summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/models/clusters/applications/helm.rb49
-rw-r--r--app/models/clusters/applications/ingress.rb4
-rw-r--r--app/models/clusters/applications/jupyter.rb4
-rw-r--r--app/models/clusters/applications/prometheus.rb4
-rw-r--r--app/models/clusters/applications/runner.rb4
-rw-r--r--app/models/clusters/concerns/application_data.rb26
-rw-r--r--changelogs/unreleased/48098-mutual-auth-cluster-applications.yml6
-rw-r--r--db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb11
-rw-r--r--db/schema.rb3
-rw-r--r--lib/gitlab/kubernetes/config_map.rb8
-rw-r--r--lib/gitlab/kubernetes/helm/api.rb2
-rw-r--r--lib/gitlab/kubernetes/helm/base_command.rb32
-rw-r--r--lib/gitlab/kubernetes/helm/certificate.rb72
-rw-r--r--lib/gitlab/kubernetes/helm/init_command.rb18
-rw-r--r--lib/gitlab/kubernetes/helm/install_command.rb37
-rw-r--r--lib/gitlab/kubernetes/helm/pod.rb8
-rw-r--r--qa/qa/factory/resource/kubernetes_cluster.rb5
-rw-r--r--qa/qa/page/project/operations/kubernetes/show.rb1
-rw-r--r--spec/factories/clusters/applications/helm.rb16
-rw-r--r--spec/factories/clusters/clusters.rb4
-rw-r--r--spec/features/projects/clusters/applications_spec.rb16
-rw-r--r--spec/lib/gitlab/kubernetes/config_map_spec.rb4
-rw-r--r--spec/lib/gitlab/kubernetes/helm/api_spec.rb2
-rw-r--r--spec/lib/gitlab/kubernetes/helm/base_command_spec.rb28
-rw-r--r--spec/lib/gitlab/kubernetes/helm/certificate_spec.rb27
-rw-r--r--spec/lib/gitlab/kubernetes/helm/init_command_spec.rb4
-rw-r--r--spec/lib/gitlab/kubernetes/helm/install_command_spec.rb69
-rw-r--r--spec/lib/gitlab/kubernetes/helm/pod_spec.rb29
-rw-r--r--spec/models/clusters/applications/helm_spec.rb26
-rw-r--r--spec/models/clusters/applications/ingress_spec.rb41
-rw-r--r--spec/models/clusters/applications/jupyter_spec.rb45
-rw-r--r--spec/models/clusters/applications/prometheus_spec.rb41
-rw-r--r--spec/models/clusters/applications/runner_spec.rb64
-rw-r--r--spec/services/clusters/applications/install_service_spec.rb2
34 files changed, 178 insertions, 534 deletions
diff --git a/app/models/clusters/applications/helm.rb b/app/models/clusters/applications/helm.rb
index b566edae7bb..58de3448577 100644
--- a/app/models/clusters/applications/helm.rb
+++ b/app/models/clusters/applications/helm.rb
@@ -1,26 +1,13 @@
-require 'openssl'
-
module Clusters
module Applications
class Helm < ActiveRecord::Base
self.table_name = 'clusters_applications_helm'
- attr_encrypted :ca_key,
- mode: :per_attribute_iv,
- key: Settings.attr_encrypted_db_key_base_truncated,
- algorithm: 'aes-256-cbc'
-
include ::Clusters::Concerns::ApplicationCore
include ::Clusters::Concerns::ApplicationStatus
default_value_for :version, Gitlab::Kubernetes::Helm::HELM_VERSION
- before_create :create_keys_and_certs
-
- def issue_client_cert
- ca_cert_obj.issue
- end
-
def set_initial_status
return unless not_installable?
@@ -28,41 +15,7 @@ module Clusters
end
def install_command
- Gitlab::Kubernetes::Helm::InitCommand.new(
- name: name,
- files: files
- )
- end
-
- def has_ssl?
- ca_key.present? && ca_cert.present?
- end
-
- private
-
- def files
- {
- 'ca.pem': ca_cert,
- 'cert.pem': tiller_cert.cert_string,
- 'key.pem': tiller_cert.key_string
- }
- end
-
- def create_keys_and_certs
- ca_cert = Gitlab::Kubernetes::Helm::Certificate.generate_root
- self.ca_key = ca_cert.key_string
- self.ca_cert = ca_cert.cert_string
- end
-
- def tiller_cert
- @tiller_cert ||= ca_cert_obj.issue(expires_in: Gitlab::Kubernetes::Helm::Certificate::INFINITE_EXPIRY)
- end
-
- def ca_cert_obj
- return unless has_ssl?
-
- Gitlab::Kubernetes::Helm::Certificate
- .from_strings(ca_key, ca_cert)
+ Gitlab::Kubernetes::Helm::InitCommand.new(name)
end
end
end
diff --git a/app/models/clusters/applications/ingress.rb b/app/models/clusters/applications/ingress.rb
index 64810812531..27fc3b85465 100644
--- a/app/models/clusters/applications/ingress.rb
+++ b/app/models/clusters/applications/ingress.rb
@@ -32,9 +32,9 @@ module Clusters
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
- name: name,
+ name,
chart: chart,
- files: files
+ values: values
)
end
diff --git a/app/models/clusters/applications/jupyter.rb b/app/models/clusters/applications/jupyter.rb
index cff5a423acb..975d434e1a4 100644
--- a/app/models/clusters/applications/jupyter.rb
+++ b/app/models/clusters/applications/jupyter.rb
@@ -35,9 +35,9 @@ module Clusters
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
- name: name,
+ name,
chart: chart,
- files: files,
+ values: values,
repository: repository
)
end
diff --git a/app/models/clusters/applications/prometheus.rb b/app/models/clusters/applications/prometheus.rb
index 22815cc1219..ea6ec4d6b03 100644
--- a/app/models/clusters/applications/prometheus.rb
+++ b/app/models/clusters/applications/prometheus.rb
@@ -43,10 +43,10 @@ module Clusters
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
- name: name,
+ name,
chart: chart,
version: version,
- files: files
+ values: values
)
end
diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb
index 4c894b5376d..e6f795f3e0b 100644
--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -28,9 +28,9 @@ module Clusters
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
- name: name,
+ name,
chart: chart,
- files: files,
+ values: values,
repository: repository
)
end
diff --git a/app/models/clusters/concerns/application_data.rb b/app/models/clusters/concerns/application_data.rb
index d66f09d48b5..96ac757e99e 100644
--- a/app/models/clusters/concerns/application_data.rb
+++ b/app/models/clusters/concerns/application_data.rb
@@ -12,34 +12,8 @@ module Clusters
File.read(chart_values_file)
end
- def files
- @files ||= begin
- files = { 'values.yaml': values }
-
- files.merge!(certificate_files) if cluster.application_helm.has_ssl?
-
- files
- end
- end
-
private
- def certificate_files
- {
- 'ca.pem': ca_cert,
- 'cert.pem': helm_cert.cert_string,
- 'key.pem': helm_cert.key_string
- }
- end
-
- def ca_cert
- cluster.application_helm.ca_cert
- end
-
- def helm_cert
- @helm_cert ||= cluster.application_helm.issue_client_cert
- end
-
def chart_values_file
"#{Rails.root}/vendor/#{name}/values.yaml"
end
diff --git a/changelogs/unreleased/48098-mutual-auth-cluster-applications.yml b/changelogs/unreleased/48098-mutual-auth-cluster-applications.yml
deleted file mode 100644
index 36e39cf31db..00000000000
--- a/changelogs/unreleased/48098-mutual-auth-cluster-applications.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Ensure installed Helm Tiller For GitLab Managed Apps Is protected by mutual
- auth
-merge_request: 20801
-author:
-type: changed
diff --git a/db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb b/db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
deleted file mode 100644
index d9f15b6b67d..00000000000
--- a/db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class AddColumnsForHelmTillerCertificates < ActiveRecord::Migration
- include Gitlab::Database::MigrationHelpers
-
- DOWNTIME = false
-
- def change
- add_column :clusters_applications_helm, :encrypted_ca_key, :text
- add_column :clusters_applications_helm, :encrypted_ca_key_iv, :text
- add_column :clusters_applications_helm, :ca_cert, :text
- end
-end
diff --git a/db/schema.rb b/db/schema.rb
index 0638de8c6ff..a5f7b8149c6 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -636,9 +636,6 @@ ActiveRecord::Schema.define(version: 20180722103201) do
t.integer "status", null: false
t.string "version", null: false
t.text "status_reason"
- t.text "encrypted_ca_key"
- t.text "encrypted_ca_key_iv"
- t.text "ca_cert"
end
create_table "clusters_applications_ingress", force: :cascade do |t|
diff --git a/lib/gitlab/kubernetes/config_map.rb b/lib/gitlab/kubernetes/config_map.rb
index 9e55dae137c..8a8a59a9cd4 100644
--- a/lib/gitlab/kubernetes/config_map.rb
+++ b/lib/gitlab/kubernetes/config_map.rb
@@ -1,15 +1,15 @@
module Gitlab
module Kubernetes
class ConfigMap
- def initialize(name, files)
+ def initialize(name, values = "")
@name = name
- @files = files
+ @values = values
end
def generate
resource = ::Kubeclient::Resource.new
resource.metadata = metadata
- resource.data = files
+ resource.data = { values: values }
resource
end
@@ -19,7 +19,7 @@ module Gitlab
private
- attr_reader :name, :files
+ attr_reader :name, :values
def metadata
{
diff --git a/lib/gitlab/kubernetes/helm/api.rb b/lib/gitlab/kubernetes/helm/api.rb
index d65374cc23b..c4de9a398cc 100644
--- a/lib/gitlab/kubernetes/helm/api.rb
+++ b/lib/gitlab/kubernetes/helm/api.rb
@@ -9,7 +9,7 @@ module Gitlab
def install(command)
namespace.ensure_exists!
- create_config_map(command)
+ create_config_map(command) if command.config_map?
kubeclient.create_pod(command.pod_resource)
end
diff --git a/lib/gitlab/kubernetes/helm/base_command.rb b/lib/gitlab/kubernetes/helm/base_command.rb
index afcfd109de0..f9ebe53d6af 100644
--- a/lib/gitlab/kubernetes/helm/base_command.rb
+++ b/lib/gitlab/kubernetes/helm/base_command.rb
@@ -1,7 +1,13 @@
module Gitlab
module Kubernetes
module Helm
- module BaseCommand
+ class BaseCommand
+ attr_reader :name
+
+ def initialize(name)
+ @name = name
+ end
+
def pod_resource
Gitlab::Kubernetes::Helm::Pod.new(self, namespace).generate
end
@@ -18,32 +24,16 @@ module Gitlab
HEREDOC
end
- def pod_name
- "install-#{name}"
- end
-
- def config_map_resource
- Gitlab::Kubernetes::ConfigMap.new(name, files).generate
+ def config_map?
+ false
end
- def file_names
- files.keys
- end
-
- def name
- raise "Not implemented"
- end
-
- def files
- raise "Not implemented"
+ def pod_name
+ "install-#{name}"
end
private
- def files_dir
- "/data/helm/#{name}/config"
- end
-
def namespace
Gitlab::Kubernetes::Helm::NAMESPACE
end
diff --git a/lib/gitlab/kubernetes/helm/certificate.rb b/lib/gitlab/kubernetes/helm/certificate.rb
deleted file mode 100644
index c344add82cd..00000000000
--- a/lib/gitlab/kubernetes/helm/certificate.rb
+++ /dev/null
@@ -1,72 +0,0 @@
-module Gitlab
- module Kubernetes
- module Helm
- class Certificate
- INFINITE_EXPIRY = 1000.years
- SHORT_EXPIRY = 30.minutes
-
- attr_reader :key, :cert
-
- def key_string
- @key.to_s
- end
-
- def cert_string
- @cert.to_pem
- end
-
- def self.from_strings(key_string, cert_string)
- key = OpenSSL::PKey::RSA.new(key_string)
- cert = OpenSSL::X509::Certificate.new(cert_string)
- new(key, cert)
- end
-
- def self.generate_root
- _issue(signed_by: nil, expires_in: INFINITE_EXPIRY, certificate_authority: true)
- end
-
- def issue(expires_in: SHORT_EXPIRY)
- self.class._issue(signed_by: self, expires_in: expires_in, certificate_authority: false)
- end
-
- private
-
- def self._issue(signed_by:, expires_in:, certificate_authority:)
- key = OpenSSL::PKey::RSA.new(4096)
- public_key = key.public_key
-
- subject = OpenSSL::X509::Name.parse("/C=US")
-
- cert = OpenSSL::X509::Certificate.new
- cert.subject = subject
-
- cert.issuer = signed_by&.cert&.subject || subject
-
- cert.not_before = Time.now
- cert.not_after = expires_in.from_now
- cert.public_key = public_key
- cert.serial = 0x0
- cert.version = 2
-
- if certificate_authority
- extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = cert
- extension_factory.issuer_certificate = cert
- cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
- cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true))
- cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
- end
-
- cert.sign(signed_by&.key || key, OpenSSL::Digest::SHA256.new)
-
- new(key, cert)
- end
-
- def initialize(key, cert)
- @key = key
- @cert = cert
- end
- end
- end
- end
-end
diff --git a/lib/gitlab/kubernetes/helm/init_command.rb b/lib/gitlab/kubernetes/helm/init_command.rb
index a4546509515..a02e64561f6 100644
--- a/lib/gitlab/kubernetes/helm/init_command.rb
+++ b/lib/gitlab/kubernetes/helm/init_command.rb
@@ -1,16 +1,7 @@
module Gitlab
module Kubernetes
module Helm
- class InitCommand
- include BaseCommand
-
- attr_reader :name, :files
-
- def initialize(name:, files:)
- @name = name
- @files = files
- end
-
+ class InitCommand < BaseCommand
def generate_script
super + [
init_helm_command
@@ -20,12 +11,7 @@ module Gitlab
private
def init_helm_command
- tls_flags = "--tiller-tls" \
- " --tiller-tls-verify --tls-ca-cert #{files_dir}/ca.pem" \
- " --tiller-tls-cert #{files_dir}/cert.pem" \
- " --tiller-tls-key #{files_dir}/key.pem"
-
- "helm init #{tls_flags} >/dev/null"
+ "helm init >/dev/null"
end
end
end
diff --git a/lib/gitlab/kubernetes/helm/install_command.rb b/lib/gitlab/kubernetes/helm/install_command.rb
index c7d6a9c5b4d..d2133a6d65b 100644
--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -1,16 +1,14 @@
module Gitlab
module Kubernetes
module Helm
- class InstallCommand
- include BaseCommand
+ class InstallCommand < BaseCommand
+ attr_reader :name, :chart, :version, :repository, :values
- attr_reader :name, :files, :chart, :version, :repository
-
- def initialize(name:, chart:, files:, version: nil, repository: nil)
+ def initialize(name, chart:, values:, version: nil, repository: nil)
@name = name
@chart = chart
@version = version
- @files = files
+ @values = values
@repository = repository
end
@@ -22,6 +20,14 @@ module Gitlab
].compact.join("\n")
end
+ def config_map?
+ true
+ end
+
+ def config_map_resource
+ Gitlab::Kubernetes::ConfigMap.new(name, values).generate
+ end
+
private
def init_command
@@ -33,27 +39,14 @@ module Gitlab
end
def script_command
- "helm install" \
- "#{optional_tls_flags} " \
- "#{chart} " \
- "--name #{name}" \
- "#{optional_version_flag} " \
- "--namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} " \
- "-f /data/helm/#{name}/config/values.yaml >/dev/null\n"
+ <<~HEREDOC
+ helm install #{chart} --name #{name}#{optional_version_flag} --namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} -f /data/helm/#{name}/config/values.yaml >/dev/null
+ HEREDOC
end
def optional_version_flag
" --version #{version}" if version
end
-
- def optional_tls_flags
- return unless files.key?(:'ca.pem')
-
- " --tls" \
- " --tls-ca-cert #{files_dir}/ca.pem" \
- " --tls-cert #{files_dir}/cert.pem" \
- " --tls-key #{files_dir}/key.pem"
- end
end
end
end
diff --git a/lib/gitlab/kubernetes/helm/pod.rb b/lib/gitlab/kubernetes/helm/pod.rb
index 6e5d3388405..1e12299eefd 100644
--- a/lib/gitlab/kubernetes/helm/pod.rb
+++ b/lib/gitlab/kubernetes/helm/pod.rb
@@ -10,8 +10,10 @@ module Gitlab
def generate
spec = { containers: [container_specification], restartPolicy: 'Never' }
- spec[:volumes] = volumes_specification
- spec[:containers][0][:volumeMounts] = volume_mounts_specification
+ if command.config_map?
+ spec[:volumes] = volumes_specification
+ spec[:containers][0][:volumeMounts] = volume_mounts_specification
+ end
::Kubeclient::Resource.new(metadata: metadata, spec: spec)
end
@@ -59,7 +61,7 @@ module Gitlab
name: 'configuration-volume',
configMap: {
name: "values-content-configuration-#{command.name}",
- items: command.file_names.map { |name| { key: name, path: name } }
+ items: [{ key: 'values', path: 'values.yaml' }]
}
}
]
diff --git a/qa/qa/factory/resource/kubernetes_cluster.rb b/qa/qa/factory/resource/kubernetes_cluster.rb
index ef2ea72b170..1c9e5f94b22 100644
--- a/qa/qa/factory/resource/kubernetes_cluster.rb
+++ b/qa/qa/factory/resource/kubernetes_cluster.rb
@@ -44,11 +44,10 @@ module QA
page.await_installed(:helm)
page.install!(:ingress) if @install_ingress
- page.install!(:prometheus) if @install_prometheus
- page.install!(:runner) if @install_runner
-
page.await_installed(:ingress) if @install_ingress
+ page.install!(:prometheus) if @install_prometheus
page.await_installed(:prometheus) if @install_prometheus
+ page.install!(:runner) if @install_runner
page.await_installed(:runner) if @install_runner
end
end
diff --git a/qa/qa/page/project/operations/kubernetes/show.rb b/qa/qa/page/project/operations/kubernetes/show.rb
index e831edeb89e..4923304133e 100644
--- a/qa/qa/page/project/operations/kubernetes/show.rb
+++ b/qa/qa/page/project/operations/kubernetes/show.rb
@@ -16,7 +16,6 @@ module QA
def install!(application_name)
within(".js-cluster-application-row-#{application_name}") do
- page.has_button?('Install', wait: 30)
click_on 'Install'
end
end
diff --git a/spec/factories/clusters/applications/helm.rb b/spec/factories/clusters/applications/helm.rb
index 7c4a440b9a9..3e4277e4ba6 100644
--- a/spec/factories/clusters/applications/helm.rb
+++ b/spec/factories/clusters/applications/helm.rb
@@ -32,21 +32,11 @@ FactoryBot.define do
updated_at ClusterWaitForAppInstallationWorker::TIMEOUT.ago
end
- factory :clusters_applications_ingress, class: Clusters::Applications::Ingress do
- cluster factory: %i(cluster with_installed_helm provided_by_gcp)
- end
-
- factory :clusters_applications_prometheus, class: Clusters::Applications::Prometheus do
- cluster factory: %i(cluster with_installed_helm provided_by_gcp)
- end
-
- factory :clusters_applications_runner, class: Clusters::Applications::Runner do
- cluster factory: %i(cluster with_installed_helm provided_by_gcp)
- end
-
+ factory :clusters_applications_ingress, class: Clusters::Applications::Ingress
+ factory :clusters_applications_prometheus, class: Clusters::Applications::Prometheus
+ factory :clusters_applications_runner, class: Clusters::Applications::Runner
factory :clusters_applications_jupyter, class: Clusters::Applications::Jupyter do
oauth_application factory: :oauth_application
- cluster factory: %i(cluster with_installed_helm provided_by_gcp)
end
end
end
diff --git a/spec/factories/clusters/clusters.rb b/spec/factories/clusters/clusters.rb
index bbeba8ce8b9..0430762c1ff 100644
--- a/spec/factories/clusters/clusters.rb
+++ b/spec/factories/clusters/clusters.rb
@@ -36,9 +36,5 @@ FactoryBot.define do
trait :production_environment do
sequence(:environment_scope) { |n| "production#{n}/*" }
end
-
- trait :with_installed_helm do
- application_helm factory: %i(clusters_applications_helm installed)
- end
end
end
diff --git a/spec/features/projects/clusters/applications_spec.rb b/spec/features/projects/clusters/applications_spec.rb
index 71d715237f5..a65ca662350 100644
--- a/spec/features/projects/clusters/applications_spec.rb
+++ b/spec/features/projects/clusters/applications_spec.rb
@@ -46,14 +46,12 @@ describe 'Clusters Applications', :js do
end
end
- it 'they see status transition' do
+ it 'he sees status transition' do
page.within('.js-cluster-application-row-helm') do
# FE sends request and gets the response, then the buttons is "Install"
expect(page.find(:css, '.js-cluster-application-install-button')['disabled']).to eq('true')
expect(page).to have_css('.js-cluster-application-install-button', exact_text: 'Install')
- wait_until_helm_created!
-
Clusters::Cluster.last.application_helm.make_installing!
# FE starts polling and update the buttons to "Installing"
@@ -85,7 +83,7 @@ describe 'Clusters Applications', :js do
end
end
- it 'they see status transition' do
+ it 'he sees status transition' do
page.within('.js-cluster-application-row-ingress') do
# FE sends request and gets the response, then the buttons is "Install"
expect(page).to have_css('.js-cluster-application-install-button[disabled]')
@@ -118,14 +116,4 @@ describe 'Clusters Applications', :js do
end
end
end
-
- def wait_until_helm_created!
- retries = 0
-
- while Clusters::Cluster.last.application_helm.nil?
- raise "Timed out waiting for helm application to be created in DB" if (retries += 1) > 3
-
- sleep(1)
- end
- end
end
diff --git a/spec/lib/gitlab/kubernetes/config_map_spec.rb b/spec/lib/gitlab/kubernetes/config_map_spec.rb
index fe65d03875f..e253b291277 100644
--- a/spec/lib/gitlab/kubernetes/config_map_spec.rb
+++ b/spec/lib/gitlab/kubernetes/config_map_spec.rb
@@ -3,7 +3,7 @@ require 'spec_helper'
describe Gitlab::Kubernetes::ConfigMap do
let(:kubeclient) { double('kubernetes client') }
let(:application) { create(:clusters_applications_prometheus) }
- let(:config_map) { described_class.new(application.name, application.files) }
+ let(:config_map) { described_class.new(application.name, application.values) }
let(:namespace) { Gitlab::Kubernetes::Helm::NAMESPACE }
let(:metadata) do
@@ -15,7 +15,7 @@ describe Gitlab::Kubernetes::ConfigMap do
end
describe '#generate' do
- let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: application.files) }
+ let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: { values: application.values }) }
subject { config_map.generate }
it 'should build a Kubeclient Resource' do
diff --git a/spec/lib/gitlab/kubernetes/helm/api_spec.rb b/spec/lib/gitlab/kubernetes/helm/api_spec.rb
index 341f71a3e49..6e9b4ca0869 100644
--- a/spec/lib/gitlab/kubernetes/helm/api_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/api_spec.rb
@@ -39,7 +39,7 @@ describe Gitlab::Kubernetes::Helm::Api do
end
context 'with a ConfigMap' do
- let(:resource) { Gitlab::Kubernetes::ConfigMap.new(application.name, application.files).generate }
+ let(:resource) { Gitlab::Kubernetes::ConfigMap.new(application.name, application.values).generate }
it 'creates a ConfigMap on kubeclient' do
expect(client).to receive(:create_config_map).with(resource).once
diff --git a/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
index d50616e95e8..7be8be54d5e 100644
--- a/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
@@ -2,25 +2,7 @@ require 'spec_helper'
describe Gitlab::Kubernetes::Helm::BaseCommand do
let(:application) { create(:clusters_applications_helm) }
- let(:test_class) do
- Class.new do
- include Gitlab::Kubernetes::Helm::BaseCommand
-
- def name
- "test-class-name"
- end
-
- def files
- {
- some: 'value'
- }
- end
- end
- end
-
- let(:base_command) do
- test_class.new
- end
+ let(:base_command) { described_class.new(application.name) }
subject { base_command }
@@ -36,9 +18,15 @@ describe Gitlab::Kubernetes::Helm::BaseCommand do
end
end
+ describe '#config_map?' do
+ subject { base_command.config_map? }
+
+ it { is_expected.to be_falsy }
+ end
+
describe '#pod_name' do
subject { base_command.pod_name }
- it { is_expected.to eq('install-test-class-name') }
+ it { is_expected.to eq('install-helm') }
end
end
diff --git a/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb b/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
deleted file mode 100644
index f8d00c95a36..00000000000
--- a/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
+++ /dev/null
@@ -1,27 +0,0 @@
-require 'spec_helper'
-
-describe Gitlab::Kubernetes::Helm::Certificate do
- describe '.generate_root' do
- subject { described_class.generate_root }
-
- it 'should generate a root CA that expires a long way in the future' do
- expect(subject.cert.not_after).to be > 999.years.from_now
- end
- end
-
- describe '#issue' do
- subject { described_class.generate_root.issue }
-
- it 'should generate a cert that expires soon' do
- expect(subject.cert.not_after).to be < 60.minutes.from_now
- end
-
- context 'passing in INFINITE_EXPIRY' do
- subject { described_class.generate_root.issue(expires_in: described_class::INFINITE_EXPIRY) }
-
- it 'should generate a cert that expires a long way in the future' do
- expect(subject.cert.not_after).to be > 999.years.from_now
- end
- end
- end
-end
diff --git a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
index dcbc046cf00..89e36a298f8 100644
--- a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
@@ -2,9 +2,9 @@ require 'spec_helper'
describe Gitlab::Kubernetes::Helm::InitCommand do
let(:application) { create(:clusters_applications_helm) }
- let(:commands) { 'helm init --tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem >/dev/null' }
+ let(:commands) { 'helm init >/dev/null' }
- subject { described_class.new(name: application.name, files: {}) }
+ subject { described_class.new(application.name) }
it_behaves_like 'helm commands'
end
diff --git a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
index 51221e54d89..25c6fa3b9a3 100644
--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -1,82 +1,83 @@
require 'rails_helper'
describe Gitlab::Kubernetes::Helm::InstallCommand do
- let(:files) { { 'ca.pem': 'some file content' } }
- let(:repository) { 'https://repository.example.com' }
- let(:version) { '1.2.3' }
-
- let(:install_command) do
- described_class.new(
- name: 'app-name',
- chart: 'chart-name',
- files: files,
- version: version, repository: repository
- )
- end
+ let(:application) { create(:clusters_applications_prometheus) }
+ let(:namespace) { Gitlab::Kubernetes::Helm::NAMESPACE }
+ let(:install_command) { application.install_command }
subject { install_command }
- it_behaves_like 'helm commands' do
- let(:commands) do
- <<~EOS
- helm init --client-only >/dev/null
- helm repo add app-name https://repository.example.com
- helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
- EOS
+ context 'for ingress' do
+ let(:application) { create(:clusters_applications_ingress) }
+
+ it_behaves_like 'helm commands' do
+ let(:commands) do
+ <<~EOS
+ helm init --client-only >/dev/null
+ helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
+ EOS
+ end
end
end
- context 'when there is no repository' do
- let(:repository) { nil }
+ context 'for prometheus' do
+ let(:application) { create(:clusters_applications_prometheus) }
it_behaves_like 'helm commands' do
let(:commands) do
<<~EOS
helm init --client-only >/dev/null
- helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+ helm install #{application.chart} --name #{application.name} --version #{application.version} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
EOS
end
end
end
- context 'when there is no ca.pem file' do
- let(:files) { { 'file.txt': 'some content' } }
+ context 'for runner' do
+ let(:ci_runner) { create(:ci_runner) }
+ let(:application) { create(:clusters_applications_runner, runner: ci_runner) }
it_behaves_like 'helm commands' do
let(:commands) do
<<~EOS
helm init --client-only >/dev/null
- helm repo add app-name https://repository.example.com
- helm install chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+ helm repo add #{application.name} #{application.repository}
+ helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
EOS
end
end
end
- context 'when there is no version' do
- let(:version) { nil }
+ context 'for jupyter' do
+ let(:application) { create(:clusters_applications_jupyter) }
it_behaves_like 'helm commands' do
let(:commands) do
<<~EOS
helm init --client-only >/dev/null
- helm repo add app-name https://repository.example.com
- helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+ helm repo add #{application.name} #{application.repository}
+ helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
EOS
end
end
end
+ describe '#config_map?' do
+ subject { install_command.config_map? }
+
+ it { is_expected.to be_truthy }
+ end
+
describe '#config_map_resource' do
let(:metadata) do
{
- name: "values-content-configuration-app-name",
- namespace: 'gitlab-managed-apps',
- labels: { name: "values-content-configuration-app-name" }
+ name: "values-content-configuration-#{application.name}",
+ namespace: namespace,
+ labels: { name: "values-content-configuration-#{application.name}" }
}
end
- let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: files) }
+ let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: { values: application.values }) }
subject { install_command.config_map_resource }
diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
index ec64193c0b2..43adc80d576 100644
--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -2,13 +2,14 @@ require 'rails_helper'
describe Gitlab::Kubernetes::Helm::Pod do
describe '#generate' do
- let(:app) { create(:clusters_applications_prometheus) }
+ let(:cluster) { create(:cluster) }
+ let(:app) { create(:clusters_applications_prometheus, cluster: cluster) }
let(:command) { app.install_command }
let(:namespace) { Gitlab::Kubernetes::Helm::NAMESPACE }
subject { described_class.new(command, namespace) }
- context 'with a command' do
+ shared_examples 'helm pod' do
it 'should generate a Kubeclient::Resource' do
expect(subject.generate).to be_a_kind_of(Kubeclient::Resource)
end
@@ -40,6 +41,10 @@ describe Gitlab::Kubernetes::Helm::Pod do
spec = subject.generate.spec
expect(spec.restartPolicy).to eq('Never')
end
+ end
+
+ context 'with a install command' do
+ it_behaves_like 'helm pod'
it 'should include volumes for the container' do
container = subject.generate.spec.containers.first
@@ -55,8 +60,24 @@ describe Gitlab::Kubernetes::Helm::Pod do
it 'should mount configMap specification in the volume' do
volume = subject.generate.spec.volumes.first
expect(volume.configMap['name']).to eq("values-content-configuration-#{app.name}")
- expect(volume.configMap['items'].first['key']).to eq(:'values.yaml')
- expect(volume.configMap['items'].first['path']).to eq(:'values.yaml')
+ expect(volume.configMap['items'].first['key']).to eq('values')
+ expect(volume.configMap['items'].first['path']).to eq('values.yaml')
+ end
+ end
+
+ context 'with a init command' do
+ let(:app) { create(:clusters_applications_helm, cluster: cluster) }
+
+ it_behaves_like 'helm pod'
+
+ it 'should not include volumeMounts inside the container' do
+ container = subject.generate.spec.containers.first
+ expect(container.volumeMounts).to be_nil
+ end
+
+ it 'should not a volume inside the specification' do
+ spec = subject.generate.spec
+ expect(spec.volumes).to be_nil
end
end
end
diff --git a/spec/models/clusters/applications/helm_spec.rb b/spec/models/clusters/applications/helm_spec.rb
index e5b2bdc8a4e..0eb1e3876e2 100644
--- a/spec/models/clusters/applications/helm_spec.rb
+++ b/spec/models/clusters/applications/helm_spec.rb
@@ -6,24 +6,13 @@ describe Clusters::Applications::Helm do
describe '.installed' do
subject { described_class.installed }
- let!(:installed_cluster) { create(:clusters_applications_helm, :installed) }
+ let!(:cluster) { create(:clusters_applications_helm, :installed) }
before do
create(:clusters_applications_helm, :errored)
end
- it { is_expected.to contain_exactly(installed_cluster) }
- end
-
- describe '#issue_client_cert' do
- let(:application) { create(:clusters_applications_helm) }
- subject { application.issue_client_cert }
-
- it 'returns a new cert' do
- is_expected.to be_kind_of(Gitlab::Kubernetes::Helm::Certificate)
- expect(subject.cert_string).not_to eq(application.ca_cert)
- expect(subject.key_string).not_to eq(application.ca_key)
- end
+ it { is_expected.to contain_exactly(cluster) }
end
describe '#install_command' do
@@ -36,16 +25,5 @@ describe Clusters::Applications::Helm do
it 'should be initialized with 1 arguments' do
expect(subject.name).to eq('helm')
end
-
- it 'should have cert files' do
- expect(subject.files[:'ca.pem']).to be_present
- expect(subject.files[:'ca.pem']).to eq(helm.ca_cert)
-
- expect(subject.files[:'cert.pem']).to be_present
- expect(subject.files[:'key.pem']).to be_present
-
- cert = OpenSSL::X509::Certificate.new(subject.files[:'cert.pem'])
- expect(cert.not_after).to be > 999.years.from_now
- end
end
end
diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb
index c76aae432f9..bb5b2ef3a47 100644
--- a/spec/models/clusters/applications/ingress_spec.rb
+++ b/spec/models/clusters/applications/ingress_spec.rb
@@ -74,43 +74,18 @@ describe Clusters::Applications::Ingress do
expect(subject.name).to eq('ingress')
expect(subject.chart).to eq('stable/nginx-ingress')
expect(subject.version).to be_nil
- expect(subject.files).to eq(ingress.files)
+ expect(subject.values).to eq(ingress.values)
end
end
- describe '#files' do
- let(:application) { ingress }
- subject { application.files }
- let(:values) { subject[:'values.yaml'] }
+ describe '#values' do
+ subject { ingress.values }
- it 'should include ingress valid keys in values' do
- expect(values).to include('image')
- expect(values).to include('repository')
- expect(values).to include('stats')
- expect(values).to include('podAnnotations')
- end
-
- context 'when the helm application does not have a ca_cert' do
- before do
- application.cluster.application_helm.ca_cert = nil
- end
-
- it 'should not include cert files' do
- expect(subject[:'ca.pem']).not_to be_present
- expect(subject[:'cert.pem']).not_to be_present
- expect(subject[:'key.pem']).not_to be_present
- end
- end
-
- it 'should include cert files' do
- expect(subject[:'ca.pem']).to be_present
- expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert)
-
- expect(subject[:'cert.pem']).to be_present
- expect(subject[:'key.pem']).to be_present
-
- cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
- expect(cert.not_after).to be < 60.minutes.from_now
+ it 'should include ingress valid keys' do
+ is_expected.to include('image')
+ is_expected.to include('repository')
+ is_expected.to include('stats')
+ is_expected.to include('podAnnotations')
end
end
end
diff --git a/spec/models/clusters/applications/jupyter_spec.rb b/spec/models/clusters/applications/jupyter_spec.rb
index a8cf44ac8a8..65750141e65 100644
--- a/spec/models/clusters/applications/jupyter_spec.rb
+++ b/spec/models/clusters/applications/jupyter_spec.rb
@@ -38,46 +38,23 @@ describe Clusters::Applications::Jupyter do
expect(subject.chart).to eq('jupyter/jupyterhub')
expect(subject.version).to be_nil
expect(subject.repository).to eq('https://jupyterhub.github.io/helm-chart/')
- expect(subject.files).to eq(jupyter.files)
+ expect(subject.values).to eq(jupyter.values)
end
end
- describe '#files' do
- let(:application) { create(:clusters_applications_jupyter) }
- subject { application.files }
- let(:values) { subject[:'values.yaml'] }
+ describe '#values' do
+ let(:jupyter) { create(:clusters_applications_jupyter) }
- it 'should include cert files' do
- expect(subject[:'ca.pem']).to be_present
- expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert)
-
- expect(subject[:'cert.pem']).to be_present
- expect(subject[:'key.pem']).to be_present
-
- cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
- expect(cert.not_after).to be < 60.minutes.from_now
- end
-
- context 'when the helm application does not have a ca_cert' do
- before do
- application.cluster.application_helm.ca_cert = nil
- end
-
- it 'should not include cert files' do
- expect(subject[:'ca.pem']).not_to be_present
- expect(subject[:'cert.pem']).not_to be_present
- expect(subject[:'key.pem']).not_to be_present
- end
- end
+ subject { jupyter.values }
it 'should include valid values' do
- expect(values).to include('ingress')
- expect(values).to include('hub')
- expect(values).to include('rbac')
- expect(values).to include('proxy')
- expect(values).to include('auth')
- expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
- expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
+ is_expected.to include('ingress')
+ is_expected.to include('hub')
+ is_expected.to include('rbac')
+ is_expected.to include('proxy')
+ is_expected.to include('auth')
+ is_expected.to include("clientId: #{jupyter.oauth_application.uid}")
+ is_expected.to include("callbackUrl: #{jupyter.callback_url}")
end
end
end
diff --git a/spec/models/clusters/applications/prometheus_spec.rb b/spec/models/clusters/applications/prometheus_spec.rb
index 313bd741f88..e4b61552033 100644
--- a/spec/models/clusters/applications/prometheus_spec.rb
+++ b/spec/models/clusters/applications/prometheus_spec.rb
@@ -153,44 +153,21 @@ describe Clusters::Applications::Prometheus do
expect(command.name).to eq('prometheus')
expect(command.chart).to eq('stable/prometheus')
expect(command.version).to eq('6.7.3')
- expect(command.files).to eq(prometheus.files)
+ expect(command.values).to eq(prometheus.values)
end
end
- describe '#files' do
- let(:application) { create(:clusters_applications_prometheus) }
- subject { application.files }
- let(:values) { subject[:'values.yaml'] }
-
- it 'should include cert files' do
- expect(subject[:'ca.pem']).to be_present
- expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert)
-
- expect(subject[:'cert.pem']).to be_present
- expect(subject[:'key.pem']).to be_present
-
- cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
- expect(cert.not_after).to be < 60.minutes.from_now
- end
-
- context 'when the helm application does not have a ca_cert' do
- before do
- application.cluster.application_helm.ca_cert = nil
- end
+ describe '#values' do
+ let(:prometheus) { create(:clusters_applications_prometheus) }
- it 'should not include cert files' do
- expect(subject[:'ca.pem']).not_to be_present
- expect(subject[:'cert.pem']).not_to be_present
- expect(subject[:'key.pem']).not_to be_present
- end
- end
+ subject { prometheus.values }
it 'should include prometheus valid values' do
- expect(values).to include('alertmanager')
- expect(values).to include('kubeStateMetrics')
- expect(values).to include('nodeExporter')
- expect(values).to include('pushgateway')
- expect(values).to include('serverFiles')
+ is_expected.to include('alertmanager')
+ is_expected.to include('kubeStateMetrics')
+ is_expected.to include('nodeExporter')
+ is_expected.to include('pushgateway')
+ is_expected.to include('serverFiles')
end
end
end
diff --git a/spec/models/clusters/applications/runner_spec.rb b/spec/models/clusters/applications/runner_spec.rb
index 65aaa1ee882..b12500d0acd 100644
--- a/spec/models/clusters/applications/runner_spec.rb
+++ b/spec/models/clusters/applications/runner_spec.rb
@@ -33,55 +33,31 @@ describe Clusters::Applications::Runner do
expect(subject.chart).to eq('runner/gitlab-runner')
expect(subject.version).to be_nil
expect(subject.repository).to eq('https://charts.gitlab.io')
- expect(subject.files).to eq(gitlab_runner.files)
+ expect(subject.values).to eq(gitlab_runner.values)
end
end
- describe '#files' do
- let(:application) { create(:clusters_applications_runner, runner: ci_runner) }
-
- subject { application.files }
- let(:values) { subject[:'values.yaml'] }
-
- it 'should include cert files' do
- expect(subject[:'ca.pem']).to be_present
- expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert)
-
- expect(subject[:'cert.pem']).to be_present
- expect(subject[:'key.pem']).to be_present
-
- cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
- expect(cert.not_after).to be < 60.minutes.from_now
- end
-
- context 'when the helm application does not have a ca_cert' do
- before do
- application.cluster.application_helm.ca_cert = nil
- end
+ describe '#values' do
+ let(:gitlab_runner) { create(:clusters_applications_runner, runner: ci_runner) }
- it 'should not include cert files' do
- expect(subject[:'ca.pem']).not_to be_present
- expect(subject[:'cert.pem']).not_to be_present
- expect(subject[:'key.pem']).not_to be_present
- end
- end
+ subject { gitlab_runner.values }
it 'should include runner valid values' do
- expect(values).to include('concurrent')
- expect(values).to include('checkInterval')
- expect(values).to include('rbac')
- expect(values).to include('runners')
- expect(values).to include('privileged: true')
- expect(values).to include('image: ubuntu:16.04')
- expect(values).to include('resources')
- expect(values).to match(/runnerToken: '?#{ci_runner.token}/)
- expect(values).to match(/gitlabUrl: '?#{Gitlab::Routing.url_helpers.root_url}/)
+ is_expected.to include('concurrent')
+ is_expected.to include('checkInterval')
+ is_expected.to include('rbac')
+ is_expected.to include('runners')
+ is_expected.to include('privileged: true')
+ is_expected.to include('image: ubuntu:16.04')
+ is_expected.to include('resources')
+ is_expected.to include("runnerToken: #{ci_runner.token}")
+ is_expected.to include("gitlabUrl: #{Gitlab::Routing.url_helpers.root_url}")
end
context 'without a runner' do
let(:project) { create(:project) }
- let(:cluster) { create(:cluster, :with_installed_helm, projects: [project]) }
- let(:application) { create(:clusters_applications_runner, cluster: cluster) }
+ let(:cluster) { create(:cluster, projects: [project]) }
+ let(:gitlab_runner) { create(:clusters_applications_runner, cluster: cluster) }
it 'creates a runner' do
expect do
@@ -90,18 +66,18 @@ describe Clusters::Applications::Runner do
end
it 'uses the new runner token' do
- expect(values).to match(/runnerToken: '?#{application.reload.runner.token}/)
+ expect(subject).to include("runnerToken: #{gitlab_runner.reload.runner.token}")
end
it 'assigns the new runner to runner' do
subject
- expect(application.reload.runner).to be_project_type
+ expect(gitlab_runner.reload.runner).to be_project_type
end
end
context 'with duplicated values on vendor/runner/values.yaml' do
- let(:stub_values) do
+ let(:values) do
{
"concurrent" => 4,
"checkInterval" => 3,
@@ -120,11 +96,11 @@ describe Clusters::Applications::Runner do
end
before do
- allow(application).to receive(:chart_values).and_return(stub_values)
+ allow(gitlab_runner).to receive(:chart_values).and_return(values)
end
it 'should overwrite values.yaml' do
- expect(values).to match(/privileged: '?#{application.privileged}/)
+ is_expected.to include("privileged: #{gitlab_runner.privileged}")
end
end
end
diff --git a/spec/services/clusters/applications/install_service_spec.rb b/spec/services/clusters/applications/install_service_spec.rb
index a744ec30b65..93199964a0e 100644
--- a/spec/services/clusters/applications/install_service_spec.rb
+++ b/spec/services/clusters/applications/install_service_spec.rb
@@ -47,7 +47,7 @@ describe Clusters::Applications::InstallService do
end
context 'when application cannot be persisted' do
- let(:application) { create(:clusters_applications_helm, :scheduled) }
+ let(:application) { build(:clusters_applications_helm, :scheduled) }
it 'make the application errored' do
expect(application).to receive(:make_installing!).once.and_raise(ActiveRecord::RecordInvalid)