diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
tree | fb69158581673816a8cd895f9d352dcb3c678b1e /scripts/review_apps | |
parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) | |
download | gitlab-ce-a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4.tar.gz |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to 'scripts/review_apps')
-rw-r--r-- | scripts/review_apps/base-config.yaml | 4 | ||||
-rwxr-xr-x | scripts/review_apps/review-apps.sh | 89 |
2 files changed, 48 insertions, 45 deletions
diff --git a/scripts/review_apps/base-config.yaml b/scripts/review_apps/base-config.yaml index 7daf3f80efc..bb4d5392b3b 100644 --- a/scripts/review_apps/base-config.yaml +++ b/scripts/review_apps/base-config.yaml @@ -113,10 +113,10 @@ nginx-ingress: ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 resources: requests: - cpu: 100m + cpu: 300m memory: 450M limits: - cpu: 200m + cpu: 600m memory: 675M service: enableHttp: false diff --git a/scripts/review_apps/review-apps.sh b/scripts/review_apps/review-apps.sh index 5b52797d285..6fb83e79f7f 100755 --- a/scripts/review_apps/review-apps.sh +++ b/scripts/review_apps/review-apps.sh @@ -40,7 +40,7 @@ function previous_deploy_failed() { } function delete_release() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" if [ -z "${release}" ]; then @@ -48,39 +48,11 @@ function delete_release() { return fi - # Check if helm release exists before attempting to delete - # There may be situation where k8s resources exist, but helm release does not, - # for example, following a failed helm install. - # In such cases, we still want to continue to clean up k8s resources. - if deploy_exists "${namespace}" "${release}"; then - helm_delete_release "${namespace}" "${release}" - fi - kubectl_cleanup_release "${namespace}" "${release}" -} - -function helm_delete_release() { - local namespace="${1}" - local release="${2}" - - echoinfo "Deleting Helm release '${release}'..." true - - helm uninstall --namespace "${namespace}" "${release}" -} - -function kubectl_cleanup_release() { - local namespace="${1}" - local release="${2}" - - echoinfo "Deleting all K8s resources matching '${release}'..." true - kubectl --namespace "${namespace}" get ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,clusterrole,clusterrolebinding,role,rolebinding,sa,crd 2>&1 \ - | grep "${release}" \ - | awk '{print $1}' \ - | xargs kubectl --namespace "${namespace}" delete --ignore-not-found \ - || true + delete_k8s_release_namespace } function delete_failed_release() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" if [ -z "${release}" ]; then @@ -93,7 +65,7 @@ function delete_failed_release() { else # Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade` if previous_deploy_failed "${namespace}" "${release}" ; then - echoinfo "Review App deployment in bad state, cleaning up ${release}" + echoinfo "Review App deployment in bad state, cleaning up namespace ${release}" delete_release else echoinfo "Review App deployment in good state" @@ -101,8 +73,14 @@ function delete_failed_release() { fi } +function delete_k8s_release_namespace() { + local namespace="${CI_ENVIRONMENT_SLUG}" + + kubectl delete namespace "${namespace}" --wait +} + function get_pod() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" local app_name="${1}" local status="${2-Running}" @@ -133,7 +111,7 @@ function get_pod() { } function run_task() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local ruby_cmd="${1}" local task_runner_pod=$(get_pod "task-runner") @@ -149,13 +127,12 @@ function disable_sign_ups() { fi # Create the root token - local ruby_cmd="token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'Token to disable sign-ups'); token.set_token('${REVIEW_APPS_ROOT_TOKEN}'); begin; token.save!; rescue(ActiveRecord::RecordNotUnique); end" - retry "run_task \"${ruby_cmd}\"" + local set_token_rb="token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'Token to disable sign-ups'); token.set_token('${REVIEW_APPS_ROOT_TOKEN}'); begin; token.save!; rescue(ActiveRecord::RecordNotUnique); end" + retry "run_task \"${set_token_rb}\"" # Disable sign-ups - local signup_enabled=$(retry 'curl --silent --show-error --request PUT --header "PRIVATE-TOKEN: ${REVIEW_APPS_ROOT_TOKEN}" "${CI_ENVIRONMENT_URL}/api/v4/application/settings?signup_enabled=false" | jq ".signup_enabled"') - - if [[ "${signup_enabled}" == "false" ]]; then + local disable_signup_rb="Gitlab::CurrentSettings.current_application_settings.update!(signup_enabled: false)" + if (retry "run_task \"${disable_signup_rb}\""); then echoinfo "Sign-ups have been disabled successfully." else echoerr "Sign-ups are still enabled!" @@ -177,13 +154,22 @@ function check_kube_domain() { } function ensure_namespace() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${1}" echoinfo "Ensuring the ${namespace} namespace exists..." true kubectl describe namespace "${namespace}" || kubectl create namespace "${namespace}" } +function label_namespace() { + local namespace="${1}" + local label="${2}" + + echoinfo "Labeling the ${namespace} namespace with ${label}" true + + kubectl label namespace "${namespace}" "${label}" +} + function install_external_dns() { local namespace="${KUBE_NAMESPACE}" local release="dns-gitlab-review-app-helm3" @@ -245,7 +231,7 @@ function install_certmanager() { } function create_application_secret() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" local initial_root_password_shared_secret local gitlab_license_shared_secret @@ -306,7 +292,7 @@ function parse_gitaly_image_tag() { } function deploy() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" local base_config_file_ref="${CI_DEFAULT_BRANCH}" if [[ "$(base_config_changed)" == "true" ]]; then base_config_file_ref="${CI_COMMIT_SHA}"; fi @@ -324,11 +310,15 @@ function deploy() { gitlab_shell_image_repository="${IMAGE_REPOSITORY}/gitlab-shell" gitlab_workhorse_image_repository="${IMAGE_REPOSITORY}/gitlab-workhorse-ee" + ensure_namespace "${namespace}" + label_namespace "${namespace}" "tls=review-apps-tls" # label namespace for kubed to sync tls + create_application_secret HELM_CMD=$(cat << EOF helm upgrade \ --namespace="${namespace}" \ + --create-namespace \ --install \ --wait \ --timeout "${HELM_INSTALL_TIMEOUT:-20m}" \ @@ -370,6 +360,7 @@ HELM_CMD=$(cat << EOF ${HELM_CMD} \ --version="${CI_PIPELINE_ID}-${CI_JOB_ID}" \ -f "${base_config_file}" \ + -v "${HELM_LOG_VERBOSITY:-1}" \ "${release}" "gitlab-${GITLAB_HELM_CHART_REF}" EOF ) @@ -380,8 +371,20 @@ EOF eval "${HELM_CMD}" } +function verify_deploy() { + echoinfo "Verifying deployment at ${CI_ENVIRONMENT_URL}" + + if retry "test_url \"${CI_ENVIRONMENT_URL}\" curl_output.txt"; then + echoinfo "Review app is deployed to ${CI_ENVIRONMENT_URL}" + return 0 + else + echoerr "Review app is not available at ${CI_ENVIRONMENT_URL}. See curl_output.txt artifact for detail." + return 1 + fi +} + function display_deployment_debug() { - local namespace="${KUBE_NAMESPACE}" + local namespace="${CI_ENVIRONMENT_SLUG}" local release="${CI_ENVIRONMENT_SLUG}" # Get all pods for this release |