diff options
-rw-r--r-- | app/assets/images/cluster_app_logos/cert_manager.png | bin | 0 -> 1287 bytes | |||
-rw-r--r-- | app/assets/javascripts/clusters/clusters_bundle.js | 2 | ||||
-rw-r--r-- | app/assets/javascripts/clusters/components/applications.vue | 24 | ||||
-rw-r--r-- | app/assets/javascripts/clusters/services/clusters_service.js | 1 | ||||
-rw-r--r-- | app/assets/javascripts/clusters/stores/clusters_store.js | 8 | ||||
-rw-r--r-- | app/models/clusters/applications/cert_manager.rb | 55 | ||||
-rw-r--r-- | app/models/clusters/cluster.rb | 3 | ||||
-rw-r--r-- | app/services/clusters/applications/create_service.rb | 7 | ||||
-rw-r--r-- | app/views/clusters/clusters/show.html.haml | 1 | ||||
-rw-r--r-- | db/migrate/20181101191341_create_clusters_applications_cert_manager.rb | 18 | ||||
-rw-r--r-- | db/schema.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/kubernetes/helm/install_command.rb | 16 | ||||
-rw-r--r-- | vendor/cert_manager/cluster_issuer.yaml | 11 | ||||
-rw-r--r-- | vendor/cert_manager/values.yaml | 5 |
14 files changed, 143 insertions, 9 deletions
diff --git a/app/assets/images/cluster_app_logos/cert_manager.png b/app/assets/images/cluster_app_logos/cert_manager.png Binary files differnew file mode 100644 index 00000000000..bbc867858da --- /dev/null +++ b/app/assets/images/cluster_app_logos/cert_manager.png diff --git a/app/assets/javascripts/clusters/clusters_bundle.js b/app/assets/javascripts/clusters/clusters_bundle.js index 71fc2ac7d80..cf70a48f076 100644 --- a/app/assets/javascripts/clusters/clusters_bundle.js +++ b/app/assets/javascripts/clusters/clusters_bundle.js @@ -26,6 +26,7 @@ export default class Clusters { statusPath, installHelmPath, installIngressPath, + installCertManagerPath, installRunnerPath, installJupyterPath, installKnativePath, @@ -48,6 +49,7 @@ export default class Clusters { endpoint: statusPath, installHelmEndpoint: installHelmPath, installIngressEndpoint: installIngressPath, + installCertManagerEndpoint: installCertManagerPath, installRunnerEndpoint: installRunnerPath, installPrometheusEndpoint: installPrometheusPath, installJupyterEndpoint: installJupyterPath, diff --git a/app/assets/javascripts/clusters/components/applications.vue b/app/assets/javascripts/clusters/components/applications.vue index c1026d1273a..eb200113f4f 100644 --- a/app/assets/javascripts/clusters/components/applications.vue +++ b/app/assets/javascripts/clusters/components/applications.vue @@ -7,6 +7,7 @@ import helmLogo from 'images/cluster_app_logos/helm.png'; import jeagerLogo from 'images/cluster_app_logos/jeager.png'; import jupyterhubLogo from 'images/cluster_app_logos/jupyterhub.png'; import kubernetesLogo from 'images/cluster_app_logos/kubernetes.png'; +import certManagerLogo from 'images/cluster_app_logos/cert_manager.png'; import knativeLogo from 'images/cluster_app_logos/knative.png'; import meltanoLogo from 'images/cluster_app_logos/meltano.png'; import prometheusLogo from 'images/cluster_app_logos/prometheus.png'; @@ -59,6 +60,7 @@ export default { jeagerLogo, jupyterhubLogo, kubernetesLogo, + certManagerLogo, knativeLogo, meltanoLogo, prometheusLogo, @@ -289,6 +291,28 @@ export default { </div> </application-row> <application-row + id="cert_manager" + :logo-url="certManagerLogo" + :title="applications.cert_manager.title" + :status="applications.cert_manager.status" + :status-reason="applications.cert_manager.statusReason" + :request-status="applications.cert_manager.requestStatus" + :request-reason="applications.cert_manager.requestReason" + :disabled="!helmInstalled" + class="hide-bottom-border rounded-bottom" + title-link="https://cert-manager.readthedocs.io/en/latest/#" + > + <div slot="description"> + <p> + {{ s__(`ClusterIntegration|Cert-Manager is a native Kubernetes + certificate management controller. It will ensure certificates + are valid and up to date, and attempt to renew certificates at + a configured time before expiry. We use Lets Encrypt as a Certificate + Authority with Cert-Manager.`) }} + </p> + </div> + </application-row> + <application-row v-if="isProjectCluster" id="prometheus" :logo-url="prometheusLogo" diff --git a/app/assets/javascripts/clusters/services/clusters_service.js b/app/assets/javascripts/clusters/services/clusters_service.js index da562b09ee5..89dda4b7902 100644 --- a/app/assets/javascripts/clusters/services/clusters_service.js +++ b/app/assets/javascripts/clusters/services/clusters_service.js @@ -6,6 +6,7 @@ export default class ClusterService { this.appInstallEndpointMap = { helm: this.options.installHelmEndpoint, ingress: this.options.installIngressEndpoint, + cert_manager: this.options.installCertManagerEndpoint, runner: this.options.installRunnerEndpoint, prometheus: this.options.installPrometheusEndpoint, jupyter: this.options.installJupyterEndpoint, diff --git a/app/assets/javascripts/clusters/stores/clusters_store.js b/app/assets/javascripts/clusters/stores/clusters_store.js index e45da967392..07f85880d06 100644 --- a/app/assets/javascripts/clusters/stores/clusters_store.js +++ b/app/assets/javascripts/clusters/stores/clusters_store.js @@ -24,6 +24,14 @@ export default class ClusterStore { requestReason: null, externalIp: null, }, + cert_manager: { + title: s__('ClusterIntegration|Cert-Manager'), + status: null, + statusReason: null, + requestStatus: null, + requestReason: null, + externalIp: null, + }, runner: { title: s__('ClusterIntegration|GitLab Runner'), status: null, diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb new file mode 100644 index 00000000000..1804f4ed219 --- /dev/null +++ b/app/models/clusters/applications/cert_manager.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +module Clusters + module Applications + class CertManager < ActiveRecord::Base + VERSION = 'v0.5.0'.freeze + + self.table_name = 'clusters_applications_cert_managers' + + include ::Clusters::Concerns::ApplicationCore + include ::Clusters::Concerns::ApplicationStatus + include ::Clusters::Concerns::ApplicationVersion + include ::Clusters::Concerns::ApplicationData + + default_value_for :version, VERSION + + def chart + 'stable/cert-manager' + end + + def install_command + Gitlab::Kubernetes::Helm::InstallCommand.new( + name: 'certmanager', + version: VERSION, + rbac: cluster.platform_kubernetes_rbac?, + chart: chart, + files: files.merge(cluster_issuer_file), + postinstall: post_install_script + ) + end + + private + + def post_install_script + ["/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"] + end + + def cluster_issuer_file + { + 'cluster_issuer.yaml': cluster_issuer_yaml_content + } + end + + def cluster_issuer_yaml_content + data = YAML.load_file(cluster_issuer_file_path) + data["spec"]["acme"]["email"] = self.email + YAML.dump(data) + end + + def cluster_issuer_file_path + "#{Rails.root}/vendor/cert_manager/cluster_issuer.yaml" + end + end + end + end diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 0ba056e57d4..13906c903b9 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -10,6 +10,7 @@ module Clusters APPLICATIONS = { Applications::Helm.application_name => Applications::Helm, Applications::Ingress.application_name => Applications::Ingress, + Applications::CertManager.application_name => Applications::CertManager, Applications::Prometheus.application_name => Applications::Prometheus, Applications::Runner.application_name => Applications::Runner, Applications::Jupyter.application_name => Applications::Jupyter, @@ -33,6 +34,7 @@ module Clusters has_one :application_helm, class_name: 'Clusters::Applications::Helm' has_one :application_ingress, class_name: 'Clusters::Applications::Ingress' + has_one :application_cert_manager, class_name: 'Clusters::Applications::CertManager' has_one :application_prometheus, class_name: 'Clusters::Applications::Prometheus' has_one :application_runner, class_name: 'Clusters::Applications::Runner' has_one :application_jupyter, class_name: 'Clusters::Applications::Jupyter' @@ -100,6 +102,7 @@ module Clusters [ application_helm || build_application_helm, application_ingress || build_application_ingress, + application_cert_manager || build_application_cert_manager, application_prometheus || build_application_prometheus, application_runner || build_application_runner, application_jupyter || build_application_jupyter, diff --git a/app/services/clusters/applications/create_service.rb b/app/services/clusters/applications/create_service.rb index 844807c2581..8f1b247343d 100644 --- a/app/services/clusters/applications/create_service.rb +++ b/app/services/clusters/applications/create_service.rb @@ -19,6 +19,10 @@ module Clusters application.hostname = params[:hostname] end + if application.has_attribute?(:email) + application.email = @current_user.email + end + if application.respond_to?(:oauth_application) application.oauth_application = create_oauth_application(application, request) end @@ -42,7 +46,8 @@ module Clusters def builders { "helm" => -> (cluster) { cluster.application_helm || cluster.build_application_helm }, - "ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress } + "ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress }, + "cert_manager" => -> (cluster) { cluster.application_cert_manager || cluster.build_application_cert_manager } }.tap do |hash| hash.merge!(project_builders) if cluster.project_type? end diff --git a/app/views/clusters/clusters/show.html.haml b/app/views/clusters/clusters/show.html.haml index 8a7f7a5c978..b1aa8e5d477 100644 --- a/app/views/clusters/clusters/show.html.haml +++ b/app/views/clusters/clusters/show.html.haml @@ -10,6 +10,7 @@ .edit-cluster-form.js-edit-cluster-form{ data: { status_path: status_path, install_helm_path: clusterable.install_applications_cluster_path(@cluster, :helm), install_ingress_path: clusterable.install_applications_cluster_path(@cluster, :ingress), + install_cert_manager_path: clusterable.install_applications_cluster_path(@cluster, :cert_manager), install_prometheus_path: clusterable.install_applications_cluster_path(@cluster, :prometheus), install_runner_path: clusterable.install_applications_cluster_path(@cluster, :runner), install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter), diff --git a/db/migrate/20181101191341_create_clusters_applications_cert_manager.rb b/db/migrate/20181101191341_create_clusters_applications_cert_manager.rb new file mode 100644 index 00000000000..5051634327f --- /dev/null +++ b/db/migrate/20181101191341_create_clusters_applications_cert_manager.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +class CreateClustersApplicationsCertManager < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + def change + create_table :clusters_applications_cert_managers do |t| + t.references :cluster, null: false, unique: true, index: true, foreign_key: { on_delete: :cascade } + t.integer :status, null: false + t.string :version, null: false + t.string :email, null: false + t.timestamps_with_timezone null: false + t.text :status_reason + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 8e02f43f702..0c8b4c4c565 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2288,6 +2288,7 @@ ActiveRecord::Schema.define(version: 20181107054254) do add_foreign_key "cluster_projects", "projects", on_delete: :cascade add_foreign_key "cluster_providers_gcp", "clusters", on_delete: :cascade add_foreign_key "clusters", "users", on_delete: :nullify + add_foreign_key "clusters_applications_cert_managers", "clusters", on_delete: :cascade add_foreign_key "clusters_applications_helm", "clusters", on_delete: :cascade add_foreign_key "clusters_applications_ingress", "clusters", name: "fk_753a7b41c1", on_delete: :cascade add_foreign_key "clusters_applications_jupyter", "clusters", on_delete: :cascade diff --git a/lib/gitlab/kubernetes/helm/install_command.rb b/lib/gitlab/kubernetes/helm/install_command.rb index 52700b5dc09..7aa258dd037 100644 --- a/lib/gitlab/kubernetes/helm/install_command.rb +++ b/lib/gitlab/kubernetes/helm/install_command.rb @@ -62,17 +62,17 @@ module Gitlab name_flag + optional_tls_flags + optional_version_flag + - optional_rbac_create_flag + + rbac_create_flag + namespace_flag + - value_flag + value_flag + end - def optional_rbac_create_flag - return [] unless rbac? - - # jupyterhub helm chart is using rbac.enabled - # https://github.com/jupyterhub/zero-to-jupyterhub-k8s/tree/master/jupyterhub - %w[--set rbac.create=true,rbac.enabled=true] + def rbac_create_flag + if rbac? + %w[--set rbac.create=true,rbac.enabled=true] + else + %w[--set rbac.create=false,rbac.enabled=false] + end end def optional_version_flag diff --git a/vendor/cert_manager/cluster_issuer.yaml b/vendor/cert_manager/cluster_issuer.yaml new file mode 100644 index 00000000000..23fa6eff4b2 --- /dev/null +++ b/vendor/cert_manager/cluster_issuer.yaml @@ -0,0 +1,11 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: my-email@example.com + privateKeySecretRef: + name: letsencrypt-prod + http01: {} diff --git a/vendor/cert_manager/values.yaml b/vendor/cert_manager/values.yaml new file mode 100644 index 00000000000..4515e3e39c7 --- /dev/null +++ b/vendor/cert_manager/values.yaml @@ -0,0 +1,5 @@ +# These options provide fully automated TLS. +# See https://github.com/jetstack/cert-manager/blob/master/docs/reference/ingress-shim.rst#configuration +ingressShim: + defaultIssuerKind: "ClusterIssuer" + defaultIssuerName: "letsencrypt-prod" |