4 files changed, 126 insertions, 19 deletions

diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb
index d6a7d1d2bdd..2fc1b67dfd2 100644
--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -24,12 +24,6 @@ module Clusters
         'stable/cert-manager'
       end
 
-      # We will implement this in future MRs.
-      # Need to reverse postinstall step
-      def allowed_to_uninstall?
-        false
-      end
-
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: 'certmanager',
@@ -41,10 +35,40 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::DeleteCommand.new(
+          name: 'certmanager',
+          rbac: cluster.platform_kubernetes_rbac?,
+          files: files,
+          postdelete: post_delete_script
+        )
+      end
+
       private
 
       def post_install_script
-        ["/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+        ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+      end
+
+      def post_delete_script
+        [
+          delete_private_key,
+          delete_crd('certificates.certmanager.k8s.io'),
+          delete_crd('clusterissuers.certmanager.k8s.io'),
+          delete_crd('issuers.certmanager.k8s.io')
+        ].compact
+      end
+
+      def private_key_name
+        @private_key_name ||= cluster_issuer_content.dig('spec', 'acme', 'privateKeySecretRef', 'name')
+      end
+
+      def delete_private_key
+        "kubectl delete secret -n #{Gitlab::Kubernetes::Helm::NAMESPACE} #{private_key_name} --ignore-not-found" if private_key_name.present?
+      end
+
+      def delete_crd(definition)
+        "kubectl delete crd #{definition} --ignore-not-found"
       end
 
       def cluster_issuer_file
diff --git a/app/models/clusters/applications/helm.rb b/app/models/clusters/applications/helm.rb
index a83d06c4b00..3a175fec148 100644
--- a/app/models/clusters/applications/helm.rb
+++ b/app/models/clusters/applications/helm.rb
@@ -14,6 +14,7 @@ module Clusters
 
       include ::Clusters::Concerns::ApplicationCore
       include ::Clusters::Concerns::ApplicationStatus
+      include ::Gitlab::Utils::StrongMemoize
 
       default_value_for :version, Gitlab::Kubernetes::Helm::HELM_VERSION
 
@@ -29,11 +30,22 @@ module Clusters
         self.status = 'installable' if cluster&.platform_kubernetes_active?
       end
 
-      # We will implement this in future MRs.
-      # Basically we need to check all other applications are not installed
-      # first.
+      # It can only be uninstalled if there are no other applications installed
+      # or with intermitent installation statuses in the database.
       def allowed_to_uninstall?
-        false
+        strong_memoize(:allowed_to_uninstall) do
+          applications = nil
+
+          Clusters::Cluster::APPLICATIONS.each do |application_name, klass|
+            next if application_name == 'helm'
+
+            extra_apps = Clusters::Applications::Helm.where('EXISTS (?)', klass.select(1).where(cluster_id: cluster_id))
+
+            applications = applications.present? ? applications.or(extra_apps) : extra_apps
+          end
+
+          !applications.exists?
+        end
       end
 
       def install_command
@@ -44,6 +56,14 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::ResetCommand.new(
+          name: name,
+          files: files,
+          rbac: cluster.platform_kubernetes_rbac?
+        )
+      end
+
       def has_ssl?
         ca_key.present? && ca_cert.present?
       end
diff --git a/app/models/clusters/applications/knative.rb b/app/models/clusters/applications/knative.rb
index 5df4812bd25..5eae23659ae 100644
--- a/app/models/clusters/applications/knative.rb
+++ b/app/models/clusters/applications/knative.rb
@@ -7,6 +7,7 @@ module Clusters
       REPOSITORY = 'https://storage.googleapis.com/triggermesh-charts'.freeze
       METRICS_CONFIG = 'https://storage.googleapis.com/triggermesh-charts/istio-metrics.yaml'.freeze
       FETCH_IP_ADDRESS_DELAY = 30.seconds
+      API_RESOURCES_PATH = 'config/knative/api_resources.yml'
 
       self.table_name = 'clusters_applications_knative'
 
@@ -46,12 +47,6 @@ module Clusters
         { "domain" => hostname }.to_yaml
       end
 
-      # Handled in a new issue:
-      # https://gitlab.com/gitlab-org/gitlab-ce/issues/59369
-      def allowed_to_uninstall?
-        false
-      end
-
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: name,
@@ -76,10 +71,61 @@ module Clusters
         cluster.kubeclient.get_service('istio-ingressgateway', 'istio-system')
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::DeleteCommand.new(
+          name: name,
+          rbac: cluster.platform_kubernetes_rbac?,
+          files: files,
+          predelete: delete_knative_services_and_metrics,
+          postdelete: delete_knative_istio_leftovers
+        )
+      end
+
       private
 
+      def delete_knative_services_and_metrics
+        delete_knative_services + delete_knative_istio_metrics
+      end
+
+      def delete_knative_services
+        cluster.kubernetes_namespaces.map do |kubernetes_namespace|
+          "kubectl delete ksvc --all -n #{kubernetes_namespace.namespace}"
+        end
+      end
+
+      def delete_knative_istio_leftovers
+        delete_knative_namespaces + delete_knative_and_istio_crds
+      end
+
+      def delete_knative_namespaces
+        [
+          "kubectl delete --ignore-not-found ns knative-serving",
+          "kubectl delete --ignore-not-found ns knative-build"
+        ]
+      end
+
+      def delete_knative_and_istio_crds
+        api_resources.map do |crd|
+          "kubectl delete --ignore-not-found crd #{crd}"
+        end
+      end
+
+      # returns an array of CRDs to be postdelete since helm does not
+      # manage the CRDs it creates.
+      def api_resources
+        @api_resources ||= YAML.safe_load(File.read(Rails.root.join(API_RESOURCES_PATH)))
+      end
+
       def install_knative_metrics
-        ["kubectl apply -f #{METRICS_CONFIG}"] if cluster.application_prometheus_available?
+        return [] unless cluster.application_prometheus_available?
+
+        ["kubectl apply -f #{METRICS_CONFIG}"]
+      end
+
+      def delete_knative_istio_metrics
+        return [] unless cluster.application_prometheus_available?
+
+        ["kubectl delete --ignore-not-found -f #{METRICS_CONFIG}"]
       end
 
       def verify_cluster?
diff --git a/app/models/clusters/applications/prometheus.rb b/app/models/clusters/applications/prometheus.rb
index 805c8a73f8c..5eb535cab58 100644
--- a/app/models/clusters/applications/prometheus.rb
+++ b/app/models/clusters/applications/prometheus.rb
@@ -59,6 +59,15 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::DeleteCommand.new(
+          name: name,
+          rbac: cluster.platform_kubernetes_rbac?,
+          files: files,
+          predelete: delete_knative_istio_metrics
+        )
+      end
+
       # Returns a copy of files where the values of 'values.yaml'
       # are replaced by the argument.
       #
@@ -95,7 +104,15 @@ module Clusters
       end
 
       def install_knative_metrics
-        ["kubectl apply -f #{Clusters::Applications::Knative::METRICS_CONFIG}"] if cluster.application_knative_available?
+        return [] unless cluster.application_knative_available?
+
+        ["kubectl apply -f #{Clusters::Applications::Knative::METRICS_CONFIG}"]
+      end
+
+      def delete_knative_istio_metrics
+        return [] unless cluster.application_knative_available?
+
+        ["kubectl delete -f #{Clusters::Applications::Knative::METRICS_CONFIG}"]
       end
     end
   end