diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2018-08-29 13:33:56 +0300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 07:26:50 +0300 |
| commit | 3eec327d503dc5601d53ee060521500d41d2ca24 (patch) | |
| tree | 99d4471fcdceacfd73ad4cc7fa8abb1064e2dd1f /app/services/clusters/gcp/finalize_creation_service.rb | |
| parent | 7ebc18d1b3d398e3635feec1939ee3dac6c4a2a0 (diff) | |
Refactor to DRY out building of kube_client into originator service
Diffstat (limited to 'app/services/clusters/gcp/finalize_creation_service.rb')
| -rw-r--r-- | app/services/clusters/gcp/finalize_creation_service.rb | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 29948b32192..e0e8a9a372a 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -25,11 +25,7 @@ module Clusters private def create_gitlab_service_account! - Clusters::Gcp::Kubernetes::CreateServiceAccountService.new( - 'https://' + gke_cluster.endpoint, - Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - gke_cluster.master_auth.username, - gke_cluster.master_auth.password).execute + Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute end def configure_provider @@ -49,11 +45,7 @@ module Clusters end def request_kubernetes_token - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new( - 'https://' + gke_cluster.endpoint, - Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - gke_cluster.master_auth.username, - gke_cluster.master_auth.password).execute + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute end # GKE Clusters have RBAC enabled on Kubernetes >= 1.6 @@ -61,6 +53,40 @@ module Clusters 'rbac' end + def kube_client + @kube_client ||= build_kube_client!( + 'https://' + gke_cluster.endpoint, + Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), + gke_cluster.master_auth.username, + gke_cluster.master_auth.password, + api_groups: ['api', 'apis/rbac.authorization.k8s.io'] + ) + end + + def build_kube_client!(api_url, ca_pem, username, password, api_groups: ['api'], api_version: 'v1') + raise "Incomplete settings" unless api_url && username && password + + Gitlab::Kubernetes::KubeClient.new( + api_url, + api_groups, + api_version, + auth_options: { username: username, password: password }, + ssl_options: kubeclient_ssl_options(ca_pem), + http_proxy_uri: ENV['http_proxy'] + ) + end + + def kubeclient_ssl_options(ca_pem) + opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } + + if ca_pem.present? + opts[:cert_store] = OpenSSL::X509::Store.new + opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) + end + + opts + end + def gke_cluster @gke_cluster ||= provider.api_client.projects_zones_clusters_get( provider.gcp_project_id, |