Allow Cert-Manager to be uninstalled
Our current version of Cert-Manager does not uninstall cleanly, and we must manually remove custom resource definitions.
This commit is contained in:
parent
5ebbe95ad3
commit
cfe8024e70
7 changed files with 79 additions and 11 deletions
|
@ -12,7 +12,7 @@ const CUSTOM_APP_WARNING_TEXT = {
|
|||
'ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored.',
|
||||
),
|
||||
[CERT_MANAGER]: s__(
|
||||
'ClusterIntegration|The associated certifcate will be deleted and cannot be restored.',
|
||||
'ClusterIntegration|The associated private key will be deleted and cannot be restored.',
|
||||
),
|
||||
[PROMETHEUS]: s__('ClusterIntegration|All data will be deleted and cannot be restored.'),
|
||||
[RUNNER]: s__('ClusterIntegration|Any running pipelines will be canceled.'),
|
||||
|
|
|
@ -24,12 +24,6 @@ module Clusters
|
|||
'stable/cert-manager'
|
||||
end
|
||||
|
||||
# We will implement this in future MRs.
|
||||
# Need to reverse postinstall step
|
||||
def allowed_to_uninstall?
|
||||
false
|
||||
end
|
||||
|
||||
def install_command
|
||||
Gitlab::Kubernetes::Helm::InstallCommand.new(
|
||||
name: 'certmanager',
|
||||
|
@ -41,12 +35,42 @@ module Clusters
|
|||
)
|
||||
end
|
||||
|
||||
def uninstall_command
|
||||
Gitlab::Kubernetes::Helm::DeleteCommand.new(
|
||||
name: 'certmanager',
|
||||
rbac: cluster.platform_kubernetes_rbac?,
|
||||
files: files,
|
||||
postdelete: post_delete_script
|
||||
)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def post_install_script
|
||||
["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
|
||||
end
|
||||
|
||||
def post_delete_script
|
||||
[
|
||||
delete_private_key,
|
||||
delete_crd('certificates.certmanager.k8s.io'),
|
||||
delete_crd('clusterissuers.certmanager.k8s.io'),
|
||||
delete_crd('issuers.certmanager.k8s.io')
|
||||
].compact
|
||||
end
|
||||
|
||||
def private_key_name
|
||||
@private_key_name ||= cluster_issuer_content.dig('spec', 'acme', 'privateKeySecretRef', 'name')
|
||||
end
|
||||
|
||||
def delete_private_key
|
||||
"kubectl delete secret -n #{Gitlab::Kubernetes::Helm::NAMESPACE} #{private_key_name} --ignore-not-found" if private_key_name.present?
|
||||
end
|
||||
|
||||
def delete_crd(definition)
|
||||
"kubectl delete crd #{definition} --ignore-not-found"
|
||||
end
|
||||
|
||||
def cluster_issuer_file
|
||||
{
|
||||
'cluster_issuer.yaml': cluster_issuer_yaml_content
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Allow Cert-Manager to be uninstalled
|
||||
merge_request: 31166
|
||||
author:
|
||||
type: added
|
|
@ -252,6 +252,7 @@ The applications below can be uninstalled.
|
|||
|
||||
| Application | GitLab version | Notes |
|
||||
| ----------- | -------------- | ----- |
|
||||
| Cert-Manager | 12.2+ | The associated private key will be deleted and cannot be restored. Deployed applications will continue to use HTTPS, but certificates will not be renewed. Before uninstalling, you may wish to [back up your configuration](https://docs.cert-manager.io/en/latest/tasks/backup-restore-crds.html) or [revoke your certificates](https://letsencrypt.org/docs/revoking/) |
|
||||
| GitLab Runner | 12.2+ | Any running pipelines will be canceled. |
|
||||
| Helm | 12.2+ | The associated Tiller pod will be deleted and cannot be restored. |
|
||||
| Ingress | 12.1+ | The associated load balancer and IP will be deleted and cannot be restored. Furthermore, it can only be uninstalled if JupyterHub is not installed. |
|
||||
|
|
|
@ -2821,10 +2821,10 @@ msgstr ""
|
|||
msgid "ClusterIntegration|The associated Tiller pod will be deleted and cannot be restored."
|
||||
msgstr ""
|
||||
|
||||
msgid "ClusterIntegration|The associated certifcate will be deleted and cannot be restored."
|
||||
msgid "ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored."
|
||||
msgstr ""
|
||||
|
||||
msgid "ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored."
|
||||
msgid "ClusterIntegration|The associated private key will be deleted and cannot be restored."
|
||||
msgstr ""
|
||||
|
||||
msgid "ClusterIntegration|The endpoint is in the process of being assigned. Please check your Kubernetes cluster or Quotas on Google Kubernetes Engine if it takes a long time."
|
||||
|
|
|
@ -183,7 +183,7 @@ describe 'Clusters Applications', :js do
|
|||
Clusters::Cluster.last.application_cert_manager.make_installed!
|
||||
|
||||
expect(email_form_value).to eq('new_email@example.org')
|
||||
expect(page).to have_css('.js-cluster-application-install-button', exact_text: 'Installed')
|
||||
expect(page).to have_css('.js-cluster-application-uninstall-button', exact_text: 'Uninstall')
|
||||
end
|
||||
|
||||
expect(page).to have_content('Cert-Manager was successfully installed on your Kubernetes cluster')
|
||||
|
|
|
@ -13,7 +13,7 @@ describe Clusters::Applications::CertManager do
|
|||
describe '#can_uninstall?' do
|
||||
subject { cert_manager.can_uninstall? }
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
|
||||
describe '#install_command' do
|
||||
|
@ -80,6 +80,44 @@ describe Clusters::Applications::CertManager do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#uninstall_command' do
|
||||
subject { cert_manager.uninstall_command }
|
||||
|
||||
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::DeleteCommand) }
|
||||
|
||||
it 'is initialized with cert_manager arguments' do
|
||||
expect(subject.name).to eq('certmanager')
|
||||
expect(subject).to be_rbac
|
||||
expect(subject.files).to eq(cert_manager.files)
|
||||
end
|
||||
|
||||
it 'specifies a post delete command to remove custom resource definitions' do
|
||||
expect(subject.postdelete).to eq([
|
||||
"kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found",
|
||||
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
|
||||
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
|
||||
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
|
||||
])
|
||||
end
|
||||
|
||||
context 'secret key name is not found' do
|
||||
before do
|
||||
allow(File).to receive(:read).and_call_original
|
||||
expect(File).to receive(:read)
|
||||
.with(Rails.root.join('vendor', 'cert_manager', 'cluster_issuer.yaml'))
|
||||
.and_return('key: value')
|
||||
end
|
||||
|
||||
it 'does not try and delete the secret' do
|
||||
expect(subject.postdelete).to eq([
|
||||
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
|
||||
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
|
||||
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
|
||||
])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#files' do
|
||||
let(:application) { cert_manager }
|
||||
let(:values) { subject[:'values.yaml'] }
|
||||
|
|
Loading…
Reference in a new issue