summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/kubernetes
Commit message (Collapse)AuthorAgeFilesLines
* Make use of Gitlab::KubernetesJoão Cunha2019-08-141-0/+48
| | | | - refactor Knative and Prometheus
* Bump Helm to 2.14.3 and kubectl to 1.11.10bump_helm_kubectl_gitlabThong Kuah2019-08-131-1/+1
|
* Use separate Kubernetes namespaces per environmentTiger Watson2019-08-071-0/+85
| | | | | | | | | | | | Kubernetes deployments on new clusters will now have a separate namespace per project environment, instead of sharing a single namespace for the project. Behaviour of existing clusters is unchanged. All new functionality is controlled by the :kubernetes_namespace_per_environment feature flag, which is safe to enable/disable at any time.
* Merge branch 'georgekoltsov/55474-outbound-setting-system-hooks' into 'master'Rémy Coutable2019-08-051-1/+1
|\ | | | | | | | | Add outbound setting for system hooks See merge request gitlab-org/gitlab-ce!31177
| * Add outbound requests setting for system hooksGeorge Koltsov2019-08-021-1/+1
| | | | | | | | | | | | | | This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it.
* | Implement Helm ResetCommand for removing TillerDylan Griffith2019-08-021-0/+65
|/ | | | | | | | | | | | | Also creates specs Only allow Helm to be uninstalled if it's the only app - Remove Tiller leftovers after reser command - Fixes specs and offenses Adds changelog file Fix reset_command specs
* GitLab Managed App ensure helm version uses tls opts63694-tls-opts-for-helm-waitDylan Griffith2019-07-152-11/+17
| | | | | | | | | The TLS opts were missing from helm version command which meant that it was just perpetually failing and hence wasting 30s of time waiting for a command to be successful that was never going to be successful. This never actually caused any errors because this loop will happily just fail 30 times without breaking the overall script but it was just a waste of installation time so now installing apps should be ~30s faster.
* Give Knative serving permissions to service accountHordur Freyr Yngvason2019-07-113-1/+36
| | | | | | | | GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group.
* Fix connection to Tiller error while uninstalling62713-fix-uninstalling-cluster-appsThong Kuah2019-06-051-0/+24
| | | | | | | | | | | Both the `install-<app>` and `uninstall-<app>` pods loads the `values-content-configuration-<app>` configmap into the pod (see `#volume_specification`). This configmap contains the cert necessary to connect to Tiller. The cert though is only valid for 30 minutes. So this fixes the bug where the configmap when uninstalling should be updated as well.
* Teach Helm::Api about #uninstallThong Kuah2019-04-291-0/+22
|
* Implement commands to uninstall cluster applicationshelm_uninstall_commandThong Kuah2019-04-161-0/+72
| | | | | This is the backend part which just allows uninstalling Prometheus for now.
* Add more info logging to cluster appsDylan Griffith2019-04-101-0/+27
| | | | | Log events so that it's easy to see when different requests are starting.
* Revert "Merge branch 'bump_kubernetes_1_11_9' into 'master'"Mayra Cabrera2019-04-051-1/+1
| | | | This reverts merge request !26991
* Merge branch 'bump_kubernetes_1_11_9' into 'master'Douwe Maan2019-04-051-1/+1
|\ | | | | | | | | Bump Helm to 2.13.1 and kubectl to 1.11.9 See merge request gitlab-org/gitlab-ce!26991
| * Bump Helm to 2.13.1 and kubectl to 1.11.9bump_kubernetes_1_11_9Thong Kuah2019-04-051-1/+1
| |
* | Autocorrect with RSpec/ExampleWording copThong Kuah2019-04-058-19/+19
|/ | | | | | | - rewords examples starting with 'should' - rewords examples starting with 'it' Note: I had to manually fixup "onlies" to "only"
* Merge branch 'security-kubernetes-local-ssrf' into 'master'Yorick Peterse2019-03-041-0/+30
|\ | | | | | | | | Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2901
| * Do not allow local urls in Kubernetes formThong Kuah2019-02-211-0/+30
| | | | | | | | | | | | | | | | | | | | | | Use existing `public_url` validation to block various local urls. Note that this validation will allow local urls if the "Allow requests to the local network from hooks and services" admin setting is enabled. Block KubeClient from using local addresses It will also respect `allow_local_requests_from_hooks_and_services` so if that is enabled KubeClinet will allow local addresses
* | Bump helm and kubectl versionsThong Kuah2019-02-201-1/+1
|/ | | | | | | | Bump the helm and kubectl used in our Kubernetes integration, used e.g. to install apps. Note I have only bumped to the latest patch of the v1.11 series for kubectl as GKE clusters are still on 1.10/1.11
* Upgrade cluster applications, starting with runnerThong Kuah2019-02-073-219/+50
|
* Use http_max_redirects opt to replace monkeypatchThong Kuah2019-01-251-0/+32
| | | | | | | | | | | | http_max_redirects was introduced in 4.2.2, so upgrade kubeclient. The monkey-patch was global so we will have to check that all instances of Kubeclient::Client are handled. Spec all methods of KubeClient This should provide better confidence that we are indeed disallowing redirection in all cases
* Enable the Layout/ExtraSpacing cop56392-enable-the-layout-extraspacing-copRémy Coutable2019-01-241-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Update Helm to 2.12.2 to address Helm client vulnerability56417-update-helm-to-2-12-2-ado-testTakuya Noguchi2019-01-181-1/+1
| | | | Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
* Modify service so that it can be re-runThong Kuah2018-12-041-0/+79
| | | | | | | | | | | | If the service fails mid-point, then we should be able to re-run this service. So, detect presence of any previously created Kubernetes resource and update or create accordingly. Fix specs accordingly. In the case of finalize_creation_service_spec.rb, I decided to stub out the async worker rather than maintaining individual stubs for various kubeclient calls for that worker. Also add test cases for group clusters
* Don't remove failed install podsDylan Griffith2018-11-271-2/+27
| | | | | | | | | | | | | We want to keep failed install pods around so that it is easier to debug why a failure occured. With this change we also need to ensure that we remove a previous pod with the same name before installing so that re-install does not fail. Another change here is that we no longer need to catch errors from delete_pod! in CheckInstallationProgressService as we now catch the ResourceNotFoundError in Helm::Api. The catch statement in CheckInstallationProgressService was also probably too broad before and should have been narrowed down simply to ResourceNotFoundError.
* Fix usage data and install command specAmit Rathi2018-11-201-0/+1
|
* Fixing more testsAmit Rathi2018-11-201-2/+5
|
* Merge branch '49726-upgrade-helm-to-2-11' into 'master'Kamil Trzciński2018-11-163-12/+23
|\ | | | | | | | | | | | | Resolve "Upgrade Helm Tiller Version Used By GitLab Managed Apps" Closes #49726 See merge request gitlab-org/gitlab-ce!22693
| * Remove unnecessary --tiller-namespace49726-upgrade-helm-to-2-11Dylan Griffith2018-11-162-11/+11
| |
| * Use helm version loop instead of sleep in ClientCommandDylan Griffith2018-11-162-11/+11
| |
| * Upgrade helm to 2.11.0 and upgrade on every installDylan Griffith2018-11-163-12/+23
| |
* | Merge branch '53626-update-config-map-on-install-retry' into 'master'Kamil Trzciński2018-11-151-7/+20
|\ \ | | | | | | | | | | | | | | | | | | Update config map if already present on install Closes #53626 See merge request gitlab-org/gitlab-ce!22969
| * | Update config map if already present on install53626-update-config-map-on-install-retryThong Kuah2018-11-151-7/+20
| | | | | | | | | | | | | | | | | | When an application install fails, and the user retries install, the configmap for the application will already exists. If so, we simply update instead of create.
* | | Add knative client to kubeclient libraryChris Baumbauer2018-11-151-0/+14
|/ /
* | Show HTTP response code for Kubernetes errorsThong Kuah2018-11-132-4/+4
|/
* Improve Debugging Capabilities For Helm Application InstallsDylan Griffith2018-11-093-31/+30
|
* Fix issue with missing knative cluster role binding, and cleanup testsChris Baumbauer2018-11-051-1/+52
|
* Merge branch 'master' into triggermesh-phase1-knativeChris Baumbauer2018-11-032-2/+3
|\
| * Use our own docker image for helm install podsuse-our-own-docker-image-for-helm-install-podsDylan Griffith2018-11-021-1/+1
| | | | | | | | | | | | This will reduce dependencies and failure points during installation. It will also reduce security risks from untrusted dependencies being able to effect all our users
| * Incorporates Kubernetes Namespace into Cluster's flowThong Kuah2018-11-021-1/+2
| |
* | Merge branch 'master' into triggermesh-phase1-knativeChris Baumbauer2018-11-021-95/+18
|\ \ | |/
| * Merge branch 'refactor_gitlab_kube_client' into 'master'Kamil Trzciński2018-10-251-95/+18
| |\ | | | | | | | | | | | | | | | | | | Refactor Gitlab::KubeClient Closes #52131 See merge request gitlab-org/gitlab-ce!22073
| | * Store version within SUPPORTED_API_GROUPS hashrefactor_gitlab_kube_clientThong Kuah2018-10-231-27/+1
| | | | | | | | | | | | | | | | | | This removes the ability to pass in a different version. We can instead create a new entry in the SUPPORTED_API_GROUPS hash for a different version if need be.
| | * Remove api_groups from KubeClient constructorThong Kuah2018-10-231-90/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should have access to #core_client, #rbac_client, and #extensions_client without having to pass in an awkward array. Also change api_version to default_api_version, which allows us to use a different version for an individual client. Special case for apis/extensions which only go up to v1beta1 Makes #hashed_client private Removes the #clients and #discover! methods which are un-used
* | | Update helm version 1.7.2 -> 2.11.0Chris Baumbauer2018-10-241-0/+4
|/ /
* | Add RoleBinding methodsadd-role-binding-to-kubeclientMayra Cabrera2018-10-221-0/+47
|/ | | | | | | | Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011
* Port Helm::Api EE extensions to CE49952-port-upgrade-command-to-ceThong Kuah2018-10-011-0/+58
| | | | | We will need these utility level code in the future to help upgrade all helm applications.
* Port UpgradeCommand to CEThong Kuah2018-09-271-0/+136
| | | | | This is a utility class that we will need in the future to update and upgrade our managed helm applications, which we do plan to do in CE.
* Always create `gitlab` service account and service account token regardless ↵Thong Kuah2018-09-141-0/+1
| | | | | | | | | | | of ABAC/RBAC This also solves the async nature of the automatic creation of default service tokens for service accounts. It also makes explicit which service account token we always use. create cluster role binding only if the provider has legacy_abac disabled.
* Teach GitLab how to create Secret of type ServiceAccountTokenThong Kuah2018-09-142-0/+36
| | | | Add create_secret to KubeClient
View Lorry Controller Status