diff options
Diffstat (limited to 'scripts/review_apps')
-rwxr-xr-x | scripts/review_apps/automated_cleanup.rb | 2 | ||||
-rw-r--r-- | scripts/review_apps/base-config.yaml | 10 | ||||
-rwxr-xr-x | scripts/review_apps/gcp_cleanup.sh | 2 | ||||
-rwxr-xr-x | scripts/review_apps/review-apps.sh | 60 |
4 files changed, 66 insertions, 8 deletions
diff --git a/scripts/review_apps/automated_cleanup.rb b/scripts/review_apps/automated_cleanup.rb index a9659071a2f..f52edd18ba8 100755 --- a/scripts/review_apps/automated_cleanup.rb +++ b/scripts/review_apps/automated_cleanup.rb @@ -40,7 +40,7 @@ class AutomatedCleanup end def review_apps_namespace - self.class.ee? ? 'review-apps-ee' : 'review-apps-ce' + 'review-apps' end def helm diff --git a/scripts/review_apps/base-config.yaml b/scripts/review_apps/base-config.yaml index 6fb6943fb90..9aa518e3bc7 100644 --- a/scripts/review_apps/base-config.yaml +++ b/scripts/review_apps/base-config.yaml @@ -7,7 +7,7 @@ global: external-dns.alpha.kubernetes.io/ttl: 10 configureCertmanager: false tls: - secretName: tls-cert + secretName: review-apps-tls initialRootPassword: secret: shared-gitlab-initial-root-password certmanager: @@ -61,11 +61,11 @@ gitlab: task-runner: resources: requests: - cpu: 50m - memory: 350M + cpu: 300m + memory: 800M limits: - cpu: 100m - memory: 700M + cpu: 450m + memory: 1200M webservice: resources: requests: diff --git a/scripts/review_apps/gcp_cleanup.sh b/scripts/review_apps/gcp_cleanup.sh index f289a50f629..3225631e8c7 100755 --- a/scripts/review_apps/gcp_cleanup.sh +++ b/scripts/review_apps/gcp_cleanup.sh @@ -11,7 +11,7 @@ function setup_gcp_dependencies() { # These scripts require the following environment variables: # - REVIEW_APPS_GCP_REGION - e.g `us-central1` -# - KUBE_NAMESPACE - e.g `review-apps-ee` +# - KUBE_NAMESPACE - e.g `review-apps` function delete_firewall_rules() { if [[ ${#@} -eq 0 ]]; then diff --git a/scripts/review_apps/review-apps.sh b/scripts/review_apps/review-apps.sh index 1214ee5f462..1e3cdaea3ea 100755 --- a/scripts/review_apps/review-apps.sh +++ b/scripts/review_apps/review-apps.sh @@ -66,7 +66,7 @@ function kubectl_cleanup_release() { local release="${2}" echoinfo "Deleting all K8s resources matching '${release}'..." true - kubectl --namespace "${namespace}" get ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,crd 2>&1 \ + kubectl --namespace "${namespace}" get ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,clusterrole,clusterrolebinding,role,rolebinding,sa,crd 2>&1 \ | grep "${release}" \ | awk '{print $1}' \ | xargs kubectl --namespace "${namespace}" delete \ @@ -126,6 +126,38 @@ function get_pod() { echo "${pod_name}" } +function run_task() { + local namespace="${KUBE_NAMESPACE}" + local ruby_cmd="${1}" + local task_runner_pod=$(get_pod "task-runner") + + kubectl exec -it --namespace "${namespace}" "${task_runner_pod}" -- gitlab-rails runner "${ruby_cmd}" +} + +function disable_sign_ups() { + if [ -z ${REVIEW_APPS_ROOT_TOKEN+x} ]; then + echoerr "In order to protect Review Apps, REVIEW_APPS_ROOT_TOKEN variable must be set" + false + else + true + fi + + # Create the root token + local ruby_cmd="token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'Token to disable sign-ups'); token.set_token('${REVIEW_APPS_ROOT_TOKEN}'); begin; token.save!; rescue(ActiveRecord::RecordNotUnique); end" + run_task "${ruby_cmd}" + + # Disable sign-ups + curl --silent --show-error --request PUT --header "PRIVATE-TOKEN: ${REVIEW_APPS_ROOT_TOKEN}" "${CI_ENVIRONMENT_URL}/api/v4/application/settings?signup_enabled=false" + + local signup_enabled=$(curl --silent --show-error --request GET --header "PRIVATE-TOKEN: ${REVIEW_APPS_ROOT_TOKEN}" "${CI_ENVIRONMENT_URL}/api/v4/application/settings" | jq ".signup_enabled") + if [[ "${signup_enabled}" == "false" ]]; then + echoinfo "Sign-ups have been disabled successfully." + else + echoerr "Sign-ups should be disabled but are still enabled!" + false + fi +} + function check_kube_domain() { echoinfo "Checking that Kube domain exists..." true @@ -181,6 +213,32 @@ function install_external_dns() { fi } +# This script is used to install cert-manager in the cluster +# The installation steps are documented in +# https://gitlab.com/gitlab-org/quality/team-tasks/snippets/1990286 +function install_certmanager() { + local namespace="${KUBE_NAMESPACE}" + local release="cert-manager-review-app-helm3" + + echoinfo "Installing cert-manager..." true + + if ! deploy_exists "${namespace}" "${release}" || previous_deploy_failed "${namespace}" "${release}" ; then + kubectl apply \ + -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml + + echoinfo "Installing cert-manager Helm chart" + helm repo add jetstack https://charts.jetstack.io + helm repo update + + helm install "${release}" jetstack/cert-manager \ + --namespace "${namespace}" \ + --version v0.15.1 \ + --set installCRDS=true + else + echoinfo "The cert-manager Helm chart is already successfully deployed." + fi +} + function create_application_secret() { local namespace="${KUBE_NAMESPACE}" local release="${CI_ENVIRONMENT_SLUG}" |