Cert manager migration, cluster_issuer etc.

app/models/clusters/applications/cert_manager.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module Clusters
+    module Applications
+      class CertManager < ActiveRecord::Base
+        VERSION = 'v0.5.0'.freeze
+  
+        self.table_name = 'clusters_applications_cert_managers'
+
+        include ::Clusters::Concerns::ApplicationCore
+        include ::Clusters::Concerns::ApplicationStatus
+        include ::Clusters::Concerns::ApplicationVersion
+        include ::Clusters::Concerns::ApplicationData
+  
+        default_value_for :version, VERSION
+  
+        def ready_status
+          [:installed]
+        end
+  
+        def ready?
+          ready_status.include?(status_name)
+        end
+  
+        def chart
+          'stable/cert-manager'
+        end
+
+        def install_command
+          Gitlab::AppLogger.info '----- INSTALLING CLUSTER ISSUER-v2 ----'
+          begin
+            Gitlab::Kubernetes::Helm::InstallCommand.new(
+              name: 'certmanager',
+              version: VERSION,
+              rbac: cluster.platform_kubernetes_rbac?,
+              chart: chart,
+              files: files.merge!(cluster_issuer_file),
+              postinstall: post_install_script
+            )
+            #res = YAML.load_file(Rails.root.join('config', 'cert_manager', 'cluster_issuer.yaml'))
+            #Gitlab::AppLogger.info(res)
+            #Gitlab::Kubernetes::ClusterIssuer(res).generate()
+          rescue StandardError => e
+            Gitlab::AppLogger.info('install_command_eror------------------------------------------------')
+            Gitlab::AppLogger.error(e)
+            Gitlab::AppLogger.error(e.backtrace.join("\n"))
+          rescue Exception => e
+            Gitlab::AppLogger.info('install_command_exception--------------------------------------------------')
+            Gitlab::AppLogger.error(e)
+            Gitlab::AppLogger.error(e.backtrace.join("\n"))
+          end    
+        end
+
+        def cluster_issuer_resource_definition
+          YAML.load_file(Rails.root.join('config', 'cert_manager', 'cluster_issuer.yaml'))
+        end
+
+        private
+
+        def post_install_script
+          ["/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+        end
+
+        def cluster_issuer_file
+          {
+            'cluster_issuer.yaml': File.read(cluster_issuer_file_path)
+          }
+        end
+
+        def cluster_issuer_file_path
+          "#{Rails.root}/vendor/cert_manager/cluster_issuer.yaml"
+        end
+      end
+    end
+  end
+  

config/cert_manager/cluster_issuer.yaml

@@ -0,0 +1,11 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: hello@amirathi.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    http01: {}

db/migrate/20181101191341_create_clusters_applications_cert_manager.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class CreateClustersApplicationsCertManager < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  def change
+    create_table :clusters_applications_cert_managers do |t|
+      t.references :cluster, null: false, unique: true, foreign_key: { on_delete: :cascade }
+      t.integer :status, null: false
+      t.string :version, null: false
+      t.string :email, null:false
+      t.timestamps_with_timezone null: false
+      t.text :status_reason
+    end
+  end
+end

vendor/cert_manager/cluster_issuer.yaml

@@ -0,0 +1,11 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: my-email@example.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    http01: {}