From 5142bd738e7de37991ab8c43a3096ef232363110 Mon Sep 17 00:00:00 2001
From: James Fargher <proglottis@gmail.com>
Date: Fri, 30 Aug 2019 11:47:13 +0000
Subject: [PATCH] Install cert-manager v0.9.1

This does not support upgrading from earlier versions
---
 .../clusters/applications/cert_manager.rb     | 33 ++++++++++++++++---
 changelogs/unreleased/cert_manager_v0_9.yml   |  5 +++
 .../applications/cert_manager_spec.rb         | 27 +++++++++++----
 3 files changed, 54 insertions(+), 11 deletions(-)
 create mode 100644 changelogs/unreleased/cert_manager_v0_9.yml

diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb
index 6bd7473c8ff..27d4180e5b9 100644
--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -3,7 +3,8 @@
 module Clusters
   module Applications
     class CertManager < ApplicationRecord
-      VERSION = 'v0.5.2'.freeze
+      VERSION = 'v0.9.1'
+      CRD_VERSION = '0.9'
 
       self.table_name = 'clusters_applications_cert_managers'
 
@@ -21,16 +22,22 @@ module Clusters
       validates :email, presence: true
 
       def chart
-        'stable/cert-manager'
+        'certmanager/cert-manager'
+      end
+
+      def repository
+        'https://charts.jetstack.io'
       end
 
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: 'certmanager',
+          repository: repository,
           version: VERSION,
           rbac: cluster.platform_kubernetes_rbac?,
           chart: chart,
           files: files.merge(cluster_issuer_file),
+          preinstall: pre_install_script,
           postinstall: post_install_script
         )
       end
@@ -46,16 +53,30 @@ module Clusters
 
       private
 
+      def pre_install_script
+        [
+          apply_file("https://raw.githubusercontent.com/jetstack/cert-manager/release-#{CRD_VERSION}/deploy/manifests/00-crds.yaml"),
+          "kubectl label --overwrite namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} certmanager.k8s.io/disable-validation=true"
+        ]
+      end
+
       def post_install_script
-        ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+        [retry_command(apply_file('/data/helm/certmanager/config/cluster_issuer.yaml'))]
+      end
+
+      def retry_command(command)
+        "for i in $(seq 1 30); do #{command} && break; sleep 1s; echo \"Retrying ($i)...\"; done"
       end
 
       def post_delete_script
         [
           delete_private_key,
           delete_crd('certificates.certmanager.k8s.io'),
+          delete_crd('certificaterequests.certmanager.k8s.io'),
+          delete_crd('challenges.certmanager.k8s.io'),
           delete_crd('clusterissuers.certmanager.k8s.io'),
-          delete_crd('issuers.certmanager.k8s.io')
+          delete_crd('issuers.certmanager.k8s.io'),
+          delete_crd('orders.certmanager.k8s.io')
         ].compact
       end
 
@@ -75,6 +96,10 @@ module Clusters
         Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found")
       end
 
+      def apply_file(filename)
+        Gitlab::Kubernetes::KubectlCmd.apply_file(filename)
+      end
+
       def cluster_issuer_file
         {
           'cluster_issuer.yaml': cluster_issuer_yaml_content
diff --git a/changelogs/unreleased/cert_manager_v0_9.yml b/changelogs/unreleased/cert_manager_v0_9.yml
new file mode 100644
index 00000000000..bda5bbffab5
--- /dev/null
+++ b/changelogs/unreleased/cert_manager_v0_9.yml
@@ -0,0 +1,5 @@
+---
+title: Install cert-manager v0.9.1
+merge_request: 32243
+author:
+type: changed
diff --git a/spec/models/clusters/applications/cert_manager_spec.rb b/spec/models/clusters/applications/cert_manager_spec.rb
index 93050e80b07..f6d5d05e4a0 100644
--- a/spec/models/clusters/applications/cert_manager_spec.rb
+++ b/spec/models/clusters/applications/cert_manager_spec.rb
@@ -44,11 +44,18 @@ describe Clusters::Applications::CertManager do
 
     it 'is initialized with cert_manager arguments' do
       expect(subject.name).to eq('certmanager')
-      expect(subject.chart).to eq('stable/cert-manager')
-      expect(subject.version).to eq('v0.5.2')
+      expect(subject.chart).to eq('certmanager/cert-manager')
+      expect(subject.repository).to eq('https://charts.jetstack.io')
+      expect(subject.version).to eq('v0.9.1')
       expect(subject).to be_rbac
       expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
-      expect(subject.postinstall).to eq(['kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml'])
+      expect(subject.preinstall).to eq([
+        'kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml',
+        'kubectl label --overwrite namespace gitlab-managed-apps certmanager.k8s.io/disable-validation=true'
+      ])
+      expect(subject.postinstall).to eq([
+        'for i in $(seq 1 30); do kubectl apply -f /data/helm/certmanager/config/cluster_issuer.yaml && break; sleep 1s; echo "Retrying ($i)..."; done'
+      ])
     end
 
     context 'for a specific user' do
@@ -75,7 +82,7 @@ describe Clusters::Applications::CertManager do
       let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') }
 
       it 'is initialized with the locked version' do
-        expect(subject.version).to eq('v0.5.2')
+        expect(subject.version).to eq('v0.9.1')
       end
     end
   end
@@ -93,10 +100,13 @@ describe Clusters::Applications::CertManager do
 
     it 'specifies a post delete command to remove custom resource definitions' do
       expect(subject.postdelete).to eq([
-        "kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found",
+        'kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found',
         'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+        'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
+        'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
         'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
-        'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+        'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
+        'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
       ])
     end
 
@@ -111,8 +121,11 @@ describe Clusters::Applications::CertManager do
       it 'does not try and delete the secret' do
         expect(subject.postdelete).to eq([
           'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+          'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
+          'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
           'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
-          'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+          'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
+          'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
         ])
       end
     end