summaryrefslogtreecommitdiff
path: root/app/services/clusters/gcp/finalize_creation_service.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/clusters/gcp/finalize_creation_service.rb')
-rw-r--r--app/services/clusters/gcp/finalize_creation_service.rb23
1 files changed, 15 insertions, 8 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 3ae0a4a19d0..5893f27a5cf 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -9,8 +9,9 @@ module Clusters
@provider = provider
configure_provider
- create_gitlab_service_account!
configure_kubernetes
+ create_gitlab_services_account!
+ configure_kubernetes_token
cluster.save!
rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
@@ -23,8 +24,8 @@ module Clusters
private
- def create_gitlab_service_account!
- Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client, rbac: create_rbac_cluster?).execute
+ def create_gitlab_services_account!
+ Clusters::Gcp::ServicesAccountService.new(kube_client, cluster).execute
end
def configure_provider
@@ -39,19 +40,25 @@ module Clusters
ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
username: gke_cluster.master_auth.username,
password: gke_cluster.master_auth.password,
- authorization_type: authorization_type,
- token: request_kubernetes_token)
+ authorization_type: authorization_type
+ )
+ end
+
+ def configure_kubernetes_token
+ cluster.platform_kubernetes.token = request_kubernetes_token
end
def request_kubernetes_token
- Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute
+ namespace = rbac_cluster? ? cluster.platform_kubernetes.actual_namespace : Clusters::Gcp::Kubernetes::SERVICE_ACCOUNT_NAMESPACE
+
+ Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client, namespace).execute
end
def authorization_type
- create_rbac_cluster? ? 'rbac' : 'abac'
+ rbac_cluster? ? 'rbac' : 'abac'
end
- def create_rbac_cluster?
+ def rbac_cluster?
!provider.legacy_abac?
end
View Lorry Controller Status