| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This is the backend part which just allows uninstalling Prometheus for
now.
|
|
|
|
|
| |
Log events so that it's easy to see
when different requests are starting.
|
|
|
|
| |
This reverts merge request !26991
|
|\
| |
| |
| |
| | |
Bump Helm to 2.13.1 and kubectl to 1.11.9
See merge request gitlab-org/gitlab-ce!26991
|
| | |
|
|/
|
|
|
|
|
| |
- rewords examples starting with 'should'
- rewords examples starting with 'it'
Note: I had to manually fixup "onlies" to "only"
|
|\
| |
| |
| |
| | |
Block local URLs for Kubernetes integration
See merge request gitlab/gitlabhq!2901
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use existing `public_url` validation to block various local urls. Note
that this validation will allow local urls if the "Allow requests to the
local network from hooks and services" admin setting is enabled.
Block KubeClient from using local addresses
It will also respect `allow_local_requests_from_hooks_and_services` so
if that is enabled KubeClinet will allow local addresses
|
|/
|
|
|
|
|
|
| |
Bump the helm and kubectl used in our Kubernetes integration, used e.g.
to install apps.
Note I have only bumped to the latest patch of the v1.11 series for
kubectl as GKE clusters are still on 1.10/1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
The monkey-patch was global so we will have to check that all instances
of Kubeclient::Client are handled.
Spec all methods of KubeClient
This should provide better confidence that we are indeed disallowing
redirection in all cases
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
| |
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.
Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.
Also add test cases for group clusters
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to keep failed install pods around so that it is easier to debug
why a failure occured. With this change we also need to ensure that we
remove a previous pod with the same name before installing so that
re-install does not fail.
Another change here is that we no longer need to catch errors from
delete_pod! in CheckInstallationProgressService as we now catch the
ResourceNotFoundError in Helm::Api. The catch statement in
CheckInstallationProgressService was also probably too broad before and
should have been narrowed down simply to ResourceNotFoundError.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Resolve "Upgrade Helm Tiller Version Used By GitLab Managed Apps"
Closes #49726
See merge request gitlab-org/gitlab-ce!22693
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Update config map if already present on install
Closes #53626
See merge request gitlab-org/gitlab-ce!22969
|
| | |
| | |
| | |
| | |
| | |
| | | |
When an application install fails, and the user retries install, the
configmap for the application will already exists. If so, we simply
update instead of create.
|
|/ / |
|
|/ |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This will reduce dependencies and failure points during installation. It
will also reduce security risks from untrusted dependencies being able
to effect all our users
|
| | |
|
|\ \
| |/ |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Refactor Gitlab::KubeClient
Closes #52131
See merge request gitlab-org/gitlab-ce!22073
|
| | |
| | |
| | |
| | |
| | |
| | | |
This removes the ability to pass in a different version. We can instead
create a new entry in the SUPPORTED_API_GROUPS hash for a different
version if need be.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should have access to #core_client, #rbac_client,
and #extensions_client without having to pass in an awkward array.
Also change api_version to default_api_version, which allows us to use a
different version for an individual client. Special case for
apis/extensions which only go up to v1beta1
Makes #hashed_client private
Removes the #clients and #discover! methods which are un-used
|
|/ / |
|
|/
|
|
|
|
|
|
| |
Includes RoleBinding methods to Kubeclient and introduce a new lib class
to generate RoleBinding resources.
This MR is part of
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011
|
|
|
|
|
| |
We will need these utility level code in the future to help upgrade all
helm applications.
|
|
|
|
|
| |
This is a utility class that we will need in the future to update and
upgrade our managed helm applications, which we do plan to do in CE.
|
|
|
|
|
|
|
|
|
|
|
| |
of ABAC/RBAC
This also solves the async nature of the automatic creation of default
service tokens for service accounts. It also makes explicit which
service account token we always use.
create cluster role binding only if the provider has legacy_abac
disabled.
|
|
|
|
| |
Add create_secret to KubeClient
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix up VERSION for each of the applications
* There is no 0.0.1 helm version for jupyterhub. Use the latest version instead
* `:nginx` is not a valid chart version. Lock the ingress application GitLab installs to the latest chart version.
* Use the latest gitlab-runner chart to prevent GitLab installing older versions when users have been installing the lastest version
Always install from the VERSION and not the database `version` column.
This should fix cases like https://gitlab.com/gitlab-org/gitlab-ee/issues/6795 in
the instances where an install command failed previously, which locked the version
in the database to an older version.
Also, ensure that the version column is updated to the version we are
installing.
Add specs to show how previously failed appplications will be handled when the helm installation is run again
Add changelog entry
|
|
|
| |
This reverts merge request !20801
|
| |
|
| |
|
| |
|
|
|
|
| |
This is refactoring in the lead up to passing mutual TLS certs for helm applications. As such we expect all applications to need config files so we can remove the logic about which applications need and do not need this (ie `#config_map?`).
|
|
|
|
| |
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5163 to CE
|
|
|
|
| |
incompatible with Tiller v2.7.0'"
|