diff options
Diffstat (limited to 'app/services/clusters/gcp/finalize_creation_service.rb')
-rw-r--r-- | app/services/clusters/gcp/finalize_creation_service.rb | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 3ae0a4a19d0..5893f27a5cf 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -9,8 +9,9 @@ module Clusters @provider = provider configure_provider - create_gitlab_service_account! configure_kubernetes + create_gitlab_services_account! + configure_kubernetes_token cluster.save! rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e @@ -23,8 +24,8 @@ module Clusters private - def create_gitlab_service_account! - Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client, rbac: create_rbac_cluster?).execute + def create_gitlab_services_account! + Clusters::Gcp::ServicesAccountService.new(kube_client, cluster).execute end def configure_provider @@ -39,19 +40,25 @@ module Clusters ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), username: gke_cluster.master_auth.username, password: gke_cluster.master_auth.password, - authorization_type: authorization_type, - token: request_kubernetes_token) + authorization_type: authorization_type + ) + end + + def configure_kubernetes_token + cluster.platform_kubernetes.token = request_kubernetes_token end def request_kubernetes_token - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute + namespace = rbac_cluster? ? cluster.platform_kubernetes.actual_namespace : Clusters::Gcp::Kubernetes::SERVICE_ACCOUNT_NAMESPACE + + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client, namespace).execute end def authorization_type - create_rbac_cluster? ? 'rbac' : 'abac' + rbac_cluster? ? 'rbac' : 'abac' end - def create_rbac_cluster? + def rbac_cluster? !provider.legacy_abac? end |