14978ddc53
GKE 1.8 has RBAC on by default, since GKE has bumped the default version to 1.8.7 RBAC is now on, and we don't support that out of the box. This was also avoiding cluster applications (tiller, prometheus, etc), to be installed. Closes #41619
56 lines
1.7 KiB
Ruby
56 lines
1.7 KiB
Ruby
module Clusters
|
|
module Gcp
|
|
class FinalizeCreationService
|
|
attr_reader :provider
|
|
|
|
def execute(provider)
|
|
@provider = provider
|
|
|
|
configure_provider
|
|
configure_kubernetes
|
|
|
|
cluster.save!
|
|
rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
|
|
provider.make_errored!("Failed to request to CloudPlatform; #{e.message}")
|
|
rescue ActiveRecord::RecordInvalid => e
|
|
provider.make_errored!("Failed to configure GKE Cluster: #{e.message}")
|
|
end
|
|
|
|
private
|
|
|
|
def configure_provider
|
|
provider.endpoint = gke_cluster.endpoint
|
|
provider.status_event = :make_created
|
|
end
|
|
|
|
def configure_kubernetes
|
|
cluster.platform_type = :kubernetes
|
|
cluster.build_platform_kubernetes(
|
|
api_url: 'https://' + gke_cluster.endpoint,
|
|
ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
|
|
username: gke_cluster.master_auth.username,
|
|
password: gke_cluster.master_auth.password,
|
|
token: request_kubernetes_token)
|
|
end
|
|
|
|
def request_kubernetes_token
|
|
Ci::FetchKubernetesTokenService.new(
|
|
'https://' + gke_cluster.endpoint,
|
|
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
|
|
gke_cluster.master_auth.username,
|
|
gke_cluster.master_auth.password).execute
|
|
end
|
|
|
|
def gke_cluster
|
|
@gke_cluster ||= provider.api_client.projects_zones_clusters_get(
|
|
provider.gcp_project_id,
|
|
provider.zone,
|
|
cluster.name)
|
|
end
|
|
|
|
def cluster
|
|
@cluster ||= provider.cluster
|
|
end
|
|
end
|
|
end
|
|
end
|