Merge branch 'cert_manager_v0_9' into 'master'

Install cert-manager v0.9.1

See merge request gitlab-org/gitlab-ce!32243
This commit is contained in:
Kamil Trzciński 2019-08-30 11:47:14 +00:00
commit fb4de18dc1
3 changed files with 54 additions and 11 deletions

View file

@ -3,7 +3,8 @@
module Clusters
module Applications
class CertManager < ApplicationRecord
VERSION = 'v0.5.2'.freeze
VERSION = 'v0.9.1'
CRD_VERSION = '0.9'
self.table_name = 'clusters_applications_cert_managers'
@ -21,16 +22,22 @@ module Clusters
validates :email, presence: true
def chart
'stable/cert-manager'
'certmanager/cert-manager'
end
def repository
'https://charts.jetstack.io'
end
def install_command
Gitlab::Kubernetes::Helm::InstallCommand.new(
name: 'certmanager',
repository: repository,
version: VERSION,
rbac: cluster.platform_kubernetes_rbac?,
chart: chart,
files: files.merge(cluster_issuer_file),
preinstall: pre_install_script,
postinstall: post_install_script
)
end
@ -46,16 +53,30 @@ module Clusters
private
def pre_install_script
[
apply_file("https://raw.githubusercontent.com/jetstack/cert-manager/release-#{CRD_VERSION}/deploy/manifests/00-crds.yaml"),
"kubectl label --overwrite namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} certmanager.k8s.io/disable-validation=true"
]
end
def post_install_script
["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
[retry_command(apply_file('/data/helm/certmanager/config/cluster_issuer.yaml'))]
end
def retry_command(command)
"for i in $(seq 1 30); do #{command} && break; sleep 1s; echo \"Retrying ($i)...\"; done"
end
def post_delete_script
[
delete_private_key,
delete_crd('certificates.certmanager.k8s.io'),
delete_crd('certificaterequests.certmanager.k8s.io'),
delete_crd('challenges.certmanager.k8s.io'),
delete_crd('clusterissuers.certmanager.k8s.io'),
delete_crd('issuers.certmanager.k8s.io')
delete_crd('issuers.certmanager.k8s.io'),
delete_crd('orders.certmanager.k8s.io')
].compact
end
@ -75,6 +96,10 @@ module Clusters
Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found")
end
def apply_file(filename)
Gitlab::Kubernetes::KubectlCmd.apply_file(filename)
end
def cluster_issuer_file
{
'cluster_issuer.yaml': cluster_issuer_yaml_content

View file

@ -0,0 +1,5 @@
---
title: Install cert-manager v0.9.1
merge_request: 32243
author:
type: changed

View file

@ -44,11 +44,18 @@ describe Clusters::Applications::CertManager do
it 'is initialized with cert_manager arguments' do
expect(subject.name).to eq('certmanager')
expect(subject.chart).to eq('stable/cert-manager')
expect(subject.version).to eq('v0.5.2')
expect(subject.chart).to eq('certmanager/cert-manager')
expect(subject.repository).to eq('https://charts.jetstack.io')
expect(subject.version).to eq('v0.9.1')
expect(subject).to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
expect(subject.postinstall).to eq(['kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml'])
expect(subject.preinstall).to eq([
'kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml',
'kubectl label --overwrite namespace gitlab-managed-apps certmanager.k8s.io/disable-validation=true'
])
expect(subject.postinstall).to eq([
'for i in $(seq 1 30); do kubectl apply -f /data/helm/certmanager/config/cluster_issuer.yaml && break; sleep 1s; echo "Retrying ($i)..."; done'
])
end
context 'for a specific user' do
@ -75,7 +82,7 @@ describe Clusters::Applications::CertManager do
let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') }
it 'is initialized with the locked version' do
expect(subject.version).to eq('v0.5.2')
expect(subject.version).to eq('v0.9.1')
end
end
end
@ -93,10 +100,13 @@ describe Clusters::Applications::CertManager do
it 'specifies a post delete command to remove custom resource definitions' do
expect(subject.postdelete).to eq([
"kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found",
'kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found',
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
])
end
@ -111,8 +121,11 @@ describe Clusters::Applications::CertManager do
it 'does not try and delete the secret' do
expect(subject.postdelete).to eq([
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
])
end
end