summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/models/clusters/applications/cert_manager.rb33
-rw-r--r--changelogs/unreleased/cert_manager_v0_9.yml5
-rw-r--r--spec/models/clusters/applications/cert_manager_spec.rb27
3 files changed, 54 insertions, 11 deletions
diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb
index 6bd7473c8ff..27d4180e5b9 100644
--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -3,7 +3,8 @@
module Clusters
module Applications
class CertManager < ApplicationRecord
- VERSION = 'v0.5.2'.freeze
+ VERSION = 'v0.9.1'
+ CRD_VERSION = '0.9'
self.table_name = 'clusters_applications_cert_managers'
@@ -21,16 +22,22 @@ module Clusters
validates :email, presence: true
def chart
- 'stable/cert-manager'
+ 'certmanager/cert-manager'
+ end
+
+ def repository
+ 'https://charts.jetstack.io'
end
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
name: 'certmanager',
+ repository: repository,
version: VERSION,
rbac: cluster.platform_kubernetes_rbac?,
chart: chart,
files: files.merge(cluster_issuer_file),
+ preinstall: pre_install_script,
postinstall: post_install_script
)
end
@@ -46,16 +53,30 @@ module Clusters
private
+ def pre_install_script
+ [
+ apply_file("https://raw.githubusercontent.com/jetstack/cert-manager/release-#{CRD_VERSION}/deploy/manifests/00-crds.yaml"),
+ "kubectl label --overwrite namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} certmanager.k8s.io/disable-validation=true"
+ ]
+ end
+
def post_install_script
- ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+ [retry_command(apply_file('/data/helm/certmanager/config/cluster_issuer.yaml'))]
+ end
+
+ def retry_command(command)
+ "for i in $(seq 1 30); do #{command} && break; sleep 1s; echo \"Retrying ($i)...\"; done"
end
def post_delete_script
[
delete_private_key,
delete_crd('certificates.certmanager.k8s.io'),
+ delete_crd('certificaterequests.certmanager.k8s.io'),
+ delete_crd('challenges.certmanager.k8s.io'),
delete_crd('clusterissuers.certmanager.k8s.io'),
- delete_crd('issuers.certmanager.k8s.io')
+ delete_crd('issuers.certmanager.k8s.io'),
+ delete_crd('orders.certmanager.k8s.io')
].compact
end
@@ -75,6 +96,10 @@ module Clusters
Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found")
end
+ def apply_file(filename)
+ Gitlab::Kubernetes::KubectlCmd.apply_file(filename)
+ end
+
def cluster_issuer_file
{
'cluster_issuer.yaml': cluster_issuer_yaml_content
diff --git a/changelogs/unreleased/cert_manager_v0_9.yml b/changelogs/unreleased/cert_manager_v0_9.yml
new file mode 100644
index 00000000000..bda5bbffab5
--- /dev/null
+++ b/changelogs/unreleased/cert_manager_v0_9.yml
@@ -0,0 +1,5 @@
+---
+title: Install cert-manager v0.9.1
+merge_request: 32243
+author:
+type: changed
diff --git a/spec/models/clusters/applications/cert_manager_spec.rb b/spec/models/clusters/applications/cert_manager_spec.rb
index 93050e80b07..f6d5d05e4a0 100644
--- a/spec/models/clusters/applications/cert_manager_spec.rb
+++ b/spec/models/clusters/applications/cert_manager_spec.rb
@@ -44,11 +44,18 @@ describe Clusters::Applications::CertManager do
it 'is initialized with cert_manager arguments' do
expect(subject.name).to eq('certmanager')
- expect(subject.chart).to eq('stable/cert-manager')
- expect(subject.version).to eq('v0.5.2')
+ expect(subject.chart).to eq('certmanager/cert-manager')
+ expect(subject.repository).to eq('https://charts.jetstack.io')
+ expect(subject.version).to eq('v0.9.1')
expect(subject).to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
- expect(subject.postinstall).to eq(['kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml'])
+ expect(subject.preinstall).to eq([
+ 'kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml',
+ 'kubectl label --overwrite namespace gitlab-managed-apps certmanager.k8s.io/disable-validation=true'
+ ])
+ expect(subject.postinstall).to eq([
+ 'for i in $(seq 1 30); do kubectl apply -f /data/helm/certmanager/config/cluster_issuer.yaml && break; sleep 1s; echo "Retrying ($i)..."; done'
+ ])
end
context 'for a specific user' do
@@ -75,7 +82,7 @@ describe Clusters::Applications::CertManager do
let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') }
it 'is initialized with the locked version' do
- expect(subject.version).to eq('v0.5.2')
+ expect(subject.version).to eq('v0.9.1')
end
end
end
@@ -93,10 +100,13 @@ describe Clusters::Applications::CertManager do
it 'specifies a post delete command to remove custom resource definitions' do
expect(subject.postdelete).to eq([
- "kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found",
+ 'kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found',
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
- 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+ 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
])
end
@@ -111,8 +121,11 @@ describe Clusters::Applications::CertManager do
it 'does not try and delete the secret' do
expect(subject.postdelete).to eq([
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
- 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+ 'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
+ 'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
])
end
end