Add latest changes from gitlab-org/gitlab@master

2 files changed, 102 insertions, 73 deletions

diff --git a/scripts/review_apps/automated_cleanup.rb b/scripts/review_apps/automated_cleanup.rb
index cf7c96cb29d..8a04d8e00bc 100755
--- a/scripts/review_apps/automated_cleanup.rb
+++ b/scripts/review_apps/automated_cleanup.rb
@@ -25,7 +25,6 @@ class AutomatedCleanup
   def initialize(project_path: ENV['CI_PROJECT_PATH'], gitlab_token: ENV['GITLAB_BOT_REVIEW_APPS_CLEANUP_TOKEN'])
     @project_path = project_path
     @gitlab_token = gitlab_token
-    ENV['TILLER_NAMESPACE'] ||= review_apps_namespace
   end
 
   def gitlab
@@ -45,7 +44,9 @@ class AutomatedCleanup
   end
 
   def helm
-    @helm ||= Quality::HelmClient.new(namespace: review_apps_namespace)
+    @helm ||= Quality::HelmClient.new(
+      tiller_namespace: review_apps_namespace,
+      namespace: review_apps_namespace)
   end
 
   def kubernetes
diff --git a/scripts/review_apps/review-apps.sh b/scripts/review_apps/review-apps.sh
index 0842f7871ee..be8d5296104 100755
--- a/scripts/review_apps/review-apps.sh
+++ b/scripts/review_apps/review-apps.sh
@@ -1,29 +1,32 @@
 [[ "$TRACE" ]] && set -x
-export TILLER_NAMESPACE="$KUBE_NAMESPACE"
 
 function deploy_exists() {
   local namespace="${1}"
-  local deploy="${2}"
-  echoinfo "Checking if ${deploy} exists in the ${namespace} namespace..." true
+  local release="${2}"
+  local deploy_exists
 
-  helm status --tiller-namespace "${namespace}" "${deploy}" >/dev/null 2>&1
-  local deploy_exists=$?
+  echoinfo "Checking if ${release} exists in the ${namespace} namespace..." true
 
-  echoinfo "Deployment status for ${deploy} is ${deploy_exists}"
+  helm status --tiller-namespace "${namespace}" "${release}" >/dev/null 2>&1
+  deploy_exists=$?
+
+  echoinfo "Deployment status for ${release} is ${deploy_exists}"
   return $deploy_exists
 }
 
 function previous_deploy_failed() {
-  local deploy="${1}"
-  echoinfo "Checking for previous deployment of ${deploy}" true
+  local namespace="${1}"
+  local release="${2}"
+
+  echoinfo "Checking for previous deployment of ${release}" true
 
-  helm status "${deploy}" >/dev/null 2>&1
+  helm status --tiller-namespace "${namespace}" "${release}" >/dev/null 2>&1
   local status=$?
 
   # if `status` is `0`, deployment exists, has a status
   if [ $status -eq 0 ]; then
     echoinfo "Previous deployment found, checking status..."
-    deployment_status=$(helm status "${deploy}" | grep ^STATUS | cut -d' ' -f2)
+    deployment_status=$(helm status --tiller-namespace "${namespace}" "${release}" | grep ^STATUS | cut -d' ' -f2)
     echoinfo "Previous deployment state: ${deployment_status}"
     if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
       status=0;
@@ -37,30 +40,34 @@ function previous_deploy_failed() {
 }
 
 function delete_release() {
-  if [ -z "$CI_ENVIRONMENT_SLUG" ]; then
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
+
+  if [ -z "${release}" ]; then
     echoerr "No release given, aborting the delete!"
     return
   fi
 
-  local name="$CI_ENVIRONMENT_SLUG"
-
-  echoinfo "Deleting release '$name'..." true
+  echoinfo "Deleting release '${release}'..." true
 
-  helm delete --purge "$name"
+  helm delete --tiller-namespace "${namespace}" --purge "${release}"
 }
 
 function delete_failed_release() {
-  if [ -z "$CI_ENVIRONMENT_SLUG" ]; then
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
+
+  if [ -z "${release}" ]; then
     echoerr "No release given, aborting the delete!"
     return
   fi
 
-  if ! deploy_exists "${KUBE_NAMESPACE}" "${CI_ENVIRONMENT_SLUG}"; then
-    echoinfo "No Review App with ${CI_ENVIRONMENT_SLUG} is currently deployed."
+  if ! deploy_exists "${namespace}" "${release}"; then
+    echoinfo "No Review App with ${release} is currently deployed."
   else
     # Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
-    if previous_deploy_failed "$CI_ENVIRONMENT_SLUG" ; then
-      echoinfo "Review App deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
+    if previous_deploy_failed "${namespace}" "${release}" ; then
+      echoinfo "Review App deployment in bad state, cleaning up ${release}"
       delete_release
     else
       echoinfo "Review App deployment in good state"
@@ -70,9 +77,12 @@ function delete_failed_release() {
 
 
 function get_pod() {
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
   local app_name="${1}"
   local status="${2-Running}"
-  get_pod_cmd="kubectl get pods -n ${KUBE_NAMESPACE} --field-selector=status.phase=${status} -lapp=${app_name},release=${CI_ENVIRONMENT_SLUG} --no-headers -o=custom-columns=NAME:.metadata.name | tail -n 1"
+
+  get_pod_cmd="kubectl get pods --namespace ${namespace} --field-selector=status.phase=${status} -lapp=${app_name},release=${release} --no-headers -o=custom-columns=NAME:.metadata.name | tail -n 1"
   echoinfo "Waiting till '${app_name}' pod is ready" true
   echoinfo "Running '${get_pod_cmd}'"
 
@@ -111,19 +121,24 @@ function check_kube_domain() {
 }
 
 function ensure_namespace() {
-  echoinfo "Ensuring the ${KUBE_NAMESPACE} namespace exists..." true
+  local namespace="${KUBE_NAMESPACE}"
+
+  echoinfo "Ensuring the ${namespace} namespace exists..." true
 
-  kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE"
+  kubectl describe namespace "${namespace}" || kubectl create namespace "${namespace}"
 }
 
 function install_tiller() {
-  echoinfo "Checking deployment/tiller-deploy status in the ${TILLER_NAMESPACE} namespace..." true
+  local namespace="${KUBE_NAMESPACE}"
+
+  echoinfo "Checking deployment/tiller-deploy status in the ${namespace} namespace..." true
 
   echoinfo "Initiating the Helm client..."
   helm init --client-only
 
   # Set toleration for Tiller to be installed on a specific node pool
   helm init \
+    --tiller-namespace "${namespace}" \
     --wait \
     --upgrade \
     --node-selectors "app=helm" \
@@ -133,34 +148,38 @@ function install_tiller() {
     --override "spec.template.spec.tolerations[0].value"="helm" \
     --override "spec.template.spec.tolerations[0].effect"="NoSchedule"
 
-  kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy"
+  kubectl rollout status --namespace "${namespace}" --watch "deployment/tiller-deploy"
 
-  if ! helm version --debug; then
+  if ! helm version --tiller-namespace "${namespace}" --debug; then
     echo "Failed to init Tiller."
     return 1
   fi
 }
 
 function install_external_dns() {
-  local release_name="dns-gitlab-review-app"
+  local namespace="${KUBE_NAMESPACE}"
+  local release="dns-gitlab-review-app"
   local domain
   domain=$(echo "${REVIEW_APPS_DOMAIN}" | awk -F. '{printf "%s.%s", $(NF-1), $NF}')
   echoinfo "Installing external DNS for domain ${domain}..." true
 
-  if ! deploy_exists "${KUBE_NAMESPACE}" "${release_name}" || previous_deploy_failed "${release_name}" ; then
+  if ! deploy_exists "${namespace}" "${release}" || previous_deploy_failed "${namespace}" "${release}" ; then
     echoinfo "Installing external-dns Helm chart"
-    helm repo update
+    helm repo update --tiller-namespace "${namespace}"
+
     # Default requested: CPU => 0, memory => 0
-    helm install stable/external-dns --version '^2.2.1' \
-      -n "${release_name}" \
-      --namespace "${KUBE_NAMESPACE}" \
+    helm install stable/external-dns \
+      --tiller-namespace "${namespace}" \
+      --namespace "${namespace}" \
+      --version '^2.2.1' \
+      --name "${release}" \
       --set provider="aws" \
       --set aws.credentials.secretKey="${REVIEW_APPS_AWS_SECRET_KEY}" \
       --set aws.credentials.accessKey="${REVIEW_APPS_AWS_ACCESS_KEY}" \
       --set aws.zoneType="public" \
       --set aws.batchChangeSize=400 \
       --set domainFilters[0]="${domain}" \
-      --set txtOwnerId="${KUBE_NAMESPACE}" \
+      --set txtOwnerId="${namespace}" \
       --set rbac.create="true" \
       --set policy="sync" \
       --set resources.requests.cpu=50m \
@@ -173,21 +192,24 @@ function install_external_dns() {
 }
 
 function create_application_secret() {
-  echoinfo "Creating the ${CI_ENVIRONMENT_SLUG}-gitlab-initial-root-password secret in the ${KUBE_NAMESPACE} namespace..." true
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
+
+  echoinfo "Creating the ${release}-gitlab-initial-root-password secret in the ${namespace} namespace..." true
 
-  kubectl create secret generic -n "$KUBE_NAMESPACE" \
-    "${CI_ENVIRONMENT_SLUG}-gitlab-initial-root-password" \
+  kubectl create secret generic --namespace "${namespace}" \
+    "${release}-gitlab-initial-root-password" \
     --from-literal="password=${REVIEW_APPS_ROOT_PASSWORD}" \
     --dry-run -o json | kubectl apply -f -
 
   if [ -z "${REVIEW_APPS_EE_LICENSE}" ]; then echo "License not found" && return; fi
 
-  echoinfo "Creating the ${CI_ENVIRONMENT_SLUG}-gitlab-license secret in the ${KUBE_NAMESPACE} namespace..." true
+  echoinfo "Creating the ${release}-gitlab-license secret in the ${namespace} namespace..." true
 
   echo "${REVIEW_APPS_EE_LICENSE}" > /tmp/license.gitlab
 
-  kubectl create secret generic -n "$KUBE_NAMESPACE" \
-    "${CI_ENVIRONMENT_SLUG}-gitlab-license" \
+  kubectl create secret generic --namespace "${namespace}" \
+    "${release}-gitlab-license" \
     --from-file=license=/tmp/license.gitlab \
     --dry-run -o json | kubectl apply -f -
 }
@@ -213,13 +235,14 @@ function base_config_changed() {
 }
 
 function deploy() {
-  local name="$CI_ENVIRONMENT_SLUG"
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
   local edition="${GITLAB_EDITION-ce}"
   local base_config_file_ref="master"
-  if [[ "$(base_config_changed)" == "true" ]]; then base_config_file_ref="$CI_COMMIT_SHA"; fi
+  if [[ "$(base_config_changed)" == "true" ]]; then base_config_file_ref="${CI_COMMIT_SHA}"; fi
   local base_config_file="https://gitlab.com/gitlab-org/gitlab/raw/${base_config_file_ref}/scripts/review_apps/base-config.yaml"
 
-  echoinfo "Deploying ${name}..." true
+  echoinfo "Deploying ${release}..." true
 
   IMAGE_REPOSITORY="registry.gitlab.com/gitlab-org/build/cng-mirror"
   gitlab_migrations_image_repository="${IMAGE_REPOSITORY}/gitlab-rails-${edition}"
@@ -233,47 +256,49 @@ function deploy() {
   create_application_secret
 
 HELM_CMD=$(cat << EOF
-  helm upgrade --install \
+  helm upgrade \
+    --tiller-namespace="${namespace}" \
+    --namespace="${namespace}" \
+    --install \
     --wait \
     --timeout 900 \
-    --set ci.branch="$CI_COMMIT_REF_NAME" \
-    --set ci.commit.sha="$CI_COMMIT_SHORT_SHA" \
-    --set ci.job.url="$CI_JOB_URL" \
-    --set ci.pipeline.url="$CI_PIPELINE_URL" \
-    --set releaseOverride="$CI_ENVIRONMENT_SLUG" \
-    --set global.hosts.hostSuffix="$HOST_SUFFIX" \
-    --set global.hosts.domain="$REVIEW_APPS_DOMAIN" \
-    --set gitlab.migrations.image.repository="$gitlab_migrations_image_repository" \
-    --set gitlab.migrations.image.tag="$CI_COMMIT_REF_SLUG" \
-    --set gitlab.gitaly.image.repository="$gitlab_gitaly_image_repository" \
-    --set gitlab.gitaly.image.tag="v$GITALY_VERSION" \
-    --set gitlab.gitlab-shell.image.repository="$gitlab_shell_image_repository" \
-    --set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
-    --set gitlab.sidekiq.image.repository="$gitlab_sidekiq_image_repository" \
-    --set gitlab.sidekiq.image.tag="$CI_COMMIT_REF_SLUG" \
-    --set gitlab.unicorn.image.repository="$gitlab_unicorn_image_repository" \
-    --set gitlab.unicorn.image.tag="$CI_COMMIT_REF_SLUG" \
-    --set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
-    --set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_SLUG" \
-    --set gitlab.task-runner.image.repository="$gitlab_task_runner_image_repository" \
-    --set gitlab.task-runner.image.tag="$CI_COMMIT_REF_SLUG"
+    --set ci.branch="${CI_COMMIT_REF_NAME}" \
+    --set ci.commit.sha="${CI_COMMIT_SHORT_SHA}" \
+    --set ci.job.url="${CI_JOB_URL}" \
+    --set ci.pipeline.url="${CI_PIPELINE_URL}" \
+    --set releaseOverride="${release}" \
+    --set global.hosts.hostSuffix="${HOST_SUFFIX}" \
+    --set global.hosts.domain="${REVIEW_APPS_DOMAIN}" \
+    --set gitlab.migrations.image.repository="${gitlab_migrations_image_repository}" \
+    --set gitlab.migrations.image.tag="${CI_COMMIT_REF_SLUG}" \
+    --set gitlab.gitaly.image.repository="${gitlab_gitaly_image_repository}" \
+    --set gitlab.gitaly.image.tag="v${GITALY_VERSION}" \
+    --set gitlab.gitlab-shell.image.repository="${gitlab_shell_image_repository}" \
+    --set gitlab.gitlab-shell.image.tag="v${GITLAB_SHELL_VERSION}" \
+    --set gitlab.sidekiq.image.repository="${gitlab_sidekiq_image_repository}" \
+    --set gitlab.sidekiq.image.tag="${CI_COMMIT_REF_SLUG}" \
+    --set gitlab.unicorn.image.repository="${gitlab_unicorn_image_repository}" \
+    --set gitlab.unicorn.image.tag="${CI_COMMIT_REF_SLUG}" \
+    --set gitlab.unicorn.workhorse.image="${gitlab_workhorse_image_repository}" \
+    --set gitlab.unicorn.workhorse.tag="${CI_COMMIT_REF_SLUG}" \
+    --set gitlab.task-runner.image.repository="${gitlab_task_runner_image_repository}" \
+    --set gitlab.task-runner.image.tag="${CI_COMMIT_REF_SLUG}"
 EOF
 )
 
 if [ -n "${REVIEW_APPS_EE_LICENSE}" ]; then
 HELM_CMD=$(cat << EOF
   ${HELM_CMD} \
-  --set global.gitlab.license.secret="${CI_ENVIRONMENT_SLUG}-gitlab-license"
+  --set global.gitlab.license.secret="${release}-gitlab-license"
 EOF
 )
 fi
 
 HELM_CMD=$(cat << EOF
   ${HELM_CMD} \
-  --namespace="$KUBE_NAMESPACE" \
   --version="${CI_PIPELINE_ID}-${CI_JOB_ID}" \
   -f "${base_config_file}" \
-  "${name}" .
+  "${release}" .
 EOF
 )
 
@@ -284,11 +309,14 @@ EOF
 }
 
 function display_deployment_debug() {
+  local namespace="${KUBE_NAMESPACE}"
+  local release="${CI_ENVIRONMENT_SLUG}"
+
   # Get all pods for this release
-  echoinfo "Pods for release ${CI_ENVIRONMENT_SLUG}"
-  kubectl get pods -n "$KUBE_NAMESPACE" -lrelease=${CI_ENVIRONMENT_SLUG}
+  echoinfo "Pods for release ${release}"
+  kubectl get pods --namespace "${namespace}" -lrelease=${release}
 
   # Get all non-completed jobs
-  echoinfo "Unsuccessful Jobs for release ${CI_ENVIRONMENT_SLUG}"
-  kubectl get jobs -n "$KUBE_NAMESPACE" -lrelease=${CI_ENVIRONMENT_SLUG} --field-selector=status.successful!=1
+  echoinfo "Unsuccessful Jobs for release ${release}"
+  kubectl get jobs --namespace "${namespace}" -lrelease=${release} --field-selector=status.successful!=1
 }