Allow Cert-Manager to be uninstalled

Our current version of Cert-Manager does not uninstall cleanly, and we must manually remove custom resource definitions.
author: Tiger <twatson@gitlab.com> 2019-07-25 09:23:50 +0300
committer: Tiger <twatson@gitlab.com> 2019-08-05 02:20:34 +0300
commit: cfe8024e70ed45517311f1700f9e69a2f15d395e (patch)
tree: 8bd91be112bd8496b0553d817fd7e5acaa1a9eba /app/models/clusters
parent: 5ebbe95ad3211e4a751c38919ed7d31a6a0d5d50 (diff)
1 files changed, 30 insertions, 6 deletions
diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb
index 7d5a6dec519..2fc1b67dfd2 100644
--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -24,12 +24,6 @@ module Clusters
         'stable/cert-manager'
       end
 
-      # We will implement this in future MRs.
-      # Need to reverse postinstall step
-      def allowed_to_uninstall?
-        false
-      end
-
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: 'certmanager',
@@ -41,12 +35,42 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::DeleteCommand.new(
+          name: 'certmanager',
+          rbac: cluster.platform_kubernetes_rbac?,
+          files: files,
+          postdelete: post_delete_script
+        )
+      end
+
       private
 
       def post_install_script
         ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
       end
 
+      def post_delete_script
+        [
+          delete_private_key,
+          delete_crd('certificates.certmanager.k8s.io'),
+          delete_crd('clusterissuers.certmanager.k8s.io'),
+          delete_crd('issuers.certmanager.k8s.io')
+        ].compact
+      end
+
+      def private_key_name
+        @private_key_name ||= cluster_issuer_content.dig('spec', 'acme', 'privateKeySecretRef', 'name')
+      end
+
+      def delete_private_key
+        "kubectl delete secret -n #{Gitlab::Kubernetes::Helm::NAMESPACE} #{private_key_name} --ignore-not-found" if private_key_name.present?
+      end
+
+      def delete_crd(definition)
+        "kubectl delete crd #{definition} --ignore-not-found"
+      end
+
       def cluster_issuer_file
         {
           'cluster_issuer.yaml': cluster_issuer_yaml_content
author	Tiger <twatson@gitlab.com>	2019-07-25 09:23:50 +0300
committer	Tiger <twatson@gitlab.com>	2019-08-05 02:20:34 +0300
commit	cfe8024e70ed45517311f1700f9e69a2f15d395e (patch)
tree	8bd91be112bd8496b0553d817fd7e5acaa1a9eba /app/models/clusters
parent	5ebbe95ad3211e4a751c38919ed7d31a6a0d5d50 (diff)