diff options
Diffstat (limited to 'lib/gitlab/ci/build/prerequisite')
-rw-r--r-- | lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb index 9950e1dec55..465877871ea 100644 --- a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb +++ b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb @@ -8,7 +8,7 @@ module Gitlab def unmet? deployment_cluster.present? && deployment_cluster.managed? && - missing_namespace? + (missing_namespace? || need_knative_version_role_binding?) end def complete! @@ -23,6 +23,10 @@ module Gitlab kubernetes_namespace.nil? || kubernetes_namespace.service_account_token.blank? end + def need_knative_version_role_binding? + !knative_serving_namespace.nil? && knative_version_role_binding.nil? + end + def deployment_cluster build.deployment&.cluster end @@ -31,6 +35,22 @@ module Gitlab build.deployment.environment end + def knative_serving_namespace + strong_memoize(:knative_serving_namespace) do + Clusters::KnativeServingNamespaceFinder.new( + deployment_cluster + ).execute + end + end + + def knative_version_role_binding + strong_memoize(:knative_version_role_binding) do + Clusters::KnativeVersionRoleBindingFinder.new( + deployment_cluster + ).execute + end + end + def kubernetes_namespace strong_memoize(:kubernetes_namespace) do Clusters::KubernetesNamespaceFinder.new( @@ -43,12 +63,33 @@ module Gitlab end def create_namespace + namespace = kubernetes_namespace || build_namespace_record + + return if conflicting_ci_namespace_requested?(namespace) + Clusters::Kubernetes::CreateOrUpdateNamespaceService.new( cluster: deployment_cluster, - kubernetes_namespace: kubernetes_namespace || build_namespace_record + kubernetes_namespace: namespace ).execute end + ## + # A namespace can only be specified via gitlab-ci.yml + # for unmanaged clusters, as we currently have no way + # of preventing a job requesting a namespace it + # shouldn't have access to. + # + # To make this clear, we fail the build instead of + # silently using a namespace other than the one + # explicitly specified. + # + # Support for managed clusters will be added in + # https://gitlab.com/gitlab-org/gitlab/issues/38054 + def conflicting_ci_namespace_requested?(namespace_record) + build.expanded_kubernetes_namespace.present? && + namespace_record.namespace != build.expanded_kubernetes_namespace + end + def build_namespace_record Clusters::BuildKubernetesNamespaceService.new( deployment_cluster, |