :postdelete - attr_accessor :name, :files - def initialize(name:, rbac:, files:, predelete: nil, postdelete: nil) - @name = name - @files = files - @rbac = rbac + def initialize(predelete: nil, postdelete: nil, **args) + super(**args) @predelete = predelete @postdelete = postdelete end @@ -32,10 +28,6 @@ module Gitlab "uninstall-#{name}" end - def rbac? - @rbac - end - def delete_command command = ['helm', 'delete', '--purge', name] + tls_flags_if_remote_tiller diff --git a/lib/gitlab/kubernetes/helm/init_command.rb b/lib/gitlab/kubernetes/helm/init_command.rb index 058f38f2c9c..e4844e255c5 100644 --- a/lib/gitlab/kubernetes/helm/init_command.rb +++ b/lib/gitlab/kubernetes/helm/init_command.rb @@ -3,27 +3,13 @@ module Gitlab module Kubernetes module Helm - class InitCommand - include BaseCommand - - attr_reader :name, :files - - def initialize(name:, files:, rbac:) - @name = name - @files = files - @rbac = rbac - end - + class InitCommand < BaseCommand def generate_script super + [ init_helm_command ].join("\n") end - def rbac? - @rbac - end - private def init_helm_command diff --git a/lib/gitlab/kubernetes/helm/install_command.rb b/lib/gitlab/kubernetes/helm/install_command.rb index 3784aecccb5..cf6d993cad4 100644 --- a/lib/gitlab/kubernetes/helm/install_command.rb +++ b/lib/gitlab/kubernetes/helm/install_command.rb @@ -3,19 +3,16 @@ module Gitlab module Kubernetes module Helm - class InstallCommand - include BaseCommand + class InstallCommand < BaseCommand include ClientCommand - attr_reader :name, :files, :chart, :repository, :preinstall, :postinstall + attr_reader :chart, :repository, :preinstall, :postinstall attr_accessor :version - def initialize(name:, chart:, files:, rbac:, version: nil, repository: nil, preinstall: nil, postinstall: nil) - @name = name + def initialize(chart:, version: nil, repository: nil, preinstall: nil, postinstall: nil, **args) + super(**args) @chart = chart @version = version - @rbac = rbac - @files = files @repository = repository @preinstall = preinstall @postinstall = postinstall @@ -33,10 +30,6 @@ module Gitlab ].compact.join("\n") end - def rbac? - @rbac - end - private # Uses `helm upgrade --install` which means we can use this for both diff --git a/lib/gitlab/kubernetes/helm/patch_command.rb b/lib/gitlab/kubernetes/helm/patch_command.rb index ed7a5c2b2d6..1a5fab116bd 100644 --- a/lib/gitlab/kubernetes/helm/patch_command.rb +++ b/lib/gitlab/kubernetes/helm/patch_command.rb @@ -5,23 +5,21 @@ module Gitlab module Kubernetes module Helm - class PatchCommand - include BaseCommand + class PatchCommand < BaseCommand include ClientCommand - attr_reader :name, :files, :chart, :repository + attr_reader :chart, :repository attr_accessor :version - def initialize(name:, chart:, files:, rbac:, version:, repository: nil) + def initialize(chart:, version:, repository: nil, **args) + super(**args) + # version is mandatory to prevent chart mismatches # we do not want our values interpreted in the context of the wrong version raise ArgumentError, 'version is required' if version.blank? - @name = name @chart = chart @version = version - @rbac = rbac - @files = files @repository = repository end @@ -35,10 +33,6 @@ module Gitlab ].compact.join("\n") end - def rbac? - @rbac - end - private def upgrade_command diff --git a/lib/gitlab/kubernetes/helm/reset_command.rb b/lib/gitlab/kubernetes/helm/reset_command.rb index 13176360227..f1f7938039c 100644 --- a/lib/gitlab/kubernetes/helm/reset_command.rb +++ b/lib/gitlab/kubernetes/helm/reset_command.rb @@ -3,18 +3,9 @@ module Gitlab module Kubernetes module Helm - class ResetCommand - include BaseCommand + class ResetCommand < BaseCommand include ClientCommand - attr_reader :name, :files - - def initialize(name:, rbac:, files:) - @name = name - @files = files - @rbac = rbac - end - def generate_script super + [ reset_helm_command, @@ -23,10 +14,6 @@ module Gitlab ].join("\n") end - def rbac? - @rbac - end - def pod_name "uninstall-#{name}" end diff --git a/lib/gitlab/kubernetes/network_policy.rb b/lib/gitlab/kubernetes/network_policy.rb index ea25d81cbd2..dc13a614551 100644 --- a/lib/gitlab/kubernetes/network_policy.rb +++ b/lib/gitlab/kubernetes/network_policy.rb @@ -3,9 +3,12 @@ module Gitlab module Kubernetes class NetworkPolicy - def initialize(name:, namespace:, pod_selector:, ingress:, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil) + DISABLED_BY_LABEL = :'network-policy.gitlab.com/disabled_by' + + def initialize(name:, namespace:, pod_selector:, ingress:, labels: nil, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil) @name = name @namespace = namespace + @labels = labels @creation_timestamp = creation_timestamp @pod_selector = pod_selector @policy_types = policy_types @@ -24,6 +27,7 @@ module Gitlab self.new( name: metadata[:name], namespace: metadata[:namespace], + labels: metadata[:labels], pod_selector: spec[:podSelector], policy_types: spec[:policyTypes], ingress: spec[:ingress], @@ -42,6 +46,7 @@ module Gitlab self.new( name: metadata[:name], namespace: metadata[:namespace], + labels: metadata[:labels]&.to_h, creation_timestamp: metadata[:creationTimestamp], pod_selector: spec[:podSelector], policy_types: spec[:policyTypes], @@ -62,16 +67,48 @@ module Gitlab name: name, namespace: namespace, creation_timestamp: creation_timestamp, - manifest: manifest + manifest: manifest, + is_autodevops: autodevops?, + is_enabled: enabled? } end + def autodevops? + return false unless labels + + !labels[:chart].nil? && labels[:chart].start_with?('auto-deploy-app-') + end + + # podSelector selects pods that should be targeted by this + # policy. We can narrow selection by requiring this policy to + # match our custom labels. Since DISABLED_BY label will not be + # on any pod a policy will be effectively disabled. + def enabled? + return true unless pod_selector&.key?(:matchLabels) + + !pod_selector[:matchLabels]&.key?(DISABLED_BY_LABEL) + end + + def enable + return if enabled? + + pod_selector[:matchLabels].delete(DISABLED_BY_LABEL) + end + + def disable + @pod_selector ||= {} + pod_selector[:matchLabels] ||= {} + pod_selector[:matchLabels].merge!(DISABLED_BY_LABEL => 'gitlab') + end + private - attr_reader :name, :namespace, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress + attr_reader :name, :namespace, :labels, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress def metadata - { name: name, namespace: namespace } + meta = { name: name, namespace: namespace } + meta[:labels] = labels if labels + meta end def spec |