Merge branch '60617-allow-switching-from-gitlab-managed-to-unmanaged-clusters' into 'master'

Allow switching clusters between managed/unmanaged

Closes #60617

See merge request gitlab-org/gitlab-ce!29322
This commit is contained in:
Thong Kuah 2019-06-18 01:11:48 +00:00
commit db9ef69272
10 changed files with 71 additions and 11 deletions

View file

@ -128,6 +128,7 @@ class Clusters::ClustersController < Clusters::BaseController
:enabled, :enabled,
:name, :name,
:environment_scope, :environment_scope,
:managed,
:base_domain, :base_domain,
platform_kubernetes_attributes: [ platform_kubernetes_attributes: [
:api_url, :api_url,
@ -140,6 +141,7 @@ class Clusters::ClustersController < Clusters::BaseController
params.require(:cluster).permit( params.require(:cluster).permit(
:enabled, :enabled,
:environment_scope, :environment_scope,
:managed,
:base_domain, :base_domain,
platform_kubernetes_attributes: [ platform_kubernetes_attributes: [
:namespace :namespace

View file

@ -80,9 +80,18 @@ module Clusters
.append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true) .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true)
end end
if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project) if !cluster.managed?
project_namespace = namespace.presence || "#{project.path}-#{project.id}".downcase
variables
.append(key: 'KUBE_URL', value: api_url)
.append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
.append(key: 'KUBE_NAMESPACE', value: project_namespace)
.append(key: 'KUBECONFIG', value: kubeconfig(project_namespace), public: false, file: true)
elsif kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project)
variables.concat(kubernetes_namespace.predefined_variables) variables.concat(kubernetes_namespace.predefined_variables)
elsif cluster.project_type? || !cluster.managed? elsif cluster.project_type?
# As of 11.11 a user can create a cluster that they manage themselves, # As of 11.11 a user can create a cluster that they manage themselves,
# which replicates the existing project-level cluster behaviour. # which replicates the existing project-level cluster behaviour.
# Once we have marked all project-level clusters that make use of this # Once we have marked all project-level clusters that make use of this

View file

@ -48,7 +48,7 @@
= s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.') = s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.')
.form-group .form-group
= field.check_box :managed, { disabled: true, label: s_('ClusterIntegration|GitLab-managed cluster'), = field.check_box :managed, { label: s_('ClusterIntegration|GitLab-managed cluster'),
label_class: 'label-bold' } label_class: 'label-bold' }
.form-text.text-muted .form-text.text-muted
= s_('ClusterIntegration|Allow GitLab to manage namespace and service accounts for this cluster.') = s_('ClusterIntegration|Allow GitLab to manage namespace and service accounts for this cluster.')

View file

@ -0,0 +1,5 @@
---
title: Allow switching clusters between managed and unmanaged
merge_request: 29322
author:
type: added

View file

@ -57,10 +57,6 @@ differentiate the new cluster from the rest.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5. > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5.
> Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11. > Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11.
NOTE: **Note:**
Only available when creating clusters. Existing clusters not managed by GitLab
cannot become GitLab-managed later.
You can choose to allow GitLab to manage your cluster for you. If your cluster is You can choose to allow GitLab to manage your cluster for you. If your cluster is
managed by GitLab, resources for your projects will be automatically created. See the managed by GitLab, resources for your projects will be automatically created. See the
[Access controls](../../project/clusters/index.md#access-controls) section for details on which resources will [Access controls](../../project/clusters/index.md#access-controls) section for details on which resources will

View file

@ -225,10 +225,6 @@ applications running on the cluster.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5. > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011) in GitLab 11.5.
> Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11. > Became [optional](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26565) in GitLab 11.11.
NOTE: **Note:**
Only available when creating clusters. Existing clusters not managed by GitLab
cannot become GitLab-managed later.
You can choose to allow GitLab to manage your cluster for you. If your cluster is You can choose to allow GitLab to manage your cluster for you. If your cluster is
managed by GitLab, resources for your projects will be automatically created. See the managed by GitLab, resources for your projects will be automatically created. See the
[Access controls](#access-controls) section for details on which resources will [Access controls](#access-controls) section for details on which resources will

View file

@ -396,6 +396,7 @@ describe Admin::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
base_domain: domain base_domain: domain
} }
} }
@ -409,6 +410,7 @@ describe Admin::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.domain).to eq('test-domain.com') expect(cluster.domain).to eq('test-domain.com')
end end
@ -433,6 +435,7 @@ describe Admin::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
domain: domain domain: domain
} }
} }
@ -445,6 +448,7 @@ describe Admin::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
end end
end end

View file

@ -463,6 +463,7 @@ describe Groups::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
base_domain: domain base_domain: domain
} }
} }
@ -476,6 +477,7 @@ describe Groups::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.domain).to eq('test-domain.com') expect(cluster.domain).to eq('test-domain.com')
end end
@ -500,6 +502,7 @@ describe Groups::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
domain: domain domain: domain
} }
} }
@ -512,6 +515,7 @@ describe Groups::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
end end
end end

View file

@ -449,6 +449,7 @@ describe Projects::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
platform_kubernetes_attributes: { platform_kubernetes_attributes: {
namespace: 'my-namespace' namespace: 'my-namespace'
} }
@ -464,6 +465,7 @@ describe Projects::ClustersController do
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.') expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace') expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
end end
@ -475,6 +477,7 @@ describe Projects::ClustersController do
cluster: { cluster: {
enabled: false, enabled: false,
name: 'my-new-cluster-name', name: 'my-new-cluster-name',
managed: false,
platform_kubernetes_attributes: { platform_kubernetes_attributes: {
namespace: 'my-namespace' namespace: 'my-namespace'
} }
@ -489,6 +492,7 @@ describe Projects::ClustersController do
expect(response).to have_http_status(:no_content) expect(response).to have_http_status(:no_content)
expect(cluster.enabled).to be_falsey expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name') expect(cluster.name).to eq('my-new-cluster-name')
expect(cluster).not_to be_managed
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace') expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
end end
end end

View file

@ -298,6 +298,46 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
{ key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false, masked: true } { key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false, masked: true }
) )
end end
context 'the cluster has been set to unmanaged after the namespace was created' do
before do
cluster.update!(managed: false)
end
it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN from the platform' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes.token, public: false, masked: true }
)
end
context 'the platform has a custom namespace set' do
before do
kubernetes.update!(namespace: 'custom-namespace')
end
it 'sets KUBE_NAMESPACE from the platform' do
expect(subject).to include(
{ key: 'KUBE_NAMESPACE', value: kubernetes.namespace, public: true, masked: false }
)
end
end
context 'there is no namespace specified on the platform' do
let(:project) { cluster.project }
before do
kubernetes.update!(namespace: nil)
end
it 'sets KUBE_NAMESPACE to a default for the project' do
expect(subject).to include(
{ key: 'KUBE_NAMESPACE', value: "#{project.path}-#{project.id}", public: true, masked: false }
)
end
end
end
end end
context 'namespace is provided' do context 'namespace is provided' do